Terms of Service
Definitions
The following terms have the meanings assigned to them throughout these Terms of Service:
| Term | Meaning |
|---|---|
| “Pragya Cyber” / “we” / “us” | Pragya Cyber Pvt. Ltd., a company incorporated in India, and its affiliates including Pragya Inc. (USA). |
| “Client” / “you” | Any individual, company, or organisation that engages Pragya Cyber for services or accesses Pragya Cyber’s platforms or website. |
| “Services” | All cybersecurity services, managed services, consulting engagements, training programmes, and staffing services provided by Pragya Cyber as described in a Statement of Work or Service Order. |
| “Platform” | VERIFI (the integrated cybersecurity management platform) and SecuraGPT (the AI/LLM security testing platform), including all software, dashboards, reports, and APIs made available by Pragya Cyber. |
| “Deliverables” | Reports, assessments, findings, code, documentation, and other outputs produced by Pragya Cyber in the course of delivering Services. |
| “Client Data” | All data, systems, credentials, and information provided by the Client to Pragya Cyber for the purpose of delivering Services. |
| “Authorisation” | Written permission granted by the Client confirming that Pragya Cyber is authorised to conduct security assessments, penetration tests, or scans against specified in-scope systems. |
| “SOW” | Statement of Work or Service Order, a document defining the scope, fees, timelines, and specific terms of a particular engagement. |
Acceptance of Terms
By (a) signing a Statement of Work, Service Order, or engagement letter with Pragya Cyber; (b) accessing or using the VERIFI or SecuraGPT platforms; (c) submitting a request for proposal or engaging Pragya Cyber consultants; or (d) accessing or using this website — you acknowledge that you have read, understood, and agree to be bound by these Terms of Service and our Privacy Policy.
If you are accepting these Terms on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that entity to these Terms. In that case, “you” and “Client” refer to that entity.
Services
3.1 Service Scope
Pragya Cyber provides cybersecurity services and products including, but not limited to:
- Vulnerability Assessment and Penetration Testing (VAPT) — web, mobile, API, network, OT/ICS
- Cloud Security Posture Management (CSPM) and Cloud Security Assessments
- Governance, Risk and Compliance (GRC) — SOC 2, ISO 27001, PCI DSS, DPDPA
- Virtual CISO (vCISO) and Managed Compliance Services
- Managed Security Operations (Managed SOC), Vulnerability Management, Patch Management
- OT/ICS Security Assessments and Managed OT Services
- Security Awareness Training and Cybersecurity Training Programmes
- Security Staffing — contract and permanent placement
- VERIFI Platform — SaaS cybersecurity management platform
- SecuraGPT Platform — AI/LLM security testing platform
3.2 Statements of Work
Each engagement is governed by a mutually agreed Statement of Work (SOW) that specifies the scope, in-scope systems, deliverables, timelines, fees, and any special conditions. In the event of a conflict between these Terms and an SOW, the SOW shall prevail with respect to the specific engagement it governs.
3.3 Authorisation for Security Testing
Any engagement involving penetration testing, vulnerability scanning, red teaming, or security assessment of computer systems requires the Client’s prior written Authorisation, clearly identifying the in-scope systems, IP addresses, domains, and testing windows. Pragya Cyber will not conduct any testing outside the authorised scope. The Client is responsible for obtaining any necessary permissions from third-party system owners (e.g., cloud providers, hosting companies) before granting Authorisation.
3.4 Third-Party Tools and Subcontractors
Pragya Cyber may use third-party tools, scan engines, or subcontractors in the delivery of Services. Where subcontractors are engaged, Pragya Cyber remains responsible for the quality of Deliverables and ensures subcontractors are bound by confidentiality obligations at least as stringent as those in these Terms.
Accounts & Platform Access
4.1 Account Registration
Access to VERIFI and SecuraGPT platforms requires registration of an account. You agree to provide accurate, current, and complete information at registration and to keep that information updated. You are responsible for maintaining the confidentiality of your account credentials.
4.2 Account Security
You are responsible for all activities that occur under your account. You must immediately notify Pragya Cyber at security@pragyacyber.com if you suspect unauthorised access to your account. Pragya Cyber will not be liable for any loss or damage arising from your failure to maintain account security.
4.3 Multi-Tenant Isolation
VERIFI and SecuraGPT are multi-tenant platforms. Each client tenancy is logically isolated. You must not attempt to access, read, modify, or interfere with data belonging to any other tenancy. Any such attempt may constitute a criminal offence and will result in immediate account termination and legal action.
Acceptable Use
5.1 Permitted Use
You may use Pragya Cyber’s Services and platforms solely for your own legitimate internal security management purposes, or as expressly agreed in a Statement of Work.
5.2 Prohibited Activities
You must not, and must not permit or encourage others to:
- Use any Service or platform to conduct security testing, scanning, or attacks against systems you do not own or have explicit written authorisation to test
- Use Deliverables, scan data, or platform outputs to conduct offensive or illegal activities against any third party
- Reverse engineer, decompile, or disassemble any part of the VERIFI or SecuraGPT platforms
- Reproduce, resell, sublicense, or commercialise any Deliverable or platform feature without Pragya Cyber’s prior written consent
- Upload malicious code, malware, or any content designed to disrupt, damage, or gain unauthorised access to any system
- Attempt to bypass, circumvent, or disable any security control, authentication mechanism, or access control on the platforms
- Use automated tools to scrape, crawl, or extract data from the platform in a manner that disrupts normal operation
- Impersonate any person or entity, or misrepresent your identity or affiliation with any person or entity
- Use the platforms for any purpose that violates applicable law, regulation, or third-party rights
Intellectual Property
6.1 Pragya Cyber IP
All intellectual property rights in the VERIFI platform, SecuraGPT platform, proprietary scan engines, MCP server implementations, scoring models, methodology documents, training materials, and all pre-existing tools and frameworks used in delivering Services remain the sole property of Pragya Cyber. No licence to Pragya Cyber IP is granted beyond what is expressly stated in these Terms or an SOW.
6.2 Deliverables Ownership
Unless otherwise agreed in writing in an SOW, Deliverables produced for the Client (including penetration test reports, security assessment reports, and compliance evidence) are licensed to the Client for the Client’s own internal use. The underlying methodologies, templates, tools, and Pragya Cyber’s pre-existing IP incorporated into Deliverables remain the property of Pragya Cyber.
6.3 Client IP
All Client Data, systems, code, and intellectual property provided by the Client to enable delivery of Services remain the sole property of the Client. Pragya Cyber acquires no rights in Client IP by virtue of these Terms or any engagement.
6.4 Feedback
If you provide Pragya Cyber with feedback, suggestions, or ideas relating to our Services or platforms, you grant Pragya Cyber a perpetual, irrevocable, royalty-free licence to use such feedback for any purpose, including improving our products and services, without any obligation to you.
Confidentiality
7.1 Mutual Obligations
Each party agrees to keep confidential all non-public information received from the other party that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure (“Confidential Information”).
7.2 Pragya Cyber Obligations
Pragya Cyber will treat all Client Data, vulnerability findings, assessment results, and business information as strictly confidential. Pragya Cyber will not disclose such information to any third party without the Client’s prior written consent, except as required by law or court order (in which case Pragya Cyber will, to the extent permitted, provide prompt notice to the Client before disclosure).
7.3 Standard Exceptions
Confidentiality obligations do not apply to information that: (a) is or becomes publicly known through no breach of these Terms; (b) was rightfully known before receipt; (c) is rightfully obtained from a third party without restriction; or (d) is independently developed without use of the other party’s Confidential Information.
7.4 Responsible Disclosure
In the course of delivering Services, Pragya Cyber may identify vulnerabilities in third-party software or systems unrelated to the Client’s engagement scope. Pragya Cyber reserves the right to conduct responsible disclosure of such vulnerabilities in accordance with industry-standard responsible disclosure principles, and will not identify the Client or the Client’s systems in any such disclosure.
Payment & Billing
8.1 Fees
Fees for Services are as agreed in the applicable SOW or Service Order. Unless otherwise specified, all fees are exclusive of applicable taxes (including GST in India and equivalent taxes in other jurisdictions), which shall be charged additionally where applicable.
8.2 Payment Terms
Unless otherwise agreed in an SOW, invoices are payable within thirty (30) days of the invoice date. For platform subscriptions, fees are billed in advance on the applicable billing cycle (monthly or annual) and are non-refundable except as expressly stated below.
8.3 Late Payment
Overdue amounts accrue interest at the rate of 1.5% per month (or the maximum rate permitted by applicable law, whichever is lower) from the due date until paid in full. Pragya Cyber reserves the right to suspend Services or platform access for accounts with amounts overdue by more than fifteen (15) days, on seven (7) days’ written notice.
8.4 Refunds
Services that have commenced are non-refundable. For platform subscriptions, a pro-rated refund of unused subscription months may be issued at Pragya Cyber’s discretion upon written request within 14 days of the billing date, subject to any minimum commitment period agreed in an SOW.
8.5 Disputed Invoices
If you dispute any part of an invoice, you must notify Pragya Cyber in writing within fifteen (15) days of the invoice date, providing specific details of the dispute. Undisputed portions of the invoice remain payable on the original due date.
Data & Privacy
9.1 Data Processing
Pragya Cyber processes Client Data solely for the purpose of delivering the contracted Services. Pragya Cyber does not sell, rent, or share Client Data with third parties for commercial purposes. Our handling of personal data is governed by our Privacy Policy, which is incorporated into these Terms by reference.
9.2 Data Security
Pragya Cyber implements industry-standard technical and organisational measures to protect Client Data, including AES-256 encryption at rest, TLS encryption in transit, multi-factor authentication, role-based access control, and separate database isolation per client tenancy. Annual penetration testing is conducted on the VERIFI and SecuraGPT platforms.
9.3 Data Retention
Pragya Cyber retains Client Data for the duration of the engagement plus a period of twelve (12) months following engagement completion, or as otherwise agreed in an SOW, after which Client Data is securely deleted or returned to the Client on request. Platform scan data is retained for a minimum of twelve (12) months to enable trend analysis.
9.4 Compliance
Pragya Cyber’s data processing practices comply with applicable data protection laws including the Digital Personal Data Protection Act, 2023 (India), the General Data Protection Regulation (GDPR) where applicable to EU data subjects, and applicable data protection laws in the United Kingdom, United States, and Middle East jurisdictions in which Pragya Cyber operates.
9.5 Client Responsibilities
You are responsible for ensuring that any personal data of third parties provided to Pragya Cyber in connection with Services is provided with appropriate legal basis (e.g., consent, legitimate interest) and complies with applicable data protection laws. You must inform Pragya Cyber promptly if any Client Data includes special categories of personal data or data subject to heightened regulatory protection.
Warranties & Disclaimers
10.1 Pragya Cyber Warranties
Pragya Cyber warrants that: (a) it will perform Services with reasonable care and skill; (b) it has the right to provide the Services described; and (c) the platforms will materially conform to their documented specifications during the subscription period.
10.2 No Guarantee of Complete Security
Security assessments and penetration tests are conducted within the agreed scope, timeframe, and constraints of the engagement. Pragya Cyber does not warrant that a Deliverable will identify every vulnerability present in the Client’s systems, or that systems assessed as secure at the time of testing will remain secure thereafter. Cybersecurity is an ongoing discipline — a point-in-time assessment reflects the security posture at the time it was conducted.
10.3 Platform Disclaimer
The VERIFI and SecuraGPT platforms are provided on an “as-is” and “as available” basis. While Pragya Cyber targets 99.9% platform uptime, we do not warrant uninterrupted or error-free platform operation. Planned maintenance windows will be communicated with advance notice.
Limitation of Liability
11.1 Cap on Liability
To the maximum extent permitted by applicable law, Pragya Cyber’s total aggregate liability to you under or in connection with these Terms or any SOW — whether in contract, tort (including negligence), breach of statutory duty, or otherwise — shall not exceed the total fees paid by you to Pragya Cyber in the twelve (12) months immediately preceding the event giving rise to the claim, or INR 10,00,000 (ten lakh rupees) / USD 12,000, whichever is lower.
11.2 Exclusion of Consequential Loss
In no event shall either party be liable to the other for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of revenue, loss of data, loss of goodwill, business interruption, or cost of substitute goods or services — even if such party has been advised of the possibility of such damages and whether such liability arises under contract, tort, or otherwise.
11.3 Exceptions
Nothing in these Terms excludes or limits liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) wilful misconduct or gross negligence; or (d) any other liability that cannot be excluded or limited by applicable law.
Indemnification
12.1 Client Indemnity
You agree to indemnify, defend, and hold harmless Pragya Cyber and its directors, officers, employees, and agents from and against any claims, liabilities, damages, losses, fines, and expenses (including reasonable legal fees) arising out of or relating to:
- Your breach of these Terms or any SOW
- Your breach of any applicable law or regulation
- Authorisation granted by you for security testing that exceeded your legal authority to grant
- Your negligent, reckless, or wilful acts or omissions in connection with the Services
- Third-party claims arising from your use of Deliverables outside the scope permitted by these Terms
12.2 Pragya Cyber Indemnity
Pragya Cyber will indemnify and hold you harmless from any third-party claim that the VERIFI or SecuraGPT platforms, as delivered to you, infringe any third-party intellectual property right in India, the United States, or the United Kingdom, provided that you promptly notify Pragya Cyber of the claim, give Pragya Cyber sole control of the defence, and cooperate reasonably in the defence. This indemnity does not apply to infringement caused by your modifications to the platform or your combination of the platform with other products or services.
Termination
13.1 Termination for Convenience
Either party may terminate a subscription or ongoing engagement by providing thirty (30) days’ written notice to the other party. For project-based SOWs with a defined end date, the SOW terminates upon completion of the agreed deliverables or on the agreed end date, whichever is earlier.
13.2 Termination for Cause
Either party may terminate these Terms or any SOW immediately on written notice if the other party: (a) materially breaches these Terms and fails to remedy the breach within fourteen (14) days of written notice; (b) becomes insolvent, makes an assignment for the benefit of creditors, or enters administration or liquidation proceedings; or (c) engages in wilful misconduct or fraudulent conduct.
13.3 Effect of Termination
On termination: (a) all licences granted under these Terms cease immediately; (b) all amounts owed by either party become immediately due and payable; (c) each party will return or destroy the other party’s Confidential Information within thirty (30) days; and (d) Client Data held on Pragya Cyber’s platforms will be made available for export for a period of thirty (30) days after which it will be securely deleted. Sections 6, 7, 10, 11, 12, and 14 survive termination.
Governing Law & Dispute Resolution
14.1 Governing Law
These Terms are governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and the Indian Contract Act, 1872, without regard to its conflict of law provisions.
14.2 Jurisdiction
The courts of Hyderabad, Telangana, India shall have exclusive jurisdiction over any dispute arising under these Terms, except where applicable law requires otherwise. For Clients based in the United States or United Kingdom, disputes arising from SOWs executed under those jurisdictions may, at Pragya Cyber’s election, be governed by the laws of the State of Delaware (USA) or England and Wales (UK) respectively.
14.3 Dispute Resolution Process
Before initiating any formal legal proceeding, the parties agree to attempt in good faith to resolve any dispute through direct negotiation between senior representatives of each party. If the dispute is not resolved within thirty (30) days of written notice of the dispute, either party may refer the matter to arbitration under the Arbitration and Conciliation Act, 1996 (India), with a single arbitrator appointed by mutual agreement. The seat of arbitration shall be Bengaluru, and proceedings shall be conducted in English.
Changes to These Terms
Pragya Cyber may revise these Terms from time to time to reflect changes in our Services, legal requirements, or business practices. We will post the updated Terms on our website and update the “Last updated” date at the top of this page. For material changes, we will provide at least thirty (30) days’ advance notice by email to registered account holders.
Your continued use of our Services or platforms after the effective date of revised Terms constitutes acceptance of the updated Terms. If you do not agree to the revised Terms, you must stop using the Services and notify us to terminate your account before the effective date.
Contact Us
If you have any questions about these Terms of Service, wish to exercise any rights under them, or need to report a concern, please contact us:
| General enquiries | hello@pragyacyber.com |
| Legal & Terms | legal@pragyacyber.com |
| Data & Privacy | privacy@pragyacyber.com |
| Security issues | security@pragyacyber.com |
| Website | www.pragyacyber.com |