Legal Notices

Service Terms

Effective Date: 21 December 2025

(These Service Terms supersede all previous versions. Updates take effect immediately for new customers and 30 days after posting for existing customers.)

1. Introduction

These Service Terms (“Service Terms”) govern the provision and use of BrightShield’s paid services, including Security Audit, Security Foundations, and Security Watch.

These Service Terms apply in addition to the BrightShield Website Terms of Use, which govern access to the BrightShield website. In the event of any inconsistency, these Service Terms prevail in relation to paid services.

By purchasing or using any BrightShield service, you agree to be bound by these Service Terms.

2. Definitions

  • “Agreement” means these Service Terms, together with the Website Terms of Use, Privacy Policy, and applicable Service Schedules
  • “BrightShield”, “we”, “us”, or “our” means BrightShield, a registered business name of The Trustee for THE PEAKSITE TRUST, organised under the laws of Australia
  • “Customer”, “you”, or “your” means the person or entity purchasing or using the Services
  • “Services” means the paid services described in these Service Terms and the applicable Service Schedules
  • “Service Schedule” means the service-specific terms set out in Schedule A, Schedule B, or Schedule C
  • “Fees” means the fees disclosed at purchase, in an agreed proposal, or on the BrightShield website
  • “Data” means information provided by you or generated in connection with delivery of the Services

3. Relationship to Website Terms

Access to and use of the BrightShield website is governed by the Website Terms of Use.

These Service Terms apply only to paid Services. Nothing in the Website Terms creates any obligation for BrightShield to provide Services unless you enter into these Service Terms.

4. Nature of the Services

BrightShield provides guided cybersecurity services designed to help small businesses understand risks, improve security posture, and stay informed as their environment changes.

The Services:

  • Combine automated checks with expert review and practical guidance
  • Are designed for small businesses without dedicated security teams
  • Focus on visibility, prioritisation, and informed decision-making

BrightShield:

  • Does not replace antivirus, firewalls, IT providers, or managed service providers
  • Does not provide legal advice
  • Does not guarantee that security incidents, breaches, or losses will not occur

5. Customer Responsibilities

You acknowledge and agree that:

  • You remain responsible for your systems, accounts, data, and business decisions
  • You are responsible for implementing recommended actions unless expressly agreed otherwise
  • You must maintain appropriate backups and business continuity arrangements
  • Final decisions regarding security actions rest with you

BrightShield’s role is advisory and supportive unless otherwise stated in a Service Schedule.

6. Fees and Billing

6.1 One-off Services

Security Audit and Security Foundations are generally provided as one-off services unless bundled or otherwise agreed.

Fees are payable in advance and are non-refundable except as required by law.

6.2 Subscription Services

Security Watch is an ongoing subscription service, billed monthly unless otherwise agreed.

You may cancel a subscription in accordance with the applicable billing period. Access continues until the end of the paid period.

6.3 Changes in Scope

If your environment, systems, or business materially change, the scope of Services or Fees may need to be adjusted. Any changes will be discussed with you in advance.

7. Suspension of Services

BrightShield may suspend or limit access to the Services, in whole or in part, where:

  • Fees remain unpaid after reasonable notice
  • Continued service could create security, legal, or operational risk
  • The Services are misused or used in material breach of this Agreement
  • We are required to do so by law or a regulator

Where practicable, we will provide notice and an opportunity to remedy the issue before suspension.

8. Data Access and Handling

BrightShield:

  • Does not access or review the content of your emails or files
  • Focuses on configuration, posture, and security-relevant signals
  • Uses least-privilege and role-based access controls
  • Prefers guided screen-sharing to avoid direct system access

Data is handled in accordance with the Privacy Policy.

9. Confidentiality

Each party must keep the other party’s confidential information secure and must not disclose it except as required to perform the Services or as required by law.

This obligation survives termination of the Agreement.

10. Security Disclaimer

You acknowledge that:

  • Security risks cannot be completely eliminated
  • No service can guarantee prevention of all incidents or breaches

BrightShield does not warrant that:

  • All risks or vulnerabilities will be identified
  • All security issues will be detected
  • Security incidents or losses will not occur

The Services are intended to reduce risk and improve visibility, not provide absolute security.

11. Limitation of Liability

To the maximum extent permitted by law:

  • BrightShield is not liable for indirect, incidental, special, or consequential loss
  • BrightShield is not liable for loss of profits, revenue, goodwill, data, or business interruption
  • BrightShield’s total aggregate liability in any 12-month period is limited to the Fees paid by you in that period

Nothing in this Agreement excludes liability that cannot be excluded under applicable law.

12. Termination

Either party may terminate this Agreement:

  • Immediately for a material breach not remedied within 14 days of notice
  • At the end of a billing period for subscription Services

Upon termination:

  • Outstanding Fees remain payable
  • Access to the Services will cease at the end of the paid period

13. Force Majeure

Neither party will be liable for failure or delay in performing obligations due to events beyond reasonable control, including:

  • Cloud service or platform outages
  • Internet or telecommunications failures
  • Third-party service provider failures
  • Natural disasters, acts of government, or industrial action

Obligations will resume as soon as reasonably practicable after the event.

14. Assignment

You may not assign or transfer this Agreement without BrightShield’s prior written consent.

BrightShield may assign or transfer this Agreement, including as part of a corporate restructure, asset sale, or acquisition, by providing notice to you.

15. Dispute Resolution

The parties must first attempt to resolve disputes through good-faith negotiation.

If unresolved, disputes may be referred to mediation before either party commences court proceedings.

This Agreement is governed by the laws of Western Australia, and the parties submit to its exclusive jurisdiction.

16. General

  • These Service Terms, together with the Website Terms of Use and Privacy Policy, form the entire agreement
  • No waiver is effective unless in writing
  • Invalid provisions do not affect the remainder of the Agreement
  • Notices may be provided electronically

Service Schedules

Schedule A – Security Audit

Scope

The Security Audit is a one-off review designed to help you understand your current cybersecurity posture and identify the risks that matter most to your business.

The audit focuses on commonly used systems, accounts, devices, and configurations. The specific areas reviewed depend on your environment, tools, and business context.

What’s Included

The Security Audit typically includes:

  • Review of key cloud platforms, email configuration, domain and website settings
  • Review of access controls, user accounts, and administrative privileges
  • Review of device security posture and basic protections
  • Identification of security risks, misconfigurations, and exposures
  • Consideration of known breach or credential exposure where relevant
  • A clear, prioritised set of findings
  • A guided walkthrough explaining what was found, why it matters, and what to do next

What’s Not Included

The Security Audit does not include:

  • Penetration testing or exploit attempts
  • Real-time or ongoing monitoring
  • Hands-on implementation or remediation
  • Incident response, containment, or emergency support

Access and Method

The audit is designed to be non-disruptive. Wherever possible, review is conducted through guided screen-sharing sessions so you remain in control and no changes are made to your systems.

In some cases, limited or read-only access may be used if you choose to provide it, but this is not required.

Outcome

The outcome of the Security Audit is improved visibility and clarity, not guaranteed security outcomes. The audit helps you prioritise actions, but responsibility for implementing changes remains with you unless otherwise agreed.

Schedule B – Security Foundations

Scope

Security Foundations provides guided assistance to help address the issues identified in a completed Security Audit and establish essential security protections across your business.

This service focuses on turning audit findings into practical, achievable improvements.

What’s Included

Security Foundations may include, depending on your audit results and environment:

  • Guidance and support to improve configuration and security settings
  • Reduction of unnecessary access and permissions
  • Improvements to account hygiene and login protection
  • Assistance with device security basics and safer defaults
  • Practical, plain-language policies and everyday security practices
  • Guided walkthroughs and support while changes are made

What’s Not Included

Security Foundations does not include:

  • Ongoing monitoring or alerting after completion
  • 24/7 support or emergency response
  • Digital forensics or incident investigation
  • Fully managed IT or security operations

Shared Responsibility

Security Foundations is delivered collaboratively.

BrightShield guides, explains, and supports the work, but you remain responsible for approving changes, applying them to your systems, and maintaining them once the service is complete.

Nothing is changed without your knowledge or approval.

Outcome

The outcome of Security Foundations is a stronger baseline security posture based on your audit findings. While this reduces risk, it does not eliminate the possibility of future security incidents.

Schedule C – Security Watch

Scope

Security Watch is an ongoing subscription service that provides monitoring and guidance to help identify important security-relevant changes, exposures, and emerging threats over time.

It is designed to help you spot issues early, without needing to actively monitor systems yourself.

What’s Included

Security Watch typically includes:

  • Monitoring of key systems, accounts, and configurations
  • Alerts when meaningful security-related changes occur
  • Notifications about known breach exposure or compromised credentials
  • Updates about relevant scams, phishing tactics, and emerging threats
  • Clear, practical guidance explaining what happened and what to do next

The specific checks and signals monitored depend on your environment and the services you use.

What’s Not Included

Security Watch does not include:

  • Automatic remediation or fixes
  • Incident response, containment, or recovery services
  • 24/7 emergency coverage or guaranteed response times
  • Continuous monitoring of every possible vulnerability

Alerts and Action

Alerts are designed to highlight issues that matter, not to overwhelm you with noise.

Security Watch provides information and guidance. Any corrective action remains your responsibility unless you separately engage BrightShield for additional support.

Assumptions

Security Watch assumes a reasonable baseline security posture, established through a Security Audit and appropriate remediation, either with BrightShield’s assistance or by you directly.

The service is intended to monitor change and emerging risk, not repeatedly flag known, unresolved issues.

Last Updated:
December 21, 2025
Let's Begin

Ready to understand your security risks?

Get a clear, practical view of your risks and a plan to fix them with a BrightShield Security Audit.

Get Started