Terms of Service.

By accessing or using Superhack (the “Service”) you agree to be bound by these Terms of Service (the “Terms”). If you do not agree, do not use the Service. If you accept these Terms on behalf of an organisation, you represent that you have authority to bind that organisation.

Superhack is an autonomous attack-surface management platform. The Service inspects systems, code, cloud accounts, domains and other assets you connect to it, attempts to reproduce vulnerabilities against those assets, and returns findings with reproduction evidence.

Specific features, integrations and limits are described in your order form, in the Service interface, or in our documentation. We may change features over time.

You must be at least 18 years old to use the Service. You are responsible for the security of your credentials and for all activity that occurs under your account.

Superhack performs active security testing. You may only point the Service at assets that you own or have explicit written authorisation to test. By connecting an asset, configuring a target, or otherwise initiating an engagement, you represent and warrant that you have the necessary authority to authorise the testing of those assets.

You are solely responsible for ensuring that your use of the Service complies with all applicable contracts, third-party terms (including cloud provider, hosting provider, and bug-bounty programme terms), and laws — including any rules governing penetration testing in your jurisdiction.

You will not: (a) use the Service to test or attack systems you are not authorised to test; (b) attempt to disrupt the Service or interfere with other customers; (c) reverse-engineer, decompile, or extract the underlying models, prompts, or training data of the Service; (d) use the Service to build a competing product; or (e) use the Service in violation of applicable law.

You retain all rights in the assets, configurations, findings, and other content you submit to or generate through the Service (“Customer Data”). You grant us a non-exclusive licence to process Customer Data solely to provide, secure, and improve the Service.

Each party will protect the other party’s confidential information using at least the same degree of care it uses to protect its own confidential information, and not less than a reasonable standard of care.

We retain all rights, title, and interest in and to the Service, including the underlying agents, prompts, models, documentation, and brand. Nothing in these Terms transfers any of those rights to you, except for the limited right to use the Service in accordance with these Terms.

Where applicable, fees, billing periods and engagement scope are set out in your order form. Unless stated otherwise, fees are non-refundable. We may suspend the Service for non-payment after reasonable notice.

We provide the Service on an “as-is” and “as-available” basis. While we work hard to find real vulnerabilities and to avoid false positives, we do not warrant that the Service will identify every vulnerability in your stack, that findings will be exhaustive, or that the Service will be uninterrupted or error-free.

To the maximum extent permitted by law, we disclaim all implied warranties, including merchantability, fitness for a particular purpose, and non-infringement.

To the maximum extent permitted by law, neither party will be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, revenue, data, or goodwill, arising out of or relating to these Terms or the Service.

Our aggregate liability under these Terms will not exceed the fees you paid for the Service in the twelve (12) months preceding the event giving rise to liability.

You may stop using the Service at any time. We may suspend or terminate your access if you breach these Terms or use the Service in a way that creates risk for us, other customers, or third parties. Sections that by their nature should survive termination (including intellectual property, confidentiality, disclaimers, and liability) will survive.

We may update these Terms from time to time. If we make material changes, we will notify you through the Service or by email. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Terms.

These Terms are governed by the laws of Germany, without regard to its conflict-of-laws rules. The courts of Berlin will have exclusive jurisdiction over any dispute arising out of or relating to these Terms, except where prohibited by mandatory consumer-protection law.

Questions about these Terms? Email legal@superhack.io.