Terms of Service

These Terms of Service ("Terms") govern your use of the Skuntir website at skuntir.com and any associated subdomains. They apply to all visitors, prospective clients, and any party accessing information published by Skuntir online.

These Terms do not govern the delivery of contracted security services. All engagement activity is separately governed by a Master Services Agreement (MSA), Non-Disclosure Agreement (NDA), Statement of Work (SOW), and Rules of Engagement (ROE) executed between Skuntir and the client. Where those documents conflict with these Terms, the executed engagement documents take precedence.

By accessing this website, you confirm that you have read, understood, and agree to these Terms. If you do not agree, you must not access or use this website.

Skuntir is an offensive security firm based in Munich, Germany, specialising in red team operations, adversarial simulation, penetration testing across all domains, cloud security assessments, product security reviews, and human factors testing. All services are delivered on a contractual basis to authorised clients. Nothing on this website constitutes an offer to perform security operations against any system, and no engagement arises without a fully executed written agreement.

Skuntir will not conduct any form of security testing, vulnerability assessment, offensive cyber operation, social engineering, physical intrusion simulation, or any related activity against any system, network, application, facility, or individual without explicit, prior written authorisation from the lawful owner or operator of that target.

Every engagement must be supported by a signed Statement of Work and Rules of Engagement defining the precise scope of authorised targets, permitted techniques, testing windows, and emergency stop procedures before any activity commences. Any activity outside the agreed scope is prohibited and will be terminated immediately upon discovery, regardless of its potential value to the engagement.

Clients warrant that they hold the legal authority to authorise testing of every asset in the agreed scope. This includes cloud-hosted infrastructure, third-party SaaS platforms, co-located assets, and systems operated by subsidiaries. Where the agreed scope includes infrastructure owned or operated by a third party, the client is solely responsible for obtaining that third party's authorisation before the engagement begins. Skuntir has no liability for a client's failure to obtain required third-party permissions.

By using this website, you agree not to:

• Use this website for any purpose that is unlawful, fraudulent, or harmful
• Probe, scan, fuzz, or test the vulnerability of this website or any system or network connected to it
• Attempt to gain unauthorised access to any area of the website, its hosting infrastructure, or related systems
• Introduce malicious code, exploit payloads, or disruptive content of any kind
• Conduct denial of service attacks or any activity intended to degrade the availability of this website
• Harvest, scrape, or systematically extract content without prior written permission from Skuntir
• Impersonate Skuntir, its personnel, or its clients in any context
• Use automated tools to submit contact forms, generate enquiries, or interact with any website feature at scale

We acknowledge the irony of an offensive security company's website being protected by terms against unauthorised probing. Our website is not an authorised target. If you discover a genuine vulnerability in our systems, report it under our Responsible Disclosure Policy. We will not pursue legal action against researchers acting in good faith under that policy.

Skuntir treats all client information - including the existence of any engagement, its scope, findings, and all related communications - as strictly confidential. We will not disclose any client-identifying information to any third party without the client's explicit written consent, except where required by applicable law or a valid legal order.

Where disclosure is compelled by law, Skuntir will, where legally permitted, notify the client promptly and cooperate in seeking appropriate protective measures before any disclosure is made.

Where the delivery of an engagement requires Skuntir to process personal data on behalf of the client - including personal data encountered incidentally during testing, such as credentials, email addresses, or employee information - Skuntir does so in its capacity as a data processor within the meaning of Regulation (EU) 2016/679 (GDPR). The client is the data controller in respect of any such personal data. Where required by applicable data protection law, the parties will execute a Data Processing Agreement (DPA) in accordance with Article 28 GDPR before any processing of personal data commences. Skuntir's standard DPA is available on request from legal@skuntir.com.

This website and its contents are provided "as is" and "as available" without warranty of any kind, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, accuracy, or non-infringement.

The information published on this website is for general informational purposes only and does not constitute professional security advice. No reliance should be placed on any such information without engaging Skuntir directly for a scoped assessment.

Security testing is inherently imperfect and point-in-time. While Skuntir operates to a high professional standard, the identification of vulnerabilities during an engagement is not a warranty that no other vulnerabilities exist or that the client's systems are secure. The absence of findings in a report means only that no in-scope vulnerabilities were identified within the agreed testing window using the agreed methodology. It is not an assurance of security.

To the maximum extent permitted by applicable law, Skuntir's aggregate liability to you arising out of or in connection with these Terms or any engagement shall not exceed the total fees paid by you to Skuntir in the three (3) months immediately preceding the event giving rise to the claim.

Skuntir shall not be liable for any indirect, incidental, consequential, punitive, or special damages, including but not limited to loss of revenue, loss of profits, loss of business opportunity, loss of data, business interruption, or reputational harm, even if Skuntir has been advised of the possibility of such damages.

The inherent risks of offensive security testing - including risks of system instability, service disruption, and data exposure - are addressed in the Rules of Engagement executed prior to each engagement. Skuntir is not liable for harm arising from testing conducted within the agreed scope and methodology.

Nothing in these Terms excludes or limits Skuntir's liability for fraud, wilful misconduct, death or personal injury caused by our negligence, or any other liability that cannot be excluded or limited under applicable law.

You agree to indemnify, defend, and hold harmless Skuntir and its officers, directors, employees, contractors, and agents from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or related to:

• Your breach of these Terms or any representation or warranty made in them
• Your misrepresentation of authority to authorise any security testing
• Your use of Skuntir's services in violation of applicable law
• Any claim by a third party arising from your failure to obtain necessary authorisations for systems included in an agreed engagement scope
• Your re-export of any engagement deliverable, tool, or technical knowledge in violation of applicable export control laws

Neither party is liable for any delay or failure to perform obligations under these Terms or any engagement agreement to the extent caused by circumstances beyond its reasonable control that it could not reasonably have foreseen or prevented at the time of contracting. Such circumstances include, without limitation: natural disasters; pandemic or epidemic; acts of war, terrorism, or civil unrest; government actions or orders (including the suspension or restriction of any relevant licence or permit); cyberattacks against a party's own infrastructure; industrial action by third parties; or failure of third-party infrastructure including internet and telecommunications services.

Where a force majeure event affects Skuntir's ability to perform testing obligations, we will notify the client as soon as reasonably practicable and provide a revised schedule. If the event continues for more than 30 consecutive days, either party may terminate the affected engagement without liability on written notice. Fees paid in advance for work not yet performed will be returned pro rata.

The offensive security tools, software, technical knowledge, and deliverables involved in Skuntir's services may be subject to applicable export control laws, including EU Regulation 2021/821 on the control of exports of dual-use items and the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.

Both parties agree to comply with all applicable export control laws and regulations. Clients will not re-export, directly or indirectly, any engagement deliverable, proof-of-concept code, exploit, or technical documentation provided by or through Skuntir in violation of applicable export controls. Skuntir will not knowingly perform services that would require it to provide unlicensed controlled technology to a restricted end-user or for a restricted end-use.

All content on this website, including text, branding, design elements, graphics, and methodological descriptions, is the intellectual property of Skuntir and is protected by applicable copyright, trademark, and other intellectual property laws. You may not reproduce, republish, distribute, or commercially exploit any content from this website without prior written permission. Limited quotation for non-commercial reporting or commentary is permitted with appropriate attribution.

This website may contain links to third-party websites for reference or convenience. Skuntir does not endorse, control, or accept responsibility for the content, privacy practices, or security posture of any third-party website. Visiting any linked site is at your own risk.

These Terms, and any non-contractual obligation arising out of or in connection with them, are governed by the laws of Germany. The parties submit to the exclusive jurisdiction of the German courts, with Munichs tingsrätt as the court of first instance, for the resolution of any dispute arising out of or in connection with these Terms.

For disputes arising out of a contracted engagement, the dispute resolution mechanism specified in the applicable Master Services Agreement governs and takes precedence over this clause.

Before initiating any formal legal proceedings, both parties agree to attempt to resolve any dispute through good-faith negotiation for a period of not less than 30 days from the date written notice of the dispute is provided to the other party.

Severability. If any provision of these Terms is found to be invalid, unlawful, or unenforceable by a court or tribunal of competent jurisdiction, that provision shall be modified to the minimum extent necessary to make it enforceable, or severed if modification is not possible. The remaining provisions continue in full force and effect.

Survival. The following sections survive the expiry or termination of these Terms or any engagement agreement and continue to bind the parties: Section 6 (Confidentiality and Data Processing), Section 7 (Disclaimer of Warranties), Section 8 (Limitation of Liability), Section 9 (Indemnification), Section 11 (Export Controls), Section 12 (Intellectual Property), and Section 14 (Governing Law and Disputes).

Waiver. Skuntir's failure to enforce any provision of these Terms on any occasion does not constitute a waiver of that provision or of the right to enforce it in the future. Any waiver must be in writing and signed by an authorised representative of Skuntir to be effective.

These Terms, together with our Privacy Policy and any executed engagement-specific agreements, constitute the entire agreement between you and Skuntir with respect to the subject matter of these Terms and supersede all prior discussions, representations, or agreements on the same subject matter.

Skuntir reserves the right to update these Terms at any time. Changes take effect upon publication to this website. Where changes are material, we will update the "last updated" date at the top of this page. Continued use of this website after changes are published constitutes your acceptance of the revised Terms. Modifications do not affect the terms of any active, executed engagement agreement.

Legal enquiries: legal@skuntir.com
General enquiries: contact@skuntir.com