# Terms and Conditions ## Catchify – Terms and Conditions Welcome to Catchify. These Terms and Conditions govern the use of our Penetration Testing as a Service (PTaaS) platform and all related services. By engaging with Catchify, you agree to comply with these terms. *** ### 1. Service Scope Catchify provides manual and automated security assessments, including: * Web & mobile application testing * Infrastructure penetration testing * Vulnerability analysis and risk reporting Services may be delivered under different billing models, including **Pay-On-Catch,** and the scope is defined per engagement or Order Form. *** ### 2. Pay-On-Catch Model The Pay-On-Catch model applies **only** to eligible PTaaS engagements agreed upon in writing before testing begins. * **No fees** are charged if **no valid vulnerabilities** are found. * Vulnerabilities are rated based on severity (CVSS or custom scale). * Fees are incurred **only for verified findings**, priced according to severity. * A final invoice is issued after the client receives the report. * Catchify reserves the right to determine which engagements qualify for Pay-On-Catch. *** ### 3. Client Responsibilities Clients agree to: * Provide **written authorization** to perform penetration testing. * Clearly define the testing scope and acceptable boundaries. * Supply any necessary credentials or access tokens securely. * Maintain operational backups and monitoring during the testing period. *** ### 4. Confidentiality * Catchify treats all client information, test results, and system data as **strictly confidential**. * No information is disclosed to third parties without the client's written consent, unless required by law. *** ### 5. Payment Terms (Fixed-Price Engagements) For fixed-price engagements: * Fees are agreed upon before the start of the engagement. * An invoice is issued based on milestones or deliverables as defined in the Order Form. * Payment is due within **15 days** unless otherwise stated in the agreement. *** ### 6. Report Delivery Clients receive a detailed report including: * Vulnerabilities found * Severity ratings * Recommended remediation Reports are delivered securely and may be followed by a debrief session if agreed. *** ### 7. Use of Findings Catchify’s findings are for internal security improvement. Clients may: * Use reports to guide remediation or compliance * Share internally with relevant departments * Share externally only with prior written consent from Catchify *** ### 8. Testing Limitations While best efforts are made to uncover vulnerabilities: * No guarantee is made that all vulnerabilities will be discovered. * The presence or absence of findings does not imply full security or insecurity. * Testing is time-boxed and limited to defined scope. *** ### 9. Intellectual Property * Catchify retains all rights to proprietary tools, scripts, and methodologies used during the engagement. * Clients may use provided reports and deliverables internally but may not reproduce, modify, or resell without permission. *** ### 10. Disclaimer of Warranties Catchify provides services "as-is" and makes no warranties regarding: * Complete vulnerability coverage * Compatibility with regulatory frameworks unless explicitly stated * Zero impact on system performance during testing *** ### 11. Limitation of Liability To the maximum extent permitted by law: * Catchify is not liable for any indirect, incidental, or consequential damages. * Direct liability is limited to the total amount paid by the client for the affected engagement. * The client accepts responsibility for patching and mitigation of all vulnerabilities post-disclosure. *** ### 12. Termination #### 12.1 Termination for Cause Either Catchify or the Client may terminate an Order Form or engagement if the other party materially breaches these terms and fails to cure the breach within **forty-five (45) days** after receiving written notice. #### 12.2 Catchify’s Right to Suspend Access Catchify may, at its sole discretion, suspend or terminate platform access or engagement for any party not governed by an active Order Form, without notice. #### 12.3 Client-Initiated Termination Clients may cancel their account or engagement at any time by emailing ****. However: * In **Pay-On-Catch** engagements, if valid vulnerabilities have been discovered prior to cancellation, **payment is still due**. * Clients are **not entitled to refunds** for any prepaid services unless explicitly stated in the Order Form. #### 12.4 Effect of Termination Upon termination: * All due payments must be completed. * Sections related to confidentiality, liability, and report usage will remain in effect. *** ### 13. Governing Law These Terms shall be governed by and construed in accordance with the laws of the **Kingdom of Saudi Arabia**. Any disputes shall be subject to the exclusive jurisdiction of Saudi courts. *** ### 14. Contact For any questions or formal notices, contact: **Catchify Security Services**\ Email: ****\ Website: [www.catchify.sa](http://www.catchify.sa) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.catchify.sa/terms-and-conditions-privacy-policy/terms-and-conditions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.