Terms of Service

1. Acceptance of Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Client," "you," or "your") and Top Floor Security, LLC ("TFS," "we," "us," or "our"). By accessing or using our website at topfloorsecurity.com (the "Site") or engaging our professional services, you acknowledge that you have read, understood, and agree to be bound by these Terms.

If you are accepting these Terms on behalf of an organization, you represent and warrant that you have the authority to bind that organization. If you do not agree to these Terms, you must discontinue use of the Site and our services immediately.

2. Description of Services

TFS is a boutique cybersecurity consulting firm specializing in governance, risk, and compliance (GRC) services. Our service offerings include, but are not limited to:

• Compliance as a Service (CaaS): Ongoing, managed compliance operations including control monitoring, evidence collection, policy lifecycle management, and auditor coordination across multiple frameworks.
• Compliance Assessments: Readiness assessments, gap analyses, and audit preparation for frameworks including SOC 2, ISO 27001, CMMC, HITRUST, PCI DSS, GDPR, CCPA/CPRA, and international government frameworks (ISMAP, IRAP, ENS).
• Audit & Assurance: End-to-end audit lifecycle management. SOC 2 Type I and Type II examinations performed by an independent, licensed CPA firm. Audit coordination and evidence management for all other frameworks.
• Penetration Testing: Authorized security assessments of networks, applications, APIs, cloud environments, and infrastructure to identify vulnerabilities, performed under a separately executed rules-of-engagement agreement.
• Virtual CISO (vCISO): Fractional executive-level cybersecurity leadership, including security program oversight, board reporting, policy development, risk management, and incident response planning.
• Privacy Compliance: Data privacy program development, Data Protection Impact Assessments (DPIAs), data subject rights workflows, and ongoing compliance management for GDPR, CCPA/CPRA, and global privacy regulations.

The specific scope, deliverables, timeline, and fees for any engagement are defined in a separate Statement of Work ("SOW") or engagement letter executed by both parties. These Terms govern the general relationship between TFS and the Client; in the event of a conflict between these Terms and a signed SOW, the SOW shall control.

3. Client Responsibilities

To enable TFS to perform its services effectively, you agree to:

• Provide Access: Grant TFS timely and reasonable access to systems, networks, documentation, personnel, and facilities as required by the applicable SOW. For penetration testing engagements, this includes providing written authorization before any testing activity begins.
• Furnish Accurate Information: Provide complete, accurate, and current information relevant to the engagement. TFS is not responsible for conclusions or recommendations based on incomplete or inaccurate information provided by the Client.
• Respond in a Timely Manner: Designate a primary point of contact and respond to requests for information, approvals, or feedback within the timeframes specified in the SOW. Delays caused by the Client may result in adjusted timelines or additional fees.
• Maintain Backups: Ensure that adequate backups of systems and data are maintained before any testing or assessment activities, particularly penetration testing engagements.
• Comply with Laws: Ensure that your engagement of TFS and the activities performed under any SOW comply with all applicable laws, regulations, and contractual obligations.

4. Acceptable Use

You agree not to: (a) use the Site for any unlawful purpose or in violation of any applicable law or regulation; (b) attempt to gain unauthorized access to any portion of the Site, other accounts, computer systems, or networks connected to the Site; (c) interfere with or disrupt the integrity or performance of the Site; (d) upload or transmit viruses, malware, or other harmful code; (e) use automated means (bots, scrapers, crawlers) to access the Site except as expressly permitted by our robots.txt file; or (f) impersonate any person or entity or misrepresent your affiliation.

5. Payment Terms

Unless otherwise specified in the applicable SOW, the following payment terms apply: (a) Invoices are due net thirty (30) days from the date of invoice. (b) Late payments accrue interest at a rate of 1.5% per month or the maximum rate permitted by law, whichever is less. (c) The Client is responsible for all reasonable expenses incurred by TFS in connection with the engagement, as specified in the SOW. (d) TFS reserves the right to suspend services if invoices remain unpaid for more than forty-five (45) days past due, upon fifteen (15) days' written notice.

6. Intellectual Property

6.1 TFS Intellectual Property

TFS retains all rights, title, and interest in its proprietary methodologies, tools, frameworks, templates, processes, and general know-how developed independently or prior to the engagement ("TFS IP"). Nothing in these Terms or any SOW shall be construed as a transfer of ownership of TFS IP to the Client.

6.2 Client Deliverables

Upon full payment of all applicable fees, the Client shall own the deliverables specifically created for the Client under an SOW ("Client Deliverables"), including reports, assessments, policies, and documentation tailored to the Client's environment. TFS retains a non-exclusive, royalty-free right to use anonymized and aggregated insights derived from engagements to improve its services, provided that no Client confidential information is disclosed.

6.3 License to TFS IP in Deliverables

To the extent any Client Deliverable incorporates TFS IP, TFS grants the Client a non-exclusive, non-transferable, perpetual license to use such TFS IP solely as embedded within the delivered work product, for the Client's internal business purposes.

7. Confidentiality

Each party ("Receiving Party") agrees to hold in strict confidence all non-public information received from the other party ("Disclosing Party") in connection with an engagement, including business plans, technical data, security findings, system configurations, and financial information ("Confidential Information").

Confidential Information shall not be disclosed to third parties without the Disclosing Party's prior written consent, except as required by law or regulation. Each party shall protect the other's Confidential Information with at least the same degree of care it uses for its own confidential information, and in no event less than reasonable care.

Confidentiality obligations survive the termination of the engagement for a period of three (3) years, unless a longer period is specified in the applicable SOW or a separately executed mutual non-disclosure agreement ("NDA"). Where a separate NDA exists between the parties, its terms shall govern confidentiality to the extent they conflict with this section.

8. Disclaimer of Warranties

SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, TFS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. TFS DOES NOT WARRANT THAT ITS SERVICES WILL IDENTIFY ALL VULNERABILITIES, ELIMINATE ALL RISKS, OR ENSURE REGULATORY COMPLIANCE. SECURITY ASSESSMENTS REFLECT A POINT-IN-TIME EVALUATION AND DO NOT CONSTITUTE A WARRANTY OF ONGOING SECURITY.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, TFS'S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR ANY SOW SHALL NOT EXCEED THE TOTAL FEES PAID BY THE CLIENT TO TFS UNDER THE APPLICABLE SOW DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

IN NO EVENT SHALL TFS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION, OR LOSS OF GOODWILL, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF TFS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TFS's services are advisory in nature. See also Section 8 (Disclaimer of Warranties).

10. Indemnification

You agree to indemnify, defend, and hold harmless TFS and its officers, employees, contractors, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to: (a) your breach of these Terms or any SOW; (b) your negligence or willful misconduct; (c) your failure to comply with applicable laws or regulations; or (d) any unauthorized use of TFS deliverables or materials beyond the scope of the license granted herein.

TFS agrees to indemnify, defend, and hold harmless the Client from and against any third-party claims arising directly from TFS's gross negligence or willful misconduct in the performance of services under an SOW, subject to the limitation of liability in Section 9.

11. Termination

Either party may terminate an engagement by providing thirty (30) days' prior written notice to the other party. Upon termination, the Client shall pay TFS for all services rendered and expenses incurred through the effective date of termination.

Either party may terminate immediately upon written notice if the other party: (a) commits a material breach of these Terms or the applicable SOW and fails to cure such breach within fifteen (15) days of receiving written notice thereof; or (b) becomes subject to bankruptcy, insolvency, or similar proceedings.

Upon termination, TFS shall deliver all completed and in-progress Client Deliverables to the Client, subject to payment of outstanding fees. The provisions of Sections 6 (Intellectual Property), 7 (Confidentiality), 8 (Disclaimer of Warranties), 9 (Limitation of Liability), 10 (Indemnification), 12 (Governing Law), and 13 (Promotional Offers) shall survive termination.

12. Governing Law and Dispute Resolution

These Terms and any disputes arising hereunder shall be governed by and construed in accordance with the laws of the State of Wyoming, without regard to its conflict of laws principles. Any legal action arising out of or relating to these Terms shall be brought exclusively in the state or federal courts located in the State of Wyoming, and each party consents to the personal jurisdiction of such courts.

12.1 Informal Resolution

Before initiating formal proceedings, the parties agree to attempt in good faith to resolve any dispute arising out of or relating to these Terms through direct negotiation for a period of thirty (30) days following written notice of the dispute.

12.2 Binding Arbitration

Any dispute arising from these Terms shall first be submitted to good-faith negotiation. If unresolved within 30 days, disputes shall be resolved through binding arbitration in accordance with the rules of the American Arbitration Association, with proceedings conducted in the State of Wyoming. Each party waives the right to participate in a class action.

12.3 Formal Proceedings

If the dispute is not resolved through negotiation or arbitration, either party may pursue remedies available under applicable law in the courts specified in this section.

13. Promotional Offers

13.1 Security Questionnaire Service

Subject to the terms of this Section, TFS may offer complimentary security questionnaire completion services to eligible Clients.

13.2 Eligibility

The security questionnaire service is available to Clients who enter into a minimum twelve (12) month engagement with TFS under a signed Statement of Work.

13.3 Scope

Eligible Clients may submit up to ten (10) security questionnaires per calendar month for completion by TFS practitioners. Questionnaires must be submitted during the active contract term.

13.4 Response Time

TFS will use commercially reasonable efforts to complete submitted questionnaires within three (3) to five (5) business days of receipt, subject to questionnaire complexity and completeness of supporting documentation.

13.5 Limitations

Unused questionnaire allocations do not roll over to subsequent months. Questionnaire responses are prepared based on information provided by the Client and are for informational purposes only. Client remains solely responsible for the accuracy and completeness of all responses submitted to third parties.

13.6 Modification

TFS reserves the right to modify, suspend, or discontinue promotional offers at its discretion for new engagements. Existing Clients with active promotional terms will continue to receive benefits for the duration of their current engagement term.

13.7 General

Promotional offers are subject to the limitation of liability provisions in Section 9 and the confidentiality provisions in Section 7 of these Terms.

14. Force Majeure

Neither party shall be liable for any delay or failure to perform its obligations under these Terms or any SOW to the extent that such delay or failure is caused by events beyond the party's reasonable control, including but not limited to acts of God, natural disasters, pandemics, government actions, cyberattacks on third-party infrastructure, internet or telecommunications failures, or utility outages. The affected party shall provide prompt written notice and use commercially reasonable efforts to mitigate the impact.

15. Changes to These Terms

TFS reserves the right to modify these Terms at any time. Material changes will be indicated by updating the "Last Updated" date at the top of this page and, where practicable, by providing notice through the Site. Your continued use of the Site or our services following the posting of revised Terms constitutes your acceptance of the changes. We encourage you to review these Terms periodically.

16. Contact

If you have questions about these Terms of Service or need to provide notice under these Terms, please contact us at:

Revision History