Terms of Service

1. Agreement to Terms

By accessing or using the website at lorikeetsecurity.com (the "Site") or engaging with the cybersecurity consulting services provided by Lorikeet Security ("we," "us," or "our"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you must not access or use our Site or services.

We reserve the right to modify these Terms at any time. Changes will be effective immediately upon posting to the Site. Your continued use of the Site after any changes constitutes acceptance of the updated Terms.

2. Services

Lorikeet Security provides cybersecurity consulting services, including but not limited to:

• Penetration testing (web application, API, network, cloud, mobile, desktop)
• Security code reviews
• Active Directory security assessments
• AI agent security assessments
• Red team operations
• Attack surface management
• Compliance-focused security testing (SOC 2, PCI-DSS, ISO 27001, HIPAA)

All services are provided subject to a separate Statement of Work ("SOW") or engagement agreement that defines the scope, timeline, deliverables, and fees for each engagement. These Terms apply in addition to any SOW or engagement agreement.

3. Authorization and Scope

All security testing activities performed by Lorikeet Security are conducted only with explicit written authorization from the client. You represent and warrant that you have the legal authority to authorize testing of any systems, applications, or infrastructure included in the scope of an engagement.

Testing will be performed strictly within the scope defined in the SOW. Any changes to scope require written agreement from both parties. Lorikeet Security will not intentionally access systems or data outside the authorized scope.

4. Confidentiality

We take confidentiality seriously. All information obtained during an engagement, including vulnerabilities discovered, data accessed, credentials obtained, and report contents, is treated as strictly confidential.

We will not disclose any client information, findings, or engagement details to any third party without your prior written consent, except as required by law. Upon completion of an engagement, we will securely delete all client data, credentials, and artifacts within 90 days unless otherwise agreed in writing.

We are willing to sign mutual Non-Disclosure Agreements ("NDAs") prior to any engagement.

5. Client Responsibilities

As a client, you agree to:

• Provide accurate information about the systems and applications in scope
• Ensure you have the legal authority to authorize security testing on all in-scope systems
• Notify relevant third parties (such as cloud providers or hosting companies) of the testing, if required by their terms of service
• Provide necessary access, credentials, and documentation as outlined in the SOW
• Designate a point of contact who is available during the testing window
• Acknowledge that security testing carries inherent risks, including potential service disruption, and maintain appropriate backups

6. Deliverables and Reports

Upon completion of an engagement, Lorikeet Security will deliver a detailed report as specified in the SOW. Reports typically include an executive summary, detailed findings with severity ratings, evidence and reproduction steps, and remediation recommendations.

Reports are provided for the client's internal use only and may not be shared with third parties without our written consent, except as needed to remediate findings (e.g., sharing with your development team) or to meet compliance requirements (e.g., sharing with auditors).

Free retesting of remediated findings is included within the timeframe specified in the SOW.

7. Payment Terms

Fees for services are set forth in the applicable SOW or engagement agreement. Unless otherwise specified:

• A deposit may be required prior to the start of an engagement
• Invoices are due within 30 days of receipt
• Late payments may incur interest at a rate of 1.5% per month
• We reserve the right to suspend or terminate services for non-payment

8. Limitation of Liability

Security testing is inherently complex and involves risk. While we take every reasonable precaution to avoid disruption to your systems, we cannot guarantee that testing will not cause unexpected issues.

To the maximum extent permitted by law, Lorikeet Security's total liability arising from or related to any engagement shall not exceed the fees paid by the client for that specific engagement. In no event shall we be liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or business opportunities.

We do not guarantee that all vulnerabilities will be discovered during an engagement. Security testing provides a point-in-time assessment based on the scope, methodology, and time allocated.

9. Intellectual Property

All tools, methodologies, scripts, and frameworks developed by Lorikeet Security remain our intellectual property. Clients receive full ownership of the deliverables (reports, findings) produced specifically for their engagement.

We may use anonymized, aggregated data from engagements for research, benchmarking, and improving our services, provided no client-identifiable information is disclosed.

10. Website Use

By using our Site, you agree not to:

• Use the Site for any unlawful purpose or in violation of any applicable laws
• Attempt to gain unauthorized access to any part of the Site, its servers, or any connected systems
• Interfere with or disrupt the Site or any connected networks
• Reproduce, duplicate, or exploit any part of the Site for commercial purposes without our written permission

Content on the Site, including blog posts, articles, and educational materials, is provided for informational purposes only. It does not constitute professional advice and should not be relied upon as a substitute for a professional security assessment.

11. Client Portal

Access to the Lorikeet Security client portal is provided to authorized users only. You are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account. You must notify us immediately if you suspect any unauthorized use of your account.

We reserve the right to suspend or terminate portal access at any time for security reasons or if these Terms are violated.

12. Indemnification

You agree to indemnify, defend, and hold harmless Lorikeet Security, its officers, employees, and contractors from any claims, damages, losses, or expenses (including reasonable legal fees) arising from your breach of these Terms, your misuse of our services or reports, or your failure to obtain proper authorization for security testing.

13. Termination

Either party may terminate an engagement with written notice as specified in the applicable SOW. In the event of early termination, the client is responsible for payment of all services rendered up to the termination date.

We reserve the right to immediately suspend or terminate an engagement if we discover that the client does not have proper authorization for the systems being tested, or if continuing the engagement would violate any applicable law.

14. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the United States. Any disputes arising from these Terms or our services shall be resolved through good-faith negotiation. If negotiation fails, disputes shall be submitted to binding arbitration.

15. Contact Us

If you have questions about these Terms of Service, please contact us at:

• Email: [email protected]
• Website: lorikeetsecurity.com