Master Service Agreement
Scope of Services
Infilux AppSec agrees to provide elite cybersecurity services as scoped in individual Statements of Work (SOWs). This may include but is not limited to vulnerability assessments, penetration testing, compliance auditing, and managed security operations.
Authorization & Consent
By engaging our services for penetration testing or red teaming, the client grants unreserved authorization for our operatives to simulate cyberattacks against the scoped infrastructure. The client assures they hold the legal authority to authorize such testing on targeted assets.
Confidentiality & Non-Disclosure
Both parties agree to a mutual Non-Disclosure Agreement (NDA). Any vulnerabilities discovered, proprietary architectures observed, or operational intel collected will be strictly compartmentalized and guarded against unauthorized disclosure with military precision.
Limitation of Liability
While we operate with extreme precision, security testing carries inherent risks to system stability. Infilux AppSec shall not be held liable for incidental downtime, data loss, or business interruptions occurring directly from authorized testing scenarios within the agreed scope.
Client Responsibilities
The client must ensure that all systems, applications, and networks targeted for assessment are thoroughly backed up prior to engagement. The client must also designate authorized points of contact for emergency escalations during our operations.
Intellectual Property Rights
All methodologies, scripts, testing architectures, and proprietary tools utilized by Infilux AppSec remain our exclusive property. The final security reports and deliverables become the exclusive property of the client upon full payment for services rendered.
Payment & Invoicing
Invoices are strictly payable within 30 days of receipt unless otherwise specified in your Statement of Work. Infilux AppSec holds the right to suspend ongoing active monitoring or delay deliverable handover if financial obligations remain unmet.
Service Accuracy
Our assessments provide a point-in-time snapshot of your security posture. We deploy the most advanced tactics available, but no security evaluation is omniscient. A clean report does not guarantee absolute immunity against zero-day exploits or future vulnerabilities.
Term & Termination
Service agreements may be terminated by either party with 30 days written notice, provided all outstanding obligations are met. Immediate termination scenarios are invoked in cases of material breach or unauthorized hostile actions affecting either party.
Indemnification
The client agrees to indemnify and hold harmless Infilux AppSec from any third-party claims arising from testing activities on systems or networks for which the client failed to secure proper authorization or ownership rights prior to the engagement.
Governing Law
These Operational Agreements shall be governed by and construed in accordance with international commercial law and the specific jurisdiction defined in the finalized SLA or master service agreement with the client.
Amendments to Terms
Infilux AppSec may update these Operational Agreements as service parameters evolve. Material changes affecting active client engagements will be communicated securely. Continued use of our SOC or consulting services implies consent to the revised terms.
Last Updated: March 2026