DevBrows Terms of Service

Welcome to DevBrows. These Terms of Service ("Terms") govern your access to the DevBrows website, contact forms, service pages, content, communications, and any professional cybersecurity, compliance, VAPT, cloud security, advisory, or virtual CISO services provided by DevBrows (collectively, the "Services").

DevBrows is incorporated in India. The exact contracting entity name, tax details, registered-office details, and invoicing information may be stated in the applicable proposal, quotation, invoice, statement of work, authorization letter, master services agreement, or other engagement document.

1. Introduction

DevBrows provides cybersecurity consulting, virtual CISO support, compliance readiness, penetration testing, security reviews, cloud hardening, secure engineering guidance, and related B2B services for startups, SMEs, and digital businesses.

These Terms apply to your use of the website and, unless a separate signed agreement overrides a specific point, to your purchase or use of DevBrows Services. These Terms are incorporated by reference into engagement documents where relevant.

If you do not agree to these Terms, do not use the website, submit inquiries, or proceed with a DevBrows engagement.

2. Acceptance of Terms and Eligibility

You accept these Terms when you browse the website, submit a form, request a consultation, approve a proposal, sign an SOW or authorization document, pay an invoice, or otherwise engage DevBrows.

If you use the Services on behalf of a company or other legal entity, you represent that you are authorized to bind that entity. You also represent that you are legally competent to contract under applicable law and will use the Services only for lawful business purposes.

3. Services and Engagement Documents

The specific scope of a project or advisory engagement may be defined in one or more written documents such as a proposal, quotation, statement of work, service order, authorization letter, email approval, report scope, rules of engagement, or master services agreement.

• Scope control: anything outside the agreed scope may require a change request, revised pricing, and/or updated timelines.
• No automatic certification guarantee: compliance readiness support can help prepare for SOC 2, ISO 27001, DPDP, HIPAA, or customer reviews, but final certification or audit outcomes depend on client controls, auditor judgment, and external requirements.
• Point-in-time testing: VAPT, security review, and audit findings reflect conditions observed at the time and scope of testing; they are not a guarantee that all vulnerabilities or future attack paths have been eliminated.
• Professional judgment: recommendations are based on the information, access, evidence, and constraints made available by the client.

4. Consultation and Advisory Terms

• Free consultation window: DevBrows may offer an initial consultation or advisory call of up to 30 minutes at no charge.
• Paid advisory beyond 30 minutes: advisory time beyond the initial 30-minute free window may be chargeable at DevBrows' then-current consulting rates or as quoted in writing.
• Critical or extended support: if your request requires deeper analysis, incident support, hands-on review, architecture assessment, document review, or repeated advisory sessions, DevBrows may treat the work as a paid project and issue a proposal before continuing.
• No reliance on informal high-risk advice alone: for critical production, legal, or incident decisions, a short consultation may not be sufficient. DevBrows may recommend a formal engagement with defined scope and deliverables.

5. Pricing, Razorpay, GST, and Payment Milestones

Unless a written engagement document states different commercial terms, the following payment structure applies:

5.1 Taxes and Payment Charges

• GST: 18% GST is applicable on taxable services/invoices, or such other rate as may be required under Indian tax law from time to time.
• Razorpay / gateway fee: a 3% payment gateway or Razorpay processing charge may be applied unless waived or absorbed in writing by DevBrows.
• International transaction fee: an additional 3% international transaction, cross-border, or foreign payment charge may apply for payments from outside India or through international cards/payment routes.
• Bank, FX, and intermediary charges: any bank transfer charges, FX spread, intermediary bank charges, withholding, or receiving-bank deductions may be borne by the client unless the written proposal states otherwise.

5.2 Razorpay and Third-Party Payment Processing

DevBrows may accept payments through Razorpay or other approved processors. Your payment may be subject to Razorpay's Terms and Razorpay's Privacy Policy, in addition to these Terms.

DevBrows does not ask you to send full card details, banking passwords, OTPs, or authentication secrets by email or public forms. Payment timelines may shift if a bank, card issuer, or payment processor places a transaction under review.

5.3 Late Payment and Handover Hold

DevBrows may pause work, defer report release, withhold final handover, disable non-essential support, or adjust delivery timelines if invoices are overdue or payment confirmations have not been received. Final reports, audit artifacts, evidence packs, and source/code handover may be withheld until all due amounts are cleared.

6. Refunds, Cancellations, and Project Pauses

• Client-side cancellation before work starts: if you cancel before any work has started and before any project document has been signed or relied upon for resource planning, DevBrows may evaluate refund eligibility in writing after deducting any non-recoverable payment gateway, tax, administrative, or reservation costs.
• Pause due to delayed client inputs: if project execution is delayed because required access, approvals, scope confirmations, evidence, or personnel are not provided on time, DevBrows may pause timelines without refund and resume based on updated availability.
• Rescheduling advisory sessions: missed, late, or repeatedly rescheduled advisory sessions may be chargeable or counted against allocated time if sufficient notice is not provided.
• Chargebacks and disputes: if you raise a payment dispute after work has started or deliverables have been provided, DevBrows may submit scope documents, kickoff proof, communication logs, and delivery evidence to contest the dispute.

7. Client Responsibilities

• Provide accurate scope, business context, asset lists, technology details, compliance goals, deadlines, and contact points.
• Provide lawful access, written authorization, credentials, approvals, test accounts, whitelisting, and technical support needed for delivery.
• Ensure that all systems, domains, IPs, repositories, cloud accounts, and third-party assets included in scope are owned by you or lawfully authorized for testing or review.
• Create backups, change windows, rollback plans, and internal coordination for production systems where testing, hardening, or remediation may affect availability or performance.
• Review interim findings and final deliverables promptly and implement accepted remediation actions. DevBrows is not responsible for risks caused by client-side delays or ignored recommendations.
• Do not ask DevBrows to perform unlawful surveillance, unauthorized access, destructive attacks, credential theft, malicious persistence, data exfiltration outside agreed testing scope, or any activity that violates law or third-party rights.

8. Security Testing Authorization and Rules of Engagement

For VAPT, pentesting, red-team-style reviews, cloud assessments, application testing, or security validation work, DevBrows may require a written scope and authorization before execution.

• Scope boundaries: testing is limited to assets, environments, accounts, domains, applications, APIs, IP ranges, cloud subscriptions, and dates explicitly approved in writing.
• No unauthorized third-party testing: if a third-party SaaS platform, hosting provider, payment system, or vendor system is involved, you must confirm that testing is permitted and obtain any required third-party approvals.
• Availability and impact risk: testing may reveal weaknesses and, in some cases, create load, instability, lockouts, alerts, or service disruption. DevBrows will use commercially reasonable care, but you remain responsible for production readiness, backups, incident handling, and test-window approvals.
• Credentials and secrets: you must share credentials securely and rotate, revoke, or expire test credentials after the engagement as appropriate.
• Emergency stop: either party may request a pause if material instability, suspected unauthorized activity, or an unexpected safety issue is observed.

9. Deliverables, Acceptance, and Report Transfer

• Deliverable format: deliverables may include reports, findings tables, remediation roadmaps, policy drafts, advisory notes, architecture recommendations, evidence checklists, code review notes, or implementation guidance.
• Review period: if you have good-faith factual corrections or scope-related clarifications, raise them promptly after receiving the draft or final deliverable so they can be reviewed.
• Final handover after payment: final report transfer, detailed evidence, source/code package handover, or other final delivery artifacts may be shared only after the final 25% payment and all overdue charges are cleared.
• Acceptance: unless a written SOW states a different acceptance process, deliverables may be deemed accepted if no material scope-based objections are raised within 7 calendar days of delivery.

10. Confidentiality and Privacy

DevBrows treats client business information, technical details, security findings, and shared documents as confidential and uses them only for service delivery, internal quality review, legal compliance, and administrative purposes, unless disclosure is required by law or expressly approved in writing.

Your use of the website and DevBrows' handling of personal data are also governed by the Privacy Policy. DevBrows does not sell your personal data to data brokers.

If a separate NDA, DPA, MSA, or confidentiality clause is signed, that document may supplement or override this section for the relevant engagement.

11. Intellectual Property

• DevBrows website IP: website design, text, visuals, service descriptions, code, brand assets, trademarks, and other site materials remain owned by DevBrows or its licensors and may not be copied, scraped, republished, or reused without written permission.
• Client background IP: you retain ownership of your pre-existing systems, source code, confidential materials, and business data.
• Deliverables license/ownership: unless a written agreement states otherwise, once all fees are fully paid, DevBrows grants the client a non-exclusive, worldwide, internal business license to use final reports, recommendations, and project deliverables for security, compliance, remediation, audit, and internal governance purposes.
• Reusable know-how: DevBrows retains ownership of pre-existing methods, templates, generic playbooks, tools, scripts, frameworks, non-client-specific know-how, and lessons learned, provided your confidential information is not disclosed.
• Public reference: DevBrows will not publicly use your name, logo, case study, or security results without written permission unless already public and legally reusable.

12. Website Use and Prohibited Conduct

• Do not use the website or forms for unlawful, fraudulent, abusive, or misleading activity.
• Do not probe, scan, exploit, brute force, overload, or attempt unauthorized access to DevBrows systems, accounts, infrastructure, or third-party services connected to the website.
• Do not upload malware, exploit payloads, illegal material, or sensitive third-party data that you are not authorized to share.
• Do not scrape, clone, copy, or republish website content, UI, code, brand assets, or service messaging at scale without written permission.
• Website analytics and cookie-related usage are described in the Privacy Policy.

13. Disclaimers and Limitation of Liability

The website is provided on an "as is" and "as available" basis. DevBrows does not warrant that website content will always be uninterrupted, error-free, or complete.

Professional services are delivered using commercially reasonable skill and care, but DevBrows does not guarantee zero vulnerabilities, zero incidents, guaranteed certification, guaranteed audit success, guaranteed procurement approval, uninterrupted uptime, or specific business outcomes unless a written agreement expressly states a measurable commitment.

To the maximum extent permitted by applicable law, DevBrows will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost goodwill, loss of data, business interruption, or substitute procurement costs arising from the website, advisory calls, or Services.

To the maximum extent permitted by law, DevBrows' aggregate liability arising out of or relating to a paid engagement will not exceed the total fees actually paid to DevBrows for the specific engagement giving rise to the claim during the 6 months preceding the event that caused the claim, unless a signed agreement states a different liability cap or applicable law requires otherwise.

14. Indemnification

You agree to defend, indemnify, and hold harmless DevBrows and its personnel from and against claims, damages, liabilities, penalties, losses, costs, and expenses (including reasonable legal fees) arising from:

• your misuse of the website or Services,
• your breach of these Terms or a written engagement document,
• your violation of law, third-party rights, privacy obligations, or authorization requirements,
• inaccurate scope representations or lack of lawful permission to test in-scope systems, or
• production changes, outages, or business impacts caused by client-side actions, delayed remediation, or instructions contrary to DevBrows recommendations.

15. Governing Law and Dispute Resolution

These Terms and any non-contractual obligations arising out of or relating to them are governed by the laws of India, without regard to conflict-of-law principles, except where mandatory law provides otherwise.

The courts or competent tribunals located in India having jurisdiction over DevBrows' registered office or the contracting entity identified in the relevant invoice/SOW shall have exclusive jurisdiction over disputes, unless a signed agreement specifies another lawful dispute forum.

Before filing a formal claim, both parties should make a good-faith effort to resolve the dispute through written notice and management-level discussion for at least 15 days, unless urgent injunctive or security-related relief is required.

16. Updates, Severability, and Contact

DevBrows may update these Terms from time to time by posting a revised version on this page and changing the "Last Updated" date. Continued use of the website or Services after the update means you accept the revised Terms, except where a signed engagement contract preserves older project-specific terms.

If any provision of these Terms is held unenforceable, the remaining provisions will continue in effect to the maximum extent permitted by law. No waiver is effective unless in writing and signed or expressly confirmed by DevBrows.

For questions about these Terms or commercial terms for a project, contact:

• Email: inquiry@devbrows.com
• Contact form: devbrows.com/contact
• Legal entity: DEVBROWS LLP
• LLPIN: ACU-3276
• Registered office: Co Khetivadi Utpan Bajar, Vill Ta Pavi Jetpur, Chhota Udepur, Vadodara, Gujarat 391160, India
• Company status: India-registered business serving clients internationally. Please share your legal entity and billing requirements in the inquiry if you need contract paperwork or tax details.