Terms of Service

"Services" refers to all cybersecurity products, vulnerability assessments, compliance consulting, SIEM monitoring, and training delivered by SOC Root.

"Client" refers to the individual or legal entity that has engaged SOC Root for services.

"Authorized Scope" refers to the specific domains, IP ranges, and systems explicitly listed in the service agreement for testing or monitoring.

"Confidential Information" includes all scan results, vulnerability reports, system data, and communications exchanged during the engagement.

By engaging SOC Root's vulnerability scanning, penetration testing, or monitoring services for a domain or system, the Client warrants and represents that:

• ›They are the legal owner or authorized administrator of all in-scope systems
• ›They have obtained all necessary legal authorizations for security testing
• ›The engagement does not violate any third-party agreements or applicable laws

All services are billed as stated on the selected plan:

• ›Starter Plan: One-time payment, due before service delivery
• ›Guard, Governance, Premium Plans: Monthly subscription, billed at the start of each cycle

Refund Policy: Refunds may be requested within 7 days of service activation if no substantive work has commenced. Once a scan or report has been delivered, services are non-refundable. Disputes must be raised in writing to [email protected].

Cancellation: Monthly subscriptions may be cancelled with 14 days written notice. No pro-rated refunds for partial months.

SOC Root treats all scan results, vulnerability findings, and client system data as strictly confidential. We commit to:

• ›Not disclosing client data to any third party without explicit written consent
• ›Retaining scan data for no longer than 12 months post-engagement
• ›Encrypting all stored sensitive data using AES-256
• ›Providing a signed NDA upon request for enterprise engagements

SOC Root's vulnerability assessments identify known risks based on available intelligence and scanning templates at the time of testing. We do not guarantee that all vulnerabilities will be identified, as the threat landscape evolves continuously.

SOC Root's total cumulative liability, regardless of the nature of the claim, shall not exceed the total fees paid by the Client in the 3 months preceding the claim.

SOC Root shall not be liable for: indirect, incidental, or consequential damages; loss of profits or data; or damages arising from system downtime caused by security testing within the authorized scope.

Clients agree not to:

• ›Use SOC Root services to target systems they do not own or lack authorization to test
• ›Attempt to reverse-engineer, scrape, or misuse the SOC Root platform or API
• ›Circumvent rate limits, authentication, or security controls of the service
• ›Use SOC Root reports to facilitate attacks on third parties

These Terms are governed by the laws of the Hashemite Kingdom of Jordan. For UAE-based clients, applicable UAE Federal laws shall apply concurrently where jurisdiction requires.

In the event of a dispute, parties agree to attempt good-faith resolution within 30 days. If unresolved, disputes shall be submitted to binding arbitration under the rules of the relevant jurisdiction's commercial arbitration body.