End User License Agreement

This End User License Agreement ("EULA") is a legal agreement between you ("Licensee") and Nettorii Ltd ("Nettorii", "we", "us") governing your use of any software products developed and distributed by Nettorii, including the ONINET platform and any future products. By installing, accessing, or using the Software, you agree to be bound by the terms of this EULA. If you do not agree to these terms, do not install or use the Software.

1. Definitions

"Software" means any software product developed and distributed by Nettorii, including but not limited to the ONINET platform (CLI, container images, satellite images, associated tools, templates, and configuration files), and any other current or future software products, tools, services, or applications published by Nettorii, together with all associated documentation, updates, and patches.

"Licensee" means the individual or organisation that has purchased a subscription and is licensed to use the Software.

"Nettorii" means Nettorii Ltd, a company registered in England and Wales with its registered office at 66 Paul Street, London EC2A 4NA, United Kingdom.

"Subscription" means the paid license entitlement that grants the Licensee access to the Software for a defined period and tier.

"Named User" means a specific individual authorised to use the Software under a seat. Seats may be reassigned via the customer portal.

"Business Licensee" means a Licensee acting in the course of trade or profession. This EULA is intended for Business Licensees. If you are a consumer, nothing in this EULA excludes rights under the Consumer Rights Act 2015 or other mandatory consumer protection law.

2. License Grant

Subject to the terms of this EULA and payment of applicable fees, Nettorii grants the Licensee a non-exclusive, non-transferable, non-sublicensable license, revocable only in accordance with Section 16 (Term and Termination), to use the Software for the duration of the active Subscription.

The Software is licensed on a per-seat basis. Each seat entitles one named user to install and activate the Software on a limited number of devices as determined by the Licensee's subscription tier:

• SOLO: 1 device per seat
• PRO: 2 devices per seat
• TEAM: 2 devices per seat
• ENTERPRISE: 3 devices per seat

Each seat is personal to the named user and may not be shared between individuals.

3. Permitted Use

The Licensee may use the Software solely for its intended purpose as described in the applicable product documentation and subscription terms. For security-related products (including ONINET), permitted uses include:

• Authorised penetration testing engagements
• Red team and adversary simulation exercises
• Security research and vulnerability assessment
• Educational purposes and professional training
• Capture the Flag (CTF) competitions

Where the Software is used for security testing, the Licensee must obtain explicit written authorisation from the owner of any system, network, or application before using the Software against it. Unauthorised access to computer systems is a criminal offence under applicable laws including the Computer Misuse Act 1990, the Computer Fraud and Abuse Act (CFAA), and equivalent legislation in your jurisdiction.

4. Restrictions

The Licensee shall not:

• Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Software, except to the extent expressly permitted by applicable law (including Articles 5 and 6 of the EU Software Directive 2009/24/EC as retained in UK law, or equivalent provisions) that cannot be excluded by contract
• Extract, recover, or attempt to recover encryption keys, license keys, device binding tokens, or any other embedded secrets from the Software binary
• Circumvent, disable, or interfere with device binding, license verification, image encryption, or any other security or technical protection measures
• Redistribute, resell, sublicense, lease, rent, or otherwise make the Software available to any third party
• Share, publish, or disclose license keys, activation tokens, or account credentials
• Remove, alter, or obscure any proprietary notices, labels, or markings on or within the Software
• Use the Software to develop a competing product or service

5. Device Binding

The Software is bound to specific devices via hardware fingerprinting. Upon first activation, the Software registers a composite device fingerprint derived from hardware identifiers on the Licensee's machine. Each seat allows activation on the number of devices specified by the Licensee's subscription tier (see Section 2). Full details of the device fingerprint data collected and its processing are set out in Section 2.4 of the Privacy Policy.

Device bindings may be managed through the customer portal. Re-downloading the Software from Nettorii resets device bindings for the associated seat. Any attempt to circumvent, spoof, or manipulate device binding mechanisms constitutes a material breach of this EULA and may result in immediate license revocation without refund.

6. Encrypted Container Images

Container images and satellite images distributed with the Software are encrypted at rest using AES-256-GCM with unique per-download encryption keys. These images are decrypted only in memory during active use and are not stored in decrypted form on disk.

The Licensee acknowledges and agrees that:

• Encrypted images are proprietary to Nettorii and remain Nettorii's intellectual property
• The Licensee shall not attempt to extract, decrypt, copy, or redistribute container images or satellite images outside of normal Software operation
• Decrypted images are ephemeral and are removed from the Docker daemon when the Software session ends

7. Automatic Updates

The Software may periodically check for and download updates, patches, and new versions automatically. The Software's automatic update mechanism is a necessary operational feature. Details of how update data is processed are in the Privacy Policy. Updates preserve existing license keys, encryption keys, and device binding tokens embedded in the Software binary.

8. Telemetry and License Verification

The Software performs periodic license validation ("heartbeat") communications with Nettorii's servers. These communications transmit limited operational metadata including:

• IP address of the machine running the Software
• Machine identifier (device fingerprint)
• Active container count
• Engagement metrics: session hours, hosts discovered, days active

The Software does NOT transmit: credentials, findings, target information, tool output, workspace files, reports, recordings, or any operational engagement data. These licence verification communications are necessary for Nettorii's legitimate interest in preventing unauthorised use and fraud. Full details of data collected, lawful basis, and your rights are in the Privacy Policy.

9. Remote Wipe

The Software provides two distinct remote wipe capabilities with different scopes:

9.1 Licence Revocation Wipe (Nettorii-initiated)

Upon licence revocation for breach of these terms, Nettorii may issue a remote wipe directive instructing the Software to remove container images, satellite images, and cached platform data from the Licensee's devices. This mechanism is strictly limited to Software-managed assets that are Nettorii's intellectual property. Where reasonably practicable, Nettorii will provide written notice at least 7 days before executing a remote wipe, unless immediate action is necessary to prevent ongoing harm. The Licensee may dispute a revocation within 14 days by writing to [email protected].

The following are NOT affected by a Nettorii-initiated wipe and remain under the Licensee's sole control:

• Engagement workspace files, reports, and findings
• Session recordings and operator notes
• Evidence files and attachments
• Any data created by the Licensee using the Software
• Configuration files, credentials, or keys stored in workspaces

9.2 Team Member Wipe (Customer-initiated)

The Software includes a team management feature that allows organisation owners and team leads to initiate a remote wipe of a team member's ONINET installation and associated data. This is an operational security feature intended for scenarios such as employee departure, device loss, or suspected compromise.

"ONINET installation directory" means ~/.oninet and any Docker containers, images, and volumes created by the Software. A customer-initiated team wipe removes all ONINET-managed data from the target member's installation, which includes:

• Container images and satellite images
• Engagement workspace files, reports, and findings
• Session recordings and operator notes
• Evidence files and attachments
• Cached licence and configuration data

This wipe is scoped exclusively to data managed by the Software. It does not affect the operating system, other applications, personal files, or any data outside of the ONINET installation directory and container environment.

Nettorii is not responsible for data loss resulting from a customer-initiated team wipe. The organisation owner who authorises the wipe assumes full responsibility for ensuring appropriate data backup procedures are in place prior to initiating the wipe.

10. Intellectual Property

The Software, including all source code, binaries, container images, satellite images, tools configurations, templates, documentation, branding, and associated materials across all Nettorii products, is and shall remain the exclusive property of Nettorii Ltd. All rights not expressly granted in this EULA are reserved by Nettorii.

Third-party open source components incorporated into the Software are governed by their respective open source licenses. A list of third-party components and their licenses is available at nettorii.com/third-party-licenses.

The Licensee retains full ownership of all data created using the Software, including but not limited to engagement files, reports, findings, evidence, recordings, and workspace data.

11. Third-Party Components

The Software incorporates open source security tools and libraries developed by third parties. These components are provided under their respective open source licenses and are not covered by this EULA. A full list of third-party components is available at nettorii.com/third-party-licenses.

Nettorii makes no representations or warranties regarding the behaviour, accuracy, or reliability of third-party tools. The Licensee acknowledges that security tools may produce false positives, false negatives, or unexpected results. Nettorii is not responsible for any damages arising from the behaviour of third-party components.

12. Feedback

Any suggestions, ideas, feature requests, or other feedback ("Feedback") provided by the Licensee to Nettorii regarding the Software may be freely used, incorporated, and commercialised by Nettorii without any obligation of compensation, attribution, or confidentiality to the Licensee. Submitting Feedback does not grant the Licensee any rights to the Software or any derivative works. Bug reports and support communications are not Feedback and are handled per the Privacy Policy.

13. Warranty Disclaimer

THE SOFTWARE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. NETTORII DOES NOT WARRANT THAT THE SOFTWARE WILL BE ERROR-FREE, UNINTERRUPTED, SECURE, OR SUITABLE FOR ANY PARTICULAR PURPOSE.

Security tools by their nature interact with systems in potentially disruptive ways. The Licensee acknowledges that the Software may produce false positives, false negatives, or cause unintended effects on target systems. Nettorii disclaims all liability for the results of the Licensee's use of the Software.

14. Limitation of Liability

Nothing in this EULA excludes or limits liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability that cannot be excluded or limited under applicable law.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NETTORII'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS EULA SHALL NOT EXCEED THE TOTAL FEES PAID BY THE LICENSEE TO NETTORII IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

IN NO EVENT SHALL NETTORII BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION, OR LOSS OF GOODWILL, EVEN IF NETTORII HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

This limitation applies to all claims, including but not limited to any damages arising from the Licensee's use of the Software against third-party systems, whether authorised or otherwise.

15. Indemnification

The Licensee shall indemnify, defend, and hold harmless Nettorii Ltd, its directors, officers, employees, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from or related to:

• The Licensee's use of the Software, including any unauthorised testing or scanning of third-party systems
• The Licensee's violation of any applicable law, regulation, or third-party rights
• Any breach of this EULA by the Licensee
• Any claim by a third party arising from the Licensee's actions using the Software

16. Term and Termination

This EULA is effective from the date the Licensee first installs or uses the Software and shall continue for the duration of the active Subscription, unless terminated earlier in accordance with this section.

Nettorii may terminate this EULA: (a) immediately for non-remediable breaches (including circumvention of security or licensing mechanisms, unauthorised redistribution, or illegal use of the Software); or (b) with 30 days' written notice for remediable breaches, provided the Licensee fails to remedy the breach within such notice period. The Licensee may terminate by ceasing all use of the Software and destroying all copies.

Upon termination or expiry of this EULA, the Licensee shall:

• Immediately cease all use of the Software
• Destroy all copies of the Software in the Licensee's possession or control
• Acknowledge that encrypted container images will be rendered unusable without an active Subscription

The following sections survive termination: Definitions, Restrictions, Device Binding, Encrypted Container Images, Remote Wipe, Intellectual Property, Warranty Disclaimer, Limitation of Liability, Indemnification, Export Control, and Governing Law.

17. Export Control

The Licensee warrants that their use of the Software complies with all applicable export control laws and sanctions regulations, including but not limited to:

• The UK Export Control Act 2002 and related statutory instruments
• The US Export Administration Regulations (EAR), including ECCN 5A004 and 5D002 where applicable
• The EU Dual-Use Regulation (EC) No 2021/821
• The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, Category 4 (Computers)
• All applicable sanctions programmes administered by OFSI, OFAC, and equivalent authorities

The Software may not be exported, re-exported, or made available to any country, territory, entity, or individual subject to comprehensive trade sanctions or embargoes. The Licensee is solely responsible for compliance with all applicable export control laws.

18. Governing Law

This EULA shall be governed by and construed in accordance with the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction over any dispute arising out of or in connection with this EULA.

19. Entire Agreement

This EULA, together with the Terms of Service, Privacy Policy, and Acceptable Use Policy, constitutes the entire agreement between the Licensee and Nettorii with respect to the Software and supersedes all prior or contemporaneous communications, representations, or agreements, whether oral or written.

In the event of any conflict between these documents, the following hierarchy shall apply (highest precedence first):

• Signed written agreement between the Licensee and Nettorii
• This End User License Agreement (EULA)
• Terms of Service
• Acceptable Use Policy
• Privacy Policy

If any provision of this EULA is held to be invalid or unenforceable by a court of competent jurisdiction, such provision shall be severed and the remaining provisions shall continue in full force and effect.

No failure or delay by Nettorii in exercising any right under this EULA shall constitute a waiver of that right. A waiver of any right is only effective if in writing and shall not be deemed a waiver of any subsequent right or breach.

Nettorii may vary the terms of this EULA by providing at least 30 days' written notice to the Licensee (via email or notification within the Software). Continued use of the Software after the variation takes effect constitutes acceptance of the revised terms.

20. Contact

For questions regarding this EULA, please contact:

Nettorii Ltd
66 Paul Street
London EC2A 4NA
United Kingdom

General enquiries: [email protected]
Privacy matters: [email protected]
GDPR requests: [email protected]