Terms of Service
Last updated: 2026-04-16
1. Introduction
These Terms of Service (“Terms”) govern the relationship between the client (“Client,” “you”) and Faultline Security, based in Portugal (EU) (“Faultline,” “we,” “us”). By engaging our services you agree to these Terms alongside any signed Statement of Work (“SOW”).
2. Scope and Statement of Work
Every engagement is defined by a mutually signed SOW that specifies the target systems, testing methodology, timeline, deliverables, and fees. In the event of a conflict between these Terms and a signed SOW, the SOW prevails.
3. Authorization to Test
The Client warrants that it has the legal authority to authorize testing on all in-scope systems and will provide written authorization before testing begins. Faultline will not commence work until authorization is received.
4. Client Obligations
The Client agrees to: (a) provide timely access to in-scope environments and any required credentials; (b) designate a primary point of contact for the engagement; (c) notify Faultline of any systems or data excluded from testing; and (d) ensure that testing activity will not violate any third-party agreements.
5. Confidentiality
Both parties agree to keep all information exchanged during the engagement confidential. Faultline will not disclose findings, reports, or any Client data to third parties without prior written consent. The Client agrees not to disclose Faultline's proprietary testing methodology or tooling. This obligation survives termination of the engagement.
6. Deliverables and Reports
Deliverables are specified in the SOW and typically include an executive summary, detailed findings report, attack narrative, and a findings walkthrough session. Reports are delivered via a secure, encrypted channel agreed upon during scoping.
7. Payment Terms
Fees, payment schedule, and accepted payment methods are set out in the SOW. Unless otherwise stated, invoices are due within 14 calendar days of issue. Faultline reserves the right to suspend work if payment is overdue by more than 30 days.
8. Limitation of Liability
Penetration testing carries inherent risk. While Faultline takes all reasonable precautions, the Client acknowledges that testing may cause service disruptions. Faultline's total liability for any claim arising from an engagement is limited to the fees paid under the corresponding SOW. Neither party shall be liable for indirect, incidental, or consequential damages.
9. Intellectual Property
The Client retains full ownership of their systems, data, and proprietary information. Upon payment, the Client receives a non-exclusive license to use the delivered reports internally. Faultline retains ownership of its testing tools, methodologies, and generic knowledge gained during the engagement, provided that no Client-specific data is included.
10. Data Handling
Any Client data accessed during testing is handled in accordance with our Privacy Policy. Faultline will securely delete all Client data, evidence, and working files within 30 days of report delivery unless a longer retention period is agreed in the SOW.
11. Termination and Cancellation
Either party may terminate the engagement with 14 days' written notice. If the Client terminates after testing has begun, fees for work completed up to the termination date are payable in full. Confidentiality obligations survive termination.
12. Governing Law and Disputes
These Terms are governed by the laws of Portugal. Any dispute that cannot be resolved amicably shall be submitted to the competent courts of Lisbon, Portugal.
13. Amendments
Faultline may update these Terms from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated to active clients via email.
14. Contact
For questions about these Terms, contact hello@faultlinesec.com.