Legal Notice

Last updated: March 2026

1. Business Entity

CC Security Audits is a trade name operated by TSE Reiersen, a sole proprietorship registered in Norway under organization number 929 074 912. Business address: Drammen, Norway. All contractual obligations, invoicing, and liability are held by TSE Reiersen.

2. Security Research Methodology

All unsolicited security assessments conducted by CC Security Audits are performed using passive, non-invasive techniques only. This includes, but is not limited to:

• Analysis of publicly accessible web pages, HTTP headers, and DNS records
• Review of publicly available JavaScript files, API responses to unauthenticated requests, and TLS certificates
• Examination of publicly exposed configuration files, documentation, and metadata
• Cross-referencing publicly available corporate registry data and licensing information

At no point during unsolicited research do we:

• Attempt to bypass authentication or access controls
• Submit malicious payloads, exploit vulnerabilities, or perform injection attacks
• Access, download, modify, or exfiltrate personal data belonging to users of the assessed platform
• Perform denial-of-service testing, brute-force attacks, or automated vulnerability scanning at scale
• Access any system, account, or data beyond what is freely available to any internet user

Active penetration testing and exploitation testing are only performed under written authorization from the platform operator, with an agreed scope, rules of engagement, and legal framework.

3. Responsible Disclosure Policy

CC Security Audits follows a strict responsible disclosure process:

• Findings are disclosed only to the affected party via official contact channels (publicly listed email addresses)
• Initial communications contain redacted summaries describing the category and impact of findings, not full technical details or reproduction steps
• Full technical reports are delivered only under a paid engagement or mutual written agreement
• We do not publish, share, sell, or disclose findings to third parties without explicit written consent from the affected operator
• We do not report findings to regulatory bodies, media, or competitors

4. Email Communications

If you have received an email from CC Security Audits (sent from @capriaudits.com), please note:

• The email is a good-faith notification that we have identified potential security concerns affecting your platform through passive observation
• We are not affiliated with any government agency, law enforcement, or regulatory body
• We have not accessed any protected systems, user data, or restricted areas of your platform
• The email is not a threat, demand, or extortion attempt — it is a professional offer of security services
• You are under no obligation to respond, engage our services, or take any action
• If you do not wish to receive further communications, simply reply with "unsubscribe" and we will remove your address permanently

Our outgoing emails are authenticated via SPF, DKIM, and DMARC on the capriaudits.com domain. You can verify the authenticity of any email by checking the message headers.

5. Data Handling

CC Security Audits does not collect, store, or process personal data belonging to end users of the platforms we assess. Any data referenced in our communications is derived exclusively from publicly accessible sources.

For paid engagements, data handling, retention, and destruction terms are defined in the engagement agreement or NDA signed between the parties.

6. Limitation of Liability

Security findings communicated by CC Security Audits are provided on an "as-is" informational basis. While we make every effort to ensure accuracy, we do not guarantee completeness and accept no liability for:

• Decisions made or not made based on our findings
• Any pre-existing security vulnerabilities in the assessed platform
• Third-party actions that may exploit vulnerabilities we have identified

7. Governing Law

These terms and any disputes arising from our services or communications are governed by the laws of Norway. Any legal proceedings shall be brought before the courts of Drammen, Norway.

8. Contact

For questions about this notice, our research methodology, or to request removal from our communications:

Email: capri@capriaudits.com
Telegram: @CCSecurity_bot
Entity: TSE Reiersen, Org 929 074 912, Drammen, Norway