Terms of Service

Last updated: June 2026

These Terms are general website terms for VXSec services. Project-specific proposals, statements of work, order forms, master service agreements, or written partner agreements may add to or override these Terms for that project.

1. Services

VXSec provides fixed-scope diagnostics, systems cleanup, access governance, SaaS/cloud hygiene review, AI tool access review, agency systems cleanup, partner delivery, and cleanup implementation sprints. Services may cover Microsoft 365, Google Workspace, SaaS tools, cloud accounts, AI tools, contractor access, client handoffs, offboarding workflows, and related documentation.

2. Scope of Engagements

Each engagement is based on an agreed scope. Scope may include systems to review, user counts, access method, deliverables, implementation boundaries, assumptions, exclusions, timeline, and fee. Work outside the agreed scope requires written approval before it begins.

3. Diagnostics and Deliverables

Diagnostic deliverables may include executive summaries, findings tables, access lists, screenshots, export reviews, risk notes, recommended actions, assumptions, exclusions, and implementation roadmaps. Deliverables are based on the information, access, exports, and system state available during the engagement.

4. Implementation Sprints

Implementation sprints are limited to approved cleanup work. VXSec will not intentionally make destructive or high-risk changes without client approval. Changes that may affect data, billing, production systems, client access, integrations, or business continuity require appropriate client owner approval before execution.

5. Access and Credentials

You agree to provide the access, exports, screenshots, logs, or screen-share support reasonably needed to complete the agreed scope. VXSec prefers read-only, export-based, or least-privilege access where practical. Temporary admin or implementation access may be required for approved cleanup work and should be removed after delivery unless otherwise agreed.

6. Client Responsibilities

You are responsible for account ownership, business approvals, backups, recovery options, data retention decisions, third-party account terms, and confirming that requested changes are authorized. You are also responsible for reviewing findings and approving changes before implementation where approval is requested.

7. Backups and Change Control

VXSec uses a non-destructive change-control approach where practical, but many third-party platforms have limited rollback options. You are responsible for maintaining appropriate backups, exports, recovery access, billing owner access, and administrative control over your systems before implementation begins.

8. Third-Party Platforms

VXSec work depends on third-party platforms such as Microsoft, Google, SaaS vendors, cloud providers, AI tools, automation platforms, and identity providers. Platform limitations, permissions, outages, data export limits, API limits, licensing restrictions, or vendor changes may affect scope, timing, findings, or implementation options.

9. Subcontractors and Delivery Partners

VXSec may use subcontractors or delivery partners where appropriate for the agreed work, including partner delivery, white-label delivery, or specialized implementation support. VXSec remains responsible for coordinating the agreed VXSec scope unless a project-specific agreement states otherwise.

10. Payment

Fees, currency, invoicing schedule, and payment terms are agreed before work begins. Diagnostics and implementation sprints are generally fixed-fee once scoped. Fees are non-refundable unless a written agreement states otherwise.

11. No Guaranteed Outcome

VXSec does not guarantee total security, complete risk elimination, a specific savings amount, uninterrupted systems, complete discovery of every issue, or a specific business result. Findings and recommendations are professional assessments based on the agreed scope and information available at the time.

Separately, where a specific engagement offers a satisfaction or value guarantee (for example, an audit fee that is waived if the review surfaces no access risk worth fixing), that guarantee is limited to the fee for that engagement, applies only as described in the applicable proposal or statement of work, and does not expand the outcome disclaimers above.

12. No Emergency Incident Response

VXSec does not provide emergency incident response, breach response, forensic investigation, or 24/7 support unless a separate written agreement specifically covers that work.

13. Confidentiality

We treat client information, systems data, credentials, and engagement details as confidential. We do not sell client data. Public examples are anonymized and redacted; we will not publish identifiable information about your organization without written permission.

14. Intellectual Property

Client-specific deliverables become yours after receipt and full payment. VXSec retains its general methods, templates, checklists, know-how, and non-client-specific processes.

15. Limitation of Liability

To the maximum extent permitted by law, VXSec's total liability for an engagement is limited to the fees paid for that engagement. VXSec is not liable for indirect, consequential, incidental, special, punitive, or business interruption damages, including lost profits, lost data, or losses caused by third-party platforms.

16. Changes to These Terms

We may update these Terms from time to time. Updated Terms will be posted on this page. For active projects, the terms agreed at project start or in the project-specific agreement apply unless both parties agree otherwise.

17. Governing Law

These Terms are governed by the laws of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles.

18. Contact

Questions about these Terms? Email [email protected]