Last updated: March 2026
VXSec provides technology audit and implementation services, including Microsoft 365 and SaaS access audits, cloud cost audits, and implementation of audit findings, as described on our website at vaultxsec.com.
All engagements have a clearly defined scope agreed upon during the initial scoping call. Audit engagements are fixed-scope and fixed-fee. Any work outside the agreed scope requires a separate written agreement before commencement.
To perform audits, you grant us read-only or least-privilege access to the tools and systems specified in the scoping call. We do not request or accept more access than is necessary to complete the agreed scope. All access is revoked and credentials deleted immediately upon delivery of the audit, unless you have separately engaged us for implementation services, in which case access is maintained only for the duration of implementation and removed upon completion.
Audit fees are due in full upon completion of the scoping call, prior to work commencing. Implementation services are scoped and priced separately after audit delivery and are billed on a fixed-fee basis agreed to in writing before any implementation work begins. All fees are in Canadian or US dollars as agreed at time of engagement. Fees are non-refundable except as stated in the Guarantee section below.
If we do not identify at least 2x the audit fee in annualized cost savings opportunities, we will refund the full audit fee. To request a refund under this guarantee, you must notify us in writing within 7 days of receiving the audit deliverable. This guarantee applies to audit fees only and does not extend to implementation services, which are scoped based on findings already identified.
Upon completion of an audit, you will receive a prioritized action list documenting each finding, the recommended action, risk level, effort estimate, suggested owner, and estimated annualized savings. Deliverables are provided for your internal use. You may share deliverables with your own team, MSP, or IT provider. You may not resell or redistribute deliverables as your own work.
If you engage us to implement audit findings, the scope, timeline, and fixed fee for implementation will be documented and agreed upon in writing before work begins. Implementation engagements are subject to these Terms in addition to any engagement-specific terms agreed at time of scoping.
We treat all client information, systems data, credentials, and engagement details as strictly confidential. We do not disclose client information to third parties except as strictly necessary to perform the agreed services (e.g., a tool or integration required for audit delivery), and only with your knowledge. We do not sell, share, or use client data for any purpose other than delivering the agreed engagement. Case studies and relevant work examples published on our website are anonymized and redacted; we will not publish any identifiable information about your organization without your explicit written consent.
All deliverables produced for you become your property upon receipt and full payment. We retain the right to use general methodologies, frameworks, and non-client-specific processes developed during engagements for our own future work.
Our total liability to you arising from any engagement is limited to the fees paid by you for that specific engagement. We are not liable for any indirect, consequential, incidental, special, or punitive damages, including but not limited to lost profits, lost data, or business interruption, even if we have been advised of the possibility of such damages. We are not responsible for outcomes resulting from your failure to implement or act on audit findings.
We warrant that we will perform services with reasonable care and skill consistent with professional IT consulting standards. We do not warrant that our audits will identify every issue present in your environment, or that implementing our recommendations will eliminate all risks. Audit findings represent our professional assessment based on the access and information provided to us at the time of the engagement.
Either party may terminate an engagement with written notice. If you terminate after work has commenced, fees for completed work and work in progress remain due. If we terminate due to your material breach of these Terms, no refund will be issued for work already performed. If we terminate for any other reason, we will refund fees proportional to undelivered work.
In the event of a dispute, both parties agree to first attempt resolution in good faith through direct communication. If a dispute cannot be resolved within 30 days of written notice, either party may pursue legal remedies available under applicable law.
These Terms are governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles.
We may update these Terms from time to time. Updated Terms will be posted on this page with a revised date. Continued engagement with VXSec after updated Terms are posted constitutes your acceptance of the revised Terms. For existing engagements in progress, the Terms in effect at the time of scoping will apply.
These Terms, together with any engagement-specific scope documents or agreements, constitute the entire agreement between you and VXSec with respect to our services and supersede any prior understandings or agreements.
Questions about these Terms? Email [email protected]