Terms & Conditions
These terms explain how ThreatNest services work and what the agreement covers when starting a project.
1. Services
ThreatNest provides fixed-scope application security audits. We look at how the application actually behaves in real use and document application-layer vulnerabilities, PHI tracking exposure, weak configurations, and remediation guidance. Everything stays within the agreed scope, and nothing disruptive is done unless you have clearly approved it.
2. Scope & Authorization
We only work on websites, applications, or systems you own or have permission to test. By requesting an audit, you confirm you are authorized to do so.
3. Payments
Audit pricing and payment terms are confirmed before work begins. Work usually starts once the initial payment is received, unless agreed otherwise.
4. Delivery
Audit work includes technical evidence, findings, remediation guidance, and one complimentary retest after fixes. Full documentation is delivered within 7 days unless the written scope says otherwise.
5. Limitations
A security audit does not mean an application is fully safe. New issues can appear over time as systems change or new attack methods are discovered.
6. Client Responsibility
You are responsible for applying fixes unless we have agreed to handle them. If issues are not fixed after delivery, we cannot take responsibility for any problems that come from them.
7. Third-Party Services
Some projects involve external tools or platforms like hosting, payments, or plugins. We do not control those systems and are not responsible for issues on their side.
8. Liability
ThreatNest is not responsible for indirect or unexpected damages. All work is done based on best effort and current industry practices.
9. Changes
These terms may be updated over time. Using our services means you accept the latest version.
10. Contact
If you have questions, contact:

