HydrAttack Terms and Conditions
Effective Date: June 26, 2025
These Terms and Conditions constitute a Public Offer by HydrAttack.com ("Provider") to any individual or legal entity ("Client") to use its External Attack Surface Management (EASM) Services. By purchasing, subscribing to, or using the Services, the Client unconditionally accepts and agrees to be bound by these Terms.
These Terms and Conditions constitute a Public Offer by HydrAttack.com ("Provider") to any individual or legal entity ("Client") to use its External Attack Surface Management (EASM) Services. By purchasing, subscribing to, or using the Services, the Client unconditionally accepts and agrees to be bound by these Terms.
- 1. Definitions
- 1.1. Provider – the organization delivering EASM services via HydrAttack.com.
- 1.2. Client – any individual or entity using or subscribing to the Services.
- 1.3. Services – External Attack Surface Management, including but not limited to monitoring, identification, analysis, and reporting of digital assets and potential vulnerabilities.
- 1.4. Digital Assets – the Client’s internet-facing components, including domains, subdomains, IPs, applications, and cloud assets.
- 1.5. Confidential Information – non-public information shared between the parties, including technical, business, or security-related data.
- 2. Scope of Services
- 2.1. The Provider agrees to deliver EASM services to identify, monitor, and report on the Client’s external attack surface.
- 2.2. The Services do not include remediation or mitigation unless expressly agreed upon in writing.
- 3. Client Responsibilities
- 3.1. The Client must provide accurate and up-to-date information regarding their Digital Assets.
- 3.2. The Provider relies on information supplied by the Client and third-party sources, and cannot guarantee complete accuracy or comprehensiveness.
- 3.3. The Client is solely responsible for internal remediation or coordinating with third parties for vulnerability resolution.
- 3.4. The Client warrants that they have the legal right or proper authorization to request analysis of all provided Digital Assets.
- 3.5. The Client is responsible for ensuring compliance with all applicable laws and regulations, including activities by their authorized users (e.g., penetration testers, consultants).
- 4. Confidentiality
- 4.1. Both parties agree to protect and not disclose Confidential Information, except as required by law or with prior consent.
- 4.2. Confidential Information shall be used only for purposes directly related to the Services.
- 4.3. These obligations continue for three (3) years following termination.
- 4.4. For marketing purposes, the Provider may disclose that a domain was analyzed and include general metrics (e.g., number of subdomains or leaked accounts) without revealing sensitive information.
- 5. Data Security
- 5.1. The Provider shall apply reasonable industry-standard measures to protect Client data.
- 5.2. The Provider is not liable for security incidents arising from causes beyond its control, including third-party tools or publicly exposed assets.
- 6. Intellectual Property
- 6.1. The Provider retains ownership of all tools, techniques, data, and reports used or created during service delivery.
- 6.2. The Client may use reports solely for internal purposes and may not disclose them to third parties without written permission.
- 7. Fees and Payments
- 7.1. The Services may be provided on a paid subscription or per-request basis, as published on HydrAttack.com.
- 7.2. All payments are non-refundable unless otherwise specified in the refund policy.
- 7.3. Failure to pay may result in service suspension or termination.
- 8. Limitation of Liability
- 8.1. The Provider shall not be liable for indirect, incidental, punitive, or consequential damages.
- 8.2. The Provider’s total liability shall not exceed the amount paid by the Client in the past twelve (12) months.
- 9. Term and Termination
- 9.1. These Terms remain in force for the duration of the subscribed service period.
- 9.2. Either party may terminate with thirty (30) days written notice.
- 9.3. Upon termination, the Client must cease all use of deliverables, and any unpaid fees become immediately due.
- 10. Modifications
- 10.1. The Provider may modify these Terms by publishing an updated version on HydrAttack.com.
- 10.2. Continued use of the Services after updates constitutes acceptance of the revised Terms.
- 11. Governing Lawions
- These Terms are governed by the laws of Russian Federation. Any disputes shall be resolved in the competent courts of that jurisdiction.
- 12. Contact Information
- For questions or concerns regarding these Terms, please contact us via the contact methods listed on the HydrAttack.com Contacts page.