Terms and Conditions

1. Services

Stormhold Security provides cybersecurity consulting, local AI-powered code review, web application and API penetration testing, security reviews, remediation guidance, and private AI system design. Specific scope, deliverables, timing, testing boundaries, and fees are defined in a written proposal, statement of work, authorization email, or other written agreement.

2. Authorized Testing Only

Security testing is performed only against systems, applications, repositories, accounts, networks, or workflows that you are authorized to submit for review. You represent that you have the legal authority to authorize Stormhold to test the assets included in scope.

Inquiry forms, website forms, and initial conversations do not launch automated scanning or authorize testing by themselves. Testing begins only after scope and authorization are confirmed.

3. Local AI and Code Privacy

Stormhold positions its AI-assisted code review and application testing around local or private processing to protect intellectual property, source code, application context, and sensitive data. Engagement-specific handling of repositories, credentials, logs, artifacts, and client data will be defined during scoping.

You should not provide production secrets, regulated records, credentials, or confidential third-party data unless Stormhold has requested them and an approved handling process is in place.

4. Client Responsibilities

• Provide accurate scope, ownership, authorization, and technical context.
• Identify production safety limits, maintenance windows, and prohibited testing actions.
• Provide test accounts, documentation, repositories, or access only when approved for the engagement.
• Maintain backups, monitoring, and incident response processes for systems under review.
• Review and implement remediation guidance according to your own risk decisions.

5. No Guarantee of Complete Security

Security testing, code review, AI-assisted analysis, and consulting can reduce risk, but no service can guarantee that all vulnerabilities, misconfigurations, weaknesses, or future attack paths will be found. Findings reflect the scope, access, information, time, and conditions of the engagement.

6. Deliverables and Use of Findings

Reports, findings, screenshots, proof-of-concept details, recommendations, and other deliverables are provided for defensive use by the client. You are responsible for deciding whether, when, and how to remediate identified issues.

You may not use Stormhold deliverables to attack third-party systems, violate law, bypass authorization, or disclose sensitive findings in a way that creates unnecessary risk.

7. Confidentiality

Stormhold treats non-public client information, source code, credentials, architecture details, vulnerabilities, and reports as confidential unless disclosure is authorized or required by law. Clients are also expected to protect Stormhold methodologies, non-public materials, and engagement communications.

8. Credentials and Sensitive Access

If credentials, tokens, VPN access, repository access, or other sensitive access is required, the client is responsible for providing approved access through secure channels and revoking or rotating access when the engagement is complete.

9. Fees, Scheduling, and Cancellation

Fees, payment terms, deposits, cancellation terms, and scheduling expectations are governed by the applicable proposal, invoice, statement of work, or written agreement. Stormhold may pause work for non-payment, missing authorization, unsafe conditions, or material scope changes.

10. Website Use

You agree not to misuse this website, interfere with its operation, attempt unauthorized access, submit malicious content, scrape content in a disruptive manner, or use the website to violate law or third-party rights.

11. Intellectual Property

Stormhold retains ownership of its website content, branding, templates, methodologies, tools, know-how, and pre-existing materials. Clients retain ownership of their own source code, data, systems, and pre-existing materials. Deliverable ownership and license terms may be further defined in an engagement agreement.

12. Third-Party Services

Stormhold may reference or integrate with third-party platforms, repositories, cloud services, security tools, or client-provided systems during an engagement. Stormhold is not responsible for third-party service availability, terms, security, or behavior.

13. Limitation of Liability

To the maximum extent permitted by law, Stormhold Security is not liable for indirect, incidental, special, consequential, punitive, or exemplary damages, including lost profits, lost data, business interruption, or security incidents arising from use of the website or services. Any liability will be limited to the amount paid to Stormhold for the specific engagement giving rise to the claim, unless a written agreement states otherwise.

14. Indemnification

You agree to defend, indemnify, and hold Stormhold Security harmless from claims, damages, liabilities, and expenses arising from unauthorized testing requests, inaccurate ownership or authorization claims, misuse of deliverables, violation of these terms, or violation of law.

15. Changes to These Terms

Stormhold may update these Terms and Conditions from time to time. Updated terms will be posted on this page with a revised effective date. Continued use of the website or services after updates means you accept the revised terms.

16. Contact

Questions about these terms can be sent to info@stormholdsecurity.com.