Terms & Conditions

Terms and conditionsPrivacy policyVDP policy

Terms and Conditions

These Terms and Conditions (the "Agreement"), effective on either the mutual signing of a Master Service Agreement ("MSA"), or the registration of or accepting an invitation to register an account with Discloze, are made by and between Discloze, Inc. ("Discloze") and the customer. The parties agree to be bound by the following terms.

Company Information

Discloze, Inc. is a Delaware corporation with its principal place of business in Manhattan Beach, California.

Definitions

  • Services: Cybersecurity services including penetration testing, vulnerability management, managed vulnerability disclosure programs (VDP), compliance readiness, and related offerings.
  • Website: www.discloze.com and related subdomains.
  • Client: Any entity engaging our services under an MSA or Statement of Work (SOW).
  • User: Any person accessing our website or services.
  • Confidential Information: All non-public information shared during an engagement.

Account Registration

When you register with Discloze, you must provide accurate, current, and complete information. You are solely responsible for maintaining the confidentiality of your login credentials and for all activities under your account. You agree to notify us immediately of any unauthorized use of your account or any other breach of security.

Permitted Use

  • You may not attempt to gain unauthorized access to our systems, interfere with their operation, or circumvent any security measures.
  • You may only use our services to assess systems or assets you own or have explicit written authorization to test.
  • You may not use the Discloze platform or services for any unlawful purpose or in violation of any applicable law, regulation, or contractual obligation.
  • You may not engage in unauthorized scanning, exploitation, reverse-engineering, or attacks on third-party systems.

Copyright Notice

All content, materials, reports, scripts, software, and tools provided or made available by Discloze, Inc. are protected by United States and international copyright laws.

Unless expressly authorized in writing, you may not:

  • Copy, reproduce, or redistribute our content in any medium.
  • Modify or create derivative works based on our materials.
  • Remove any copyright, trademark, or proprietary notices from our materials.

All rights are reserved. Unauthorized use of any Discloze intellectual property may result in legal action.

Intellectual Property Rights

All proprietary methodologies, testing frameworks, findings, deliverables, and related materials remain the sole property of Discloze unless otherwise agreed in writing.

You may not reproduce, distribute, reverse-engineer, or create derivative works from any Discloze intellectual property without prior written consent.

Client Content & License

By submitting risks, vulnerabilities, reports, or any form of content to Discloze, you grant us a royalty-free, perpetual, irrevocable, worldwide, non-exclusive right and license to use, copy, modify, display, archive, store, distribute, reproduce, and create derivative works from such content, in any form, media, software, or technology now existing or developed in the future, for any lawful purpose related to our business operations.

Notwithstanding the foregoing, Discloze will treat any content identified as confidential in accordance with our confidentiality obligations and will not publicly disclose proprietary client information without written consent.

Moral Rights

To the fullest extent permitted by applicable law, you waive and agree never to assert any claim of moral rights in the content you submit to Discloze, including without limitation the rights to:

(i) be identified as the author of the content;

(ii) object to any modification, adaptation, or other alteration of the content; or

(iii) withdraw the content from public use.

“Moral rights” means any rights of paternity, attribution, integrity, disclosure, and withdrawal, and any similar rights existing under the law of any country in the world, or under any treaty, regardless of whether such rights are referred to as “moral rights.”

Confidentiality

Both parties agree to protect each other’s confidential information, with exceptions for legal disclosure obligations.

Content Disclaimer & Take-Down Policy (DMCA)

Discloze may include weblogs, testimonials, risk reports, vulnerability submissions, and other similar content in which users can express opinions and share information. While we make every commercially reasonable effort to monitor this content, you may be exposed to material that is offensive, indecent, inaccurate, misleading, or otherwise objectionable. You agree that you must evaluate and bear all risks associated with the use of Discloze and any content within.

If you believe that any content infringes upon copyrights you own, please contact us pursuant to the procedures outlined under Sections 512(c)(3) and 512(d)(3) of the Digital Millennium Copyright Act (Title 17 U.S.C. § 512), including:

  1. Identification of the infringing materials and their location on the Internet [512(c)(3)(A)(ii-iii)], or, if the service provider is an “information location tool” such as a search engine, the reference or link to the infringing materials [512(d)(3)].
  2. Sufficient information to identify the copyrighted works [512(c)(3)(A)(iv)].
  3. A statement by the owner that it has a good faith belief that there is no legal basis for the use of the materials complained of [512(c)(3)(A)(v)].
  4. A statement of the accuracy of the notice and, under penalty of perjury, that the complaining party is authorized to act on behalf of the owner [512(c)(3)(A)(vi)].

DMCA notices should be sent to legal@discloze.com.

Service Availability & Disclaimer

Services are provided “as is” and “as available” without warranties. We do not guarantee uninterrupted access and are not responsible for any delays, failures, or interruptions in service.

Limitation of Liability

You agree that we will not be liable for any consequential, indirect, special, exemplary, or incidental damages arising out of or in connection with your use of or inability to use the Discloze platform, or for any claim made against you by any other party, whether arising from mistakes, omissions, interruptions, deletion of files or emails, errors, defects, viruses or other malicious code, delays in operations or transmission, or any failure of performance, even if we have been advised of the possibility of such damages.

You also agree that under no circumstances will we be liable in any way for any content or for any loss or damage of any kind incurred as a result of the use of any content submitted, posted, emailed, or otherwise made available on the Discloze platform.

Termination

Discloze may terminate your profile, and content or information that you have posted on the Discloze platform, and/or prohibit you from using the site or any portion of it, for any reason, at any time, in its sole discretion, with or without notice, including if we believe that you are not in compliance with this Agreement.

Governing Law & Jurisdiction

By registering with Discloze, you agree that the laws of the State of Delaware, without regard to principles of conflict of laws, will govern this Agreement and any dispute of any sort that might arise between you and us.

With respect to any disputes or claims, you agree not to commence or prosecute any action in connection therewith other than in the state and federal courts of California, and you hereby consent to, and waive all defenses of lack of personal jurisdiction and forum non conveniens with respect to, venue and jurisdiction in the state and federal courts of California.

Changes to Terms

We may update these terms at any time. Continued use constitutes acceptance.

Contact

  • Legal: legal@discloze.com
  • Address: Discloze, Inc., 425 15th Street, Unit 3013, Manhattan Beach, CA 90266, USA

Privacy Policy

Discloze, Inc. (“Discloze,” “we,” “our,” or “us”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website, services, and platforms.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree, you must not use our website or services.

Scope of Policy

This Privacy Policy applies to:

  • All visitors to www.discloze.com and its subdomains.
  • All users who register for a Discloze account or interact with our services.
  • All clients, prospective clients, and researchers participating in our Vulnerability Disclosure Program (VDP).

This policy does not apply to third-party websites, services, or applications, even if they are linked from our site. We are not responsible for the privacy practices of any third-party sites.

Information We Collect

A. Information You Provide Directly

We may collect and store the following categories of personal information that you provide to us:

  • Account Information: Name, job title, company name, business address, email address, phone number.
  • Engagement Data: Data, files, credentials, and documentation you provide for security testing, vulnerability management, or compliance assessments.
  • Communications: Emails, messages, or other correspondence between you and Discloze, including support tickets.
  • VDP Submissions: Vulnerability reports, proof-of-concept code, screenshots, and associated metadata you submit to our Vulnerability Disclosure Program.

B. Information Collected Automatically

When you interact with our website or services, we automatically collect:

  • Technical Information: IP address, browser type, operating system, device identifiers, and configuration settings.
  • Usage Data: Pages visited, features accessed, time spent on site, and navigation paths.
  • Cookies and Tracking Technologies: Session cookies, persistent cookies, and similar technologies for authentication, analytics, and security monitoring.

C. Information from Third Parties

We may receive personal information from:

  • Publicly available sources.
  • Business partners, vendors, and service providers.
  • Security researchers who submit reports containing personal data.

How We Use Information

We process personal information for the following purposes:

  1. Service Delivery: To provide and manage penetration testing, vulnerability management, VDP, and compliance services.
  2. Communication: To respond to inquiries, send reports, provide updates, and deliver service notifications.
  3. Security & Compliance: To detect, investigate, and mitigate security threats or fraud.
  4. Legal Obligations: To comply with applicable laws, regulations, and contractual obligations.
  5. Research & Improvement: To enhance our services, methodologies, and operational efficiency.
  6. Marketing (Business-to-Business): To promote our services to relevant business contacts, in compliance with applicable marketing laws.

Legal Basis for Processing (GDPR Compliance)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process personal data under the following legal bases:

  • Performance of a Contract: Processing is necessary to provide services under an MSA or SOW.
  • Legitimate Interests: Processing for network and information security, fraud prevention, and service improvement.
  • Consent: When required for specific processing activities, such as certain cookies or marketing communications.
  • Legal Obligations: Compliance with applicable laws and regulatory requirements.

Sharing of Information

We do not sell personal information. We may share information:

A. With Service Providers: Vendors who perform services on our behalf (e.g., hosting, analytics, secure email, payment processing) under confidentiality agreements.

B. With Clients: If you submit a VDP report that affects a client’s system, we may share your report (including contact details if provided) with that client for remediation purposes.

C. For Legal Compliance: We may disclose personal information when required by law, subpoena, court order, or to protect our legal rights and the safety of others.

D. In Business Transactions: In connection with a merger, acquisition, restructuring, or sale of assets, where personal information is transferred as part of the transaction.

Data Security

We implement industry-standard technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction, including:

  • Data encryption in transit and at rest.
  • Role-based access controls.
  • Regular security audits and penetration testing.

Disclaimer: While we take all reasonable precautions, no security measure is infallible, and we cannot guarantee the absolute security of your information.

Data Retention

We retain personal information only for as long as necessary to:

  • Fulfill the purposes described in this policy.
  • Comply with legal, regulatory, and contractual requirements.
  • Resolve disputes and enforce agreements.

Where possible, personal information is anonymized or securely deleted when no longer required.

International Data Transfer

If you access our services from outside the United States, your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those of your jurisdiction.

By providing your information, you consent to such transfer.

Your Rights

Depending on your location, you may have the right to:

  • Access and receive a copy of your personal information.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of personal data.
  • Restrict or object to certain processing.
  • Request data portability in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise your rights, contact us at privacy@discloze.com. We may require verification of your identity before processing your request.

Cookies and Tracking Technology

We use cookies and similar technologies to:

  • Enable essential website functionality.
  • Improve user experience and navigation.
  • Conduct analytics and measure performance.
  • Enhance security and detect fraud.

You may disable cookies in your browser settings; however, some site features may not function properly.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with the updated effective date. Significant changes will be communicated via email or platform notification where possible.

Contact

  • Email: privacy@discloze.com
  • Address: Discloze, Inc., 425 15th Street, Unit 3013, Manhattan Beach, CA 90266, USA

Vulnerability Disclosure Program (VDP) Policy

Purpose

Discloze, Inc. is committed to maintaining the security and privacy of our clients, partners, and the public. We welcome responsible security research and vulnerability reporting that helps us strengthen our platforms and services. This policy outlines the rules for participating in our program and sets clear expectations for safe, legal, and respectful testing.

Scope

This policy applies to all Discloze-owned or operated domains, platforms, and services, unless specifically excluded in writing.

Testing of third-party systems, integrations, or services not owned by Discloze is strictly prohibited.

Rules of Engagement

  • Only test within the scope authorized by Discloze.
  • Avoid actions that could degrade service availability, performance, or integrity.
  • Do not access, modify, copy, or delete any data that does not belong to you.
  • Immediately stop testing and notify us if you encounter sensitive data (e.g., personal information, credentials).
  • Use non-destructive testing methods at all times.

Prohibited Activities

  • Social engineering, phishing, or spear-phishing attacks.
  • Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks, or any testing that could impact service availability.
  • Physical intrusion, hardware tampering, or attacks on physical infrastructure.
  • Exploitation of third-party services or systems not owned by Discloze.
  • Public disclosure of vulnerabilities prior to our written approval.

Researcher Conduct & Enforcement

We expect all researchers to behave courteously and professionally when interacting with Discloze staff and systems. This includes:

  • Communicating respectfully and avoiding harassment, threats, or abusive language.
  • Remaining strictly within the agreed testing scope and refraining from prohibited activities.
  • Providing clear, detailed, and well-structured reports without unnecessary sensitive or personal data.

Failure to meet these standards or engaging in hostile, unprofessional, or unauthorized activities may result in:

  • Immediate removal from the VDP program.
  • Loss of eligibility for recognition, rewards, or future engagement.
  • Permanent banning from submitting reports to Discloze.

Safe Harbor

If you act in good faith, follow this policy, and limit testing to in-scope targets, we will consider your activity authorized under applicable laws (including the Computer Fraud and Abuse Act in the U.S.) and will not pursue legal action against you.

How to Report a Vulnerability

Send your report to vdp@discloze.com and include:

  • A clear and detailed description of the vulnerability.
  • Exact steps to reproduce the issue.
  • The potential impact and any suggested remediation.
  • Proof-of-concept code or screenshots (with sensitive data redacted).

We will:

  • Acknowledge receipt within 5 business days.
  • Provide remediation updates as they become available.
  • Notify you once the issue is resolved.

Contact

  • Discloze, Inc.: 425 15th Street, Unit 3013, Manhattan Beach, CA 90266, USA
  • Email: vdp@discloze.com