Legal
Terms of Use
Last updated: February 2026 · Stoic X OÜ
Important: All penetration testing, red team, and offensive security services provided
by Stoic X OÜ are conducted exclusively under written authorisation from the asset owner or a party
with lawful authority to grant such authorisation. Unauthorised access to computer systems is illegal.
We do not perform any testing without a signed scope of work and authorisation document.
Acceptance
Agreement to these terms
By accessing this website or engaging Stoic X OÜ for any service, you confirm that you have read,
understood, and agree to be bound by these Terms of Use. If you do not agree, you must not use this
website or engage our services. These terms apply to all visitors, clients, and any other party who
interacts with Stoic X OÜ.
About Our Services
What Stoic X OÜ provides
Services
Penetration testing, red team operations, adversary simulation, web and API security assessments, Active Directory attack path analysis, cloud security reviews, and social engineering engagements
Prerequisite
All offensive security services require a signed engagement agreement, scope of work, and authorisation letter prior to commencement
Jurisdiction
Stoic X OÜ is registered in Estonia and operates under Estonian and EU law
Eligibility
Who may engage our services
Age
You must be at least 18 years of age to enter into a service agreement with Stoic X OÜ
Authority
You must have lawful authority to authorise security testing of the systems in scope. This means you are the owner, or have explicit written permission from the owner
Compliance
You must not be subject to sanctions, export controls, or other legal restrictions that would prevent you from engaging our services
Authorisation Requirement
Written authorisation is mandatory
No engagement will begin without a signed authorisation document explicitly defining the scope of
testing, the systems in scope, the testing window, and the contact persons for the client organisation.
This document forms the legal basis for all offensive activities conducted by Stoic X OÜ.
The client bears sole responsibility for ensuring that the authorisation covers all systems, networks,
and third-party infrastructure included in the scope. Stoic X OÜ accepts no liability for actions
taken within an agreed scope that were later found to exceed the client's actual authority.
Any attempt to engage Stoic X OÜ for testing against systems the client does not own or does not
have lawful authority to test will result in immediate termination of the engagement and may be
reported to the relevant authorities.
Intellectual Property
Ownership of work product
Website content
All content on this website — including text, design, and code — is owned by Stoic X OÜ and protected by copyright. Reproduction without written consent is prohibited
Engagement reports
Deliverables produced during an engagement (reports, timelines, findings) are provided to the client for their internal use. Stoic X OÜ retains the right to reference engagement methodologies in anonymised form
Tools & tooling
Any custom tools, scripts, or infrastructure developed by Stoic X OÜ remain the exclusive intellectual property of Stoic X OÜ unless otherwise agreed in writing
Confidentiality
Mutual obligations
Stoic X OÜ treats all client information, system details, findings, and engagement data as strictly
confidential. This obligation survives the termination of any engagement and has no expiry date unless
otherwise agreed in a signed NDA.
Clients agree to treat all methodologies, tooling details, and proprietary information disclosed by
Stoic X OÜ during an engagement as confidential. A mutual NDA is available on request prior to
scoping discussions.
Limitation of Liability
Scope of our liability
Within agreed scope
Stoic X OÜ is not liable for damage, outages, or data loss that occurs as a direct result of authorised testing activities within the agreed scope of work
Maximum liability
Our total liability for any claim arising from a specific engagement shall not exceed the total fees paid by the client for that engagement
Exclusions
We are not liable for indirect, consequential, or incidental damages, loss of profits, or business interruption — except where liability cannot be excluded under applicable Estonian or EU law
Website use
This website is provided "as is". We do not warrant uninterrupted availability and accept no liability for any reliance on information presented here
Prohibited Use
You must not
Use this website or our services to facilitate any unlawful activity, including but not limited to:
unauthorised access to computer systems; attempting to engage us to attack systems you do not own or
have no authority to test; misrepresenting your identity or authority; engaging in fraud; attempting
to reverse-engineer, scrape, or exploit this website; or using our name or brand to imply endorsement
of any product or service without written consent.
Governing Law & Disputes
Jurisdiction and dispute resolution
Governing law
These terms are governed by the laws of the Republic of Estonia, without regard to conflict of law principles
Jurisdiction
Any dispute arising from these terms or an engagement shall be submitted to the exclusive jurisdiction of Harju County Court, Tallinn, Estonia
EU consumers
If you are a consumer within the EU, you retain the right to bring proceedings in the courts of your country of residence under applicable EU consumer protection law
ODR
The EU Online Dispute Resolution platform is available at ec.europa.eu/consumers/odr
Changes to These Terms
Updates
We reserve the right to update these Terms of Use at any time. The date at the top of the page
reflects the most recent revision. Continued use of this website or our services after changes are
posted constitutes acceptance of the revised terms. Active clients will be notified of material
changes by email.
Contact
Questions about these terms
Email
Address
Stoic X OÜ, Sepapaja tn 6, 15551 Tallinn, Estonia