Last updated: April 26, 2026
These Terms of Service (“Terms”) form an agreement between KAOS S.L.U, a company organized under the laws of the Principality of Andorra, registered under L-720087-H, with registered address at Avda Francesc Cairat, 22, 1-1, AD600, Sant Julia de Loria, Andorra (“KAOS”, “we”, “us”), and the entity or individual subscribing to or using our services (“Customer”, “you”).
Where the Customer is established in the European Economic Area, certain GDPR-related processing is performed by our affiliate KAOS AI SECURITY, S.L., NIF Provisional B24966996, C/ Concilio de Trento, 213, 4a Pta. 2, 08020 Barcelona, Spain.
KAOS provides:
The specific scope, deliverables, and pricing of an engagement are defined in an Order Form, Statement of Work, or online subscription confirmation that incorporates these Terms.
The Services are tools and personnel used to perform offensive security testing. You agree that you will only use the Services to test assets you own or for which you have explicit, current, written authorization from the asset owner. You are solely responsible for defining the scope, obtaining authorization, and complying with all applicable laws.
You will provide accurate target and scope information. Running the Services against systems you are not authorized to test is a material breach of these Terms and may be illegal under applicable law (including the Computer Fraud and Abuse Act, the EU NIS2 Directive, and equivalent local statutes).
You will not, and will not permit any user to:
KAOS retains all rights, title, and interest in and to the Services, the platform, its underlying technology, models, prompts, and documentation. We grant you a limited, non-exclusive, non-transferable license to use the Services during the term, solely for your internal business use.
You retain ownership of your data, your targets’ data, and the deliverables generated for you under a Statement of Work, subject to our right to use aggregated and de-identified data to improve our products.
Fees are stated in your Order Form or subscription page. Unless otherwise stated, fees are exclusive of taxes, are non-refundable, and are due on the schedule specified. Late payments accrue interest at the legal rate.
These Terms remain in effect while you use the Services. Either party may terminate for material breach not cured within 30 days of written notice. We may suspend immediately for security threats, non-payment past due, or violations of Section 3 or 4. Upon termination, your access ends and we will return or delete your data per the Data Processing Agreement.
We will provide the Services with reasonable care and skill in line with industry standards. Except as expressly stated, the Services are provided “as is” and “as available” without warranties of any kind, whether express, implied, statutory, or otherwise, including merchantability, fitness for a particular purpose, non-infringement, and any warranty that vulnerabilities will be identified or that systems will be secure. Offensive security testing is inherently probabilistic.
To the maximum extent permitted by law, neither party will be liable for indirect, incidental, special, consequential, or punitive damages, or for lost profits, lost revenue, lost data, or business interruption. Each party’s aggregate liability arising out of or related to these Terms will not exceed the fees paid by Customer to KAOS in the 12 months preceding the event giving rise to the claim. Nothing in these Terms limits liability for fraud, gross negligence, willful misconduct, or any other liability that cannot be excluded by law.
You will defend, indemnify, and hold harmless KAOS from any third-party claim arising out of (a) your use of the Services in violation of these Terms; (b) your lack of authorization to test a target; or (c) your data or instructions submitted to the Services.
We will defend you against any third-party claim that the Services as provided infringe a valid intellectual property right, subject to standard exceptions and our right to modify or replace the affected component.
Each party will protect the other’s confidential information using at least the same degree of care it uses to protect its own (and no less than reasonable care). Findings, scopes, and engagement reports are confidential.
These Terms are governed by the laws of the Principality of Andorra, without regard to conflict-of-law rules. The competent courts of Andorra la Vella shall have exclusive jurisdiction over any dispute, except that consumers resident in the European Union retain the protection of mandatory provisions of the law of their country of residence and may bring proceedings before the courts of their domicile as required by EU consumer law.
These Terms, together with any Order Form, Statement of Work, the Privacy Policy, and the Data Processing Agreement, constitute the entire agreement. If any provision is held unenforceable, the remainder will continue in effect. Neither party may assign these Terms without the other’s consent, except to an affiliate or in connection with a merger or sale of substantially all assets.
Legal notices: legal@kaos.ad.