Service Agreement
Terms & Conditions

Overview of Services

SpartanX provides an AI-powered autonomous red teaming platform designed to augment technical teams by continuously performing reconnaissance, attack simulation, exploit validation, investigation, prioritization, remediation support, reporting, and reassessment across Customer-authorized attack surfaces. The Services utilize coordinated AI Agents that can identify attack paths, validate exploitability with evidence, and generate remediation outputs while preserving Customer oversight over scope, approvals, and material response decisions.

Core Service Components

Reconnaissance, Discovery, and Offensive Assessment. Our AI Agents continuously map and analyze Customer-authorized Scan Targets, including applications, APIs, networks, cloud environments, code repositories, mobile assets, and AI systems, in order to identify security weaknesses and attack opportunities. Depending on the applicable Service configuration, the Services may perform reconnaissance, dynamic testing, exploit chaining, business logic assessment, lateral movement simulation, privilege escalation testing, and related offensive security techniques against in-scope Scan Targets.

Investigation, Validation, and Evidence Generation. Our AI Agents may automatically validate discovered weaknesses, enrich findings with relevant threat intelligence, preserve execution context, map attack paths, and generate Validation Artifacts intended to demonstrate exploitability or business impact. This process is designed to reduce false positives and enable Customer teams to focus on findings that are reproducible, material, and relevant to the Customer environment.

Risk-Based Prioritization. Our prioritization agents analyze vulnerabilities in the context of your specific environment, business requirements, and threat landscape to provide intelligent risk scoring and prioritization recommendations. This helps you focus remediation efforts on the vulnerabilities that pose the greatest risk to your organization.

Remediation Support and Response Automation. Following discovery or validation activity, the Services may generate remediation guidance, code-fix suggestions, pull requests, tickets, workflow actions, compliance mappings, and similar response outputs. Customer remains solely responsible for reviewing, approving, testing, and deploying any remediation action, code change, operational response, or security decision arising from the Services.

Integration and Workflow Automation. The Services integrate with your existing security tools, development platforms, cloud environments, and business systems to provide seamless workflow automation. Our agents can automatically create tickets in systems like Jira, generate pull requests in code repositories, and integrate with your existing security operations workflows.

Service Tiers and Features

Launch Tier. Designed for early-stage startups, this tier provides essential vulnerability management capabilities with basic AI agent functionality, limited integrations, and standard support.

Growth Tier. Tailored for growing small and medium businesses, this tier includes advanced AI agent capabilities, expanded integrations, priority support, and enhanced reporting features.

Scale Tier. Built for larger, scaling businesses, this tier offers comprehensive AI agent functionality, enterprise integrations, dedicated support, advanced analytics, and custom workflow automation.

Enterprise Tier. Designed for large, complex organizations, this tier provides full platform capabilities, unlimited integrations, dedicated customer success management, custom AI agent configurations, and enterprise-grade service level agreements.

Service Provider Tier. A specialized multi-tenant license for Managed Security Service Providers (MSSPs) and other service providers to manage multiple end-customers through a unified platform with appropriate isolation and access controls.

Technology Platform

AI Agent Architecture. Our Services are built on a foundation of specialized AI agents, each designed to perform specific cybersecurity functions. These agents include:

• Ingest Agents: Connect to and import data from various sources including code repositories, cloud environments, and existing security tools
• Vulnerability Discovery Agents: Identify security vulnerabilities using advanced scanning and analysis techniques
• Data Enrichment Agents: Validate findings and enrich them with contextual information and threat intelligence
• Prioritization Agents: Analyze and score vulnerabilities based on risk, impact, and environmental factors
• Research Agents: Investigate vulnerabilities and develop detailed remediation strategies
• Fix Generation Agents: Create secure code fixes and remediation recommendations
• Automation Agents: Execute automated responses and integrate with external systems
• Reporting Agents: Generate comprehensive reports and compliance documentation

Cloud Infrastructure. The Services are hosted on Google Cloud Platform, providing enterprise-grade security, scalability, and reliability. Our infrastructure is designed to meet the highest security standards and compliance requirements.

API and Integration Capabilities. The Services provide comprehensive APIs and integration capabilities to connect with your existing tools and workflows. We support integrations with major cloud platforms, development tools, security solutions, and business systems.

Service Limitations and Scope

Scope of Coverage. While the Services are designed to provide comprehensive autonomous red teaming and offensive security assessment capabilities, they will not identify, validate, or reproduce every possible security weakness, threat, exploit path, or business logic issue. The effectiveness of the Services depends on, among other things, the completeness and accuracy of Customer-provided scope and data, the accessibility and configuration of Scan Targets, third-party dependencies, the Rules of Engagement selected by Customer, and the evolving nature of cybersecurity threats and defensive controls.

Human Oversight Required. The Services are intended to augment, not replace, qualified human judgment. Customer remains solely responsible for authorizing Scan Targets, defining and maintaining testing scope, verifying legal authority to test, reviewing findings and Validation Artifacts, approving remediation actions, and making all final decisions regarding risk acceptance, incident response, remediation deployment, and regulatory or disclosure obligations.

Third-Party Dependencies. Some features of our Services depend on third-party services and integrations. The availability and functionality of these features may be affected by changes to third-party services beyond our control.

Continuous Evolution. Our AI agents and Services are continuously improved and updated. New features may be added, and existing features may be modified or deprecated with appropriate notice to ensure the Services remain effective against evolving threats.

Account Creation and Requirements

Registration Information. To access the Services, you must create an account by providing accurate, current, and complete information, including your name, email address, company information, and other details as required by our registration process. You agree to maintain and promptly update this information to keep it accurate and complete.

Account Authority. If you are registering on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms and that the organization agrees to be bound by these Terms.

Age Requirements. You must be at least 18 years old to use the Services. The Services are not intended for use by individuals under 18 years of age.

Account Security. You are responsible for maintaining the confidentiality of your account credentials, including usernames and passwords. You agree to use strong, unique passwords for your account, enable multi-factor authentication when available, notify us immediately of any unauthorized use of your account, and take reasonable steps to prevent unauthorized access to your account.

User Management. You may authorize additional Users to access the Services under your account. You are responsible for managing User access and permissions appropriately, ensuring that all Users comply with these Terms, monitoring User activities and maintaining appropriate access controls, and promptly removing access for Users who no longer require it.

Account Responsibilities

Accurate Information. You agree to provide and maintain accurate, current, and complete information in your account profile and to promptly notify us of any changes to such information.

Compliance with Terms. You are responsible for ensuring that all Users associated with your account comply with these Terms and any applicable laws and regulations.

Security Monitoring. You agree to monitor your account for any suspicious or unauthorized activity and to report any security incidents to us promptly.

Permitted Uses

You may use the Services solely for legitimate internal cybersecurity purposes, and only in accordance with these Terms, the Documentation, the Rules of Engagement, and applicable laws. Permitted uses include assessing, validating, and managing security risk in Scan Targets that you own, operate, or are expressly authorized in writing to test; integrating the Services into your security, engineering, and compliance workflows; generating internal reports, analytics, and remediation outputs; and conducting continuous authorized red teaming, exploit validation, and retesting within Customer-approved scope.

Prohibited Activities

You agree not to, and not to permit any User or third party to:

Target Authorization. Use the Services to scan, test, attack, validate, retest, or otherwise interact with any Scan Target that you do not own, control, or have explicit written authorization to assess. You are solely responsible for obtaining, maintaining, and being able to produce, upon request, documentary evidence of your authority to test each Scan Target submitted to the Services.

Malicious or Unauthorized Offensive Activity. Use the Services to conduct unauthorized penetration testing, offensive security activity, or security research; to deploy or distribute Malicious Code except to the limited extent inherent in SpartanX-generated test payloads used within authorized scope; to facilitate cyberattacks, data theft, extortion, persistence outside authorized testing workflows, or destructive activity; or to bypass legal, contractual, or regulatory restrictions applicable to the Scan Targets or environment being tested.

Third-Party Reachability. Use the Services to assess or interact with systems, assets, or networks that become reachable through VPN connections, private interconnects, shared hosting, tenant adjacency, network integrations, trust relationships, or other forms of indirect access unless you have explicit written authorization covering those third-party environments.

Restricted Targets. Use the Services against any Restricted Targets, including government, military, defense, critical infrastructure, or healthcare and other safety-sensitive environments where disruption could reasonably create material public harm, bodily injury, or emergency interference, unless SpartanX has expressly approved such use in writing and all required authorizations have been obtained.

Rules of Engagement Acceptance. Initiate active testing, exploit validation, or retesting through the Services without first accepting the applicable Rules of Engagement and confirming that the relevant Scan Targets are in scope, authorized, and not Restricted Targets.

Illegal Activities. Use the Services for any illegal purpose or in violation of any applicable laws, regulations, or third-party rights.

Service Interference. Attempt to reverse engineer, decompile, or disassemble any part of the Services; interfere with or disrupt the integrity or performance of the Services; gain unauthorized access to the Services or related systems; or remove, alter, or obscure any proprietary notices or labels.

Competitive Activities. Use the Services to develop competing products or services, benchmark the Services for competitive purposes, or copy features, functions, or interfaces of the Services.

Data Misuse. Use Customer Data or Vulnerability Data in ways that violate applicable privacy laws or regulations, compromise the security or privacy of individuals or organizations, or share sensitive information with unauthorized parties.

Compliance Requirements

Legal Compliance. You agree to use the Services in compliance with all applicable laws, regulations, and industry standards, including but not limited to data protection laws, cybersecurity regulations, and export control laws.

Industry Standards. You agree to follow applicable industry best practices and standards for cybersecurity, data protection, and responsible disclosure of security vulnerabilities.

Responsible Disclosure. If you discover security vulnerabilities in third-party systems through use of the Services, you agree to follow responsible disclosure practices and applicable legal requirements.

Customer Responsibility for Scope and Authorization. You represent, warrant, and covenant that, before initiating any active testing or exploit validation through the Services, you have verified the applicable scope, confirmed your written authority to assess each Scan Target, and ensured that the contemplated activity complies with your internal policies, contractual restrictions, provider requirements, and applicable law.

SpartanX Intellectual Property

Ownership. SpartanX and its licensors retain all right, title, and interest in and to the Services, including all Intellectual Property Rights therein. This includes but is not limited to the AI agents and underlying algorithms, software, applications, and platforms, documentation and training materials, trademarks, service marks, and branding, and trade secrets and proprietary methodologies.

License Grant. Subject to your compliance with these Terms, SpartanX grants you a limited, non-exclusive, non-transferable, non-sublicensable license during the Subscription Term to access and use the Services solely for your internal business purposes in accordance with these Terms and the Documentation.

Restrictions. Except as expressly permitted in these Terms, you may not copy, modify, or create derivative works of the Services; distribute, sell, lease, or sublicense the Services; use the Services to provide services to third parties; or access the Services to build similar or competitive products.

Customer Intellectual Property

Customer Ownership. You retain all right, title, and interest in and to your Customer Data and any Intellectual Property Rights therein. SpartanX does not claim ownership of your Customer Data.

License to SpartanX. You grant SpartanX a limited, non-exclusive license to use your Customer Data solely to provide the Services to you, including processing and analyzing Customer Data to identify vulnerabilities, generating reports and recommendations based on Customer Data, improving the Services through aggregated and anonymized data analysis, and providing customer support and technical assistance.

Data Protection. SpartanX will protect your Customer Data in accordance with our Privacy Policy and applicable data protection laws. We will not use your Customer Data for any purpose other than providing the Services unless you provide explicit consent.

Feedback and Improvements

Feedback License. If you provide feedback, suggestions, or ideas about the Services, you grant SpartanX a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate such feedback into the Services without any obligation to you.

Service Improvements. SpartanX may use aggregated and anonymized data derived from the use of the Services to improve and enhance the Services, develop new features, and conduct research and development activities.

Third-Party Intellectual Property

Third-Party Components. The Services may include or integrate with third-party software, services, or content. Your use of such third-party components is subject to the applicable third-party terms and conditions.

Respect for Third-Party Rights. You agree to respect the Intellectual Property Rights of third parties and not to use the Services in any way that infringes or violates such rights.

Customer Data Responsibilities

Data Accuracy and Completeness. You are responsible for ensuring that all Customer Data provided to the Services is accurate, complete, and up-to-date. The effectiveness of our Services depends significantly on the quality and completeness of the data you provide.

Data Rights and Authorization. You represent and warrant that you have all necessary rights, permissions, and authorizations to provide Customer Data to SpartanX, to permit SpartanX to use such data as described in these Terms and our Privacy Policy, and to authorize SpartanX and its AI Agents to access, assess, test, validate, and interact with the applicable Scan Targets in accordance with your instructions, the Rules of Engagement, and these Terms.

Sensitive Data Handling. You acknowledge that the Services may process sensitive information including system configurations, vulnerability data, and security-related information. You agree to classify and handle such data appropriately according to your organization's data classification policies, implement appropriate access controls and security measures for sensitive data, and comply with applicable laws and regulations regarding the handling of sensitive information.

Validation Artifacts and Offensive Outputs. You acknowledge that the Services may generate Validation Artifacts, proof-of-concept materials, payload traces, exploit evidence, logs, screenshots, session data, and similar offensive-security outputs in connection with authorized testing. You are responsible for handling, storing, disclosing, and restricting access to such materials in accordance with your internal security policies, contractual obligations, and applicable law.

Data Processing and Use

Service Provision. SpartanX will process Customer Data solely for the purpose of providing the Services, including reconnaissance support, vulnerability analysis, exploit validation, attack-path mapping, risk assessment, remediation recommendations, reporting, and related operational workflows requested or enabled by Customer within authorized scope.

Data Enhancement. SpartanX may enrich Customer Data with additional information from threat intelligence sources, vulnerability databases, and other security resources to improve the accuracy and effectiveness of our Services.

Aggregated Data. SpartanX may create aggregated and anonymized data from Customer Data for purposes of improving the Services, conducting research, and developing new features. Such aggregated data will not identify you or your organization.

Data Security and Protection

Security Measures. SpartanX implements appropriate technical and organizational measures to protect Customer Data against unauthorized access, alteration, disclosure, or destruction. These measures are described in detail in our Privacy Policy.

Data Backup and Recovery. SpartanX maintains regular backups of Customer Data and implements disaster recovery procedures to ensure data availability and business continuity.

Incident Response. In the event of a security incident affecting Customer Data, SpartanX will follow our incident response procedures and notify you in accordance with applicable laws and our Privacy Policy.

Subscription Fees

Fee Structure. The Services are provided on a subscription basis according to the pricing tiers and terms specified in your Order Form. Fees are based on the selected service tier, number of users, scope of coverage, and other factors as specified in your subscription.

Fee Changes. SpartanX may modify subscription fees for subsequent renewal terms by providing at least 30 days' written notice. Fee changes will not affect your current Subscription Term.

Payment Terms

Payment Processing. Payments are processed through our third-party payment processor, Stripe. By providing payment information, you authorize SpartanX and Stripe to charge the applicable fees to your designated payment method.

Payment Schedule. Unless otherwise specified in your Order Form, subscription fees are billed annually in advance. You agree to pay all fees when due.

Late Payments. If payment is not received when due, SpartanX may charge late fees of 1.5% per month on overdue amounts, suspend access to the Services after 30 days of non-payment, or terminate your subscription after 60 days of non-payment.

Taxes. You are responsible for all applicable taxes, duties, and governmental charges related to your use of the Services, except for taxes based on SpartanX's net income.

Refunds and Credits

No Refunds. Except as expressly provided in these Terms or required by applicable law, all fees are non-refundable.

Service Credits. SpartanX may provide service credits for service availability issues as specified in applicable Service Level Agreements.

Disputed Charges. If you dispute any charges, you must notify us within 30 days of the charge. We will investigate disputed charges in good faith and provide appropriate resolution.

Service Availability

Uptime Commitment. SpartanX strives to maintain high availability of the Services. Specific uptime commitments and service level agreements are detailed in separate Service Level Agreement documents that may apply to your subscription tier.

Scheduled Maintenance. SpartanX may perform scheduled maintenance on the Services. We will provide reasonable advance notice of scheduled maintenance that may affect service availability.

Emergency Maintenance. SpartanX may perform emergency maintenance without advance notice when necessary to address security issues, critical bugs, or other urgent matters.

Operational Controls for Active Testing. SpartanX may require additional scope confirmation, Rules of Engagement acceptance, rate limiting, scheduling windows, environment-specific safeguards, or other operational controls before permitting active testing, exploit validation, retesting, or other offensive security activity against particular Scan Targets.

Support Services

Support Channels. SpartanX provides customer support through various channels including email, online documentation, and knowledge base resources. Premium support options may be available for higher-tier subscriptions.

Support Scope. Our support services include assistance with account setup and configuration, guidance on using the Services and features, troubleshooting technical issues, and best practices recommendations for cybersecurity.

Support Limitations. Support services do not include custom development or integration work, training services beyond basic product orientation, support for third-party software or services, or consulting services for cybersecurity strategy or implementation.

Suspension for Misuse or Risk. SpartanX may suspend or limit Customer's access to active testing functionality if SpartanX reasonably believes that Customer's use presents unauthorized-target risk, legal or regulatory exposure, imminent harm to third-party systems, or material risk to the stability, security, or integrity of the Services or other customers.

Service Modifications

Feature Updates. SpartanX may add new features, modify existing features, or discontinue features of the Services. We will provide reasonable notice of material changes that may affect your use of the Services.

API Changes. SpartanX may modify APIs and integration interfaces. We will provide advance notice of breaking changes and maintain backward compatibility when reasonably possible.

Service Evolution. As cybersecurity threats and technologies evolve, SpartanX may need to modify the Services to maintain their effectiveness. We will communicate significant changes and provide migration assistance when necessary.

Service Disclaimers

“AS IS” BASIS. THE SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. SPARTANX MAKES NO WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE SERVICES, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR UNINTERRUPTED OR ERROR-FREE OPERATION.

No Guarantee of Security. While SpartanX implements robust security measures and our Services are designed to identify and help remediate security vulnerabilities, we cannot guarantee that all vulnerabilities will be identified or prevented, the Services will detect all security threats or attacks, your systems will be completely secure from all threats, or third-party integrations will maintain security standards.

AI and Autonomous Testing Limitations. You acknowledge that the Services utilize autonomous and non-deterministic AI technologies that may generate variable outputs, take unanticipated testing paths within authorized scope, produce false positives or false negatives, misclassify exploitability, or generate recommendations and Validation Artifacts that require independent human review. You further acknowledge that model behavior, attack logic, prioritization outputs, and remediation suggestions may evolve over time as the Services are updated and improved.

Operational Impact Disclaimer. Customer acknowledges that authorized use of the Services for active testing, exploit validation, or autonomous red teaming may result in temporary service degradation, throttling, instability, application errors, unexpected defensive responses, account lockouts, blocked traffic, performance reduction, system crashes, data corruption, or other unintended operational effects on Scan Targets or connected environments. Customer assumes responsibility for evaluating and accepting those risks before initiating such activity.

No Guarantee of Complete Detection or Safe Execution. SpartanX does not warrant that the Services will identify every vulnerability, attack path, exploit chain, business logic flaw, or compliance issue, or that any active testing or exploit validation will execute without operational impact. Findings, risk scores, proof-of-concept outputs, and remediation suggestions are provided for informational and operational-assistance purposes only and should be independently reviewed by qualified personnel before reliance or deployment.

Third-Party Disclaimers

Third-Party Services. SpartanX disclaims all warranties and representations regarding third-party services, integrations, or content accessed through or in connection with the Services. Your use of third-party services is subject to their respective terms and conditions.

Customer Environment. SpartanX makes no warranties regarding the security, configuration, or operation of your systems, networks, or applications. You are solely responsible for maintaining appropriate security measures in your environment.

Regulatory Compliance

Compliance Responsibility. While the Services may assist with compliance efforts, you are solely responsible for ensuring that your use of the Services, your authorization to conduct active testing, your handling of Validation Artifacts and offensive outputs, and your cybersecurity practices comply with applicable laws, regulations, contractual requirements, and industry standards.

No Legal Advice. The Services do not constitute legal, regulatory, or compliance advice. You should consult with qualified professionals regarding your specific compliance requirements.

Liability Limitations

EXCLUSION OF DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SPARTANX SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, REVENUE, DATA, GOODWILL, BUSINESS OPPORTUNITIES, OR USE; BUSINESS INTERRUPTION OR DOWNTIME; SYSTEM DEGRADATION, OUTAGE, OR INSTABILITY; SECURITY INCIDENTS OR DEFENSIVE RESPONSES TRIGGERED DURING AUTHORIZED TESTING; COSTS OF SUBSTITUTE SERVICES; OR ANY OTHER COMMERCIAL LOSSES, EVEN IF SPARTANX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

MONETARY CAP. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SPARTANX'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICES, INCLUDING CLAIMS ARISING FROM OR RELATING TO AUTONOMOUS TESTING ACTIONS, VALIDATION ARTIFACTS, REMEDIATION OUTPUTS, OR OPERATIONAL EFFECTS ON CUSTOMER-AUTHORIZED SCAN TARGETS, SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY YOU TO SPARTANX DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

Exceptions to Limitations

The limitations in this section do not apply to SpartanX's indemnification obligations under these Terms, liability arising from gross negligence or willful misconduct, violations of Intellectual Property Rights, breaches of confidentiality obligations, or any liability that cannot be excluded or limited under applicable law.

Allocation of Risk

You acknowledge that the fees charged by SpartanX reflect the allocation of risk set forth in these Terms and that SpartanX would not enter into this Agreement without these limitations on its liability.

Customer Indemnification

You agree to indemnify, defend, and hold harmless SpartanX, its affiliates, officers, directors, employees, agents, and licensors from and against any claims, liabilities, damages, losses, costs, and expenses, including reasonable attorneys' fees, arising out of or relating to: (a) your use of the Services in violation of these Terms, the Rules of Engagement, applicable laws, or third-party rights; (b) any claim that your Customer Data or testing instructions infringe, violate, or misappropriate any third-party rights or violate applicable law; (c) your failure to obtain, maintain, or document sufficient authorization for any Scan Target; (d) any security assessment, exploit validation, retesting, or other offensive activity conducted against a Scan Target without proper authority; (e) claims by third parties arising from the Services reaching, affecting, or interacting with third-party systems through your VPN connections, integrations, trust relationships, cloud configurations, or network environment; or (f) your use of the Services against Restricted Targets or in a manner that causes third-party network disruption, service degradation, data loss, or similar harm.

SpartanX Indemnification

SpartanX agrees to indemnify, defend, and hold harmless you from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to claims that the Services, when used in accordance with these Terms, infringe any third-party patent, copyright, or trademark, or claims arising from SpartanX's violation of applicable data protection laws in its processing of Customer Data.

Indemnification Procedures

The indemnifying party's obligations are conditioned on the indemnified party promptly notifying the indemnifying party of any claim, granting the indemnifying party sole control of the defense and settlement, and providing reasonable cooperation in the defense of the claim.

Termination Rights

Termination for Convenience. Either party may terminate this Agreement at the end of the current Subscription Term by providing at least 30 days' written notice.

Termination for Cause. Either party may terminate this Agreement immediately upon written notice if the other party materially breaches these Terms and fails to cure such breach within 30 days of written notice, or the other party becomes insolvent, makes an assignment for the benefit of creditors, or files for bankruptcy.

Immediate Suspension or Termination. SpartanX may immediately suspend or terminate your access to all or part of the Services if: (a) you violate the acceptable use provisions of these Terms or any applicable Rules of Engagement; (b) SpartanX reasonably believes that you have submitted unauthorized Scan Targets or lack sufficient authority to conduct requested testing; (c) your use of the Services poses a security, legal, regulatory, or operational risk to SpartanX, other customers, third parties, or any connected environment; (d) SpartanX receives a complaint, abuse notice, provider escalation, or governmental inquiry relating to your use of the Services; (e) you use the Services against Restricted Targets; or (f) you fail to pay fees when due after appropriate notice.

Effects of Termination

Service Access. Upon termination, your right to access and use the Services will immediately cease.

Data Retrieval. You will have 30 days after termination to retrieve your Customer Data from the Services. After this period, SpartanX may delete your Customer Data in accordance with our data retention policies.

Retention of Abuse and Authorization Records. Notwithstanding the foregoing, SpartanX may retain logs, acceptance records, scope confirmations, Validation Artifacts, abuse-handling records, and related operational records to the extent reasonably necessary to investigate misuse, comply with law, respond to complaints, enforce these Terms, or protect SpartanX and third parties.

Survival. The following provisions will survive termination: intellectual property rights, payment obligations, confidentiality, disclaimers, limitation of liability, indemnification, and general provisions.

Refunds Upon Termination

Termination by Customer. If you terminate for convenience, you will not receive a refund of prepaid fees.

Termination by SpartanX. If SpartanX terminates for cause due to your breach, you will not receive a refund of prepaid fees. If SpartanX terminates without cause, you may receive a pro-rated refund of prepaid fees.

Informal Resolution

Before initiating formal dispute resolution proceedings, the parties agree to attempt to resolve any dispute through good faith negotiations. Either party may initiate this process by sending written notice of the dispute to the other party.

Binding Arbitration

Arbitration Requirement. Any dispute, claim, or controversy arising out of or relating to these Terms or the Services that cannot be resolved through informal negotiations shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules.

Arbitration Procedures. The arbitration shall be conducted by a single arbitrator selected in accordance with AAA rules, in Orlando, Florida, or another location agreed upon by the parties, in English language, and under the substantive laws specified in the Governing Law section.

Class Action Waiver. You agree that any arbitration shall be conducted on an individual basis and not as a class action, collective action, or representative proceeding.

Exceptions to Arbitration

The arbitration requirement does not apply to claims for injunctive or equitable relief, disputes related to Intellectual Property Rights, or small claims court proceedings within jurisdictional limits.