Privacy & Legal

1. Legal Notice

• We do NOT support illegal hacking activities of any kind.
• All security testing is performed only after explicit client authorization.
• Before we begin any work, the client must confirm one of the following:
  • They are the legal owner of the website being tested, OR
  • They possess written permission from the legal owner authorizing the security audit.

Any misuse of our services for illegal, unauthorized, or malicious purposes will result in immediate termination of service without refund.

2. Authorization Requirement

Before performing any security testing, penetration testing, or vulnerability assessment, the client explicitly agrees and confirms that:

• They are the verified owner of the website or digital asset being tested.
• OR they hold documented written authorization from the legal owner granting permission to conduct security assessments.
• They voluntarily permit Vidyexd to perform the agreed-upon security testing activities on specified systems.

Unauthorized testing requests will be rejected immediately. Vidyexd reserves the right to request proof of ownership or written authorization at any stage of the engagement.

3. Risk Disclosure

Security testing activities may include, but are not limited to:

• Vulnerability scanning and enumeration
• Penetration testing and exploitation of identified weaknesses
• Malware detection, isolation, and removal
• Security hardening and configuration reviews

By engaging our services, the client agrees to:

• Take a full backup of all website files and databases before testing begins.
• Accept the minor risk of temporary downtime or performance degradation during active testing phases.

Vidyexd is not responsible for accidental downtime or data issues that may arise during or after authorized security testing. We strongly recommend scheduling tests during off-peak hours.

4. Privacy Policy

Vidyexd respects your privacy and is committed to protecting your personal and business information. We handle all client data with the utmost care and discretion.

A. Information We Collect

We only collect information that is strictly necessary to deliver our services. This may include:

• Full Name — for client identification and communication.
• Email Address — for sending reports, updates, and invoices.
• WhatsApp / Contact Number — for urgent communication and support.
• Website URL(s) — the specific domains covered under the engagement.
• Login Credentials — only collected when absolutely required for the service and handled with encrypted secure protocols.

We do not collect any sensitive personal data beyond what is listed above without your explicit consent.

5. Data Protection

The security and integrity of your information is our highest priority. We ensure the following data protection guarantees:

• No data sharing — Your information is never shared with any external party without your explicit consent.
• No data selling — We do not sell, trade, or monetize any client data under any circumstances.
• No public disclosure — Vulnerabilities, findings, or client details are never published or disclosed publicly.
• Confidential communication — All correspondence is conducted through secure, encrypted channels.

6. Confidentiality Agreement

Vidyexd operates under a strict confidentiality framework. This is not merely a policy — it is the foundation of how we conduct every engagement:

• We never disclose client identity — your name, brand, or business are never mentioned in any public context.
• We never publish vulnerabilities — security findings discovered during engagements remain exclusively between Vidyexd and the client.
• We never share reports with third parties — all assessment reports, logs, and findings are delivered only to the authorized client contact.

All client data and engagements are protected under Vidyexd's internal Non-Disclosure Agreement (NDA) policy. Clients may additionally request a signed mutual NDA prior to engagement commencement.

7. Data Deletion Policy

Vidyexd maintains a strict data retention and deletion policy to protect client privacy after project completion:

• All sensitive credentials (passwords, API keys, admin tokens) are permanently deleted within 7 days of project completion.
• Security assessment reports are stored securely and are accessible only to the client upon request.
• All client data — including communication logs and scoped information — will be permanently removed upon client request at any time.

For ongoing monthly retainer plans, data is retained only for the duration of the active engagement and deleted promptly upon contract termination.

8. Service Scope

To ensure ethical and responsible operations, Vidyexd strictly adheres to the agreed scope of work for every engagement.

What We Will Do

• Test only the specific domains and subdomains explicitly listed in the engagement agreement.
• Work exclusively on the approved services outlined in the service contract.
• Perform only the agreed-upon tasks — no additional probing beyond defined scope.

What We Will NOT Do

• Access or test unrelated systems, services, or networks not defined in the engagement scope.
• Interact with third-party servers or infrastructure outside client ownership.
• Attempt to access private accounts, databases, or resources beyond the scope of the agreed work.

Any scope changes must be agreed upon in writing before additional work commences.

9. Payment Terms

To ensure clarity and a smooth engagement, Vidyexd applies the following payment structure:

• One-Time Services: Full advance payment or a mutually agreed partial advance is required before work commences.
• Monthly Retainer Plans: Recurring billing on a monthly cycle. Services are activated upon receipt of monthly payment.
• Emergency / Priority Services: Full payment is required upfront before any emergency intervention begins due to the immediate resource allocation involved.

All payments are non-transferable and are specific to the agreed service scope. Invoices and payment receipts are provided upon request.

10. No 100% Security Guarantee

The cybersecurity landscape is constantly evolving. For transparency, clients should understand:

• No system is 100% secure — even the most hardened systems can be vulnerable to zero-day exploits.
• New threats emerge regularly — novel attack vectors, malware strains, and techniques are discovered continuously.
• Continuous monitoring is strongly recommended — one-time fixes address known issues; ongoing vigilance is required for long-term protection.

Vidyexd commits to fixing all vulnerabilities identified during the engagement. However, we cannot be held liable for future attacks or breaches resulting from threats that did not exist at the time of engagement.

11. Refusal of Service

Vidyexd reserves the absolute right to refuse, suspend, or terminate services without prior notice if:

• Website ownership cannot be verified — client fails to provide proof of ownership or written authorization.
• Illegal activity is suspected — the engagement appears to be targeting systems, services, or individuals without legal authorization.
• Abusive or threatening behavior — any abusive, harassing, or threatening conduct toward our team members.
• Misuse of services — attempting to use Vidyexd's capabilities for offensive, unauthorized, or malicious purposes.

In cases of refusal, refunds may be issued depending on the stage of work completed at the time of termination. Completed work phases may be non-refundable. Vidyexd's refusal decision is final in all such cases.

12. Cookie Policy

Our website uses only minimal, essential cookies necessary for delivering a functional and secure browsing experience. These cookies serve the following purposes:

• Website Functionality: Ensuring core features operate correctly (e.g., navigation, form submissions).
• UI Preferences: Remembering display settings such as theme preferences to improve your experience.
• Security Protection: Basic session security to protect against cross-site request forgery and other web threats.

We are committed to your privacy and do NOT use:

• Tracking cookies that monitor your browsing behavior across the internet.
• Ad targeting or behavioral advertising cookies.
• Third-party advertising networks or data broker cookies.

By continuing to use our website, you consent to our minimal, privacy-respecting cookie usage as described above.

13. Compliance

Vidyexd is committed to operating ethically and in accordance with globally recognized cybersecurity and data privacy standards. Our compliance framework includes:

• Data Privacy Best Practices: We align our data handling procedures with internationally recognized privacy principles, ensuring client data is collected minimally and protected robustly.
• Cybersecurity Ethical Guidelines: All our security professionals adhere to the EC-Council Code of Ethics and responsible security research principles.
• Responsible Disclosure Policies: Any vulnerabilities discovered during engagements are disclosed exclusively to the client in accordance with responsible disclosure frameworks — never publicly or to unauthorized third parties.

We continuously update our practices to stay aligned with evolving cybersecurity regulations and industry standards.

14. Contact — Legal & Privacy Queries

For any questions, concerns, or clarifications related to this Privacy & Legal policy, please reach out to our team directly. We are committed to addressing all legal and privacy inquiries promptly and transparently.

• Email: support@vidyexd.in
• Website: www.vidyexd.in
• WhatsApp: +91 7546827374

We aim to respond to all legal and privacy related queries within 48 business hours.

15. Acceptance of Terms

This policy is effective as of January 1, 2025 and was last updated on April 11, 2026. Vidyexd reserves the right to update or modify this policy at any time. Continued use of our services following any policy update constitutes acceptance of the revised terms.

If you do not agree to any part of this policy, we respectfully ask that you discontinue use of our services and contact us at support@vidyexd.in to discuss your concerns.