1. Acceptance of Terms
These Terms of Service ("Terms") constitute a legally binding agreement between you ("Client", "you", or "your") and SecBlok Pty Ltd (ABN 60 600 732 474) ("SecBlok", "we", "us", or "our"), an Australian proprietary limited company.
By engaging our services, submitting a request through our website, or otherwise indicating your acceptance, you agree to be bound by these Terms. If you do not agree to these Terms, you must not use our services.
These Terms should be read in conjunction with our Privacy Policy and any separate engagement agreement or statement of work entered into between you and SecBlok.
2. Description of Services
SecBlok provides AI-powered cybersecurity testing services, including but not limited to:
- Web Application Penetration Testing: security assessment of web applications, APIs, and web infrastructure against OWASP Top 10 and other vulnerability frameworks
- Smart Contract Auditing: static and dynamic analysis of blockchain smart contracts (Solidity/EVM) for security vulnerabilities, logic errors, and exploit potential
- Mobile Application Security Testing: security assessment of Android and iOS applications including reverse engineering, API analysis, and OWASP Mobile Top 10 testing
- AI/ML Security Testing: assessment of artificial intelligence and machine learning systems for prompt injection, jailbreak vulnerabilities, agent hijacking, and OWASP LLM Top 10 risks
The specific scope, deliverables, timeline, and fees for each engagement will be defined in a separate engagement agreement or statement of work agreed upon by both parties prior to commencement of testing.
3. Client Obligations
By engaging SecBlok for security testing services, you represent and warrant that:
- Authorisation: you have full legal authority and ownership or written authorisation from the owner to engage SecBlok to conduct security testing on the specified targets. You must provide written authorisation (a signed scope agreement or equivalent) before testing commences
- Accurate scope information: you will provide accurate and complete information regarding the targets, systems, environments, and scope of the engagement. Any inaccuracies may affect the quality and completeness of results
- Notification of changes: you will promptly notify SecBlok of any changes to systems, environments, or scope during the engagement that may affect testing
- No illegal targets: you will not request SecBlok to test systems, applications, or infrastructure that you do not own or have explicit written authorisation to test
- Production environments: if testing is to be conducted against production (live) environments, you acknowledge the inherent risks and accept responsibility for ensuring adequate backups and recovery procedures are in place
- Cooperation: you will provide reasonable cooperation and timely responses to queries during the engagement to facilitate effective testing
4. Payment Terms
- Quotation: all fees will be quoted in Australian Dollars (AUD) and agreed upon in the engagement agreement prior to the commencement of work
- Deposit: a deposit of 50% of the total engagement fee is required before testing commences, unless otherwise agreed in writing
- Balance: the remaining balance is due upon delivery of the final security assessment report
- Payment method: payment may be made by bank transfer, cryptocurrency, or other methods as agreed
- Late payment: invoices not paid within 14 days of the due date may incur interest at a rate of 2% per month on the outstanding amount
- GST: all fees are exclusive of Goods and Services Tax (GST) unless otherwise stated. GST will be charged where applicable under Australian tax law
- Refunds: if testing has not commenced, you may cancel the engagement and receive a full refund of any deposit paid. Once testing has commenced, fees for work completed are non-refundable
5. Limitation of Liability
To the maximum extent permitted by law:
- SecBlok's total aggregate liability arising from or in connection with these Terms or any engagement shall not exceed the total fees paid by you for the specific engagement giving rise to the liability
- SecBlok shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, business opportunity, or goodwill, even if advised of the possibility of such damages
- SecBlok does not guarantee that all vulnerabilities will be identified during a security assessment. Security testing is conducted within the agreed scope, timeframe, and methodology, and the absence of reported vulnerabilities does not guarantee that a system is free of security issues
- SecBlok shall not be liable for any damage, disruption, or data loss arising from testing conducted on production environments where the Client has accepted the associated risks
Nothing in these Terms excludes or limits liability that cannot be excluded or limited under Australian law, including liability under the Australian Consumer Law (Schedule 2 of the Competition and Consumer Act 2010 (Cth)).
6. Intellectual Property
- Client materials: all intellectual property rights in the Client's systems, applications, source code, and data remain the property of the Client
- SecBlok tools and methodologies: all intellectual property rights in SecBlok's proprietary tools, scripts, methodologies, frameworks, and general knowledge remain the property of SecBlok
- Deliverables: upon full payment of all fees, the Client is granted a non-exclusive, non-transferable licence to use the security assessment report and deliverables for their internal business purposes. The underlying methodologies and tools used to produce the report remain SecBlok's intellectual property
- No reverse engineering: the Client shall not reverse engineer, decompile, or attempt to derive the source code of any SecBlok proprietary tools provided during or as part of the engagement
7. Confidentiality
Both parties agree to maintain the confidentiality of all confidential information disclosed during the engagement:
- Definition: "Confidential Information" includes all non-public information disclosed by either party, including business information, technical data, security findings, vulnerabilities, source code, trade secrets, and personal information
- Obligations: each party agrees to (a) use Confidential Information only for the purpose of the engagement; (b) not disclose Confidential Information to any third party without prior written consent; and (c) protect Confidential Information with at least the same degree of care used to protect its own confidential information
- Exceptions: confidentiality obligations do not apply to information that (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party before disclosure; (c) is independently developed without use of the disclosing party's Confidential Information; or (d) is required to be disclosed by law, regulation, or court order
- Duration: confidentiality obligations survive termination of these Terms and continue for a period of 3 years from the date of disclosure
- Security reports: SecBlok will not publish, share, or reference the Client's security reports or findings publicly without the Client's prior written consent. SecBlok may reference the Client as a customer (name only, not findings) for marketing purposes unless the Client opts out in writing
8. Termination
- By the Client: you may terminate an engagement at any time by providing written notice to SecBlok. Fees for work already completed up to the date of termination are non-refundable. If testing has not commenced, any deposit paid will be refunded in full
- By SecBlok: SecBlok may terminate an engagement immediately upon written notice if (a) the Client breaches any material term of these Terms or the engagement agreement; (b) SecBlok reasonably believes the engagement involves illegal or unauthorised activity; (c) the Client fails to pay any fees when due and does not remedy within 14 days of written notice; or (d) continuing the engagement would pose a legal, ethical, or reputational risk to SecBlok
- Effect of termination: upon termination, SecBlok will deliver all completed work product to the Client (subject to payment for work completed) and both parties will return or destroy Confidential Information as applicable
9. Governing Law and Jurisdiction
These Terms are governed by and construed in accordance with the laws of the State of New South Wales, Australia. Any dispute arising under or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of New South Wales, Australia.
10. Dispute Resolution
In the event of a dispute arising from these Terms or any engagement:
- Negotiation: the parties will first attempt to resolve the dispute through good faith negotiation within 14 days of one party notifying the other of the dispute in writing
- Mediation: if the dispute cannot be resolved through negotiation, the parties agree to submit the dispute to mediation administered by the Australian Disputes Centre (ADC) or an agreed alternative mediation service, with costs shared equally
- Litigation: if mediation fails to resolve the dispute within 30 days of commencement, either party may commence legal proceedings in the courts of New South Wales, Australia
Nothing in this clause prevents either party from seeking urgent interlocutory relief from a court of competent jurisdiction.
11. Indemnification
You agree to indemnify, defend, and hold harmless SecBlok, its directors, officers, employees, and agents from and against any claims, liabilities, damages, losses, costs, or expenses (including reasonable legal fees) arising from or in connection with:
- Your breach of these Terms or any engagement agreement
- Your misrepresentation of authority to authorise security testing on the specified targets
- Any claim by a third party that SecBlok's testing was not authorised by the rightful owner of the tested systems
- Your use of the security assessment report or findings in a manner that causes harm to a third party
- Any violation of applicable laws or regulations by you in connection with the engagement
12. Severability
If any provision of these Terms is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, that provision shall be severed from these Terms and the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced with a valid provision that most closely achieves the original intent and economic effect of the invalid provision.
13. Entire Agreement
These Terms, together with any engagement agreement, statement of work, and our Privacy Policy, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior agreements, representations, warranties, and understandings, whether written or oral.
No modification or amendment to these Terms shall be effective unless made in writing and signed by both parties. No waiver of any provision of these Terms shall be deemed a waiver of any other provision, and no waiver shall constitute a continuing waiver.
14. Force Majeure
Neither party shall be liable for any failure or delay in performing its obligations under these Terms where such failure or delay results from events beyond its reasonable control, including but not limited to natural disasters, acts of government, internet outages, cyberattacks on SecBlok's own infrastructure, pandemics, or civil unrest. The affected party must notify the other party promptly and take reasonable steps to mitigate the impact.
15. Notices
Any notice required or permitted under these Terms shall be in writing and may be delivered by email. Notices to SecBlok should be sent to legal@secblok.io. Notices to the Client will be sent to the email address provided during engagement.
16. Contact Information
For any questions regarding these Terms of Service, please contact us:
These Terms of Service were last updated on 16 April 2026 and are governed by the laws of New South Wales, Australia.