Terms for using NeedSec services and website content

These terms apply to use of the NeedSec website and general interactions with NeedSec through this website. Additional written terms may apply to specific services, proposals, statements of work, rules of engagement, or client agreements.

If there is a conflict between these website terms and a signed client agreement, the signed client agreement will usually take priority for the relevant project.

The website describes NeedSec services such as penetration testing, Cyber Essentials certification assessment, secure web development, cloud security assessment, API testing, and related security advisory work.

Website content is provided for general information only. It is not legal advice, compliance certification, security assurance, or a substitute for a properly scoped professional assessment.

You must use this website lawfully and responsibly. You must not attempt to compromise, overload, scan, exploit, reverse engineer, disrupt, or misuse the website or its connected systems.

You must not submit spam, malware, exploit payloads, secrets, unlawful material, or content that infringes someone else's rights through the website forms.

Security testing, penetration testing, vulnerability validation, scanning, exploitation, social engineering, credentialed access, and similar activity must only be performed with explicit written authorisation and agreed scope.

Requesting a quote, sending an enquiry, or reading website content does not authorise anyone to test NeedSec systems, client systems, or third-party systems.

Quotes and proposals depend on accurate scoping information. NeedSec may update pricing, timings, assumptions, exclusions, or deliverables if the scope changes or if new information becomes available.

A project normally begins only once the relevant commercial and scoping requirements have been agreed. This may include written acceptance, payment arrangements, testing windows, contact points, and rules of engagement.

Security reports are prepared for the client and authorised recipients identified for the relevant project. They may contain sensitive details, exploitation evidence, affected systems, and remediation guidance.

Reports should not be published, shared widely, or relied on by third parties without appropriate permission and context. Findings are based on the agreed scope, access, timing, and information available during the assessment.

NeedSec treats client information, system details, vulnerability information, credentials, reports, and project communications as confidential unless disclosure is authorised or legally required.

Clients should also handle NeedSec reports, methods, templates, commercial information, and project communications confidentially.

The NeedSec name, website content, layout, copy, graphics, service descriptions, methodologies, report structures, and other materials are owned by NeedSec or its licensors unless stated otherwise.

You may view website content for normal business evaluation. You may not copy, resell, reproduce, scrape, or reuse substantial parts of the website or materials without permission.

The website may link to third-party websites, standards, tools, or resources. NeedSec is not responsible for third-party content, availability, security, or privacy practices.

Use of third-party platforms, cloud services, hosting providers, payment tools, or communication systems may be subject to their own terms.

NeedSec aims to keep the website useful and available, but does not guarantee uninterrupted access. The website may be changed, updated, withdrawn, or restricted without notice.

NeedSec may update these terms to reflect website, service, legal, operational, or security changes. The latest version will be shown on this page.

Nothing in these terms excludes liability that cannot legally be excluded. Subject to that, NeedSec is not responsible for losses arising from misuse of the website, reliance on general website information, unauthorised testing, third-party services, or circumstances outside NeedSec's reasonable control.

Service-specific liability, warranties, exclusions, and remedies may be set out in the relevant client agreement, proposal, statement of work, or order terms.

These website terms are intended to be governed by the laws of England and Wales, unless a separate written agreement states otherwise.