/ Legal & compliance
B2B Service Terms
Clear information about how Secremedy operates, protects data, and works with customers.
Effective 14 July 2026
Business-only terms
These terms apply where a business purchases services from Secremedy Ltd. An Order identifies the customer, scope, price, dates and any service-specific terms. If documents conflict, the Order prevails, then these terms, then the DPA.
Authorisation and scope
The customer warrants that it owns or is authorised to test every system, account, network and data source in scope. Testing starts only after written scope, timing, permitted techniques, emergency contacts and rules of engagement are agreed. The customer must not ask us to access third-party systems without authority.
Our obligations
We will perform services with reasonable care and skill, use appropriately qualified personnel, maintain proportionate technical and organisational measures, and report material findings through agreed secure channels.
Customer obligations
The customer will provide accurate information, safe access, backups, timely decisions and a contact able to authorise changes. The customer remains responsible for its systems, business continuity, remediation choices and legal obligations.
Fees and payment
Fees, taxes, expenses and payment dates are in the Order. Unless stated otherwise, invoices are due within 30 days. We may suspend non-emergency services for undisputed overdue amounts after reasonable notice.
Changes and cancellation
Scope changes require written agreement and may affect timing and fees. Cancellation, renewal and minimum terms are those in the Order. Each party may terminate for an unremedied material breach or insolvency, subject to applicable law.
Confidentiality and data
Each party protects the other’s confidential information and uses it only for the engagement. Where we process personal data for the customer, the DPA applies. Findings and credentials are shared only through agreed channels.
Security limitations
Assessments are point-in-time and limited to the agreed scope and techniques. No service guarantees that every vulnerability will be found or that an incident cannot occur.
Intellectual property
Each party keeps its pre-existing intellectual property. After full payment, the customer may use engagement-specific reports internally. We retain tools, methods, templates and general know-how, without the customer’s confidential information.
Liability
Nothing limits liability for fraud, fraudulent misrepresentation, death or personal injury caused by negligence, or another liability that cannot lawfully be limited. Subject to the Order and applicable law, neither party is liable for indirect or consequential loss. Any negotiated cap and exclusions must be stated in the Order and approved by both parties.
General
Neither party may assign an Order without consent, except as part of a bona fide corporate reorganisation or sale. Neither is liable for delay outside reasonable control. English law governs and the courts of England and Wales have exclusive jurisdiction.