Terms and Conditions
Last updated: 16 December 2025
These Terms & Conditions (“Terms”) govern:
1. your access to and use of the Vexro website; and
2. the supply of services by Vexro to you.
By using our website, submitting an enquiry, accepting a quote, paying an invoice, or instructing us to commence work, you agree to these Terms.
1. Provider details
Business name: Vexro
ABN: 71 928 430 941
Address: 465 Morphett Street, Adelaide SA 5000, Australia
Email: security@vexro.com.au
2. Definitions and interpretation
ACL means the Australian Consumer Law in Schedule 2 of the Competition and Consumer Act 2010.- Client means the person or entity purchasing services from Vexro.
- Deliverables means reports, documentation, configurations, files, website builds, or other outputs Vexro agrees to provide.
- Fees means charges payable for Services as set out in a Quote or Invoice.
- Quote means a written quote, proposal, statement of work, or scope confirmation issued by Vexro.
- Services means services Vexro provides, including security auditing, attack surface mapping, workspace setup, website builds, governance/compliance support, support, and Vexro Overwatch.
- Third-Party Services means any platforms or services not owned or controlled by Vexro (including Webflow, Google Workspace, Microsoft 365, domain registrars, DNS providers, hosting providers, Cloudflare, monitoring tools, and email delivery services).
3. Use of our website
You must not:
- attempt unauthorised access to the website or any system connected to it;
- introduce malware or conduct scanning, probing, or interference with the website;
- scrape, copy, or reuse content in a way that infringes intellectual property rights; or
- use the website in any way that is unlawful or causes harm
Website content is general information only and not legal, financial, or security advice.
4. Quotes, acceptance, and engagement formation
All work is performed to the scope described in the Quote (including any assumptions, exclusions, and dependencies).
A Quote is accepted when you:
- confirm acceptance in writing (including email); or
- pay a deposit or invoice; or
- instruct us to commence work.
If you engage us on behalf of a business, you warrant you have authority to bind that business.
If there is any inconsistency between these Terms and a Quote/Proposal, the Quote/Proposal will prevail to the extent of the inconsistency. If multiple Quotes/Proposals apply, the most recent accepted Quote/Proposal prevails. Any special terms agreed in writing override these Terms for that engagement only.
5. Our service approach
We will provide Services with due care and skill expected of a competent provider in the circumstances.
Security and compliance work reduces risk; it does not eliminate risk. We do not guarantee that vulnerabilities will not exist, that incidents will not occur, or that any specific commercial outcome will be achieved.
Audit findings and reports reflect conditions observed during the engagement window. Systems, providers, and exposure can change without notice.
6. Client responsibilities
- provide accurate and complete information;
- provide timely approvals and decisions;
- provide required access (accounts, roles, DNS, admin permissions) and ensure that access is lawful and authorised;
- maintain backups unless we expressly agree otherwise in writing;
- ensure you hold appropriate licences/subscriptions for Third-Party Services;
- notify us before making significant changes that may affect the Service (especially for Vexro Overwatch); and
- ensure your users/staff follow reasonable security practices (e.g., MFA where available).
7. Variations and out-of-scope work
- decline the request; or
- provide a variation estimate/quote and proceed only once approved in writing.
8. Security testing and authorisation boundaries
If Services involve scanning, verifying configurations, assessing exposure, or making changes to systems, you warrant you own or control those systems or have written authority to permit the work.
Unless expressly agreed in writing, we will not perform:
- denial-of-service testing;
- brute forcing or credential guessing;
- exploitation beyond what is necessary to validate a finding; or
- actions intended to persist access.
We will not assess or interfere with systems we reasonably believe belong to third parties unless you provide clear written proof of authority and the scope is explicitly agreed.
9. Website builds and web services
Where your website is built or maintained on Webflow or another platform, the platform is a Third-Party Service. Platform outages, feature changes, pricing changes, or limitations are outside our control.
You are responsible for ensuring any content you provide (text, logos, images, video, testimonials) is accurate and that you have rights to use it. You indemnify us against claims that your content infringes third-party rights.
We will not publish major changes or go-live without your approval unless you have given us explicit written permission to proceed.
Where within scope, we may implement practical hardening such as secure configuration guidance, form handling best practices, and spoofing-resistance checks (e.g., SPF/DKIM/DMARC). These measures reduce risk but do not guarantee protection against all attacks.
Any SEO/performance improvements are best-effort and depend on many factors (competition, content quality, platform behaviour). No rankings are guaranteed.
Vexro will remedy defects in Deliverables reported within a limited period after delivery.
- We will correct defects that are directly attributable to our work and reproducible in the agreed environment.
- The defects period is 7 days from delivery/go-live (or another period stated in the Quote).
- This does not cover changes made by you/third parties, platform updates, new requirements, or content changes.
- Remedial work outside this clause is a Variation.
Where the website is built in third party software, the project will be transferred to the Client’s software account (or otherwise handed over) once all invoices are paid. Until payment is made in full, Vexro may retain control of the project, publishing, or access as a security and payment measure. Third-party assets (templates, fonts, plugins, libraries) remain subject to their own licences. If the Client requests Vexro to hold the project long-term, this must be agreed in writing.
Content and design changes after go-live are not included unless expressly included in the Quote or Overwatch/support scope. Requests outside scope are handled as Variations.
10. Workspace setup and management (Google/Microsoft)
Where we configure Google Workspace or Microsoft environments, you must provide appropriate admin access, preferably via dedicated admin accounts, and you remain responsible for maintaining access security.
Security outcomes depend on ongoing user behaviour, admin practices, and policy enforcement. We can configure controls; we cannot guarantee user compliance.
11. Governance & compliance support
12. Vexro Overwatch (subscription monitoring)
Vexro Overwatch is a subscription service providing continuous external monitoring and oversight for agreed assets (typically your website and selected public-facing components).
Monitoring runs continuously. Alerts may be generated at any time. Response is provided within the response windows agreed with you (or otherwise on a reasonable best-effort basis). Overwatch is not a full managed SOC, threat hunting service, or guarantee of incident prevention.
Depending on scope, Overwatch may include:
- website availability/uptime checks;
- SSL certificate status and expiry monitoring;
- domain/DNS change detection;
- basic drift checks on agreed public configuration signals.
Overwatch does not include:
- guaranteed real-time incident response;
- monitoring of all internal systems/networks;
- full vulnerability scanning of all assets;
- remediation of third-party platform outages; or
- unlimited development work/feature changes.
You must:
- keep contact details current for alerts/escalations;
- notify us before planned changes (DNS, site migrations, vendor changes);
- maintain access as required; and
- ensure other vendors do not override agreed configurations without your awareness.
If you or your vendors change configuration, DNS, hosting, or access controls, Overwatch reliability may be affected. We are not liable for issues caused by unauthorised or undisclosed changes.
Overwatch may include minor fixes where within scope. Larger remediation, rebuilds, investigations, or development work may be billed separately.
We may suspend Overwatch if invoices are overdue or if continuing the service would be unsafe or unlawful.
- We may use subcontractors and Third-Party Services to deliver Services, provided we remain responsible for the Services as agreed.
- Any subcontractors engaged by us will be subject to confidentiality obligations at least equivalent to those in these Terms.
- The Client acknowledges that monitoring and operational tooling may generate logs, alerts, and records as part of service delivery.
Alerts are sent to nominated contacts and handled based on severity and agreed response windows.
- You must nominate at least one primary and one backup contact for alerts.
- Alerts are delivered via email (and other methods only if agreed in writing).
- If we cannot reach your contacts after reasonable attempts, we may pause remediation actions until contact is made (unless you have pre-authorised actions in writing).
- We may keep an incident log for audit and service improvement purposes.
13. Fees, invoices, and payment
Fees are in AUD unless stated otherwise.
If GST applies, it will be added to the invoice in accordance with law.
Unless stated otherwise, invoices are payable within 7 days.
Subscriptions (including Overwatch) are billed monthly in advance unless otherwise agreed.
If payment is late, we may suspend Services and recover reasonable costs associated with late payment.
Overdue amounts may incur interest and reasonable recovery costs.
- We may charge interest on overdue amounts at a reasonable rate permitted by law, calculated daily.
- You must reimburse reasonable debt recovery costs incurred due to non-payment, including collection and legal costs.
If Services are suspended for non-payment, reinstatement may require additional work to restore access, reconfigure monitoring, or revalidate settings. We may charge a reasonable reactivation fee or bill time at standard rates for reinstatement tasks. Any service gaps during suspension are not the responsibility of Vexro. Subscription billing may continue until cancellation takes effect under these Terms.
14. Cancellations and refunds
We do not provide refunds for change of mind once work has commenced, except where required by law.
You may cancel Overwatch by giving 30 days’ written notice. Cancellation takes effect at the end of the current billing period unless otherwise agreed.
Nothing in these Terms limits your rights under the ACL. Under the ACL, services come with guarantees that cannot be excluded. For major failures, you may be entitled to cancel and obtain a refund for the unused portion and/or compensation for the reduced value.
15. Third-Party Services, domains, and hosting
We are not responsible for failures, outages, security incidents, pricing changes, or limitations of Third-Party Services.
Where possible, domains should be registered in the Client’s name and under the Client’s account. If we assist, you remain responsible for renewals unless you separately engage us for management.
- We may use subcontractors and Third-Party Services to deliver Services, provided we remain responsible for the Services as agreed.
- Any subcontractors engaged by us will be subject to confidentiality obligations at least equivalent to those in these Terms.
- The Client acknowledges that monitoring and operational tooling may generate logs, alerts, and records as part of service delivery.
16. Confidentiality
Each party must keep the other’s confidential information confidential and use it only to perform obligations under these Terms.
Confidentiality does not apply to information that is public (not through breach), already known lawfully, independently developed, or required to be disclosed by law or a regulator.
17. Privacy
We handle personal information in accordance with our Privacy Policy and applicable Australian privacy laws, including the Privacy Act and APP framework where applicable.
18. Data handling and access credentials
If you provide credentials or access, you authorise us to use that access solely for service delivery. We recommend least-privilege and dedicated accounts.
We take reasonable precautions, but you acknowledge that providing access creates inherent risk and you remain responsible for your credential hygiene and internal access management.
On request and where practical, we will return or delete Client data in our control, subject to legal retention requirements and reasonable backup limitations.
19. Notifiable data breaches
Where we become aware of a personal information breach involving information we hold, we will take reasonable steps to contain and assess it and comply with any notification obligations that apply to us under the Notifiable Data Breaches scheme.
20. Intellectual property
Each party retains ownership of its pre-existing intellectual property.
On full payment, you are granted a licence to use Deliverables for your internal business purposes, unless the Quote states otherwise.
We may reuse general know-how, frameworks, checklists, templates, and non-Client-specific components developed during engagements, provided we do not disclose your confidential information.
We will not use your name/logo/case study publicly without your written permission.
21. Warranties and disclaimers
We warrant that we will provide Services with due care and skill.
We do not warrant that any system will be free from vulnerabilities or immune to attack.
Governance/compliance support is operational guidance only and is not legal advice.
22. Limitation of liability
Nothing in these Terms excludes or limits any right or remedy that cannot be excluded under the ACL.
To the maximum extent permitted by law, we are not liable for indirect or consequential loss (including loss of profit, revenue, goodwill, or business interruption).
To the maximum extent permitted by law, our total aggregate liability arising out of or relating to the Services is limited to the total Fees paid by you to Vexro for the relevant Services during the 3 months immediately preceding the event giving rise to the claim, unless we agree otherwise in writing.
You acknowledge the Fees reflect the allocation of risk in these Terms.
23. Client indemnity
You indemnify us for claims, losses, and liabilities arising from:
- your breach of these Terms;
- unauthorised instructions or lack of authority to permit work;
- your content or data infringing third-party rights; or
- your unlawful use of Deliverables;
- except to the extent caused by our negligence or breach.
24. Marketing and communications
If we send commercial electronic messages, we will comply with applicable Australian spam rules, including providing a functional unsubscribe method and actioning opt-outs within required timeframes.
25. Suspension, refusal, and safety
We may suspend or refuse Services if:
- invoices are overdue;
- you request unlawful or unsafe activity;
- continuing would expose us or others to material risk; or
- you fail to provide required access/approvals.
26. Disputes
If a dispute arises, the parties must first attempt to resolve it in good faith by written notice and discussion. If unresolved, either party may propose mediation in South Australia before commencing court proceedings, except where urgent injunctive relief is required.
27. Termination
Either party may terminate if the other materially breaches these Terms and does not remedy the breach within 10 business days of written notice.
On termination:
- you must pay for work performed up to termination;
- subscriptions may end at the close of the billing period (unless terminated for breach); and
- licences to Deliverables apply only once Fees are paid in full.
You may cancel a one-off project by written notice. If you cancel after work has commenced, you must pay for work performed up to the cancellation date, plus any non-recoverable third-party costs or commitments made for your project. Any deposits may be applied against work completed. Where practicable, we will provide a partial handover of completed Deliverables once amounts due are paid.
We may terminate an engagement on reasonable written notice where continuing is impractical due to lack of cooperation, loss of access, safety concerns, or other operational reasons. In that case, you must pay for Services performed up to termination. We will provide a reasonable handover of completed Deliverables subject to payment and lawful limitations. This does not limit our right to terminate immediately for breach under Section 27.1.
28. Changes to these Terms
We may update these Terms from time to time by publishing the updated version on our website. Updated Terms apply to new engagements and, where lawful, ongoing subscriptions after notice.
29. Governing law
These Terms are governed by the laws of South Australia, Australia, and the parties submit to the exclusive jurisdiction of the courts of South Australia.
30. Severability
If any part of these Terms is unenforceable, it will be read down or severed to the minimum extent required, and the remainder will remain in force.
31. Force majeure
Neither party will be liable for failure or delay in performing obligations where caused by events beyond reasonable control, including outages of Third-Party Services, internet/provider failures, natural disasters, war, industrial action, or government actions. The affected party must take reasonable steps to mitigate the impact and resume performance as soon as practicable. If the event continues for a prolonged period, either party may terminate the affected Services by written notice. Fees for Services already performed remain payable.
32. Notices
Formal notices must be given in writing and sent to security@vexro.com.au (and to the Client’s nominated email). A notice is deemed received when acknowledged, or otherwise within a reasonable delivery time.
33. Assignment
You must not assign, novate, or transfer any rights or obligations under these Terms without our prior written consent. We may assign or subcontract our obligations where required to deliver Services, including to subcontractors, provided this does not reduce your non-excludable rights. Any attempted assignment in breach of this clause is void.
34. No waiver
A failure or delay by either party to exercise a right or remedy is not a waiver of that right or remedy. A waiver must be in writing and signed by the waiving party. A waiver of one breach does not waive any subsequent breach.
35. Survival
Sections dealing with confidentiality, privacy, IP, liability limits, unpaid fees, dispute resolution, and any clauses intended to survive will continue after termination.
36. Entire agreement
These Terms together with the accepted Quote/Proposal constitute the entire agreement between the parties in relation to the Services, and supersede prior representations and communications. Each party acknowledges it has not relied on statements not expressly set out in these documents. If there is inconsistency, the order of precedence in Section 4.4 applies.
.svg)