Legal

Terms of Service

Last updated: April 2026

1. Agreement

By accessing ghosts.lkor engaging Ghost Protocol (Pvt) Ltd ("Ghost Protocol", "we", "us") for services, you agree to these terms. If you do not agree, please do not use our website or services.

2. Services

Ghost Protocol provides:

  • Security Testing: Vulnerability assessments, penetration testing, security audits
  • Software Development: Web applications, APIs, custom platforms
  • Developer Tools: Wyrm (open source, AGPL-3.0), DragonKeep, and other tools
  • SaaS Subscriptions: Wyrm Pro, Wyrm Team, and Wyrm Enterprise plans
  • Consulting: Security architecture, compliance guidance, technical advisory

Specific deliverables, timelines, and pricing are defined in individual service agreements or proposals. These terms apply as a baseline to all engagements.

3. Security Testing Authorization

Important: All security testing (penetration testing, vulnerability scanning) is performed only with explicit written authorization from the system owner. Clients must provide written scope confirmation before any testing begins. Ghost Protocol will never test systems without proper authorization.

4. Payment and Billing

4.1 Merchant of Record

All payments for Ghost Protocol products and subscriptions are processed by Paddle.com Market Ltd("Paddle"), which acts as our Merchant of Record. Paddle handles payment processing, invoicing, sales tax, and VAT on our behalf. When you make a purchase, you are transacting with Paddle, and Paddle's Terms of Service and Privacy Policy also apply.

4.2 Subscriptions

  • Subscriptions are billed on a recurring basis (monthly or annually as selected)
  • Your subscription automatically renews at the end of each billing period unless cancelled
  • You may cancel your subscription at any time through your account or by contacting us
  • Cancellation takes effect at the end of the current billing period — you retain access until then
  • Price changes will be communicated at least 30 days in advance

4.3 Custom Services

  • One-time services: 50% upfront, 50% upon delivery
  • Retainers: Billed monthly in advance
  • Invoices are due within 14 days unless otherwise agreed
  • Late payments may incur a 1.5% monthly fee after 30 days overdue

4.4 Taxes

Paddle calculates and collects applicable sales tax, VAT, or GST based on your location. The price shown at checkout includes all applicable taxes.

5. Refunds

Our refund policy is detailed on our Refund Policy page. In summary:

  • SaaS subscriptions may be refunded within 14 days of the initial purchase if unused
  • Renewal charges are not refundable, but you may cancel to prevent future charges
  • Custom services follow the refund terms in the service agreement

6. Intellectual Property

Client deliverables:Upon full payment, clients receive ownership of custom-built deliverables as specified in the service agreement. Generic frameworks, libraries, and reusable components remain Ghost Protocol's property.

Our tools: Ghost Protocol retains all rights to its proprietary tools (PhantomDragon, DragonKeep, DragonScale, DragonForge, Ghost License) and methodologies.

Open source: Wyrm and other open source projects are licensed under their respective licenses (e.g., AGPL-3.0). Use of these tools is governed by those licenses.

7. Confidentiality

We treat all client data, systems information, and vulnerability findings as strictly confidential. Security test results are shared only with authorized client contacts. We will never disclose client information without written consent unless required by law.

8. Limitation of Liability

Ghost Protocol performs security testing and development with professional care. However, no security test can guarantee the discovery of all vulnerabilities, and no software can be guaranteed defect-free. Our liability is limited to the fees paid for the specific engagement in question.

We are not liable for: damages arising from unauthorized use of our tools, third-party actions, force majeure events, or client's failure to implement recommended security fixes.

9. Open Source Tools

Our open source tools (e.g., Wyrm under AGPL-3.0) are provided "as is" without warranty. Commercial use requires compliance with the applicable open source license. For commercial licensing inquiries, contact us.

10. Acceptable Use

You agree not to:

  • Use our services or tools for illegal activities
  • Attempt to reverse engineer proprietary tools
  • Misrepresent our findings or reports
  • Resell or redistribute our services without authorization
  • Share subscription access with unauthorized users
  • Circumvent usage limits or access controls

11. Termination

Either party may terminate an engagement with 14 days written notice. Client is responsible for payment of work completed to date. For subscriptions, cancellation takes effect at the end of the current billing period. Confidentiality obligations survive termination indefinitely.

We reserve the right to suspend or terminate access to paid services for violation of these terms or non-payment, with notice where practicable.

12. Governing Law

These terms are governed by the laws of Sri Lanka. Any disputes will be resolved in the courts of Colombo, Sri Lanka, unless an alternative jurisdiction is agreed upon in writing.

13. Contact

Questions about these terms? Contact us at ryan@ghosts.lk or through our contact page.

Ghost Protocol (Pvt) Ltd
Colombo, Sri Lanka