Terms of Service
Rules for using NullSquare safely and lawfully
These terms govern access to NullSquare website, platform, free assessment, private runner, GitHub integration, reports, APIs, and related services unless a signed agreement says otherwise.
You may only scan, test, or submit targets that you own or have explicit written authorization to test. Unauthorized security testing can violate law, platform rules, and third-party rights.
Acceptance and authority
By using NullSquare, creating an account, starting a scan, connecting an integration, or submitting a target, you agree to these Terms of Service.
If you use NullSquare for a company, you represent that you have authority to bind that company. If you have a signed order form, data processing agreement, or enterprise agreement with NullSquare, that document controls where it conflicts with these terms.
Authorized use and scope
You may only scan, test, or submit targets that you own or have explicit written authorization to test.
- Define accurate targets, domains, repositories, IPs, APIs, credentials, rate limits, exclusions, and testing windows before running assessments.
- Obtain and keep evidence of authorization from asset owners, cloud providers, customers, partners, and internal stakeholders.
- Do not test third-party systems, shared infrastructure, production systems, or regulated environments unless you have permission and have configured an appropriate scope.
- Immediately stop or pause testing if an owner, provider, regulator, or affected party asks you to stop.
Rules of engagement and prohibited use
NullSquare uses safe-exploitation techniques to validate findings, but security testing always carries operational risk. You are responsible for choosing safe scopes, staging environments, rate limits, and test accounts appropriate for your systems.
- Do not use NullSquare for denial-of-service testing, destructive testing, spam, phishing, credential stuffing, persistence, malware deployment, data destruction, or unauthorized exfiltration.
- Do not submit payment card data, protected health information, government IDs, production secrets, private keys, or other highly sensitive data unless a signed agreement expressly allows it.
- Do not bypass usage limits, attack NullSquare infrastructure, reverse engineer the platform, scrape the service, resell access, or use the service to build a competing product.
- Use test credentials with least privilege, rotate credentials after assessments, and revoke access when testing is complete.
Accounts, credentials, and integrations
You are responsible for all activity under your account, API keys, tokens, private-runner keys, webhooks, and connected integrations. Keep credentials secure, use appropriate access controls, and promptly notify NullSquare of suspected compromise.
For GitHub, CI/CD, private runner, cloud, and ticketing integrations, you authorize NullSquare to access and process the information needed to perform the workflows you configure.
Customer data and intellectual property
As between you and NullSquare, you retain ownership of your targets, repositories, code, credentials, configurations, assessment inputs, reports, and findings. You grant NullSquare the limited rights needed to provide, secure, support, and improve the service.
NullSquare owns the platform, software, agents, workflows, user interface, models, documentation, templates, benchmarks, and service know-how. Feedback may be used by NullSquare without restriction or compensation.
NullSquare does not use customer code, credentials, targets, findings, or reports to train general-purpose AI models without explicit written permission.
Private runner and hosted execution
NullSquare supports both hosted scans and private-runner deployments for internal environments.
- Private-runner deployments execute inside your environment. You are responsible for runner placement, network access, secrets, resource limits, logging, and target authorization.
- Hosted execution uses isolated sandboxes that are destroyed after completion. You are responsible for making sure hosted scanning is permitted for the selected targets.
- NullSquare may suspend or limit a run if it appears unsafe, unauthorized, unlawful, abusive, misconfigured, or likely to harm NullSquare, you, or a third party.
Reports, compliance evidence, and AI outputs
NullSquare reports are technical security findings and compliance-oriented evidence. They are not legal advice, audit certification, breach notification advice, or a guarantee that your systems are secure or compliant.
AI-assisted outputs may be incomplete, inaccurate, or context-dependent. Review findings, remediation guidance, generated fixes, and compliance evidence before relying on them in production, with auditors, or with customers.
Fees, plans, and availability
Paid features, usage limits, renewal terms, taxes, and payment timing are specified at checkout, in the product, or in an order form. Fees are non-refundable except where required by law or expressly stated in writing.
NullSquare may offer a free assessment or trial with limits. We may change or end free offerings at any time. Unless a signed agreement includes an SLA, the service is provided on an as-available basis.
Confidentiality and publicity
Each party may receive confidential information from the other. The receiving party must protect confidential information using reasonable care and use it only for the relationship between the parties.
NullSquare will not publish your reports or use your name, logo, or findings in public marketing without permission, except where already public or legally required.
Suspension and termination
You may stop using NullSquare at any time. NullSquare may suspend or terminate access if you violate these terms, fail to pay, create legal or security risk, exceed limits, misuse the service, or if continued service would harm NullSquare, you, or a third party.
After termination, your right to use the service ends. Provisions about payment, ownership, confidentiality, disclaimers, liability limits, indemnity, and dispute terms continue where their nature requires.
Disclaimers and limitation of liability
To the maximum extent allowed by law, NullSquare is provided "as is" and "as available" without warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, complete vulnerability detection, or error-free results.
To the maximum extent allowed by law, NullSquare will not be liable for indirect, incidental, special, consequential, exemplary, punitive, lost profit, lost revenue, lost data, business interruption, or third-party damages. Unless a signed agreement states otherwise, NullSquare total liability is limited to the amounts you paid to NullSquare for the service giving rise to the claim in the three months before the event, or USD 100, whichever is greater.
Indemnity, law, and contact
You will defend and indemnify NullSquare from claims, damages, penalties, losses, and expenses arising from your targets, data, instructions, unauthorized testing, breach of these terms, misuse of the service, or violation of law or third-party rights.
Unless a separate agreement states otherwise, these terms are governed by the laws applicable to NullSquare principal place of business, without regard to conflict of law rules. For legal notices, contact legal@nullsquare.net.