Terms & Conditions

Last Updated: April 7, 2026

1. Acceptance of Terms

By accessing or using the Phantava platform ("Service"), operated by OCD Tech, LLC ("Company," "we," "us"), you agree to be bound by these Terms & Conditions. If you do not agree, do not use the Service.

2. Description of Service

Phantava is an AI-assisted offensive security operations platform that provides automated and semi-automated penetration testing, vulnerability assessment, reconnaissance, and security reporting capabilities. The Service integrates with third-party tools via the Model Context Protocol (MCP) and large language models (LLMs) to execute security testing workflows.

3. Authorized Use Only

You represent and warrant that you have explicit, written authorization from the owner of any target system, network, or application before initiating any security assessment using the Service. Unauthorized access to computer systems is a violation of federal and state law, including but not limited to the Computer Fraud and Abuse Act (18 U.S.C. § 1030).

You agree to:

  • Only test systems you own or have written permission to test
  • Maintain proof of authorization for all assessments
  • Comply with all applicable laws, regulations, and industry standards
  • Respect scope boundaries defined in your engagement agreements
  • Immediately cease testing if authorization is revoked

4. Acceptable Use Policy

You may NOT use the Service to:

  • Attack, probe, or scan systems without proper authorization
  • Conduct denial-of-service attacks or intentionally disrupt services
  • Exfiltrate, steal, or destroy data belonging to unauthorized parties
  • Distribute malware, ransomware, or other malicious payloads
  • Engage in any activity that violates applicable law
  • Circumvent or disable the Service's scope enforcement mechanisms
  • Share credentials or assessment data with unauthorized individuals
  • Use the Service for competitive intelligence or corporate espionage

We reserve the right to suspend or terminate your account immediately if we reasonably believe you are violating this policy.

5. Account Registration & Teams

You must provide accurate information when creating an account. You are responsible for maintaining the confidentiality of your credentials and for all activity under your account. Team administrators are responsible for managing team member access and permissions.

6. Subscription & Payment

Certain features require a paid subscription. Billing is handled through our payment processor. Subscriptions auto-renew unless cancelled before the next billing period. Refunds are handled on a case-by-case basis. Free-tier and alpha access may be subject to usage limits and feature restrictions.

7. Data Handling & Security

We take the security of your data seriously. Assessment data, credentials, findings, and reports are stored in encrypted databases. However:

  • You are responsible for the sensitivity of data you input into the Service
  • Do not store production credentials unnecessarily — use test accounts where possible
  • Assessment data is retained according to your team's settings and subscription tier
  • AI-generated outputs (findings, reports) may be processed by third-party LLM providers as configured by your team
  • We do not sell your data to third parties

See our Privacy Policy for complete details on data collection and processing.

8. Intellectual Property

Your content: You retain ownership of assessment configurations, custom prompts, uploaded documents, and assessment findings generated through your use of the Service.

Our content: The Service, including its software, UI, documentation, default prompts, and AI models, is the intellectual property of OCD Tech, LLC and is protected by copyright and other intellectual property laws.

9. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. We do not guarantee that:

  • The Service will identify all vulnerabilities in a target system
  • AI-generated findings are free from false positives or false negatives
  • The Service will be uninterrupted, error-free, or secure
  • Assessment results meet any specific compliance or regulatory standard

Penetration testing inherently carries risk. You acknowledge that security testing may cause unintended disruptions to target systems, and you accept that risk.

10. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, OCD TECH, LLC SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO: loss of data, system downtime, business interruption, or damages arising from your use of the Service to test systems. Our total liability shall not exceed the amount you paid for the Service in the 12 months preceding the claim.

11. Indemnification

You agree to indemnify, defend, and hold harmless OCD Tech, LLC, its officers, employees, and agents from any claims, damages, losses, or expenses (including legal fees) arising from:

  • Your use of the Service
  • Your violation of these Terms
  • Your unauthorized testing of third-party systems
  • Any claim by a third party related to your security assessments

12. Termination

We may suspend or terminate your access at any time, with or without cause, including for violation of these Terms. Upon termination, your right to use the Service ceases immediately. You may export your data prior to termination where technically feasible.

13. Modifications

We may update these Terms at any time. Material changes will be communicated via email or in-app notification. Continued use after changes constitutes acceptance of the updated Terms.

14. Governing Law

These Terms are governed by the laws of the Commonwealth of Massachusetts, USA, without regard to conflict of law principles. Any disputes shall be resolved in the courts of Massachusetts.

15. Limitations of AI Security Testing

Customer acknowledges that all security testing performed through Phantava constitutes a point-in-time assessment of the target systems as configured at the time of testing. Phantava does not warrant or guarantee that any scan, assessment, or report will identify all vulnerabilities, misconfigurations, or security flaws present in the target environment, nor that results will be free from false positives, false negatives, errors, or omissions. Remediation guidance provided by Phantava is informational only and does not constitute a warranty, certification, or assurance of security. Customer acknowledges that Phantava's outputs are generated by artificial intelligence and machine learning models, which may produce findings that are probabilistic in nature, non-deterministic, not fully explainable, or not reproducible across repeated assessments. Phantava expressly disclaims any liability arising from Customer's reliance on such outputs without independent verification.

16. Contact

For questions about these Terms, contact us at legal@phantava.com.