Competition Terms & Conditions

1. Introduction

1.1. These Terms and Conditions govern the Syn Eater Consulting Free Pentest Apply Competition.

1.2. By entering this competition, participants confirm that they have read, understood, and agreed to these Terms and Conditions.

1.3. This competition is intended to promote Syn Eater Consulting's cybersecurity services and to give selected qualifying organizations an opportunity to receive a limited-scope cybersecurity assessment.

1.4. This competition is conducted in accordance with applicable South African law, including the Consumer Protection Act, 68 of 2008, where applicable. Promotional competitions in South Africa are governed by the Consumer Protection Act and related regulations.

2. Competition Period

2.1. The competition opens on [Insert Start Date] at 00:00 SAST.

2.2. The competition closes on [Insert Closing Date] at 23:59 SAST.

2.3. Entries received after the closing date and time will not be considered.

2.4. Syn Eater Consulting reserves the right to extend, shorten, suspend, or cancel the competition where reasonably necessary, including for operational, legal, security, or technical reasons.

3. Eligibility

3.1. The competition is open to organizations and business representatives who:

• are 18 years or older;
• are legally authorized to represent the organization submitting the application;
• have authority to request cybersecurity testing for the submitted assets, or can obtain written authorization before testing begins;
• provide accurate and complete application information; and
• are based in, or operate in, a jurisdiction where Syn Eater Consulting can lawfully provide the service.

3.2. The following persons are not eligible to enter:

• employees, directors, members, contractors, consultants, agents, or representatives of Syn Eater Consulting;
• immediate family members, business partners, or household members of the persons listed above;
• any person or organization that submits assets they do not own or are not authorized to test;
• any person or organization attempting to submit false, misleading, illegal, or harmful information.

3.3. Syn Eater Consulting may request proof of identity, company representation, asset ownership, authorization, or any other information reasonably required to verify eligibility.

4. How to Enter

4.1. To enter, participants must complete the Free Pentest Apply form available at https://syneater.com/free-pentest-apply.

4.2. The application form may require the following information:

• full name;
• work email address;
• phone number;
• role or job title;
• company name;
• company website;
• country or region;
• industry;
• proposed testing scope;
• target assets, URLs, domains, IP ranges, or application details;
• business context and reason for requesting testing;
• previous security testing history;
• timing preference;
• testing constraints or blackout windows;
• authorized asset owner;
• decision-maker or approval contact;
• consent and authorization confirmations.

4.3. Participants must not submit:

• passwords;
• API keys;
• private keys;
• authentication tokens;
• confidential datasets;
• personal information not required for the application;
• any data they are not authorized to share.

4.4. Only one entry per organization may be submitted unless Syn Eater Consulting expressly permits otherwise.

4.5. Incomplete, inaccurate, duplicate, fraudulent, or unauthorized entries may be disqualified.

5. Prize

5.1. The prize is a limited-scope cybersecurity assessment, which may include one or more of the following, at Syn Eater Consulting's discretion:

• external attack surface review;
• web application review;
• API security review;
• cloud exposure review;
• vulnerability validation;
• high-level findings summary;
• remediation guidance.

5.2. The prize is not a full enterprise penetration test unless expressly agreed in writing.

5.3. The approximate value of the prize is [Insert Estimated Value, e.g. R15,000 – R50,000 excluding VAT], depending on the agreed scope.

5.4. The prize is not transferable, exchangeable, or redeemable for cash.

5.5. Syn Eater Consulting reserves the right to substitute the prize with a service of similar nature and value if necessary.

5.6. The final scope, timing, methodology, deliverables, and rules of engagement will be agreed in writing before any testing begins.

6. Winner Selection

6.1. Winners will be selected from eligible entries based on one or more of the following criteria:

• completeness of application;
• clarity of scope;
• authorization readiness;
• technical suitability;
• business impact;
• safety of proposed testing;
• availability of required stakeholders;
• fit with Syn Eater Consulting's service capability.

6.2. This is not a guarantee that every applicant will receive a free assessment.

6.3. Syn Eater Consulting may select one or more winners.

6.4. The winner selection will take place on or around [Insert Selection Date].

6.5. Where required, an independent person may oversee or validate the winner selection process. South African promotional competition regulations include oversight and record-keeping requirements, including records about the basis on which winners are determined.

7. Winner Notification

7.1. Selected winners will be contacted using the email address or phone number provided in the application.

7.2. Winners must respond within 5 business days of notification.

7.3. If a selected winner does not respond within the required period, cannot provide authorization, cannot agree to safe testing terms, or is otherwise unable to proceed, Syn Eater Consulting may select another winner.

7.4. Syn Eater Consulting is not responsible for failed delivery of notifications due to incorrect contact details, spam filtering, technical issues, or participant error.

8. Authorization and Rules of Engagement

8.1. No cybersecurity testing will begin until:

• the winner has been verified;
• written authorization has been received;
• the test scope has been agreed;
• testing dates and time windows have been confirmed;
• emergency contacts have been provided;
• rules of engagement have been accepted by both parties.

8.2. The winner must confirm that they own, control, or are legally authorized to approve testing of all submitted assets.

8.3. Syn Eater Consulting may refuse to test any asset where authorization is unclear, incomplete, or disputed.

8.4. The winner must not submit third-party assets, customer systems, supplier systems, hosting provider systems, or shared infrastructure unless proper written authorization is provided.

8.5. Testing will be conducted on a non-destructive basis unless otherwise agreed in writing.

8.6. Syn Eater Consulting may immediately suspend testing if it identifies a risk to service availability, data integrity, legal compliance, third-party systems, or business operations.

9. Participant Responsibilities

9.1. Participants are responsible for ensuring that all information submitted is true, complete, accurate, and lawful.

9.2. Participants must ensure that any person submitting an application on behalf of an organization has the required authority.

9.3. Participants must ensure that relevant internal stakeholders are available for scoping, authorization, and communication.

9.4. Participants are responsible for backing up systems, preparing test environments where applicable, and notifying internal teams where required.

9.5. Participants must not use the competition to request testing against systems they do not own or control.

10. Disqualification

10.1. Syn Eater Consulting may disqualify any participant who:

• provides false, misleading, or incomplete information;
• submits assets without authorization;
• attempts to manipulate the competition;
• breaches these Terms and Conditions;
• submits unlawful, harmful, abusive, or malicious content;
• fails to provide written authorization;
• fails to respond to communication within the required period;
• creates legal, technical, reputational, or operational risk for Syn Eater Consulting or any third party.

10.2. Syn Eater Consulting's decision regarding eligibility, disqualification, selection, and prize allocation is final, subject to applicable law.

11. Data Protection and Privacy

11.1. Syn Eater Consulting will process personal information submitted through the competition for purposes including:

• administering the competition;
• verifying eligibility;
• contacting applicants;
• assessing applications;
• arranging scoping discussions;
• providing the prize where applicable;
• maintaining legal and compliance records;
• improving Syn Eater Consulting's services.

11.2. Personal information may include names, contact details, role information, company information, application content, and authorization-related information.

11.3. Syn Eater Consulting will process personal information in accordance with applicable data protection laws, including the Protection of Personal Information Act, 4 of 2013, where applicable.

11.4. Participants must not submit unnecessary personal information or sensitive information.

11.5. Participants must not submit secrets, credentials, private keys, API keys, authentication tokens, or confidential datasets.

11.6. Competition rules should explain the purpose for collecting personal information and how it will be used; this is also relevant to POPIA compliance.

11.7. By entering, participants consent to Syn Eater Consulting processing their information for the purposes described in these Terms and Conditions.

11.8. Participants may request access to, correction of, or deletion of their personal information, subject to legal retention obligations.

11.9. Privacy enquiries may be directed to: [Insert Privacy Contact Email]. See also our Privacy Policy.

12. Confidentiality

12.1. Syn Eater Consulting will treat submitted technical and business information as confidential.

12.2. Confidential information will only be used for assessing the application, conducting agreed scoping, and delivering the prize where applicable.

12.3. Syn Eater Consulting may disclose information where required by law, regulation, court order, or lawful authority.

12.4. The participant agrees not to publicly disclose sensitive testing details, methodologies, findings, or reports without Syn Eater Consulting's prior written consent, except where required by law or internal governance.

13. Publicity

13.1. Syn Eater Consulting may request permission to use the winner's name, company name, logo, testimonial, or case study for marketing purposes.

13.2. Participation in publicity is optional and subject to separate written consent.

13.3. Refusal to participate in publicity will not affect the winner's right to receive the prize.

14. Limitation of Liability

14.1. Syn Eater Consulting will take reasonable care when administering the competition and performing any agreed assessment.

14.2. To the maximum extent permitted by law, Syn Eater Consulting will not be liable for:

• incorrect or incomplete entries;
• technical failures affecting entry submission;
• loss of data caused by participant systems or third-party systems;
• participant failure to obtain authorization;
• consequences of testing assets outside agreed scope;
• indirect, consequential, special, or punitive damages.

14.3. Nothing in these Terms and Conditions excludes liability that cannot be excluded under applicable law.

15. No Guarantee of Security

15.1. The prize does not guarantee that the tested systems are secure.

15.2. Cybersecurity testing is limited by time, scope, available information, access, methodology, and testing conditions.

15.3. Findings represent issues identified during the agreed testing window and do not represent a complete assurance of security.

15.4. The participant remains responsible for reviewing, prioritizing, and remediating findings.

16. Cancellation or Changes

16.1. Syn Eater Consulting may cancel, suspend, modify, or withdraw the competition if:

• required by law;
• fraud or abuse is suspected;
• technical issues affect the competition;
• operational constraints prevent delivery;
• circumstances beyond Syn Eater Consulting's reasonable control occur.

16.2. Where reasonably possible, any changes will be communicated on the competition page or through appropriate communication channels.

17. Record Keeping

17.1. Syn Eater Consulting may retain competition records for at least three years, where required by applicable law.

17.2. Records may include:

• competition rules;
• marketing materials;
• entries received;
• winner selection criteria;
• winner notification records;
• prize acceptance records;
• authorization confirmations;
• records of prize delivery.

17.3. South African promotional competition regulations require promoters to retain several categories of records for at least three years, including rules, prize details, marketing records, winner determination records, and prize receipt records.

18. Governing Law

18.1. These Terms and Conditions are governed by the laws of the Republic of South Africa.

18.2. Any dispute arising from this competition will be dealt with under South African law, subject to the jurisdiction of the appropriate South African courts or forums.

19. Contact Details

For questions about the competition, contact:

Syn Eater Consulting

• Email: [Insert Email Address]
• Website: [Insert Website URL]
• Address: [Insert Business Address, if applicable]

20. Acceptance

By submitting an entry, the participant confirms that:

• they have read and accepted these Terms and Conditions;
• the information submitted is true and accurate;
• they are authorized to submit the application;
• they understand that no testing will occur without written authorization;
• they consent to the processing of their information for competition administration purposes.