terms & conditions

1. scope of services

Sekura AI ("Sekura," "we," "us") provides managed autonomous penetration testing services ("Services") that deploy scanner infrastructure into your cloud environment to identify security vulnerabilities. By using our Services, you ("Customer," "you") agree to these Terms.

2. authorization & scope

You represent and warrant that you are authorized to commission security testing on the targets and cloud accounts specified in your scan authorization document. Sekura will only scan the targets explicitly authorized. You are responsible for ensuring all necessary internal approvals have been obtained.

3. scanner deployment

Sekura deploys scanner infrastructure into your designated cloud account using infrastructure-as-code (Terraform). The scanner operates within your environment and communicates only with authorized targets and Sekura's management infrastructure. You are responsible for any cloud infrastructure costs incurred by the scanner instance.

4. testing methodology

Sekura's autonomous scanner performs network discovery, vulnerability assessment, and non-destructive exploitation attempts. The scanner is designed to avoid service disruption, but security testing inherently carries risk. Sekura is not liable for any service interruptions that may result from authorized testing activities.

5. data handling

Scan results and findings are stored within your cloud environment at/opt/sekura/results/. Sekura retains scan metadata (target CIDRs, scan timestamps, finding summaries) for service improvement and reporting purposes. No customer application data or credentials discovered during scanning are transmitted outside your environment.

6. confidentiality

All scan findings and vulnerability data are treated as confidential. Sekura will not disclose your scan results to third parties without your written consent, except as required by law. You agree not to publicly disclose details of Sekura's scanning methodology or proprietary techniques.

7. limitation of liability

Sekura's total liability for any claims arising from the Services is limited to the fees paid for the specific scan engagement giving rise to the claim. Sekura is not liable for indirect, incidental, consequential, or punitive damages, including lost profits or data.

8. term & termination

Each scan authorization is valid for the period specified in the authorization document (default: 30 days). Either party may terminate the engagement at any time by written notice. Upon termination, Sekura will remove all scanner infrastructure from your environment within 2 business days.

9. modifications

Sekura may update these Terms from time to time. Material changes will be communicated via email to the address associated with your account. Continued use of the Services after notification constitutes acceptance of the updated Terms.

10. governing law

These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict of law principles.

11. contact

Questions about these Terms should be directed to legal@sekura.ai.