VULNARY
Let's talk
Legal

Terms of Use

The terms that govern your access to and use of Vulnary's offensive-security platform.

1. Acceptance of these Terms

These Terms of Use ("Terms") form a binding agreement between you and Vulnary ("Vulnary," "we," "us," or "our") and govern your access to and use of the Vulnary website, web portal, offensive-security engine known as "The Resident," associated consulting services, APIs, and any related products or documentation (together, the "Service"). By creating an account, accessing the portal, or otherwise using the Service, you agree to be bound by these Terms. If you are entering into these Terms on behalf of an organization, you represent that you have authority to bind that organization, and "you" refers to that organization. If you do not agree to these Terms, you may not use the Service.

These Terms may be supplemented by an order form, statement of work, master services agreement, or similar document ("Order"). Where an executed Order conflicts with these Terms, the Order controls for the subject matter it addresses.

2. Description of the Service

Vulnary is a managed, software-as-a-service offensive-security platform. It combines The Resident — an autonomous AI offensive-security engine — with a vetted bench of human consultants. Through the portal, customers may run engagements across our products, which currently include:

The Service is delivered exclusively as a managed/SaaS offering. We do not provide an on-premise deployment. We may add, modify, or discontinue features, products, or capabilities at any time, subject to any commitments in an applicable Order.

3. Eligibility and Authorized Use

You may use the Service only if you are at least 18 years old (or the age of majority in your jurisdiction) and legally capable of entering into a binding contract. The Service is intended for professional and commercial security-testing use by authorized parties. You may not use the Service if you are barred from doing so under applicable law or under any applicable export-control or sanctions regime.

4. Account Registration and Security

To access most features you must register for an account and provide accurate, complete, and current information. You are responsible for maintaining the confidentiality of your credentials and for all activity that occurs under your account, whether or not authorized by you. You must promptly notify us at [email protected] of any known or suspected unauthorized access, credential compromise, or other security incident affecting your account. You are responsible for configuring access for your users and for ensuring they comply with these Terms. We may refuse, suspend, or revoke access to any account at our discretion where we reasonably believe these Terms have been violated.

5. Acceptable Use

The Service is a powerful offensive-security tool. Because it is designed to find and prove real exploits against real systems, your use of it carries real-world consequences and real-world legal obligations. You agree that you will use the Service only lawfully and only as expressly permitted here. In particular, you agree that:

We may, but are not obligated to, monitor use of the Service for compliance with this section. We reserve the right to investigate suspected violations and to cooperate with law-enforcement authorities where legally required.

6. Authorization and Scope Representations

You represent, warrant, and covenant, on a continuing basis for each engagement, that: (a) you own, or have obtained all necessary rights, authorizations, and consents to have tested, assessed, or reproduced, every target, asset, network, application, codebase, credential, and report you submit or otherwise place within an engagement scope; (b) such authorization is current and has not been revoked; (c) your instructions to the Service, including any scope you define, accurately reflect that authorization; and (d) your use of the Service and of its output will not breach any contract, policy, or law binding on you or on the owner of the tested assets. Where a target is owned or controlled by a third party (for example, in a Proof Engine review of another firm's report, or a pentest of a hosted or cloud environment), you are responsible for securing that party's and any host provider's written authorization before testing begins. You must maintain records evidencing such authorization and provide them to us on reasonable request. Vulnary relies on these representations and is not responsible for verifying the accuracy of the scope or authorization you assert.

7. Intellectual Property

Vulnary property. The Service — including the platform, the portal, The Resident engine, our models, tooling, workflows, playbooks, methodology, documentation, and all related software and intellectual-property rights — is and remains the exclusive property of Vulnary and its licensors. Except for the limited rights expressly granted in these Terms, no right, title, or interest in the Service is transferred to you. All rights not expressly granted are reserved.

Your inputs. As between the parties, you retain all right, title, and interest in the code, targets, data, reports, and other materials you submit ("Customer Inputs"). You grant us a non-exclusive, worldwide license to host, process, transmit, and use Customer Inputs solely to provide, secure, maintain, and improve the Service and to perform your engagements. We may use aggregated and de-identified data derived from use of the Service for analytics and product improvement, provided it does not identify you or reveal your Customer Inputs.

Findings and reports. Subject to your payment of applicable fees and your compliance with these Terms, we grant you a non-exclusive, worldwide, perpetual license to use, internally reproduce, and act upon the findings, exploits, proofs-of-concept, and reports we deliver to you ("Deliverables") for your own security, remediation, and compliance purposes. Underlying methodologies, tooling, and know-how embodied in the Deliverables remain our property.

8. Third-Party Services

The Service may integrate with or depend on third-party products, infrastructure, and providers, including cloud hosting and AI model providers. Your use of such third-party services may be subject to their own terms, and we are not responsible for their acts, omissions, availability, or performance. Some products, such as the ability to bring your own model provider key, require you to comply with that provider's terms and to hold all necessary rights to use that key.

9. Disclaimers of Warranty

The Service is provided "as is" and "as available." To the fullest extent permitted by law, Vulnary disclaims all warranties, whether express, implied, or statutory, including any implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement. We do not warrant that the Service will be uninterrupted, error-free, or secure, that it will detect or exploit every vulnerability, or that its findings will be complete or free of false positives or false negatives. Security testing is inherently probabilistic and point-in-time; a clean or incomplete result does not guarantee that a system is secure. You are responsible for validating results before relying on them and for maintaining backups and safeguards for any system you test.

10. Limitation of Liability

To the fullest extent permitted by law, in no event will Vulnary or its affiliates, officers, employees, or contractors be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, data, goodwill, or business interruption, arising out of or relating to the Service or these Terms, whether based in contract, tort, strict liability, or any other theory, even if advised of the possibility of such damages. Vulnary's total aggregate liability arising out of or relating to the Service or these Terms will not exceed the amounts you paid to Vulnary for the Service during the twelve (12) months immediately preceding the event giving rise to the claim. Some jurisdictions do not allow certain of these limitations, so some may not apply to you.

11. Indemnification

You agree to defend, indemnify, and hold harmless Vulnary and its affiliates, officers, directors, employees, and contractors from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or related to: (a) your Customer Inputs; (b) your use of the Service or of any Deliverable; (c) your breach of these Terms or of any representation regarding authorization and scope; and (d) any testing, scanning, exploitation, or access conducted through the Service against any system or data for which you did not hold valid authorization. This indemnity for unauthorized testing survives termination and applies regardless of whether the lack of authorization was intentional, negligent, or the result of a misrepresentation to us.

12. Suspension and Termination

We may suspend or terminate your access to all or part of the Service, immediately and without prior notice, if we reasonably believe that: (a) you have violated these Terms, including the Acceptable Use and authorization requirements; (b) your use poses a security, legal, or reputational risk to Vulnary, its customers, or third parties; or (c) suspension is required by law. Where practicable and appropriate, we will provide notice and an opportunity to cure. You may stop using the Service at any time, and either party may terminate for convenience as provided in an applicable Order. On termination, your right to access the Service ceases, and Sections concerning intellectual property, disclaimers, limitation of liability, indemnification, and governing law survive.

13. Changes to the Service and to these Terms

We may modify these Terms from time to time. When we make material changes, we will update the "Last updated" date below and, where appropriate, provide additional notice through the Service or by email. Changes become effective when posted unless otherwise stated. Your continued use of the Service after changes take effect constitutes acceptance of the revised Terms. If you do not agree to the changes, you must stop using the Service.

14. Governing Law and Dispute Resolution

These Terms and any dispute arising out of or relating to them or to the Service will be governed by and construed in accordance with the laws of the State of Wyoming, United States, without regard to its conflict-of-laws principles, and the parties submit to the exclusive jurisdiction of the state and federal courts located in the State of Wyoming, United States, except where mandatory local law provides otherwise.

15. General

These Terms, together with any applicable Order and our Privacy Policy, constitute the entire agreement between you and Vulnary regarding the Service. If any provision is held unenforceable, the remaining provisions remain in full force. Our failure to enforce a provision is not a waiver of it. You may not assign these Terms without our prior written consent; we may assign them in connection with a merger, acquisition, or sale of assets. Nothing in these Terms creates a partnership, agency, or joint venture between the parties.

16. Contact

Questions about these Terms may be sent to [email protected]. Security concerns, including suspected account compromise or misuse of the Service, should be reported to [email protected].

Last updated: July 2026