SecureConekt (Pty) Ltd TERMS AND CONDITIONS

Terms & Conditions — Penetration Testing Services

1. Definitions

In these Terms the following words have the following meanings:

  1. “Services” — the penetration testing activities purchased via the platform and described in the Order Confirmation and Scope Attachment (for example: External scan, Internal scan, Web Application test, Active Directory audit, Office365 audit).

  2. “Order” — the purchase record and scope selected by the Client.

  3. “Report” — Provider’s post-test written deliverable summarising findings, risk ratings and remediation recommendations.

  4. “Authorization Form” — the signed (digital or physical) form that documents final scope, contacts and authorisation to test.

2. Acceptance and Contract Formation

By placing an Order through the Cloud-on-Demand Marketplace u e-commerce platform you (the Client) (i) accept these Terms & Conditions, (ii) agree to complete and return the Authorization Form before testing begins, and (iii) confirm you either own the systems in scope or have obtained explicit owner permission for them. The Service will not commence until the Authorization Form is received and approved.

3. Scope of Services

3.1 The Services provided are limited to the scope documented in the Authorization Form. Only assets and systems explicitly listed in the Authorization Form will be tested. Any work outside that scope is subject to a change order and additional fees.

3.2 Excluded or high‑risk techniques (including, but not limited to, distributed denial of service testing, intentionally destructive testing, and manipulation of backups or production data) will not be performed unless explicitly requested in writing and accepted through a formal addendum to the Order.

4. Client Obligations

4.1 The Client must:

  1. Provide accurate contact details and designate a technical point of contact for the testing window.

  2. Ensure required access credentials, documentation and approvals are provided prior to the start date, where and as relevant.

  3. Notify affected stakeholders and obtain any third‑party approvals necessary for testing third‑party systems.

  4. Confirm ownership/authority for all assets in scope.

4.2 The Client must maintain up‑to‑date backups and contingency arrangements prior to testing and accepts the residual risk of running live tests against production systems. SecureConekt will take reasonable steps to minimise disruption but cannot guarantee zero impact.

5. Scheduling, Duration & Access

5.1 Testing windows will be scheduled in agreement with the Client and documented in the Authorization Form. SecureConekt may reschedule in the event of emergencies, force majeure or major incidents.

5.2 Delays caused by the Client (including failure to provide access or approvals) may result in rescheduling or additional fees.

6. Confidentiality & Data Handling

6.1 Both parties will treat testing data, findings and Report contents as confidential. SecureConekt will store Reports securely and share them only with authorised Client personnel.

6.2 SecureConekt will not disclose Client data to third parties without prior written consent, except as required by law.

6.3 SecureConekt will handle any personal data in accordance with applicable data protection law (including POPIA where applicable) and only to the extent necessary to perform the Services.

7. Reporting & Remediation

7.1 SecureConekt will deliver a Report after testing. The Report will typically include an executive summary, risk ratings, technical findings, evidence and recommended remediation steps.

7.2 The Client is responsible for reviewing and implementing remediation actions. SecureConekt may offer remediation assistance and retest options as separate services subject to additional fees.

8. Limitations, Exclusions & Liability

8.1 Testing cannot guarantee detection of every vulnerability. The Report reflects a point‑in‑time assessment and does not represent ongoing monitoring.

8.2 SecureConekt is not liable for (and Client accepts responsibility for):

  1. Pre‑existing vulnerabilities or misconfigurations not caused by the SecureConekt;

  2. Third‑party failures or faults;

  3. Data loss or service disruption arising from Client systems which were unstable or incorrectly configured prior to testing;

  4. Consequential, indirect, incidental, special or punitive damages.

8.3 Cap on Liability: Except for liability arising from gross negligence or wilful misconduct or where otherwise required by law, SecureConekt’s aggregate liability under or in connection with these Terms shall not exceed the total fees paid or owed by the Client for the specific Order on which the services were delivred.

8.4 Provider’s liability for direct physical damage or material data loss caused directly by SecureConekt’s gross negligence shall be limited to an amount equal to the Order value.

9. Indemnity & Insurance

9.1 The Client indemnifies and holds harmless SecureConekt from any claims, damages or liabilities resulting from the Client’s failure to obtain required third‑party authorisations, or from testing assets not owned or authorised by the Client.

9.2 SecureConekt will maintain professional indemnity and cyber insurance in commercially reasonable amounts. Insurance cover is subject to policy terms and limits and does not expand Provider’s contractual obligations.

10. Fees, Payment & Refunds

10.1 Fees for the Services are as quoted on the platform at the time of Order. Payment terms (including deposit requirements) are specified on the Order.

10.2 Refunds: If Provider cannot deliver the Services for reasons within Provider’s control, Provider will offer a full refund or a credit. No refunds are provided where testing is delayed or cancelled due to Client causes (including failure to provide access or missing authorisation).

11. Subcontracting & Third Parties

SecureConekt may engage subcontractors in the delivery of Services but remains fully responsible for their performance. Any third‑party testing tools or cloud services used will be operated under Provider’s control and in accordance with these Terms.

12. Intellectual Property

12.1 SecureConekt retains ownership of testing methods, proprietary tools, exploit code, deliverable templates and any know‑how used to deliver the Services.

12.2 Client receives a non‑exclusive, non‑transferable licence to use the Report for internal remediation, compliance and audit purposes only.

13. Termination

Either party may terminate the Order where the other party materially breaches these Terms and fails to remedy such breach within fourteen (14) days of written notice. Termination does not relieve the Client of payment obligations for Services performed up to the termination date.

14. Force Majeure

Neither party shall be liable for failure to perform its obligations to the extent that such failure is caused by events beyond its reasonable control, including but not limited to natural disasters, acts of government, major network outages, or other force majeure events.

15. Governing Law & Dispute Resolution

These Terms are governed by and construed in accordance with the laws of the Republic of South Africa. Parties will attempt to resolve disputes by negotiation; unresolved disputes may be referred to arbitration or to the competent courts of South Africa as agreed in the Order.

16. Miscellaneous

  1. Entire Agreement: These Terms, the Order and the Authorization Form constitute the entire agreement between the parties.

  2. Severability: If any provision of these Terms is found to be invalid or unenforceable, the remainder of the Terms will continue in full force and effect.

  3. Amendments: Provider may update these Terms from time to time; changes will be posted on the platform and shall apply to future Orders.