Terms of Service

These Terms of Service (“Terms”) govern your use of the CyberStance website at cyberstance.com.au and the CyberStance Assessment Report service (“the Service”) operated by CyberStance (ABN 84 900 814 783) (“CyberStance”, “we”, “us”, “our”).

By accessing our website or purchasing the Service, you (“you”, “your”, “the Customer”) agree to be bound by these Terms. If you do not agree, do not use the Service.

If you are accessing or using the Service on behalf of a business or organisation, you represent that you have authority to bind that entity to these Terms.

CyberStance provides an automated, self-reported cyber security posture assessment for Australian small and medium businesses. The Service consists of an online questionnaire, a scoring engine, and a branded PDF report (“the Report”) containing prioritised recommendations aligned to the ACSC Essential Eight framework.

This section is fundamental to understanding the Service and the basis on which it is provided.

The Report is generated entirely from the answers you provide through the questionnaire. CyberStance does not independently verify, audit, or test the accuracy of your responses.

You acknowledge that:

• The quality and accuracy of the Report depends on the quality and accuracy of your answers.
• If you provide incomplete, inaccurate, or outdated information, the Report may not reflect your actual cyber security posture.
• Platform and licence tier identification is based on your self-reported selections. CyberStance does not access your systems to verify which platforms or plans you use.
• Answering “Not sure” to a question is scored as a partial risk. This is a reasonable default, but may not accurately reflect your actual security position.

CyberStance does not guarantee, warrant, or represent that:

• Following the recommendations in your Report will prevent any cyber security incident, data breach, ransomware attack, phishing attack, unauthorised access, data loss, or any other security event.
• Your business is or will become secure as a result of using the Service.
• The recommendations in your Report are exhaustive or address every risk applicable to your business.
• The technical steps provided are current at the time you or your IT provider implement them, as vendor platforms (including Microsoft 365, Google Workspace, Xero, MYOB, and Slack) may change their interfaces, features, or settings at any time.

Cyber security risk can never be fully eliminated. The threat landscape changes continuously, and new vulnerabilities, attack methods, and risks emerge regularly. The Report represents a point-in-time assessment based on self-reported information and should be treated accordingly.

To the maximum extent permitted by Australian law:

(a) CyberStance, its directors, employees, contractors, and agents are not liable for any direct, indirect, incidental, special, consequential, or punitive damages arising from or related to:

• Any cyber security incident, data breach, ransomware attack, phishing attack, business email compromise, unauthorised access, data loss, system downtime, or any other security event affecting your business, whether or not you have used the Service, and regardless of whether you followed the recommendations in your Report.
• Any loss of revenue, profit, data, business, contracts, goodwill, or anticipated savings.
• Any cost of procuring substitute services, remediation services, forensic investigation, legal advice, regulatory fines, customer notification, or credit monitoring arising from a security incident.
• Any decision made, or action taken or not taken, in reliance on the Report or any recommendation within it.
• Any delay, interruption, or failure in the delivery of the Report.
• Any inaccuracy in the Report resulting from inaccurate, incomplete, or outdated information provided by you.
• Any changes to third-party platforms (including Microsoft 365, Google Workspace, Xero, MYOB, or Slack) that affect the accuracy of technical steps in the Report after it is generated.

(b) If, despite the above, CyberStance is found liable for any claim, our total aggregate liability to you for all claims arising from or related to the Service is limited to the amount you paid for the Report (currently $159 AUD inclusive of GST).

(c) Nothing in these Terms excludes or limits liability that cannot be excluded or limited under Australian Consumer Law, including the consumer guarantees under the Competition and Consumer Act 2010 (Cth). Where those guarantees apply, CyberStance’s liability is limited, to the extent permitted by law, to re-supplying the Service or refunding the price paid.

You agree to indemnify and hold harmless CyberStance, its directors, employees, contractors, and agents from and against any claims, losses, damages, liabilities, costs, and expenses (including reasonable legal fees) arising from or related to:

• Your use of the Service or the Report.
• Any inaccuracy in the information you provided through the questionnaire.
• Any third party’s reliance on your Report (for example, if you share it with an IT provider, insurer, or business partner).
• Your failure to implement recommendations in the Report, or your implementation of recommendations in a manner not consistent with the Report.
• Any breach of these Terms by you.

After completing the questionnaire and payment, your Report will be generated and delivered to your nominated email address with a secure download link.

• Reports are reviewed before delivery. Typical delivery time is within 24 hours of payment, though we do not guarantee a specific delivery timeframe.
• Download links expire after 72 hours. If your link expires, contact support@cyberstance.com.au for re-delivery.
• You must verify your email address to download the Report. This is a security measure to prevent unauthorised access to your Report.
• You are responsible for storing your Report securely once downloaded. CyberStance is not responsible for unauthorised access to your Report after you download it.

• The Service is a one-off payment of $159 AUD inclusive of GST.
• Payment is processed securely by Stripe. Your credit card details are entered on Stripe’s hosted checkout page and never touch CyberStance systems.
• We reserve the right to change our pricing at any time. Price changes do not affect assessments already paid for.
• A tax receipt (including GST) will be issued by Stripe at the time of payment. Our ABN 84 900 814 783 will appear on the receipt.

• If you have completed the questionnaire and your Report has been generated, no refund is available — the Service has been fully delivered.
• If your Report has not yet been generated and you wish to cancel, contact support@cyberstance.com.au and we will assess your request on a case-by-case basis.
• If there is a material error in the Report caused by a defect in our system (not by inaccurate information you provided), we will either correct and re-deliver the Report or issue a full refund at our discretion.

Nothing in this clause limits any rights you may have under the Australian Consumer Law that cannot lawfully be excluded.

• The Report is provided for your internal business use only.
• You may share your Report with your IT provider, managed service provider, or other professional advisors engaged to assist your business.
• You may not resell, redistribute, publicly publish, or commercially exploit the Report or any part of it.
• All CyberStance branding, content, scoring methodology, report templates, and website content remain the intellectual property of CyberStance.
• You must not represent the Report as a certification, audit, compliance assessment, or independent third-party security assurance.

When using the Service, you agree to:

• Provide accurate and honest answers to the questionnaire to the best of your knowledge.
• Use a valid email address that you have authority to access.
• Not use the Service for any unlawful purpose.
• Not attempt to reverse-engineer the scoring engine or methodology.
• Not share your download link with unauthorised third parties.
• Not use automated tools (including bots or scrapers) to interact with the Service.

To the maximum extent permitted by law, the Service is provided “as is” and “as available” without warranties of any kind, whether express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

CyberStance does not warrant that:

• The Service will be uninterrupted, error-free, or free of harmful components.
• The Report will meet your specific requirements.
• Any particular outcome will result from following the recommendations in the Report.
• The Service will be available at all times, including during maintenance windows or unforeseen technical outages.

The Service references and provides recommendations relating to third-party platforms including Microsoft 365, Google Workspace, Xero, MYOB, and Slack. CyberStance is not affiliated with, endorsed by, or partnered with any of these providers.

• Recommendations involving third-party platforms are based on publicly available documentation and may not reflect the most current interface, features, or settings.
• CyberStance is not responsible for changes made by third-party providers that affect the accuracy of recommendations after your Report is generated.
• References to the ACSC Essential Eight, the ISM, and the Privacy Act are for educational alignment only and do not constitute a compliance assessment.
• Payment processing is handled by Stripe. By making a payment, you also accept Stripe’s terms of service (stripe.com/au/legal).

We collect and handle your personal information in accordance with our Privacy Policy (cyberstance.com.au/privacy) and the Australian Privacy Act 1988 (Cth). By using the Service, you consent to the collection and use of your information as described in the Privacy Policy.

We may suspend or terminate your access to the Service at any time, with or without notice, if we reasonably believe you have breached these Terms or are using the Service for unlawful purposes. Termination does not affect any rights or obligations that arose before termination. Clauses 6, 7, 11, 13, and 17 survive termination of these Terms.

We may update these Terms from time to time. If we make material changes, we will update the “Last updated” date at the top of this page. Continued use of the Service after changes are posted constitutes acceptance of the revised Terms.

These Terms are governed by the laws of Queensland, Australia. Any dispute arising from these Terms or the Service will be subject to the exclusive jurisdiction of the courts of Queensland.

If any provision of these Terms is found to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions will continue in full force and effect.

These Terms, together with the Privacy Policy and the Report Disclaimer below, constitute the entire agreement between you and CyberStance in relation to the Service. They supersede all prior communications, representations, and agreements, whether written or oral.

Assignment: You may not assign your rights under these Terms without our prior written consent. We may assign our rights and obligations to a successor entity without your consent.

Waiver: Failure to enforce any provision of these Terms does not constitute a waiver of that provision.

GST: All prices are inclusive of GST unless otherwise stated. We will issue a compliant tax invoice upon payment.

If you have questions about these Terms, please contact us:

• Email: support@cyberstance.com.au
• Entity: CyberStance (ABN 84 900 814 783)
• Postal address: PO Box 338, Burleigh Town QLD 4220