Terms of Service

These Terms of Service (the “Terms”) govern your access to and use of the websites, software, and services offered by Xtrinel, Inc. (“Xtrinel”, “we”, “us”), including the VAAST platform (collectively, the “Services”). By creating an account, installing the software, or otherwise using the Services, you agree to be bound by these Terms.

1. The Service

VAAST is a software-as-a-service offensive-security platform that helps authorized practitioners assess the security of LLM-integrated applications. Access to VAAST is provided on a monthly subscription basis in the plan tiers published on our pricing page.

2. Authorized Testing Only

You may only use the Services against systems that you own or for which you have obtained prior written authorization from the rightful owner. You are solely responsible for obtaining and maintaining that authorization. VAAST includes a scope-enforcement mechanism that requires target registration before any active probing, and you agree not to attempt to circumvent that mechanism.

Unauthorized testing of third-party systems is prohibited and may constitute a violation of the Computer Fraud and Abuse Act and analogous laws in other jurisdictions. We reserve the right to suspend or terminate your account immediately if we become aware of unauthorized use.

3. Subscription Plans, Credits, and Billing

Paid plans are billed monthly in advance through Stripe. Each plan includes a monthly allotment of scan credits that resets on the billing anniversary and does not roll over. The Pro plan supports opt-in overage billing at the rate published on our pricing page with a hard spending cap that you control. The Enterprise plan is billed annually under a signed master services agreement.

You may cancel your subscription at any time. Cancellation takes effect at the end of the current paid period, and you retain access to the Services through the end of that period. We do not refund credits that have already been consumed.

4. Your Content and Data

You retain all right, title, and interest in the targets, configurations, payloads, and findings you create or upload to the Services (“Customer Data”). You grant us a limited license to process Customer Data solely to operate the Services on your behalf. We do not sell Customer Data, and we do not use Customer Data to train machine-learning models outside of what is strictly necessary to deliver the feature you requested.

5. No Liability for Scan Results

VAAST produces findings based on probabilistic and heuristic analysis of LLM-integrated applications. Findings may contain false positives, false negatives, or errors. The Services are provided on an “as is” and “as available” basis, and Xtrinel disclaims all warranties to the maximum extent permitted by law, including any warranty that the Services will detect every vulnerability present in a target system. You are responsible for validating findings before acting on them.

To the maximum extent permitted by law, Xtrinel will not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of the Services or reliance on any scan result. Our aggregate liability for any claim arising out of or related to these Terms will not exceed the amounts you paid to us for the Services in the twelve months preceding the claim.

6. Acceptable Use

You agree not to use the Services to (a) conduct unauthorized security testing, (b) generate or distribute malware, (c) interfere with the normal operation of the Services or any third-party system, (d) reverse-engineer or resell the Services except as permitted by applicable law, or (e) violate any applicable law or regulation.

7. DMCA and Copyright

We respect the intellectual property rights of others. If you believe that material available through the Services infringes your copyright, you may submit a notice to our designated agent under the Digital Millennium Copyright Act (17 U.S.C. § 512) at [email protected]. Your notice must include the information required by 17 U.S.C. § 512(c)(3). We will process valid notices and, where appropriate, remove or disable access to the allegedly infringing material.

8. Termination

You may terminate your account at any time from the dashboard. We may suspend or terminate your access to the Services if you violate these Terms, if we are required to do so by law, or if continuing to provide the Services to you would create a material risk to Xtrinel, other customers, or third parties.

9. Governing Law and Venue

These Terms are governed by the laws of the State of Ohio, without regard to its conflict-of-laws rules. Any dispute arising out of or related to these Terms will be brought exclusively in the state or federal courts located in Franklin County, Ohio, and you consent to the personal jurisdiction of those courts.

10. Changes to These Terms

We may update these Terms from time to time. Material changes will be posted at this URL with a revised “Last Updated” date, and we will notify paid customers by email at least thirty days before material changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the revised Terms.

11. Authorized Security Testing

VAAST is a security testing tool designed for use against systems you own or have explicit written authorization to test. By using VAAST, you agree to the following:

11.1 Authorization Requirement. You may only use VAAST to test endpoints and systems for which you: (a) are the owner or operator; (b) have received explicit written authorization from the owner or operator, including via a bug bounty program scope published on platforms such as HackerOne or Bugcrowd; or (c) have a signed rules of engagement or penetration testing agreement in effect at the time of testing.

11.2 Declaration of Authorization. When you select the “Written Authorization” verification method within VAAST, you are making a legally binding declaration that the conditions in Section 11.1 are satisfied for the specified endpoint at the time of that declaration. Xtrinel logs this declaration, including the endpoint URL, timestamp, and your account identifier, as a compliance record.

11.3 Prohibited Use. You may not use VAAST to test any system without satisfying Section 11.1, regardless of the verification method selected. Testing systems outside your authorization — including systems listed in bug bounty programs that do not explicitly include the targeted endpoint in scope — is prohibited and constitutes a material breach of these Terms.

11.4 Sole Liability. Xtrinel provides VAAST as a professional security tool and relies in good faith on your declaration of authorization. Xtrinel bears no liability for any harm, claim, or legal action arising from your use of VAAST against systems for which you lack proper authorization. You agree to indemnify and hold harmless Xtrinel, its officers, employees, and affiliates from any claim arising from your unauthorized use of the tool.

11.5 Compliance with Law. You agree to use VAAST in compliance with all applicable laws, including but not limited to the Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, and equivalent statutes in your jurisdiction. Xtrinel cooperates fully with law enforcement inquiries relating to unauthorized use of its tools.

11.6 Blocklisted Endpoints. VAAST technically prevents testing of certain AI provider infrastructure endpoints regardless of declared authorization. This list is maintained at Xtrinel's sole discretion and may be updated without notice.

12. Contact

Questions about these Terms can be directed to [email protected].