Last updated: June 2026
These Terms are general website terms for VXSec services. Project-specific proposals, statements of work, order forms, master service agreements, or written partner agreements may add to or override these Terms for that project.
VXSec provides fixed-scope diagnostics, systems cleanup, access governance, SaaS/cloud hygiene review, AI tool access review, agency systems cleanup, partner delivery, and cleanup implementation sprints. Services may cover Microsoft 365, Google Workspace, SaaS tools, cloud accounts, AI tools, contractor access, client handoffs, offboarding workflows, and related documentation.
Each engagement is based on an agreed scope. Scope may include systems to review, user counts, access method, deliverables, implementation boundaries, assumptions, exclusions, timeline, and fee. Work outside the agreed scope requires written approval before it begins.
Diagnostic deliverables may include executive summaries, findings tables, access lists, screenshots, export reviews, risk notes, recommended actions, assumptions, exclusions, and implementation roadmaps. Deliverables are based on the information, access, exports, and system state available during the engagement.
Implementation sprints are limited to approved cleanup work. VXSec will not intentionally make destructive or high-risk changes without client approval. Changes that may affect data, billing, production systems, client access, integrations, or business continuity require appropriate client owner approval before execution.
You agree to provide the access, exports, screenshots, logs, or screen-share support reasonably needed to complete the agreed scope. VXSec prefers read-only, export-based, or least-privilege access where practical. Temporary admin or implementation access may be required for approved cleanup work and should be removed after delivery unless otherwise agreed.
You are responsible for account ownership, business approvals, backups, recovery options, data retention decisions, third-party account terms, and confirming that requested changes are authorized. You are also responsible for reviewing findings and approving changes before implementation where approval is requested.
VXSec uses a non-destructive change-control approach where practical, but many third-party platforms have limited rollback options. You are responsible for maintaining appropriate backups, exports, recovery access, billing owner access, and administrative control over your systems before implementation begins.
VXSec work depends on third-party platforms such as Microsoft, Google, SaaS vendors, cloud providers, AI tools, automation platforms, and identity providers. Platform limitations, permissions, outages, data export limits, API limits, licensing restrictions, or vendor changes may affect scope, timing, findings, or implementation options.
VXSec may use subcontractors or delivery partners where appropriate for the agreed work, including partner delivery, white-label delivery, or specialized implementation support. VXSec remains responsible for coordinating the agreed VXSec scope unless a project-specific agreement states otherwise.
Fees, currency, invoicing schedule, and payment terms are agreed before work begins. Diagnostics and implementation sprints are generally fixed-fee once scoped. Fees are non-refundable unless a written agreement states otherwise.
VXSec does not guarantee total security, complete risk elimination, a specific savings amount, uninterrupted systems, complete discovery of every issue, or a specific business result. Findings and recommendations are professional assessments based on the agreed scope and information available at the time.
Separately, where a specific engagement offers a satisfaction or value guarantee (for example, an audit fee that is waived if the review surfaces no access risk worth fixing), that guarantee is limited to the fee for that engagement, applies only as described in the applicable proposal or statement of work, and does not expand the outcome disclaimers above.
VXSec does not provide emergency incident response, breach response, forensic investigation, or 24/7 support unless a separate written agreement specifically covers that work.
We treat client information, systems data, credentials, and engagement details as confidential. We do not sell client data. Public examples are anonymized and redacted; we will not publish identifiable information about your organization without written permission.
Client-specific deliverables become yours after receipt and full payment. VXSec retains its general methods, templates, checklists, know-how, and non-client-specific processes.
To the maximum extent permitted by law, VXSec's total liability for an engagement is limited to the fees paid for that engagement. VXSec is not liable for indirect, consequential, incidental, special, punitive, or business interruption damages, including lost profits, lost data, or losses caused by third-party platforms.
We may update these Terms from time to time. Updated Terms will be posted on this page. For active projects, the terms agreed at project start or in the project-specific agreement apply unless both parties agree otherwise.
These Terms are governed by the laws of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles.
Questions about these Terms? Email [email protected]