By accessing or using the ThreatStrike.ai website (the "Site"), requesting any services, or submitting any information through this Site, you ("User") agree to be bound by these Terms of Service ("Terms") and our Privacy Policy. If you do not agree to these Terms in their entirety, you must immediately cease use of this Site.
These Terms constitute a legally binding agreement between you and ThreatStrike.ai ("Company," "we," "us," or "our"). Your continued use of the Site following the posting of any modifications to these Terms constitutes your acceptance of such modifications.
Important: These Terms apply to all visitors, users, and others who access or use the Site, including prospective clients, existing clients, researchers, and general members of the public.
ThreatStrike.ai publishes ThreatStrike Legion, a commercial desktop pentest workstation for macOS and Linux (the "Software"). The Software is sold as a licensed download. End-user use of the Software is governed by the separate End User License Agreement ("EULA"), which is incorporated into these Terms by reference and which you accept when you install or use the Software.
ThreatStrike.ai also publishes ThreatStrike Mobile, a standalone Android privacy utility app distributed through the Google Play Store. ThreatStrike Mobile operates entirely on the end user's device. ThreatStrike.ai does not receive, collect, or have any access to data processed by the mobile app.
Where ThreatStrike.ai performs or has performed cybersecurity advisory services for a client, those services are governed by separate, executed engagement agreements between ThreatStrike.ai and the client. Nothing on this Site constitutes an offer to perform any security testing, penetration testing, or related activity on any system without such a formal, written, and executed engagement agreement, and with explicit written authorization from the system owner.
All content published on this Site, including but not limited to articles, case studies, technical descriptions, methodology overviews, tool references, vulnerability explanations, and security guidance, is provided solely for educational and informational purposes.
ThreatStrike.ai expressly disclaims all responsibility and liability for any unauthorized, illegal, or unethical use of information, techniques, tools, or methodologies described on this Site. The Company is not responsible for and shall not be liable for:
Users of this Site are solely responsible for ensuring that any application of information obtained herein complies with all applicable federal, state, and local laws, and with any applicable contractual or organizational obligations. Explicit, written authorization from the system owner is required before performing any form of security testing.
You assume all risk. ThreatStrike.ai provides information "as-is" and assumes no liability whatsoever for how that information is interpreted, applied, or misused by any third party. The Company's total liability to you for any claim arising from use of this Site shall not exceed zero dollars ($0.00) for informational content accessed without a paid engagement agreement.
THE SITE AND ALL CONTENT ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, OR ACCURACY.
ThreatStrike.ai does not warrant that: (a) the Site will be uninterrupted, timely, secure, or error-free; (b) the results obtained from use of the Site will be accurate or reliable; (c) any content on the Site is current, complete, or applicable to your specific circumstances; or (d) defects in the Site, if any, will be corrected.
Cybersecurity information is inherently time-sensitive. Threat landscapes, vulnerability details, and security best practices evolve rapidly. ThreatStrike.ai makes no guarantee that any content on this Site reflects the current state of any threat, vulnerability, or defensive technique.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THREATSTRIKE.AI, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS, OR LICENSORS BE LIABLE FOR ANY:
WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, EVEN IF THREATSTRIKE.AI HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
IN JURISDICTIONS THAT DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, THE FOREGOING LIMITATIONS SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW.
You agree to defend, indemnify, and hold harmless ThreatStrike.ai and its officers, directors, employees, agents, and contractors from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:
ThreatStrike.ai is committed to protecting the privacy of visitors to this Site. This Privacy Policy describes what information we collect, how we use it, and the limited circumstances under which we may share it. This policy applies to all information collected through the Site, including via our contact and audit request forms.
We do not sell, rent, trade, or otherwise transfer your personally identifiable information to third parties for marketing or commercial purposes.
When you submit our audit request or contact form, we collect:
This information is used exclusively to respond to your inquiry and to discuss potential engagement. We do not use it for unsolicited marketing communications.
Like most websites, our hosting infrastructure may automatically record standard server log information, including your IP address, browser type, referring/exit pages, and timestamps. This data is used solely for security monitoring, abuse prevention, and aggregate traffic analysis. It is not linked to personally identifiable information.
This Site uses minimal, technically necessary cookies to support basic functionality. We do not use third-party advertising cookies or tracking pixels. You may configure your browser to refuse cookies; however, this may affect certain Site functionality.
Contact form submissions are retained for a period reasonably necessary to respond to and fulfill your inquiry, and thereafter for a period of no longer than twelve (12) months, unless we are required by law to retain them longer or unless an ongoing engagement relationship necessitates continued retention.
Depending on your jurisdiction, you may have the right to access, correct, or request deletion of personal data we hold about you. To exercise these rights, contact us at security@threatstrike.ai. We will respond within thirty (30) days.
ThreatStrike Legion runs entirely on your device. We do not operate any backend that receives, stores, or processes your engagement data. Specifically:
~/.strikedeck/ on your machine. We never receive copies.The ThreatStrike Mobile App operates entirely on the end user's device. We do not operate backend servers that receive App data, and the App contains no analytics SDKs, crash reporters, advertising identifiers, or telemetry of any kind.
The App specifically does not collect, transmit, or store on our infrastructure:
The App issues network requests only to services the user explicitly invokes: (i) VirusTotal, using a user-supplied API key ("bring your own key"); (ii) Koodous, also BYOK, for Android APK hash lookups, only the SHA-256 hash of the APK is transmitted, never the APK file itself; (iii) the HaveIBeenPwned Pwned Passwords range API, using k-anonymity, only the first five hex characters of a SHA-1 hash are transmitted. All three hosts are protected with certificate pinning. When the user has Orbot installed and enables "Route through Tor," these requests are sent through Orbot's local SOCKS proxy. Data decoded from QR codes the user scans is rendered locally first, with the URL and safety verdict shown before any network request is made. These third-party services are governed by their own privacy policies, which we encourage users to review.
Sensitive data at rest in the App is encrypted with AES-256-GCM using keys derived from the user's PIN via Argon2id, optionally wrapped by a biometric-bound Android Keystore key. The App's on-device database is additionally encrypted at the page level using SQLCipher. Sensitive screens set the Android FLAG_SECURE flag, preventing screenshots and blanking the app's thumbnail in the recent-apps switcher. The App verifies its own signing certificate at launch and refuses to run if the APK has been repackaged. We have no mechanism to recover or access user data. If the user loses both their PIN and biometric enrollment, the data cannot be recovered by us.
All content on this Site, including but not limited to text, graphics, logos, icons, images, methodologies, and software, is the exclusive property of ThreatStrike.ai or its content suppliers and is protected by applicable copyright, trademark, and intellectual property laws.
You are granted a limited, non-exclusive, non-transferable, revocable license to access and view the content on this Site for personal, non-commercial informational purposes only. You may not reproduce, distribute, modify, create derivative works from, publicly display, publicly perform, republish, download, store, or transmit any content from this Site without the prior express written consent of ThreatStrike.ai.
These Terms shall be governed by and construed in accordance with the laws of the United States and the state in which ThreatStrike.ai is incorporated, without regard to its conflict of law provisions.
Any dispute arising out of or relating to these Terms or your use of the Site shall first be submitted to good-faith mediation. If mediation fails, disputes shall be resolved through binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules. You waive any right to a jury trial and agree not to participate in any class action lawsuit or class-wide arbitration.
ThreatStrike.ai reserves the right to modify these Terms at any time. We will indicate the date of the most recent revision at the top of this page. Material changes will be communicated via a notice on the Site's homepage for a minimum of thirty (30) days prior to the change taking effect. Your continued use of the Site after any such modification constitutes your acceptance of the revised Terms.
For questions, concerns, or notices regarding these Terms or our Privacy Policy, please contact:
ThreatStrike.ai, Legal & Privacy
Email: security@threatstrike.ai
Website: threatstrike.ai