nullvector
Scan my domain
//// TERMS_OF_SERVICE

Terms of service.

Last updated · 2026-05-03

1. Purpose

These terms (the “Terms”) govern the offensive cybersecurity services (web pentesting, infrastructure audit, continuous monitoring) provided by NULLVECTOR, the trade name of a sole trader registered under SIRET 932 772 601 00013 (the “Provider”), to any legal entity or individual (the “Client”) that has accepted a quote.

2. Acceptance

Any engagement requires the Client's express acceptance of these Terms, formalized by signature of a personalized quote or a purchase order serving as a contract. No work starts before signature and payment of the deposit.

3. Service description

The Provider offers three operations, standalone or combined:

  • OP·RECON— application penetration testing (web, API, authentication) following OWASP, MITRE ATT&CK and equivalent methodologies.
  • OP·CITADEL — infrastructure audit (cloud, network, configurations, IAM, logging) per CIS Benchmarks and vendor best practices.
  • OP·SENTINEL — continuous monitoring and alerting, including SIEM rules, threat intelligence and 24/7 watch.

Exact scope, deliverables and timeline are defined in the signed quote on a case-by-case basis.

4. Pricing and invoicing

Engagements are quoted individually. The minimum engagement fee is €5,000 ex. VAT. The exact quote is established after the free preliminary scan and scope qualification. Prices are quoted in euros, excluding taxes.

Unless otherwise agreed, invoicing follows this schedule:

  • 40% upon signature of the quote (non-refundable once the engagement starts),
  • 60% upon delivery of the final report.

Invoices are payable within 30 days net by bank transfer. The mention “VAT not applicable, art. 293 B French Tax Code” appears on all quotes and invoices as long as the Provider benefits from the small-business VAT exemption. Late payment incurs penalty interest at the ECB rate plus 10 points and a flat €40 collection fee per article D.441-5 of the French Commercial Code.

5. Delivery time

The average engagement duration is 1 monthfrom kickoff to debrief. Effective timing is specified in the quote. Any delay caused by the Client (missing access, unavailable contacts, scope changes) does not engage the Provider's liability.

6. Confidentiality

The Parties commit to mutual professional secrecy. A bilateral non-disclosure agreement (NDA) is systematically signed before kickoff. All information, technical data, vulnerabilities found and deliverables are treated as strictly confidential and may not be disclosed without prior written consent of the Client.

7. Intellectual property

The Client becomes the owner of the report and recommendations upon full payment. Methodologies, tools, scripts and know-how of the Provider remain its exclusive property. The Provider retains the right to aggregate engagement statistics in anonymized form for service improvement purposes.

8. Liability

The Provider is bound by an obligation of means. Liability is capped at the amount excluding tax actually received for the relevant engagement. The following are excluded from any guarantee: indirect damages, loss of pre-existing data, loss of revenue or operating loss, and consequences of the Client's use of technical means not recommended by the Provider.

The Client warrants that it has the necessary legal authorizations to have the relevant systems tested and shall indemnify the Provider against any third-party claim arising from a lack of such authorization.

9. Force majeure

Neither Party is liable for any failure to perform due to a force majeure event as defined by article 1218 of the French Civil Code.

10. Termination

In case of material breach by either Party, the other Party may terminate the contract as of right after a notice to remedy that has remained without effect for 15 days. The deposit paid remains earned by the Provider for work already performed.

11. Personal data

Processing of personal data in connection with engagements is governed by our Privacy Policy.

12. Governing law and disputes

These Terms are governed by French law. The Parties shall endeavor to settle any dispute amicably. Failing that, and after attempted contractual mediation, any dispute falls under the exclusive jurisdiction of the courts of the editor's professional domicile.