vPenTest Terms of Use

Updated as of July 18, 2025

These Terms of Use (“Terms”) govern access to and use of vPenTest and related services (collectively, “vPenTest” or the “Product”).   By purchasing or using the Product, you agree to be bound by these Terms, which are incorporated into the Kaseya Master Agreement accessible here or such other master agreement (“Master Agreement”) between you and the Kaseya entity from which you purchase Products (“Kaseya”). Capitalized terms not defined in these Terms have the meaning given to them in the Master Agreement.  The Master Agreement and these Terms are collectively the “Agreement.”  In the event of any conflict between the Master Agreement and these Terms, these Terms will take precedence with respect to the Product.

  1. DEFINITIONS
    Definitions relevant to the Product are as follows:

    • “Device” means physical or virtual computing object that has a unique IP address assigned to it.
    • “Findings” means information related to vulnerabilities that are identified by the Product through Testing.
    • “Network” means a collection of Devices that are connected to a common network device.
    • “Product Report” means information compiled by the Product related to Testing which includes, if applicable, the scope of Testing, a list of Findings, activities performed by the Product and recommendations regarding remediation.
    • “Subscription Plan” means the pricing and licensing package purchased by you, as further described in Section 1(c).
    • “Test” or “Testing” means the Network penetration testing performed by the Product on the Test Targets.
    • “Test Targets” are the Devices on the Network that you choose to Test.
  2. PRODUCT USE AND LICENSING
    1. About vPenTest. vPenTest is a platform that automates network penetration testing services and allows you to easily schedule and conduct internal and external penetration tests. Testing is performed against the public or internal IP address of Test Targets that you choose and provide.
    2. Right to Use. All rights to use the Products are conditioned upon enrollment in a valid Product Subscription. Subject to your compliance with the Agreement and the receipt by us of all applicable fees, Kaseya grants you a limited, revocable, non-sublicensable, non-exclusive right and license during the Product’s Committed Service Term to access and use vPenTest within your Subscription Plan and the Product Specifications. The Product may be used to Test your organization’s internal Test Targets or, if you are an MSP, your Clients’ Test Targets, provided that you have obtained authorization from the relevant parties to perform such Testing. A Service Subscription begins on the date set forth on the Order (the “Activation Date”).
    3. Licensing.
      1. Licenses for the Product are subject to a “Subscription Plan” purchased by you. Subscription Plans describe various features and attributes of your right to use the Product and may include, where applicable to a Subscription Plan:
        • License amounts, and if applicable by type (e.g. Internal IPs, External IPs, Prospecting, NFR);
        • The Subscription’s Committed Service Term;
        • Distribution rights (e.g. pools for multiple Clients);
        • Pricing, and;
        • Frequency of replenishment of Licenses.
      2. A License is required and used for Testing conducted on each Test Target.
      3. Licenses that are issued for a certain License Period but unused do not roll over into the next period, and are forfeited.
      4. Kaseya does not guarantee that any particular Subscription Plan will be offered to you; some Subscription Plans are offered to only certain types of organizations. Kaseya reserves the right to change the Subscription Plans without notice, provided that such changes shall not take effect mid-Committed Service Term.
      5. You acknowledge that the Product tracks and enforces License limitations. If the Product is being used in excess of your Subscription Plan, Kaseya reserves the right to: Suspend Product Services until your use of the Product again complies with your License rights, or Automatically invoice you for such additional use, and you hereby agree to pay such invoices.
    4. Agent Software. The Product involves the use of Agent Software, and you hereby agree to the terms of all applicable Agent Software licenses. We grant you the non-exclusive, non-assignable, limited right to download, install and use the Agent Software solely to facilitate your access to, operation of, and/or use of the Products as specified in an Order. Your right to use such Agent Software will terminate upon the termination of the Service Subscription associated with the Product.
    5. Third Party Feeds. The Product incorporates third party information regarding vulnerabilities or other threats that are used during Testing (“Third Party Feeds”). Kaseya may drop, add or substitute types of Third Party Feeds at any time, without notice, in its discretion. Information about our current Third Party Feed(s) may be available to you from your Kaseya account manager. Third Party Feeds are a form of Third Party Technology, as that term is defined in the Agreement.
  3. REPORTS AND PENTESTING
    1. Your Right to Perform Testing. The Product may only be used for good faith testing and remediation to advance the security of your Networks or those of your Clients. You represent that:
      1. You have the appropriate authorizations from the owners of the Test Targets and Networks to perform Testing, and;
      2. You hereby authorize Kaseya to access the Test Targets and Networks for purposes of providing the Product. It is your responsibility to confirm owner authorization.
    2. How We Test. Kaseya Tests automatically and/or manually by scanning Test Targets for vulnerabilities. We then attempt to exploit such vulnerabilities. If we successfully exploit a vulnerability, we do gain access to the applicable Test Targets and provide such information in the applicable Product Report. During an exploitation, we export sample information from the Test Targets (e.g., passwords and file content) (“Content”), as evidence of the vulnerability. It is your obligation to inform relevant personnel that such activities should not be mistaken for a cyber attack. PLEASE NOTE: Exploitations can cause certain Test Targets to malfunction, and you may be required to take action with respect to such Test Targets such as, for example, rebooting or restarting the Test Target.
    3. Remediation Activities. The Services do not include remediation activities of any type. Any remediation effort that you choose to perform based on the Findings is your obligation, to be performed by your personnel or by a third party providers chosen and hired by you.
    4. Findings. Except for trial Subscriptions, after each round of Testing, you will receive a Product Report with Findings of the Testing. Findings are dependent upon various factors including Device availability, Network configuration changes and the current list of exploits; for these reasons, Findings can vary over time, even when Testing is performed on the same Test Targets.
    5. Product Reports. Kaseya reserves all rights in the intellectual property of the Product Reports, including the format of the Product Reports and methodologies used during the Testing, all of which is Kaseya Confidential Information. You are provided the right to use the Product Report internally or share the Product Report with your third party service providers for the sole purpose of identifying vulnerabilities and remediations with respect to your Networks and Test Targets, or those of your Client.
    6. Retention of Information. During the Committed Service Term of a Product Subscription, Product Reports and Content are saved and available for download for a period of time configurable by you, up to the Committed Service Term (“Retention Period”). If the Retention Period is not configured, the default period is ninety (90) days. After the Retention Period has run, Kaseya reserves the right to destroy Product Reports and Content. Once a Subscription Service has terminated, there will be no further ability to access Product Reports or Content from your account.
    7. Automation and Data Privacy. In conducting the Tests, Kaseya may use advanced automation capabilities to enhance your experience and efficiency. All Content processed through our automation capabilities is aggregated and anonymized. All data associated with the Products, including Administrative Data, Aggregated Data, and Content, are stored in the United States or European Union, as determined by the customer upon Product configuration. You or the Client (as applicable) are responsible for securing the necessary consents related to the hosting location of such information. In those circumstances where Kaseya collects or processes personal information, it will do so pursuant to the Master Agreement, as well as the Kaseya Privacy Statement which is available at https://www.kaseya.com/legal/kaseya-privacy-statement/.
    8. Additional Disclaimers. KASEYA MAKES NO GUARANTEE THAT ALL VULNERABILITIES, SECURITY RISKS OR THREATS WILL BE DETECTED BY THE PRODUCT, OR THAT FALSE POSITIVES WILL NOT OCCUR. Findings and other information generated by or provided through the Product must be reviewed by you in consultation with your internal team.