The following Terms and Conditions (the "Agreement") govern the provision of services by the Provider through the Thunder Engine platform (thundersec.org) to the person or entity requesting the Services (the "Client").
1. Glossary
For the purposes of these T&C, the following capitalized terms shall have the meanings set forth below:
i. Client: A legal entity or natural person that contracts the Services from the Provider.
ii. Access Credentials: A set of data—generally a username and password, and possibly a digital certificate, smart card, token, among others—that identify the Client on the Thunder Engine platform. These data enable user identification and authentication to access the Thunder Engine server.
iii. User Account: The virtual space assigned to each Client after registration on Thunder Engine, accessible only through the use of Access Credentials. Through the User Account, the Client may subscribe to and use the Services offered by the Provider.
iv. Personal Data: Any data relating to an identified or identifiable natural person.
v. Vulnerability Scanning: An activity in which vulnerabilities in networks and systems are sought using various techniques and specialized applications, in order to identify and remediate them before they can be exploited by cybercriminals. The scan focuses on applications, ports, and services deployed on the public access surface of an organization’s IT Infrastructure.
vi. Footprint or Digital Footprint: A cybersecurity term referring to the collection of information originating from a system or a person on the Internet. This information is generally available through public access channels such as search engines. The footprint is the trail left by the entity being investigated and helps define a system, network, or company.
vii. Force Majeure or Fortuitous Event: An extraordinary, unforeseeable, and unavoidable event that prevents fulfillment of a contractual obligation, beyond the control of the parties and not preventable even with maximum diligence. Examples include unexpected electronic failures interrupting critical services, accidental fires without deliberate human intervention, unforeseen legislative changes, and natural disasters such as earthquakes, hurricanes, or floods.
viii. Confidential Information: Any information, data, document, or knowledge lawfully held by a person or organization relating to commercial, institutional, or industrial secrets, as well as personal data, that has economic value for its holder and is protected by technical and organizational measures to prevent unauthorized disclosure.
ix. IT Infrastructure: All elements required to create and run software applications within an organization, including hardware, network components, operating systems, data storage, and various types of software used to deliver IT services and run software solutions.
x. IP (Internet Protocol): A unique address expressed as a string of numbers that identifies a device on the Internet or a local network, enabling data transmission and providing geographic location information.
xi. Backdoor: Any weakness in a program or system through which an unauthorized person can access the system, whether due to errors, flaws, or intentional creation.
xii. Port: An interface or “gateway” through which data can be sent and received. Ports may be physical (hardware connectors) or logical (software-implemented ports enabling communication between machines on a network).
xiii. SaaS: Software as a Service, cloud-based software that delivers applications to end users via an Internet browser.
xiv. Services or Service: Access to and use of the Thunder Engine SaaS platform, which enables scanning of metadata associated with Internet-connected devices and collection of information from public and open sources related to an Internet domain or organization, for threat intelligence and identification of exposed vulnerabilities on the attack surface of related IT Infrastructures.
xv. URL (Uniform Resource Locator): The unique and specific address of each website or web resource.
xvi. User: A natural person who visits and browses the Site.
2. Acceptance of These Terms and Conditions
THE PERSON ENTERING INTO AND ACCEPTING THIS AGREEMENT GUARANTEES THAT THEY HAVE THE AUTHORITY TO BE BOUND BY THESE TERMS AND CONDITIONS, OR, IF ACTING ON BEHALF OF A THIRD PARTY, THAT THEY HAVE THE LEGAL AUTHORIZATION AND REPRESENTATION TO ACCEPT AND COMPLY WITH THESE TERMS ON BEHALF OF SUCH THIRD PARTY, AND TO AUTHORIZE THE PROVIDER TO PERFORM THE SERVICES.
If, after electronic acceptance of this Agreement, the Provider determines that the person claiming legal representation of a third party lacks such authority, that person shall be personally liable for all obligations contained herein, including payment obligations and civil liability. Such conduct may also give rise to civil, administrative, or criminal liability, including for fraudulent use of personal data, identity theft, or computer sabotage.
The Provider shall not be liable for any loss or damage resulting from execution of the Services arising from a request reasonably considered genuine and originating from an apparently authorized representative. Where reasonable doubt exists regarding identity, authority, or authenticity, the Provider reserves the right (but not the obligation) to request additional documentation or data.
The Client agrees to be bound by this Agreement and responsible for all transactions carried out by any person acting on its behalf using the Access Credentials provided, whether authorized or not.
The Client agrees to provide current and accurate information in all registration forms and acknowledges the legal consequences of impersonation or acting without legal authority. Authorized collaborators of the Client are also bound by these T&C, and the Client agrees to cooperate in verifying their identity and authority.
3. User Account and Access Credentials
To contract the Services, the Client must create a User Account, which may be used by authorized persons. All activity conducted through the account is attributed to the Client.
If false, inaccurate, incomplete, or outdated information is provided, or if the Provider reasonably suspects such, the Provider may suspend or terminate the User Account and deny current or future use of the Services.
The Client is responsible for all activity under its User Account and must immediately notify the Provider of any unauthorized use or security breach. The Client is liable for any damage or loss resulting from unauthorized use.
4. Ineligible Persons
To the extent permitted by law, the Services may not be contracted or used if:
i. The Client, its representatives, or employees have been convicted of computer-related crimes;
ii. The Client’s activities constitute direct competition with the Provider;
iii. The Services are requested from a region where their use is prohibited by law;
iv. The Provider has previously denied the Client access to the Services.
The Provider reserves the right to deny Services at its sole discretion.
5. About the Service
5.1 Service Features
Through Thunder Engine, the Provider offers Services under an annual subscription plan, including:
i. Asset profiling and external reconnaissance of IT Infrastructure;
ii. Identification of attack surfaces (servers, ports, domains, applications);
iii. Open-source intelligence related to device or domain footprint (excluding third-party personal data);
iv. Generation of reports with metrics and findings sent to the Client’s email.
Features may be expanded or limited at the Provider’s discretion, with notice via the Site or registered email.
5.2 Trial Period
A 7-day free trial is offered. Some features may be limited during this period.
5.3 Subscription
Continued use requires payment of the annual plan. Failure to pay will result in account deactivation.
5.4 Technical Requirements
Access requires a desktop computer (Windows, Mac, or Linux) or mobile device (iOS or Android) with a functional web browser. Access is permitted worldwide except from high-risk countries as determined by the Provider. Costa Rican law governs this Agreement.
5.5 Availability
The Provider will make reasonable efforts to maintain availability but is not responsible for downtime due to maintenance, client devices, or external infrastructure failures.
5.6 Support
Support is provided only to paid subscribers via the Thunder Engine interface, Monday–Thursday, 8:00 a.m.–3:00 p.m., or as otherwise agreed with priority clients.
6. Prohibited Uses
The Client agrees not to:
Resell, sublicense, or share access to Thunder Engine;
Copy or create derivative services;
Use the Services for unauthorized commercial purposes;
Collect third-party personal data;
Transmit illegal or malicious content;
Distribute malware;
Modify or tamper with the Site;
Circumvent security measures;
Use scraping or bots, especially for AI training;
Damage or spy on third-party IT infrastructure;
Reverse engineer or decompile software;
Commit fraud or impersonation;
Remove ownership notices.
7. Information Security
The Provider implements industry-standard security practices and operates on AWS infrastructure with recognized certifications (ISO 27001, SOC, PCI DSS, etc.).
The Provider is not responsible for damages resulting from Client conduct, phishing, malware, or other cyber threats beyond its control.
Clients must remain vigilant, use secure devices, and protect their credentials.
Clients and Users must:
Use the Service legally;
Report phishing attempts on the help section.
;
Use updated, secure devices;
Respect the Provider’s intellectual property rights.
8. Informed Consent and Personal Data Protection
Personal data will be processed in accordance with Costa Rica’s Law No. 8968.
The Client expressly consents to the processing of personal data for authentication, billing, communications, support, and contractual purposes. Data may be shared with partners, providers, payment processors, and government authorities as required by law.
Data may be anonymized and used for AI model training. Retention will not exceed legal limits. Clients may exercise access, rectification, cancellation, and opposition rights via email at powerit89@gmail.com
.
9. Confidential Information
9.1 Scope
Confidential Information includes all non-public business, technical, or proprietary information disclosed under this Agreement, excluding information already public or independently developed.
9.2 Obligations
Confidential Information may only be used for purposes of this Agreement and must be protected with reasonable security measures. Disclosure is limited to personnel with a need to know.
9.3 Exceptions
Disclosure is permitted if required by law or court order, or to enforce rights under this Agreement, with prior notice where possible.
10. Intellectual Property
10.1 License
The Client receives a limited, revocable license to use Thunder Engine during an active subscription. No ownership rights are granted.
10.2 Protected Works
All content, software, designs, and materials are the exclusive property of the Provider or licensed third parties and may not be used without written authorization.
10.3 Prohibited Use
Web scraping and use of content for AI training or data mining are strictly prohibited.
10.4 Legal Violations
Unauthorized use may result in immediate access termination and legal action under Costa Rican and international law.
10.5 Data and Aggregated Data Use
The Provider may use anonymized, aggregated, and performance-related data for analysis, derivative works, and service improvement. All rights to such data belong to the Provider.
Copyright complaints may be submitted to powerit89@gmail.com
.
11. Limitation of Liability
The Provider is not responsible for third-party websites or external failures. The Service is provided “AS IS,” without warranties of any kind.
Indemnification
The Client agrees to defend, indemnify, and hold harmless the Provider from claims arising from misuse of the Services or violation of this Agreement.
12. Governing Law and Dispute Resolution
Any dispute arising from these T&C shall be resolved before the ordinary courts of Costa Rica.