These Terms of Service ("Terms") govern your use of the website amitycyberesolved.com (the "Site") and any security assessment services ("Services") provided by Amity Cyber Resolved LLC ("ACR," "we," "us," or "our"). By accessing our Site or engaging our Services, you agree to be bound by these Terms.
ACR provides cybersecurity consulting services including, but not limited to, web application security assessments, attack surface mapping, vulnerability discovery, remediation verification, and ongoing security monitoring. All services are performed under a signed Statement of Work (SOW) and Non-Disclosure Agreement (NDA) specific to each engagement.
All security testing is performed only with explicit written authorization from the client. By engaging our Services, you represent and warrant that you have the legal authority to authorize security testing on the systems, applications, and infrastructure included in the scope of work. Testing will not begin until a signed SOW and NDA are in place.
Each engagement is governed by a specific SOW that defines the scope, timeline, deliverables, and rules of engagement. ACR will not test systems, applications, or networks outside the agreed-upon scope without additional written authorization.
ACR operates under strict rules of engagement for every assessment. We perform non-destructive testing by default, avoid denial-of-service attacks unless explicitly authorized, and immediately report any critical vulnerabilities discovered during testing. We will not intentionally access, modify, or exfiltrate real user data beyond what is necessary to demonstrate a vulnerability.
As a client, you agree to:
Upon completion of each engagement, ACR will deliver a detailed findings report that includes a summary of the assessment scope and methodology, individual findings with severity ratings (CVSS-scored where applicable), proof-of-concept evidence for each vulnerability, business impact analysis, prioritized remediation recommendations, and an executive summary suitable for non-technical stakeholders. Reports are confidential and will be delivered securely to authorized recipients only.
Service pricing is defined in the SOW for each engagement. Published pricing on our Site represents starting rates and may vary based on scope and complexity. Payment terms are net 15 days from invoice date unless otherwise specified in the SOW. We reserve the right to pause or suspend services for overdue accounts.
ACR treats all client information, systems, and findings as strictly confidential. We will not disclose any client data, assessment results, or vulnerability details to any third party without your explicit written consent. All engagements are covered by a mutual NDA. Our team members are bound by confidentiality obligations.
ACR performs security assessments with professional care and industry-standard methodologies. However:
All assessment reports, findings documentation, and deliverables produced during an engagement are the property of the client upon full payment. ACR retains the right to use anonymized, non-attributable data from engagements for internal research, methodology improvement, and aggregated statistics (e.g., "89% of critical findings are missed by automated scanners"). No client-identifying information will be used without explicit consent.
ACR operates under a strict code of ethics. We practice responsible disclosure for all discovered vulnerabilities, comply with all applicable laws and regulations, never use discovered vulnerabilities for unauthorized purposes, report illegal activity discovered during assessments as required by law, and maintain professional certifications and continuous education.
By using our Site, you agree not to:
Either party may terminate an engagement with written notice as specified in the SOW. Upon termination, ACR will deliver all completed work product, the client will pay for all services rendered through the termination date, and confidentiality obligations survive termination indefinitely. Retainer engagements may be cancelled with 30 days written notice.
Any disputes arising from these Terms or our Services will be resolved through good-faith negotiation between the parties. If negotiation fails, disputes will be resolved through binding arbitration in accordance with the rules of the American Arbitration Association, conducted in the state of California.
These Terms are governed by and construed in accordance with the laws of the State of California, without regard to its conflict of law provisions.
We reserve the right to modify these Terms at any time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the Site or Services after changes constitutes acceptance of the revised Terms. Material changes to engagement terms will be communicated directly to active clients.
If any provision of these Terms is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.
For questions about these Terms, please contact us:
Amity Cyber Resolved LLC
Email: hello@amitycyberesolved.com
Website: amitycyberesolved.com