Evalu8 Cybersecurity – Terms of Service

Welcome to Evalu8 Cybersecurity. These Terms of Service outline how we work with our clients and the conditions that apply when you engage our services. They include our Master Terms of Service (Version 1.4) and Schedule A – The Cyber Confidence Blueprint (Version 1.1), which together form the full Agreement between you and Evalu8 Cybersecurity (ABN 90 316 753 893).

Please read these terms carefully, as they set out both our responsibilities and yours. By proceeding with any service, booking, or payment, you confirm that you have read, understood, and agreed to these Terms and the Schedule.

If you have any questions about these terms, you can contact us at before accepting or proceeding.

Master Terms of Service (Version 1.4)

Effective Date: 1 December 2025

1. Introduction and Definitions

These Terms of Service (“Terms”) set out the agreement between Andrew Smith trading as Evalu8 Cybersecurity (ABN 90 316 753 893) (“we”, “us”, “our”) and you (the client, “you”, “your”). By engaging our services or signing any proposal, schedule, or agreement that references these Terms, you agree to be bound by them.

Definitions

  • Services – any consulting, coaching, advisory, or cybersecurity service we provide.

  • Agreement – these Terms and any related proposal, quote, or schedule.

  • Deliverables – any plans, reports, or documents we create under this Agreement.

  • Start Date – the date you accept or sign the Agreement and, where required, full payment of the agreed fee has been received..

2. Scope of Services

We deliver cybersecurity consulting, coaching, and advisory services as described in each Schedule. We will perform the Services with reasonable skill, care, and diligence consistent with industry standards. We do not provide legal, accounting, or insurance advice.

Independent Contractor
We act as an independent contractor in providing the Services. Nothing in this Agreement creates an employment, partnership, or agency relationship between us.

Subcontractors
We may engage trusted subcontractors or service partners to help deliver the Services. We remain responsible for their performance and for protecting your information.

Changes to Scope
If your requirements change or additional work is requested beyond the agreed scope, we will provide a written proposal and quote before proceeding.

3. Client Responsibilities

You agree to:

  1. Provide accurate, complete, and up-to-date information.

  2. Respond to communications within reasonable timeframes.

  3. Implement recommendations in a timely and responsible manner, or ensure your IT provider does so.

  4. Maintain data backups and incident-response procedures.

  5. Seek qualified IT, legal, or compliance advice where required.

Accuracy of Information
You are responsible for ensuring that all information you provide is accurate and complete. We rely on this information when assessing your cybersecurity posture and preparing any advice, recommendations, or plans as part of our Services.

Client Security Responsibilities
You are responsible for maintaining reasonable and up-to-date IT security measures within your own systems and networks, including, at a minimum and without limitation: the use of strong passwords, multi-factor authentication (MFA), reliable security software such as a firewall and antivirus, regular data backups, and timely installation of software updates and patches. We are not liable, and you agree to indemnify us, for any data loss, breach, or security incident that occurs as a result of your failure to maintain appropriate protections or to implement the advice, recommendations, or plans provided as part of our Services.

Payment Dispute Cooperation
You agree to cooperate fully with us in the event of any payment dispute, chargeback, or request for information initiated by you or your bank. This includes promptly providing any documentation or confirmation we reasonably request to validate the charge and assist in resolving the matter.

4. Fees, Payments and Refunds

  • Fees are as stated in your proposal or invoice.

  • Payment is required as agreed (up-front, instalments, or milestone).

  • Invoices are payable within 7 days.

  • Late payments may result in suspension of Services.

  • Prices are in AUD and exclude GST unless stated.

Refunds and Consumer Guarantees
Refunds are not provided after Services commence, except as required by Australian Consumer Law. If a major failure occurs in the delivery of our Services, meaning the Services are substantially unfit for their intended purpose and cannot be remedied within a reasonable time, you are entitled to a refund or other remedy as required by law. For minor issues, we will work with you to correct the problem within a reasonable timeframe.

Card Payment Fees
If you pay by credit or debit card through Stripe or another payment processor, the standard processing fee is added to your invoice.

This fee is currently 1.7% + A$0.30 for domestic cards and 3.5% + A$0.30 for international cards, and is non-refundable in the event of any cancellation or refund, as the fee is retained by the payment provider and is not returned to Evalu8 Cybersecurity.

Late Payment Interest
If an invoice is not paid by the due date, interest may be charged at 1.2 percent per month (14.4 percent per annum) on the overdue balance until full payment is received.

5. Confidentiality and Privacy

We treat all client information as confidential and use it only to deliver the Services. We may share information with trusted providers as needed to support our work. Both parties must keep non-public information confidential.

Data-Breach Notification
If we become aware of a data breach likely to cause serious harm, we will notify you as soon as practicable under the Privacy Act 1988 (Cth).

Client Incident Reporting
You must immediately notify Evalu8 Cybersecurity in writing upon becoming aware of any actual or suspected cyber incident, data breach, or unauthorised access to your systems or data. Failure to notify us promptly may affect our ability to provide timely advice and may impact the limitation of liability provisions under this Agreement.

Information Retention
We store records securely for at least 12 months after completion and may then delete or archive them. You should retain copies of Deliverables you wish to keep long term.

We may use anonymised or aggregated data (with identifiers removed) to improve our processes or training materials. We may also retain anonymised or aggregated client data for internal training, benchmarking, or quality assurance purposes, and to maintain records of Services delivered for audit and compliance tracking.

6. Intellectual Property

All frameworks, templates, and materials we provide remain our intellectual property. You receive a non-exclusive licence to use Deliverables internally. You may not resell or share them without consent. Any data you supply remains your property.

Testimonials, Case Studies and Marketing Use
With your consent, we may reference your business name, logo, or anonymised results in case studies, marketing materials, or client listings. You can withdraw consent at any time in writing, and we will promptly remove your details from future use.

7. Cybersecurity Disclaimer and Limitation of Liability

While our goal is to reduce risk, no system is completely secure. We are not responsible for losses arising from cyber incidents or breaches unless caused by our proven negligence.

Limitation of Liability
Our total liability to you, whether in contract, tort (including negligence), or otherwise, is limited to the amount of fees actually paid by you to us for the specific Services engagement that gave rise to the claim. In no event will we be liable for any indirect, incidental, consequential, special, or exemplary damages, including but not limited to loss of profits, revenue, data, or business interruption, arising from or in connection with this Agreement or the Services provided.

7.1 No Guarantee of Protection
We use recognised frameworks such as the ACSC Essential Eight and SMB 1001. No strategy can guarantee complete protection from cyber incidents. Our role is advisory; you retain responsibility for your systems and decisions.

7.2 Constantly Changing Landscape
Cybersecurity is dynamic. Threats and technologies change over time. You are responsible for reviewing and updating your defences regularly. We recommend an annual review or whenever major changes occur.

7.3 Third-Party Services and Recommendations
We may recommend or link to third-party tools (such as password managers or backup solutions). These are outside our control, and you are responsible for assessing their suitability. We accept no liability for their performance or policies.

7.4 Indemnification
To the fullest extent permitted by law, you agree to indemnify, defend, and hold harmless Evalu8 Cybersecurity, its owners, and subcontractors from and against any and all claims, demands, costs, losses, liabilities, and damages (including reasonable legal fees) arising from or in connection with: (a) your misuse or unauthorised sharing of our Deliverables; (b) your failure or delay in implementing the advice, recommendations, or plans we provide under the Services; or (c) your provision of inaccurate, incomplete, or misleading information on which our Services relied.

7.5 Insurance Responsibility
You are responsible for maintaining appropriate insurance coverage for your business, systems, and data, including (where relevant) cyber insurance or business continuity insurance. Our Services are advisory in nature and do not replace or act as insurance coverage for any loss, damage, or interruption arising from a cyber incident or system failure.

7.6 Warranties
To the fullest extent permitted by law, we provide our Services on an “as is” and “as available” basis and make no express or implied warranties or representations regarding the results to be achieved. We do not warrant that our advice, plans, or recommendations will prevent all cyber incidents or eliminate all risks. Nothing in this Agreement excludes or limits any statutory rights that cannot be excluded under Australian Consumer Law.

8. Term and Termination

This Agreement continues until Services are completed or terminated in writing. Either party may terminate if the other breaches and fails to remedy the breach within 14 days of receiving written notice. If you terminate early, you must pay for all work completed to date. We may terminate immediately if a conflict of interest arises, continued work would create legal or ethical risk, or circumstances make delivery of the Services impractical.

8.1 Right to Suspend Services
We may suspend or delay delivery of the Services, in whole or in part, if:
(a) any invoice remains unpaid after the due date;
(b) you breach this Agreement or fail to provide required information or cooperation; or
(c) we reasonably believe that continuing work may create a security, data, or confidentiality risk.

Services will resume once the issue is resolved to our reasonable satisfaction. Suspension of Services does not limit or waive our rights to recover outstanding fees or to terminate this Agreement if required.

8.2 Non-Solicitation
During the term of this Agreement and for a period of twelve (12) months thereafter, you agree not to directly solicit or hire any of our employees or subcontractors who were involved in providing the Services to you, without our prior written consent.

9. Communication and Dispute Resolution

We value open communication. If any concern arises, both parties agree to attempt to resolve it promptly and in good faith through discussion. If not resolved within 14 days, both parties will attempt mediation with a mutually agreed mediator before taking legal action. Each party shares the mediator’s fee equally.

Notices
Formal notices must be in writing and sent by email to the addresses provided at onboarding. Notices are deemed received on the next business day after sending unless a delivery failure notice is received.

10. Governing Law

This Agreement is governed by the laws of Western Australia. Each party submits to the non-exclusive jurisdiction of the courts of Western Australia.

10.1 Force Majeure
Neither party is liable for any delay or failure to perform its obligations under this Agreement caused by events beyond its reasonable control, including but not limited to natural disasters, acts of government, war, terrorism, pandemics, industrial disputes, failure of utilities or internet services, major supply-chain disruption, or significant cyber incidents affecting infrastructure or third-party service providers. Both parties will notify each other promptly if such an event occurs and will work in good faith to resume Services as soon as practicable once the event has ceased. Each party must use reasonable efforts to mitigate the effects of the force majeure event. If such an event continues for more than 60 days, either party may terminate this Agreement by giving written notice to the other. Obligations not affected by the force majeure event must continue to be performed.

11. Agreement and Acceptance

By signing or electronically agreeing to this document, you confirm that you have read, understood, and agree to these Terms and any related Schedules. You acknowledge that cybersecurity risk cannot be completely eliminated and that ongoing review and vigilance are essential.

Assignment
We may assign or transfer our rights under this Agreement by giving notice. You may not assign without our written consent.

Updates to Terms
We may update these Terms from time to time. The version in effect on the date of your signed proposal applies to that engagement; new versions apply to future engagements.

Electronic Acceptance
Electronic approval (such as clicking “I agree,” typing your name, or digital signature) is treated as valid acceptance of this Agreement and has the same effect as a handwritten signature.

 

Schedule A – The Cyber Confidence Blueprint (Version 1.1)

Effective Date: 1 December 2025

1. Overview

The Cyber Confidence Blueprint helps businesses identify risks, plan improvements, and maintain ongoing protection through a two-stage process:

  • Stage 1 – Assess & Plan; and

  • Stage 2 – Implement & Protect.

2. Structure of the Program

Stage 1 – Assess & Plan (The Cyber Evaluation & Defence Plan)

Objective: Identify risks, assess your current cybersecurity posture, and deliver a tailored plan for improvement. Commencement: Begins once full payment is received in cleared funds.

Scope of Service: A fixed-price engagement including completion of a Pre-Evaluation Questionnaire, a one-hour evaluation session, review of existing practices, and delivery of a tailored Cyber Defence Plan. This engagement focuses on awareness, evaluation, and planning at a business-practice level. It does not include a technical audit, penetration test, or vulnerability scan.

Fees and Payment: Fixed up-front fee per business size or number of seats. Payment is due on invoice issue and must be received before any work begins.

Deliverables:

  1. Completion of the Cyber Evaluation Questionnaire and the Cyber Evaluation Session.

  2. Written Cyber Defence Plan with prioritised actions and recommendations.

  3. Optional debrief or Q&A session to discuss findings and next steps.

Completion: Stage 1 is considered complete upon delivery of the Cyber Defence Plan. Further implementation or monitoring falls under Stage 2.

Cooling-Off and Refund Policy: You may cancel within seven (7) days of payment if no evaluation session has been conducted and no work has begun, and receive a full refund. If work has commenced, a partial refund may be provided at our discretion, less time and costs to date. After the Cooling-Off Period, payments are final.

Stage 2 – Implement & Protect (The Cyber Confidence Blueprint)

Objective: Provide facilitation, guidance, and accountability to support you and your IT provider in implementing your Cyber Defence Plan.

Commencement: Begins once full payment is received in cleared funds.

Scope of Service: A 12-month facilitation and accountability program that helps you carry out the recommendations from your Cyber Defence Plan. Evalu8 Cybersecurity acts as a facilitator and coordination partner, working with you, your IT Provider, and other stakeholders (such as HR or insurance partners) to oversee progress and confirm that key actions are implemented. This program includes structured check-ins, progress tracking, and periodic reviews. It does not include delivery of IT services, technical configuration, or system monitoring.

Fees and Payment: Fixed up-front fee for 12 months (see proposal). In exceptional cases, part-payment or finance arrangements may be approved at our discretion, with work commencing only once the first instalment or finance approval is confirmed.

Duration and Reviews: The Program runs for 12 months from the commencement date. Check-ins occur fortnightly for the first two months, monthly for the next four, and quarterly thereafter. Renewal for another term may be offered by mutual agreement.

Refund and Non-Payment Policy: Payments are for a 12-month program. Payments, once made, are non-refundable and cover the facilitation and coordination work completed to date, as well as the resources, scheduling, and program capacity reserved specifically for your engagement. Failure to make full payment as required may result in suspension or cancellation of services.

3. Client Responsibilities

You agree to provide accurate information, grant reasonable access to necessary data or contacts, participate in scheduled check-ins, and take reasonable steps to implement recommended actions.

4. Exclusions and Boundaries

Unless specifically included in writing, the following are not part of this Schedule: direct technical implementation, ongoing network monitoring, incident response, legal advice, or insurance services.

4.1 Scope Limitations and Alternatives

The Blueprint focuses on key strategies that are practical and appropriate for your business size, needs, and budget. It does not cover every possible cybersecurity product or method available in the market. Some advanced or alternative solutions may exist outside the agreed scope or price level. Where relevant, we may note these as optional enhancements for your consideration, but their implementation is not included unless separately agreed in writing.

4.2 Advisory Role Acknowledgement

Evalu8 Cybersecurity acts as an advisor and facilitator. We do not operate or maintain your IT systems unless separately engaged in writing for that purpose.

5. Revisions and Plan Updates

If material changes occur in your business or technology environment during the engagement, we may recommend an update to your Cyber Defence Plan. Minor clarifications are included within the existing fee; significant changes may require a new scope and quotation.

6. Client Materials Provided

Any materials, documents, or information you provide to us remain your property. We may retain copies for record-keeping and quality assurance and may use anonymised versions to improve our internal processes and training resources.

7. Guarantees and Commitments

We guarantee to:

  • Deliver our services professionally and on time within the agreed scope.

  • Provide clear, practical guidance you can understand and act on.

  • Offer reasonable support throughout the engagement to help you implement your plan.

We do not guarantee specific security outcomes, as results depend on your implementation and external factors beyond our control.

8. Communication

All official communication will be by email or video call unless otherwise agreed. Regular updates and reports will be shared electronically. Urgent issues can be raised by phone using the contact details provided at onboarding.

9. Completion and Handover

At the end of Stage 1, you receive a final PDF copy of your Cyber Defence Plan. At the end of Stage 2, you receive an updated evaluation summary and next-year recommendations. All intellectual property rights remain as outlined in the Master Terms of Service.

10. Agreement

This Schedule forms part of the Evalu8 Cybersecurity Master Terms of Service (Version 1.4). By accepting those Terms, you also agree to the provisions of this Schedule.

 

Last Updated:  1 December 2025

Scroll to Top