Terms of Service

These Terms of Service (“Terms”) govern your access to and use of the website, platform, and cybersecurity services provided by Isomorph Cyber (HK) Limited, a company incorporated in Hong Kong (“Isomorph”, “we”, “us”, “our”).

By accessing our website, creating an account, or entering into a service engagement with us, you (“Client”, “you”) agree to be bound by these Terms. If you do not agree, you must not use our services. Acceptance via electronic means (including clicking “I agree” or executing a digital quotation) constitutes a legally binding agreement under the Electronic Transactions Ordinance (Cap. 553, Laws of Hong Kong).

1. Services

Isomorph provides professional cybersecurity services including, but not limited to, penetration testing, vulnerability assessments, attack surface management, compliance reviews, phishing simulations, and security advisory services (collectively, “Services”).

The specific scope, deliverables, timeline, and fees for each engagement are set out in a Statement of Work (“SOW”) or quotation agreed between the parties. In the event of any conflict between these Terms and an SOW, the SOW shall prevail in respect of the specific engagement.

We reserve the right to modify, suspend, or discontinue any Service at any time with reasonable notice, and shall not be liable for any such modification, suspension, or discontinuation.

2. Client Obligations & Authorisation

You agree to:

• Provide accurate, complete, and up-to-date information required for the delivery of Services, including scope documentation, system access credentials, and technical contacts.
• Ensure that you have the legal authority to authorise security testing of all systems, networks, and infrastructure included within the agreed scope. Isomorph will only conduct testing within explicitly authorised boundaries.
• Notify relevant internal teams, co-location providers, and upstream service providers of scheduled testing activities as required to avoid disruption or false incident escalations.
• Comply with all applicable laws and regulations in connection with your use of our Services, including the Computer Crimes Ordinance (Cap. 200, Laws of Hong Kong).
• Not use any findings, tools, or reports delivered by Isomorph for any unlawful purpose or to compromise systems beyond the agreed scope.

You acknowledge that cybersecurity testing carries inherent risks, including potential service disruption. Isomorph will take reasonable precautions to minimise impact, but you accept responsibility for maintaining appropriate backups and continuity measures prior to testing.

3. Accounts & Access

Access to our client portal requires registration with accurate credentials. You are responsible for maintaining the confidentiality of your account credentials and for all activity conducted under your account.

You must notify us immediately at security@isomorph-cyber.com if you suspect any unauthorised access to your account. We reserve the right to suspend or terminate accounts that are used in violation of these Terms.

4. Fees & Payment

• Fees are as specified in the applicable SOW or quotation, quoted in Hong Kong Dollars (HKD) unless otherwise stated.
• Unless otherwise agreed, a deposit of 50% is due upon execution of the SOW, with the balance payable within 30 days of delivery of the final report.
• Overdue invoices accrue interest at the rate of 1.5% per month (or the maximum permitted by law, whichever is lower) from the due date until payment is received in full.
• All fees are exclusive of applicable taxes. You are responsible for any goods and services tax, withholding tax, or other levies imposed by applicable law.
• We reserve the right to suspend Services where payment is overdue by more than 14 days, without prejudice to any other rights or remedies.

5. Confidentiality

Both parties acknowledge that in the course of an engagement, each may disclose confidential information (“Confidential Information”) to the other, including but not limited to technical vulnerabilities, business processes, and proprietary data.

Each party agrees to: (a) keep the other party's Confidential Information strictly confidential; (b) use it solely for the purpose of the engagement; and (c) disclose it only to employees, contractors, or advisors who need to know and are bound by equivalent confidentiality obligations.

Confidentiality obligations survive termination of these Terms for a period of five (5) years. Obligations do not apply to information that is or becomes publicly known through no breach of these Terms, is independently developed, or is required to be disclosed by law or court order (with prior written notice to the other party where legally permissible).

6. Intellectual Property

All reports, findings, and written deliverables produced specifically for your engagement (“Deliverables”) are assigned to you upon receipt of full payment. Isomorph retains ownership of all methodologies, frameworks, tools, scripts, and platform software used to produce the Deliverables.

Isomorph retains the right to use anonymised and aggregated findings for research, benchmarking, and service improvement purposes, provided that no information identifying you or your systems is disclosed.

7. Data Protection

Isomorph complies with Hong Kong's Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”). Personal data collected in connection with the delivery of Services is processed in accordance with our Privacy Policy.

Where Services involve access to personal data belonging to your customers or employees, you warrant that you have a lawful basis for sharing such data with us and that we may process it solely for the purposes of the engagement. All such data is handled with appropriate technical and organisational safeguards and deleted upon completion of the engagement unless otherwise required by law.

8. Disclaimer of Warranties

Our Services are provided on a professional best-efforts basis. Isomorph does not warrant that:

• All vulnerabilities within the tested scope will be identified;
• Systems will be free from security breaches following completion of an engagement; or
• Our platform will be available without interruption or error.

To the fullest extent permitted by the laws of Hong Kong, all implied warranties, conditions, and representations are excluded.

9. Limitation of Liability

To the fullest extent permitted by applicable law:

• Isomorph's total aggregate liability arising out of or in connection with these Terms or any engagement shall not exceed the total fees paid by you to Isomorph in the three (3) months preceding the event giving rise to the claim.
• Isomorph shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of data, business interruption, or reputational harm, even if advised of the possibility of such damages.

Nothing in these Terms limits or excludes liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded by law.

10. Indemnification

You agree to indemnify, defend, and hold harmless Isomorph and its officers, directors, employees, and contractors from any claims, losses, liabilities, damages, costs, and expenses (including reasonable legal fees) arising from: (a) your breach of these Terms; (b) your use of Services in violation of any applicable law; (c) any claim by a third party arising from your misuse of Deliverables; or (d) your failure to obtain proper authorisation for systems included in the testing scope.

11. Term & Termination

These Terms remain in effect for the duration of any active engagement and thereafter as required by the surviving provisions below.

Either party may terminate an engagement for cause upon 14 days written notice if the other party materially breaches these Terms and fails to remedy the breach within that notice period. Isomorph may terminate immediately if you breach obligations relating to authorisation, payment, or lawful use.

Upon termination, you remain liable for all fees incurred up to the date of termination. Sections 5 (Confidentiality), 6 (Intellectual Property), 8 (Disclaimer of Warranties), 9 (Limitation of Liability), 10 (Indemnification), and 12 (Governing Law & Dispute Resolution) survive termination.

12. Governing Law & Dispute Resolution

These Terms are governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region, without regard to its conflict of law provisions.

Any dispute arising out of or in connection with these Terms, including any question regarding their existence, validity, or termination, shall first be referred to senior representatives of both parties for good-faith negotiation for a period of 30 days.

If the dispute is not resolved through negotiation, it shall be finally resolved by arbitration administered by the Hong Kong International Arbitration Centre (“HKIAC”) in accordance with the HKIAC Administered Arbitration Rules in force at the time of the dispute. The seat of arbitration shall be Hong Kong. The language of arbitration shall be English. The number of arbitrators shall be one (1) for disputes below HKD 3,000,000 and three (3) for disputes at or above that threshold.

13. Changes to These Terms

We may update these Terms from time to time. Material changes will be notified via email to registered account holders or posted prominently on our website at least 14 days before they take effect. Your continued use of our Services after the effective date of any update constitutes acceptance of the revised Terms. If you do not agree to the revised Terms, you must cease use of our Services.

14. General

• Entire agreement. These Terms, together with any applicable SOW and our Privacy Policy, constitute the entire agreement between you and Isomorph and supersede all prior agreements, representations, and understandings relating to the subject matter.
• Severability. If any provision of these Terms is found to be unenforceable, the remaining provisions shall continue in full force and effect.
• Waiver. Failure to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision.
• Assignment. You may not assign your rights or obligations under these Terms without our prior written consent. Isomorph may assign its rights to an affiliate or in connection with a business transfer.
• Force majeure. Neither party shall be liable for delays or failures caused by circumstances beyond their reasonable control, including natural disasters, government actions, or third-party infrastructure failures, provided that the affected party gives prompt written notice and uses reasonable efforts to mitigate the impact.

15. Contact Us

If you have any questions about these Terms, please contact us at legal@isomorph-cyber.com.