These Terms of Service ("Agreement") govern access to and use of the RedSwarm automated penetration testing platform provided by RedSwarm Security Pte. Ltd. ("RedSwarm", "we", or "us"), a company incorporated in Singapore. By signing an Order Form or accessing the Services, the entity identified as the Customer ("Customer" or "you") agrees to be bound by this Agreement.
This Agreement is between two businesses (B2B). If you are accessing the Services on behalf of an organisation, you represent that you have authority to bind that organisation to this Agreement.
Định nghĩa
In this Agreement, the following terms have the meanings set out below:
- "Agreement" means these Terms of Service, the applicable Order Form, and any incorporated schedules.
- "Authorized Users" means employees or contractors of Customer permitted to use the Services under Customer's account.
- "Customer Data" means scan targets, configuration data, and vulnerability findings generated during Customer's use of the Services.
- "Documentation" means the technical guides and specifications for the Services published by RedSwarm Security.
- "Order Form" means the written or electronic order document specifying subscription tier, fees, and term.
- "Platform" means RedSwarm Security's proprietary automated penetration testing software and associated infrastructure.
- "Services" means the Platform and any professional services provided by RedSwarm Security under an Order Form.
- "Subscription Term" means the period specified in the Order Form during which Customer may access the Services.
Cấp phép sử dụng
Subject to the terms of this Agreement and payment of applicable fees, RedSwarm Security grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Platform during the Subscription Term solely for Customer's internal business security testing purposes.
Customer may permit Authorized Users to access the Services. Customer is responsible for all acts and omissions of its Authorized Users. The number of Authorized Users may not exceed the limit specified in the applicable Order Form.
Pilot and trial accounts are provided "as-is" with no warranties, indemnification obligations, or SLA commitments from RedSwarm Security.
Đăng ký & Phí dịch vụ
Subscription terms are as set out in the applicable Order Form. Unless otherwise specified:
- Subscriptions automatically renew for successive periods equal to the initial Subscription Term unless either party provides written notice of non-renewal at least 30 days before the end of the then-current term.
- RedSwarm Security may revise pricing for renewal terms upon at least 60 days' prior written notice.
- Fees are due net 30 days from the date of invoice.
- All fees are non-refundable except as expressly set out in this Agreement.
Late payments accrue interest at 1.5% per month (or the maximum rate permitted by applicable law, whichever is lower) from the due date until paid in full.
Sử dụng hợp lệ
Customer must not, and must ensure Authorized Users do not:
- Use the Services for any unlawful purpose or in violation of any applicable law or regulation
- Use the Services to scan, test, or attack systems that Customer does not own or does not have explicit written authorisation to test
- Introduce viruses, malware, or any harmful code into the Platform or RedSwarm Security's infrastructure
- Attempt to reverse engineer, decompile, or derive source code from the Platform
- Resell, sublicense, or make the Services available to third parties not covered by an Order Form
- Circumvent, disable, or interfere with any security or access control features of the Platform
- Use the Services to conduct denial-of-service attacks or disrupt third-party systems
RedSwarm Security may immediately suspend Customer's access to the Services upon reasonable belief of an Acceptable Use violation, without liability to Customer.
Nghĩa vụ khách hàng
Customer is responsible for:
- Maintaining the accuracy and completeness of all account information
- Maintaining the confidentiality of all login credentials and access tokens
- All activities that occur under Customer's account, whether or not authorised by Customer
- Obtaining all necessary consents, permissions, and authorisations before submitting any system for scanning
- Compliance with all applicable laws and regulations in connection with Customer's use of the Services
- Promptly notifying RedSwarm Security of any unauthorised access to Customer's account
Dữ liệu khách hàng
Customer retains all right, title, and interest in and to Customer Data. Customer grants RedSwarm Security a limited, non-exclusive licence to process Customer Data solely to the extent necessary to provide the Services during the Subscription Term.
RedSwarm Security may use anonymized, aggregated, and de-identified data derived from Customer Data to improve the Platform, provided such data cannot reasonably be used to identify Customer or any individual.
Customer warrants that: (a) it has the right to submit all Customer Data for processing; (b) all scan targets have been properly authorised for penetration testing; and (c) submission and processing of Customer Data does not violate any applicable law or third-party rights.
Sở hữu trí tuệ
RedSwarm Security retains all intellectual property rights in the Platform, including the underlying technology, AI models, detection methodologies, documentation, and any improvements or derivatives thereof. Nothing in this Agreement transfers any IP rights to Customer.
If Customer provides feedback, suggestions, or ideas regarding the Services, Customer grants RedSwarm Security a perpetual, irrevocable, worldwide, royalty-free licence to use such feedback for any purpose, including incorporating it into the Platform, without obligation or compensation to Customer.
Customer may not use RedSwarm Security's name, logo, or trademarks without prior written consent.
Bảo mật thông tin
Each party ("Receiving Party") agrees to keep confidential all non-public information disclosed by the other party ("Disclosing Party") that is designated as confidential or that reasonably should be understood to be confidential given its nature ("Confidential Information").
Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was known to the Receiving Party prior to disclosure; (c) is independently developed by the Receiving Party without use of Confidential Information; or (d) is required to be disclosed by law or court order, provided the Receiving Party gives prompt notice where permitted.
Confidentiality obligations survive termination of this Agreement for 5 years. Vulnerability reports and scan results are Confidential Information of Customer and subject to additional protections under Section 14.
Bảo vệ dữ liệu
Both parties shall comply with all applicable data protection laws, including the Singapore Personal Data Protection Act 2012 (PDPA) as amended. Where the Services involve processing of personal data on behalf of Customer, the parties shall enter into a separate Data Processing Addendum (DPA), which forms part of this Agreement.
RedSwarm's Privacy Policy (available at redswarm.io/privacy) describes how RedSwarm processes personal data it collects directly. RedSwarm maintains a list of sub-processors, available on request.
In the event of a data breach affecting Customer Data, RedSwarm Security will notify Customer within 72 hours of becoming aware of the breach to allow Customer to fulfil its own PDPA notification obligations.
Bảo đảm & Tuyên bố miễn trừ
RedSwarm Security warrants that: (a) it has full authority to enter into this Agreement; (b) the Services will substantially conform to the Documentation during the Subscription Term; (c) it will use commercially reasonable measures to protect Customer Data; and (d) it will comply with applicable laws in its provision of the Services.
Customer warrants that: (a) it has full authority to enter into this Agreement; (b) all scan targets submitted are owned by Customer or Customer has obtained explicit written authorisation to test; (c) it will not use the Services for any unlawful purpose; and (d) it will not introduce malicious code into the Platform.
DISCLAIMER. Except as expressly stated above, the Services are provided "AS IS". RedSwarm does not warrant that the Services will be uninterrupted, error-free, or free from security vulnerabilities. RedSwarm Security expressly disclaims all other warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, and non-infringement. Vulnerability reports reflect the state of assessed systems at the time of scanning only and are not a guarantee of complete security coverage.
Giới hạn trách nhiệm
To the fullest extent permitted by the laws of Singapore (including the Unfair Contract Terms Act, Cap. 396), and subject to the carve-outs below:
- Aggregate liability cap: RedSwarm Security's total aggregate liability to Customer under or in connection with this Agreement shall not exceed the total fees paid by Customer to RedSwarm Security in the 12 months immediately preceding the event giving rise to the claim.
- Exclusion of consequential loss: Neither party shall be liable to the other for any indirect, consequential, special, incidental, or punitive damages, or for any loss of profits, revenue, data, goodwill, or business opportunity, even if advised of the possibility of such damages.
The limitations above do not apply to: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) any liability that cannot be lawfully limited or excluded under Singapore law; or (d) Customer's obligation to pay fees under this Agreement.
Bồi thường
RedSwarm Security indemnification: RedSwarm Security will defend Customer against any third-party claim alleging that the Platform, as used in accordance with this Agreement, infringes a valid intellectual property right, and will pay resulting damages and reasonable legal costs awarded against Customer, subject to Customer: (a) providing prompt written notice of the claim; (b) giving RedSwarm Security sole control of the defence; and (c) cooperating reasonably. This indemnity does not apply if the claim arises from Customer's modification of the Platform or combination with third-party software.
Customer indemnification: Customer will indemnify and hold harmless RedSwarm Security against any third-party claims arising from: (a) Customer's breach of this Agreement; (b) Customer's submission of scan targets without proper authorisation; (c) Customer's misuse of the Services; or (d) claims relating to Customer Data.
Thời hạn & Chấm dứt
This Agreement commences on the Order Form effective date and continues for the Subscription Term, renewing as described in Section 3.
Termination for cause: Either party may terminate this Agreement on 30 days' written notice if the other party materially breaches this Agreement and fails to cure the breach within that notice period.
Immediate termination by RedSwarm Security: RedSwarm Security may suspend or terminate Customer's access immediately, without liability, if: (a) Customer fails to pay fees within 10 days of a payment reminder; (b) Customer breaches Section 4 (Acceptable Use); (c) Customer becomes insolvent or enters administration; or (d) continued access poses a security risk to the Platform or other customers.
Effect of termination: Upon termination, the licence granted under Section 2 immediately ceases. RedSwarm Security will retain Customer Data for 30 days following termination, after which it will be permanently deleted. All outstanding fees become immediately due. Prepaid fees are non-refundable. Sections 7, 8, 10, 11, 12, 14, and 15 survive termination.
Dữ liệu lỗ hổng bảo mật
All vulnerability reports, scan results, confirmed exploits, and related documentation generated by the Services are Confidential Information of Customer. RedSwarm Security will not disclose Customer's vulnerability findings to any third party without Customer's prior written consent, except as required by law.
If RedSwarm Security's scanning activity identifies a critical vulnerability in a third-party system that was not the intended scan target, RedSwarm Security will promptly notify Customer. Customer retains sole authority over disclosure decisions, including responsible disclosure to the affected third party or relevant authorities.
Important: Vulnerability reports reflect the state of assessed systems at the time of scanning. They do not constitute a guarantee of complete security coverage and are not a substitute for a comprehensive information security programme. Customer remains solely responsible for implementing and maintaining appropriate security controls after receiving a report.
Điều khoản chung
Governing Law
This Agreement is governed by and construed in accordance with the laws of the Republic of Singapore, without regard to conflict of law principles.
Dispute Resolution
Any dispute arising out of or in connection with this Agreement, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by arbitration administered by the Singapore International Arbitration Centre (SIAC) in accordance with the SIAC Arbitration Rules for the time being in force. The seat of arbitration shall be Singapore. The tribunal shall consist of one arbitrator. The language of arbitration shall be English. Either party may seek urgent interlocutory relief from the Singapore courts.
Anti-Bribery
Both parties shall comply with all applicable anti-bribery and anti-corruption laws, including the Singapore Prevention of Corruption Act (Cap. 241).
Notices
All notices under this Agreement must be in writing and delivered by email (with read receipt or 24-hour deemed receipt) to the designated contacts set out in the Order Form, or by registered post to the registered addresses of the parties.
General Provisions
- Entire Agreement: This Agreement constitutes the entire agreement between the parties and supersedes all prior representations, agreements, and understandings.
- Amendment: No amendment to this Agreement is effective unless in writing and signed by authorised representatives of both parties.
- Severability: If any provision is found void or unenforceable, the remaining provisions continue in full force.
- No Assignment: Customer may not assign this Agreement without RedSwarm Security's prior written consent. RedSwarm Security may assign to a successor entity upon notice.
- No Third-Party Rights: This Agreement does not confer any rights on third parties under the Contracts (Rights of Third Parties) Act (Cap. 53B) of Singapore.
- Relationship: The parties are independent contractors. Nothing in this Agreement creates a partnership, employment, agency, or joint venture relationship.
- Force Majeure: Neither party is liable for delays or failures in performance resulting from circumstances beyond its reasonable control, provided it gives prompt notice and uses reasonable efforts to mitigate.
- Waiver: Failure to enforce any provision of this Agreement does not constitute a waiver of the right to enforce it in the future.
Questions about these Terms? Contact us at legal@redswarm.io — we'll respond within 5 business days.