Terms of Service

By engaging IoTGuardian (“we,” “us,” “our”) for any security assessment, managed protection engagement, or related advisory service (the “Services”), you (“Client”) agree to these Terms of Service. Engagements are also governed by the Statement of Work (“SOW”) signed for each project. Where the SOW and these Terms conflict, the SOW controls for that engagement only.

IoTGuardian provides security assessments, hardening work, and managed protection engagements scoped per SOW. Typical deliverables include written findings, prioritised remediation plans, configuration changes performed with the Client’s consent, and follow-up reviews.

We are not a 24/7 monitoring service unless that scope is contracted in writing.

Every engagement is defined by a written SOW. Scope is bounded to what that SOW lists; new work, additional systems, or expanded access requires a written change order signed by both parties. Verbal expansions are advisory only and do not modify scope or fees.

• Provide timely access to the environments, systems, and personnel named in the SOW.
• Make timely decisions on the remediation plan we deliver, including approving or declining proposed configuration changes.
• Maintain the controls we implement after the engagement ends. IoTGuardian is not responsible for drift introduced by Client staff, vendors, or third parties after handover, except as specifically contracted.
• Retain ultimate responsibility for legal, regulatory, and compliance decisions affecting the Client’s business.

A mutual non-disclosure agreement applies to every engagement, either via a standalone NDA or by reference within the SOW. We treat Client environment data, network diagrams, device inventories, and assessment findings as confidential information.

Details of how we store, encrypt, and retain that information are published on our security page: /services. Our handling of personal data is described in the Privacy Policy.

THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” IoTGuardian DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. NO SECURITY SERVICE CAN GUARANTEE PREVENTION OF ALL INCIDENTS.

To the maximum extent permitted by law, IoTGuardian’s total liability for any claim arising out of or related to the Services is capped at the fees paid by the Client to IoTGuardian under the relevant SOW in the twelve (12) months preceding the event giving rise to the claim. Neither party is liable for indirect, consequential, or punitive damages.

Each party will indemnify, defend, and hold the other harmless from and against third-party claims arising out of its own negligence, wilful misconduct, or breach of these Terms, subject to the Limitation of Liability above. Specific indemnification language for sensitive engagements (e.g. regulated industries) may be addressed in the SOW.

• Fees are stated in each SOW and invoiced as milestones are met or on the schedule specified.
• Invoices are payable net 30 days from the invoice date.
• Past-due invoices accrue interest at 1.5% per month (or the maximum rate permitted by law, if lower) after the 30-day grace period.
• We may pause active work on engagements with invoices more than 45 days past due, after written notice.

Either party may terminate an engagement for convenience with 30 days’ written notice. On termination, the Client pays for all work completed and reasonable wind-down costs through the effective date. Termination for material breach is allowed with 15 days’ written notice if the breaching party has not cured the breach. Sections that by their nature survive termination (confidentiality, limitation of liability, indemnification, governing law) remain in effect.

These Terms are governed by the laws of the State of North Carolina, USA, without regard to conflict-of-law principles. The parties agree to the exclusive jurisdiction of the state and federal courts located in Mecklenburg County, North Carolina for any dispute that cannot be resolved through good-faith negotiation.

Legal notices to IoTGuardian should be sent to legal@iotguardian.iqcloud.cloud.