Terms of Service

By creating an account or using PenReport AI ("Service"), you agree to these Terms of Service ("Terms"). If you are using the Service on behalf of a company or other legal entity, you represent that you have authority to bind that entity to these Terms.

If you do not agree to these Terms, do not use the Service.

PenReport AI provides an AI-assisted platform for penetration testers to document, score, and export security findings into professional reports. The Service includes AI-powered finding expansion, CVSS 4.0 scoring, compliance mapping, and PDF/DOCX report generation.

You must be at least 18 years old and legally permitted to conduct penetration testing activities under applicable law. By using the Service, you represent that all penetration testing and security assessments you document within the Service are conducted with explicit written authorisation from the target system owners.

PenReport AI is not a tool for unauthorised access, exploitation, or any illegal security activity. We reserve the right to terminate accounts where there is reason to believe the Service is being used for unauthorised activities.

You are responsible for maintaining the confidentiality of your account credentials. You are responsible for all activities that occur under your account. Notify us immediately at legal@penreport.ai if you believe your account has been compromised.

You agree not to:

• Use the Service to document or facilitate unauthorised access to computer systems
• Submit findings derived from illegal or unauthorised testing activities
• Attempt to reverse-engineer, decompile, or extract the AI models or proprietary algorithms
• Resell or sublicense access to the Service without written agreement
• Use automated scripts to excessively load or abuse the API beyond normal usage
• Upload malicious content, malware, or exploit code intended to harm our systems

You retain full ownership of all findings, reports, and content you create within the Service. We do not claim any intellectual property rights over your data.

You grant PenReport AI a limited, non-exclusive licence to store, process, and transmit your data solely to provide the Service to you. We do not sell your data or use it to train AI models. For full details on data handling, see our Privacy Policy.

The Service uses large language models (Anthropic Claude) to assist in generating finding descriptions, remediation advice, and report summaries. You acknowledge that:

• AI-generated content may contain inaccuracies and must be reviewed before client delivery
• You are solely responsible for the accuracy and completeness of all reports delivered to clients
• PenReport AI provides the AI output as a drafting aid, not as professional security advice

Paid plans are billed monthly or annually as selected. All fees are non-refundable except as required by law or as stated in our refund policy. We reserve the right to change pricing with 30 days' notice. Continued use after price changes constitutes acceptance of the new pricing.

AI call quotas reset on the first day of each billing cycle. Unused quota does not roll over to the next cycle.

To the maximum extent permitted by applicable law, PenReport AI and its affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or goodwill, arising from your use of or inability to use the Service.

Our total liability for any claim arising under these Terms shall not exceed the amount you paid us in the three months preceding the claim.

The Service is provided "as is" and "as available" without warranties of any kind, either express or implied. We do not warrant that the Service will be uninterrupted, error-free, or that AI-generated content will be accurate or complete.

Either party may terminate the agreement at any time. Upon termination, your access to the Service will cease. You may export your data before termination. We retain data for 30 days after account deletion, after which it is permanently deleted.

We reserve the right to suspend or terminate accounts that violate these Terms, with or without notice.

We may update these Terms from time to time. We will notify you by email or through the Service at least 14 days before material changes take effect. Continued use after the effective date constitutes acceptance of the revised Terms.

These Terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

For questions about these Terms, contact us at legal@penreport.ai.