Terms of Service

By engaging Infosec.ge for any services, accessing our website, or entering into a Statement of Work (SOW), you agree to be bound by these Terms of Service. If you are entering into these terms on behalf of an organization, you represent that you have the authority to bind that organization. If you do not agree to these terms, you should not use our services.

Infosec.ge provides cybersecurity consulting services including, but not limited to:

• Penetration testing and vulnerability assessments
• AI and LLM security assessments and red teaming
• Compliance consulting (ISO 27001, SOC 2, PCI DSS, and related frameworks)
• Security Operations Center (SOC) design and implementation
• Advisory services and fractional CISO engagements

The specific scope, deliverables, and timeline of each engagement are defined in the applicable Statement of Work.

All engagements are governed by a mutually agreed Statement of Work (SOW) that defines the project scope, objectives, timeline, deliverables, and fees. Work begins only after both parties have signed the SOW.

Project scoping is conducted collaboratively to ensure alignment on objectives, testing boundaries, and success criteria. Any changes to scope after the SOW is signed require a written change order approved by both parties.

Infosec.ge will perform services with reasonable skill and care, consistent with generally accepted industry standards for cybersecurity consulting. The Client agrees to provide timely access to systems, personnel, and information necessary for the engagement.

Client Ownership. All deliverables produced specifically for the Client — including penetration testing reports, risk assessments, compliance documentation, and remediation guidance — are the property of the Client upon full payment.

Infosec.ge Ownership. Infosec.ge retains all rights to its pre-existing intellectual property, including testing methodologies, tools, frameworks, templates, and general knowledge developed before or independently of the engagement. Infosec.ge may use generalized, anonymized learnings from engagements to improve its services.

Nature of Security Testing. The Client acknowledges that penetration testing, vulnerability assessments, and related security testing activities involve simulating adversarial techniques against live or staging systems. While Infosec.ge takes all reasonable precautions to avoid disruption, security testing carries inherent risks including potential system instability, temporary service degradation, or data corruption. Testing scope and risk tolerance are agreed upon in the SOW.

Point-in-Time Assessments. Security assessments and penetration test results reflect the state of the assessed systems at the time of testing. Infosec.ge does not guarantee that systems will remain secure after the engagement, as new vulnerabilities, configuration changes, and evolving threats may emerge at any time.

No Guarantee of Absolute Security. No security assessment can identify every possible vulnerability. Infosec.ge's services reduce risk but do not eliminate it. Our findings and recommendations are provided on a best-effort, professional basis and should not be construed as a warranty against future breaches.

Liability Cap. To the maximum extent permitted by applicable law, Infosec.ge's total liability for any claim arising from an engagement shall not exceed the fees paid by the Client for that specific engagement. Neither party shall be liable for indirect, incidental, consequential, or punitive damages.

Mutual Confidentiality. Both parties agree to maintain the confidentiality of all proprietary and sensitive information disclosed during the engagement. This includes, but is not limited to, vulnerability findings, system architecture details, business processes, security configurations, and any data encountered during testing.

Sensitive Data Handling. If during the course of testing Infosec.ge discovers or encounters sensitive data (including personal data, credentials, financial records, or other regulated information), such data will be reported to the Client through secure channels and will not be retained beyond the engagement unless explicitly agreed upon. Infosec.ge follows secure data handling and destruction procedures for all engagement artifacts.

NDA. Where required, a separate mutual Non-Disclosure Agreement will be executed prior to the engagement. In the absence of a separate NDA, the confidentiality provisions of these terms apply.

Fees for services are defined in each Statement of Work. Unless otherwise specified in the SOW:

• Invoices are issued upon completion of defined milestones or at the conclusion of the engagement
• Payment is due within 30 days of invoice date (Net 30)
• For engagements exceeding 4 weeks, a deposit of up to 50% may be required before work commences
• Late payments may incur interest at a rate of 1.5% per month on overdue amounts

Either party may terminate an engagement by providing 14 days' written notice. In the event of termination, the Client is responsible for payment of all work completed up to the termination date, including any committed third-party costs.

Either party may terminate immediately if the other party materially breaches these terms or the applicable SOW and fails to cure such breach within 10 business days of written notice.

Confidentiality obligations survive termination of the engagement and remain in effect for a period of 3 years, or longer where required by applicable law.

These terms are governed by the laws of Georgia. For domestic engagements, disputes shall be resolved in the courts of Tbilisi, Georgia.

For international clients, any disputes arising from or related to these terms or the services provided shall be resolved through binding arbitration administered under the rules of the International Chamber of Commerce (ICC). The place of arbitration shall be agreed upon by both parties, with a default venue of Tbilisi, Georgia. The language of arbitration shall be English.