Terms & Conditions

These Terms and Conditions ("Terms") govern the provision of services, deliverables, software, platforms, and products (collectively, "Services") by Fighting Smart Cyber, LLC ("FSC," "we," "us," or "our") to its clients ("Client," "you," or "your"). These Terms apply to every engagement, invoice, order, and Service provided by FSC except to the extent superseded by a signed written agreement between the parties.

Where a signed Master Services Agreement ("MSA"), Statement of Work ("SOW"), Order Form, or Rules of Engagement ("RoE") exists between FSC and Client, that agreement controls and these Terms supplement it. Where no such agreement exists, Client's payment of an FSC invoice, acceptance of Services, or use of a deliverable constitutes acceptance of these Terms.

1. Payment Terms

Invoices are due Net 15 from the invoice date unless otherwise stated. Payment must be made in U.S. dollars. ACH via Stripe is the default payment method. Credit and debit card payments are subject to a 3% convenience fee to recover processing costs.

2. Late Payment

Amounts not paid by the due date accrue interest at the lesser of 1.5% per month (18% per annum) or the maximum rate permitted by law, from the due date until paid in full. Client is responsible for all reasonable costs of collection, including attorneys' fees. FSC may suspend performance, withhold deliverables, or revoke license keys and access credentials for any Services while any invoice is more than fifteen (15) days past due, without liability.

3. Disputed Charges

Client must notify FSC in writing of any disputed charge within ten (10) business days of the invoice date, identifying the specific item and basis for dispute. Undisputed amounts remain due on the original terms. Failure to provide timely notice constitutes acceptance of the invoice.

4. Taxes

Stated amounts are exclusive of sales, use, VAT, GST, and similar transaction taxes. Client is responsible for all such taxes other than taxes on FSC's net income. If FSC is required to collect such taxes, they will be added to the invoice.

5. Expenses

Pre-approved travel and out-of-pocket expenses are billed at cost and reimbursable by Client.

6. Scope and Changes

Services are limited to the scope described in the applicable SOW, proposal, or invoice. Any change in scope, deliverables, schedule, or level of effort requires a written change order signed by both parties and may result in additional fees.

7. Acceptance

Deliverables are deemed accepted unless Client provides written notice of specific material non-conformity within ten (10) business days of delivery. Use of a deliverable in production constitutes acceptance.

8. Authorized Security Testing

For penetration testing, vulnerability assessment, red team, adversary emulation, and any other offensive or assessment Services: Client represents and warrants that it has full legal authority over all systems, networks, applications, accounts, and data that are in scope, and that it has obtained any necessary third-party authorizations (including from cloud providers, hosting providers, and joint owners). Client shall execute a written Rules of Engagement or authorization letter prior to commencement.

Client expressly authorizes FSC and its personnel to conduct the agreed activities, which may include actions that would otherwise violate the Computer Fraud and Abuse Act, similar state and foreign laws, or terms of service of third-party providers, solely within the agreed scope. Client shall defend, indemnify, and hold FSC and its personnel harmless from any claim, demand, regulatory action, or third-party suit arising from Client's misrepresentation of scope, authority, or asset ownership.

9. Confidentiality

Each party will protect the other's non-public information disclosed in connection with the Services using at least the same degree of care it uses for its own confidential information, and not less than reasonable care. Confidential Information includes assessment findings, network details, source code, business and financial information, and the contents of any deliverable. Confidentiality obligations survive termination for five (5) years, and indefinitely for trade secrets and personal data.

10. Intellectual Property

(a) FSC Background IP. FSC retains all right, title, and interest in its pre-existing tools, methodologies, frameworks, code libraries, templates, training materials, platforms (SaaS, PaaS, or client self-hosted), and any general know-how ("FSC Background IP"). Nothing in these Terms transfers ownership of FSC Background IP.

(b) Deliverables. Subject to full payment and unless a signed agreement specifies otherwise, FSC grants Client a non-exclusive, non-transferable, perpetual license to use the final deliverables produced for Client solely for Client's internal business purposes. To the extent deliverables incorporate FSC Background IP, the foregoing license applies only to such incorporated portions as embedded in the deliverable.

(c) Software and Platforms. Any FSC or third-party software, SaaS, or platform provided as part of the Services is licensed, not sold, under its accompanying license terms and any applicable end user license agreement, which control over these Terms with respect to such software.

(d) Open Source and Third-Party Components. Deliverables may include open-source or third-party components subject to their own licenses, which are passed through to Client.

(e) Client Data. Client retains ownership of its data. Client grants FSC a limited license to access and process Client data as necessary to perform the Services.

(f) Residual Knowledge. FSC may use general skills, know-how, and experience (including ideas, concepts, and techniques) retained in the unaided memory of its personnel, provided no Confidential Information is disclosed.

11. Warranties and Disclaimer

FSC warrants that Services will be performed in a professional and workmanlike manner consistent with industry standards.

Except as expressly stated, all services, deliverables, platforms, and software are provided "as is" and "as available." FSC disclaims all other warranties, express or implied, including merchantability, fitness for a particular purpose, non-infringement, and any warranty that services will identify all vulnerabilities, prevent all intrusions, or meet any specific security or compliance outcome. Cybersecurity is inherently probabilistic; no assessment, training, or platform can guarantee security against all threats.

12. Limitation of Liability

Except for (i) breach of confidentiality, (ii) indemnification obligations, (iii) willful misconduct or gross negligence, and (iv) amounts owed for services, each party's total cumulative liability arising out of or related to the services shall not exceed the fees paid by Client to FSC under the applicable SOW or invoice in the twelve (12) months preceding the event giving rise to the claim.

In no event shall either party be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost data, or business interruption, even if advised of the possibility.

13. Indemnification

Each party will defend, indemnify, and hold the other harmless from third-party claims to the extent arising from its gross negligence, willful misconduct, or breach of these Terms. Client will additionally indemnify FSC for claims arising from (a) Client's misrepresentation of authority or scope for any assessment Services, (b) Client's combination of deliverables with materials not provided by FSC, or (c) Client's misuse of deliverables, platforms, or training materials.

14. Export Control and Sanctions

Services, deliverables, and software may be subject to U.S. export control laws including the Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR), and to U.S. sanctions administered by OFAC. Client represents that it is not located in, organized under the laws of, or ordinarily resident in any country or region subject to comprehensive U.S. sanctions, and is not a person or entity on the SDN List, Entity List, or any similar restricted-party list. Client shall not export, re-export, transfer, or provide access to deliverables in violation of applicable export laws. For any Services involving controlled technical data, the parties will execute appropriate additional agreements.

15. Personnel and Clearances

FSC personnel may hold U.S. government security clearances. Nothing in these Terms requires FSC to disclose, share, or apply classified information, methods, or sources. Where Services involve classified information or government facilities, separate agreements and government authorizations govern.

16. Non-Solicitation

During the term of any engagement and for twelve (12) months thereafter, Client shall not, directly or indirectly, solicit for employment or engagement any FSC personnel who provided Services to Client, without FSC's prior written consent. General public advertising not targeted at FSC personnel is excluded.

17. Independent Contractor

FSC is an independent contractor. Nothing creates a partnership, joint venture, agency, or employment relationship. Neither party may bind the other.

18. Force Majeure

Neither party is liable for delay or failure to perform (other than payment of money) caused by events beyond its reasonable control, including acts of God, war, terrorism, civil unrest, labor disputes, governmental action, public health emergencies, internet or utility outages, supply chain disruption, or cyberattacks against third parties.

19. Insurance

FSC maintains professional liability (errors and omissions) insurance in commercially reasonable amounts; certificate available upon written request.

20. Termination

Either party may terminate an engagement for material breach not cured within thirty (30) days of written notice. Upon termination, Client shall pay for all Services performed and expenses incurred through the effective date of termination. Sections that by their nature should survive termination (including IP, confidentiality, limitations, indemnification, export, and dispute resolution) survive.

21. Governing Law and Venue

These Terms are governed by the laws of the State of Maryland, without regard to its conflict-of-laws principles. The parties consent to the exclusive jurisdiction of the state and federal courts located in Anne Arundel County, Maryland, for any dispute not subject to arbitration. The U.N. Convention on Contracts for the International Sale of Goods does not apply.

22. Dispute Resolution

The parties will first attempt to resolve any dispute through good-faith negotiation between senior representatives for thirty (30) days before initiating formal proceedings. Either party may seek injunctive relief at any time to protect its confidential information or intellectual property.

23. Assignment

Neither party may assign these Terms without the other's prior written consent, except that either party may assign to a successor in a merger, acquisition, or sale of substantially all assets, on written notice.

24. Notices

Notices must be sent in writing to team@fightingsmartcyber.com and, if to Client, to the billing contact on the applicable invoice or engagement record.

25. Entire Agreement; Order of Precedence

In case of conflict, the order of precedence is: (1) any signed MSA, (2) the applicable signed SOW or Order Form, (3) signed Rules of Engagement, (4) these Terms, (5) the applicable invoice. No purchase order terms, click-through terms, or other Client-issued documents modify these Terms unless expressly accepted in writing by an authorized FSC officer.

26. Severability; Waiver

If any provision is held unenforceable, the remainder remains in effect. No waiver is effective unless in writing.

Changes to These Terms

FSC may update these Terms from time to time. Material changes will be reflected by an updated "Effective Date" at the top of this page. Continued use of Services after an update constitutes acceptance of the revised Terms. For Services provided under a signed MSA or SOW, the version of these Terms in effect on the date of that agreement applies unless the parties agree otherwise in writing.

Contact

These Terms and Conditions are also referenced on FSC invoices and incorporate the abbreviated invoice terms by reference.