Terms & Conditions

These Terms & Conditions ("Terms") govern your access to and use of the Exploitless website and services.

By engaging Exploitless ("Exploitless", "we", "us", "our"), you ("Client", "you", "your") agree to these Terms in full.

If you do not agree, you must not use our website or services.

1. Services Scope

Exploitless provides cybersecurity services, including but not limited to:

  • Smart contract security audits
  • Smart contract architecture reviews
  • Blockchain security consulting
  • Penetration testing
  • Red team / purple team exercises
  • Infrastructure and application security assessments
  • Secure development advisory

Specific scope, deliverables, timelines, and pricing are defined in a separate written agreement, proposal, or Statement of Work (SOW).

2. No Guarantee of Absolute Security

While Exploitless applies industry-leading methodologies, you acknowledge that:

  • No audit or security assessment can guarantee zero vulnerabilities.
  • Software and smart contracts may contain undiscovered issues.
  • Security is an ongoing process, not a one-time certification.

Exploitless does not warrant that audited systems are exploit-proof or risk-free.

3. Client Responsibilities

The Client agrees to:

  • Provide complete and accurate documentation.
  • Share full source code and dependencies.
  • Disclose known risks, assumptions, and architecture constraints.
  • Provide deployment addresses where applicable.
  • Grant required repository and environment access.

Exploitless is not liable for vulnerabilities arising from withheld or inaccurate information.

4. Changes After Audit

Any modifications made after audit completion — including code changes, parameter updates, or integrations — may invalidate findings.

A re-audit or review may be required.

Exploitless holds no responsibility for post-audit modifications.

5. Reporting & Deliverables

Audit deliverables may include:

  • Technical vulnerability report
  • Severity classification
  • Proof-of-concepts (where applicable)
  • Remediation guidance
  • Executive summary

Reports reflect findings at the time of review only.

6. Disclosure & Publication

Unless otherwise agreed in writing:

  • Exploitless may publicly disclose the Client's name and engagement existence.
  • Audit reports may be published on our website or repositories after project completion.

Sensitive technical details may be redacted where appropriate.

7. Confidentiality

All client materials are treated as confidential, including:

  • Source code
  • Documentation
  • Architecture
  • Business logic
  • Security assumptions

We do not share or sell confidential data.

Mutual NDAs may apply where executed separately.

8. Intellectual Property

Clients retain full ownership of:

  • Source code
  • Smart contracts
  • Documentation
  • Systems audited

Exploitless retains ownership of:

  • Audit methodologies
  • Tooling
  • Frameworks
  • Internal processes
  • Report formats and templates

9. Fees & Payment Terms

Fees, payment schedules, and currencies are defined in the project agreement.

Unless stated otherwise:

  • Work begins after deposit/payment confirmation.
  • Payments are non-refundable once work has commenced.
  • Delayed payments may pause deliverables.

10. Limitation of Liability

To the maximum extent permitted by law:

Exploitless shall not be liable for:

  • Financial losses
  • Exploits or hacks
  • Token value loss
  • Business interruption
  • Reputation damage
  • Third-party claims

Total liability, if any, is limited to the amount paid for the services rendered.

11. Indirect & Consequential Damages

Exploitless is not liable for:

  • Lost profits
  • Lost revenue
  • Lost data
  • Market losses
  • Investor losses
  • Opportunity costs

Even if advised of potential risks.

12. Use of Website

You agree not to:

  • Attempt to breach site security
  • Launch attacks or scans
  • Scrape or copy content
  • Impersonate Exploitless
  • Distribute malware via our platform

We reserve the right to restrict access for violations.

13. Third-Party Dependencies

Audits may involve third-party components (libraries, oracles, bridges, APIs).

Exploitless is not responsible for vulnerabilities originating from third-party systems outside audit scope.

14. Compliance & Legal Use

Clients agree not to engage Exploitless services for:

  • Illegal activities
  • Sanctioned entities
  • Fraudulent token offerings
  • Malicious infrastructure

We reserve the right to refuse or terminate engagements.

15. Service Suspension or Termination

We may suspend or terminate services if:

  • Payments are not made
  • Client cooperation is withheld
  • Legal or ethical risks arise
  • Scope is materially misrepresented

16. Data Retention

Project materials may be retained for:

  • Record-keeping
  • Legal compliance
  • Dispute resolution

Clients may request deletion subject to legal obligations.

17. Force Majeure

Exploitless is not liable for delays caused by events beyond reasonable control, including:

  • Natural disasters
  • War
  • Infrastructure outages
  • Cyberattacks on our systems
  • Government restrictions

18. Governing Law

These Terms are governed by the laws of the jurisdiction in which Exploitless operates, unless otherwise specified in a signed agreement.

19. Amendments

We may update these Terms periodically.

The latest version will always be available on our website.

Continued use of services constitutes acceptance of updates.

20. Contact

For legal or contractual inquiries:

Exploitless

Email: support@exploitless.com