TERMS OF SERVICE
Effective Date:
Last Updated:
1. DEFINITIONS
1.1 "Agreement"
Refers, collectively, to all the terms, conditions, notices contained or referenced in this document (the "Terms of Service" or "Terms") and all other operating rules, policies, and procedures that the Company may publish from time to time.
1.2 "Company"
Refers to Cynical Technology Pvt. Ltd., a corporation registered under the laws of Nepal, having its principal place of business at Sharada Bhawan, Maitidevi Marg, Kathmandu, Nepal, and its subsidiaries, affiliates, officers, directors, and employees.
1.3 "Client"
Refers to any legal entity, organization, business, or authorized individual that purchases, enlists, executes a Statement of Work (SOW), or contracts with the Company for the provisioning of cybersecurity services.
1.4 "User"
Refers to any individual or entity who visits, accesses, logs into, or interacts with the Company’s websites, platforms, software applications, client portals, crowdsourced vulnerability platforms (including Bugv), or digital monitoring assets (including Vigile.AI).
1.5 "Services"
Refers to the entire suite of defensive and offensive cybersecurity offerings provided by the Company, including but not limited to Vulnerability Assessment & Penetration Testing (VAPT), Red Team engagements, Web, Mobile, API, and Network Security Assessments, Security Consulting, Incident Response, Managed Security Services, Secure Software Development Lifecycle (Secure SDLC) advisory, Training services, and the use of the Client Portal.
1.6 "Deliverables"
Refers to the finalized analytical reports, vulnerability summaries, remediation roadmaps, source code audit logs, and strategic security architectures generated by the Company specifically for a Client pursuant to an active engagement agreement.
2. ACCEPTANCE OF THESE TERMS
2.1 Binding Nature
By checking a box, clicking "I Agree," accessing the Client Portal, or executing an associated SOW or corporate service contract with the Company, you acknowledge that you have read, understood, and agree to be bound by the absolute scope of these Terms.
2.2 Corporate Authority
If you are entering into this Agreement on behalf of a company, corporate enterprise, or other legal entity, you represent and warrant that you possess the full legal authority to bind such entity to these Terms.
2.3 Non-Acceptance
If you do not possess such authority, or if you do not agree with any structural provision contained within these Terms, you must not accept this Agreement and are strictly prohibited from utilizing the Services, software, or portals of the Company.
3. ELIGIBILITY
3.1 Age Limit
The Services are intended strictly for enterprise entities and individuals who are at least 18 years of age (or the age of majority in your jurisdiction).
3.2 Sanction Status
By registering an account or interacting with the Services, you represent and warrant that you are not a citizen of, or located within, an embargoed nation, and that you are not explicitly listed on any international restricted, blocked, or denied-party tracking registers.
4. SCOPE OF SERVICES
4.1 Vulnerability Assessment & Penetration Testing (VAPT)
The Company shall provide scheduled scanning, manual analysis, and targeted exploitation profiles to identify network, infrastructure, and application-level vulnerabilities as requested under a mutually signed SOW.
4.2 Red Team Engagements
The Company shall conduct realistic, adversarial multi-vector simulations designed to evaluate an organization’s physical, operational, and digital detection and response capabilities.
4.3 Web, Mobile, API, and Network Security Assessments
The Company shall provide targeted structural analyses of application code paths, network traffic architectures, API perimeter security, and endpoint defenses to isolate architecture flaws.
4.4 Security Consulting & Secure SDLC
The Company shall provide technical advisory to inject security gates, static analysis pipelines, and threat modeling protocols into the Client's continuous integration and continuous deployment software engineering workflows.
4.5 Incident Response & Managed Security Services
The Company shall deliver reactive technical remediation, digital forensics, threat isolation, and proactive environment monitoring services via designated enterprise platforms (such as Vigile.AI).
4.6 Training Services
The Company provides cybersecurity training modules, interactive labs, and safe training simulations. Materials provided during training are for pedagogical use only and may not be distributed or repurposed without written consent.
4.7 Client Portal Usage
Clients are granted a non-exclusive, non-transferable, revocable license to access the secure Company portal to track project velocities, download authorized Deliverables, and review security scorecards.
5. USER ACCOUNTS
5.1 Registration Integrity
Users must supply fully authentic, precise, and current records during portal registration. Maintaining inaccurate data or fraudulent organizational affiliation constitutes a material breach of this Agreement.
5.2 Credential Safeguarding
Users bear absolute responsibility for maintaining the confidentiality of access tokens, cryptographic keys, and user credentials mapped to their accounts. The Company shall not be liable for losses induced by unauthorized access resulting from credential leakage by the User.
5.3 Identity Verification (KYC)
For crowdsourced researchers or administrators accessing financial distribution frameworks or sensitive client spaces, the Company reserves the absolute right to demand valid government identity verifications, corporate registration certificates, and localized background compliance checks prior to issuing access clearances.
6. USER OBLIGATIONS
6.1 Operational Cooperation
The Client shall provide the Company with timely, unhindered access to necessary data layers, technical documentation, structural architectures, and administrative staff to ensure the efficient execution of the agreed-upon security assessments.
6.2 Accuracy of Specifications
The Client assumes absolute liability for the operational accuracy of IP blocks, domain mappings, source code volumes, and infrastructure configurations provided to the Company for assessment purposes.
7. AUTHORIZED SECURITY TESTING
7.1 Authorized Engagements
The Company shall perform penetration testing, vulnerability assessments, security audits and related cybersecurity services solely pursuant to a written engagement executed by the Client.
7.2 Proof of Authorization
The Client represents and warrants that it possesses all necessary legal rights, permissions and authority to authorize the Company to perform security testing against the identified systems.
7.3 Third-Party Assets
Unless expressly authorized in writing by the applicable owner, the Company shall not perform testing against any third-party systems, cloud environments, APIs or infrastructure.
7.4 Scope Changes
Any modification to the scope of testing shall require written approval from both parties prior to commencement.
7.5 Responsible Disclosure & Safe Harbor
Users interacting with the Company’s crowdsourced asset channels (such as Bugv) must strictly submit vulnerability tracking data inside the explicit bounds of the assigned program parameters. Public disclosure of unpatched security flaws outside the authorized system channel without mutual written consent is strictly prohibited and immediately voids all safe harbor protections.
8. INTELLECTUAL PROPERTY
8.1 Proprietary Core Technology
The Company and its licensors retain all right, title, and structural interest in and to the software, analytics tools, scanning architectures, reporting styles, methodologies, custom exploit modules, and portals used to render the Services.
8.2 Deliverables Ownership
Upon complete satisfaction of all outstanding financial invoicing related to a specific engagement, the Client shall retain ownership of the finalized textual reporting contents contained within the Deliverables, excluding any pre-existing Company core code templates or generic exploit scripts used to build them.
9. CONFIDENTIAL INFORMATION
9.1 Core Definition
"Confidential Information" means all data disclosed by one party to the other that is marked as confidential or that reasonably should be understood to be confidential given the nature of the information and the context of disclosure, including target source code, threat matrices, network layouts, and exploit indicators.
9.2 Standard of Protection
Each party agrees to safeguard the other's Confidential Information using at least the same degree of care it uses to protect its own sensitive records, but in no event less than a reasonable standard of care.
9.3 Exclusion Matrix
Confidential Information shall not include data that becomes publicly known without breach of this Agreement, is independently developed without reference to the disclosing party's data, or is required to be produced by a valid legal order from a court of competent jurisdiction.
10. THIRD-PARTY SERVICES
10.1 Independent Integrations
Our platforms and portals may expose integrations, API webhooks, or references to cloud infrastructure environments managed by third-party providers.
10.2 Warranty Exclusion
The Company does not monitor, control, or validate the uptime, operational data privacy guidelines, or accuracy of third-party platforms. Interactions with third-party architectures are executed entirely at the User's independent operational risk.
11. PAYMENTS AND FEES
11.1 Fee Structures
The Client agrees to pay the Company the explicit professional service fees, subscription overhead, or project milestones detailed within the signed SOW or online checkout system.
11.2 Invoicing and Taxation
All invoices are subject to localized value-added tax (VAT) structures within Nepal unless verified exemptions or international corporate tax structures are validated prior to invoice generation.
11.3 Delinquent Balances
Unpaid, overdue balances shall accumulate interest compounding monthly at a rate of 1.5% per month or the highest ceiling allowed by applicable law, whichever is lower, calculated from the original due date until settled.
12. SERVICE AVAILABILITY
12.1 Continuous Access Limitations
While the Company aims to ensure optimal access velocities for its portals and cloud interfaces (such as Vigile.AI), you acknowledge that availability may experience temporary degradation due to maintenance windows, platform code deployments, or broader telecommunications grid interruptions.
12.2 Right to Modify
The Company reserves the right to adjust, deprecate, or patch operational mechanics, platform features, and dashboard views at any time without incurring liability to the User.
13. SECURITY
13.1 Technical Protections
The Company employs industry-standard administrative, physical, and technical safeguards, including cryptographic transmission controls and isolated data structures, to defend against unauthorized system exfiltration.
13.2 Obligation to Notify
Users must immediately alert the Company at info@cynicaltechnology.com upon detecting any authentication anomalies, API token leaks, or unauthorized access to the Client Portal.
14. PROHIBITED ACTIVITIES
14.1 Unauthorized Probing
Users shall not use any tool or service provided by the Company to conduct unsolicited, unauthorized scanning or exploitation of external targets without an explicit legal mandate.
14.2 Mechanical Misuse
You shall not attempt to reverse engineer, decompile, or unbind the source architectures of the Company's proprietary platforms, nor execute automated denial-of-service stress tests against the Company's active operational perimeters.
15. OPEN SOURCE SOFTWARE
15.1 Embedded Modules
Certain scanning frameworks, tool configurations, or dashboard utilities deployed within the Services may contain elements governed by Open Source Software ("OSS") licensing arrangements.
15.2 Priority of License
To the extent that an explicit OSS license requires rights or terms that conflict with these Terms, the specific open-source license provisions shall govern solely for those isolated open-source components.
16. COMPLIANCE WITH LAWS
16.1 General Obligation
Both parties shall ensure their operations, data handshakes, and execution behaviors fully align with all applicable municipal, national, and regional legal frameworks.
16.2 Specific Nepalese Frameworks
Our Services and storage platforms are designed in structural compliance with the Electronic Transactions Act, 2063 (2006), the Individual Privacy Act, 2075 (2018), and the governing provisions issued by the Department of Information Technology within Nepal.
17. EXPORT CONTROLS
17.1 Technical Data Restriction
The technical exploit methodologies, reporting signatures, and offensive security capabilities delivered through the Services may be subject to domestic and international export control regimes regulating dual-use technologies.
17.2 Compliance Affirmation
The Client guarantees that it will not cause any Deliverable, script, or structural software module received from the Company to be forwarded, exported, or re-routed to any prohibited entity or jurisdiction in violation of applicable export controls.
18. PRIVACY
18.1 Data Management Policy
Our handling of personal information, corporate telemetry, and technical logs is governed by our Privacy Policy. By agreeing to these Terms, you consent to the collection, processing, and localized retention of your data as detailed in the Privacy Policy.
19. DISCLAIMERS
19.1 Point-in-Time Limitation
The Client explicitly acknowledges that cybersecurity assessments, penetration tests, and vulnerability audits represent a point-in-time evaluation of an environmental perimeter. The issuance of a clean security report does not guarantee or imply that the target environment is permanently immune to zero-day exploits or evolving threat vectors.
19.2 Warranty Exclusion
EXCEPT AS EXPRESSLY SET FORTH IN A BINDING SOW, ALL SERVICES, PLATFORMS, PORTALS, AND DELIVERABLES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE.
20. LIMITATION OF LIABILITY
20.1 Consequential Damage Exclusion
TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS INTERRUPTION, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT.
20.2 Liability Cap
EXCEPT FOR A BREACH OF CONFIDENTIALITY OR INDEMNIFICATION OBLIGATIONS, THE MAXIMUM AGGREGATE LIABILITY OF THE COMPANY FOR ANY CLAIM ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT, OR UNDER ANY OTHER THEORY OF LIABILITY, SHALL BE STRICTLY LIMITED TO THE TOTAL FEES PAID BY THE CLIENT TO THE COMPANY IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY.
21. INDEMNIFICATION
21.1 Company Indemnity
The Company shall defend and indemnify the Client against third-party legal claims alleging that the standalone software platforms built by the Company directly infringe upon the validated patent or copyright of an independent third party.
21.2 Client Indemnity
The Client shall defend, indemnify, and hold harmless the Company against all liabilities, losses, costs, and legal settlements arising out of any third-party claims asserting unauthorized system targeting, inaccurate IP allocations, or data exfiltration caused by the Client's misconfigured authorization scope.
22. FORCE MAJEURE
22.1 Operational Disruptions
Neither party shall be held liable for failure or delay in executing its contractual obligations due to causes beyond its reasonable control, including acts of God, natural disasters, national power grid collapses, civil unrest, acts of terrorism, war, widespread telecommunications infrastructure failures, or major regional cyber warfare incidents.
23. SUSPENSION AND TERMINATION
23.1 Right to Suspend
The Company reserves the right to immediately suspend User accounts or pause active project velocities if there is a reasonable suspicion of unauthorized testing, credential sharing, or failure to resolve delinquent invoices.
23.2 Survival Matrices
Sections addressing Definitions, Intellectual Property, Confidential Information, Limitation of Liability, Indemnification, Governing Law, and Dispute Resolution shall survive any structural expiration or termination of this Agreement.
24. GOVERNING LAW
24.1 Regional Jurisdiction
This Agreement, and all rights and obligations arising out of it, shall be interpreted, governed, and construed solely in accordance with the laws of Nepal, without giving effect to any principles of conflicts of law.
24.2 International Adaptations
For international clients, if local conflict laws dictate alternative statutory consumer protections or specific localized frameworks, those provisions shall apply only to the extent they are strictly mandatory and cannot be waived by contract.
25. DISPUTE RESOLUTION
25.1 Amicable Negotiation
In the event of a dispute, controversy, or claim arising out of or relating to this contract, the parties shall first attempt to resolve the matter through amicable, good-faith executive consultations within thirty (30) business days from written notice of the dispute.
25.2 Formal Adjudication
Any dispute that cannot be resolved through amicable negotiation shall be submitted to the exclusive jurisdiction of the competent courts located in Kathmandu, Nepal.
26. SEVERABILITY
26.1 Survival of Remaining Terms
If any provision of these Terms is determined by a court of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, and the remaining provisions of this Agreement shall remain in full force and effect.
27. ENTIRE AGREEMENT
27.1 Integration Clause
These Terms, along with any executed Statements of Work (SOW) or explicitly signed non-disclosure agreements, constitute the entire legal agreement between the User, Client, and the Company. This text supersedes all prior written or oral agreements, proposals, representations, or understandings regarding the subject matter herein.
28. AMENDMENTS
28.1 Notice of Change
The Company reserves the right, at its sole discretion, to modify or replace these Terms at any time. For material modifications, the Company shall notify Users by posting a prominent alert inside the Client Portal or by forwarding a transmission to the primary administrative email on file.
28.2 Acceptance of Revisions
Continued use of the Services or interaction with our platforms following the publication of any structural amendments constitutes your explicit acceptance of the revised Terms.
29. CONTACT INFORMATION
29.1 Inquiries and Clarifications
If you have questions, compliance inquiries, or require formal legal clarifications regarding these Terms of Service, please contact the Company using the following channels:
Entity: Cynical Technology Pvt. Ltd.
Address: Sharada Bhawan, Maitidevi Marg, Kathmandu, Nepal
Phone: +977-01-4530730
Email: info@cynicaltechnology.com