Our Portal

Terms & Conditions

Last Updated: 10th April 2026

1. Introduction

These Terms and Conditions (“Terms”) govern access to and use of the website located at https://pentesys.com (the “Website”) and the services provided by Pentesys Ltd (“Pentesys”, “we”, “us”, “our”).

By accessing this Website or engaging our services, you agree to be bound by these Terms. If you do not agree, you must not use the Website or our services.

These Terms operate alongside any executed Master Services Agreement (MSA), Statement of Work (SoW), or other contractual documentation, which shall take precedence in the event of conflict.

2. Company Information

Pentesys Ltd is a company registered in England and Wales.

  • Registered Company Number: 15041337
  • Registered Office Address: 8 Church Green East, Redditch, England, B98 8BP
  • Contact Email: enquiries@pentesys.com

3. Nature of Services

Pentesys provides cybersecurity services including penetration testing, red teaming, threat-led penetration testing, attack surface monitoring, and advisory services.

Services may involve simulation of real-world attack techniques, including but not limited to exploitation, lateral movement, privilege escalation, and social engineering.

All services are provided strictly within agreed scope and authorisation.

Nothing on this Website constitutes a binding offer.

4. Website Use

You agree to use the Website lawfully and must not:

Attempt unauthorised access to systems or networks
Introduce malicious code or exploit vulnerabilities
Conduct automated scraping or data extraction without consent
Interfere with the performance or availability of the Website

We reserve the right to suspend or restrict access at our discretion.

5. Engagement and Scope Control

All services are subject to:

A signed Statement of Work or equivalent agreement
Explicit definition of authorised systems, users, and environments
Formal approval of testing activities

Pentesys will not perform any activity outside of agreed scope.

Any changes to scope must be formally agreed in writing.

6. Client Responsibilities

Clients are responsible for:

Ensuring full legal authority to authorise testing
Providing accurate scope information
Notifying internal stakeholders and third parties where required
Maintaining backups and operational resilience
Managing detection and response systems where applicable

Failure to meet these responsibilities may result in increased risk or service disruption.

7. Authorisation and Legal Responsibility

By engaging Pentesys, the client warrants that:

They are authorised to permit testing of all in-scope systems
Testing will not breach any laws, contracts, or third-party agreements
All necessary approvals have been obtained

Pentesys accepts no liability for unauthorised or improperly authorised engagements.

8. Inherent Risk of Security Testing

The client acknowledges that cybersecurity testing involves inherent risk, including:

System instability or outages
Data corruption or loss
Triggering of security controls or automated responses
Impact to production systems or services

Pentesys will take reasonable steps to minimise risk but does not guarantee zero impact.

9. Ethical Conduct and Safe Execution

Pentesys will:

Operate in accordance with industry standards and best practices
Use proportionate and controlled techniques
Avoid unnecessary disruption where possible

However, certain testing activities require realistic simulation and may involve intrusive actions.

10. Intellectual Property

All methodologies, tooling, frameworks, and deliverables remain the intellectual property of Pentesys unless otherwise agreed.

Clients are granted a limited, non-transferable licence to use deliverables internally.

Redistribution, resale, or publication is prohibited without written consent.

11. Confidentiality

Pentesys will treat all client information as confidential and apply appropriate safeguards.

Clients must also maintain confidentiality of:

Reports and findings
Testing methodologies
Platform access and credentials

12. Platform Usage (Mirage)

Where access to the Mirage platform is provided:

Access is granted on a subscription or contractual basis
Clients are responsible for user access management
Unauthorised access or misuse may result in suspension

Pentesys does not guarantee uninterrupted availability but will use reasonable efforts to maintain uptime.

13. Fees and Payment

Fees are defined in contractual agreements.

Unless otherwise agreed:

Invoices are payable within agreed terms
Late payments may result in suspension of services
All fees are exclusive of VAT

14. Limitation of Liability

To the fullest extent permitted by law:

Pentesys shall not be liable for indirect, incidental, or consequential loss, including loss of profit, revenue, data, or business opportunity

Pentesys does not warrant that all vulnerabilities will be identified

Total liability shall be limited to the fees paid for the relevant service engagement

15. High-Risk Activity Exclusion

Where services involve advanced adversary simulation (including red teaming or ransomware simulation):

The client accepts full responsibility for business impact resulting from authorised activities

Pentesys shall not be liable for operational disruption where actions fall within agreed scope

16. No Warranty

All services and content are provided “as is” without warranties of any kind.

Pentesys makes no guarantee regarding:

Completeness of findings
Continuous system availability
Fitness for a particular purpose

17. Third-Party Services

Pentesys may rely on third-party tools and infrastructure.

We are not responsible for third-party availability, performance, or security.

18. Suspension and Termination

We may suspend or terminate services where:

Terms are breached
Payments are overdue
Security risks are identified
Authorisation is withdrawn or unclear

19. Changes to Terms

We reserve the right to update these Terms at any time.

Continued use constitutes acceptance of the updated Terms.

20. Governing Law

These Terms are governed by the laws of England and Wales.

Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

21. Contact

Pentesys Ltd
https://pentesys.com
enquiries@pentesys.com