ONINET Terms of Service

1. Definitions

In these Terms of Service, the following definitions apply:

"Software" means any software product developed by Nettorii Ltd, including ONINET.
"Licensee" or "you" means the individual or organisation holding a valid Subscription.
"Service" means the Software, the customer portal, documentation, and any support provided by Nettorii Ltd.
"Subscription" means the paid licence entitlement granting access to the Service.

Capitalised terms used but not defined in these Terms have the meanings given to them in the EULA.

2. Authorised Use Only

ONINET is a security operations platform designed exclusively for authorised penetration testing, red team engagements, security research, and educational purposes. You must have explicit written authorisation from the owner of any system, network, or application before using ONINET against it.

Unauthorised access to computer systems is a criminal offence under applicable laws including but not limited to the Computer Misuse Act 1990, the Computer Fraud and Abuse Act (CFAA), and equivalent legislation in your jurisdiction.

3. Responsibility and Indemnification

You are solely responsible for ensuring that your use of ONINET complies with all applicable laws, regulations, and contractual obligations. You agree to indemnify and hold harmless Nettorii Ltd, its directors, employees, and agents from claims, damages, losses, or expenses (including legal fees) arising from: (a) your use of the Software in breach of these Terms, the EULA, or the AUP; (b) your use of the Software in violation of applicable law; (c) unauthorised testing of systems for which you do not hold written authorisation; or (d) third-party claims arising from your actions or omissions while using the Software. Nothing in this clause requires you to indemnify Nettorii for losses caused by Nettorii's own negligence.

4. Data Locality

ONINET runs primarily on your hardware. Your engagement findings, credentials, reports, session recordings, and workspace files remain on your local systems and are not transmitted to Nettorii. Limited operational metadata (including IP address, device fingerprint, container count, and aggregate engagement metrics) is transmitted as part of licence verification — see Section 8 (Telemetry and Compliance) and our Privacy Policy for full details.

5. Licence Binding

Your licence key is bound to your account and may not be shared, redistributed, or transferred. Your licence is also bound to specific hardware via device fingerprinting; see EULA Section 5 for full details on device binding, activation limits, and deactivation procedures.

Abuse of the licensing system, including but not limited to key sharing, circumvention of device binding, or redistribution, may result in enforcement action. Nettorii may, at its discretion, issue a warning, suspend access, or revoke the licence. In the event of revocation for material breach, Nettorii is not obligated to refund fees for the period during which the breach occurred. Nothing in this clause affects any statutory right to a refund.

6. Compliance Verification

Nettorii reserves the right to verify the Licensee's compliance with these Terms, the EULA, and the AUP. This may include:

(a) Automated verification through the licence validation and heartbeat system, which monitors active device counts, seat usage, and subscription limits.

(b) Upon reasonable notice (not less than 14 days), requesting that the Licensee provide evidence of compliance, including but not limited to: the number of active installations, confirmation that usage is within the licensed tier limits, and (for TEAM and ENTERPRISE licensees) confirmation that testing authorisation records are maintained as required by the AUP.

Nettorii will not request access to the Licensee's engagement data, findings, credentials, or operational workspaces as part of any compliance verification.

If a compliance verification reveals a material breach (e.g., seat count exceeds licensed tier, key sharing), Nettorii will notify the Licensee and provide 30 days to cure the breach before escalating in accordance with the Revocation section (Section 7).

7. Revocation and Termination

Your licence may be revoked if you breach these Terms, the EULA, or the AUP. Where a breach is capable of remedy, Nettorii will provide written notice specifying the breach and allow 14 days to cure. Breaches incapable of remedy — including unauthorised access to third-party systems, licence key sharing, and circumvention of security controls — may result in immediate revocation.

Upon licence expiry or revocation, you must cease use of the Software. Your local workspace data remains yours — Nettorii does not delete or access your files.

8. Telemetry and Compliance

ONINET performs periodic licence validation and heartbeat checks approximately every 5 minutes. These transmit limited metadata including: IP address, country code, device fingerprint, system hostname, OS name, active container count, and aggregate engagement metrics (session hours, hosts discovered, tool usage counts). No credentials, findings, scan results, tool output, command history, or workspace files are transmitted. Full details are in our Privacy Policy.

By using this Software you consent to these operational communications.

9. Warranty Disclaimer

Except to the extent prohibited by applicable law, the Software is provided without warranty beyond those expressly set out in these Terms. Nothing in these Terms excludes or limits any statutory rights you may have under the Consumer Rights Act 2015 (if you are a consumer) or any other mandatory applicable law. Subject to the foregoing, Nettorii does not warrant that the Software will be error-free, uninterrupted, or suitable for any particular purpose.

10. Changes to Terms

Nettorii may update these Terms of Service from time to time. Material changes will be notified via the customer portal and by email at least 30 days before taking effect. If you do not agree to the proposed changes, you may terminate your Subscription before the changes take effect and receive a pro-rated refund for the remaining unused portion. Continued use of the Software after the effective date of updated Terms constitutes acceptance.

11. Governing Law

These Terms of Service are governed by and construed in accordance with the laws of England and Wales. Any disputes arising under these Terms shall be subject to the exclusive jurisdiction of the courts of England and Wales.

12. Dispute Resolution

Before commencing court proceedings, the parties shall attempt to resolve any dispute through negotiation between senior representatives within 30 days. If unresolved, either party may refer the dispute to mediation under the CEDR Model Mediation Procedure. If mediation fails to resolve the dispute within 60 days, either party may commence court proceedings in accordance with Section 11.

13. Hierarchy of Legal Terms

These Terms of Service, together with the End User Licence Agreement (EULA), Privacy Policy, and Acceptable Use Policy, form the complete agreement between you and Nettorii Ltd. In the event of any conflict between these documents, the following hierarchy shall apply (highest precedence first):

1. Signed written agreement between the parties
2. End User Licence Agreement (EULA)
3. Terms of Service (this document)
4. Acceptable Use Policy
5. Privacy Policy

This hierarchy applies to commercial and licensing terms only. Data protection obligations in the Privacy Policy required by applicable law (including UK GDPR) are not diminished by higher-ranking documents.

14. Services and Subscription Tiers

ONINET is offered through multiple subscription tiers, each including the full platform, all tools, and all satellites. Current tier details, seat limits, device allowances, pricing, and tier-specific features are described in the EULA and on the customer portal.

Nettorii reserves the right to modify tier structures with reasonable notice. Material changes to paid tiers will be communicated in accordance with Section 10 (Changes to Terms).

15. Service Availability

Nettorii targets 99.5% availability for the customer portal and licence validation services, measured monthly. Availability depends on our third-party infrastructure providers (Cloudflare, Supabase, Stripe) and is subject to their respective uptime commitments and service level agreements.

Scheduled maintenance will be communicated via the customer portal at least 48 hours in advance where reasonably practicable. Emergency maintenance to address security vulnerabilities or critical issues may be performed without advance notice.

The following are excluded from availability calculations: (a) scheduled maintenance windows; (b) force majeure events (see the Force Majeure section); (c) outages caused by the Licensee's equipment, network, or third-party services outside Nettorii's control; (d) outages of third-party infrastructure providers (Cloudflare, Supabase, Stripe).

The ONINET CLI includes an offline grace period for licence validation. If the licence server is temporarily unavailable, the Software will continue to function using cached entitlements for up to 30 days.

If availability falls below 99.5% in any calendar month (excluding the above exclusions), affected Licensees on paid subscriptions may request a service credit equal to 5% of their monthly subscription fee for each full percentage point below the target, up to a maximum of 30% of that month's fee. Service credit requests must be submitted within 30 days of the affected month.

Nettorii's sole obligation and the Licensee's sole remedy for service unavailability is the issuance of service credits as described above.

16. Payment Terms

All subscription fees are charged in advance on a recurring basis (monthly or annually) via Stripe. Prices are displayed inclusive or exclusive of VAT as applicable and are determined by your billing address.

You authorise Nettorii to charge your designated payment method for all applicable fees. If a payment fails, Nettorii will attempt to process the payment up to three times over a 14-day period. If payment cannot be collected, Nettorii may suspend access to the Software and customer portal until the outstanding balance is settled.

Price changes will be communicated at least 30 days before taking effect. Existing subscription terms will be honoured until the end of the current billing period; the new price applies from the next renewal.

Nettorii does not store payment card details. All payment processing is handled by Stripe (PCI DSS Level 1 certified). See Stripe's terms at stripe.com/legal for payment processing terms.

All fees are non-refundable except as expressly stated in the Refund Policy section (Section 27) or as required by applicable law.

17. Support and Maintenance

Nettorii provides the following support for paid subscriptions:

Support channels: email ([email protected]) and the customer portal.

Response times (business hours, Monday to Friday, 09:00-17:00 GMT/BST, excluding UK public holidays):
— Critical (platform unusable): target 4 business hours initial response
— High (major feature impacted): target 8 business hours initial response
— Medium (minor feature impacted): target 2 business days initial response
— Low (general enquiry): target 5 business days initial response

Response times are targets, not guarantees, and do not constitute a binding SLA for support response.

Support includes: assistance with installation, activation, and configuration; investigation of suspected bugs or defects; guidance on platform features and capabilities.

Support excludes: training or consultancy services; assistance with third-party tools beyond basic configuration within the ONINET container; custom development or feature requests; issues caused by the Licensee's hardware, operating system, or network configuration.

Nettorii may release updates, patches, and security fixes at its discretion. The Software's automatic update mechanism ensures Licensees receive the latest version. See the EULA (Section 7) for details on automatic updates.

18. Intellectual Property

All Software, container images, satellite images, templates, documentation, and associated materials are the exclusive property of Nettorii Ltd. All rights not expressly granted are reserved.

The Licensee retains full ownership of all data created using the Software, including engagement files, reports, findings, evidence, recordings, and workspace data. See the EULA for full intellectual property terms.

19. Confidentiality

Each party agrees to keep confidential any proprietary or commercially sensitive information received from the other party in connection with these Terms ("Confidential Information"), including but not limited to: pricing terms, technical architecture, security configurations, engagement details, and business strategies.

Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party before disclosure; (c) is independently developed without use of Confidential Information; or (d) is required to be disclosed by law, regulation, or court order, provided the disclosing party is given reasonable notice where legally permitted.

The obligations in this section survive termination of these Terms for a period of three (3) years.

For ENTERPRISE licensees, Nettorii may enter into a separate mutual non-disclosure agreement upon request, which shall take precedence over this section to the extent of any conflict.

20. Limitation of Liability

Nothing in these Terms shall exclude or limit either party's liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) any liability that cannot be excluded or limited by applicable law.

Subject to the foregoing, Nettorii's total aggregate liability arising out of or in connection with these Terms shall not exceed the total fees paid by the Licensee to Nettorii in the twelve (12) months immediately preceding the event giving rise to the claim.

In no event shall Nettorii be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, loss of data, business interruption, or loss of goodwill, even if Nettorii has been advised of the possibility of such damages.

21. Right of Withdrawal (EU/EEA/UK)

By purchasing a Subscription and immediately accessing digital content, you expressly consent to the immediate performance of the contract and acknowledge that you lose your right to the 14-day cooling-off period under the Consumer Rights Directive 2011/83/EU. This waiver is confirmed at the point of purchase.

If you are a consumer in the EU/EEA, you explicitly agree that the supply of digital content begins immediately upon completion of your purchase, and you waive your right of withdrawal accordingly.

If you are a UK consumer, your cancellation right arises under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013. By requesting immediate access to the Software upon purchase, you acknowledge the loss of your 14-day cancellation right as permitted by those Regulations.

22. Export Control

Both parties warrant compliance with all applicable export control laws and sanctions regulations, including but not limited to the UK Export Control Act 2002, the US Export Administration Regulations (EAR), and the EU Dual-Use Regulation. The Software may not be used in, exported to, or made available to any country, territory, entity, or individual subject to comprehensive trade sanctions or embargoes. Nettorii maintains its own export compliance programme and will cooperate with competent authorities as required by law.

23. Data Breach Notification

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay. Notification will include details of the nature of the breach, the categories and approximate number of data records affected, the likely consequences, and the remediation steps taken or proposed.

For breaches not meeting the high-risk threshold, we will comply with our obligations under UK GDPR Articles 33 and 34 and the Data Protection Act 2018, including notification to the Information Commissioner's Office where required.

24. Age Requirements

You must be at least 18 years of age to create an account and use the Software. Nettorii does not knowingly collect personal data from individuals under 18.

25. Service Modifications

Nettorii reserves the right to modify, update, suspend, or discontinue any part of the Service at any time with reasonable notice. Material changes to paid services will be communicated to affected subscribers via the customer portal and, where possible, by email at least 30 days in advance.

If a paid service is discontinued entirely before the end of a Licensee's Subscription term, Nettorii will issue a pro-rated refund for the remaining unused portion of the Subscription. Routine updates, maintenance, feature additions, and tool updates do not constitute material changes and may be applied without prior notice.

26. Refund Policy

Subscription cancellations take effect at the end of the current billing period. No refunds are issued for partial periods unless required by applicable law. If the Software is materially defective and cannot be remedied within a reasonable time, you are entitled to a pro-rated refund for the remaining unused portion of your Subscription.

Nothing in this section affects your statutory refund rights under the Consumer Rights Act 2015 or any other mandatory applicable law.

27. Force Majeure

Neither party shall be liable for failure or delay in performing its obligations under these Terms caused by circumstances beyond its reasonable control, including but not limited to acts of God, pandemic, government action, third-party service outages, internet disruption, or power failure. If a force majeure event continues for more than 90 days, either party may terminate the affected Subscription by written notice.

28. Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced with a valid provision that achieves, to the extent possible, the original commercial intent of the parties.

29. Waiver

No failure or delay by either party in exercising any right or remedy under these Terms shall constitute a waiver of that right or remedy. A waiver of any right or remedy on one occasion shall not be deemed a waiver of that right or remedy on any subsequent occasion.

30. Assignment

You may not assign, transfer, or sub-licence any of your rights or obligations under these Terms without the prior written consent of Nettorii. Nettorii may assign its rights and obligations under these Terms to a successor in connection with a merger, acquisition, corporate reorganisation, or sale of all or substantially all of its assets, provided that the assignee agrees to be bound by these Terms.

31. Notices

Email is a valid form of notice under these Terms. Notices from Nettorii to you will be sent to the email address associated with your account. Legal notices to Nettorii should be directed to [email protected] or sent by post to Nettorii Ltd, 66 Paul Street, London EC2A 4NA, United Kingdom.