Terms of Service

Last updated: March 19, 2026

1. Definitions

• "Exploita", "we", "us", "our" refers to Skynetix Corporation SRL (VAT ID: IT16149571008, REA: RM-1637740), with registered office at Viale Parioli, 73 — 00197 Rome, Italy, operating the Exploita platform, together with its officers, directors, employees, agents, and affiliates.
• "User", "you", "your" refers to any individual or entity accessing or using the Service.
• "Service" refers to the Exploita platform, website, API, scanning tools, reports, and all related features at exploita.com.
• "Scan" refers to any automated security assessment, vulnerability analysis, or reconnaissance performed through the Service.
• "Tokens" refers to the virtual currency used to pay for scans on the platform.
• "Authorized Target" refers exclusively to domains, applications, servers, and digital infrastructure that the User legally owns or for which the User holds explicit, documented, written authorization from the lawful owner to perform security testing.

2. Nature of the Service

Exploita is a defensive security tool designed exclusively for legitimate security professionals, system administrators, and website owners to identify vulnerabilities in their own systems for the purpose of remediation and security hardening. Exploita is not a hacking tool, attack platform, or exploitation framework. The Service is provided solely for lawful, authorized, and defensive security testing purposes.

3. Eligibility

You must be at least 18 years old and have the legal capacity to enter into a binding agreement. By using Exploita, you represent and warrant that you meet these requirements. Organizations may use the Service through authorized representatives who have the authority to bind the organization to these Terms.

4. Account Registration & Responsibility

You are solely and exclusively responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to immediately notify us of any unauthorized use. Exploita shall not be liable for any loss or damage arising from your failure to secure your account.

5. AUTHORIZED USE ONLY — CRITICAL CLAUSE

• You are the lawful owner of the target system, domain, or application, OR you possess explicit, documented, written authorization from the lawful owner granting you permission to perform security testing on the specified target.
• Your authorization is current, valid, and has not been revoked.
• Your scanning activity falls within the scope of the authorization granted.
• You have verified that the target IP addresses and domains resolve to systems covered by your authorization.
• You understand that scanning systems without proper authorization may constitute a criminal offense under applicable laws, including but not limited to: the Computer Fraud and Abuse Act (CFAA) (United States), the Computer Misuse Act 1990 (United Kingdom), Directive 2013/40/EU on attacks against information systems (European Union), and equivalent legislation in all other jurisdictions worldwide.
• You accept full and sole legal responsibility for determining whether you have lawful authorization to scan any given target.

While Exploita requires domain verification (see Section 5.1 below) as a technical prerequisite, domain verification does NOT constitute verification of your legal authorization to perform security testing. The entire burden of ensuring lawful authorization rests exclusively with you, the User.

5.1 DOMAIN VERIFICATION REQUIREMENT

Before initiating any scan on the platform, you must first verify ownership of the target domain through our DNS TXT record verification process. This is a mandatory technical requirement for all scans, regardless of your subscription plan.

Verification Process:

• Add the target domain via the platform dashboard. A unique verification token is generated for your domain.
• Add a DNS TXT record to your domain's DNS configuration in the format: exploita-verify=[verification_token]
• Click "Verify DNS" in the domain Settings tab. The platform will query your domain's DNS records.
• Upon successful verification, the domain status becomes "Verified" and scans may be initiated.
• If verification fails, you must correct your DNS records and retry. DNS propagation may take up to 48 hours depending on your DNS provider.

Exploita retains verification tokens, verification attempt timestamps, and domain verification records for a minimum of 36 months for compliance, security, and legal defense purposes. This data may be disclosed to law enforcement in accordance with Section 12 of these Terms.

6. PROHIBITED ACTIVITIES — ZERO TOLERANCE

The following activities are strictly prohibited. Violation will result in immediate, permanent account termination without refund and may be reported to law enforcement:

• Unauthorized scanning: Scanning any system, domain, server, application, or infrastructure that you do not own and for which you do not have explicit written authorization.
• Malicious use: Using scan results, vulnerability data, or any information obtained through the Service to attack, exploit, compromise, disrupt, or damage any system, whether or not you own it.
• Exploitation: Using the Service as a reconnaissance tool for planning or conducting cyberattacks, unauthorized access, data theft, ransomware deployment, or any other malicious activity.
• Distribution of vulnerability data: Sharing scan results or vulnerability information with third parties for the purpose of enabling attacks against the scanned targets or any other systems.
• Resale or redistribution: Reselling, sublicensing, or redistributing access to the Service or scan results to unauthorized parties.
• Circumvention: Attempting to bypass rate limits, token costs, authentication mechanisms, or any technical restrictions of the Service.
• Reverse engineering: Decompiling, disassembling, reverse-engineering, or attempting to extract the source code, algorithms, or scanning methodologies of the Service.
• Malware distribution: Uploading, transmitting, or distributing malware, viruses, trojans, or any malicious code through the Service.
• Impersonation: Impersonating another user, entity, or misrepresenting your identity or authorization status.
• Facilitating illegal activity: Using the Service in any manner that facilitates, encourages, or enables illegal activity by yourself or any third party.

7. Token System & Payments

• Tokens are required to perform scans. Each scan type consumes a different number of tokens based on depth and complexity.
• Tokens purchased are non-transferable between accounts.
• Free tier tokens do not expire. Pro plan tokens refresh monthly and unused tokens do not roll over. Individually purchased token packs expire 12 months from the date of purchase; expired tokens are forfeited and non-refundable.
• All purchases are processed through secure third-party payment providers. Exploita does not store credit card details.
• Prices are subject to change with 30 days' notice to existing subscribers.
• Accounts terminated for Terms of Service violations forfeit all remaining tokens without refund.

8. COMPLETE DISCLAIMER OF LIABILITY

Exploita makes no representations or warranties regarding:

• The accuracy, completeness, or reliability of scan results.
• Whether all vulnerabilities will be detected (scans may produce false positives or false negatives).
• The suitability of the Service for any particular purpose.
• The uninterrupted or error-free operation of the Service.
• The legality of your use of the Service in your jurisdiction.

You acknowledge that scan results are provided for informational purposes only and that you are solely responsible for validating findings, implementing remediation, and ensuring the security of your own systems. Exploita is not responsible for any security breaches, data loss, or damages that occur to your systems or any third-party systems, regardless of whether a scan was performed.

9. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXPLOITA, ITS OPERATORS, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AFFILIATES, LICENSORS, AND SERVICE PROVIDERS SHALL NOT BE LIABLE FOR:

• Any direct, indirect, incidental, special, consequential, punitive, or exemplary damages of any kind.
• Any loss of profits, revenue, data, business opportunities, goodwill, or anticipated savings.
• Any damages resulting from unauthorized or illegal use of the Service by you or any third party.
• Any damages resulting from actions taken based on scan results, whether accurate or inaccurate.
• Any damages arising from the use or inability to use the Service.
• Any damages caused by third parties using information obtained through the Service.
• Any damages to the targets scanned, including but not limited to service disruption, data corruption, or system instability.

IN NO EVENT SHALL EXPLOITA'S TOTAL AGGREGATE LIABILITY EXCEED THE LESSER OF: (A) THE AMOUNT YOU HAVE ACTUALLY PAID TO EXPLOITA IN THE 3 MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) FIFTY EUROS (€50). THIS LIMITATION APPLIES REGARDLESS OF THE LEGAL THEORY UPON WHICH THE CLAIM IS BASED.

10. INDEMNIFICATION

You agree to defend, indemnify, and hold harmless Exploita, its operators, officers, directors, employees, agents, affiliates, licensors, and service providers from and against any and all claims, demands, actions, suits, proceedings, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of or relating to:

• Your use or misuse of the Service.
• Your violation of these Terms.
• Your scanning of any system without proper authorization.
• Any illegal, unauthorized, or malicious activity conducted by you or through your account.
• Any claim by a third party that your use of the Service caused harm, damage, or violated their rights.
• Your failure to comply with applicable laws, regulations, or industry standards.
• Any action taken by you based on scan results provided by the Service.

This indemnification obligation survives termination of your account and these Terms, and applies regardless of the form of action or legal theory asserted.

11. User Responsibility & Compliance

You are solely responsible for:

• Ensuring that your use of the Service complies with all applicable local, national, and international laws and regulations.
• Obtaining and maintaining valid written authorization before scanning any target.
• Maintaining records of your authorization to scan each target for a minimum of 3 years.
• Understanding the legal implications of security scanning in your jurisdiction.
• Ensuring that scan activities do not violate any contractual obligations you may have with third parties.
• Any consequences resulting from scans you initiate, including but not limited to service disruptions on the target system.

12. Cooperation with Law Enforcement

Exploita reserves the right to cooperate fully with law enforcement authorities and regulatory bodies in the investigation of suspected illegal activity. We may disclose User information, account data, scan history, and any other relevant data in response to valid legal requests, court orders, subpoenas, or when we have a good-faith belief that disclosure is necessary to prevent imminent harm, investigate violations of these Terms, or comply with applicable law. We may also proactively report suspected illegal activity to the relevant authorities.

13. Monitoring & Enforcement

Exploita reserves the right (but has no obligation) to monitor, review, and audit the use of the Service for compliance with these Terms. We may log scan targets, IP addresses, account activity, and other metadata for security and compliance purposes. We reserve the right to immediately suspend or terminate any account that we reasonably believe is being used in violation of these Terms, without prior notice and without liability.

14. Scan Results & Reports

Scan results are provided "as-is" for informational purposes only and do not constitute professional security advice, a security audit, or a penetration test report. Exploita does not guarantee that all vulnerabilities will be detected, that results are free from false positives or false negatives, or that remediation recommendations are complete. You are solely responsible for engaging qualified security professionals to validate findings and implement appropriate security measures.

15. Intellectual Property

All content, code, designs, logos, trademarks, scanning methodologies, algorithms, and proprietary technology on the Service are the exclusive property of Exploita or its licensors and are protected by intellectual property laws. Unauthorized reproduction, modification, or distribution is strictly prohibited.

16. Termination

• We may suspend or terminate your account immediately, without prior notice, for any violation of these Terms.
• We may terminate your account at our sole discretion if we reasonably suspect misuse, even absent confirmed violation.
• Upon termination for violation, all remaining tokens are forfeited without refund.
• Sections 5, 6, 8, 9, 10, 11, 12, 19, 20, 21, and 26 survive termination of these Terms.

17. Service Availability

We aim for high availability but do not guarantee uninterrupted, error-free, or secure access to the Service. The Service may be temporarily unavailable for maintenance, updates, or due to circumstances beyond our control. Exploita shall not be liable for any downtime, data loss, or service interruptions.

18. Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall continue in full force and effect.

19. Governing Law & Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the European Union and the applicable member state where Exploita operates, without regard to conflict of law principles. Any disputes arising from or relating to these Terms or the Service shall be resolved exclusively in the competent courts of that jurisdiction. You irrevocably consent to the exclusive jurisdiction of said courts.

20. Right of Withdrawal

By purchasing tokens or subscribing to a plan, you expressly request that the Service begins immediately upon confirmation of payment, and you acknowledge that the digital content and services are provided instantly. In accordance with Article 16(a) and 16(m) of Directive 2011/83/EU and the applicable national implementing legislation, you expressly waive your right of withdrawal once the digital content delivery or service execution has commenced. No refund shall be issued for tokens already credited to your account or for subscription periods already initiated, except as required by mandatory applicable law.

21. Non-Waiver

The failure of Exploita to exercise or enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver of any provision of these Terms shall be effective only if in writing and signed by an authorized representative of Exploita. A single or partial exercise of any right or remedy shall not preclude any other or further exercise thereof or the exercise of any other right or remedy.

22. Force Majeure

Exploita shall not be liable for any failure or delay in performing its obligations under these Terms where such failure or delay results from circumstances beyond its reasonable control, including but not limited to: natural disasters, acts of war or terrorism, pandemics, government actions or regulations, internet or telecommunications failures, cyberattacks against Exploita's infrastructure, power outages, or third-party service provider failures. During such events, Exploita's obligations shall be suspended for the duration of the force majeure event.

23. Alternative Dispute Resolution & EU ODR

In accordance with Regulation (EU) No 524/2013, we inform you that the European Commission provides an Online Dispute Resolution (ODR) platform, accessible at: https://ec.europa.eu/consumers/odr. You may use this platform for the resolution of disputes arising from online contracts. Our contact email for dispute resolution purposes is Contact us. Notwithstanding the above, Exploita is not obligated to participate in alternative dispute resolution procedures before a consumer arbitration body, unless required by mandatory applicable law.

24. Entire Agreement

These Terms, together with our Privacy Policy, Cookie Policy, Refund Policy, and GDPR Compliance page, constitute the entire agreement between you and Exploita regarding the use of the Service, and supersede all prior agreements, understandings, and communications, whether written or oral.

25. Changes to These Terms

We may update these Terms at any time. Material changes will be communicated via email or a prominent notice on the platform at least 30 days before taking effect. Continued use of the Service after changes constitutes acceptance. If you do not agree to the updated Terms, you must stop using the Service immediately.

26. EXPRESS ACCEPTANCE OF UNFAIR TERMS (Art. 1341–1342 Italian Civil Code)

• Art. 5 (Authorized Use Only): The User bears full and sole responsibility for verifying legal authorization to scan targets.
• Art. 5.1 (Domain Verification): DNS verification is a mandatory technical prerequisite but does NOT constitute legal authorization; the User remains solely responsible for lawful authorization regardless of verification status.
• Art. 7 (Token System & Payments): Purchased tokens expire after 12 months; tokens are forfeited without refund upon account termination for violations; prices may change with 30 days' notice.
• Art. 8 (Complete Disclaimer of Liability): The Service is provided "as is" without warranties of any kind; Exploita disclaims all liability for scan accuracy and completeness.
• Art. 9 (Limitation of Liability): Exploita's aggregate liability is capped at the lesser of 3 months' payments or €50, regardless of the legal theory.
• Art. 10 (Indemnification): The User agrees to defend and indemnify Exploita against all claims arising from the User's use or misuse of the Service.
• Art. 12 (Cooperation with Law Enforcement): Exploita may disclose User data to law enforcement without prior notice.
• Art. 13 (Monitoring & Enforcement): Exploita may monitor account activity and suspend or terminate accounts without prior notice.
• Art. 16 (Termination): Exploita may unilaterally terminate accounts at its sole discretion; tokens are forfeited upon termination.
• Art. 19 (Governing Law & Dispute Resolution): Exclusive jurisdiction in the competent courts of the EU member state where Exploita operates.
• Art. 20 (Right of Withdrawal): Waiver of the right of withdrawal upon commencement of digital service delivery.
• Art. 22 (Force Majeure): Exploita's obligations are suspended during force majeure events.
• Art. 25 (Changes to These Terms): Exploita may unilaterally modify these Terms with 30 days' notice; continued use constitutes acceptance.

By checking the "unfair terms clauses" checkbox during registration, you confirm that you have specifically and expressly approved each of the above clauses, as required by Articles 1341 and 1342 of the Italian Civil Code.

27. Contact

Skynetix Corporation SRL
Viale Parioli, 73 — 00197 Rome, Italy
VAT ID: IT16149571008

Legal inquiries: Contact us
Billing & support: Contact us
Phone: +44 7441 427 222