Code of Conduct

1. Authorized Use Only

DeepSight Security's penetration testing and OSINT services may only be directed at systems, domains, and infrastructure that you own or for which you have obtained explicit written authorization from the owner. You represent and warrant that:

• You are the legal owner of the registered domain, or you hold a valid, documented authorization from the domain owner to permit security testing.
• You have the authority to enter into this agreement on behalf of your organization.
• You will not use DeepSight services to test, probe, scan, or attack systems belonging to third parties without their explicit written consent.

Domain ownership is verified through a DNS TXT record. By adding this record, you confirm you have the authority and authorization to permit OSINT analysis and security testing against the registered domain.

2. Prohibited Activities

You must not use DeepSight services to:

• Conduct unauthorized access, intrusion, or attack against any system not explicitly within your authorized scope.
• Disrupt, degrade, or deny service to any system, network, or third party.
• Collect, store, or exploit personal data of individuals without lawful basis.
• Violate any applicable local, national, or international law or regulation, including but not limited to the Computer Fraud and Abuse Act (CFAA), the EU Network and Information Security (NIS2) Directive, and equivalent legislation.
• Use findings or intelligence produced by DeepSight for any offensive, harmful, or malicious purpose.
• Share, resell, or redistribute scan results or reports to unauthorized parties.
• Misrepresent your identity, authorization status, or affiliation when registering or using our services.

3. Scope Responsibility

You are solely responsible for defining an accurate and lawful engagement scope. DeepSight performs testing based on the domain registered and verified under your account. You must ensure that:

• The scope does not include systems belonging to third parties, shared hosting environments where testing may affect other tenants, or infrastructure outside your ownership or authorization.
• Any third-party vendors, cloud providers, or service providers whose infrastructure is within scope have been notified and have provided their consent where required.
• You have reviewed and complied with any penetration testing policies of third-party platforms (e.g., cloud providers such as AWS, Azure, or GCP) that may be part of your infrastructure.

4. No Liability for Service Disruption or System Impact

Penetration testing and vulnerability analysis, by their nature, involve active interaction with live systems. While DeepSight employs professional methodologies and takes reasonable precautions to minimize impact, you acknowledge and accept that:

• System disruption: Testing activities may, in some cases, cause unintended disruption, degradation, slowdown, instability, or temporary unavailability of systems, services, applications, or networks within the authorized scope.
• Data impact: In rare circumstances, active testing may trigger automated responses, alter system state, or interact with data in unintended ways.
• Third-party effects: Testing may have unintended effects on third-party services, integrations, or shared infrastructure connected to your systems.

DeepSight Security, its officers, employees, agents, and affiliates shall not be liable — under any theory of law including negligence, strict liability, or contract — for any direct, indirect, incidental, consequential, special, or punitive damages arising from or related to the use of our services, including but not limited to:

• Downtime, outages, or service interruptions of any of your systems or third-party systems.
• Data loss, corruption, or unintended modification.
• Revenue loss, business interruption, or reputational damage.
• Any consequences arising from vulnerabilities discovered, exploited, or left unremediated.
• Actions taken by third parties in response to findings generated by our services.

By using DeepSight services, you assume full responsibility for the risks inherent to security testing against your systems. You are strongly advised to maintain current, tested backups and to schedule testing during low-traffic maintenance windows where possible.

5. Responsible Disclosure

Findings produced by DeepSight are confidential and intended solely for your organization's internal use and remediation. You agree to:

• Not publicly disclose specific vulnerability details without appropriate coordination and, where applicable, notifying affected vendors.
• Use findings exclusively for the purpose of improving your organization's security posture.
• Notify DeepSight if you become aware that any report or finding has been accessed by or disclosed to unauthorized parties.

6. Legal Compliance

You are solely responsible for ensuring your use of DeepSight services complies with all applicable laws and regulations in your jurisdiction, including data protection, cybersecurity, and computer misuse legislation. DeepSight does not provide legal advice. If you are uncertain whether a proposed engagement is lawful, you should seek independent legal counsel before proceeding.

7. Account Integrity

You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify DeepSight immediately if you suspect unauthorized access to your account. You may not share, transfer, or permit third parties to use your account without prior written authorization from DeepSight.

8. Enforcement and Termination

DeepSight reserves the right to suspend or terminate your account, without notice, if we determine — at our sole discretion — that you have violated this Code of Conduct, our Terms of Service, or any applicable law. We also reserve the right to report violations to law enforcement or regulatory authorities where appropriate.

9. Indemnification

You agree to indemnify, defend, and hold harmless DeepSight Security and its officers, directors, employees, agents, and affiliates from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or related to: (a) your use of our services; (b) your violation of this Code of Conduct or any applicable law; (c) any claim by a third party arising from your use of our services; or (d) any unauthorized or out-of-scope testing conducted using your account.

10. Governing Law

This Code of Conduct shall be governed by and construed in accordance with applicable law. Any disputes arising under or in connection with this Code of Conduct shall be subject to the exclusive jurisdiction of the competent courts of the jurisdiction in which DeepSight Security is registered.

11. Contact

If you have questions about this Code of Conduct or wish to report a violation, contact DeepSight Security through the platform or via the contact information provided in your account settings.