Reduce Risk.
Simplify Security.
Accelerate Compliance.

Standards & Certifications Expertise

Our Solutions

Most businesses struggle to keep up with evolving security threats and compliance requirements. Our tailored solutions bridge the gap, ensuring you meet security standards without costly overhead.

Looking to Secure Your Business?

• Book A Free Consultation

We partner with leading security and compliance platforms.

Our work is backed by industry-leading cybersecurity platforms and compliance specialists who help businesses navigate complex security frameworks with confidence.

Through these partnerships, we stay ahead of evolving threats, leverage cutting-edge technology, and ensure that our clients receive the highest level of protection and guidance.

Pricing

Transparent vCISO pricing that scales with your business needs.
No surprises, just security.

Get strategic expertise & essential tools bundled – often saving over €8,000/month vs. piecing solutions together.

Your Security Questions, Answered

Our approach is built around what truly works:

Secure Your Business Now!
Get a FREE Security Assessment for ISO, SOC2, HIPAA & More

What our Clients say

Strong security starts with the right team. See how we’ve helped businesses like yours protect their most valuable assets.

Case Studies

See how we’ve helped SaaS and cloud-based businesses navigate complex compliance challenges, strengthen their security posture, and gain customer trust—quickly and efficiently.

Let’s Secure Your Business.
Schedule a Free Consultation.

Protect your business before threats become problems. Schedule a 30-minute call with SecureLeap to explore how our expertise can strengthen your security. No commitment required.

• Book A Free Consultation

Privacy Policy

Last updated: April 9, 2025

1. INTRODUCTION

Secureleap ("we," "us," "our") is committed to protecting your privacy. This policy explains how we handle your personal data when you use our services or visit secureleap.tech. For questions or to exercise your rights, contact us at [email protected].

2. DATA WE COLLECT

Personal Data:
• Contact information (name, email, phone)
• Business information
• Payment information (processed securely)

Technical Data:
• IP address
• Browser and device information
• Location data
• Website usage data

3. HOW WE USE YOUR DATA

We process your data for these specific purposes:
• To provide services available on our Website
• To perform operations related to contracts, invoices and customer relationship management
• To create a database of customers and prospects
• To send newsletters, requests and direct marketing mailings
• To improve our services
• To answer information requests and other inquiries, to schedule demonstrations
• To comply with legal and regulatory obligations
• To elaborate analytics to measure our audience
• To process data subjects' rights requests
• To perform operations related to our software features

4. LEGAL BASIS FOR PROCESSING

We process your data based on:
• Your consent
• Contractual necessity
• Legal obligations
• Legitimate interests (including business development and contacting potential customers)

5. DATA SECURITY

We implement appropriate technical and organizational measures to protect your data, including encryption, access controls, and staff training.

6. YOUR RIGHTS

Under GDPR, you have rights to:
• Access your data
• Request corrections
• Request deletion
• Object to processing
• Data portability
• Withdraw consent

7. COOKIES AND TRACKING TECHNOLOGIES

We use the following types of cookies:
• Essential cookies: Required for basic website functionality
• Preference cookies: Remember your settings and preferences
• Analytics cookies: Help us understand how visitors use our website
• Marketing cookies: Track visitors across websites to display relevant advertisements
• You can manage cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

8. CHILDREN'S PRIVACY

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete this information as soon as possible. If you believe we might have any information from or about a child, please contact us immediately.

9. DATA RETENTION PERIODS

We retain your personal data only for as long as necessary for the purposes outlined in this policy or as required by law.

10. INTERNATIONAL TRANSFERS

Where we transfer data outside the EEA, we implement appropriate safeguards to ensure GDPR compliance.

11. BUSINESS COMMUNICATIONS

We may contact potential customers based on legitimate interest where we believe our services would be relevant to your business needs. You can opt out of such communications at any time.

12. THIRD-PARTY SHARING

We may share your data with third parties including:
• Service providers necessary for our operations (e.g., Google Workspace)
• Business partners with your consent
• Regulatory authorities when required by law
• Your data will not be used to develop, improve, or train generalized AI and/or ML models without your explicit consent.

13. CHANGES TO THIS POLICY

We may update this policy periodically.

14. CONTACT US

For privacy inquiries: [email protected]

Terms & Conditions - SecureLeap LTA.

Version of April, 9th 2025

Secureleap Lta (hereinafter referred to as "Secureleap" or "We" / "Us") is a provider of Virtual Chief Information Security Officer (VCISO) services and cybersecurity solutions designed to improve the security posture of organizations (hereinafter referred to as the "Services"). The business is operated through its published website, available at secureleap.tech (hereinafter referred to as the "Website").
These terms and conditions (hereinafter the "Terms and Conditions") apply to any entity or person acting on behalf of an entity that has subscribed to the Services as defined herein, either online, through the Website, by exchanging e-mails with Secureleap or on paper (hereinafter the "Client" or "You"). They govern access and use by the Client of the Services and any other services provided through the Website and by Secureleap.

The Client has confirmed its interest in using the Services and, to this end, has agreed to the Specific Terms and Conditions proposed by Secureleap under the terms of a quotation issued by Secureleap or any equivalent document which is accepted by the Client and deemed to be a valid Purchase Order.
Prior to any use of the Services provided by Secureleap, the Client acknowledges and accepts the present Terms and Conditions in full and without reservation. Before subscribing to the present Terms and Conditions, the Client declares to have access to all the necessary information and technical features of the Services, and also to have been provided with all the details requested by the Client concerning its mode of operation and features, and its adequacy to the Client's needs.

1. DEFINITIONS

"Client" refers to the legal entity and professional client of Secureleap, identified as such and operating within the scope of its professional activity, seeking to use the Services.

"Specific Terms and Conditions"designates the special terms and conditions signed by the Client that refer to and are governed by these General Terms and Conditions. This may include a quotation issued by Secureleap and accepted by the Client or any subsequent document, any working document or "Statement of Work" (SOW) issued by Secureleap and signed by the Client, specifying the range of Services selected by the Client, details, quantities, applicable rates, deadlines, all of which become Specific Terms and Conditions within the meaning of the present Terms and Conditions following their acceptance by the Client.

"Agreement" is composed, in decreasing order of precedence, of the Specific Terms and Conditions, the present Terms and Conditions and its appendices. Should there be any discrepancy between two clauses of these documents, then the higher-ranking clause shall prevail. The Agreement prevails over any statement by Secureleap concerning any sales materials (brochures, website, etc.) in the event of a conflict of interpretation.

"Service(s)" refer(s) to the cybersecurity and VCISO service(s) purchased from Secureleap by the Client, which concern(s) or is(/are) linked to the relationship between Secureleap and the Client, and more generally to the Agreement. The scope and extent of the Services subscribed to by the Client are set out in the Specific Terms and Conditions.

"User(s)" shall mean, in the singular or plural, the natural person employed by the Customer and expressly authorized in this capacity by the Client to access and use the Services pursuant to the present Agreement and for professional purposes only, provided that such person has reached the legal age of majority in his/her jurisdiction of domicile. The Client shall keep an up-to-date name list of Users and provide it to Secureleap upon first request. By default, and unless otherwise agreed between Secureleap and the Client, the User must be a legal representative, an employee, an authorized representative or a designated representative acting at the Client's express and written request.

2. PURPOSE OF THE AGREEMENT

The purpose of this Agreement is to govern the provision and use of the Services to the Client and its Users for their own business needs and on a non-exclusive basis, as agreed and detailed under the Specific Terms and Conditions.

3. AGREEMENT PURCHASE OPTIONS

3.1. The access to the Services is limited to corporations, public or private institutions that are duly registered or incorporated in an official register, and which operate within the scope of their professional activity. Private customers are not entitled to take out a subscription to the Services. At the time of subscription or upon request, the Client must provide Secureleap with all the information or official documents required to justify its status as a registered professional (NIF number, Commercial Registration number, VAT number, Commercial Registry extract, or an equivalent document in the event that the Client is located outside Portuguese territory). The Client undertakes to communicate all the information deemed necessary at the time of subscription, certifies the accuracy of the data on the day of entry, and must keep it up to date. If the Client fails to do so, Secureleap reserves the right to temporarily suspend access to all or part of the Services or to terminate this Agreement for convenience without prior notice, notwithstanding the provisions hereof regulating the terms and conditions of termination.

3.2. By applying for subscription to the Services and by accepting the terms of the Agreement, the Client certifies that (i) it has the legal capacity to enter into an Agreement under the laws in force in its jurisdiction of registration or incorporation, (ii) it has reached the legal age of majority under the laws in force in its jurisdiction of incorporation, (iii) it is entitled to all the rights, authorizations or powers of attorney necessary to bind the legal entity which executed the Agreement, (iv) it shall not access the Services by means of any automated process or devious means, (v) it shall not use the Services for illegal or unauthorized purposes, infringing Secureleap's requirements or any applicable law or regulation.

4. TERM

4.1. The Agreement shall become effective as of the last day of signature of the Specific Terms and Conditions for an initial term as specified in the Order Form. The Agreement may be terminated by written notice at least thirty (30) days prior to the expiry of such term by registered letter with acknowledgment of receipt addressed to the other Party explicitly stating its intention to terminate the Agreement.

4.2. Failure to terminate the Agreement prior to the expiry of the initial term specified in the Order Form or any subsequent agreed term will result in an automatic and indefinite renewal by tacit agreement on the anniversary date of the agreed term. The renewal will be for successive terms identical to the initial term unless terminated by either Party by registered letter with acknowledgment of receipt at least thirty (30) days prior to the expiry of the current term, explicitly stating its intent not to extend the Agreement.

4.3. Notwithstanding the monthly payment structure, the Client commits to a minimum service period of twelve (12) months from the commencement date, unless explicitly specified otherwise in the Order Form. The monthly payments represent installments of this annual commitment and not separate monthly service periods.

5. IMPLEMENTATION OF THE SERVICES

5.1. It is the Client's sole responsibility to acquire and maintain at its own expense and under its sole responsibility all necessary technical resources, in particular the internet access (hardware, software, networks, etc.) or network, and the required skills to access the Services, as well as to complete all operations authorized in this respect. In addition, the Client is responsible for the acquisition and maintenance of all equipment necessary to access the Services and agrees that such equipment may affect the quality of access to the Services in whole or in part. Secureleap cannot be held liable in any way, nor can it provide any remedy or claim in the event of damage or loss of any nature whatsoever resulting directly or indirectly from the above-mentioned obligation.

5.2. In order to access and use the Services, the Client must possess the technical prerequisites procured by Secureleap.

5.3. "Kick-off phase" - Prior to the use of the Services, a so-called kick-off phase must be carried out, which consists in asking the Client to answer various questions related to its security environment and needs, to help Secureleap understand the Client's specific requirements prior to the implementation of the Services. Therefore, this step is an essential milestone and requires active collaboration from the Client.
The Client thus undertakes to ensure that this phase runs smoothly, by implementing all diligence to collaborate with Secureleap and by providing all necessary documents or relevant information or data, by appointing a dedicated decision-maker for the Client, and by conducting all actions requested by Secureleap in both oral and written form.
The Client acknowledges and accepts that failure to communicate such information, data or documents, to name a contact person and, more generally, late or unresponsive cooperation on the part of the Client, shall constitute a breach of the Client's obligation to cooperate.

5.4. "Service implementation phase" - the kick-off phase is followed by a so-called 'Service implementation phase', designed to establish the cybersecurity services according to the Customer's specific needs and as expressed to date, on the basis of the sole information communicated in writing to Secureleap during the kick-off phase. The scope and extent of this stage at the Client's is detailed in the Special Conditions and implies the active collaboration of the Client under the same conditions as specified in clause 5.3 above. Both Parties agree with the fact that Secureleap does not provide any additional development services, nor services for integrating new functionalities or altering existing functionalities beyond those agreed to within the scope of this Agreement. Subject to their feasibility and the agreement of Secureleap, such services require the acceptance of an estimate signed by the Client's legal representative.

6. MODALITES OF ACCESS TO THE SERVICES

6.1. In order to access the Services, the Client agrees to provide a valid and active e-mail address along with any information requested by Secureleap by means of a form or any written document. The Client is also invited to create a password,. The Client is solely responsible for the confidentiality and security of its login details and password and undertakes not to disclose them to any third party on any grounds whatsoever and to treat them as strictly confidential. It is the Client's responsibility to manage its access codes and to ensure that only authorized Users access and use the Services in compliance with the Agreement. The Client undertakes to inform Secureleap immediately by any means and to notify Secureleap in writing as soon as it becomes aware of any risk of abuse or unauthorized use of its login and password, given the serious nature of the facts. Secureleap can under no circumstances be held liable for any losses or damages of any kind resulting from the Client's failure to meet this obligation.

6.2. The Client agrees to disclose the identity and precise number of Users to Secureleap by any means in writing, and to inform the latter without delay of any possible changes which may arise over the duration of the Agreement.

7. INVOICING – PAYMENT

7.1. The Specific Terms and Conditions specify the rates and financial terms of the relationship between Secureleap and the Client, made up of a subscription payable in cash from the Order date, unless otherwise specified in the Specific Terms and Conditions. The Client acknowledges that it is aware of the tariff details and characteristics before entering into the Agreement. If during the course of the Agreement, the Client decides to subscribe to new Services, these additional or complementary services are charged by Secureleap according to the applicable rates.

7.2. All amounts owed by the Client by virtue of the present Agreement are subject to payment (i) by direct debit from the Client's bank account or (ii) through on-line payment. Payment by bank transfer to Secureleap's bank account is also available.
For payments made by direct debit, the Client undertakes to ensure that the bank account provided at the time of subscription by way of the Specific Conditions is provisioned with sufficient funds for the entire duration of this Agreement. In the event that the Client wishes to use a different bank account, it agrees to do so with at least two (2) months' notice, and to provide all relevant bank details and information as requested by Secureleap. With regard to online payments, Secureleap sends the Customer a URL to a third-party payment solution selected by Secureleap, according to the terms of use available to the Client prior to payment validation.
The payment methods accepted are as follows: VISA, MASTERCARD, AMERICAN EXPRESS. In any event and regardless of the selected method of payment, the Client must provide up-to-date, complete and accurate payment details and is committed to maintaining them up to date. Prices are displayed in euros or US dollars and exclude taxes and charges, to be invoiced directly by Secureleap.
Unless otherwise agreed in writing, Secureleap will not incur any costs relating to international payments. If any customs duties, import taxes or other taxes apply due to the remote geographical location of the Services, these fees are payable by the Client, who has been advised to make the necessary verifications and take the necessary steps prior to submitting
their order.

7.3. The Client expressly accepts that invoices may be issued in electronic form. Each invoice is sent to the Client by e-mail to the e-mail address indicated in the Specific Terms and Conditions, or in writing prior to payment. The Client must imperatively provide the invoice on a durable medium before any dispute can be lodged against it, subject to the additional prerequisite that such a dispute be notified to Secureleap within thirty (30) days of the invoice date; if no dispute arises by the end of this period, it implies definitive and unreserved acceptance by the Client.

7.4. All prices quoted are subject to annual revision as of right and by simple notice on the Agreement anniversary date, in accordance with the variation in the Portuguese Consumer Price Index (CPI). Secureleap reserves the right to increase its rates at any time by notifying the Customer at least thirty (30) days before the effective implementation date of the new tariffs. The Client may then terminate the Agreement by sending a registered letter with acknowledgement of receipt to Secureleap's head office at least fifteen (15) days before the effective implementation date of the new rates. Such termination will apply on the expiry of the current subscription and will not entail the application of the new rates, nor the repayment of any instalments remaining due under the old rates. Failure to cancel or contest will result in the Client being presumed to have accepted Secureleap's new rates and will automatically be applied to the Client's future invoices.

7.5. In case of late payment and without prejudice to Secureleap's other remedies, Secureleap reserves the right to charge interest on all sums due until full payment is made. Interest will be capitalized at a rate equal to the higher of the following two rates: (i) three (3) times the legal interest rate in Portugal; or (ii) the rate of the European Central Bank plus ten (10) points. In addition, Secureleap is entitled to obtain from the Client a fixed sum of Euros 40 (or any other amount fixed by applicable regulations), by way of compensation for collection costs. Secureleap also reserves the right to invoice any bank charges arising from a payment refusal. In the event of non-payment, Secureleap may suspend access to the Services, or terminate this Agreement as provided herein.

7.6. Unless explicitly specified otherwise in the Specific Terms and Conditions or Order Form, all Services are billed in monthly installments, while representing a full annual commitment. If the Client terminates the Agreement for convenience prior to completing the committed annual term, the Client shall immediately pay all remaining monthly installments through the original end date of the annual term. This represents liquidated damages and not a penalty, reflecting the reasonable allocation of costs and resources Secureleap commits when initiating Services.

8. OBLIGATIONS OF THE CLIENT

8.1. The Client undertakes to use and guarantees the use made of the Services by its Users in accordance with the Agreement, all documentation and standards, legal and regulatory provisions in force, any code of conduct or Secureleap documentation. The Client shall ensure that any use made of the Services by the Client or its Users is accurate, stable and not likely to disrupt operations of the Services. The Client also declares that its hardware is compatible with the implementation and use of the Services. In all circumstances, the Client is solely responsible for its information system, access to the Services and any data, files or other documents used by the Client in relation to the Services, and undertakes to take all appropriate measures to protect any data or software used by the Client in relation to the Services against infection by viruses, logic bombs, Trojan horses or any other harmful or destructive software, or unauthorized use of the Client's information system by third parties.
It is up to the Client to take all necessary measures to safeguard and check the quality of its data, and where appropriate, to subscribe to an insurance policy covering the possible consequences of this type of risk.
Secureleap cannot be held responsible for damage resulting from the loss, alteration or damage to the Client's data, in the event that the Client has not kept a backup copy. In this regard, the Client shall refrain from downloading, transmitting, facilitating such download or transmission or otherwise attempting to do so, any virus, logic bomb, Trojan Horse or other destructive or harmful program likely to interfere with the use of the Services and their features, or likely to interfere with their use, or to modify, harm, disrupt or otherwise alter them, without this list being exhaustive. In particular, the Client undertakes not to modify, alter, or allow access to by any positive acts or by abstention, or otherwise customize the Services, to use it or allow third parties to use it by any unauthorized means, or to hinder or disrupt its safety, operation, integrity or performance or any of its components, either directly or indirectly, or by the use of any automatic or computerized tools.
The Client agrees not to reproduce, duplicate, copy, sell, exchange, resell, grant access to, transfer, sell, modify, nor to create derivative works or to exploit for commercial purposes any part of the Services, or the computer code underlying the Services.

8.2. The Client is liable for all use made of the Services. The Client assumes sole responsibility for direct or indirect, material or immaterial damages and prejudices caused by themselves or their Users or staff to Secureleap and/or to any third party whatsoever, and undertakes to indemnify Secureleap against any claims, demands and/or condemnation to damages which might be brought against Secureleap, or any threat of sanction and/or punishment Secureleap might incur, including all reasonably incurred attorney's fees that Secureleap may be liable to pay, insofar as the cause, basis or origin of such claims is deemed to involve any use of the Services that does not comply with the aforementioned provisions and/or any content conveyed, hosted, routed or inserted that is inconsistent with the terms of this Agreement. Failure by the Client to comply with the obligations set forth in this Agreement, or infringement of any legal or regulatory obligation may result in Secureleap suspending access to the Services, or terminating this Agreement in accordance with these Terms and Conditions.

9. SUPPORT AND UPDATES

9.1. Remedial Support, which aims at correcting material dysfunctions of the Services that prevent the Client from using the core functionalities of the Services, is the exclusive responsibility of Secureleap. Secureleap will make commercially reasonable efforts to correct such material dysfunctions in a timely manner. The features of the Services are likely to be upgraded from time to time, in line with the development of Secureleap's offer. Secureleap reserves the right to add or remove functionalities or features to the Services, or to suspend or discontinue them in whole or in part. Secureleap may also restrict the use of the Services, amend the Customer's subscription plan, or modify the pricing of the Services fully or partially and at any time.
Secureleap thus reserves the right to discontinue availability to Users of all or part of the Services in order to carry out updates, maintenance and/or improvement work. In such cases and save for emergencies, Secureleap undertakes to notify the Client of any such downtime by e-mail. The Client expressly accepts that all new functionalities, tools and features will automatically be subject to the terms of the Agreement, without this list being restrictive.
Nevertheless, Secureleap does not guarantee that the updates will meet the Client's specific needs. While Secureleap will endeavor to maintain the Services in good working order, Secureleap is not obligated to implement updates or improvements that are not necessary to restore the functionality of the Services, nor to fix minor issues that do not materially impact the Client's ability to use the core functionalities of the Services.

9.2. The Client undertakes to equip its information system with workstations, terminals or any other devices compatible with the Services, and to provide a technical environment that includes a reliable Internet connection compatible with the technical requirements necessary for operating the Services.

9.3 Unless otherwise specified in the Specific Terms and Conditions or expressly agreed in writing, all Services will be provided during standard business hours (Monday to Friday, 9:00 AM to 6:00 PM WET/WEST, excluding Portuguese public holidays).

While Secureleap may, at its sole discretion, provide support outside of standard business hours including weekends and holidays in urgent situations, such support is not guaranteed and should not be expected as part of the standard Service offering. Any support provided outside standard business hours is done on a best-effort basis and does not create an ongoing obligation for Secureleap to provide such extended support.

For Clients requiring guaranteed support outside standard business hours, dedicated arrangements must be explicitly agreed upon in writing and may be subject to additional fees as specified in the Specific Terms and Conditions.

In cases of severe security incidents or emergencies that may significantly impact the Client's business operations, Secureleap will make commercially reasonable efforts to respond in a timely manner, subject to resource availability, but does not guarantee immediate response outside of standard business hours unless explicitly agreed otherwise in writing.

10. RESPONSIBILITY AND WARRANTIES

10.1. You agree to use the Services on an "AS IS" basis, with no implied or express warranties of any kind about its quality, performance or results. The Client confirms that the Services have been tested and are suitable for the Client's needs.
The Client also accepts that the Services may include features designed to interact with third-party applications or services, with no link whatsoever to Secureleap. These third-party applications or services are integrated at the sole discretion of the Client, who accepts that this integration or use be subject to the Terms and Conditions and contractual documents of these third parties which have no connection whatsoever with Secureleap and thus prevents Secureleap from being held liable in any capacity whatsoever, as a result of this integration or its effects.

10.2. SECURELEAP IS NOT LIABLE FOR ANY DIRECT OR INDIRECT DAMAGE INCURRED BY THE CLIENT OR A THIRD PARTY AS A RESULT OF THE USE OF THE SERVICES OR ANY SUBSEQUENT MEDIA, INCLUDING LOSS OF DATA OR RESULTING FROM THEIR PARTIAL OR TOTAL UNAVAILABILITY. Additionally, Secureleap cannot be held responsible for the unavailability of the Services arising from the breakdown of electronic communications carriers or hosting providers, or from a lack of network coverage or insufficient network capacity on the part of the Client.
Secureleap declines all responsibility for any damage incurred by the Client as a result of using the Services in conjunction with any software or hardware operated by the Client or any user, for any technical issue on the part of the Client, for any technical issue relating to the services provided by any third party, or for any internal issue related to the Client. The Client is fully responsible for taking out the necessary maintenance policies to cover its equipment, as well as for implementing the necessary update and backup policies for its information systems, and for establishing all work continuity and recovery procedures and plans. The responsibility of Secureleap is therefore explicitly excluded for any damage resulting from third party hardware or software forming part of the Client's information system and/or that of its Users.
Secureleap is not responsible for the lack of accuracy, truthfulness or comprehensiveness of the results or data stemming from the use of the Services.

10.3. Secureleap is bound by a best-efforts obligation in the performance of its obligations, including those relating to support and consultancy and to the deadlines for execution, completion, availability or any other time frames agreed upon in the Specific Terms and Conditions, which are provided to the Client for information purposes only. Thus, Secureleap may not be held responsible for any delay in the performance of the Agreement resulting from these indicative deadlines, nor for any functional defects in the Services. Secureleap does not guarantee that the Services will function at all times, nor that they are exempt from any error. Unless there has been gross negligence proven and documented in the performance of its obligations, Secureleap's liability is limited expressly as indicated below, to the exclusion of all other damages of any nature including, in particular, loss of profits, loss of revenue, loss of business, loss of clientele, loss of business opportunity, or other similar losses, breach of privacy, loss of personal data, any indirect, incidental or consequential damages or loss of information, and damages caused to third parties.

10.4. Secureleap is not liable for any temporary disruption of the Services, in particular where such disruption results from the deployment and implementation of maintenance, service or backup work, updates and extensions, including in cases where the Client observes a degradation, failure or temporary quality disruption.
Secureleap shall not be held liable for any loss of time or inconvenience caused by the performance of its duties under the present Agreement or resulting from the failure of the whole or any part of the Services.
At all events, if the liability of Secureleap is proven for compensable damage, it may not exceed a maximum amount corresponding to the sums invoiced and collected over a period of three sliding months preceding the generating factor of the damage. The Client undertakes to compensate Secureleap for any damage arising from its liability and originating from a breach of any of the clauses of this Agreement.

11. INTELLECTUAL PROPERTY

11.1. Secureleap has all intellectual property rights on the Services, including but not limited to all source code, functionalities, software, media, associated documentation and all content and visuals, and holds duly registered trademarks for the purpose of operating its business.

11.2. The Client acknowledges that this Agreement does not entitle them to any title or right of ownership of whatsoever nature with regard to the Services and its constituents or components, nor of any other kind. Where applicable, Secureleap grants the Client the right to use the Services exclusively for their professional needs, whereby the right to use the Services is granted solely to the Client and authorized Users. The Client must comply with and ensure compliance with all notices relating to Secureleap's property rights on the components of the Services on all media. In particular, the Client is not authorized to copy, modify, disassemble, alter or otherwise adapt, in particular by translation, or modify all or any part of the Services. Moreover, this Agreement does not empower the Client to sell, rent, license, lease or distribute the Services by any means whatsoever, including on a temporary basis. The Client expressly undertakes not to copy, reproduce, republish, download, display, translate, distribute, sell or operate the Services, trademarks and other intellectual property rights held by Secureleap in any other way. The Client shall refrain from implementing or allowing the deployment of a deconstruction or reverse development process that would result in accessing any code, modifying it or reusing part of this code by whatever means or in whatever form, or from inserting any intrusive or malicious code. In addition, the Client undertakes not to implement any procedure aimed at accessing the Services by any devious or unauthorized means, or to impede such an occurrence by abstaining from doing so. Secureleap reserves the right to terminate, suspend or block the Client's access to the Services in the event of a failure to comply with any of the articles herein. The Client undertakes to ensure that all staff comply with these obligations.

11.3. The Client claims to be the owner of all legal rights pertaining to all the elements, contents, data and documentation which may be produced within the framework of this Agreement and guarantees that the latter are in conformity with the current laws and regulations, and that they are not being disputed or claimed by a third party for any purpose whatsoever, such as, in particular, patents and copyrights. The Client must indemnify Secureleap on demand for all damages, costs, expenses including legal defense costs (fees and expenses), for which Secureleap may choose the counsel, fines or indemnity of any nature that Secureleap may suffer as a result of a claim by a third party, including all qualified administrative authorities, due to a breach by the Client of their obligations under the provisions of this section.

11.4. In addition, any data or other elements produced or generated based on the Client's indications remain the property of the Client, who is entirely responsible for them, and Secureleap has no obligation to monitor and verify the content provided or sent through the Services. The Client expressly agrees to indemnify and hold harmless Secureleap or any third party against all loss suffered by Secureleap or any third party as a result of the infringement of a third party's intellectual property rights of current applicable law, or of any conflicting provision herein. Under the terms of the Agreement, the Client grants Secureleap the right to use the data and other elements for any purpose whatsoever.

12. PERSONAL DATA

Secureleap undertakes to comply with the provisions of EU Regulation No. 2016/679 on the protection of individuals with regard to the processing of personal data known as the "GDPR", as well as Portugal's Law on the protection of personal data, and more generally all current statutory regulations on the protection of personal data.
Consequently, Secureleap will use the information and personal data provided by the Client in accordance with the terms of the Data Processing Agreement reached between the parties in the case of Secureleap acting as a subcontractor, and in accordance with the terms of Secureleap's Confidentiality Policy in all other cases, available at https://secureleap.tech/privacy

13. CONFIDENTIALITY

Each party commits not to disclose the other party's confidential information to any third party without the prior written consent of the other Party for the term of the Agreement and for a five (5) year period following the expiration or termination of the Agreement under any circumstances whatsoever. The Parties represent and warrant that their staff and any subcontractors involved in the performance of the Agreement will comply with this obligation. The term "Confidential Information" refer to information identified as such by the label "Confidential", and any information that is confidential to a party by nature, in particular information relating to such party's business, finances, technology, trade secrets, pricing, methodology, know-how, processes, products, documents, materials, software and tools. In the case of any doubt on the confidential nature of the information, each Party undertakes to request the approval of the other Party in writing prior to any disclosure of such information.
Confidential Information does not extend to data:

Which is or has become public due to no fault of the receiving party;
of which the receiving party was aware prior to disclosure, provided that: (i) the receiving party produces suitable supporting documentation; (ii) the information does not originate directly or indirectly from the other party; (iii) neither the receiving party nor any third party has infringed an agreed obligation of confidentiality or committed any other fault;
that are disclosed to the receiving party by a third party and without any failure to comply with any confidentiality obligation or any other fault; and
that are independently produced by the receiving party, whereby no Confidential Information of the other party is used;
of which disclosure is required by law, regulation or court order to the extent necessary.Each party agrees to use reasonable precautions to safeguard the other party's Confidential Information, and to take at least the same level of care required to maintain the confidentiality of its own Confidential Information.

14. TRADE REFERENCES

The Client expressly authorizes Secureleap to use their name and logo as part of its commercial references on Secureleap's Website and in marketing and commercial documents, as well as on social networks, subject to written notification from the Client informing Secureleap that they wish to withdraw this authorization.

15. AGREEMENT ON EVIDENCE

The use of the Services by the Client is deemed to be evidence of use and compliance with the documentation and the Agreement and this clause is deemed to be an agreement of proof within the meaning of article 368 of the Portuguese Civil Code.
If any dispute arises concerning the use of the Services, the parties expressly agree that all technical information concerning the Client, in particular recordings and statistics, will be retained and filed by Secureleap for evidentiary purposes.

16. EXPIRY OF THE AGREEMENT - REVERSIBILITY

16.1. This Agreement is in force until the date specified herein, unless otherwise specified in the Specific Terms and Conditions. Unless otherwise provided in Section 16.2, each Party may terminate this Agreement thirty (30) days after formal notice sent by registered letter with acknowledgement of receipt to the other Party in case of breach by said Party of a provision herein, describing precisely the grievance(s) and the provision of the Agreement concerned, whereby the formal requirements for such termination comply with the conditions detailed in article 4 of this Agreement if such termination takes place during the initial term of the Agreement, as detailed in the Specific Terms and Conditions.

16.2. As an exception to the notice period set forth in Section 16.1, Secureleap reserves the right to suspend or terminate this Agreement without prior notice if one of the following three events occurs: (1) if the Client fails to comply with any of its material obligations under this Agreement, (2) if Secureleap is informed that the Services are being used for unlawful purposes, contrary to public order or morality, or (3) if the Client is in one of the following situations: receivership or liquidation, change of ownership or principal shareholder, merger resulting in a change of control.

16.3. In the event of non-payment of an overdue invoice from Secureleap and fifteen (15) days after sending a written notice of any kind (regular mail, registered letter with electronic acknowledgement of receipt) without effect, Secureleap will be able to suspend access to all or part of the Services without further notice, at its discretion, or to terminate immediately the Agreement ipso jure. For avoidance of doubt, this specific procedure for non-payment supersedes the dispute resolution process described in Section 18 of this Agreement, which does not apply to non-payment cases. In the event of early termination of the Agreement, the Client must pay all sums due for the current contractual period, which become immediately payable in full. In the event of termination of the Agreement, the Client undertakes to return to Secureleap without delay all elements in their possession which belong to Secureleap, and not to retain any copy of such items, in whole or in part, failing which they will be liable to legal action. For clarity, termination of this Agreement by the Client for any reason other than a material breach by Secureleap shall trigger the immediate payment of all remaining monthly installments through the end of the committed annual term. This accelerated payment obligation applies regardless of the stage of service delivery and reflects the contractual commitment made by the Client when entering into this Agreement.

16.4. Following the end of the Agreement and upon request in writing from the Client, Secureleap shall, within a maximum period of fifteen working days following the expiration of the Agreement for any reason whatsoever, either return all of the Client's data in their possession as a result of the enforcement of the Agreement in a standard format, or destroy them and attest to the Client that they have been destroyed, according to the Client's explicit instructions in its written request. Such return or destruction shall remain subject to and within the limits of the statutory and regulatory conservation obligations imposed on Secureleap. In the absence of specific instructions from the Client, Secureleap shall return the data in a standard format. The Client agrees to cooperate actively with Secureleap in order to assist in the recovery of data and information. Any additional or extended reversibility operation beyond that described above shall be subject to prior quotation at Secureleap's rates in effect on the date of the request.

17. MISCELLANEOUS

17.1. The Agreement comprises all of the contracts entered into between the Parties and replaces any other agreements or arrangements whatsoever, whether written or verbal, relating to the purpose of the Agreement, which may have been entered into between the Parties prior to the date thereof. By subscribing to the Agreement, the Client fully agrees to be bound by its provisions.

17.2. The party liable for an obligation arising from this Agreement shall not be in breach of such obligation if non-performance results from a case of force majeure. By express agreement, cases of force majeure include natural disasters, general or partial strikes or lockouts, epidemics, shortages or disruptions of ordinary means of transport, shortages of raw materials or components, fire, storms, earthquakes, flooding, water damage or other damage which affects the performance of the Agreement, Government or legal restrictions, and more generally, any situation beyond the control of the party affected such as to prevent the party from performing its obligation under the conditions provided for, within the meaning of Portuguese case law. If such a situation of force majeure is of a temporary nature, the execution will be suspended for as long as the performance of the obligation concerned is delayed, in which case the delay shall be tolerated. If the situation of force majeure or the delay continues beyond a period of ninety (90) days, either party may terminate it at its discretion, with no obligation to indemnify or compensate the other party. Any delay resulting in whole or in part from (a)- the total or partial interruption of telecommunications networks, as well as (b)- the failure or fault of Secureleap contractors such as suppliers or subcontractors shall be excused, as the Client acknowledges and accepts without recourse against Secureleap, and without this list being limitative.

17.3. All documentation provided by the Client to Secureleap, such as, in particular, expressions of needs, studies, specifications, are devoid of any contractual character, even if Secureleap has responded to same, and do not fall within the scope of the Agreement, the aim of which is to deliver the Services under the conditions mentioned above, to be evaluated by the Client so as to ensure that they comply with their needs.

17.4. Unless Secureleap grants prior written consent, the Client may not assign all or part of this Agreement or otherwise make the Services available to any other party, even on a temporary basis, and regardless of the type of operation performed. In case of corporate reorganization, merger, or acquisition of the Client, Secureleap shall not unreasonably withhold such consent.

17.5. All or part of the work which is the subject of this Agreement may be subcontracted by Secureleap provided that: (i) Secureleap remains in charge of the proper execution of the Agreement with respect to the Client; (ii) the named subcontractor is aware of and accepts the obligations incumbent upon Secureleap hereunder; and (iii) such subcontracting does not materially affect the quality of Services or the security of Client data. A complete list of Secureleap's subcontractors is available upon written request to [email protected].

17.6. All claims and/or disputes by the Client against Secureleap must be lodged in writing no later than 12 (twelve) months from the date of their occurrence, subject to forfeiture. The written claim and/or dispute must in particular include a breakdown of the services, the amounts, etc. under dispute along with the underlying causes for the complaint.

17.7. Should one or more clauses of the Agreement be regarded as void or declared as such by applicable laws or regulations or following a legal decision that has become permanent, such clause(s) will be removed without rendering the remainder of the Agreement invalid, while all its other clauses shall remain fully applicable. Failure of either Party to enforce any provision of this Agreement or to accept any breach thereof, whether permanent or temporary, shall not be construed as a waiver of any such provision nor prevent such party from enforcing any of its rights.

18. DISPUTE SETTLEMENT PROCESS

The Agreement shall be governed by the laws of Portugal. If any dispute arises out of the interpretation and/or execution of the Agreement, excluding cases of non-payment (which shall be handled in accordance with Section 16.3), entitling the parties to bring the matter directly before the Court of competent jurisdiction, each party agrees to attempt to settle the dispute amicably within a period of one (1) month, with the more diligent party describing the grievance or grievances and the relevant contractual provisions deemed to have been breached and summoning the other by registered letter with acknowledgement of receipt to attend a meeting to be held at Secureleap's head office or by videoconference, no later than five working days after the event. Failure to reach an amicable settlement will result in the dispute being subject to the exclusive jurisdiction of the Lisbon Courts, notwithstanding any third-party claims or multiple defendants, even for emergency or protective measures

Service-Specific Terms

These Service-Specific Terms are to be read in conjunction with the main Terms and Conditions and form an integral part of the Agreement between Secureleap and the Client.

1. COMPLIANCE PLATFORM

The Compliance Platform is Secureleap's SaaS compliance management solution that seamlessly integrates with organizations of any size, providing the Client access to a comprehensive suite of compliance tools. These tools collectively enable the Client to maintain regulatory adherence, automate compliance workflows, and protect against compliance risks. The Compliance Platform grants the Client's Users a License to access a complete 360° view of the Client's compliance posture at any time, facilitating continuous monitoring, documentation, and reporting of compliance activities across multiple frameworks and standards.

2. CONSULTANCY SERVICES

Secureleap will remotely provide the Client advice and support covering information security topics, including, without limitation, frameworks such as ISO 27001, SOC2, NIST, CIS, ISO22301 and General Data Protection Regulation (GDPR). Where specified, Secureleap will assist the Client to work toward improvement of its business performance in terms of operations, management, structure and/or strategy regarding cybersecurity and/or GDPR compliance.

4. ISO 27001 SERVICES

4.1. ISO 27001 Gap Analysis

Secureleap will provide an experienced ISO 27001 consultant to undertake a Gap Analysis against, as appropriate, the version of the ISO 27001 standard requested by the Client in accordance with the agreed scope. The output of the gap analysis will be a report detailing the current level of compliance to each of the requirements of ISO 27001 with recommendations on what needs to be done to achieve compliance. During the Gap Analysis, which will be conducted via a series of online interviews with key stakeholders, the Client will be required to provide documents, e.g., policies and procedures that are currently in place for assessment.

4.2. ISO 27001 Implementation

Secureleap will provide an experienced ISO 27001 implementer to deliver an ISO 27001 implementation project to enable the Client's readiness for certification by an external accredited certification body. The implementation service, which will be delivered remotely, will include training of all staff on the Information Security Management System the consultant is implementing and preparation of all required documentation. The Client will be required to play an active part in the implementation through interviews and workshops.

4.3. ISO 27001 Internal Audit

Secureleap will provide an experienced ISO 27001 auditor to conduct an internal audit against the agreed requirements and scope of the Information Security Management System. The output of the internal audit will be a report, written in accordance with the requirements of the ISO 27001 standard that will outline any non-conformities and opportunities for improvement. During the audit, which will be conducted remotely, the Client will need to provide access to key staff, documentation and evidence to support the audit.

5. PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) CONSULTANCY

Secureleap will provide an experienced information security consultant to provide a range of PCI DSS consultancy services to ensure the Client has implemented all the necessary policies, procedures and technical controls to achieve PCI DSS certification. Where available, the Client will be required to provide an asset inventory for systems in scope for PCI along with a network diagram and data flow diagram along with any other relevant supporting policies, procedures and documentation.

6. SERVICE ORGANISATION CONTROL (SOC) 2

Secureleap will provide an experienced information security consultant to provide a range of SOC2 consultancy services to assist the Client in the implementation of all necessary policies, procedures and technical controls in preparation for an audit by a Certified Public Accountant (CPA).

7. TRAINING

Secureleap will provide a range of standard training courses covering cybersecurity awareness. These can be delivered through the Compliance Platform with a range of videos and associated exams which, along with built-in reporting, allows the Client to track that staff have watched the videos and completed their exams. Other delivery methods include virtual training using video conferencing tools.

8. PENETRATION TESTING

Secureleap will perform penetration testing that evaluates the Client's systems to validate and exploit known vulnerabilities by assessing critical external and/or internal assets and/or APIs and/or web applications and/or mobile applications and/or cloud infrastructure and/or wireless infrastructure using experienced penetration testers to determine if the Client's organisation is susceptible to attacks. Secureleap will provide a report in downloadable versions within 5 working days of completion of a test.

8.1. Definitions

"Test Start Time" means the provisional or definitive date and time listed in the Specific Terms and Conditions (or otherwise later expressly agreed by the parties in writing) that determines when the Services will commence.

8.2. Client Obligations

• To notify Secureleap in writing of any necessary further scope details at least five working days prior to the start of the Penetration Tests for efficient scheduling of necessary resources and time.
• Where the Client fails to submit the necessary scope details, Secureleap shall reschedule the Penetration Test and the Client shall be liable for any charges.
• The Client and Secureleap will agree dates promptly after the Commencement Date or as set forth in the Specific Terms and Conditions for Secureleap to deliver the Services within 12 months of the execution of the Agreement and, where the Client fails to agree dates for the Services through no fault of Secureleap, the Client will forfeit their right to the Services for the relevant 12-month period and, for the avoidance of doubt, no refund or waiver of Fees or related costs, all owed upon execution of the Agreement, will be issued by Secureleap.
• The Client acknowledges that the Service will be provided remotely. The Client acknowledges that a Penetration Test is a snapshot in time and that it is limited to the actions set out on the Specific Terms and Conditions (which actions may be agreed in an incorporated scope Annex document).
• The Client shall comply with any rules imposed by any third party whose content or services are accessed via the Services.
• The Client shall inform Secureleap forthwith if any of the Services are subject to interference or malfunction.
• The Client, prior to Penetration Tests, must proactively and appropriately backup all critical data from its Systems that will form part of the Penetration Tests.

8.3. Financial Obligation for Premium Tier Clients

For Clients subscribed to the Premium tier, Annual Penetration Testing services are included in their monthly installment payments. If the Client terminates the Agreement after a penetration test has been scheduled but before its completion, the Client remains responsible for all remaining monthly installments through the end of the annual term, as these installments collectively cover the cost of the penetration testing services that Secureleap has already committed resources to perform.

8.4. Authorization and Liability for Penetration Testing

By requesting Penetration Testing services, the Client:

• Authorizes Secureleap to attempt to penetrate and test the Client's systems as specified in the scope;
• Confirms it has full legal authority to permit such testing on all systems in scope, including necessary consents from any third parties whose systems may be affected;
• Acknowledges that penetration testing may cause temporary service disruptions or performance degradation;
• Agrees that Secureleap shall not be liable for temporary disruptions, discovery of pre-existing vulnerabilities, or business interruption resulting from properly conducted testing activities;
• Agrees to defend, indemnify and hold harmless Secureleap from any claims, damages, or liabilities arising from authorized testing activities, including third-party claims alleging unauthorized access or system interference;
• Will promptly notify Secureleap if any critical systems become unavailable during testing or if any third party raises concerns about the testing activities.

Secureleap may pause or terminate testing if continuing would cause significant harm to systems or if legal concerns arise.

9. VIRTUAL CHIEF INFORMATION SECURITY OFFICER (VCISO)

Secureleap will provide a remote managed service that includes an experienced Information Security Consultant to build and implement information security strategy for the Client. The service may require an initial health check to establish the current security posture of the Client's organisation and enable Secureleap's Consultant to build a strategy. This Service can also provide support to manage existing security frameworks such as SOC2 and ISO 27001.

9.1. Secureleap Obligations

• Secureleap will provide regular updates to the Client where reasonably requested;
• Secureleap will provide regular (at least monthly, at Secureleap's discretion) updates on the progress of the implementation of the agreed security strategy;
• Secureleap will only amend any agreed strategy with the written agreement of the Client; and
• Secureleap will work with third party suppliers of the Client where reasonably requested (e.g., outsourced IT providers).

9.2. Client Obligations

The Client will notify Secureleap's designated VCISO of changes to the Client's business including, interpreted broadly:
• Structural/organisation changes e.g., acquisitions, sales;
• Critical role and responsibility changes;
• Key Client supplier changes that may impact on information security;
• New Client supplier onboarding that may impact information security;
• New software/solutions/hardware/cloud services that are planned; and
• Key personnel changes.

The Client will notify the VCISO of any security incidents or data breaches of which it becomes aware. The Client will notify the VCISO of any Client regulatory, legislative and/or contractual requirements. The Client will, when raising a request for assistance from its VCISO, ensure that [email protected] is copied on all messages.

9.3. Service Tier Commitments

The VCISO Services are offered in multiple tiers (Essential, Professional, and Premium) with varying included features. The Essential tier includes annual compliance platform license access, while the Premium tier includes additional annual Penetration Testing and External Audit services. Regardless of which tier is selected, the Client's commitment to the full annual service period is required despite the monthly payment structure.

Due to the upfront allocation of resources and procurement of third-party services and licenses on the Client's behalf, if the Client terminates the service before the completion of the annual term for any reason other than a material breach by Secureleap, all remaining monthly payments for the current annual term shall immediately become due and payable as liquidated damages. This accelerated payment obligation applies to all tiers and reflects the contractual commitment made by the Client when entering into this Agreement.

10. EXTERNAL AUDIT

10.1. Scope and Purpose

Secureleap will, upon the Client's request and as specified in the Specific Terms and Conditions, coordinate external audit services to assess the Client's compliance with relevant industry standards, regulations, or frameworks. External audits may be performed for certification purposes or to provide independent validation of compliance status.

10.2. Audit Coordination

Secureleap will assist the Client in engaging with qualified, independent, and accredited third-party auditors appropriate to the relevant standard or regulation. These auditors will be selected based on their credentials, industry recognition, and expertise in the specific standards being audited.

10.3. Pre-Audit Assessment

Prior to an external audit, Secureleap may conduct a pre-audit assessment to evaluate the Client's readiness and identify any areas requiring remediation before the formal audit process. This service aims to maximize the likelihood of a successful audit outcome.

10.4. Audit Support

During the external audit process, Secureleap will:
• Act as a liaison between the Client and the external auditors
• Assist in preparing and organizing documentation required by auditors
• Provide guidance on addressing auditor questions and requests
• Support the Client during audit interviews and assessments
• Help interpret audit findings and recommendations

10.5. Post-Audit Remediation

Following the external audit, Secureleap may assist the Client in:
• Analyzing audit findings and non-conformities
• Developing remediation plans to address identified issues
• Implementing necessary corrective actions
• Coordinating follow-up assessments or audits as required

10.6. Client Obligations

In relation to external audit services, the Client shall:
• Provide timely access to all information, systems, facilities, and personnel necessary for the audit
• Assign appropriate internal resources to support the audit process
• Promptly address and implement required remediation activities
• Maintain accurate and complete records of all audit-related activities
• Cooperate fully with both Secureleap and the external auditors throughout the process

10.7. Financial Obligation for Premium Tier Clients

For Clients subscribed to the Premium tier, Annual External Audit services are included in their monthly installment payments. If the Client terminates the Agreement after an audit has been scheduled but before its completion, the Client remains responsible for all remaining monthly installments through the end of the annual term, as these installments collectively cover the cost of the audit that Secureleap has already committed to with third-party auditors.

If the Client cancels or reschedules a confirmed External Audit with less than thirty (30) days' notice, the Client shall be responsible for any cancellation or rescheduling fees imposed by the third-party auditor, in addition to any administrative fees charged by Secureleap, which shall not exceed 15% of the audit cost.

10.8. Limitations

Secureleap does not guarantee successful certification or audit outcomes, as these depend on the Client's actual compliance status and the independent judgment of the external auditors. Secureleap's role is to provide expertise, guidance, and support throughout the audit process to maximize the potential for a successful outcome.

• Home
• Solutions
• About Us
• Case Studies
• Pricing
• Contact