Partner Agreement

The Platform is available exclusively to managed service providers (MSPs), managed security service providers (MSSPs), and IT consulting firms that manage security on behalf of third-party client organizations. Use of the Platform to assess systems you own and operate exclusively for your own business is not the intended use and requires prior written approval.

You are responsible for maintaining the confidentiality of your account credentials, including API keys and ingest secrets. You are responsible for all activity that occurs under your account. Notify us immediately at partner@redteamtrust.com if you suspect unauthorized access.

You may not share account access with organizations outside your own firm. Each MSP or MSSP entity must maintain its own partner account.

Subject to your compliance with this Agreement and payment of applicable Subscription fees, RedTeamTrust grants you a non-exclusive, non-transferable, revocable license to access and use the Platform to conduct security assessments and compliance management on behalf of your client organizations.

You may:

• Run assessments on client systems where Written Authorization has been obtained;
• Share Reports with the Assessed Organization and their authorized personnel;
• Use Reports as the basis for remediation proposals, compliance programs, and managed service engagements;
• Charge your clients for assessments and compliance management at rates you determine.

You may not:

• Sub-license, resell, or provide access to the Platform itself to any third party;
• Run Assessment Bundles on systems outside the scope of the associated Written Authorization;
• Use the Platform or assessment outputs for any purpose that violates applicable law;
• Attempt to reverse-engineer, decompile, or extract the methodology or scoring logic from the Platform or agent binaries beyond what is publicly documented;
• Use automated means to generate assessment links or download bundles at a rate that circumvents fair-use limits, except through the documented MSSP Automation API with an authorized API key.

Reports generated by the Platform are branded RedTeamTrust and reflect an independent assessment conducted by RedTeamTrust. This independence is the product's core value proposition — it distinguishes an assessment from a self-assessment or vendor report.

You may not:

• Remove, alter, or obscure RedTeamTrust branding from any Report;
• Represent yourself as the author of the assessment methodology, scoring model, or findings;
• Re-brand Reports under your own firm's name or any other name;
• Modify the risk score, finding content, or scoring rationale in any Report.

You are identified on Report cover pages as the referring or managing partner. This identification is accurate — you initiated or managed the engagement. The assessment methodology and findings remain the work product of RedTeamTrust.

RedTeamTrust retains all intellectual property rights in the Platform, methodology, scoring model, control mappings, and Report templates. Nothing in this Agreement transfers those rights to you.

Subscriptions are billed monthly in advance and auto-renew until cancelled. Current pricing is published at redteamtrust.com/pricing. RedTeamTrust may update pricing with thirty (30) days written notice; continued use after the notice period constitutes acceptance of the new pricing.

You may cancel your Subscription at any time through the billing portal. Cancellation takes effect at the end of the current billing period — you retain full access until that date. We do not issue pro-rated refunds for partial billing periods.

Failure to pay may result in suspension of Platform access. Past-due balances accrue interest at 1.5% per month or the maximum rate permitted by law, whichever is lower. You are responsible for all taxes applicable to your Subscription.

Assessment telemetry, findings, risk scores, and Reports are confidential information belonging to the Assessed Organization. You agree to:

• Share Reports only with the Assessed Organization, their authorized personnel, and parties they have explicitly authorized (such as auditors or insurers);
• Not use assessment findings from one client organization to benefit or inform engagements with a different client organization;
• Implement reasonable security measures to protect Reports from unauthorized disclosure.

RedTeamTrust will not disclose your clients' assessment results to third parties except as required by law or with your written consent. See our Privacy Policy for details on how telemetry data is stored and retained.

The Assessment Agent collects structured telemetry from the assessed endpoint, including system configuration, security control status, user account metadata, and file path information. It does not collect file contents, passwords, keystrokes, or network traffic. A complete description of what the agent collects is published in the assessment documentation.

Telemetry is transmitted to RedTeamTrust servers over encrypted connections, processed to generate Reports, and stored for a minimum of twelve (12) months to support historical comparison and re-assessment. You represent that you have informed the Assessed Organization of this data handling as part of obtaining Written Authorization.

You are the data controller for your client organizations' data. RedTeamTrust acts as a data processor on your behalf. If your clients are subject to data protection laws (GDPR, CCPA, HIPAA, etc.), you are responsible for ensuring your use of the Platform complies with those obligations, including executing any required data processing agreements. Contact us at partner@redteamtrust.com to request a Data Processing Agreement.

You agree to defend, indemnify, and hold harmless RedTeamTrust and its officers, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to:

• Any assessment conducted without proper Written Authorization;
• Your violation of any applicable law or regulation;
• Your breach of this Agreement;
• Claims by your client organizations arising from your delivery of assessment or compliance services;
• Any representation you make about RedTeamTrust, the Platform, or the Reports that exceeds or contradicts what is stated in our published documentation.

To the maximum extent permitted by applicable law, RedTeamTrust's total liability to you for any claim arising under or related to this Agreement shall not exceed the total Subscription fees you paid in the three (3) months immediately preceding the event giving rise to the claim.

RedTeamTrust is not liable for any indirect, incidental, special, consequential, or punitive damages, including lost profits, loss of data, or business interruption, even if we have been advised of the possibility of such damages.

The Platform and Reports are provided for informational and risk-identification purposes. They do not constitute a guarantee that assessed systems are free from vulnerabilities, that all vulnerabilities have been identified, or that the assessed organization meets any regulatory or compliance standard. RedTeamTrust is not responsible for security incidents that occur after an assessment, or for gaps not identified by the assessment methodology.

This Agreement begins when you create a partner account or accept these terms and continues until terminated.

Either party may terminate this Agreement by cancelling the Subscription and ceasing use of the Platform. RedTeamTrust may terminate or suspend your account immediately, without notice, for:

• Any assessment conducted without Written Authorization;
• Material breach of this Agreement;
• Non-payment of Subscription fees;
• Any use of the Platform that creates legal risk or reputational harm to RedTeamTrust.

Upon termination, your access to the Platform ends. Sections 3, 5, 7, 9, 10, and 12 survive termination.

Governing law. This Agreement is governed by the laws of the State of Delaware, without regard to conflict of law principles. Any dispute not resolved informally shall be submitted to binding arbitration under the rules of the American Arbitration Association, conducted in English. Nothing prevents either party from seeking injunctive relief in a court of competent jurisdiction.

Changes to this Agreement. We may update this Agreement from time to time. We will notify you by email or in-console notice at least fourteen (14) days before material changes take effect. Continued use of the Platform after the effective date constitutes acceptance. If you do not accept the updated terms, you must cancel your Subscription before the effective date.

Entire agreement. This Agreement, together with any order forms or addenda, constitutes the entire agreement between the parties regarding the Platform and supersedes all prior discussions, representations, or agreements.

Severability. If any provision of this Agreement is found unenforceable, it will be modified to the minimum extent necessary to make it enforceable, and the remaining provisions will continue in full force.

No waiver. Failure to enforce any provision of this Agreement does not constitute a waiver of the right to enforce it in the future.

Contact. Questions about this Agreement: partner@redteamtrust.com