Terms of Service
Last updated: March 15, 2026
1. Who We Are
OctoLab is operated by CYBER OCTOPUS VN, a household business registered in Vietnam. Throughout these terms, "we", "us", and "our" refer to CYBER OCTOPUS VN. "You" and "your" refer to you, the user.
2. What You're Agreeing To
By creating an account or using OctoLab, you agree to these terms. If you don't agree, don't use the Service. You must be at least 18 years old to create an account.
3. What OctoLab Provides
OctoLab is a cybersecurity training platform. We provision isolated, on-demand environments that replicate real-world software vulnerabilities (CVEs). Each environment runs in its own Firecracker microVM and is destroyed after your session ends. Evidence bundles (command logs, network captures, and an integrity manifest) are recorded and available for download for 30 days.
4. Acceptable Use
OctoLab environments exist for legitimate security training. You may use them for:
- Penetration testing practice
- Security research and education
- Professional development and certification preparation
You may not:
- Attempt to escape the isolated VM environment or access our host infrastructure
- Use the Service to attack systems outside your assigned environment
- Share your account credentials with anyone
- Use the Service for any unlawful purpose
- Reverse-engineer, scrape, or redistribute any part of the platform
- Use automated tools to create accounts or consume resources
We reserve the right to suspend or terminate accounts that violate these rules without notice or refund.
5. Accounts
You're responsible for keeping your account secure. Use a strong, unique password. If you suspect unauthorised access, contact us immediately. We are not liable for losses caused by compromised credentials that are not our fault.
6. Subscriptions and Payment
OctoLab offers a free tier (one session on selected environments) and a paid subscription for full access.
Payments are processed by Paddle.com, who acts as our Merchant of Record. This means Paddle is the entity selling you the subscription. When you subscribe, your payment relationship is with Paddle, not directly with CYBER OCTOPUS VN. Paddle handles billing, tax collection, invoicing, and payment disputes on our behalf.
By subscribing, you also agree to Paddle's Checkout Buyer Terms.
Auto-Renewal
Subscriptions renew automatically at the end of each billing period. You will be charged the same amount unless we give you advance notice of a price change. You can cancel at any time through the Paddle customer portal — cancellation takes effect at the end of your current billing period, and you keep access until then.
Price Changes
We may adjust subscription pricing. If we do, we'll notify you at least 30 days before the new price takes effect. If you don't agree with the change, cancel before the next billing cycle.
7. Refunds
We offer a 30-day money-back guarantee on new subscriptions. Access is revoked immediately upon refund processing. See our Refund Policy for full details.
8. Session Limits
You may run one session at a time. Sessions have a base duration of 15 minutes with one 15-minute extension available (30 minutes maximum), after which they are automatically terminated.
Evidence Retention
Session evidence bundles (command logs, network captures, and signed manifests) are retained for 14 days after session termination. After this period, evidence files are permanently deleted. Users are responsible for downloading evidence bundles within the retention window. Session metadata (CVE ID, timestamps, duration) is retained indefinitely.
9. Intellectual Property
OctoLab — including the platform software, environment configurations, documentation, and curated tool sets — is the property of CYBER OCTOPUS VN. Your subscription grants you a limited, non-exclusive, non-transferable licence to use the Service for personal, non-commercial training purposes.
Open-source tools included in environments retain their original licences (MIT, BSD, GPL, Apache, etc.).
You may not reproduce, redistribute, or commercially exploit any part of OctoLab without written permission.
10. Disclaimer of Warranties
The Service is provided "as is" without warranties of any kind, whether express or implied. We do not guarantee that environments will perfectly replicate every vulnerability, that the Service will be uninterrupted, or that it will meet your specific requirements.
11. Limitation of Liability
To the maximum extent permitted by law, CYBER OCTOPUS VN shall not be liable for any indirect, incidental, special, or consequential damages arising from your use of the Service. Our total liability for any claim is limited to the amount you paid us in the 12 months preceding the claim.
12. Indemnification
You agree to indemnify and hold CYBER OCTOPUS VN harmless from any claims, damages, or expenses (including legal fees) arising from your use of the Service, your violation of these terms, or your violation of any law or third-party rights.
13. Termination
You can close your account at any time by contacting us. We may suspend or terminate your account if you breach these terms, and we are not obligated to provide a refund in that case. Sections 9 through 12 survive termination.
14. Governing Law
These terms are governed by the laws of Vietnam. Any disputes will be resolved in the courts of Ho Chi Minh City, Vietnam, unless otherwise required by applicable consumer protection law in your jurisdiction.
15. Changes to These Terms
We may update these terms. If we make material changes, we'll notify registered users by email at least 14 days before the changes take effect. Continued use after that date means you accept the new terms.
16. Contact
Questions about these terms:
- Email: [email protected]
For payment and billing inquiries, contact Paddle directly.