Skip to main content

Pentrova is launching soon. Join the waitlist for early access.Join the waitlist

Last updated:

Terms of Service

These Terms of Service (the “Terms”) govern your access to and use of the Pentrova platform, website, and free tools (together, the “Services”) provided by PENTROVA TECHNOLOGIES PRIVATE LIMITED (“Pentrova”, “we”). By using the Services you agree to these Terms. If you are accepting on behalf of an organisation, you represent that you have authority to bind that organisation.

1. Acceptable use

  • You will only use the Services to scan, test, or probe systems for which you hold documented, current authorisation from the system’s owner. Scanning systems without authorisation is prohibited and may constitute a criminal offence under applicable law.
  • You will not attempt to reverse-engineer, decompile, or derive the source code of the Services, except to the extent that such restriction is prohibited by applicable law.
  • You will not interfere with, disrupt, or impose an unreasonable burden on Pentrova’s infrastructure, and you will not circumvent any access or usage controls we impose.
  • You will not use the Services to develop a competing product or service, or to benchmark the Services for publication without our written consent.
  • You will comply with all applicable export-control, sanctions, privacy, and security laws when using the Services.

2. Authorization to test

Pentrova actively probes the systems you direct it to test, so we require proof of ownership before a scan can run. This section sets out your authorisation obligations; it supplements the acceptable-use rules above.

Your authorisation warranty

For every target (domain, subdomain, IP address, API, or application) you submit, you represent and warrant that, at the time of each scan, you own the target or hold current, documented authorisation from its owner to conduct security testing of the kind Pentrova performs; that the authorisation covers automated and active testing techniques, including the request volumes and payloads such testing entails; and that the testing does not breach any agreement between you and a third party, including the acceptable-use policy of any hosting, cloud, or platform provider behind the target. Where the target is operated by a third party on your behalf, you are responsible for obtaining that provider’s consent where their policies require it.

Verification before scanning

Before a scan can run against a target, the target’s domain must be verified to your account by DNS TXT record, file upload to a well-known path, or HTML meta tag — the same pattern as common webmaster tools. Only verified domains may be scanned; a request to scan a target whose domain is not verified is rejected. Verification is scoped to your account, cannot be transferred, and cannot be claimed for a domain another account has already verified; verification expires and must be renewed periodically. Platform administrators acting on Pentrova’s own infrastructure are the only exception.

Permitted scope

Each engagement is bounded by the verified assets you define, the scan intensity you select (including unauthenticated, authenticated, and any reduced-intensity mode), and any time windows your authorisation requires. Expanding scope to a new asset requires verifying that asset’s domain first. Scope does not extend to systems discovered during a scan that fall outside your verified targets.

Prohibited targets

You must not use the Services to test any system you do not own or are not currently authorised to test; third-party systems or shared infrastructure where the operator has not consented; systems where active testing could foreseeably endanger health, safety, or critical services; or any target in a manner that violates applicable law. This authorisation requirement is distinct from, and additional to, our safety controls that block testing of internal and reserved network ranges (such as RFC 1918 private addresses and cloud-metadata endpoints) — passing a safety control does not imply you are authorised to test a target.

Audit and evidence

Pentrova records target verification and scan events — which account verified which domain, by what method, and when each scan was initiated against which target — so the authorisation behind a scan can be evidenced if a target owner ever raises a question. You are solely responsible for the lawfulness of every target you submit. Unauthorised access to or testing of computer systems is a criminal offence in many jurisdictions, including under the U.S. Computer Fraud and Abuse Act, the UK Computer Misuse Act, and the India Information Technology Act.

3. Intellectual property

Pentrova retains all right, title, and interest in and to the Services, including all related software, agent catalogs, chain catalogs, documentation, and trademarks. All rights are reserved. No licence is granted by implication.

Content you or your organisation submit to the Services (“Customer Content”) remains the intellectual property of its owner. You grant Pentrova a limited, non-exclusive licence to process Customer Content solely to provide the Services. Pentrova does not train models on Customer Content without separate written consent.

4. Warranty disclaimer

The Services are provided “AS IS” and “AS AVAILABLE”. Pentrova disclaims all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, and warranties arising from course of dealing or course of performance.

Security testing by its nature may produce false positives or miss issues. Pentrova does not warrant that the Services will identify every vulnerability in your systems, and does not warrant that findings are fit for any particular purpose beyond the analytical output the platform delivers.

5. Indemnification

You will defend, indemnify, and hold harmless Pentrova and its officers, employees, and agents from and against any claim, demand, loss, liability, damage, fine, or expense (including reasonable legal fees) arising out of or relating to your testing of any target you did not own or were not authorised to test, or your breach of the Authorization to Test Policy. This obligation survives termination of these Terms.

6. Limitation of liability

To the maximum extent permitted by law, Pentrova’s aggregate liability for any claim arising out of or relating to the Services or these Terms is limited to the fees paid or payable by you to Pentrova for the Services during the twelve months preceding the event giving rise to the claim.

In no event will Pentrova be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, including lost profits, lost data, or business interruption, even if Pentrova has been advised of the possibility of such damages.

7. AI content policy

Pentrova uses artificial intelligence in parts of the product and, selectively, in content creation. This section explains where and how we use AI, how we handle customer data, and what we expect from automated crawlers.

AI inside the product

Two components use large language models: LLM routing (scoped decisions during exploration, such as ranking candidate requests to replay or choosing the next agent) and the attack-chain resolver (composing and explaining multi-step escalation chains from the static catalog). Every resolver output is validated against the live target inside our sandbox before it surfaces in the product. These components never execute arbitrary LLM output against a customer target without that verification.

AI-assisted marketing content

Marketing copy is written by humans. Editors may use AI tools for drafting, rewriting, summarising, or translating, but every paragraph is reviewed by a named human editor before publication and every claim is checked against its source. We do not publish AI-generated testimonials, quotes, or fictionalised customer stories as real.

Customer data and training

Pentrova does not train third-party LLMs on customer content and does not opt customer workspaces into model-improvement programs. Where we use third-party LLM providers, we select providers that support a “no-train” contractual flag and enforce that flag on every request. We may use aggregate, anonymised telemetry (such as the number of LLM calls per chain or median token counts) to improve the product; no prompt content, target response body, or personally identifiable information is included in that telemetry. No customer is enrolled in in-product model experiments by default.

Crawler and training-agent policy

Pentrova publishes a machine-readable crawler policy at /ai.txt, mirrored in /robots.txt. Compliant agents must respect both files. Crawlers that do not identify themselves, ignore /robots.txt, or submit evasive user-agent strings are treated as abuse and may be rate-limited or blocked at the CDN layer.

8. Governing law and venue

These Terms are governed by the laws of India, without regard to conflict-of-laws principles. Any dispute arising out of or relating to these Terms or the Services will be resolved in the competent courts of Hyderabad, Telangana, India, and the parties consent to the exclusive jurisdiction and venue of those courts.

9. Contact

Questions about these Terms should be directed to [email protected].

Site search

↑↓ navigateEnter openEsc close