This comprehensive legal documentation ("Documentation") governs the relationship between Heim Cyber ("Company," "we," "us," or "our") and any individual or entity ("User," "you," or "your") accessing or using our authorized security testing services and related products (collectively, the "Services").

By accessing, registering for, or using our Services, you acknowledge that you have read, understood, and agree to be bound by all terms, conditions, policies, and notices contained in this Documentation. If you do not agree with any part of this Documentation, you must not access or use our Services.

This Documentation constitutes a legally binding agreement between you and Heim Cyber. We reserve the right to modify this Documentation at any time, with such modifications becoming effective immediately upon posting. Your continued use of our Services following any modifications constitutes your acceptance of the revised Documentation.

1. Service Description

Heim Cyber provides enterprise-grade security testing tools and services designed to help organizations identify and address security vulnerabilities in their systems. Our Services include but are not limited to:

• Network stress testing and resilience assessment (with explicit written authorization)
• Advanced vulnerability scanning and penetration testing tools
• Security assessment and monitoring solutions
• Threat intelligence and analysis
• Educational resources and training on security testing methodologies

2. User Eligibility and Registration

2.1 Eligibility Requirements. To use our Services, you must:

• Be at least 18 years of age or the age of legal majority in your jurisdiction, whichever is greater
• Possess the legal capacity to enter into binding contracts
• Not be prohibited from using the Services under applicable laws
• Complete the registration process accurately and truthfully
• Have legal authority to test the target systems or networks

2.2 Registration Process. During registration, you must provide accurate, current, and complete information. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to notify us immediately of any unauthorized use of your account or any other breach of security.

2.3 Enterprise Users. If you register on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind such entity to this Documentation. References to "you" or "your" in this Documentation refer to both you individually and the entity on whose behalf you are registering.

3. Authorization Requirements

3.1 Written Authorization. Before conducting any security test using our Services, you must:

• Obtain explicit written authorization from the owner of the target system or network
• Maintain documentation of such authorization for the duration of testing and for a period of at least two (2) years thereafter
• Submit proof of authorization to us upon request
• Limit testing to the scope defined in the authorization
• Adhere to any testing windows or parameters specified by the system owner

3.2 Authorization Documentation. Proper authorization documentation must include, at minimum:

• The specific IP addresses, domains, or systems to be tested
• The types of testing authorized (e.g., vulnerability scanning, penetration testing)
• The timeframe during which testing is authorized
• Contact information for responsible parties on both sides
• Signatures of authorized representatives with appropriate authority

4. Service Limitations and Restrictions

4.1 Technical Limitations. Our Services are subject to the following limitations:

• Testing must be conducted only against authorized targets
• Testing must not disrupt critical services or infrastructure
• Service availability may vary based on technical or legal constraints
• Certain advanced features may require additional verification

4.2 Usage Restrictions. You agree not to:

• Use the Services to violate any law or regulation
• Attempt to gain unauthorized access to the Services or related systems
• Interfere with other users' access to the Services
• Reverse engineer, decompile, or disassemble any aspect of the Services
• Use the Services in a manner that exceeds reasonable usage limits

5. Intellectual Property Rights

5.1 Ownership. All intellectual property rights in the Services, including but not limited to software, algorithms, user interfaces, trade secrets, trademarks, and documentation, are owned by Heim Cyber or its licensors. Nothing in this Documentation transfers any such rights to you.

5.2 License Grant. Subject to your compliance with this Documentation, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Services solely for the purposes described in this Documentation.

5.3 Feedback. If you provide any suggestions, ideas, or feedback regarding the Services ("Feedback"), you grant us a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate such Feedback into our Services without any obligation to compensate you.

6. Payment Terms

6.1 Fees and Billing. You agree to pay all fees specified for the Services. All fees are exclusive of taxes, which you are responsible for paying. Fees are non-refundable except as expressly provided in this Documentation.

6.2 Subscription Terms. Services are provided on a subscription basis. Subscription periods and renewal terms are specified during the registration process and may be updated from time to time.

6.3 Payment Methods. We accept payment via credit card, wire transfer, or other methods specified during the registration process. You authorize us to charge your payment method for all fees incurred.

7. Term and Termination

7.1 Term. This Documentation remains in effect for the duration of your use of the Services, including any subscription periods.

7.2 Termination by You. You may terminate your account at any time by following the procedures specified in the Services or by contacting our support team.

7.3 Termination by Us. We reserve the right to suspend or terminate your access to the Services if:

• You violate any provision of this Documentation
• You use the Services for unauthorized or illegal purposes
• We receive credible complaints about your testing activities
• We are required to do so by law or regulation
• We decide to discontinue the Services or any part thereof

7.4 Effect of Termination. Upon termination:

• Your right to access and use the Services will immediately cease
• You must cease all use of the Services
• Any outstanding payment obligations will become immediately due
• Sections of this Documentation that by their nature should survive termination will survive

This Privacy Policy describes how Heim Cyber collects, uses, stores, shares, and protects your information when you use our Services. By using our Services, you consent to the data practices described in this policy.

1. Information Collection

1.1 Categories of Information. We collect the following types of information:

• Account Information: Name, email address, company details, job title, and contact information
• Payment Information: Billing address, payment method details (processed through secure third-party providers)
• Service Usage Data: Testing logs, activity data, feature usage statistics
• Technical Information: IP address, browser type, device information, operating system
• Communications: Records of your interactions with our support team
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies

1.2 Collection Methods. We collect information:

• Directly from you when you register for and use our Services
• Automatically through your use of the Services
• From third-party sources, such as business partners or service providers

2. Use of Information

2.1 Primary Uses. We use collected information to:

• Provide, maintain, and improve our Services
• Process transactions and manage your account
• Monitor compliance with our terms and applicable laws
• Detect, investigate, and prevent fraudulent or unauthorized activities
• Communicate with you about service updates, technical issues, and promotional offers
• Analyze usage patterns to enhance user experience
• Respond to your requests and provide customer support

2.2 Legal Basis for Processing. We process your information based on:

• Performance of a contract when we provide you with our Services
• Our legitimate interests in operating and improving our business
• Compliance with legal obligations
• Your consent, where applicable

3. Data Retention and Security

3.1 Retention Period. We retain different types of information for varying periods:

• Account information is retained for the duration of your account plus seven (7) years
• Testing logs and activity data are retained for ninety (90) days by default
• Payment information is retained as required by applicable financial regulations

3.2 Data Security Measures. We implement industry-standard security measures to protect your information, including:

• Encryption of sensitive data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Employee training on data security practices
• Physical security measures for our facilities

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers. We may share your information with third-party service providers who perform services on our behalf, such as:

• Payment processors
• Cloud hosting providers
• Customer support services
• Analytics providers

4.2 Legal Requirements. We may disclose your information if required by law, regulation, legal process, or governmental request.

4.3 Business Transfers. In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction.

5. Your Rights and Choices

5.1 Access and Control. Depending on your jurisdiction, you may have rights to:

• Access your personal information
• Correct inaccurate information
• Delete your information (subject to legal requirements)
• Export your data in a portable format
• Object to certain processing activities
• Withdraw consent for optional processing

5.2 Exercise of Rights. To exercise these rights, please contact us using the information provided in the Contact Information section. We will respond to your request within the timeframe required by applicable law.

6. International Data Transfers

6.1 Cross-Border Transfers. Your information may be transferred to, stored, and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws.

6.2 Transfer Mechanisms. For transfers from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

1. Service Disclaimer

1.1 "As Is" Provision. THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT GUARANTEE THAT THE SERVICES WILL BE UNINTERRUPTED, SECURE, ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED.

1.2 No Security Guarantee. While our Services are designed to help identify security vulnerabilities, we do not guarantee that all vulnerabilities will be detected or that use of our Services will prevent security breaches or cyber attacks.

2. Limitation of Liability

2.1 Liability Cap. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL HEIM CYBER, ITS AFFILIATES, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATING TO THE USE OF, OR INABILITY TO USE, THE SERVICES.

2.2 Monetary Cap. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, HEIM CYBER'S LIABILITY TO YOU FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION, WILL AT ALL TIMES BE LIMITED TO THE GREATER OF (A) THE AMOUNT PAID, IF ANY, BY YOU TO HEIM CYBER FOR THE SERVICES IN THE 12 MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY OR (B) $100.

2.3 Exceptions. Some jurisdictions do not allow the exclusion of certain warranties or the limitation or exclusion of liability for certain types of damages. Accordingly, some of the above limitations may not apply to you.

3. Indemnification

3.1 User Indemnification. You agree to defend, indemnify, and hold harmless Heim Cyber, its affiliates, licensors, and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors, and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to:

• Your violation of this Documentation
• Your use of the Services, including any testing activities conducted using our Services
• Your violation of any third-party right, including without limitation any intellectual property right, publicity, confidentiality, property, or privacy right
• Any claim that your actions caused damage to a third party

4. Legal Compliance Statement

4.1 Authorized Use Only. Our tools are designed for legitimate security testing only. We explicitly prohibit the use of our Services for:

• Unauthorized access to systems or networks
• Disruption of services (DDoS attacks) without explicit authorization
• Any activity that violates local, state, federal, or international law
• Testing of critical infrastructure without proper authorization and safeguards
• Any activity intended to cause harm or damage to systems, networks, or data

4.2 Legal Responsibility. You are solely responsible for ensuring that your use of our Services complies with all applicable laws and regulations. We disclaim any responsibility for your failure to obtain proper authorization or to comply with applicable laws.

5. Force Majeure

5.1 Excused Performance. Neither party shall be liable for any failure or delay in performance under this Documentation due to circumstances beyond its reasonable control, including but not limited to acts of God, natural disasters, terrorism, riots, war, epidemics, pandemics, power failures, telecommunications failures, and government actions.

This section outlines how our Services comply with laws and regulations in various jurisdictions. Users are responsible for ensuring their use of our Services complies with all applicable laws in their jurisdiction.

1. United States Federal Law

1.1 Applicable Federal Laws. Our Services are designed to comply with relevant U.S. federal laws, including but not limited to:

• Computer Fraud and Abuse Act (CFAA): Prohibits unauthorized access to protected computers
• Electronic Communications Privacy Act (ECPA): Regulates the interception of electronic communications
• Digital Millennium Copyright Act (DMCA): Addresses copyright issues in the digital environment
• Federal Trade Commission Act: Prohibits unfair or deceptive practices
• Cybersecurity Information Sharing Act (CISA): Facilitates sharing of cyber threat information

2. State-Specific Provisions

2.1 California. For users in California, our Services comply with:

• California Consumer Privacy Act (CCPA): Grants California residents specific rights regarding their personal information
• California Privacy Rights Act (CPRA): Expands upon the CCPA with additional privacy protections
• California Online Privacy Protection Act (CalOPPA): Requires commercial websites to post a privacy policy

2.2 New York. For users in New York, our Services comply with:

• Stop Hacks and Improve Electronic Data Security Act (SHIELD Act): Imposes data security requirements
• NY Department of Financial Services Cybersecurity Regulations: Establishes cybersecurity requirements for financial institutions

2.3 Illinois. For users in Illinois, our Services comply with:

• Biometric Information Privacy Act (BIPA): Regulates the collection and storage of biometric data
• Personal Information Protection Act: Governs the protection of personal information

2.4 Virginia. For users in Virginia, our Services comply with:

• Consumer Data Protection Act (CDPA): Provides Virginia residents with rights regarding their personal data

2.5 Massachusetts. For users in Massachusetts, our Services comply with:

• Standards for the Protection of Personal Information: Establishes minimum standards for safeguarding personal information

2.6 Texas. For users in Texas, our Services comply with:

• Texas Identity Theft Enforcement and Protection Act: Requires businesses to implement and maintain reasonable procedures to protect sensitive personal information

2.7 Other States. Our Services are designed to comply with relevant laws in all 50 U.S. states. Users are responsible for ensuring their use of our Services complies with specific state laws not explicitly mentioned here.

3. European Compliance

3.1 European Union. For users in the European Union, our Services comply with:

• General Data Protection Regulation (GDPR): Comprehensive data protection framework
• Network and Information Security (NIS) Directive: Establishes security requirements for operators of essential services
• ePrivacy Directive: Regulates electronic communications and the use of cookies
• Cybersecurity Act: Creates an EU-wide cybersecurity certification framework

3.2 United Kingdom. For users in the United Kingdom, our Services comply with:

• UK GDPR: The UK's implementation of the GDPR post-Brexit
• Data Protection Act 2018: Supplements the UK GDPR
• Network and Information Systems Regulations 2018: The UK's implementation of the NIS Directive
• Computer Misuse Act 1990: Criminalizes unauthorized access to computer systems

4. International Compliance

4.1 Canada. For users in Canada, our Services comply with:

• Personal Information Protection and Electronic Documents Act (PIPEDA): Governs how private sector organizations collect, use, and disclose personal information

4.2 Australia. For users in Australia, our Services comply with:

• Privacy Act 1988 and Australian Privacy Principles: Regulates the handling of personal information
• Security of Critical Infrastructure Act 2018: Manages risks to critical infrastructure

4.3 Other Jurisdictions. Users outside the United States, European Union, United Kingdom, Canada, and Australia are responsible for ensuring compliance with their local laws and regulations. Our Services may not be available in jurisdictions where they would violate local laws.

This Acceptable Use Policy ("AUP") governs your use of our Services and is incorporated by reference into our Terms of Service. Violation of this AUP may result in suspension or termination of your access to the Services.

1. Permitted Uses

1.1 Authorized Activities. You may use our Services for:

• Authorized security testing of your own systems
• Authorized security testing of client systems (with proper documentation)
• Educational purposes in controlled environments
• Security research in compliance with responsible disclosure policies
• Vulnerability assessment and management
• Security posture evaluation and improvement

2. Prohibited Uses

2.1 Unauthorized Activities. You may not use our Services for:

• Any unauthorized testing of systems or networks
• Disruption of services or denial of service attacks without explicit authorization
• Attempts to compromise the security of any system without proper authorization
• Testing of critical infrastructure without proper safeguards and authorization
• Any activity that violates applicable laws or regulations
• Harassment, abuse, or harm of individuals or organizations
• Distribution of malware, viruses, or other harmful code
• Unauthorized access to data or accounts
• Impersonation of individuals or organizations

3. Testing Guidelines

3.1 Required Practices. When conducting security tests using our Services, you must:

• Obtain explicit written authorization before testing
• Limit testing to the scope defined in the authorization
• Conduct testing during approved time windows
• Minimize potential disruption to normal operations
• Report any unintended consequences immediately
• Maintain detailed logs of all testing activities
• Protect any sensitive data discovered during testing
• Follow responsible disclosure practices for any vulnerabilities discovered

4. Reporting Requirements

4.1 Activity Logs. You must maintain detailed logs of all testing activities, including:

• Date and time of testing
• Systems and networks tested
• Testing methodologies used
• Results and findings
• Any incidents or unexpected events

4.2 Compliance Verification. You must provide these logs upon request for compliance verification. Any security vulnerabilities discovered during testing should be reported responsibly to the system owner.

5. Enforcement

5.1 Monitoring. We reserve the right to monitor use of our Services to ensure compliance with this AUP.

5.2 Violations. If we determine, in our sole discretion, that you have violated this AUP, we may:

• Issue a warning
• Temporarily suspend your access to the Services
• Permanently terminate your access to the Services
• Report your activities to law enforcement authorities
• Take legal action against you

5.3 Reporting Violations. If you become aware of any violation of this AUP, please report it immediately to [email protected].

This Data Processing Agreement ("DPA") applies when Heim Cyber processes personal data on behalf of you as part of the Services. This DPA forms part of the Documentation between Heim Cyber and you.

1. Definitions

1.1 Terms Defined. For the purposes of this DPA, the following terms shall have the meanings set forth below:

• "Controller" means the entity that determines the purposes and means of the processing of Personal Data.
• "Data Protection Laws" means all applicable laws and regulations relating to the processing of Personal Data and privacy, including, where applicable, EU Data Protection Law.
• "EU Data Protection Law" means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) ("GDPR").
• "Personal Data" means any information relating to an identified or identifiable natural person.
• "Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means.
• "Processor" means the entity that processes Personal Data on behalf of the Controller.
• "Security Incident" means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

2. Processing of Personal Data

2.1 Roles of the Parties. The parties acknowledge that with regard to the Processing of Personal Data, you are the Controller and Heim Cyber is the Processor.

2.2 Your Processing of Personal Data. You shall, in your use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws. Your instructions for the Processing of Personal Data shall comply with Data Protection Laws.

2.3 Heim Cyber's Processing of Personal Data. Heim Cyber shall only Process Personal Data on behalf of and in accordance with your documented instructions for the following purposes:

• Processing in accordance with the Documentation
• Processing initiated by users in their use of the Services
• Processing to comply with other documented reasonable instructions provided by you where such instructions are consistent with the terms of the Documentation

3. Security Measures

3.1 Security Measures. Heim Cyber shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. These measures shall include, at a minimum:

• Encryption of sensitive Personal Data
• Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
• Ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident
• Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

4. Sub-processing

4.1 Authorized Sub-processors. You acknowledge and agree that Heim Cyber may engage third-party Sub-processors in connection with the provision of the Services. Heim Cyber shall make available to you a current list of Sub-processors for the Services upon request.

4.2 Sub-processor Obligations. Heim Cyber shall ensure that each Sub-processor performs the obligations set out in this DPA, as they apply to processing of Personal Data carried out by that Sub-processor, as if it were party to this DPA in place of Heim Cyber.

5. Security Incidents

5.1 Security Incident Notification. Heim Cyber shall notify you without undue delay after becoming aware of a Security Incident affecting Personal Data. Such notification shall contain, at a minimum:

• A description of the nature of the Security Incident including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned
• The name and contact details of Heim Cyber's data protection officer or other relevant contact from whom more information may be obtained
• A description of the likely consequences of the Security Incident
• A description of the measures taken or proposed to be taken to address the Security Incident

6. Return or Deletion of Data

6.1 Deletion or Return. Upon termination of the Services, Heim Cyber shall, at your choice, delete or return all Personal Data to you and delete existing copies unless applicable law requires storage of the Personal Data.

This Service Level Agreement ("SLA") describes the service levels that Heim Cyber will provide for the Services and specifies the remedies available to you if we fail to meet these service levels.

1. Service Availability

1.1 Uptime Commitment. Heim Cyber will use commercially reasonable efforts to make the Services available with a Monthly Uptime Percentage of at least 99.9% during any monthly billing cycle (the "Service Commitment").

1.2 Definitions. For purposes of this SLA:

• "Monthly Uptime Percentage" means the total number of minutes in a month minus the number of minutes of Downtime during that month, divided by the total number of minutes in that month.
• "Downtime" means the total minutes in a month during which any aspect of the Services is unavailable. Downtime does not include unavailability that results from:
• Scheduled Maintenance
• Your acts or omissions
• Force Majeure events
• Internet connectivity issues outside our control

2. Service Credits

2.1 Credit Schedule. If the Monthly Uptime Percentage falls below our Service Commitment in any billing cycle, you will be eligible to receive a Service Credit as follows:

2.2 Credit Request and Payment. To receive a Service Credit, you must submit a claim by sending an email to [email protected] within 30 days after the end of the month in which the Downtime occurred. Service Credits will be applied as a credit against future payments due for the Services.

3. Support Response Times

3.1 Support Tiers. Heim Cyber provides tiered support with the following target response times:

4. Maintenance Windows

4.1 Scheduled Maintenance. Heim Cyber may perform scheduled maintenance during which the Services may be unavailable. We will provide at least 48 hours' advance notice for scheduled maintenance.

4.2 Emergency Maintenance. Heim Cyber may need to perform emergency maintenance without advance notice. We will use commercially reasonable efforts to minimize the duration of such maintenance.

5. SLA Exclusions

5.1 Exclusions. This SLA does not apply to any performance issues:

• Caused by factors outside of our reasonable control
• That resulted from your equipment or third-party equipment
• That resulted from actions or inactions of you or any third party
• During beta or trial use of the Services
• Due to your failure to adhere to any required configurations or supported platforms

If you have any questions about this Documentation or our Services, please contact us using the information below:

Our support team is available Monday through Friday, 9:00 AM to 6:00 PM Pacific Time, excluding holidays. Premium support plans with extended hours are available for enterprise customers.