Last Updated: January 7, 2025
These Terms of Service ("Terms") govern your access to and use of HailBytes services, including GoPhish Cloud and reNgine Cloud (collectively, the "Services"). By accessing or using our Services, you agree to be bound by these Terms. If you do not agree, do not use our Services.
By registering for an account, deploying our products through AWS or Azure Marketplace, or otherwise accessing our Services, you represent that: (a) you are at least 18 years old and have the legal capacity to enter into binding contracts; (b) if representing an organization, you have the authority to bind that organization to these Terms; and (c) you will comply with all applicable laws and regulations.
A cloud-deployed phishing simulation and security awareness training platform. The service allows you to conduct simulated phishing campaigns to train employees and measure organizational security posture.
An automated reconnaissance and attack surface management platform. The service enables continuous monitoring, subdomain discovery, vulnerability scanning, and AI-powered security analysis for authorized targets.
Our Services are deployed to your AWS or Azure infrastructure. You maintain control over the infrastructure, data storage, and application runtime. HailBytes provides the software, deployment automation, updates, and support.
You may use our Services only for lawful purposes, including:
You agree NOT to use our Services to:
CRITICAL: Before using GoPhish Cloud or reNgine Cloud against any system, domain, or network, you MUST obtain explicit written authorization from the owner. You are solely responsible for ensuring you have proper authorization. Unauthorized use may result in criminal prosecution under the Computer Fraud and Abuse Act (CFAA) or similar laws.
You must provide accurate, current, and complete information during registration. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. Notify us immediately of any unauthorized access or security breach.
We reserve the right to suspend or terminate your account if: (a) you violate these Terms; (b) you engage in fraudulent or illegal activity; (c) your account poses a security risk; or (d) required by law. We will provide notice when reasonably possible, except in cases of legal prohibition or imminent security threats.
Fees are described on our pricing pages and through AWS/Azure Marketplace listings. Prices are subject to change with 30 days' notice. Infrastructure costs (AWS EC2, Azure VMs, databases, storage) are your responsibility and billed directly by your cloud provider.
For Marketplace deployments, payment is processed through AWS or Azure billing systems. You agree to provide current, complete, and accurate billing information. Failure to pay may result in service suspension or termination.
Software license fees are generally non-refundable. For Enterprise customers, refund policies are defined in your contract. Infrastructure costs are billed by your cloud provider and subject to their refund policies.
HailBytes and its licensors own all rights, title, and interest in the Services, including all software, trademarks, logos, documentation, and content. These Terms grant you a limited, non-exclusive, non-transferable license to use the Services as described herein.
Our Services include open-source components (GoPhish, reNgine) subject to their respective licenses. See our License page for details. Our modifications and proprietary enhancements remain our intellectual property. For transparency and compliance with open-source licensing requirements, all modifications and enhancements are included in the source code provided on the virtual machine deployments.
You retain all rights to data you create, upload, or process using our Services (phishing campaigns, scan results, reports). You grant HailBytes a limited license to process this data solely to provide the Services and support. We do not claim ownership of your data.
We strive to provide 99.9% uptime for deployment and support services. However, service availability depends on your cloud infrastructure (AWS/Azure). We are not responsible for downtime caused by your cloud provider, network issues, or infrastructure configuration.
THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. WE DISCLAIM ALL WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, HAILBYTES SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, DATA LOSS, OR BUSINESS INTERRUPTION, ARISING FROM YOUR USE OF THE SERVICES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
OUR TOTAL LIABILITY FOR ALL CLAIMS ARISING FROM THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE AMOUNT YOU PAID TO HAILBYTES IN THE 12 MONTHS PRECEDING THE CLAIM, OR $100 (WHICHEVER IS GREATER).
SOME JURISDICTIONS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR EXCLUSION OF CERTAIN DAMAGES. IN SUCH JURISDICTIONS, OUR LIABILITY IS LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.
You agree to indemnify, defend, and hold harmless HailBytes and its officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including attorney fees) arising from: (a) your violation of these Terms; (b) your unauthorized use of the Services; (c) your violation of any third-party rights; or (d) any illegal or fraudulent activity conducted using our Services.
Our Privacy Policy describes how we collect, use, and protect your personal information. For self-hosted deployments, you act as the data controller for data processed by the Services. You are responsible for compliance with applicable data protection laws (GDPR, CCPA, etc.) when using our Services.
Our Services integrate with third-party services (AWS, Azure, email providers, AI models). Your use of third-party services is subject to their terms and policies. We are not responsible for third-party services, and any disputes should be resolved directly with the third-party provider.
We may modify these Terms at any time by posting updated Terms on our website. Material changes will be communicated via email or in-app notification. Your continued use of the Services after changes constitute acceptance of the updated Terms. If you do not agree to the changes, you must discontinue use of the Services.
You may terminate your account at any time by contacting us or through your cloud provider's marketplace. Upon termination: (a) your access to the Services will cease; (b) you remain responsible for any outstanding fees; (c) we may delete your account data after 90 days; and (d) provisions that by their nature should survive (IP rights, disclaimers, limitations of liability) will continue.
Before filing a claim, you agree to contact us at legal@hailbytes.com to attempt informal resolution. We will work in good faith to resolve disputes amicably.
Any disputes not resolved informally shall be resolved through binding arbitration under the rules of the American Arbitration Association (AAA). Arbitration will be conducted in English in the state of Delaware, USA. Each party will bear their own costs.
You agree to resolve disputes on an individual basis. You waive the right to participate in class actions, class arbitrations, or representative proceedings.
These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict of law principles. Any disputes not subject to arbitration shall be brought exclusively in the federal or state courts located in Delaware.
These Terms, together with our Privacy Policy and any applicable order forms or contracts, constitute the entire agreement between you and HailBytes regarding the Services.
If any provision of these Terms is found invalid or unenforceable, the remaining provisions will remain in full force and effect.
Our failure to enforce any right or provision of these Terms does not constitute a waiver of that right or provision.
You may not assign or transfer these Terms without our prior written consent. We may assign these Terms without restriction.
For questions about these Terms, contact us:
Important: Legal Authorization Requirement
Our Services are powerful security testing tools. You must obtain explicit written authorization before testing any system, domain, or network you do not own. Unauthorized testing is illegal and may result in criminal prosecution. Always practice responsible security research.