Legal
Terms of Service
Effective date: July 7, 2026
1. Agreement to These Terms
These Terms of Service (“Terms”) govern access to and use of the ThreatExploit.ai platform, websites, applications, autonomous testing agent, Studio interface, documentation, and application programming interfaces (collectively, the “Service”), operated by ThreatWinds LLC(“ThreatWinds”, “we”, “us”, “our”). By creating an account or accessing or using the Service, you (“you”, “Customer”, “User”) agree to these Terms. If you use the Service on behalf of an organization, you represent that you are authorized to bind that organization, and “you” refers to that organization. If you do not agree, do not use the Service.
2. Description of the Service
ThreatExploit.ai is an AI-powered penetration testing platform. It performs automated reconnaissance, vulnerability discovery, exploitation, and reporting against systems and applications that you designate as targets. The Service is made available through (a) the autonomous testing platform and Studio interface and (b) a developer API for programmatic integration.
3. Authorized and Ethical Use Only
The Service is a powerful offensive security tool intended solely for lawful, authorized security testing. You may use the Service only to test systems, networks, applications, and other assets that you own or for which you have obtained prior, explicit, written authorization from the owner and from any other party with rights in the target.
You specifically agree that you will not use the Service to:
- test, scan, exploit, or attack any system, network, application, account, or data without valid authorization;
- engage in any activity that is illegal or that violates the rights of any third party;
- launch denial-of-service attacks, deploy malware or ransomware, exfiltrate data for malicious purposes, or cause damage, disruption, or degradation to any system or service;
- circumvent, disable, or interfere with security or authentication features except within the authorized scope of an engagement you are permitted to conduct;
- test infrastructure or services operated by third parties (including cloud, hosting, telecom, or SaaS providers) without complying with those providers’ testing policies and obtaining any required authorization;
- act for or on behalf of any sanctioned party, operate in any embargoed jurisdiction, or violate applicable export-control laws;
- resell, sublicense, or provide the Service to end users who have not agreed to, and who do not comply with, equivalent authorized-use obligations.
You are solely responsible for defining the scope of each engagement, for confirming that you hold all necessary authorizations before launching any test, and for the consequences of any testing you initiate. ThreatWinds is not a party to, and assumes no responsibility for, the relationship between you and the owner of any target.
4. Identity and Authorization Verification
Because the Service can perform offensive security testing, we verify the identity of our users and the organizations they represent. You agree to provide accurate, current, and complete information during registration and when requested, and to keep it up to date. As a condition of access, we may at any time:
- require verification of your identity and of the legal existence and standing of your organization;
- require documentation evidencing your authorization to test a given target or scope (for example, ownership records, a signed authorization or rules-of-engagement document, or domain/asset control validation);
- decline, suspend, or terminate access where we are unable to verify identity or authorization, or where we reasonably suspect misuse.
You authorize us to perform, directly or through third-party verification providers, the checks reasonably necessary to confirm identity, organizational standing, and authorization. Providing false information, or using the Service to test targets you are not authorized to test, is a material breach of these Terms.
5. Platform Use vs. API Use
Autonomous platform and Studio. Access to the autonomous testing platform and Studio is gated to verified users and organizations. For each engagement, you are required to confirm and attest that you are authorized to test the specified targets and scope. We may refuse or halt any engagement that we believe is unauthorized, unlawful, or outside a verified scope.
Developer API. The API is intended to let builders integrate ThreatExploit capabilities into their own products and workflows, and is offered on more flexible, programmatic access terms. This flexibility does not reduce your obligations: you remain fully responsible for ensuring that every test initiated through the API — whether by you or by your own end users — is properly authorized and lawful, and for imposing and enforcing equivalent authorized-use requirements on your end users. You must not use the API to circumvent the identity, authorization, or safety controls that apply to the platform.
6. Accounts and Security
You are responsible for safeguarding your account credentials and API keys and for all activity that occurs under your account. Notify us immediately at info@threatexploit.ai of any unauthorized use. You must be at least 18 years old and able to form a binding contract to use the Service.
7. Customer Data and Confidentiality
As between the parties, you retain all rights to the data, targets, configurations, and content you provide, and to the findings and reports generated for your engagements (“Customer Data”). We process Customer Data only to provide and support the Service, as described in our Privacy Policy and Data Policy. We do not use Customer Data to train, fine-tune, or improve AI models, and we do not sell Customer Data. You are responsible for ensuring you have the right to submit any Customer Data and target information to the Service.
8. Acceptable Use and Suspension
We may suspend or terminate access immediately, without liability, if we reasonably believe you have violated these Terms (including the authorized-use requirements), if required by law, or to protect the Service, our other customers, or third parties. Where practicable we will provide notice, but for suspected unauthorized testing or security risks we may act first and notify afterward.
9. Fees
Where the Service is provided on a paid basis, fees, billing frequency, and payment terms are as agreed in an order, partner agreement, or plan you select. Fees are non-refundable except as required by law or expressly agreed. You are responsible for applicable taxes.
10. Intellectual Property
The Service, including its software, models, interfaces, and documentation, and all related intellectual property, are and remain the property of ThreatWinds and its licensors. Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, revocable right to use the Service. You may not copy, modify, reverse engineer, or create derivative works of the Service except as permitted by law.
11. Third-Party Services
The Service may rely on or integrate third-party tools, models, and infrastructure. Your use of such third-party components may be subject to their own terms. We are not responsible for third-party services.
12. Disclaimers
The Service is provided “as is” and “as available.” Security testing is inherently probabilistic and cannot identify every vulnerability. We do not warrant that the Service will detect all vulnerabilities, that findings will be complete or free of false positives or false negatives, or that testing will not affect target systems. To the maximum extent permitted by law, we disclaim all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement.
13. Limitation of Liability
To the maximum extent permitted by law, ThreatWinds will not be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, data, or business, arising out of or related to the Service. Our aggregate liability for any claim arising out of or related to the Service will not exceed the amounts you paid to us for the Service in the twelve (12) months preceding the event giving rise to the claim.
14. Indemnification
You will indemnify and hold harmless ThreatWinds and its officers, employees, and agents from any claims, damages, liabilities, and expenses (including reasonable legal fees) arising out of or related to (a) your use of the Service, (b) your testing of any target, (c) your violation of these Terms or of any law or third-party right, or (d) your lack of authorization to conduct any test you initiated.
15. Term and Termination
These Terms apply while you use the Service. You may stop using the Service at any time. Upon termination, your right to use the Service ends. Sections that by their nature should survive (including Customer Data ownership, disclaimers, limitation of liability, indemnification, and governing law) survive termination.
16. Governing Law and Dispute Resolution
These Terms are governed by the laws of the State of Florida, United States, without regard to its conflict-of-laws rules. The state and federal courts located in Florida will have exclusive jurisdiction over any dispute arising out of or relating to these Terms or the Service, and you consent to their jurisdiction and venue.
17. Changes to These Terms
We may update these Terms from time to time. When we do, we will revise the “Effective date” above and, for material changes, provide reasonable notice. Your continued use of the Service after changes take effect constitutes acceptance.
18. Contact
Questions about these Terms: info@threatexploit.ai — ThreatWinds LLC.
