Terms of Service

1. Introduction and Acceptance

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Client," "you," or "your") and Alex Terrats Ciberseguretat SLU (DAB SecurePeak) ("SecurePeak," "we," "us," or "our"), a company registered in the Principality of Andorra, governing your access to and use of our website (www.securepeak.com), client portals, and all services we provide.

SecurePeak provides cybersecurity services including but not limited to cryptographic infrastructure consulting, offensive security assessments, defensive security operations, edge infrastructure services, certificate management, and applied research. These Terms apply to all services unless superseded by a specific written agreement.

2. Definitions

Throughout these Terms, the following definitions apply:

• "Services" means all cybersecurity, consulting, assessment, monitoring, infrastructure, and related services provided by SecurePeak.
• "Website" means www.securepeak.com and all associated subdomains and portals.
• "Client Portal" means secure online platforms providing access to service dashboards, reports, and management interfaces.
• "Certificate Management Portal" means the dedicated platform for SSL/TLS certificate lifecycle management.
• "Engagement Agreement" means a specific written agreement for professional services engagements.
• "Deliverables" means reports, documentation, configurations, code, or other materials produced during service delivery.
• "Confidential Information" means all non-public information disclosed by either party.

3. Account Registration and Security

3.1 Account Requirements

Certain services require account registration. When registering, you agree to provide accurate, current, and complete information and to update such information to maintain its accuracy. You must be at least 18 years of age and have authority to bind the organization you represent.

3.2 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You agree to immediately notify SecurePeak of any unauthorized use of your account or any other security breach. SecurePeak will not be liable for any loss arising from unauthorized use of your account.

3.3 Multi-Factor Authentication

Access to client portals and sensitive services requires multi-factor authentication. You agree to configure and maintain MFA as required by our security policies.

4. Service-Specific Terms

5. Client Obligations

5.1 Accurate Information

You agree to provide accurate and complete information necessary for service delivery and to promptly update such information when changes occur.

5.2 Authorization

You warrant that you have all necessary authority, rights, and permissions to engage SecurePeak for requested services, including authority to authorize security testing of systems and access to facilities, networks, and data.

5.3 Cooperation

You agree to cooperate with SecurePeak in service delivery, including providing timely access to personnel, systems, and information as reasonably required.

5.4 Compliance

You agree to comply with all applicable laws, regulations, and industry standards in connection with your use of our services, including but not limited to data protection laws, export control regulations, and sector-specific requirements.

5.5 Acceptable Use

You agree not to use our services to:

• Violate any applicable law or regulation
• Infringe intellectual property rights of any third party
• Transmit malware, viruses, or other harmful code (except as authorized in testing engagements)
• Attempt to gain unauthorized access to systems or data
• Interfere with or disrupt the integrity or performance of our services
• Engage in fraudulent, deceptive, or malicious activities
• Resell or redistribute services without authorization

6. Intellectual Property

6.1 SecurePeak Property

SecurePeak retains all rights, title, and interest in our methodologies, tools, techniques, know-how, frameworks, and pre-existing intellectual property. Nothing in these Terms transfers ownership of such intellectual property to Client.

6.2 Deliverables

Upon full payment, Client receives a non-exclusive, non-transferable license to use deliverables for internal business purposes. Client may not redistribute, publish, or share deliverables with third parties without prior written consent, except as required by law or regulation.

6.3 Client Data

Client retains all rights to data provided to SecurePeak for service delivery. Client grants SecurePeak a limited license to use such data solely for the purpose of providing services.

6.4 Feedback

If you provide suggestions, ideas, or feedback regarding our services, you grant SecurePeak a royalty-free, worldwide, perpetual license to use such feedback for any purpose.

7. Confidentiality

7.1 Mutual Confidentiality

Each party agrees to maintain the confidentiality of the other party's Confidential Information and to use such information only for purposes of the service relationship. Confidential Information includes all non-public technical, business, or operational information disclosed by either party.

7.2 Security Assessment Confidentiality

SecurePeak will maintain strict confidentiality of all vulnerability information, security findings, and sensitive technical details discovered during security assessments. Such information will only be disclosed to authorized client contacts and will not be shared with third parties without explicit written consent.

7.3 Exceptions

Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was rightfully known prior to disclosure; (c) is independently developed without use of Confidential Information; or (d) is required to be disclosed by law, provided the disclosing party is notified when legally permissible.

8. Payment Terms

8.1 Fees

Fees for services are as specified in applicable engagement agreements, service orders, or published pricing. All fees are in Euros unless otherwise specified and are exclusive of applicable taxes.

8.2 Payment

Payment is due within thirty (30) days of invoice date unless otherwise agreed. Late payments accrue interest at 1.5% per month or the maximum rate permitted by law. SecurePeak reserves the right to suspend services for accounts more than 30 days past due.

8.3 Taxes

Client is responsible for all applicable taxes, duties, and levies, excluding taxes based on SecurePeak's income. Where SecurePeak is required to collect taxes, such taxes will be added to invoices.

9. Warranties and Disclaimers

9.1 Service Warranty

SecurePeak warrants that services will be performed in a professional and workmanlike manner consistent with industry standards. Our sole obligation for breach of this warranty is to re-perform the non-conforming services at no additional cost.

9.2 Security Assessment Disclaimer

Security assessments provide a point-in-time evaluation of security posture. SecurePeak does not warrant that assessments will identify all vulnerabilities or that systems will be secure following remediation. Security is an ongoing process requiring continuous attention.

9.3 Disclaimer of Other Warranties

EXCEPT AS EXPRESSLY PROVIDED HEREIN, SERVICES ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. SECUREPEAK DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. SECUREPEAK DOES NOT WARRANT THAT SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.

10. Limitation of Liability

10.1 Exclusion of Consequential Damages

IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE OR WHETHER A PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10.2 Liability Cap

SECUREPEAK'S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR ANY SERVICE SHALL NOT EXCEED THE FEES PAID BY CLIENT TO SECUREPEAK IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

10.3 Exceptions

The limitations in this Section 10 do not apply to: (a) breach of confidentiality obligations; (b) indemnification obligations; (c) gross negligence or willful misconduct; or (d) liability that cannot be limited under applicable law.

11. Indemnification

11.1 Client Indemnification

Client agrees to defend, indemnify, and hold harmless SecurePeak, its officers, directors, employees, and agents from any claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from: (a) Client's breach of these Terms; (b) Client's violation of any law or rights of a third party; (c) Client's negligence or misconduct; or (d) claims related to Client's systems, data, or operations except to the extent caused by SecurePeak's negligence.

11.2 SecurePeak Indemnification

SecurePeak agrees to defend, indemnify, and hold harmless Client from claims that SecurePeak's services infringe valid intellectual property rights of a third party, provided Client promptly notifies SecurePeak and provides reasonable cooperation in defense.

12. Term and Termination

12.1 Term

These Terms remain in effect while you use our website or services. Specific service terms are as specified in applicable engagement agreements.

12.2 Termination for Convenience

Either party may terminate ongoing services upon thirty (30) days written notice, subject to payment for services rendered through the termination date.

12.3 Termination for Cause

Either party may terminate immediately upon written notice if the other party: (a) materially breaches these Terms and fails to cure within thirty (30) days of notice; (b) becomes insolvent or subject to bankruptcy proceedings; or (c) ceases to conduct business in the normal course.

12.4 Effect of Termination

Upon termination: (a) all licenses granted hereunder terminate; (b) Client shall pay all fees due; (c) each party shall return or destroy Confidential Information upon request; (d) provisions that by their nature should survive will survive, including confidentiality, limitation of liability, and indemnification.

13. Governing Law and Dispute Resolution

13.1 Governing Law

These Terms are governed by the laws of the Principality of Andorra, without regard to conflict of law principles. For clients in the European Union, mandatory consumer protection provisions of your country of residence apply.

13.2 Dispute Resolution

The parties agree to attempt to resolve disputes through good faith negotiation. If negotiation is unsuccessful, disputes shall be submitted to binding arbitration in Andorra la Vella, Andorra, under the rules of the International Chamber of Commerce. The arbitration shall be conducted in English or Spanish as mutually agreed. Judgment on the arbitration award may be entered in any court of competent jurisdiction.

13.3 Injunctive Relief

Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or Confidential Information.

14. General Provisions

14.1 Entire Agreement

These Terms, together with any applicable engagement agreements and referenced policies, constitute the entire agreement between the parties regarding the subject matter hereof and supersede all prior agreements and understandings.

14.2 Amendments

SecurePeak may modify these Terms at any time by posting updated Terms on our website. Material changes will be communicated via email or website notice. Continued use of services after changes become effective constitutes acceptance of modified Terms.

14.3 Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect, and the unenforceable provision will be modified to the minimum extent necessary to make it enforceable.

14.4 Waiver

Failure to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.

14.5 Assignment

Client may not assign these Terms or any rights hereunder without SecurePeak's prior written consent. SecurePeak may assign these Terms in connection with a merger, acquisition, or sale of substantially all assets.

14.6 Force Majeure

Neither party shall be liable for delays or failures in performance resulting from causes beyond its reasonable control, including acts of God, natural disasters, war, terrorism, labor disputes, government actions, or failures of third-party infrastructure.

14.7 Notices

Notices under these Terms shall be in writing and deemed given when delivered personally, sent by confirmed email, or three days after being sent by registered mail to the addresses on file.