Refund & Cancellation Policy

Effective date: 2026-06-02 Last updated: 2026-06-02

Plain-language summary (not a substitute for the full terms below)

• HackZero is a self-serve subscription sold to businesses. You can cancel anytime, in a few clicks, from your dashboard. Cancellation is as easy as signing up.
• When you cancel, your subscription stays active until the end of the period you have already paid for, then it stops. We do not charge you again.
• We do not refund partial months or partial years as a general rule. Statutory consumer right-of-withdrawal regimes (for example, distance-selling cooling-off rules) do not apply to business purchases, but any non-waivable mandatory right that applies to a particular customer regardless is preserved (see Section 8 and Section 9).
• First-month guarantee: on the Watchdog and Pentest tiers, if our AI agent does not find a single working, exploit-validated finding in your first paid month, that first month is refunded in full. This is the scope of the “find an exploit, or it’s free” promise as it applies to billing; see Section 4.1 and the AI Transparency Notice (/legal/ai).
• False-positive bounty: if we ship you a finding rated High or above that turns out to be a false positive, we credit your account a service credit per shipped false positive. The credit and how it works are described in Section 4.2.
• Founding-cohort price lock: founding-cohort customers keep the rate in effect for their selected plan at the time they first subscribed, for as long as the subscription stays active and continuously paid. Cancelling ends the lock for good.
• To ask about a refund or a billing problem, email [email protected] (or billing matters to the same address). Verified-vulnerability and false-positive disputes go through the process in Section 7.

1. About this Policy

1.1 Who we are

Agentic Security, Inc., a Delaware corporation, doing business as “HackZero” (“HackZero”, “we”, “us”, or “our”), has its principal place of business and notice address at 2810 N Church St STE 88242, Wilmington, Delaware 19802, United States. HackZero operates the website at hackzero.ai and the product dashboard at dashboard.hackzero.ai (together, the “Services”).

“You”, “your”, “Customer”, and “Account” refer to the business or organization, or the individual acting on behalf of a business or otherwise in a commercial or professional capacity, that registers for, subscribes to, or uses the Services.

Business use only. The Services are offered solely to businesses and organizations, and to individuals acting on behalf of a business or otherwise in a commercial or professional capacity. The Services are not directed to, and are not intended for, consumers acquiring them for personal, family, or household purposes. By registering for or using the Services, you represent that you are acting for a business or in a professional capacity. Where a mandatory consumer-protection law nonetheless applies to a particular customer, nothing in these Terms waives or limits a right that cannot be waived under that law.

1.2 What this Policy covers, and how it fits with our other documents

This Refund & Cancellation Policy explains how subscriptions are billed, how to cancel, what happens to your data when you cancel, the guarantees and credits we offer, and how mandatory law in the United States, Canada, and Latin America is preserved for any business customer to whom a non-waivable right applies. It applies to self-serve subscriptions purchased through the Services by business customers.

This Policy is part of, and should be read with, our other published documents:

• Terms of Service (/legal/terms)
• Privacy Policy (/legal/privacy)
• Cookie Policy (/legal/cookies)
• Acceptable Use Policy (/legal/acceptable-use)
• Data Processing Addendum (/legal/dpa)
• Subprocessor List (/legal/subprocessors)
• AI Transparency Notice (/legal/ai)
• Vulnerability Disclosure Policy (/legal/security)

The billing and auto-renewal commitments in this Policy are consistent with the auto-renewal section of the Terms of Service (/legal/terms). Where this Policy and the Terms of Service describe the same subject (auto-renewal, cancellation, founding-cohort price lock), they say the same thing.

1.3 Enterprise and negotiated agreements take precedence

Enterprise subscriptions, and any subscription governed by a signed Master Services Agreement (“MSA”) or Order Form, are billed and cancelled under that agreement, not under this Policy. Where a signed MSA or Order Form conflicts with this Policy, the signed agreement controls for that Customer. Every Customer also signs a Rules of Engagement (“RoE”) before any scan runs; the RoE governs scope and authorization, not billing.

2. Subscription model, plans, and billing

2.1 Self-serve subscription tiers

The Services are sold as a self-serve subscription. The current public plans are:

The fees for each plan are the fees for the plan you select, as described on our pricing page at https://hackzero.ai/pricing and shown to you at checkout, which we may update from time to time. Annual billing is available on paid tiers, and pays for a full year in advance at the annual rate shown on the pricing page. Usage above your plan’s included scan limits is billed at the per-scan overage rate shown for your plan on the pricing page at the time of the overage.

2.2 How and when we bill

The Services are billed in advance for each billing period. A monthly subscription is billed at the start of each month; an annual subscription is billed at the start of each year. Our payment processor is Stripe, Inc. (see the Subprocessor List at /legal/subprocessors). Enterprise subscriptions may be billed by invoice or wire.

By subscribing, you authorize us (through Stripe) to charge your payment method on file for the then-current fees on each billing cycle until you cancel. If a charge fails or your subscription lapses for non-payment, access to the Services may be suspended until payment is restored.

2.3 Auto-renewal and renewal pricing

Paid subscriptions renew automatically at the end of each billing period (monthly subscriptions renew monthly; annual subscriptions renew annually) for a further period of the same length, at the then-current price for your plan, unless you cancel before the renewal date. Although the Services are sold to businesses, we obtain your express, affirmative consent to these auto-renewal terms at sign-up, presented clearly and close to the action by which you subscribe, and after you subscribe we send you an acknowledgment of the auto-renewal terms with cancellation instructions. We also send a free-trial-to-paid conversion notice where a free trial converts to a paid plan, and an annual reminder for terms longer than one year. These notices are delivered by our email provider, Resend (United States). These commitments mirror the auto-renewal section of the Terms of Service (/legal/terms).

We may change plan prices or features for future billing periods. A price change takes effect only on a renewal after we have given you notice, and never before; it does not affect fees already paid for the current period. Founding-cohort customers are protected from price changes as described in Section 6.

We build our sign-up and billing flow to comply with the California Automatic Renewal Law, Cal. Bus. & Prof. Code §§ 17600 to 17606 (as amended effective July 1, 2025), which requires (i) clear and conspicuous pre-subscription disclosure of the auto-renewal terms in visual proximity to the consent button; (ii) express affirmative consent to the auto-renewal terms specifically, separate from other terms; (iii) an acknowledgment with cancellation instructions; (iv) an online cancellation mechanism at least as easy as sign-up; and (v) an annual reminder for terms longer than one year and free-trial-to-paid conversion notices. The federal FTC “Click-to-Cancel” / Negative Option Rule (16 C.F.R. Part 425) was vacated in its entirety by Custom Communications, Inc. v. FTC (8th Cir., July 8, 2025), and we do not rely on it. We comply via the California ARL plus ROSCA, 15 U.S.C. §§ 8401 to 8405, and FTC Act § 5 as the floor, and we also satisfy New York Gen. Bus. Law § 527-a and other state auto-renewal laws.

3. How to cancel

3.1 Click-to-cancel: self-serve, online, no friction

You can cancel a paid subscription at any time, by yourself, from within the Services. To cancel:

1. Sign in at dashboard.hackzero.ai.
2. Open Settings → Billing.
3. Select Cancel subscription and confirm.

Cancellation is online, immediate to submit, and at least as easy as signing up. We do not require you to call us, wait on hold, speak to a retention agent, send a letter, or give a reason. If for any reason the in-app cancellation is unavailable to you, you may also cancel by emailing [email protected] from the email address on your Account; we will process the cancellation and confirm it to you.

3.2 When cancellation takes effect

Unless a non-waivable mandatory right in Section 8 or Section 9 gives you a different outcome:

• Your cancellation stops the next renewal.
• Your subscription remains active, and you keep access to the features you paid for, until the end of the current paid period (the end of the paid month, or the end of the paid year for annual plans).
• You are not charged again after you cancel.
• We do not, as a general rule, refund the portion of the current period that remains after you cancel (see Section 5), except where a guarantee in Section 4, or a non-waivable mandatory right in Section 8 or Section 9, applies.

3.3 Downgrading instead of cancelling

You may downgrade to a lower paid tier, or to the Free tier, instead of cancelling. A downgrade takes effect at the start of your next billing period. Downgrading to a lower paid tier or to the Free tier ends any founding-cohort price lock on the higher tier you are leaving (see Section 6).

3.4 We do not delete your data the instant you click cancel

Cancellation by itself is not a deletion request. What happens to your data on cancellation, including retention windows and how to ask for deletion, is described in Section 10.

4. Guarantees and credits (enforceable terms)

This Section states binding commitments. They are billing and service-credit commitments. They are not representations about the security of your systems, and they do not change the disclaimers in our Terms of Service (/legal/terms) or AI Transparency Notice (/legal/ai). Security testing performed by HackZero is point-in-time, methodology-bounded, performed by autonomous AI agents that behave non-deterministically, and supplements but does not replace human security review and defense-in-depth. See the AI Transparency Notice (/legal/ai).

4.1 “Find an exploit, or it’s free” first-month guarantee

This is the billing-side statement of the “find an exploit, or it’s free” promise that also appears in the AI Transparency Notice (/legal/ai, Section 10). The two documents are intended to describe the same promise with the same scope; the limitations in this Section 4.1 (eligible plans, first paid month, first subscription) define that scope.

Eligible plans: Watchdog and Pentest tiers (monthly or annual), and only for the first paid month of your first paid subscription on that Account.

The commitment: if, during your first paid month, our AI agent does not produce at least one valid exploit-validated finding against your in-scope assets, we will refund that first month in full (for annual subscribers, we refund one twelfth of the annual fee, representing the first month).

What “valid exploit-validated finding” means. A finding counts toward this guarantee only if it meets the same reproducibility standard we apply to discipline false positives:

• it is rated High or above under CVSS v3.1 or v4.0 (you can re-score it from the data we ship); and
• it is delivered with reproducibility evidence sufficient to reproduce it: a request identifier, a timestamp, the agent reasoning trace, and the captured request and response artifacts (with personal data redacted as described in the Privacy Policy at /legal/privacy).

A finding that cannot be reproduced from that evidence does not count toward this guarantee.

Conditions. To qualify, you must, during the first paid month:

1. complete sign-up and pay for an eligible tier;
2. sign the Rules of Engagement and connect at least one valid, authorized in-scope target (and, where applicable, the read-only GitHub App), so that scans can actually run;
3. run, or allow to run, at least the number of scans included in your plan for the month; and
4. not have caused the absence of findings yourself (for example, by revoking authorization, taking the target offline, blocking our testing traffic, or restricting scope so that meaningful testing cannot occur).

What this guarantee is not. A refund under this guarantee means our agent did not surface a qualifying finding in that month. It is not a statement that your assets are free of vulnerabilities. AI-based testing is non-deterministic; a later engagement may produce findings a prior one did not, and we do not guarantee detection of all vulnerabilities. See Section 4.4 and the AI Transparency Notice (/legal/ai).

How to claim. A qualifying refund is issued automatically at the end of the first paid month where no qualifying finding was produced; if it is not, email [email protected] within 30 days of the end of that month and we will review and, if the conditions are met, refund the first month.

This guarantee is a pricing and billing commitment, not an accuracy warranty. It is consistent with FTC Act § 5 (15 U.S.C. § 45) and does not contradict the no-guarantee-of-detection disclaimer in the Terms of Service (/legal/terms) and the AI Transparency Notice (/legal/ai). Wherever the “find an exploit, or it’s free” slogan appears in our marketing, it carries the adjacent statement that it is a billing commitment, not a security representation. The promise is stated with the same scope (first paid month, Watchdog and Pentest tiers, first subscription, High-or-above reproducibility gate) in this Policy, the AI Transparency Notice (/legal/ai), and the Terms of Service (/legal/terms).

4.2 False-positive bounty (account credit per shipped false positive)

The commitment: if we ship you a finding rated High or above that is a false positive, we will credit your Account a service credit per shipped false positive, in the amount described on our pricing page at https://hackzero.ai/pricing, which we may update from time to time.

What is a “false positive” for this bounty. A shipped High-or-above finding is a false positive if the underlying condition does not actually exist or is not actually exploitable as reported: a misclassification, an exaggerated severity that drops the finding below High on correct scoring, a wrong vulnerability class (for example, a wrong CWE) that changes the conclusion, or fabricated or non-reproducible evidence. A finding that is real but merely lower severity than first scored is handled by re-scoring, not by this bounty, unless the corrected severity falls below High.

Conditions.

1. The finding must have been shipped to you in a report or the dashboard and rated High or above.
2. You must report the claimed false positive through the process in Section 7 within 30 days of the date we shipped the finding.
3. We confirm the false positive against the reproducibility evidence we shipped with the finding (request identifier, timestamp, reasoning trace, captured request and response).
4. The credit is the per-shipped-false-positive service credit described on our pricing page, applied per distinct shipped finding that we confirm as a false positive. Multiple reports of the same shipped finding count once.

Form and use of the credit. The bounty is paid as an account credit applied against future fees. It is not paid in cash, is not a damages remedy, and does not by itself entitle you to terminate. Credits do not expire while your subscription is active and continuously paid; unused credits are forfeited on cancellation, except where a non-waivable mandatory right requires otherwise. The bounty and the first-month guarantee are built on the same High-or-above reproducibility gate, so a single finding cannot both earn the fee and be an unverified false positive. This per-shipped-false-positive credit is described consistently in this Policy, the AI Transparency Notice (/legal/ai), and the Terms of Service (/legal/terms).

4.3 Service credits are the exclusive remedy for the guarantees in this Section

Except for the first-month refund in Section 4.1, the commitments in this Section 4 are satisfied by account credits or refunds as stated, and those credits or refunds are your sole and exclusive remedy for the matters they address. Nothing in this Section limits a non-waivable mandatory right under Section 8 or Section 9.

4.4 Guarantees do not override the AI and testing disclaimers

The guarantees in this Section do not modify, and are subject to, the warranty disclaimers and limitation of liability in the Terms of Service (/legal/terms) and the disclosures in the AI Transparency Notice (/legal/ai), including that testing is point-in-time, non-deterministic, methodology-bounded (PTES and OWASP WSTG), and that AI output may include false positives and false negatives requiring human validation.

5. General rule on partial periods, and what we refund

5.1 No refund for partial periods (general rule)

Except as expressly provided in this Policy (the guarantees in Section 4) or as required by any non-waivable mandatory law in Section 8 and Section 9, fees already paid are non-refundable, and we do not refund or pro-rate the unused portion of a billing period when you cancel or downgrade. When you cancel, you keep access until the end of the period you paid for, and you are not billed again. This general rule is consistent with the MSA (“All Fees are non-refundable except as expressly provided”).

5.2 What we will refund

We will issue a refund in the following circumstances:

• First-month guarantee (Section 4.1), where its conditions are met.
• Non-waivable mandatory rights under the laws in Section 8 (United States / Canada) and Section 9 (Latin America), to the limited extent such a right applies to a business customer notwithstanding the businesses-only posture of the Services.
• Auto-renewal cancellation rights under US state law in Section 8, where they apply to you.
• Billing errors: if we charged you in error (for example, a duplicate charge, a charge after a valid cancellation, or a charge at the wrong price), we will refund the incorrect amount once confirmed.
• Termination for our breach: if we materially breach and fail to cure as provided in the Terms of Service (/legal/terms), and you terminate for that breach, we will refund pre-paid, unused fees on a pro-rata basis. This mirrors the pro-rata refund mechanic in the MSA.

5.3 How refunds are paid

Approved refunds are returned to the original payment method through Stripe where possible. If that is not possible, we will arrange an alternative. Refund processing times depend on your bank or card issuer. Refund amounts are net of any amount already credited to you for the same matter; we do not pay the same amount twice.

6. Founding-cohort price lock

6.1 The lock

Founding-cohort customers (“Founding Cohort”) keep the rate in effect for their selected plan at the time they first subscribed, for as long as their subscription stays active and continuously paid. While the lock is in effect, public price increases described in Section 2.3 do not apply to that subscription.

6.2 What ends the lock

• Cancelling terminates the lock. If a Founding Cohort customer cancels the subscription, the price lock ends and does not revive.
• A lapse in continuous payment terminates the lock. The lock depends on the subscription remaining active and continuously paid. A lapse for non-payment ends the lock.
• Downgrading to a lower tier or to the Free tier ends the lock on the tier left behind (see Section 3.3).

6.3 Re-subscribing after the lock ends

If a former Founding Cohort customer re-subscribes after the lock has ended, the subscription is at the then-current published rate for the chosen plan. The founding-cohort rate is not restored on re-subscription. Founding Cohort status, once lost by cancellation or lapse, is not regained. This Section states the founding-cohort lock, the cancellation-terminates trigger, and the revert-to-published-rate-on-resubscribe rule consistently with the corresponding clause in the Terms of Service (/legal/terms).

7. How to request a refund, report a false positive, or dispute a finding

7.1 Billing refunds and cancellation questions

For refund requests, billing questions, or help cancelling, email [email protected] (billing matters are handled at the same address). Please include the email address on your Account, the plan, and the charge or period in question. We aim to acknowledge within a few business days.

7.2 First-month guarantee and false-positive bounty claims

• For a first-month guarantee refund (Section 4.1), email [email protected] within 30 days of the end of your first paid month if it was not issued automatically.
• For a false-positive bounty (Section 4.2), email [email protected] within 30 days of the date we shipped the finding. Identify the finding by its report reference or finding identifier, and tell us why you believe it is a false positive. We will review it against the reproducibility evidence shipped with the finding and, if confirmed, apply the per-shipped-false-positive credit stated in Section 4.2.

7.3 What we will do

We will verify your identity and your authority over the Account, determine whether a guarantee, credit, or mandatory legal right applies, and respond. Where a non-waivable mandatory right in Section 8 or Section 9 sets a response or refund deadline, we will meet it.

8. United States and Canada: auto-renewal mechanics and preserved mandatory rights

The Services are offered to businesses (see Section 1.1). The general no-refund-on-partial-periods rule in Section 5 yields only to non-waivable mandatory rights that apply to a particular customer regardless of that posture. Those rights survive any “all sales final” or similar language.

8.1 United States: auto-renewal cancellation mechanics

We provide a simple, online cancellation. Even though the Services are sold to businesses, we build our sign-up and cancellation flow to the standard set by US auto-renewal and negative-option law rather than rely on its consumer/business line-drawing:

• California (Automatic Renewal Law, Cal. Bus. & Prof. Code §§ 17600 to 17606, as amended effective July 1, 2025): you may cancel online, through a mechanism at least as easy as the one you used to sign up, without speaking to a person or navigating retention steps. We disclose the auto-renewal terms clearly and conspicuously before you subscribe and obtain your express affirmative consent to them. After you subscribe, we send an acknowledgment with cancellation instructions, and for terms longer than one year we send an annual reminder (see Section 2.3).
• Federal (ROSCA, 15 U.S.C. §§ 8401 to 8405, and FTC Act § 5, 15 U.S.C. § 45): for online negative-option sales we provide clear disclosure, obtain informed consent, and provide a simple cancellation mechanism.
• Other states: equivalent standards under state auto-renewal laws, including New York Gen. Bus. Law § 527-a, and the auto-renewal statutes of Virginia, Colorado, the District of Columbia, and Illinois, among others.

Our in-app cancellation in Section 3 is built to satisfy these standards. We do not, as a general rule, refund the unused portion of a paid period in the United States (Section 5.1); the cancellation experience we provide lets you cancel easily and avoid future charges, in addition to the contractual guarantees in Section 4.

8.2 Canada: businesses-only; non-waivable rights preserved

The Services are offered to businesses, not to consumers for personal, family, or household purposes. Statutory consumer right-of-withdrawal and distance-contract cooling-off regimes (for example, Quebec’s Consumer Protection Act distance-contract provisions, CQLR c. P-40.1, and the equivalent internet / future-performance contract provisions in Ontario, British Columbia, Alberta, and other provinces) protect consumers and do not apply to business purchases. Nothing in this Policy waives or limits any right of a business customer that cannot be waived under the mandatory law of its jurisdiction; to that limited extent, the local mandatory right is preserved. Where the Charter of the French Language, CQLR c. C-11, as amended by S.Q. 2022, c. 14 (“Bill 96”), applies to our Quebec business customers, we provide a French version of this Policy (see Section 12).

9. Latin America: businesses-only; preserved mandatory rights

9.1 Statutory consumer right-of-withdrawal regimes do not apply to business purchases

The Services are offered solely to businesses and organizations, and to individuals acting on behalf of a business or otherwise in a commercial or professional capacity (see Section 1.1). The statutory rights of withdrawal (cooling-off) that Latin American consumer codes provide for distance and electronic contracts protect consumidores and do not apply to business purchases. A subscriber acting in the course of a trade, business, or profession is generally an empresario, comerciante, or proveedor, not a consumidor, and falls outside those regimes. These include, among others:

• Brazil: Código de Defesa do Consumidor, Lei 8.078/1990, Art. 49, with Decreto 7.962/2013 (seven-day direito de arrependimento).
• Colombia: Estatuto del Consumidor, Ley 1480/2011, Art. 47 (retracto).
• Mexico: Ley Federal de Protección al Consumidor (LFPC), Art. 56.
• Argentina: Ley 24.240 de Defensa del Consumidor, Art. 34, and the “botón de arrepentimiento” requirement (Res. 424/2020).
• Chile: Ley 19.496, Art. 3 bis (retracto).
• Peru: Código de Protección y Defensa del Consumidor, Ley 29571.

Business customers are governed by Section 5 (general rule), Section 4 (guarantees), and any signed MSA or Order Form.

9.2 Non-waivable mandatory rights are preserved; survives “all sales final”

Where a mandatory law nonetheless gives a particular business customer a non-waivable right (for example, where a court applies a consumer code to a small business by analysis of the parties, or where a local public-order rule applies regardless of contract), nothing in this Policy or the Terms of Service waives or limits that right, including any “non-refundable” or “all sales final” language, and regardless of the governing-law clause in the Terms of Service. To that limited extent, the local mandatory right is preserved. We resolve genuine doubt about a subscriber’s status in favor of the subscriber. The businesses-only posture is gated at sign-up through the Section 1.1 representation that the subscriber acts for a business or in a professional capacity. Where a local data-protection officer or database registration is required (for example, in Peru), HackZero complies with that requirement. Spanish and Portuguese versions are provided where required for business-facing materials (see Section 12).

10. What happens to your data when you cancel

Cancelling your subscription is not, by itself, a request to delete your data. Data handling, retention, and deletion are governed by the Privacy Policy (/legal/privacy) and, for Customer Data processed under a subscription, the Data Processing Addendum (/legal/dpa). In summary:

• After cancellation, your Account moves to the Free tier or is closed, and live scanning stops. We retain your data for a limited period to let you reactivate, export, or request deletion.
• Customer Data and source code. On termination, and on your request, Customer Source Code is permanently destroyed within 30 days (or earlier on request), and non-editable backups containing it are purged within 60 days after that initial destruction, as provided in the DPA (/legal/dpa) and the MSA. Where you run the Services inside your own VPC (Compliance and Enterprise self-hosting), Customer Data does not leave your perimeter, and deletion is within your control.
• Findings and reports. You own your findings. We retain only anonymized, aggregated patterns that do not identify you, your data, or your assets, as described in the AI Transparency Notice (/legal/ai) and the DPA (/legal/dpa).
• Signing and audit records. Rules of Engagement and contract-signing audit records (typed legal name, IP address, user-agent, timestamp, hash-chained audit events) are retained for 7 years for evidentiary and legal-compliance reasons, and may be exempt from deletion on that basis.
• Billing and tax records. We retain invoices and billing records as required by tax and accounting law.
• Your data-protection rights. You can ask us to access, correct, export, or delete your personal data as described in the Privacy Policy (/legal/privacy), subject to the retention carve-outs above. For data observed during testing where HackZero acts as a processor for a customer, requests are routed to that customer as controller.

11. Chargebacks, billing disputes, and taxes

11.1 Talk to us first

If you see a charge you do not understand, or you believe you were billed in error, please contact [email protected] before initiating a chargeback. Most disputes (a duplicate charge, a charge after a valid cancellation, a wrong-price charge) are resolved quickly and refunded where appropriate (Section 5.2).

11.2 Chargebacks

If you initiate a card chargeback or payment-dispute with your bank or card issuer, we may be notified by Stripe and will respond with our billing records (subscription, plan, charge date, cancellation status, and the auto-renewal consent recorded at sign-up and, where sent, the acknowledgment described in Section 2.3). While a chargeback is pending or if it is resolved against the disputed charge, we may suspend the affected Account. Initiating a chargeback does not, by itself, cancel your subscription; please also cancel as described in Section 3 to stop future charges. Nothing in this Section limits your right to dispute a charge with your card issuer, or any non-waivable mandatory right preserved under Section 8 and Section 9.

11.3 Taxes

Prices shown are exclusive of taxes unless stated otherwise. You are responsible for any sales, use, value-added (VAT/IVA), goods-and-services, or similar taxes arising from your subscription, other than taxes on HackZero’s net income. Where we are required to collect tax (including US sales tax, Canada GST/HST and Quebec QST, and LATAM VAT/IVA on digital services in Mexico, Brazil, Argentina, Colombia, Chile, and Peru), it is calculated through Stripe Tax, added to your charge, and shown on your invoice. Refunds include any tax we collected on the refunded amount, where required by law. If you are tax-exempt or operate under a reverse-charge mechanism, provide a valid tax / VAT identifier in your billing settings; we will treat the charge accordingly where the law allows.

12. Language

This Policy is published in English. Where a jurisdiction requires a local-language version for customers in that market, we provide translations, and the local-language version controls to the extent that jurisdiction’s mandatory law so requires:

• Quebec: the Charter of the French Language (Bill 96) imposes French-language obligations; we provide a French version where it applies to our Quebec business customers.
• Latin America: Spanish (Mexico, Argentina, Colombia, Chile, Peru) and Portuguese (Brazil) versions are provided where required for that market; the local-language version controls to the extent the local mandatory law so requires.

13. Changes to this Policy

We may update this Policy. If we make a material change to your cancellation rights, the guarantees in Section 4, the founding-cohort lock in Section 6, or how we bill, we will give advance notice by email and in the Services, with a stated effective date, before the change takes effect for you. Price changes for future periods are handled under Section 2.3 (and do not affect Founding Cohort customers per Section 6). We keep prior versions of this Policy and show the “Last updated” date at the top. Continued use of the Services after a non-material change takes effect means you accept the updated Policy; where a mandatory law nonetheless requires consent to a material change for a particular customer, we will obtain any consent that law requires.

14. Contact

• Support / billing / refunds: [email protected]
• Privacy and data requests: [email protected] (see /legal/privacy)
• Legal notices: [email protected]
• General: [email protected]
• Notice address: Agentic Security, Inc. (d/b/a HackZero) · 2810 N Church St STE 88242, Wilmington, Delaware 19802, United States

This Refund & Cancellation Policy is published at /legal/refunds and should be read with the Terms of Service (/legal/terms), Privacy Policy (/legal/privacy), and Data Processing Addendum (/legal/dpa).