Service Agreement
Last updated: April 14, 2026
This Service Agreement (the “Agreement”) is a binding contract between SprintSeven Limited, a company incorporated in Hong Kong SAR (“SprintSeven”, “we”, “us”), and the organization identified on the relevant order form or sign-up page (the “Customer”, “you”). It governs the Customer's access to and use of the SprintRED autonomous penetration testing platform and any related services we provide (collectively, the “ Service”).
By executing an order form, signing up for an account, or otherwise indicating acceptance, you confirm that you have read this Agreement, are authorized to bind the Customer to it, and agree to its terms.
1. The Service
SprintRED is an autonomous offensive security platform that performs reconnaissance, vulnerability discovery, exploitation validation, and reporting against targets that the Customer owns or is otherwise authorized to test. The specific scope, frequency, and level of Service is defined in the order form the Customer signs.
2. Authorization to Test — Customer Responsibilities
Penetration testing is, in many jurisdictions, only lawful when conducted with the explicit authorization of the system owner. The Customer represents and warrants that, for every IP address, hostname, application, account, or other target submitted to the Service:
(a) the Customer either owns the target or has obtained explicit written authorization from the lawful owner to permit penetration testing by SprintSeven and its sub-processors; (b) such authorization extends to the techniques used by the Service, including active exploitation and validation; (c) the Customer has obtained any internal approvals required by its own change-control or compliance processes; and (d) the Customer has notified its own third-party service providers (cloud, hosting, CDN, WAF, MSSP) where their terms require advance notification of penetration testing.
The Customer will indemnify SprintSeven against any claim arising from a target submitted to the Service for which the Customer did not, in fact, hold the authorization required by this section.
3. Acceptable Use
The Customer will not, and will not permit any of its users to:
(a) use the Service against any target the Customer is not authorized to test; (b) use the Service to commit, facilitate, or attempt any act that is unlawful in the jurisdiction of the Customer, the target, or SprintSeven; (c) use the Service to disrupt critical infrastructure, life-safety systems, or systems serving primarily children; (d) attempt to interfere with the operation of the Service, evade rate limits, reverse engineer the platform, or extract its underlying models; (e) resell or sublicense access to the Service without our prior written consent; (f) use the Service to develop a competing product; or (g) submit personal data to the Service that is not strictly necessary to perform the engagement.
We may suspend access immediately, without prior notice, where we reasonably believe such use is occurring and the suspension is necessary to prevent material harm.
4. Customer Data and Findings
Customer Data means all information provided by the Customer or generated for the Customer in connection with the Service, including target definitions, credentials, scan results, findings, evidence, and reports. As between the parties, Customer Data is the property of the Customer.
We process Customer Data only as necessary to provide and improve the Service, comply with the Customer's instructions, and meet our legal obligations. We do not use Customer Data to train shared or third-party machine-learning models, and we do not disclose Customer Data to any other customer. Detailed processing terms are set out in our Privacy Policy.
On termination of the Agreement, we will, on the Customer's written request received within 30 days of termination, return or irreversibly delete the Customer Data in our active production systems. Backup copies are deleted in the ordinary course of our backup retention cycle.
5. Fees and Payment
Fees are set out in the order form. Unless otherwise stated, fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and the Customer is responsible for payment of such taxes other than taxes on SprintSeven's net income. Invoiced amounts are due within thirty (30) days of the invoice date. Late payments accrue interest at the rate of 1% per month, or the maximum rate permitted by law, whichever is lower.
6. Term, Renewal, and Termination
This Agreement begins on the date the Customer first accepts it and continues for the subscription term identified in the applicable order form. Subscriptions automatically renew for successive terms of equal length unless either party gives written notice of non-renewal at least thirty (30) days before the end of the then-current term.
Either party may terminate this Agreement immediately on written notice if the other party commits a material breach that it fails to cure within thirty (30) days of receiving written notice of the breach, or becomes the subject of insolvency proceedings. We may also terminate immediately, without liability, if we are required to do so to comply with applicable law or to prevent material harm to the Service or other customers.
7. Confidentiality
Each party may receive non-public information of the other in connection with this Agreement (“Confidential Information”). Each party will (i) protect the other party's Confidential Information using at least the same degree of care it uses to protect its own confidential information, and in no event less than a reasonable standard of care, (ii) use the other party's Confidential Information only as necessary to perform this Agreement, and (iii) limit access to its personnel who need to know it. Confidential Information does not include information that is public through no breach of this Agreement, was lawfully received from a third party without confidentiality obligations, or is independently developed without reference to the disclosing party's information.
Customer Data, scan findings, and engagement reports are treated as the Customer's Confidential Information.
8. Intellectual Property
SprintSeven and its licensors retain all right, title, and interest in and to the Service, including all software, models, methodologies, documentation, and improvements thereto, and all related intellectual property rights. The Customer is granted a non-exclusive, non-transferable, non-sublicensable right to use the Service during the subscription term solely for its internal business purposes.
Subject to the Customer's compliance with this Agreement, the Customer owns the findings and reports generated for it by the Service. We may use anonymized, aggregated metrics derived from operating the Service to improve our products, provided that no Customer Data, target identifiers, or findings can be re-identified.
9. Warranties and Disclaimers
We warrant that the Service will be performed with reasonable skill and care and substantially in accordance with its published documentation during the subscription term. The Customer's sole and exclusive remedy, and our entire liability, for breach of the foregoing warranty is, at our option, to re-perform the Service or to refund the fees paid for the affected portion.
EXCEPT AS EXPRESSLY SET OUT IN THIS AGREEMENT, THE SERVICE IS PROVIDED “AS IS”.We disclaim all other warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, and any warranty arising out of course of dealing or trade usage. Penetration testing is inherently probabilistic; we do not warrant that the Service will identify every vulnerability that exists in the Customer's systems or that any finding produced by the Service will accurately reflect real-world risk in every environment.
10. Limitation of Liability
To the maximum extent permitted by law, neither party will be liable to the other for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, goodwill, or business opportunities, arising out of or in connection with this Agreement, even if advised of the possibility of such damages.
Each party's total cumulative liability for all claims arising out of or relating to this Agreement, whether in contract, tort (including negligence), or otherwise, will not exceed the total fees paid or payable by the Customer to SprintSeven in the twelve (12) months immediately preceding the event giving rise to the claim. The foregoing limits do not apply to: (a) the Customer's payment obligations; (b) either party's indemnification obligations under this Agreement; (c) the Customer's breach of section 2 (Authorization) or section 3 (Acceptable Use); or (d) liability that cannot lawfully be excluded or limited.
11. Mutual Indemnification
By SprintSeven.We will defend the Customer against any third-party claim alleging that the Service, when used as authorized by this Agreement, infringes that third party's patent, copyright, or trademark, and will pay any damages finally awarded against the Customer by a court of competent jurisdiction, or any settlement we agree to in writing.
By the Customer.The Customer will defend SprintSeven against any third-party claim arising from (i) the Customer's breach of section 2 (Authorization), section 3 (Acceptable Use), or any law applicable to its use of the Service, or (ii) Customer Data submitted to the Service in violation of this Agreement.
Each party's indemnification obligation is conditional on the indemnified party promptly notifying the indemnifying party of the claim, granting sole control of the defense and settlement, and providing reasonable cooperation.
12. Export Controls and Sanctions
The Service may be subject to export control and economic sanctions laws of Hong Kong SAR, the United States, the European Union, and other jurisdictions. The Customer represents that neither it, nor any of its users, is located in or controlled by any country or party subject to comprehensive trade sanctions, and that it will not use the Service in any manner that would cause SprintSeven to violate any applicable export-control or sanctions law.
13. Force Majeure
Neither party is liable for any failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, war, civil unrest, terrorism, labour disputes, governmental action, internet or power failures, denial-of-service attacks against essential infrastructure, or other events of force majeure. The affected party will use commercially reasonable efforts to mitigate the effect of the event.
14. Governing Law and Dispute Resolution
This Agreement is governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region of the People's Republic of China, without regard to its conflict of laws principles. Any dispute, controversy, or claim arising out of or relating to this Agreement, or its breach, termination, or validity, will be referred to and finally resolved by arbitration administered by the Hong Kong International Arbitration Centre (HKIAC) under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted. The seat of arbitration is Hong Kong. The number of arbitrators is one. The arbitration proceedings will be conducted in English. Either party may seek interim or injunctive relief from a court of competent jurisdiction at any time.
15. General
Assignment. Neither party may assign this Agreement without the prior written consent of the other, except that SprintSeven may assign this Agreement to an affiliate or in connection with a merger, reorganization, or sale of substantially all of its assets relating to the Service. Notices. Notices to SprintSeven must be sent to [email protected] with a copy to our registered office address. Notices to the Customer will be sent to the email address on the account. Entire Agreement. This Agreement, together with any order form, our Privacy Policy, and any policies referenced in the order form, constitutes the entire agreement between the parties and supersedes all prior or contemporaneous understandings, written or oral. Amendment. No amendment is effective unless in writing and signed by both parties. Severability. If any provision is held to be unenforceable, the remainder will remain in full force and effect. No Waiver. A failure or delay in exercising any right under this Agreement does not constitute a waiver. Independent Contractors. The parties are independent contractors and nothing in this Agreement creates a partnership, agency, joint venture, or employment relationship.
16. Contact
Questions about this Agreement should be directed to [email protected].
SprintSeven Limited · Company registration number [CR Number] · 701 Singga Comm Ctr, 148 Connaught Rd West, Hong Kong