CyberCTRL — Australian penetration testing
Legal

Terms of Service

Last updated: 4 May 2026

1. Agreement

These Terms of Service ("Terms") govern your use of the CyberCTRL platform at cyberctrl.au ("the Service"), operated from Australia. By creating an account or purchasing a penetration testing engagement, you agree to be bound by these Terms. If you do not agree, do not use the Service.

2. Service description

CyberCTRL provides automated external and Grey Box penetration testing services against infrastructure, domains, and web applications that you own or are authorised to test. The Service produces a written report containing identified findings, severity ratings, recommendations, and reference materials.

Penetration testing is a non-deterministic activity. CyberCTRL does not warrant that all vulnerabilities present in your environment will be discovered, nor that the absence of findings indicates the absence of risk.

3. Authorisation and scope

By configuring an engagement, you represent and warrant that:

  • You own, or have explicit written authorisation from the owner of, every domain, IP address, URL, and credential included in the engagement scope.
  • You are authorised to give CyberCTRL permission to perform automated security testing - including network probing, vulnerability scanning, and authenticated requests - against the in-scope assets.
  • You will not include third-party assets (CDNs, SaaS providers, hosting platforms) in scope without first obtaining authorisation from the third party.
  • You accept full responsibility for any consequences arising from incorrect or unauthorised scope, including service disruption, data loss, or contractual breach.

CyberCTRL reserves the right to refuse or terminate engagements where authorisation cannot be reasonably established.

4. Acceptable use

You must not:

  • Use the Service to test infrastructure you do not own or have permission to test.
  • Attempt to disrupt, reverse-engineer, or interfere with the operation of the Service.
  • Use the Service to harm third parties, distribute malware, or commit any offence under the Criminal Code Act 1995 (Cth) Part 10.7 (computer offences).
  • Resell, sublicence, or white-label the Service to your own customers without an executed MSP partner agreement.
  • Share account credentials or MFA tokens with third parties.

5. Pricing and payment

  • All prices are quoted in Australian dollars (AUD), exclusive of GST unless stated otherwise. GST is added at checkout for Australian customers.
  • Payment is processed via Stripe Australia Pty Ltd at the time of purchase. Engagements are activated upon successful payment.
  • Each engagement entitles you to the number of scan runs specified at the time of purchase. Unused runs do not roll over after the engagement window expires.
  • Prices may change with notice; existing purchases are not affected.

6. Refunds

Once a scan has been initiated, the engagement is considered consumed and is not refundable. If no scan has been run and you contact support@cyberctrl.au within 14 days of purchase, a refund may be issued at our discretion. Statutory rights under the Australian Consumer Law are unaffected.

7. Reports and intellectual property

You own the content of reports generated for your engagements and may share them with auditors, insurers, regulators, and clients. The CyberCTRL platform, methodologies, scan tooling, and report templates remain the intellectual property of CyberCTRL. You must not extract, reverse engineer, or republish the underlying templates or scan logic.

8. Confidentiality

Both parties agree to keep confidential any non-public information learned through the engagement. CyberCTRL treats your scope, credentials, scan output, and reports as confidential and will not disclose them except as set out in our Privacy Policy or where compelled by Australian law.

9. Service availability

CyberCTRL aims to maintain high availability but does not guarantee uninterrupted service. Scans may be delayed during maintenance windows or queue saturation. Maximum one concurrent scan per engagement; additional runs will queue.

10. Liability

To the maximum extent permitted by law, CyberCTRL's total liability for any claim arising out of or relating to the Service is limited to the fees paid by you for the specific engagement giving rise to the claim. CyberCTRL is not liable for indirect, consequential, or special damages, including loss of revenue, loss of data, or business interruption.

Nothing in these Terms excludes liability that cannot be excluded under the Australian Consumer Law or other Australian statute.

11. Indemnity

You indemnify CyberCTRL against any third-party claim arising from your provision of incorrect scope, breach of authorisation, or use of the Service in violation of these Terms.

12. Termination

We may suspend or terminate your account if you breach these Terms, fail to pay, or use the Service to attack assets you do not own. You may close your account at any time by contacting support@cyberctrl.au. Reports already generated will remain available for download for as long as your account exists.

13. Changes to these Terms

We may update these Terms from time to time. Material changes will be announced by email and posted on this page with a new "Last updated" date. Continued use of the Service after such notice constitutes acceptance of the updated Terms.

14. Governing law

These Terms are governed by the laws of New South Wales, Australia. The parties submit to the exclusive jurisdiction of the courts of New South Wales for any dispute arising out of or in connection with these Terms.

15. Contact

Questions about these Terms? Contact support@cyberctrl.au.