Terms & Conditions

Welcome to myPentestPal. These Terms & Conditions ("Terms") govern your use of our services, including pre‑assessments, security testing, and any related consulting. By engaging myPentestPal or clicking “I agree,” you acknowledge you have read, understood, and agree to be bound by these Terms.

1. Definitions

  • Client: The individual or entity that engages myPentestPal to perform services.
  • Services: All work performed by myPentestPal, including pre-assessments, pentesting, vulnerability assessments, and related advisory or consulting work.
  • Deliverables: Reports, executive summaries, slide decks, raw tool output, or any documents and artifacts provided to the Client at the conclusion of Services.
  • Scope: The specific systems, networks, applications, endpoints, and modules to be tested as defined in the pre‑assessment request.
  • Access Information: Credentials, VPN or jump‑box details, repository URLs, SSO instructions, and any technical data required to carry out Services.

2. Engagement Process

1. Pre-Assessment: Based on information you provide (scope, timelines, access details), myPentestPal conducts a short pre‑assessment to confirm feasibility and outline risks.

2. Quote & Plan: We deliver a custom quote, statement of work, and project plan detailing objectives, timelines, and costs.

3. Formal Engagement: Upon acceptance of our quote, we schedule and perform the Services as agreed.

3. Client Responsibilities

  • Provide complete and accurate Scope, Access Information, and contact details (including escalation contacts for urgent issues).
  • Ensure that all in-scope systems and data are lawfully owned or authorized for testing by the Client.
  • Coordinate with internal IT teams to enable necessary access (firewall rules, VPN credentials, SSO test accounts).
  • Notify myPentestPal promptly of any changes to systems, scope, or business-critical events.

4. Confidentiality & Data Protection

Both parties agree that all non-public information exchanged during this engagement (network diagrams, source code, credentials, findings) is “Confidential Information.” Neither party will disclose Confidential Information to any third party except with prior written consent or as required by law.

myPentestPal will store and handle data in accordance with industry best practices and will purge any Client-supplied credentials or sensitive files within 7 days of engagement completion.

5. Scope Changes & Additional Work

Any work beyond the defined Scope (e.g., new applications, extended retesting, additional modules) requires a written change order. Change orders may affect cost and timeline.

6. Deliverables & Reporting

At the conclusion of Services, myPentestPal will deliver:

  • A detailed Technical Report outlining vulnerabilities, risk ratings, and remediation guidance.
  • An Executive Summary highlighting critical findings and business impact.
  • Raw output files (optional) such as scan logs or pen-test tool exports.

Client may request a follow-up retest window (per the engagement terms) to validate fixes at no additional cost if scheduled within 30 days.

7. Fees & Payment

Fees are set forth in the quote provided post pre‑assessment and are due within 30 days of invoice. Late payments incur interest at 1.5% per month. All fees exclude VAT/GST unless otherwise stated.

8. Limitation of Liability & Indemnification

myPentestPal’s aggregate liability for any claim arising out of or related to the Services is limited to the total fees paid by the Client for that engagement. Under no circumstances will myPentestPal be liable for any indirect, special, incidental, or consequential damages.

The Client agrees to indemnify and hold harmless myPentestPal and its personnel against any third-party claims resulting from unauthorized use of Services or failure to secure proper legal authorization.

9. Termination

Either party may terminate the engagement with 7 days’ written notice. Upon termination, the Client remains responsible for payment of Services performed up to the termination date, including any reasonable wind‑down costs.

10. Force Majeure

Neither party is liable for delays or failures due to causes beyond its reasonable control, including natural disasters, acts of war, or government action. The affected party must notify the other in writing and resume performance as soon as practicable.

11. Governing Law & Dispute Resolution

These Terms are governed by the laws of England and Wales. Any dispute will first be referred to mediation in London, and if unresolved within 30 days, to the exclusive jurisdiction of the courts of London.

12. Acceptance

By clicking “I agree” or otherwise proceeding with the pre‑assessment, the Client affirms they have authority to bind their organization to these Terms. If you do not agree, please do not proceed and contact us at support@mypentestpal.co.uk.