Engagement Terms.
These general terms apply to all PraetorShield engagements unless a counter-signed engagement letter (a "Statement of Work" or "SOW") expressly overrides them. They are written to be read by an executive, not a litigator, but they are intended to be contractually binding when accepted.
1. Acceptance
You accept these terms by (a) authorizing an engagement via authorize.html, (b) counter-signing an engagement letter referencing them, or (c) making a payment to PraetorShield for a service described here. Where an engagement letter conflicts with these terms, the engagement letter governs.
2. Services
External Risk Preview
A passive, externally observable review delivered as a sanitized executive briefing. No intrusive testing is performed. No exploit detail or reproduction steps are provided. Severity estimates are indicative, not confirmed findings.
Scoped Validation
Validation of indicators identified during a prior External Risk Preview, performed under written rules of engagement. Delivered with prioritized findings and a confidential remediation plan for a named technical owner.
Authorized Assessment
A broader engagement against an agreed external scope, performed under written rules of engagement, with severity-rated findings, an executive readout, and a confidential remediation plan.
Retained Monitoring
A rolling engagement consisting of periodic external posture review, change-tracking against prior posture, and quarterly board-ready summaries.
3. Authorization & scope
You represent that you have the authority to authorize each engagement on behalf of the named organization, and that the systems, domains, and surfaces identified in the engagement letter are owned or operated by that organization. PraetorShield will not knowingly perform testing against third-party systems without their separate written authorization.
Validation and assessment work begin only after a counter-signed engagement letter is in place. Out-of-scope items are not tested.
4. Confidentiality
Each party agrees to keep the other's confidential information confidential and to use it only for the purpose of the engagement. PraetorShield does not publish client information, comment on engagements, or use findings for marketing without your written direction. A separate non-disclosure agreement is available on request.
5. Responsible-use boundaries
- First-contact briefings contain no exploit detail, payloads, bypass instructions, or detailed remediation playbooks.
- PraetorShield does not perform social engineering of staff, physical-access testing, or testing of third-party systems not owned by the client, unless expressly authorized in writing.
- Disclosure of findings to any party not named in the engagement requires your written direction.
6. Payment, refunds, cancellation
Fees are due as set out in the engagement letter or, for fixed-price services, at the point of authorization. Payments are processed by Stripe; PraetorShield does not store card information.
For the $950 Scoped Validation: a full refund is available up to 48 hours after authorization and prior to engagement kick-off. After kick-off, the fee is non-refundable except where PraetorShield is unable to proceed for reasons within its control.
For Retained Monitoring: cancellation requires 30 days' written notice. No prorated refunds are issued for the notice period.
7. Deliverables & intellectual property
You receive a license to use the deliverables for your internal business purposes. PraetorShield retains ownership of its methods, tooling, templates, and any generally-applicable knowledge developed in the course of an engagement.
8. Disclaimers & liability
PraetorShield provides advisory services. Cyber risk cannot be eliminated, and no engagement is a guarantee of security. Deliverables are not legal, regulatory, insurance, or accounting advice; please consult appropriately qualified advisors.
To the maximum extent permitted by law, neither party is liable to the other for indirect, incidental, consequential, special, or punitive damages. The total aggregate liability of either party arising out of or relating to an engagement is limited to the fees paid by you to PraetorShield under that engagement in the twelve-month period preceding the event giving rise to the claim. Nothing in these terms limits liability that cannot be limited under applicable law (including liability for fraud or willful misconduct).
9. Governing law
These terms are governed by the law specified in the applicable engagement letter and, where none is specified, by the laws of the jurisdiction in which PraetorShield is established. The parties submit to the exclusive jurisdiction of the courts of that jurisdiction for disputes arising out of these terms.
10. Changes
When material changes to these terms are made, the effective date at the top of this page will be updated. The version in force when an engagement is authorized governs that engagement.
11. Contact
Engagement terms: security@praetorshield.com
Legal & counsel introductions: legal@praetorshield.com