Legal

Terms of Service

Please read these terms carefully before using our services.

1. Agreement to Terms

By accessing or using H3X Security Labs' services, you agree to be bound by these Terms of Service and all applicable laws and regulations. If you do not agree with any of these terms, you are prohibited from using our services.

2. Services Description

H3X Security Labs provides cybersecurity services including but not limited to:

  • Penetration testing and security assessments
  • Red team operations and adversary simulation
  • Security audits and compliance assessments
  • Vulnerability research and analysis
  • Security consulting and advisory services
  • Incident response and forensics

3. Service Engagement

3.1 Authorization

All security testing and assessment activities require explicit written authorization from the client. Engagements are governed by a Statement of Work (SOW) that defines scope, objectives, and limitations.

3.2 Scope Limitations

Testing activities will be limited to systems and networks explicitly defined in the SOW. Any testing outside the defined scope requires prior written approval.

3.3 Rules of Engagement

Each engagement includes specific rules of engagement defining acceptable testing methods, time windows, communication protocols, and escalation procedures.

4. Client Responsibilities

The client agrees to:

  • Provide accurate and complete information about systems to be tested
  • Ensure appropriate authorization for all testing activities
  • Maintain backups of critical data before testing begins
  • Designate point(s) of contact for the duration of the engagement
  • Notify relevant stakeholders about planned testing activities
  • Respond promptly to communications during active engagements

5. Confidentiality

5.1 Non-Disclosure

All information exchanged during the engagement is confidential. H3X Security Labs will not disclose client information, findings, or vulnerabilities to third parties without explicit written consent.

5.2 Report Handling

Security assessment reports contain sensitive information and must be handled according to the client's data classification policies. Reports should be encrypted, access-controlled, and distributed on a need-to-know basis.

6. Intellectual Property

H3X Security Labs retains ownership of all methodologies, tools, and frameworks used during engagements. Clients receive a license to use assessment reports and findings for internal security improvement purposes.

7. Limitation of Liability

H3X Security Labs will exercise reasonable care in performing services but is not liable for:

  • System unavailability or performance degradation during authorized testing
  • Exploitation of vulnerabilities discovered during or after the engagement
  • Business interruption resulting from remediation activities
  • Third-party actions or systems outside the defined scope

Total liability shall not exceed the fees paid for the specific engagement in question.

8. Professional Standards

H3X Security Labs adheres to professional standards including:

  • OWASP Testing Guide methodologies
  • PTES (Penetration Testing Execution Standard)
  • NIST Cybersecurity Framework
  • Ethical hacking principles and responsible disclosure

9. Payment Terms

Payment terms are specified in individual SOWs. Standard terms include:

  • 50% deposit required before engagement commencement
  • Remaining balance due within 30 days of report delivery
  • Late payments subject to 1.5% monthly interest
  • Travel and expenses billed separately if applicable

10. Warranties and Disclaimers

H3X Security Labs warrants that services will be performed professionally and competently. However:

  • No security assessment can guarantee discovery of all vulnerabilities
  • Security is a continuous process, not a one-time solution
  • New vulnerabilities may emerge after assessment completion
  • Remediation implementation is the client's responsibility

11. Indemnification

Clients agree to indemnify and hold H3X Security Labs harmless from claims arising from:

  • Unauthorized access to third-party systems
  • Testing activities outside the defined scope
  • Client's failure to implement recommended security controls
  • Misuse of assessment reports or findings

12. Termination

Either party may terminate an engagement with written notice. Upon termination:

  • All testing activities will cease immediately
  • Client remains responsible for fees for work completed
  • Interim findings will be provided if requested
  • Confidentiality obligations remain in effect

13. Compliance and Legal

All services comply with applicable laws and regulations including:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • Computer Fraud and Abuse Act (CFAA)
  • Industry-specific compliance requirements as applicable

14. Dispute Resolution

Disputes will be resolved through:

  1. Good faith negotiation between parties
  2. Mediation if negotiation is unsuccessful
  3. Binding arbitration as a last resort

These terms are governed by the laws of Catalonia, Spain.

15. Modifications

H3X Security Labs reserves the right to modify these terms at any time. Clients will be notified of material changes, and continued use of services constitutes acceptance of modified terms.

16. Contact Information

For questions about these Terms of Service, please contact:

  • Email: legal@h3x.cat

Last Updated: September 30, 2025