Home
/
Legal
/
End User License Agreement

Invicti End User License Agreement

IMPORTANT– PLEASE READ CAREFULLY BEFORE INSTALLING OR USING THE INVICTI SOLUTION.

THIS INVICTI END USER LICENSE AGREEMENT ("EULA") SETS OUT THE TERMS ON WHICH INVICTI LICENSES THE INVICTI SOLUTION TO YOU. BY INSTALLING, ACCESSING, OR USING THE INVICTI SOLUTION, YOU ("END USER") AGREE TO BE BOUND BY THE TERMS OF THIS EULA. IF YOU ARE ENTERING INTO THIS EULA ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE AUTHORITY TO BIND THAT ENTITY TO THESE TERMS, IN WHICH CASE "END USER" SHALL REFER TO THAT ENTITY. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT INSTALL, ACCESS, OR USE THE INVICTI SOLUTION.

This EULA is between End User and the applicable Invicti entity ("Invicti"): (i) if End User's principal place of business is in the Americas, Invicti Security Corp., a Florida corporation, 7171 Southwest Parkway, Building 300, Suite 475, Austin, TX 78735; or (ii) if End User's principal place of business is outside the Americas, Invicti Security Ltd., acompany registered in Malta, Mirabilis Building, Triq L-Intornjatur, Mriehel, CBD 3050, Malta.

1.        HIERARCHY OF AGREEMENTS AND SCOPE.

1.1.     Order of Precedence. This EULA sets out the terms on which Invicti licenses the Invicti Solution to End User. It operates subject to the following order of precedence: (i) a Direct Agreement, which, where one exists and is in full force and effect between Invicti and End User (or End User's Affiliate), governs End User's use of the Invicti Solutionin its entirety and displaces this EULA as between those parties; (ii) a Channel Order, which, where applicable, governs the commercial terms of End User's access to theInvicti Solution as between End User and the Channel Partner; and (iii) this EULA, which applies tothe extent not covered or displaced by (i) or (ii) above, and which sets outthe baseline terms governing the relationship between Invicti and End User directly with respect to the use of the Invicti Solution. Acceptance of this EULA upon installation or product access does not modify, supersede, or novate any existing Direct Agreement or Channel Order.

1.2.    Direct Customers. Where End User has a Direct Agreement with Invicti, that Direct Agreement is the contractual instrument governing the relationship between the parties. This EULA is the licence instrument embedded in the product and End User's acceptance of it upon installation creates no new or additional obligations on either party beyond those set out in the Direct Agreement.

1.3.     Channel Customers. Where End User has obtained the Invicti Solution through a Channel Partner, this EULA governs the terms on which Invicti licenses the Invicti Solution to End User. Invicti is not a party to the Channel Order. All commercial matters, including pricing, fees, payment, support obligations, and any financial remedies, are governed solely by the Channel Order between End User and the Channel Partner. End User's sole recourse for commercial matters is against the Channel Partner.

1.4.     Standalone Use. Where End User has no Direct Agreement and no Channel Order (including, without limitation, during a trial or evaluation period), this EULA governs End User's use of the Invicti Solution in its entirety.

2.        LICENCE GRANT.

2.1.     Licence Grant. Subject to End User's compliance with this EULA and, where applicable, payment of all fees under the Direct Agreement or Channel Order, Invicti grants End User a limited, non-exclusive, non-sublicensable, non-transferable licence, solely during the Subscription Term and for End User's internal business purposes, to: (i) access and use the Invicti Solution (whether as software installed on End User's infrastructure or as a cloud service); and (ii) reproduce and use a reasonable number of copies of the Documentation.

2.2.    Trial Versions. Any version of the Invicti Solution provided on a "Trial", "Evaluation", or "Proof of Concept" basis is provided free of charge for the applicable trial period, as-is and without warranty, and solely for use in non-production environments. Invicti may terminate access to any Trial Version at any time. All data generated during a trial period may be deleted upon its conclusion. Invicti has no liability arising out of or relating to any trial use.

2.3.   Beta Features. Features identified by Invicti as "Beta", "Alpha", "Experimental", "Limited Release", or "Pre-Release" are provided without warranty and maybe withdrawn or made subject to additional fees at Invicti's sole discretion at any time. End User shall not attempt to circumvent any time-control or disabling functionality in any Beta Feature.

3.        END USER RESPONSIBILITIES. As conditions of the licence granted in Section 2, End User shall: (i) keep all passwords and credentials secure and confidential and use industry-standard password management practices; (ii) be solely responsible for all Content and all activity conducted through its account; (iii) use commercially reasonable efforts to prevent unauthorised access to its account and notify Invicti promptly of any such unauthorised access; (iv) use the Invicti Solution only in accordance with the Documentation, the AUP, and applicable law; (v) be responsible for its Users' compliance with this EULA; and (vi) ensure its use does not exceed the Usage Parameters or otherwise violate Fair Use.

4.        RESTRICTIONS. Except as expressly permitted inthis EULA and to the maximum extent permitted by applicable law, End User shall not (and shall not permit any third party to): (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive the source code or structureof the Invicti Solution; (ii) distribute, sublicense, assign, transfer, lease,lend, rent, or use the Invicti Solution for the benefit of any third party (including as a service bureau or for timesharing purposes); (iii) use oraccess the Invicti Solution to build a similar or competitive product orservice, or disclose to any third party any benchmarking or comparative study involving the Invicti Solution; (iv) modify, adapt, translate, or createderivative works of the Invicti Solution or Documentation; (v) remove, alter, or obscure any proprietary rights notices of Invicti or its suppliers; (vi) use the Invicti Solution to scan any Applications or Targets outside of those End User owns or manages, without Invicti's and the relevant owner's explicit prior written consent; (vii) use the Invicti Solution to connect, integrate, or analyse any Projects or associated repositories, pipelines, or components other than those End User owns ormanages, without Invicti's and the relevant owner's explicit prior written consent; or (viii) use the Invicti Solution in any manner that violates the AUP or applicable law.

5.        AI SERVICES. End User's use of any AI Services is subject to and governed by Invicti's AI Services Addendum, presently at https://www.invicti.com/legal/ai-services, as periodically updated, which is hereby incorporated into this EULA by reference.

6.        API Security Services. End User's use of any API Security Services is subject to and governed by Invicti's API Security Addendum, presently at https://www.invicti.com/legal/api-security, as periodically updated, which is hereby incorporated into this EULA by reference.

7.        INTELLECTUAL PROPERTY.

7.1.      1Invicti Ownership. Except for the limited licence granted to End User in Section 2.1, all right, title, and interest in and to the Invicti Solution, including all intellectual property rights, remain exclusively with Invicti and its licensors. Title to the Invicti Solution does not pass to End User, and End User's rights are limited to the licence expressly granted in Section 2.

7.2.     Content. Content remains the property of End User. End User represents and warrants that it has obtained all necessary licences, permissions, and consents for its Content to be used within the Invicti Solution. End User grants Invicti a perpetual, worldwide, fully paid,royalty-free licence to use Content to operate the Invicti Solution and as otherwise set out in this EULA.

7.3.     Feedback. Any suggestions or feedback End User provides to Invicti regarding the Invicti Solution shall vest exclusively in Invicti and may be used by Invicti without restriction or payment, provided that any such feedback shall not identify End User.

7.4.     Data Insights. Invicti may collect and use Data Insights for the purposes of managing the subscription, benchmarking, improving Invicti's products and services, and maintaining the security of the Invicti Solution. Data Insights are never sold, and are aggregated and anonymised when used in any external-facing capacity so as never to identify End User, its Users, or any natural person.

8.          CONFIDENTIAL INFORMATION.

8.1.     End User acknowledges that theInvicti Solution, including its features, functionality, architecture, and any non-public technical or pricing information relating thereto, constitutes confidential and proprietary information of Invicti ("Invicti Confidential Information"). End User shall: (i) maintain the confidentiality of Invicti Confidential Information using at least the same degree of care it uses to protect its own confidential information, and in no event less than reasonable care; (ii) not use Invicti Confidential Information for any purpose other than exercising its rights under the licence granted herein; and (iii) not disclose Invicti Confidential Information to any third party except to Users who have a need to know for the purposes of this EULA and who are bound by confidentiality obligations at least as protective as those set out herein.

8.2.     End User's obligations under this Section 7 do not apply to information that: (i) is or becomes publicly known through no act or omission of End User; (ii) was rightfully known to End User without restriction at the time of disclosure; (iii) is independently developed by End User without use of Invicti Confidential Information; or (iv) End User is required to disclose by law or court order, provided End User gives Invicti prompt prior notice where legally permitted.

8.3.     Personal Data. The parties agree that Invicti's Data Processing Addendum, presently at https://www.invicti.com/legal/dpa shall govern the collection, use, storage, and protection of any personal data processed by Invicti on behalf of End User.

9.        DATASECURITY

9.1.      1Security Measures. Invicti implements and maintains reasonable and appropriate technical, physical, administrative, and organisational controls designed to protect the confidentiality, security, and integrity of Content.

9.2.     1Data Breach Notification. If Invicti becomes aware that End User's Content was accessed or disclosed in breach of this EULA, Invicti will notify End User without undue delay and in no event more than 72 hours after becoming aware of the breach, and will provide available information regarding the nature and scope of the incident.

10.        WARRANTIES AND DISCLAIMERS.

10.1.      1Malware. Invicti uses commercially reasonable industry-standard efforts to scan for and remove Malware from the cloud-delivered Invicti Solution. For these purposes, "Malware" means software designed to damage or perform unwanted actions on a computer system, including viruses, worms, Trojan horses, and spyware.

10.2.     Open Source Software. The Invicti Solution incorporates third-party open source software distributed under their respective licence terms. Invicti uses commercially reasonable efforts to ensure that inclusion of open source software in the Invicti Solution does not prevent End User from exercising the rights granted under this EULA. Title to open source software remains with the applicable licensors. Except as stated in this Section 9.2, Invicti disclaims all representations, warranties, and liability arising from open source software.

10.3.     Disclaimer. EXCEPT AS EXPRESSLY SET OUT IN SECTIONS 9.1 AND 9.2, THE INVICTI SOLUTION IS LICENSED "AS IS". INVICTI DISCLAIMS ALL WARRANTIES, CONDITIONS, AND REPRESENTATIONS, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.INVICTI MAKES NO WARRANTY THAT THE INVICTI SOLUTION WILL BE ERROR-FREE, UNINTERRUPTED, OR FREE FROM FALSE POSITIVES, OR THAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED. ANY WARRANTIES BEYOND THOSE SET OUT IN THIS SECTION 9 ARE AVAILABLE SOLELY UNDER A DIRECT AGREEMENT.

11.      INDEMNIFICATION.

11.1.   Indemnity. End User shall defend, indemnify, and hold harmless Invicti and its officers, directors, employees, agents, licensors, and suppliers ("Invicti Indemnified Parties") from and against any and all third-party claims, damages, liabilities, losses, and costs (including reasonable legal fees) arising out of or relating to: (i) End User's scanning of any Application or Target not owned or managed by End User or its affiliates, without prior written consent; (ii) End User's use of the Invicti Solution to connect, integrate, or analyse any Project or associated repository, pipeline, or component that End User does not own or manage, without prior written consent; (iii) any Content that infringes or misappropriates any third-party intellectual property rights or that has been provided or used unlawfully; or (iv) any breach by End User of Section 4 of this EULA.

11.2.     Conditions. Invicti's right to indemnification under Section 10.1 is subject to: (a) Invicti giving End User prompt written notice of the relevant claim; (b) End User having sole control of the defence and settlement, provided that End User may not settle any claim in a manner that imposes obligations or liability on Invicti without Invicti's prior written consent; and (c) Invicti providing reasonable cooperation in the defence at End User's expense.

12.        INVICTI IP INFRINGEMENT CLAIMS. In the event that a third party claims that the Invicti Solution infringes its intellectual property rights, Invicti may, at its option and expense: (i) modify the Invicti Solution to be non-infringing; (ii) procure the rights necessary for End User to continue using it; (iii) replace it with a functional equivalent; or (iv) if none of subsections (i) to (iii) is commercially practicable, terminate the licence granted herein. These are the remedies Invicti may elect to provide in response to third-party IP infringement claims affecting End User's use of the Invicti Solution, and do not constitute a contractual indemnity. Any broader IP indemnification commitment from Invictiis available solely under a Direct Agreement. Invicti has no obligation to provide any remedy under this Section 11 to the extent the claim arises from: (i) Invicti's compliance with End User's specifications; (ii) combination of the Invicti Solution with technology where infringement would not occur but for the combination; (iii) Content; (iv) use with hardware, software, or services not authorised by Invicti; or (v) End User's breach of Section 4.

13.        LIMITATION OF LIABILITY.

13.1.     Consequential Losses. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, INVICTI AND THE INVICTI INDEMNIFIED PARTIES SHALL NOT BE LIABLE TO END USER FOR ANY LOST PROFITS, LOSS OF USE, LOSS OF REVENUE, LOSS OF GOODWILL, BUSINESS INTERRUPTION, LOSS OF DATA, OR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, UNDER ANY THEORY OF LIABILITY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

13.2.     Liability Cap. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, INVICTI'S TOTAL AGGREGATE LIABILITY TO END USER ARISING OUT OFOR IN CONNECTION WITH THIS EULA, FROM ALL CAUSES OF ACTION AND UNDER ANY THEORY OF LIABILITY, SHALL NOT EXCEED INVICTI'S PUBLISHED LIST PRICE FOR THE APPLICABLE INVICTI SOLUTION TIER FOR THE 12-MONTH PERIOD CORRESPONDING TO THE SUBSCRIPTION TERM DURING WHICH THE EVENT GIVING RISE TO LIABILITY OCCURRED.

13.3.     Enhanced Cap. WITH RESPECT TO INVICTI'S BREACH OF ITS DATA SECURITY UNDERTAKINGS UNDER SECTION 8, INVICTI'S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THREE TIMES THE AMOUNT DETERMINED IN ACCORDANCE WITH SECTION 12.2.

13.4.     End User Liability. END USER'S TOTAL AGGREGATE LIABILITY TO INVICTI ARISING OUT OF OR IN CONNECTION WITH THIS EULA, INCLUDING UNDER SECTION 12, SHALL NOT EXCEED THREE TIMES INVICTI'S PUBLISHED LIST PRICE FOR THE APPLICABLE INVICTI SOLUTION TIER FOR THE RELEVANT 12-MONTH PERIOD, EXCEPT IN RESPECT OF END USER'S BREACH OF SECTION 4, 6.1 OR 7 WHICH SHALL BE UNCAPPED.

14.        TERM AND TERMINATION

14.1.     Term. This EULA commences when End User first accepts it (whether by installing or using the Invicti Solution or by executing a Direct Agreement or Channel Order that references it) and continues for the duration of the Subscription Term, unless earlier terminated in accordance with this Section 14.

14.2.     Termination by Invicti. Invicti may terminate the licence granted in this EULA: (i) immediately and automatically upon End User's breach of Section 4; (ii) immediately upon written notice if End User materially breaches any other provision of this EULA and, where the breach is capable of remedy, fails to remedy it within 30 days of written notice from Invicti; (iii) immediately upon written notice if End User enters compulsory or voluntary liquidation, ceases to carry on business, or takes or suffers any similar action; or (iv) immediately upon written notice if continued provision of the licence would cause Invicti to violate applicable law or regulation.

14.3.     Expiry. The licence granted in this EULA terminates automatically upon expiry of the Subscription Term as determined by the applicable Direct Agreement or Channel Order. End User's remedy in respect of any Invicti failure prior to expiry is governed solely by the Direct Agreement or Channel Order, as applicable.

14.4.     Effect of Termination. Upon termination or expiry of the licence: (a) all rights granted to End User terminate immediately and End User and its Users shall cease all use of the Invicti Solution and destroy or return all copies thereof; (b) End User shall destroy or return all Invicti Confidential Information in its possession, retaining one archival copy only as required for legal compliance; and (c) End User may request deletion of its Content from the cloud-delivered Invicti Solution.

14.5.     Disabling Code. END USER ACKNOWLEDGES THAT THE INVICTI SOLUTION MAY CONTAIN FUNCTIONALITY THAT, AUTOMATICALLY OR AT INVICTI'S CONTROL, WILL RENDER THE INVICTI SOLUTION UNUSABLE UPON TERMINATION OR UPON END USER'S UNCURED MATERIAL BREACH OF THIS EULA.

14.6.     Survival. Sections 4, 6, 7, 8, 10, 11, 12, 13.4,13.5, 13.6, 14 and Schedule 1 survive expiry or termination of this EULA.

15.        MISCELLANEOUS

15.1.         Third Party Integrations. The Invicti Solution may permit connection to third-party services. Invicti is not responsible for those third-party services, their accuracy, compliance, or their treatment of Content. End User is solely responsible for its own agreements with such third parties.

15.2.         Export Compliance and Anti-Corruption. End User represents and warrants that it is not on any applicable governmental denied-party list. End User shall not permit Users to access or use the Invicti Solution in violation of any applicable export laws or regulations. End User confirms it has not received or been offered any improper bribe, kickback, or payment in connection with this EULA, and shall promptly notify Invicti at legal@invicti.com if it becomes aware of any violation.

15.3.         Government End Users. For U.S. government end users, the Invicti Solution and Documentation are "commercial computer software" and "commercial computer software documentation" as defined in DFARS Section 227.7202 and FAR Section 12.212(b). Use, modification, and disclosure are governed solely by this EULA (or, where applicable, the Direct Agreement).

15.4.         Publicity. End User agrees that Invicti may identify End User by name and logo in Invicti's promotional materials to indicate that End User uses the Invicti Solution, provided Invicti does not state or imply that End User endorses the Invicti Solution.

15.5.         Governing Law. This EULA shallbe construed pursuant to: (i) the laws of the State of Texas (without regard to conflicts of law provisions), if End User is located in the Americas; or (ii) the laws of Malta, if End User is located outside the Americas. The United Nations Convention on the International Sale of Goods and the Uniform Computer Information Transactions Act shall not apply. End User consents to the exclusive jurisdiction of the courts of Texas (if in the Americas) or Malta (if outside the Americas). Where a Direct Agreement exists and specifies governing law and jurisdiction, those provisions shall govern instead of this Section 14.5.

15.6.          Assignment. The licence granted under this EULA is personalto End User and may not be assigned, transferred, or sublicensed without Invicti's prior written consent, except in connection with a merger, acquisition, or sale of all or substantially all of End User's assets, provided the successor entity agrees in writing to be bound by this EULA. Invicti may transfer or assign its rights in the Invicti Solution without restriction. Any purported assignment in violation of this section is null and void.

15.7.         Force Majeure. Invicti shall not be liable for any delay or failure in the availability of the Invicti Solution resulting from events beyond Invicti's reasonable control. If such an event continues for more than 30 days, Invicti may terminate the licence on written notice, and End User's remedy for any prepaid fees shall be governed by the Direct Agreement or Channel Order, as applicable.

15.8.         Severability and Waiver. If any provision of this EULA is held unenforceable, it shall be modified to the minimum extent necessary to make it enforceable, and the remainder of this EULA shall continue in full force. No failure or delay by Invicti in exercising any right under this EULA shall operate as a waiver of that right.

15.9.         Irreparable Harm. Any breach of Section 4, Section 6.1, or Section 7 could cause irreparable harm to Invicti for which monetary damages would be an inadequate remedy. Invicti shall be entitled to seek injunctive or other equitable relief in respect of any such breach without the need to post a bond, in addition to all other remedies available at law or equity.

15.10.         Notices. Notices to Invicti under this EULA shall be sent in writing to legal@invicti.com. Operational notices may be sent to End User's administrative contact by email. Notices are deemed received at the time delivered, or if outside a Business Day, at the beginning of the next Business Day.

15.11.         Language. The English-language version of this EULA controls in all respects. Any translation is for convenience only and has no legal effect.

15.12.         Entire Agreement. This EULA, together with the AUP, the AI Services Addendum (where applicable), and the Data Processing Addendum (where applicable), sets out the complete terms on which Invicti licenses the Invicti Solution to End User, subject to the hierarchy in Section 1. It does not constitute a contract of sale or a services agreement. The pre-printed or standard terms of any End User purchase order or other business form shall have no force or effect against Invicti.

SCHEDULE 1: Definitions

“Affiliate” means, with respect to a party at agiven time, an entity that then is directly or indirectly controlled by, is under common control with, or controls that party, and here “control” means an ownership, voting, or similar interest representing 50% or more of the total interests then outstanding of that entity. Where applicable or appropriate, references to Customer or Invicti shall include their respective Affiliates.

"AI Services" means any feature or functionality of the Invicti Solution that utilises machine learning, large language models, or similar technologies to generate content, predict outcomes, or automate tasks, including features branded as "Invicti Octo", "Predictive Risk Scoring", "AI-Aided DAST", and "AI Support Assistant".

“API Security Services” means services provided by Invicti to End User relating to the use of the API Security Software, including the identification of End User API endpoints, analysis of End User API structures, and generation of an End User AP Iinventory.

“Application” means a logical grouping of one ormore Targets representing a single software application, system or service. Applications are used to organize and manage related Targets, configurations and reports within the Invicti Solution.

"AUP" means Invicti's Acceptable Use Policy, presently at https://www.invicti.com/legal/ai-services, as periodically updated.

“Channel Order” means an order document entered into between End User and an authorised Channel Partner for End User's access to and use of the Invicti Solution, where that order incorporates or references governing terms agreed between that Channel Partner and Invicti.

"Channel Partner" means the authorised distributor or reseller through whom End User has purchased or obtained access to the Invicti Solution.

 "Content" means data gathered through use ofthe Invicti Solution or provided for use with the Invicti Solution, wherever stored.

"Data Insights" means data and information automatically collected by Invicti related to End User's use of the Invicti Solution, such as Target URLs, Project configurations, scan results, and feature usage data.

“Development Environment” means the computing environment in which an Application, service or component operates for development, testing, staging or production purposes, including any associated URLs, endpoints or infrastructure where the relevant asset is reachable for scanning or integration with the Invicti Solution.

“Direct Agreement” means a fully executed Subscription Services Agreement or other direct written agreement between Invicti and End User (or End User's affiliate) governing use of the Invicti Solution.

 "Documentation" means the operating instructions, user manuals, and other documentation that Invicti makes available to End User for the Invicti Solution.

“Fair Use” means the reasonable and intended use of the Invicti Solution, without imposing an excessive strain on the Invicti Solution or Invicti’s systems, circumventing licensing restrictions or disrupting the intended functionality of the Invicti Solution.

"Invicti Solution" means Invicti's proprietary software and/or cloud-based security scanning service, including all features, functions, user interfaces, and Documentation, as specified in the applicable Direct Agreement, Channel Order, or as made available by Invicti.

“Project” means a defined collection of software assets, repositories, components or microservices configured within the Invicti Solution for continuous security analysis and posture management. A Project may integrate data from source-code repositories, CI/CD pipelines, issue-tracking systems or Development Environments, and is used to correlate, prioritize and monitor vulnerabilities and remediation activities across the End User’s software assets. Each Project constitutes a separately countable unit for Subscription and Usage Purposes.

"Subscription Term" means the period during which End User is authorised to access and use the Invicti Solution, as set forth in the applicable Direct Agreement or Channel Order, or as otherwise specified by Invicti.

"Target" or “FQDN” means a single, distinct digital asset, domain, web application or API endpoint designated by the End User for scanning through the Invicti Solution, and reachable over anetwork connection within a specified Development Environment. Each Target constitutes a separately countable unit for Subscription and usage purposes.

"Usage Parameters" means any and all parameters specified in the Documentation, the Direct Agreement, the Channel Order, or other writing by Invicti regarding the permitted scope of use of the Invicti Solution by End User or its Users.

"Users" means End User's employees, contractors, or agents authorised to use the Invicti Solution on End User's behalf.

Last modified: June 09, 2026