APX

Terms and Conditions

Last Updated: February 17, 2026

Welcome to APX! These Terms and Conditions ("Terms") govern your access to and use of the APX security testing platform, including our website (apxlabs.ai), the Cipher AI pentesting service, and related services (collectively, the "Service").

By creating an account, purchasing an assessment, or using the Service, you agree to be bound by these Terms and our Privacy Policy. If you are using the Service on behalf of an organization or entity ("Organization"), then you are agreeing to these Terms on behalf of that Organization, and you represent and warrant that you have the authority to bind the Organization to these Terms.

PLEASE READ THESE TERMS CAREFULLY. THEY CONTAIN IMPORTANT INFORMATION REGARDING YOUR LEGAL RIGHTS, INCLUDING A LIMITATION OF LIABILITY AND A DISPUTE RESOLUTION CLAUSE THAT REQUIRES ARBITRATION.

1. Definitions

  • "We," "Us," "Our," or "APX" refers to APX Security, Inc., the owner and operator of the Service.
  • "You" or "Customer" refers to the individual or Organization accessing or using the Service.
  • "Cipher" refers to the AI pentesting service, including its coordinating agent and specialist agents, that performs security assessments as part of the Service.
  • "Assessment" refers to a single security testing engagement initiated by the Customer against a specified target application.
  • "Customer Content" means any data, API specifications, credentials, application URLs, configuration, or other materials that you provide or make accessible to the Service for the purpose of an assessment. Any data generated or exfiltrated by Cipher during the course of an assessment (e.g., logs, database dumps, created user accounts) is also treated as Customer Content.
  • "Findings" refers to the vulnerabilities, reproducible exploits, reports, and other outputs generated by Cipher during an assessment.
  • "Assumptions" refers to the documented design decisions and business logic inferences that Cipher makes about your application during an assessment.

2. The Service

2.1. License Grant. Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service for your internal business purposes.

2.2. User Accounts. You must register for an account to access the Service. You agree to provide accurate and complete information and to keep this information up to date. You are responsible for all activities that occur under your account and for keeping your password and any credentials you provide secure.

2.3. Authorization. By initiating an assessment, you represent and warrant that you have explicit, lawful authorization to perform security testing against the target application. You are solely responsible for ensuring that you have proper authorization from the application owner. APX is not liable for any unauthorized testing conducted by you.

2.4. Assessment Scope and Kinetic Impact. Each assessment is scoped to a single target application as specified by you at the time of purchase. Cipher will test the target using automated reconnaissance, attack, and verification techniques. You acknowledge that automated security testing is inherently intrusive and may cause unintended side effects on target systems, including but not limited to: system downtime, data corruption, data loss, and triggering of internal alarms. Cipher acts as an automated attacker and actively exploits vulnerabilities. You accept this risk and represent that you have taken appropriate precautions (including backing up target data) prior to the assessment.

3. Assessments and Pricing

3.1. Per-Assessment Pricing. The Service is priced on a per-assessment basis. The current price is displayed on our website. All fees are charged at the time of purchase and are non-refundable regardless of assessment results. You acknowledge that a lack of findings is a valid assessment outcome indicating that Cipher did not identify vulnerabilities within its testing capabilities.

3.2. Assessment Window. For one-off assessments, each assessment must be completed within three (3) weeks from the date of purchase. After the assessment window expires, the project and all associated data — including findings, reports, and customer-provided configuration — will be permanently deleted from our systems. For ongoing integrations, data persists until you explicitly delete the project.

3.3. Retesting. Retesting of findings is included at no additional cost within the assessment window. You may request retesting to verify that a vulnerability has been remediated. Retesting is limited to the findings identified during the original assessment.

3.4. Reports and Deliverables. Assessment deliverables include: a security report mapped to applicable industry standards, reproducible exploits for verified findings, documented assumptions, and a full audit trail of tests performed. APX grants you a perpetual, irrevocable, worldwide license to reproduce, modify, and execute these exploits solely for your internal security testing and remediation purposes, including integration into your internal CI/CD pipelines. You are responsible for downloading and retaining any reports or deliverables before the assessment window expires.

3.5. Taxes. All fees are exclusive of any applicable taxes, levies, duties, or similar governmental assessments, which you are responsible for paying.

4. Customer Content and Data

4.1. Ownership of Your Content. You retain all right, title, and interest in and to your Customer Content. We do not claim any ownership rights in your application data, credentials, or configurations.

4.2. License to APX. To perform assessments and improve the Service, you grant APX a worldwide, royalty-free license to access, use, and process your Customer Content solely for the purposes of:
(a) Performing and delivering the assessment you purchased.
(b) Improving the accuracy and effectiveness of Cipher's testing capabilities using anonymized, aggregated metadata derived from assessments (e.g., "Attack Vector X failed against Framework Y"). Your specific application data is never used to improve the product for other customers.

4.3. What We Retain. After the assessment window expires and your project data is deleted, APX may retain anonymized, aggregated patterns and testing insights that do not contain your raw Customer Content, credentials, or any information that could identify your specific application or organization. These patterns are used to improve Cipher's testing capabilities for all customers.

4.4. What We Delete. Upon expiration of the assessment window or when you explicitly delete a project, we permanently delete: your Customer Content, credentials, application URLs, findings, reproducible exploits, reports, and all project-specific data. You may delete a project at any time. This deletion is irreversible.

4.5. Assumptions and Feedback. During an assessment, Cipher documents assumptions about your application's business logic. You may review, accept, or reject these assumptions. Accepted and rejected assumptions are used by Cipher to improve the accuracy of your current assessment. Anonymized patterns from this feedback may be retained per Section 4.3.

4.6. Third-Party AI Providers. Cipher is powered by frontier models from Anthropic and Google. Customer Content may be sent to these providers as part of assessment execution. We operate under enterprise agreements (Anthropic Zero-Retention, Google Cloud Data Governance) that explicitly prohibit model providers from training on your data. We control Cipher's agents, but we do not control what happens inside third-party AI infrastructure. For a full discussion of our security architecture, see our Security page.

5. Acceptable Use Policy

You agree not to (and not to permit any third party to):

  • Use the Service for any illegal or unauthorized purpose.
  • Initiate an assessment against any application for which you do not have explicit, lawful authorization to perform security testing.
  • Use the Service to perform denial-of-service attacks or otherwise intentionally disrupt third-party services.
  • Reverse-engineer, decompile, or otherwise attempt to discover the source code of the Service or Cipher.
  • Use the Service to build a competitive product or service.
  • Share, resell, or redistribute assessment reports or reproducible exploits to third parties without APX's prior written consent.
  • Introduce any viruses, worms, or other malicious code into the Service.
  • Submit Sensitive Data — including protected health information (PHI) under HIPAA, payment card data under PCI-DSS, Social Security numbers, or EU special-category data — as Customer Content. The Service is not designed to process or store Sensitive Data.

6. Confidentiality

"Confidential Information" means any information disclosed by one party to the other that is marked as confidential or that a reasonable person would understand to be confidential. Your Confidential Information includes your Customer Content and assessment findings; our Confidential Information includes the non-public aspects of our Service and Cipher's testing methodologies. Both parties agree to use Confidential Information only for the purpose of using or providing the Service and not to disclose it to any third party, except as required by law.

7. Term and Termination

7.1. Term. These Terms remain in effect for as long as you maintain an account with APX or have an active assessment.

7.2. Termination for Cause. Either party may terminate this Agreement for cause if the other party materially breaches these Terms and fails to cure such breach within thirty (30) days of receiving written notice.

7.3. Account Deletion. You may request deletion of your account at any time by contacting us at legal@apxlabs.ai. We will process deletion requests within thirty (30) days. Account deletion will not entitle you to a refund for any purchased assessments.

7.4. Suspension of Service. We may suspend your access to the Service immediately if we believe, in good faith, that you are in violation of the Acceptable Use Policy or that your use of the Service poses a security risk to us or our other customers. We will provide notice of the suspension as soon as reasonably practicable.

8. Warranties and Disclaimers

8.1. Limited Warranty. APX warrants that assessments will be performed using commercially reasonable efforts consistent with industry standards for automated security testing. APX does not warrant that the Service will identify all vulnerabilities in your application.

8.2. Disclaimer. EXCEPT FOR THE LIMITED WARRANTY IN SECTION 8.1, THE SERVICE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED. WE EXPLICITLY DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

8.3. No Guarantee of Security. YOU ACKNOWLEDGE THAT SECURITY TESTING IS A SNAPSHOT IN TIME. A REPORT WITH NO FINDINGS DOES NOT MEAN YOUR APPLICATION IS VULNERABILITY-FREE. APX IS NOT LIABLE FOR ANY SECURITY BREACHES, DATA LEAKS, CYBERATTACKS, OR UNAUTHORIZED ACCESS THAT OCCUR BEFORE, DURING, OR AFTER AN ASSESSMENT, REGARDLESS OF WHETHER THE EXPLOITED VULNERABILITY WAS WITHIN THE SCOPE OF CIPHER'S TESTING CAPABILITIES.

9. Limitation of Liability

9.1. Exclusion of Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF PROFITS, GOODWILL, OR DATA, ARISING FROM OR RELATED TO THE USE OF THE SERVICE OR ANY ASSESSMENT.

9.2. Liability Cap. EXCEPT FOR THE OBLIGATIONS UNDER SECTION 10 (INDEMNIFICATION) AND BREACHES OF SECTION 6 (CONFIDENTIALITY), IN NO EVENT SHALL EITHER PARTY'S AGGREGATE LIABILITY FOR ALL CLAIMS RELATING TO THE SERVICE EXCEED THE TOTAL AMOUNTS PAID BY YOU TO APX IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO THE CLAIM.

9.3. Acknowledgment of Risk. YOU ACKNOWLEDGE THAT AUTOMATED SECURITY TESTING MAY CAUSE UNINTENDED DISRUPTION TO TARGET SYSTEMS. APX IS NOT LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR THIRD-PARTY SYSTEMS RESULTING FROM SECURITY TESTING THAT YOU AUTHORIZED.

10. Indemnification

10.1. Indemnification by Customer. You agree to defend, indemnify, and hold harmless APX from and against any claims, damages, liabilities, and expenses (including reasonable attorney's fees) arising from (a) your use of the Service in violation of these Terms, (b) your Customer Content, or (c) your initiation of an assessment against any application for which you did not have proper authorization.

10.2. Indemnification by APX. APX agrees to defend, indemnify, and hold harmless you from and against any third-party claims, damages, liabilities, and expenses (including reasonable attorney's fees) alleging that your use of the Service in accordance with these Terms infringes or misappropriates a third party's intellectual property rights.

10.3. Indemnification Procedure. The party seeking indemnification (the "Indemnified Party") must (a) promptly notify the other party (the "Indemnifying Party") in writing of the claim; (b) grant the Indemnifying Party sole control of the defense and settlement of the claim, provided that the Indemnifying Party may not settle any claim unless it unconditionally releases the Indemnified Party of all liability; and (c) provide the Indemnifying Party with all reasonable assistance, at the Indemnifying Party's expense.

11. Governing Law and Dispute Resolution

These Terms shall be governed by the laws of the State of Washington, without regard to its conflict of law provisions. Any dispute arising from or relating to the subject matter of these Terms shall be finally settled by arbitration in King County, Washington.

12. General Provisions

Entire Agreement. These Terms constitute the entire agreement between you and APX concerning the Service and supersede all prior agreements.

Modifications. We reserve the right to modify these Terms at any time. We will provide notice of material changes. Your continued use of the Service after such changes constitutes your acceptance of the new Terms.

Severability. If any provision of these Terms is held to be invalid or unenforceable, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

13. Contact Us

If you have any questions about these Terms, please contact us at legal@apxlabs.ai.