Page cover

Terms and Conditions

This is the Terms and Conditions for Catchify's PTaaS system.

Catchify – Terms and Conditions

Welcome to Catchify. These Terms and Conditions govern the use of our Penetration Testing as a Service (PTaaS) platform and all related services. By engaging with Catchify, you agree to comply with these terms.

1. Service Scope

Catchify provides manual and automated security assessments, including:

  • Web & mobile application testing

  • Infrastructure penetration testing

  • Vulnerability analysis and risk reporting

Services may be delivered under different billing models, including Pay-On-Catch, and the scope is defined per engagement or Order Form.

2. Pay-On-Catch Model

The Pay-On-Catch model applies only to eligible PTaaS engagements agreed upon in writing before testing begins.

  • No fees are charged if no valid vulnerabilities are found.

  • Vulnerabilities are rated based on severity (CVSS or custom scale).

  • Fees are incurred only for verified findings, priced according to severity.

  • A final invoice is issued after the client receives the report.

  • Catchify reserves the right to determine which engagements qualify for Pay-On-Catch.

3. Client Responsibilities

Clients agree to:

  • Provide written authorization to perform penetration testing.

  • Clearly define the testing scope and acceptable boundaries.

  • Supply any necessary credentials or access tokens securely.

  • Maintain operational backups and monitoring during the testing period.

4. Confidentiality

  • Catchify treats all client information, test results, and system data as strictly confidential.

  • No information is disclosed to third parties without the client's written consent, unless required by law.

5. Payment Terms (Fixed-Price Engagements)

For fixed-price engagements:

  • Fees are agreed upon before the start of the engagement.

  • An invoice is issued based on milestones or deliverables as defined in the Order Form.

  • Payment is due within 15 days unless otherwise stated in the agreement.

6. Report Delivery

Clients receive a detailed report including:

  • Vulnerabilities found

  • Severity ratings

  • Recommended remediation

Reports are delivered securely and may be followed by a debrief session if agreed.

7. Use of Findings

Catchify’s findings are for internal security improvement. Clients may:

  • Use reports to guide remediation or compliance

  • Share internally with relevant departments

  • Share externally only with prior written consent from Catchify

8. Testing Limitations

While best efforts are made to uncover vulnerabilities:

  • No guarantee is made that all vulnerabilities will be discovered.

  • The presence or absence of findings does not imply full security or insecurity.

  • Testing is time-boxed and limited to defined scope.

9. Intellectual Property

  • Catchify retains all rights to proprietary tools, scripts, and methodologies used during the engagement.

  • Clients may use provided reports and deliverables internally but may not reproduce, modify, or resell without permission.

10. Disclaimer of Warranties

Catchify provides services "as-is" and makes no warranties regarding:

  • Complete vulnerability coverage

  • Compatibility with regulatory frameworks unless explicitly stated

  • Zero impact on system performance during testing

11. Limitation of Liability

To the maximum extent permitted by law:

  • Catchify is not liable for any indirect, incidental, or consequential damages.

  • Direct liability is limited to the total amount paid by the client for the affected engagement.

  • The client accepts responsibility for patching and mitigation of all vulnerabilities post-disclosure.

12. Termination

12.1 Termination for Cause

Either Catchify or the Client may terminate an Order Form or engagement if the other party materially breaches these terms and fails to cure the breach within forty-five (45) days after receiving written notice.

12.2 Catchify’s Right to Suspend Access

Catchify may, at its sole discretion, suspend or terminate platform access or engagement for any party not governed by an active Order Form, without notice.

12.3 Client-Initiated Termination

Clients may cancel their account or engagement at any time by emailing [email protected]. However:

  • In Pay-On-Catch engagements, if valid vulnerabilities have been discovered prior to cancellation, payment is still due.

  • Clients are not entitled to refunds for any prepaid services unless explicitly stated in the Order Form.

12.4 Effect of Termination

Upon termination:

  • All due payments must be completed.

  • Sections related to confidentiality, liability, and report usage will remain in effect.

13. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Kingdom of Saudi Arabia. Any disputes shall be subject to the exclusive jurisdiction of Saudi courts.

14. Contact

For any questions or formal notices, contact:

Catchify Security Services Email: [email protected] Website: www.catchify.sa

PreviousJira IntegrationNextPrivacy Policy

Last updated