Terms of Service

By creating an account or using the Hawkra platform (“Service”), you agree to be bound by these Terms of Service (“Terms”). If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.

You must be at least 16 years of age, or the age of majority in your jurisdiction (whichever is greater), to use the Service. By agreeing to these Terms, you represent that you meet this requirement.

If you do not agree to these Terms, do not create an account or use the Service.

These Terms, together with our Privacy Policy and any applicable Data Processing Agreement, constitute the entire agreement between you and ReconhawkLabs LLC regarding your use of the Service.

Hawkra is a vulnerability management and penetration testing platform that helps security professionals organize, track, analyze, and report on security assessments.

The Service is available in two editions:

• SaaS Edition — Cloud-hosted, multi-tenant, managed by ReconhawkLabs.
• Self-Hosted Edition — Deployed on your own infrastructure. Your data never touches ReconhawkLabs servers.

Access is tiered:

• Free — Limited features and usage quotas.
• Premium — Full feature access via paid subscription.

The Service includes AI-powered analysis features, integrations with third-party security intelligence services, and a background scheduler that updates vulnerability intelligence data daily. These features are subject to the disclaimers in Sections 8 and 9.

ReconhawkLabs reserves the right to modify, suspend, or discontinue any part of the Service at any time with reasonable notice.

You must provide accurate and complete information when creating an account. You are responsible for maintaining the accuracy of your account information.

You are responsible for all activity that occurs under your account. You must:

• Keep your credentials confidential
• Use a strong, unique password
• Enable multi-factor authentication where available
• Notify us immediately at security@reconhawklabs.com if you suspect unauthorized access to your account

You may not share account credentials or allow others to access your account. Each individual user must have their own account.

ReconhawkLabs may suspend your account if we reasonably believe it has been compromised, until the security concern is resolved.

This section defines the boundaries of acceptable use for a penetration testing and vulnerability management platform. You are responsible for ensuring that your use of the Service complies with all applicable laws.

Prohibited Activities

You may not use the Service to:

• Access, scan, or test any system without explicit written authorization from the system owner
• Conduct denial-of-service (DoS/DDoS) attacks or other disruptive attacks
• Distribute malware, ransomware, exploits, or other malicious code
• Harvest credentials or personal data from unauthorized sources
• Publicly disclose vulnerabilities in third-party systems without following responsible disclosure practices (minimum 90-day timeline)
• Conduct social engineering attacks against individuals without explicit authorization
• Stockpile zero-day vulnerabilities for malicious purposes
• Circumvent rate limits, license restrictions, or security controls on the Service
• Use the Service to develop a competing product
• Resell or redistribute access to the Service without authorization
• Interfere with other users' use of the Service
• Upload content that infringes third-party intellectual property rights
• Use AI analysis features to generate harmful, misleading, or deceptive content
• Violate any applicable law, including the Computer Fraud and Abuse Act (18 U.S.C. § 1030), state computer crime laws, the GDPR, or their international equivalents

Responsible Disclosure

If you discover vulnerabilities in third-party systems through the Service, you must handle this information responsibly:

• Notify the affected system owner before any public disclosure
• Allow a minimum of 90 days for remediation, consistent with CISA coordinated disclosure guidelines
• Do not exploit discovered vulnerabilities beyond what is necessary to demonstrate the issue

Consequences

Violations of this Acceptable Use Policy may result in:

• Written warning for first-time, non-severe violations
• Immediate account suspension for severe or repeated violations
• Account termination and referral to law enforcement for criminal activity
• Triggering of your indemnification obligations under Section 12

This section applies to the SaaS Edition only. Self-hosted licenses are governed by separate license terms.

Pricing is displayed at the time of purchase. All payments are processed through Stripe, Inc. and are subject to Stripe's terms of service. ReconhawkLabs does not store your payment card information.

Subscriptions renew automatically at the end of each billing period unless you cancel before the renewal date. You will be charged the then-current rate at renewal.

You may cancel your subscription at any time through your account settings. Cancellation takes effect at the end of the current billing period. No refunds are provided for partial billing periods on monthly plans.

For annual plans, new subscribers may request a full refund within 14 days of initial purchase. After 14 days, cancellation takes effect at the end of the current annual term.

ReconhawkLabs may change subscription pricing with at least 30 days' notice before your next renewal date. If you do not agree to the new pricing, you may cancel before it takes effect.

The Free tier is provided at no cost with limited features and usage quotas. ReconhawkLabs may modify or discontinue the Free tier at any time with reasonable notice.

ReconhawkLabs retains all rights, title, and interest in the Hawkra platform, including its software, algorithms, user interface, documentation, and trademarks. These Terms grant you a limited, non-exclusive, non-transferable license to use the Service during your subscription term.

You retain full ownership of all data you upload, generate, or store on the Service. ReconhawkLabs claims no ownership interest in your data.

Outputs from AI analysis features are not owned by ReconhawkLabs. These outputs are provided without warranty of accuracy, completeness, or fitness for any purpose. See Section 8 for additional details.

If you provide feedback or suggestions about the Service, you grant ReconhawkLabs a perpetual, royalty-free, worldwide license to use that feedback for improving the Service. This does not extend to your proprietary data or security findings.

You may not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service, except as expressly permitted by applicable law that cannot be waived by contract.

You retain full ownership of all data you upload to, generate within, or store on the Service (“Customer Data”). ReconhawkLabs processes Customer Data solely to provide the Service as instructed by you.

All sensitive workspace data is encrypted at rest using AES-256-GCM with per-workspace encryption keys. Credentials, notes, compliance evidence, and uploaded files are encrypted before storage. For full details on data collection and handling, see our Privacy Policy.

You may export your data at any time using the built-in export functionality, which supports CSV format.

Upon account deletion, your data is permanently removed immediately. You should export any data you wish to keep before deleting your account.

For the Self-Hosted Edition, your data resides entirely on your own infrastructure. ReconhawkLabs does not access, process, or store your data in any way.

For customers subject to the GDPR or similar data protection laws, a Data Processing Agreement is available upon request by contacting legal@reconhawklabs.com.

The Service includes AI-powered vulnerability analysis features, currently powered by Google Gemini. When using self-hosted deployments with a local LLM, the AI provider terms in this section do not apply, though all disclaimers regarding accuracy and reliability remain in effect.

When you use AI analysis features, the workspace context you select is sent to the AI provider for processing. This transmission is subject to the AI provider's data processing terms. For details, see our Privacy Policy.

ReconhawkLabs is not liable for any harm, loss, or damage arising from reliance on AI-generated analysis.

The Service integrates with third-party services including Shodan, Have I Been Pwned, ipgeolocation.io, Brave Search, the National Vulnerability Database (NVD), CISA Known Exploited Vulnerabilities catalog, FIRST Exploit Prediction Scoring System (EPSS), and MITRE ATT&CK. Some of these integrations are on-demand (triggered by your actions), while others run on a daily background schedule to keep vulnerability intelligence data current.

Third-party services are governed by their own terms of service and privacy policies. You are responsible for reviewing and complying with those terms.

ReconhawkLabs does not guarantee the availability, accuracy, completeness, or reliability of data provided by third-party services. These services may become unavailable, change their terms, or modify their data at any time without notice to ReconhawkLabs.

Your use of third-party integrations may be subject to separate API rate limits, usage restrictions, and terms imposed by the third-party provider.

ReconhawkLabs is not liable for service interruptions, data inaccuracies, or any other issues arising from third-party providers.

Without limiting the foregoing, ReconhawkLabs does not warrant that:

• The Service will be uninterrupted, timely, secure, or error-free
• Results obtained through the Service will be accurate or reliable
• Vulnerability scanning will detect all vulnerabilities in your systems
• AI analysis will be complete, correct, or suitable for your needs
• Defects in the Service will be corrected
• The Service will meet your specific requirements

You acknowledge that security testing inherently involves risk and that no tool can guarantee complete vulnerability detection. You are solely responsible for your security decisions and the actions you take based on information obtained through the Service.

The limitations above do not apply to:

• Fraud or willful misconduct by ReconhawkLabs
• Gross negligence by ReconhawkLabs
• Death or personal injury caused by ReconhawkLabs' negligence
• Any liability that cannot be limited under applicable law

If you are located in the European Union, nothing in these Terms limits your rights under mandatory EU consumer protection law.

Your Indemnification of ReconhawkLabs

You agree to indemnify, defend, and hold harmless ReconhawkLabs and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from:

• Your use of the Service in violation of the Acceptable Use Policy (Section 4)
• Your violation of any applicable law, including computer crime laws
• Your breach of any representation regarding authorization to test specific targets
• Third-party claims arising from your data, testing activities, or use of the Service
• Your breach of these Terms

ReconhawkLabs' Indemnification of You

ReconhawkLabs agrees to indemnify and defend you from third-party claims alleging that the Service itself infringes that third party's intellectual property rights, provided that you promptly notify ReconhawkLabs of the claim, cooperate in the defense, and allow ReconhawkLabs sole control of the defense and settlement.

Procedure

The indemnified party must: (a) provide prompt written notice of the claim; (b) provide reasonable cooperation in the defense at the indemnifying party's expense; and (c) allow the indemnifying party sole control of the defense and any settlement negotiations. The indemnifying party may not settle any claim in a manner that imposes obligations on the indemnified party without prior written consent.

Termination for Cause

Either party may terminate these Terms for material breach by providing 30 days' written notice and a reasonable opportunity to cure the breach.

Immediate Suspension

ReconhawkLabs may immediately suspend your access to the Service without prior notice if:

• You violate the Acceptable Use Policy
• Your account is 30 or more days past due on payment
• Continued access poses a legal or security risk
• Required by law, regulation, or court order

Termination for Convenience

Either party may terminate for convenience at the end of the current billing period by providing advance notice.

Effect of Termination

Upon termination:

• You should export your data before deleting your account, as deletion is permanent and immediate
• Your account and all associated workspace data will be permanently deleted upon account deletion
• Sections that by their nature should survive termination will survive, including: Intellectual Property (Section 6), Disclaimer of Warranties (Section 10), Limitation of Liability (Section 11), Indemnification (Section 12), Governing Law (Section 14), and General Provisions (Section 17)

No refund is provided for accounts terminated due to Acceptable Use Policy violations.

These Terms are governed by the laws of the Commonwealth of Kentucky, United States, without regard to conflict of laws principles.

Arbitration

Any dispute arising from or relating to these Terms or the Service will be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration will be conducted in the English language.

Arbitration will be conducted on an individual basis. Class actions, class arbitrations, and representative actions are not permitted. You waive any right to participate in a class action lawsuit or class-wide arbitration against ReconhawkLabs.

Exceptions

Notwithstanding the arbitration clause above:

• Either party may bring individual claims in small claims court if the claim qualifies under that court's jurisdictional limits
• Either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect intellectual property rights or to prevent irreparable harm

Arbitration Opt-Out

You may opt out of the arbitration and class action waiver provisions by sending written notice to legal@reconhawklabs.com within 30 days of creating your account. Your notice must include your name, email address, and a clear statement that you wish to opt out. If you opt out, disputes will be resolved in the federal or state courts located in Madison County, Kentucky, and you consent to the personal jurisdiction of those courts.

European Union Users

If you are located in the European Union, nothing in this section limits your rights under mandatory EU consumer protection laws, including your right to bring proceedings in the courts of your country of residence.

The Service may be subject to export control laws and regulations, including the U.S. Export Administration Regulations (EAR) and the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.

You represent and warrant that:

• You are not located in, or a national or resident of, any country subject to comprehensive U.S. economic sanctions (currently Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions)
• You are not listed on any U.S. government denied-party list, including the Treasury Department's Specially Designated Nationals (SDN) List and the Commerce Department's Entity List
• You will not use, export, or re-export the Service or any data obtained through it in violation of any applicable export control law

ReconhawkLabs may modify these Terms from time to time to reflect changes in the Service, applicable law, or business practices.

For material changes that affect your rights or obligations, we will provide at least 30 days' advance notice via email to your registered address and through an in-app notification. Material changes will require your affirmative acceptance before they take effect.

For non-material changes (such as typographical corrections, formatting updates, or clarifications that do not alter your rights or obligations), the updated Terms take effect upon posting. Continued use of the Service after the effective date constitutes acceptance of non-material changes.

A version history of these Terms is maintained on this page. All prior versions remain accessible for your reference.