Terms of Service
Last updated: May 3, 2026
These Terms of Service (“Terms”) govern your use of BlackHart Inc.'s website and services. By engaging our services or using our website, you agree to these Terms.
Services Description
BlackHart Inc. provides smart contract security auditing, vulnerability assessment, and continuous monitoring services for blockchain protocols. Our services include:
- Security audits and code review
- Vulnerability identification and reporting
- Economic attack vector analysis
- Continuous security monitoring
- Security health score tracking
- Tiered security intelligence portal with subscription-based access
- BlackHart Risk Index (BRI) public protocol scoring
- BlackHart Deploy automated remediation staging
- Responsible disclosure services
- In-portal discussion and collaboration tools
Important Disclaimer
Security audits identify vulnerabilities at a specific point in time and do not guarantee ongoing security.
Our audits and monitoring services provide analysis and recommendations based on our review of your code and systems. We do not guarantee that your protocol will be free from vulnerabilities, exploits, or security incidents following our engagement. Smart contract security is a continuous process that requires ongoing vigilance.
Client Responsibilities
As a client, you agree to:
- Provide accurate and complete information about your protocol
- Grant necessary access to code repositories and documentation
- Review and consider all findings and recommendations
- Make your own decisions regarding implementation of recommendations
- Maintain your own security practices and monitoring
- Notify us of any material changes to audited code
Intellectual Property
Audit Reports and Findings: Findings delivered through the BlackHart portal are confidential during the remediation window defined in our Responsible Disclosure Policy. For Critical-severity permissionless vulnerabilities, findings may be publicly disclosed following the 90-day timeline described in our Responsible Disclosure Policy (available at blackhart.io/responsible-disclosure). Non-critical findings remain confidential unless both parties agree to publication.
Our Methodologies: Our audit methodologies, tools, and processes remain our intellectual property. Nothing in these Terms transfers ownership of our intellectual property to you.
Your Code: You retain all rights to your code and protocol. We claim no ownership interest in your intellectual property.
Subscription Tiers and Access
Access to vulnerability details, proofs-of-concept, and remediation guidance is governed by your subscription tier. Preview-tier accounts receive obfuscated findings indicating the existence and severity of vulnerabilities without specific technical details. Paid tiers (Scout, Sentinel, Vanguard, Citadel) receive progressively more detailed access as described on our pricing page.
We reserve the right to modify tier features and pricing with 30 days' written notice to active subscribers.
BlackHart Risk Index (BRI)
The BlackHart Risk Index assigns security scores to DeFi protocols based on our proprietary methodology. BRI scores are published publicly and cannot be influenced by payment or commercial relationship. Protocols are scored based on their deployed code and on-chain state.
BRI scores are informational and do not constitute a guarantee, certification, or warranty of security. We reserve the right to score any publicly deployed protocol.
BlackHart Deploy
BlackHart Deploy stages remediation code as draft pull requests on your connected repository. Deploy recommendations are suggestions only. You are solely responsible for reviewing, testing, and merging any code changes. BlackHart Inc. accepts no liability for code merged from Deploy recommendations.
Responsible Disclosure
Our vulnerability disclosure practices are governed by our Responsible Disclosure Policy, available at blackhart.io/responsible-disclosure. By using our services, you acknowledge and accept the disclosure timelines described therein. The Responsible Disclosure Policy is incorporated by reference into these Terms.
Limitation of Liability
To the maximum extent permitted by law, BlackHart Inc. shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to:
- Loss of funds or assets
- Loss of profits or revenue
- Loss of data
- Business interruption
- Reputational damage
Our total liability shall not exceed the fees paid for the specific service giving rise to the claim.
No Warranty
Our services are provided “as is” without warranty of any kind. We do not warrant that:
- Our services will identify all vulnerabilities
- Your protocol will be secure following our audit
- Our recommendations will prevent all exploits
- Continuous monitoring will detect all threats
Security is a continuous process and shared responsibility. No audit can guarantee complete security.
Confidentiality
Both parties agree to maintain confidentiality of proprietary information shared during the engagement. This includes, but is not limited to:
- Source code and technical documentation
- Audit findings and vulnerability details
- Business information and strategies
- Communication between parties
Governing Law
These Terms shall be governed by and construed in accordance with applicable law, without regard to conflict of law principles. Any disputes arising from these Terms or our services shall be resolved through binding arbitration.
Contact
For questions about these Terms, please contact us at:
legal@blackhart.io
Proof of Concept Code (“PoC Terms”)
14.1 Proprietary Research
All PoC code, attack chain demonstrations, and vulnerability research artifacts (“PoC Materials”) are proprietary to BlackHart Inc. and are provided to subscribers under license, not sale.
14.2 Permitted Use
PoC Materials may be used exclusively for:
- Evaluating the severity of identified vulnerabilities in your own protocols
- Verifying that remediation efforts address the identified vulnerability
- Internal security team education and training
- Execution on local mainnet forks only
14.3 Prohibited Use
Subscribers shall NOT:
- Deploy, execute, or test PoC Materials on any mainnet or testnet
- Redistribute, publish, or share PoC Materials with any third party
- Use PoC Materials to exploit any protocol, contract, or system
- Reverse-engineer watermarking or tracing mechanisms
- Attempt to access PoC Materials for protocols outside their subscription scope
14.4 Watermarking Disclosure
All PoC Materials contain unique digital identifiers traceable to the viewing subscriber account. BlackHart reserves the right to use these identifiers for forensic investigation of unauthorized disclosure.
14.5 Access Termination
Access to PoC Materials terminates immediately upon:
- Subscription cancellation or downgrade below the required tier
- Breach of these PoC Terms
- BlackHart's determination that continued access poses a security risk
14.6 Liability
BlackHart provides PoC Materials “as-is” for demonstration purposes. BlackHart is not liable for any damages arising from unauthorized use of PoC Materials. Subscribers assume all responsibility for compliance with applicable laws.
14.7 Export Controls
PoC Materials may constitute controlled technology under applicable export control regulations. Subscribers are responsible for compliance with all applicable export laws. In jurisdictions where full PoC code distribution is restricted, BlackHart will provide PoC outlines (attack logic descriptions without executable code) as an alternative.
14.8 Responsible Disclosure
PoC Materials for active vulnerabilities are subject to responsible disclosure timelines. Full PoC code is made available only after the affected protocol has been notified and a remediation window (minimum 90 days or until fix deployment, whichever comes first) has elapsed.
14.9 Historical Status
When a vulnerability is remediated, PoC Materials are marked as “Historical” with a reference to the fix commit. Historical PoCs remain accessible for audit trail purposes.
Changes to These Terms: We reserve the right to modify these Terms at any time. Material changes will be communicated to active clients. Continued use of our services constitutes acceptance of modified Terms.