Terms of Service
Diffidentia — Cybersecurity Consulting & Contracting
Plain English summary: These terms govern your use of the Diffidentia website and software platform, and any consulting or contracting engagement you enter into with us. Individual engagements are further governed by a signed Statement of Work and Master Service Agreement, which take precedence over these general terms where they conflict.
1. About these terms
These Terms of Service ("Terms") govern your access to and use of the Diffidentia website at diffidentia.ai (the "Site"), the Diffidentia Security Analyzer Suite software ("Software"), and any cybersecurity consulting or contracting services provided by Diffidentia LLC, a California limited liability company ("Diffidentia," "we," "our," or "us").
By accessing the Site, downloading or using the Software, or engaging us for services, you agree to be bound by these Terms. If you do not agree, do not use the Site, Software, or services.
2. Who we are
Diffidentia LLC is a California limited liability company providing cybersecurity consulting, contracting, and AI-powered security analysis software. Our principal place of business is in California.
Founder and principal: Michael Hogue-Rennie, CISSP, GCIA, GCIH, GCED, GSEC, CEH Practical.
Contact: hello@diffidentia.ai ·
3. Software license
Subject to these Terms, Diffidentia grants you a limited, non-exclusive, non-transferable, revocable license to download, install, and use the Software solely for your internal security analysis and operational purposes.
You may not:
- Sublicense, sell, resell, transfer, or otherwise make the Software available to third parties
- Modify, reverse engineer, decompile, or disassemble the Software except to the extent expressly permitted by applicable law
- Use the Software to provide security services to third parties without a separate written agreement with Diffidentia
- Remove or alter any proprietary notices, labels, or marks on the Software
- Use the Software for any unlawful purpose or in violation of any applicable law or regulation
4. Software "as is" — no warranty
The Software is provided "as is" and "as available" without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, accuracy, or non-infringement.
Security analysis produced by the Software is generated by a locally running large language model and is provided for informational and operational purposes only. It is not a substitute for qualified human security judgment. Diffidentia makes no representation that findings are complete, accurate, or free from error. You are responsible for verifying findings and for all remediation decisions made in reliance on Software output.
5. Acceptable use
You agree to use the Software only on systems and networks you own, operate, or have explicit written authorization to test. You must not use the Software to:
- Scan, probe, or analyze systems you do not have authorization to access
- Conduct offensive security operations against third parties
- Violate any applicable law, including the Computer Fraud and Abuse Act (CFAA) or equivalent laws in your jurisdiction
- Interfere with the security or integrity of any system
Unauthorized use may result in immediate termination of your license and may expose you to civil or criminal liability.
6. Updates and availability
We may update, modify, or discontinue the Software at any time without notice. Because the Software runs locally on your infrastructure, we cannot force updates or revoke access to versions you have already installed. However, continued use of the Site or any hosted services constitutes acceptance of updated Terms.
7. Engagement terms
Consulting and contracting engagements are governed by a signed Master Service Agreement (MSA) and Statement of Work (SOW) executed between Diffidentia and the client. In the event of any conflict between these Terms and a signed MSA/SOW, the MSA/SOW controls.
No consulting or contracting services are provided without a signed SOW. Verbal agreements, email exchanges, and informal arrangements do not constitute a binding engagement.
8. Payment terms
Invoicing
Unless otherwise specified in the SOW, Diffidentia invoices on the schedule set out in the SOW (typically net-15 or net-30). Invoices are delivered electronically to the billing contact specified in the SOW.
Late payments
Invoices unpaid after the due date accrue interest at 1.5% per month (18% per annum) on the outstanding balance, or the maximum rate permitted by California law, whichever is lower. Diffidentia reserves the right to suspend services on accounts more than 30 days past due.
Expenses
Pre-approved travel and out-of-pocket expenses are billed at cost with supporting receipts. Remote engagements incur no travel expenses unless otherwise agreed in writing.
Taxes
All fees are exclusive of applicable taxes. Client is responsible for all sales, use, value-added, or similar taxes imposed by any governmental authority on services rendered, other than taxes on Diffidentia's net income.
9. Intellectual property
Client-owned deliverables
Upon receipt of full payment, Diffidentia assigns to the client all rights, title, and interest in custom deliverables created specifically for that engagement (reports, playbooks, custom scripts, documentation) as specified in the SOW.
Diffidentia background IP
Diffidentia retains all rights to its pre-existing intellectual property, methodologies, tools, frameworks, templates, and the Software itself. Nothing in any engagement grants the client a license to the Software beyond the license described in Section 3, or a license to Diffidentia's proprietary methodologies beyond their use in the specific deliverables.
Residual knowledge
Diffidentia personnel may retain in their unaided memory general knowledge, skills, and experience acquired during an engagement. This does not constitute a breach of confidentiality.
10. Confidentiality
Each party agrees to hold in strict confidence all non-public information received from the other party in connection with an engagement ("Confidential Information") and to use it solely for the purposes of the engagement.
Confidential Information does not include information that: (a) is or becomes publicly known through no breach of these Terms; (b) was rightfully known before disclosure; (c) is independently developed without use of the disclosing party's Confidential Information; or (d) is required to be disclosed by law or court order, provided the receiving party gives prompt written notice to the disclosing party.
Confidentiality obligations survive termination of any engagement for a period of three (3) years, except that obligations with respect to trade secrets survive indefinitely.
11. Scope and change orders
Work outside the scope of the signed SOW requires a written change order executed by both parties before Diffidentia commences the additional work. Verbal approvals for out-of-scope work are not binding.
Diffidentia will notify the client in writing as soon as it becomes aware that agreed scope is likely to be exceeded before proceeding.
12. Client responsibilities
Client agrees to:
- Provide Diffidentia with timely access to systems, personnel, and documentation reasonably necessary to perform the engagement
- Ensure Diffidentia has proper written authorization to access and test any systems included in the engagement scope
- Designate a project contact who has authority to make decisions and approve deliverables
- Review and provide feedback on deliverables within the timeframes specified in the SOW
- Notify Diffidentia immediately of any changes to system configurations or scope that may affect the engagement
Delays caused by client's failure to fulfill these responsibilities may extend engagement timelines and could result in additional fees, which will be communicated in advance.
13. Limitation of liability
To the maximum extent permitted by applicable law, Diffidentia's total cumulative liability to you for any claims arising out of or relating to these Terms, the Software, or any engagement — whether in contract, tort, or otherwise — shall not exceed the greater of:
- The total fees paid by you to Diffidentia in the twelve (12) months immediately preceding the claim, or
- One thousand US dollars ($1,000) if no fees have been paid
In no event shall Diffidentia be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of data, business interruption, or cost of substitute services, even if Diffidentia has been advised of the possibility of such damages.
Some jurisdictions do not allow the exclusion of certain warranties or the limitation of liability for certain types of damages. In such jurisdictions, Diffidentia's liability is limited to the fullest extent permitted by law.
14. Indemnification
You agree to defend, indemnify, and hold harmless Diffidentia and its officers, employees, and contractors from any claims, damages, losses, and expenses (including reasonable legal fees) arising out of or related to:
- Your use of the Software in violation of these Terms or applicable law
- Your use of the Software on systems you did not have authorization to access
- Any material you provide to Diffidentia during an engagement that infringes a third party's intellectual property or violates applicable law
- Your breach of any representation, warranty, or obligation under these Terms
15. Disclaimer of security guarantees
Cybersecurity is not an absolute science. Diffidentia does not represent or warrant that any engagement, deliverable, or Software output will identify every vulnerability, prevent all security incidents, or render any system immune from attack. Security findings and recommendations are provided based on information available at the time of the engagement and may not reflect vulnerabilities discovered or disclosed thereafter.
Diffidentia's services are not a substitute for a comprehensive, ongoing security program. Client is solely responsible for decisions made in reliance on Diffidentia's findings.
16. Governing law and disputes
These Terms and any engagement governed by them are governed by and construed in accordance with the laws of the State of California, without regard to its conflict of law principles.
Any dispute arising out of or relating to these Terms or any engagement that cannot be resolved through good-faith negotiation between the parties shall be submitted to binding arbitration in accordance with the rules of the American Arbitration Association (AAA), with proceedings conducted in San Jose, California. Judgment on the award rendered may be entered in any court of competent jurisdiction.
Notwithstanding the foregoing, either party may seek injunctive or other equitable relief from a court of competent jurisdiction to prevent irreparable harm pending the outcome of arbitration.
17. Termination
Either party may terminate an engagement for convenience upon written notice as specified in the applicable SOW (typically 14 or 30 days). In the event of termination for convenience by the client, Diffidentia shall be paid for all work completed and expenses incurred through the effective date of termination.
Diffidentia may terminate your license to the Software immediately and without notice if you breach the acceptable use provisions of Section 5 or any other material provision of these Terms.
18. Entire agreement and modifications
These Terms, together with any applicable MSA and SOW, constitute the entire agreement between you and Diffidentia with respect to the subject matter hereof and supersede all prior and contemporaneous agreements, representations, and understandings.
We may update these Terms at any time. Material changes will be posted at diffidentia.ai/terms with an updated effective date. Continued use of the Site or Software after the effective date of changes constitutes acceptance of the updated Terms. If you disagree with changes, your sole remedy is to stop using the Site and Software.
19. Severability and waiver
If any provision of these Terms is found unenforceable by a court of competent jurisdiction, that provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall continue in full force and effect.
Diffidentia's failure to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision.
20. Contact
Questions about these Terms, requests for a Master Service Agreement template, or inquiries about consulting and contracting engagements:
- Email: hello@diffidentia.ai