Terms of Service

Last updated: January 2024

1. Agreement to Terms

By engaging Espiar's penetration testing services, you agree to be bound by these Terms of Service. These terms constitute a legally binding agreement between you ("Client") and Espiar ("Company", "we", "us").

2. Services Description

Espiar provides professional cybersecurity services including:

  • Web Application Penetration Testing
  • Network Infrastructure Security Assessment
  • API Security Testing
  • Mobile Application Security Testing
  • Security Code Review
  • Vulnerability Assessment and Management

All services are conducted by certified security professionals following industry best practices.

3. Scope and Authorization

Client must provide explicit written authorization for all testing activities. This includes:

  • Detailed scope definition of systems to be tested
  • IP address ranges and domain names
  • Authorized testing timeframes
  • Emergency contact information
  • Acceptable levels of testing (e.g., no DoS attacks)

Important: Testing will only be performed on systems you own or have explicit permission to test. Client warrants they have authority to authorize such testing.

4. Legal Compliance

All penetration testing activities are conducted in compliance with:

  • UK Computer Misuse Act 1990
  • GDPR and Data Protection Act 2018
  • OWASP Testing Guidelines
  • PTES (Penetration Testing Execution Standard)
  • CREST Guidelines for UK-based testing

5. Confidentiality and Non-Disclosure

We maintain strict confidentiality regarding:

  • All client information and business details
  • System architectures and configurations
  • Identified vulnerabilities and security findings
  • Test methodologies and techniques used

Confidentiality Period: All information remains confidential indefinitely unless otherwise agreed in writing.

6. Deliverables and Reports

Upon completion of testing, clients will receive:

  • Executive Summary: High-level findings for management
  • Technical Report: Detailed vulnerability findings with evidence
  • Remediation Guidance: Specific steps to address identified issues
  • Risk Assessment: CVSS scoring and business impact analysis
  • Retest Services: Verification of fixes (where applicable)

Reports are delivered within 5-10 business days of testing completion.

7. Payment Terms

  • Payment Schedule: 50% deposit required, remainder due within 30 days of report delivery
  • Late Payments: 1.5% monthly interest on overdue amounts
  • Currency: All prices quoted in GBP
  • Refunds: No refunds once testing has commenced
  • Additional Work: Scope changes require written approval and may incur additional costs

8. Limitation of Liability

Important Legal Disclaimers:

  • Espiar's total liability shall not exceed the total project fee
  • We are not liable for indirect, consequential, or incidental damages
  • Client assumes responsibility for backup and system availability during testing
  • Testing may identify vulnerabilities but cannot guarantee discovery of all security issues
  • Client is responsible for implementing recommended security measures

9. Professional Standards

Espiar operates under professional ethical guidelines:

  • No Disclosure: Vulnerabilities are reported only to the client
  • Responsible Testing: Minimal impact testing methodologies
  • Professional Certification: Team holds relevant industry certifications (OSCP, CISSP, CEH, CREST)
  • Continuous Education: Ongoing training in latest attack vectors and defenses

10. Client Responsibilities

To ensure successful engagement, clients must:

  • Provide accurate scope and contact information
  • Ensure proper authorization for all systems to be tested
  • Designate technical contacts for the duration of testing
  • Inform Espiar of any system changes during testing window
  • Review and implement security recommendations promptly

11. Emergency Procedures

In case of critical findings or system issues during testing:

  • Critical Vulnerabilities: Immediate notification via phone and email
  • System Impact: Testing halted if unexpected system behavior occurs
  • Emergency Contacts: 24/7 availability during active testing phases
  • Incident Response: Assistance with urgent security incidents (additional fees may apply)

12. Termination

Either party may terminate this agreement:

  • With 7 days written notice for convenience
  • Immediately for material breach of terms
  • Upon completion of all contracted services

Upon termination, all confidentiality obligations remain in effect.

13. Governing Law

These terms are governed by the laws of England and Wales. Any disputes will be resolved through:

  • Good faith negotiation
  • Mediation if required
  • UK courts as final jurisdiction

14. Contact Information

For questions about these terms or to discuss service requirements:

Email: legal@espiar.co.uk

Business Inquiries: security@espiar.co.uk

Address: Manchester, United Kingdom

Emergency Contact: Available during active engagements

Back to Home