Terms of
Service

Section 01

Parties & Agreement

These Terms of Service ("Terms") govern the provision of digital security consultancy services by KIXK Systems Ltd, a company registered in England and Wales (Company No. 17244535), to any business or individual ("Client") that engages our services.

By entering into an engagement letter with KIXK Systems Ltd, the Client agrees to be bound by these Terms. These Terms are to be read alongside the individual engagement letter, which governs the specific scope, agreed fees, and timeframes of each engagement.

Where there is a conflict between these Terms and a signed engagement letter, the engagement letter takes precedence.

Section 02

Services

KIXK Systems Ltd provides the following categories of service to UK professional services firms:

• Initial Security Assessment: Passive and active assessment of the Client's digital security posture, including email security (SPF, DKIM, DMARC), external port exposure, credential leak analysis, and subdomain discovery
• Remediation Services: Implementation of identified fixes including DMARC enforcement, MFA rollout, port closure, and password manager deployment
• Monthly Retainer: Ongoing monitoring, scheduled scans, quarterly phishing simulations, MFA compliance checks, and monthly compliance reporting — delivered on a 12-month contract term
• Client Reporting: Delivery of plain-English PDF reports suitable for cyber liability insurance purposes

Active scanning (e.g. Nmap, Nuclei) is only conducted after receipt of a signed engagement letter containing explicit written consent for the specific IP ranges and systems to be scanned. No active scanning is performed prior to signed consent under any circumstances.

Section 03

How Contracts Are Formed

The contract formation process proceeds as follows:

• Discovery Call: An initial conversation to establish scope, systems in scope, and mutual expectations. No commitment is made at this stage.
• Engagement Letter Issued: KIXK Systems Ltd issues a written engagement letter covering: precise scope of work, systems and IP ranges in scope, limitation of liability, data handling obligations, explicit consent to scan, governing law, and contract term.
• Countersignature: The contract is formed upon receipt of the Client's countersignature. Work does not commence before this point.
• Onboarding: Following contract formation, a 30-minute access handover call is arranged. The Client grants temporary administrative access to the systems in scope as defined in the engagement letter.

Section 04

Contract Term & Renewal

Retainer engagements operate on a 12-month minimum contract term commencing on the date of countersignature of the engagement letter.

The 12-month term is structured to ensure that security coverage is sustained, monitored, and continuously improved across a full annual cycle. This aligns with most UK cyber liability insurance renewal periods, enabling clients to demonstrate continuous, documented security posture improvement to their insurer.

At the end of each 12-month term, the engagement will automatically continue on a rolling monthly basis unless either party provides written notice of termination at least 30 days before the end of the current term.

KIXK Systems Ltd will issue a written reminder no fewer than 60 days before the end of the initial 12-month term, inviting the Client to confirm renewal or provide notice of termination.

Initial setup engagements are one-off fixed-scope engagements and are not subject to the 12-month retainer term. Once work has commenced on an initial setup engagement, the agreed fee becomes payable in full.

Section 05

Fees & Payment

Fees for all engagements are agreed and confirmed in the individual engagement letter prior to contract formation. No work is undertaken without a signed engagement letter confirming the agreed fee structure.

Invoices are issued via our business invoicing platform and are payable within 14 days of the invoice date. Late payment may result in suspension of retainer services until outstanding amounts are settled.

KIXK Systems Ltd reserves the right to adjust retainer fees at the point of contract renewal with no fewer than 30 days' written notice. The Client may decline renewal if revised terms are not acceptable.

Section 06

Client Obligations

To enable KIXK Systems Ltd to deliver services effectively, the Client agrees to:

• Provide temporary administrator-level access to relevant systems during the onboarding access handover call, as specified in the engagement letter
• Confirm in writing the IP ranges, domains, and systems that are within scope for active scanning
• Notify KIXK Systems Ltd promptly of any material changes to their IT infrastructure, personnel, or systems that may affect the scope of services
• Not share findings, reports, or technical outputs produced by KIXK Systems Ltd with third parties without prior written consent, except where required by law or regulatory obligation
• Store credentials and access details provided to KIXK Systems Ltd securely and revoke access promptly upon engagement termination

Section 07

Scope & Out-of-Scope Findings

KIXK Systems Ltd will only access, scan, or assess systems explicitly listed in the signed engagement letter. If, in the course of performing agreed services, KIXK Systems Ltd discovers a vulnerability outside the agreed scope, we will report the finding to the Client in writing but will not investigate or exploit it further without explicit written authorisation to extend scope.

The Client acknowledges that security assessments are point-in-time activities and that new vulnerabilities may emerge after delivery. KIXK Systems Ltd does not guarantee the ongoing security of any system beyond the scope of active monitoring services included in the retainer.

Section 08

Limitation of Liability

KIXK Systems Ltd shall not be liable for any indirect, consequential, or special losses including but not limited to loss of profits, loss of business, business interruption, or reputational damage, even if we have been advised of the possibility of such losses. Nothing in these Terms excludes liability for death or personal injury caused by negligence, or fraud.

Section 09

Termination

Either party may terminate a retainer engagement by providing 30 days' written notice prior to the end of the current 12-month contract term. Termination mid-term is not permitted except in the circumstances set out below.

KIXK Systems Ltd may terminate an engagement with immediate effect if:

• The Client fails to pay outstanding invoices within 14 days of the due date
• The Client requests activities outside the agreed scope that would violate applicable law
• The Client provides materially false information about their systems or authority to engage our services

Upon termination, all access credentials held by KIXK Systems Ltd will be permanently deleted and confirmed in writing to the Client within 5 business days.

Section 10

Confidentiality & Intellectual Property

Both parties agree to maintain strict confidentiality with respect to all information disclosed in connection with an engagement. KIXK Systems Ltd will not disclose any client-specific findings, reports, or access credentials to any third party without prior written consent, except where required by law.

Report templates and methodology documentation developed by KIXK Systems Ltd remain our intellectual property. The specific findings and recommendations contained within a delivered report belong to the Client.

Section 11

Governing Law

These Terms and any engagement entered into pursuant to them shall be governed by and construed in accordance with the laws of England and Wales. Any dispute shall first be subject to good-faith negotiation. If unresolved within 30 days of written notice, either party may refer the matter to the courts of England and Wales, to whose exclusive jurisdiction both parties submit.

Section 12

Contact

For any questions regarding these Terms, or to enter into an engagement: