penreport

Terms of Service

Last updated: March 21, 2026

1. Acceptance of Terms

By accessing, browsing, or using the PenReport web application located at penreport.app (the “Service”), you acknowledge that you have read, understood, and agree to be bound by these Terms of Service (the “Terms”), as well as our Privacy Policy, which is incorporated herein by reference. These Terms constitute a legally binding agreement between you (“User,” “you,” or “your”) and PenReport (“we,” “us,” or “our”).

If you do not agree to all the terms and conditions set forth herein, you must immediately cease use of the Service and delete your account if one has been created. Your continued use of the Service following the posting of any changes to these Terms constitutes acceptance of those changes.

If you are using the Service on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms. In such cases, “you” and “your” refer to both you individually and the organization you represent.

2. Eligibility

You must be at least eighteen (18) years of age to use the Service. By registering for an account or using the Service, you represent and warrant that you are at least 18 years old and have the legal capacity to enter into these Terms. If you are under 18, you may not use the Service under any circumstances.

You further represent that you are not prohibited from using the Service under the laws of your jurisdiction, and that your use of the Service will comply with all applicable local, state, national, and international laws and regulations, including but not limited to laws governing computer security, data protection, and authorized security testing.

We reserve the right to refuse service, terminate accounts, or cancel subscriptions at our sole discretion if we have reason to believe that you do not meet these eligibility requirements.

3. Account Registration and Security

To access the features of the Service, you must register for an account. Registration is available through Google OAuth or email-and-password authentication. You agree to provide accurate, current, and complete information during registration and to update such information as necessary to keep it accurate, current, and complete.

Account Security. You are solely responsible for maintaining the confidentiality of your account credentials, including your password. You agree to: (a) create a strong password meeting our minimum requirements (at least 8 characters including uppercase, lowercase, numbers, and special characters); (b) not share your login credentials with any third party; (c) not reuse passwords from other services; and (d) notify us immediately of any unauthorized access to or use of your account.

Email Verification. Accounts registered with email and password require email verification before full access is granted. Unverified accounts are automatically deleted after twenty-four (24) hours. We reserve the right to reject registrations using disposable or temporary email addresses.

One Account Per Person. Each individual may maintain only one account. Creating multiple accounts to circumvent plan limits, abuse free-tier allocations, or evade suspension is strictly prohibited and constitutes grounds for immediate termination of all associated accounts.

Account Linking. If you register with one authentication method (e.g., Google OAuth) and later attempt to register with a different method using the same email address, the second registration will be rejected. We do not merge or link accounts across different authentication providers.

You are responsible for all activity that occurs under your account, whether or not you have authorized such activity. PenReport will not be liable for any loss or damage arising from your failure to secure your account credentials.

4. Description of Service

PenReport is a web application that enables penetration testers, bug bounty hunters, and security professionals to create, manage, and export professional security assessment reports. The Service includes report creation and editing, AI-powered finding enhancement, PDF and DOCX report generation, CVSS severity scoring, finding templates, screenshot attachments, custom branding, report sharing via public links, and subscription management.

4.1 Free Tier

The Free tier is available at no cost and includes the following:

  • Up to two (2) PDF report exports per calendar month
  • Up to five (5) AI calls per calendar month
  • Built-in CVSS 3.1 calculator
  • Report cloning
  • Shareable read-only report links
  • Unlimited report creation and editing (export limits apply separately)

Free-tier report export counts reset automatically at the beginning of each calendar month. Unused exports do not roll over to subsequent months.

4.2 Pro Tier

The Pro tier is a paid subscription that includes all Free tier features plus:

  • Unlimited PDF report exports
  • Up to two hundred (200) AI calls per calendar month
  • Bulk AI enhance (enhance all findings at once)
  • AI-generated executive summaries
  • Export to DOCX, HTML, CSV, and JSON
  • Methodology templates (OWASP, PTES, OSSTMM, NIST, etc.)
  • Custom branding (logo and colors applied to generated reports)
  • Finding templates (create reusable templates for common findings)
  • Screenshot attachments on findings
  • Custom report disclaimer text

4.3 Service Availability

We strive to maintain high availability of the Service but do not guarantee uninterrupted or error-free operation. The Service may be temporarily unavailable due to scheduled maintenance, unscheduled maintenance, system failures, or circumstances beyond our control. We will make reasonable efforts to provide advance notice of planned downtime.

4.4 Service Modifications

We reserve the right to modify, update, or discontinue any feature or aspect of the Service at any time, with or without notice. This includes changes to free-tier allocations, Pro-tier features, AI model capabilities, and supported export formats. We will make reasonable efforts to notify active subscribers of material changes that reduce Pro-tier functionality.

5. Acceptable Use Policy

You agree to use the Service solely for lawful purposes related to authorized security testing and assessment activities. You represent and warrant that all penetration testing findings documented through the Service arise from engagements for which you have obtained proper written authorization from the system owner or an authorized representative.

5.1 Prohibited Activities

You expressly agree not to use the Service to:

  • Unauthorized Testing: Document, generate reports for, or otherwise facilitate unauthorized penetration testing, vulnerability scanning, red team exercises, or any security testing activity conducted without explicit written authorization from the target system's owner
  • Fraudulent Reports: Create, generate, or distribute fake, fabricated, misleading, or fraudulent security assessment reports, including but not limited to reports that misrepresent the scope of testing, fabricate vulnerability findings, or falsify remediation status
  • Credential Sharing: Share, transfer, sell, or otherwise provide your account credentials to any third party, or allow any third party to access the Service through your account
  • Automated Access: Access the Service through automated means including but not limited to bots, scrapers, crawlers, spiders, or scripts, except through APIs we may explicitly provide and authorize for such use
  • Scraping and Data Harvesting: Scrape, mine, extract, or collect data from the Service, including shared report pages, user profiles, or any other content, through automated or manual means for any purpose not explicitly authorized by these Terms
  • Circumvention: Attempt to bypass, disable, or circumvent any security measures, rate limiting, authentication mechanisms, access controls, plan restrictions, or usage limits implemented by the Service
  • Interference: Interfere with, disrupt, or attempt to gain unauthorized access to the Service, its servers, networks, or any connected systems, including through denial-of-service attacks, injection attacks, or exploitation of vulnerabilities
  • Illegal Content: Upload, store, or transmit content that is illegal, harmful, threatening, abusive, harassing, defamatory, obscene, or otherwise objectionable, or that violates any third party's intellectual property rights
  • Malware Distribution: Use the Service to distribute, host, or link to malware, exploits, or malicious code, even within the context of penetration testing documentation
  • Impersonation: Impersonate any person or entity, or falsely represent your affiliation with any person or entity, including misrepresenting your qualifications, certifications, or professional credentials within tester profiles or reports
  • Abuse of AI Features: Use the AI-powered finding enhancement feature to generate content unrelated to legitimate security findings, to attempt to extract or manipulate the underlying AI model, to inject adversarial prompts, or to generate content that violates these Terms or applicable law
  • Abuse of Free Tier: Create multiple accounts to circumvent free-tier limitations, use disposable email addresses to create throwaway accounts, or engage in any activity designed to abuse the free service offering
  • Resale: Resell, sublicense, or commercially redistribute access to the Service or any content generated through the Service without our prior written consent
  • Reverse Engineering: Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, algorithms, or underlying technology of the Service

Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account, as described in Section 13. We reserve the right to investigate suspected violations and to cooperate with law enforcement authorities in prosecuting users who engage in illegal activities through the Service.

6. Content Ownership and Licensing

6.1 Your Content

You retain full ownership of all content you create, upload, or store using the Service, including but not limited to report text, finding descriptions, remediation guidance, screenshots, attachments, custom templates, tester profile information, and branding assets (collectively, “User Content”). PenReport does not claim any ownership rights over your User Content.

6.2 License to PenReport

By uploading or creating User Content through the Service, you grant PenReport a limited, non-exclusive, worldwide, royalty-free license to process, store, transmit, display, and format your User Content solely for the purpose of providing, maintaining, and improving the Service. This license includes the right to: (a) store your content in our database and file storage systems; (b) transmit your content to our AI service provider for finding enhancement when you explicitly request it; (c) render your content into PDF and DOCX documents; (d) display your content through shared report links that you have enabled; and (e) create backups of your content for disaster recovery purposes. This license terminates when you delete your content or your account, subject to reasonable backup retention periods.

6.3 Responsibility for User Content

You are solely responsible for the accuracy, legality, and appropriateness of all User Content. You represent and warrant that: (a) you own or have the necessary rights and permissions to use and share all User Content; (b) your User Content does not infringe, misappropriate, or violate any third party's intellectual property rights, privacy rights, or other legal rights; and (c) your User Content complies with these Terms and all applicable laws.

6.4 Feedback

If you provide suggestions, ideas, feedback, or recommendations regarding the Service (“Feedback”), you grant PenReport an irrevocable, perpetual, worldwide, royalty-free license to use, modify, and incorporate such Feedback into the Service without any obligation to you.

7. AI-Generated Content Disclaimer

The Service includes an AI-powered finding enhancement feature that uses third-party artificial intelligence technology (Anthropic Claude) to generate suggested content based on finding titles and information you provide. This content may include vulnerability descriptions, severity assessments, CVSS score suggestions, remediation guidance, and related security information. By using this feature, you acknowledge and agree to the following:

7.1 No Guarantee of Accuracy

AI-generated content is produced by machine learning models and may contain errors, inaccuracies, omissions, hallucinations, outdated information, or content that is inappropriate for your specific engagement context. PenReport makes no representations or warranties, express or implied, regarding the accuracy, completeness, reliability, suitability, or timeliness of any AI-generated content. AI output may reference vulnerabilities, CVEs, CVSS scores, or remediation steps that are incorrect, incomplete, or inapplicable to your specific findings.

7.2 User Responsibility to Verify

You are solely and exclusively responsible for reviewing, verifying, editing, and approving all AI-generated content before including it in any report, sharing it with clients, or relying on it for any purpose. You must independently verify all technical details, severity ratings, CVSS scores, CVE references, remediation steps, and any other AI-generated information against authoritative sources and your own professional judgment. AI-generated content should be treated as a starting draft, not a finished product.

7.3 Not Professional Security Advice

AI-generated content does not constitute professional security advice, consulting services, vulnerability assessment, or any form of expert opinion. The AI feature is a productivity tool designed to assist with report drafting and does not replace the professional judgment, expertise, and due diligence of a qualified security professional. You should not rely on AI-generated content as the sole basis for security recommendations, risk assessments, or remediation priorities provided to your clients.

7.4 Third-Party AI Processing

When you use the AI enhancement feature, the finding information you submit is transmitted to Anthropic's API for processing. While we take measures to minimize the data sent and do not transmit personally identifiable client information, you acknowledge that your finding titles and related technical context are processed by a third-party AI service. You should not include sensitive client names, internal network addresses, credentials, or other confidential information in finding titles submitted for AI enhancement.

7.5 AI Content in Shared Reports

If you include AI-generated content in reports that are shared via public links or exported as PDF/DOCX documents, you assume full responsibility for that content as if you had written it yourself. Recipients of your reports will not be informed that portions of the content may have been AI-generated unless you choose to disclose this.

7.6 Limitation of Liability for AI Content

To the maximum extent permitted by applicable law, PenReport disclaims all liability for any damages, losses, claims, or expenses arising from or related to your use of or reliance on AI-generated content, including but not limited to: (a) inaccurate vulnerability descriptions or severity ratings; (b) incorrect or incomplete remediation guidance; (c) missed or misidentified vulnerabilities; (d) client disputes arising from AI-generated report content; (e) regulatory or compliance issues resulting from AI content in deliverables; and (f) any downstream consequences of including AI-generated content in professional reports.

8. Intellectual Property

The Service, including but not limited to its source code, object code, design, layout, user interface, graphics, logos, trademarks, trade names, domain names, PDF and DOCX report templates, and all associated documentation (collectively, “PenReport IP”), is owned by PenReport and is protected by applicable intellectual property laws, including copyright, trademark, and trade secret laws.

Subject to your compliance with these Terms, PenReport grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Service for its intended purpose during the term of your account. This license does not include the right to: (a) copy, modify, adapt, or create derivative works of the Service or any part thereof; (b) sublicense, sell, rent, lease, or otherwise transfer the Service to any third party; (c) use the PenReport name, logo, or trademarks without our prior written consent; or (d) remove, alter, or obscure any proprietary notices included in the Service.

The generated PDF and DOCX reports are your property (as they consist primarily of your User Content), but the underlying report templates, formatting, and structure remain PenReport IP. You may freely distribute your generated reports to your clients and stakeholders.

9. Payment Terms

9.1 Subscription Plans and Pricing

The Pro plan is available as a monthly subscription at $11.99 per month or an annual subscription at $100 per year. All prices are in United States Dollars (USD) unless otherwise specified. Pricing is subject to change; see Section 9.5 for details on price changes.

9.2 Merchant of Record

All payments are processed by Polar, which acts as the merchant of record for all transactions. By subscribing to the Pro plan, you also agree to Polar's terms of service. Polar handles payment processing, tax calculation, invoicing, and receipt generation. PenReport does not directly store or process your payment card information.

9.3 Billing and Auto-Renewal

Subscriptions automatically renew at the end of each billing period (monthly or annually) unless cancelled before the renewal date. You authorize Polar to charge your designated payment method on each renewal date. It is your responsibility to ensure that your payment information is current and valid.

9.4 Failed Payments

If a payment fails, Polar will automatically retry the charge according to its retry schedule. Your Pro access will not be immediately revoked upon a single payment failure. However, if all retry attempts are exhausted and the subscription expires, your account will be downgraded to the Free tier in accordance with Section 10. It is your responsibility to update your payment method promptly if a payment fails.

9.5 Price Changes

We reserve the right to change subscription pricing at any time. Price changes for existing subscribers will take effect at the start of the next billing period following at least thirty (30) days' written notice sent to the email address associated with your account. If you do not agree with a price change, you may cancel your subscription before the new price takes effect.

9.6 Refund Policy

All payments are processed by Polar as the Merchant of Record. Refund requests are handled by Polar in accordance with their refund policy. If you believe you are entitled to a refund, please contact Polar directly through their customer portal or contact us at the email address listed in Section 27 and we will assist in facilitating the request. If you cancel your subscription, you retain access to Pro features until the end of your current billing period.

9.7 Taxes

Subscription fees may be subject to applicable sales tax, VAT, GST, or other taxes depending on your jurisdiction. Any such taxes are calculated and collected by Polar as the merchant of record and are the responsibility of the subscriber.

9.8 Free Tier

The Free tier is provided at no cost. We reserve the right to modify, limit, or discontinue the Free tier at any time without prior notice. Free-tier users have no contractual right to continued free access to the Service.

10. Plan Changes and Downgrades

10.1 Upgrading to Pro

You may upgrade to the Pro plan at any time through the billing settings page. Upon successful payment, Pro features are activated immediately.

10.2 Cancelling Pro

You may cancel your Pro subscription at any time. Upon cancellation, you will retain access to all Pro features until the end of your current billing period. After the billing period expires, your account will be downgraded to the Free tier.

10.3 Effects of Downgrade to Free Tier

When your account is downgraded from Pro to Free, the following changes take effect:

  • Custom Branding: Your custom branding configuration (logo and colors) will be removed from future report generations. Previously generated reports that include your branding are not retroactively altered.
  • Finding Templates: Your existing templates become read-only. You may view previously created templates but cannot create new templates or apply existing templates to reports.
  • Screenshot Attachments: Existing attachments on findings are preserved and remain visible, but you cannot upload new attachments.
  • DOCX Export: DOCX export is no longer available. You may continue to export reports as PDF within the free-tier limit.
  • Report Export Limits: Your monthly report export count is subject to the free-tier limit of two (2) per calendar month.
  • AI Enhancement Limits: AI-enhanced findings per report are limited to five (5) instead of twenty-five (25).
  • Custom Disclaimer: Custom report disclaimer text is no longer applied to newly generated reports.

10.4 Resuming Pro

If you resume your Pro subscription before the billing period expires (i.e., while still in the cancellation grace period), your Pro access continues uninterrupted and no downgrade changes are applied.

11. Shared Reports

The Service allows you to generate public, read-only links to your reports. These links are accessible to anyone who possesses the link URL, without requiring authentication or a PenReport account. By enabling a share link, you acknowledge and agree to the following:

  • Your Responsibility: You are solely responsible for determining whether the content of a report is appropriate for sharing and for controlling the distribution of the share link. You should exercise caution before sharing reports that contain sensitive vulnerability details, client-confidential information, internal network architecture, or other information that could be misused.
  • Access Controls: You may create multiple share links per report, each with individual settings. Share links support optional password protection, expiration dates, download limits, and the ability to enable or disable PDF downloads and comments on a per-link basis. Even with these controls, anyone who possesses a valid, unexpired share link (and the password, if set) can view the full report content without a PenReport account.
  • Share Analytics: PenReport tracks basic analytics for share links, including view counts, download counts, time spent viewing, and approximate viewer country (derived from IP address). Viewer IP addresses are stored only as irreversible daily-rotating hashes. You can view these analytics from your report's share settings. Recipients of shared reports may also leave comments and feedback if you have enabled comments for that share link.
  • Revocation: You may revoke a share link at any time by disabling sharing for the report. Once revoked, the link will no longer display the report. However, PenReport cannot control or retrieve copies of report content that may have been saved, downloaded, or screenshot-captured by recipients before revocation.
  • No Liability: PenReport is not liable for any damages, losses, or consequences arising from the sharing of your report content, including but not limited to unauthorized disclosure of vulnerabilities, breach of client confidentiality, or misuse of shared report information by third parties.
  • No Indexing: Shared report pages include technical measures (noindex directives) to discourage search engine indexing. However, we cannot guarantee that shared report links will never appear in search results.

12. Data and Privacy

Your use of the Service is also governed by our Privacy Policy, which describes how we collect, use, store, and protect your personal information and User Content. By using the Service, you consent to the data practices described in the Privacy Policy.

Data Storage. User Content, including reports, findings, templates, and attachments, is stored on our infrastructure providers (Neon for database, ImageKit for files). We implement industry-standard security measures to protect your data, but no method of electronic storage is completely secure.

Data Portability. You may export your reports at any time as PDF or DOCX documents (subject to plan limitations). You may also download a complete JSON archive of all your data (including your profile, reports, findings, templates, branding configuration, and account metadata) from Settings > Account.

Data Retention. We retain your data for as long as your account is active. Deleted reports and findings are soft-deleted and may be recoverable for a limited retention period before permanent deletion. Upon account deletion, your data is permanently removed in accordance with our Privacy Policy, subject to legal retention requirements and reasonable backup cycles.

13. Termination

13.1 Termination by You

You may delete your account at any time from the account settings page. Account deletion is permanent and irreversible. Upon initiating account deletion: (a) any active Pro subscription will be cancelled; (b) all your User Content, including reports, findings, templates, attachments, branding configurations, and tester profile data, will be permanently deleted; (c) any active share links will be immediately disabled; and (d) your login credentials and session data will be purged.

If you own an organization (when the organizations feature is available), you must transfer ownership before deleting your account. Account deletion will be blocked while you are the sole owner of an organization.

13.2 Termination by PenReport

We reserve the right to suspend or terminate your account, with or without notice, if we reasonably believe that: (a) you have violated these Terms, including the Acceptable Use Policy; (b) your account is being used for fraudulent, illegal, or unauthorized purposes; (c) your continued use poses a security risk to the Service or other users; (d) we are required to do so by law, regulation, or legal process; or (e) we discontinue the Service entirely.

13.3 Effect of Termination

Upon termination, your right to access and use the Service immediately ceases. We are not obligated to retain, forward, or provide copies of your User Content after termination, except as required by applicable law. Sections that by their nature should survive termination will survive, including but not limited to: Content Ownership and Licensing, AI-Generated Content Disclaimer, Intellectual Property, Limitation of Liability, Indemnification, Warranty Disclaimer, Governing Law, and Dispute Resolution.

14. Suspension Policy

We may suspend your account temporarily rather than terminating it permanently if we determine that suspension is a proportionate response to a suspected violation. During suspension:

  • You will be unable to log in or access any features of the Service
  • All active sessions will be invalidated
  • Shared report links will be temporarily inaccessible
  • Your User Content will be preserved but inaccessible until the suspension is lifted or the account is terminated
  • Pro subscriptions will not be automatically cancelled during suspension; you may contact us to request cancellation if your account is suspended

We may, but are not obligated to, provide you with notice of the reason for suspension and an opportunity to address the issue. Accounts flagged for review may be escalated to permanent termination based on the findings of our investigation.

15. Limitation of Liability

To the maximum extent permitted by applicable law:

  • No Indirect Damages. In no event shall PenReport, its officers, directors, employees, agents, affiliates, or licensors be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, including but not limited to damages for loss of profits, goodwill, data, use, or other intangible losses, arising out of or in connection with your use of or inability to use the Service, regardless of the theory of liability (contract, tort, negligence, strict liability, or otherwise) and even if PenReport has been advised of the possibility of such damages.
  • Aggregate Cap. PenReport's total aggregate liability to you for all claims arising out of or relating to these Terms or the Service shall not exceed the greater of: (a) the total amount you paid to PenReport in the twelve (12) months immediately preceding the event giving rise to the claim; or (b) fifty United States Dollars ($50 USD).
  • Specific Exclusions. Without limiting the foregoing, PenReport shall not be liable for: (i) the accuracy, completeness, or reliability of AI-generated content; (ii) your reliance on any content generated by or displayed through the Service; (iii) any unauthorized access to or alteration of your data; (iv) the conduct or content of any third party accessing your shared reports; (v) any loss or corruption of User Content due to system failures or force majeure events; (vi) any consequences arising from the disclosure of sensitive information through shared report links; (vii) any damages resulting from service interruptions, downtime, or data loss; or (viii) any issues arising from third-party services integrated with the Service (including payment processing, AI services, and file storage).

Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, our liability shall be limited to the maximum extent permitted by law. The limitations in this section apply even if a limited remedy fails of its essential purpose.

16. Indemnification

You agree to indemnify, defend, and hold harmless PenReport and its officers, directors, employees, agents, affiliates, successors, and assigns from and against any and all claims, demands, actions, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees and legal costs) arising out of or relating to:

  • Your use of the Service or any activity occurring under your account
  • Your violation of these Terms or any applicable law or regulation
  • Your User Content, including any claims that your content infringes or misappropriates the intellectual property rights or other rights of any third party
  • Your distribution of reports generated through the Service, including reports containing AI-generated content
  • Any unauthorized or illegal penetration testing activities documented through the Service
  • Any breach of client confidentiality resulting from your use of shared report links or distribution of generated reports
  • Any claim by a third party that arises from your sharing of report content or vulnerability details

PenReport reserves the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate with our defense of such claims.

17. Warranty Disclaimer

THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. PENREPORT EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO:

  • IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT
  • WARRANTIES THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE
  • WARRANTIES REGARDING THE ACCURACY, RELIABILITY, OR COMPLETENESS OF ANY CONTENT OBTAINED THROUGH THE SERVICE, INCLUDING AI-GENERATED CONTENT
  • WARRANTIES THAT THE SERVICE WILL MEET YOUR SPECIFIC REQUIREMENTS OR EXPECTATIONS
  • WARRANTIES THAT DEFECTS IN THE SERVICE WILL BE CORRECTED
  • WARRANTIES THAT THE SERVICE IS FREE OF VIRUSES, MALWARE, OR OTHER HARMFUL COMPONENTS

YOU ACKNOWLEDGE THAT YOU USE THE SERVICE AT YOUR OWN RISK. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM PENREPORT OR THROUGH THE SERVICE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS.

Some jurisdictions do not allow the exclusion of implied warranties. In such jurisdictions, the above exclusions may not apply to you to the extent prohibited by applicable law.

18. Force Majeure

PenReport shall not be liable for any failure or delay in performing its obligations under these Terms to the extent that such failure or delay results from circumstances beyond our reasonable control, including but not limited to: acts of God, natural disasters, pandemics, epidemics, war, terrorism, riots, civil unrest, government actions or regulations, embargoes, sanctions, labor disputes, strikes, fire, floods, earthquakes, power outages, internet or telecommunications failures, cyberattacks, denial-of-service attacks, failures of third-party service providers (including cloud hosting, payment processing, AI services, and email delivery), and any other events beyond our reasonable control (each, a “Force Majeure Event”).

In the event of a Force Majeure Event, our obligations under these Terms shall be suspended for the duration of the event, and we shall use reasonable efforts to resume performance as soon as practicable. If a Force Majeure Event continues for more than ninety (90) consecutive days, either party may terminate these Terms upon written notice.

19. Governing Law

These Terms and any disputes arising out of or relating to these Terms or the Service shall be governed by and construed in accordance with the substantive laws applicable to the jurisdiction in which PenReport is operated at the time the dispute arises, without regard to conflict of law principles. If a court proceeding is necessary, the parties agree to submit to the jurisdiction of the courts in the country where PenReport is operated.

20. Dispute Resolution

20.1 Informal Resolution

Before initiating any formal dispute resolution proceeding, you agree to first contact us at the email address listed in Section 26 and attempt to resolve the dispute informally for at least thirty (30) days. Most disputes can be resolved through good-faith communication.

20.2 Binding Arbitration

If the dispute cannot be resolved informally within thirty (30) days, you and PenReport agree to resolve the dispute through binding arbitration conducted by a single arbitrator under the rules of a mutually agreed-upon arbitration institution, or if the parties cannot agree, under the rules of the International Chamber of Commerce (ICC). The arbitration shall be conducted in the English language. The arbitrator's decision shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

20.3 Class Action Waiver

You agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated, or representative action. You waive the right to participate in a class action lawsuit or class-wide arbitration against PenReport.

20.4 Exceptions

Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of intellectual property rights or confidentiality obligations.

21. Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving its original intent. If modification is not possible, the provision shall be severed from these Terms. The invalidity, illegality, or unenforceability of any provision shall not affect the validity, legality, or enforceability of the remaining provisions, which shall continue in full force and effect.

22. Entire Agreement

These Terms, together with the Privacy Policy and any other agreements or policies referenced herein, constitute the entire agreement between you and PenReport with respect to the Service and supersede all prior or contemporaneous communications, proposals, representations, understandings, and agreements, whether oral or written, between you and PenReport concerning the Service.

23. Assignment

You may not assign, transfer, or delegate your rights or obligations under these Terms without the prior written consent of PenReport. Any attempted assignment without consent shall be null and void. PenReport may assign, transfer, or delegate its rights and obligations under these Terms without restriction, including in connection with a merger, acquisition, reorganization, sale of assets, or by operation of law. Upon any permitted assignment, these Terms shall be binding on and inure to the benefit of the parties and their respective successors and assigns.

24. Waiver

The failure of PenReport to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. A waiver of any term or condition of these Terms shall not be deemed a further or continuing waiver of such term or condition or any other term or condition. Any waiver must be in writing and signed by an authorized representative of PenReport to be effective.

25. Additional Legal Provisions

25.1 Third-Party Beneficiaries

These Terms are for the sole benefit of you and PenReport. Nothing in these Terms, express or implied, is intended to or shall confer upon any third party any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of these Terms. No third party shall have any right to enforce any provision of these Terms.

25.2 Export Compliance

You agree to comply with all applicable export control laws and regulations of the United States and any other relevant jurisdiction. You represent and warrant that you are not located in, under the control of, or a national or resident of any country or territory subject to comprehensive U.S. sanctions (including but not limited to Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions), and that you are not on any U.S. government restricted party list, including the Specially Designated Nationals list maintained by the Office of Foreign Assets Control (OFAC) or the Denied Persons List maintained by the Bureau of Industry and Security.

25.3 Notices

We may provide notices to you by: (a) sending an email to the address associated with your account; or (b) posting a notice within the Service. Email notices are deemed received twenty-four (24) hours after they are sent. In-app notices are deemed received upon your next login to the Service after posting. It is your responsibility to keep your email address current and to regularly check for notices.

25.4 Relationship of Parties

Nothing in these Terms shall be construed to create a partnership, joint venture, employment, franchise, or agency relationship between you and PenReport. Neither party has the authority to bind or obligate the other party in any manner.

25.5 Headings

The section headings in these Terms are for convenience only and have no legal or contractual effect. They shall not be used in the interpretation or construction of these Terms.

25.6 Electronic Communications

By using the Service and providing your email address, you consent to receive electronic communications from PenReport, including notices, agreements, disclosures, and other communications that we provide electronically. You agree that all agreements, notices, and other communications provided electronically satisfy any legal requirement that such communications be in writing.

26. Modifications to Terms

We reserve the right to modify, amend, or replace these Terms at any time at our sole discretion. When we make material changes, we will: (a) update the “Last updated” date at the top of this page; (b) notify you by email at the address associated with your account at least thirty (30) days before the changes take effect for material modifications; and (c) where practical, provide a summary of the key changes.

Your continued use of the Service after the effective date of any modifications constitutes your acceptance of the modified Terms. If you do not agree to the modified Terms, you must stop using the Service and delete your account before the effective date of the changes. For paid subscribers, if you do not agree to material changes affecting your subscription, you may cancel your subscription and receive access through the end of your current billing period.

Non-material changes (such as typographical corrections, clarifications, or formatting updates) may be made at any time without prior notice. We encourage you to review these Terms periodically to stay informed of any updates.

27. Contact

If you have any questions, concerns, or complaints about these Terms or the Service, please contact us at:

Email: [email protected]

General Support: [email protected]

We aim to respond to all inquiries within five (5) business days. For urgent matters related to account security or suspected unauthorized access, please include “URGENT” in the subject line of your email.