Terms

Services are delivered per a specific commercial proposal, with scope, timeline, and pricing agreed in writing in advance. These Terms supplement — not replace — the specific contract of each engagement.

Every pentest execution is preceded by an Authorization to Test letter signed by an authorized client representative, specifying targets, execution window, and rules of engagement.

All information received from the client — credentials, architecture, test data, identified vulnerabilities — is Confidential and protected by intrus.io's standard mutual NDA or by the specific engagement contract.

We maintain zero data retention 90 days after final report delivery, with destruction certificate provided upon request.

Billing as agreed in proposal: lump sum, installments, or recurring (PTaaS). For Brazilian clients, we issue NF-e. For international clients, invoice in USD or EUR.

Delays beyond 15 days may suspend pending report delivery and/or suspend recurring PTaaS, without prejudice to contractual penalties and statutory interest.

intrus.io's methodologies, proprietary tools, frameworks, and templates remain our exclusive property.

Technical reports delivered to the client are licensed for internal client use, including sharing with auditors, regulators, and direct technical partners. Not authorized: public republication, commercialization, or sharing with intrus.io competitors.

Novel vulnerabilities (0-day) discovered during engagement are responsibly disclosed per Coordinated Vulnerability Disclosure (CVD) policy, with prior client notification.

Pentest is a snapshot of the attack surface at testing time — does not guarantee future absence of vulnerabilities. We recommend periodic pentests.

We are not liable for: (a) downtime caused by pre-existing vulnerability identified during testing; (b) damages arising from client not implementing report recommendations; (c) consequential damages or lost profits.

Total liability limited to amount paid by the client in the 12 months preceding the event.

One-time engagements: free termination before start; after start, fee proportional to work performed.

PTaaS: 30-day notice termination. Automatic renewal absent contrary notice.

For Brazilian clients: courts of Brasília – DF, applying Brazilian law.

For European clients: courts of Leiria – Portugal, applying Portuguese law and EU regulations.

For other clients: arbitration in Brasília under CCBC rules, in Portuguese or English.