Terms of Service

ThinSky Cybersecurity Services

Effective Date: January 1, 2025 | Version 1.0

1. INTRODUCTION AND ACCEPTANCE

1.1 Agreement to Terms

These Terms of Service ("Agreement," "Terms," or "ToS") constitute a legally binding contract between you ("Client," "Customer," or "you") and ThinSky ("ThinSky," "Company," "we," "us," or "our"), a cybersecurity services provider operating in the Province of Ontario, Canada.

By accessing our website at www.thinsky.com ("Website"), engaging our services, executing a Statement of Work ("SOW"), or clicking "I Accept," you acknowledge that you have read, understood, and agree to be bound by these Terms.

1.2 Business-to-Business Agreement

THIS IS A BUSINESS-TO-BUSINESS ("B2B") AGREEMENT. By entering into this Agreement, you represent and warrant that:

  • (a) You are acting in a business capacity and not as a consumer;
  • (b) You have the legal authority to bind your organization to these Terms;
  • (c) Your organization is a legally registered business entity;
  • (d) The services acquired hereunder are for commercial or business purposes only.

The protections afforded to consumers under the Ontario Consumer Protection Act, 2002, S.O. 2002, c. 30, Sched. A, and similar consumer protection legislation DO NOT APPLY to this Agreement.

1.3 Capacity to Contract

You represent that you are at least eighteen (18) years of age and have the legal capacity and authority to enter into this Agreement on behalf of your organization.

2. DEFINITIONS

For the purposes of this Agreement:

  • "Authorized Users" means the Client's employees, contractors, or agents who are authorized by Client to access or use the Services.
  • "Business Day" means any day other than a Saturday, Sunday, or statutory holiday in Ontario, Canada.
  • "Confidential Information" means any non-public information disclosed by either party, including but not limited to business plans, technical data, customer information, security vulnerabilities, and assessment reports.
  • "Deliverables" means any reports, documentation, or work product created by ThinSky in the course of providing Services.
  • "Fees" means the charges for Services as set forth in the applicable SOW or Order Form.
  • "Personal Information" has the meaning ascribed to it under the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 ("PIPEDA").
  • "Services" means the cybersecurity services provided by ThinSky, including but not limited to Virtual CISO services, SOC-as-a-Service, Penetration Testing, Compliance Consulting, and Managed Security Tools.
  • "SOW" or "Statement of Work" means a document executed by both parties that describes the specific Services, deliverables, timelines, and Fees.

3. SERVICES

3.1 Service Descriptions

ThinSky provides the following categories of cybersecurity services:

  • (a) Virtual CISO Services: Fractional Chief Information Security Officer services, including security strategy development, policy creation, risk assessments, and executive advisory services.
  • (b) SOC-as-a-Service: 24/7 Security Operations Center monitoring, threat detection, incident response, and security event analysis.
  • (c) Penetration Testing: Authorized security assessments including network penetration testing, web application testing, and cloud configuration reviews.
  • (d) Compliance Consulting: Readiness assessments and consulting for SOC 2 Type I/II, ISO 27001, PIPEDA, GDPR, PCI DSS, and other regulatory frameworks.
  • (e) Managed Security Tools: Deployment and management of security tools including but not limited to Wazuh, SonarQube, Teleport, Keycloak, OpenVAS, and Velociraptor.

3.2 Service Limitations

  • (a) No Guarantee of Security: Client acknowledges and agrees that no security service can guarantee absolute protection against all threats. ThinSky's Services are designed to reduce risk, not eliminate it entirely.
  • (b) Dependency on Client: The effectiveness of Services depends on Client's timely provision of accurate information, access credentials, and cooperation.
  • (c) Third-Party Systems: ThinSky is not responsible for vulnerabilities, outages, or security incidents in third-party systems, software, or services not under ThinSky's direct control.
  • (d) Regulatory Compliance: While ThinSky provides compliance consulting, Client remains solely responsible for achieving and maintaining regulatory compliance.

4. CLIENT OBLIGATIONS

Client agrees to:

  • (a) Provide accurate, complete, and timely information necessary for ThinSky to perform Services;
  • (b) Designate a primary point of contact with authority to make decisions;
  • (c) Provide reasonable access to systems, personnel, and documentation;
  • (d) Notify ThinSky promptly of any changes that may affect the Services;
  • (e) Comply with all applicable laws and regulations;
  • (f) Maintain appropriate insurance coverage for Client's operations.

5. FEES AND PAYMENT

5.1 Fees

Client agrees to pay all Fees as specified in the applicable SOW or Order Form. Unless otherwise specified:

  • (a) Fees are quoted in Canadian Dollars (CAD);
  • (b) Fees do not include applicable taxes;
  • (c) ThinSky reserves the right to adjust Fees annually with thirty (30) days' written notice.

5.2 Payment Terms

  • (a) Invoicing: ThinSky will invoice Client monthly in arrears for time-and-materials engagements, or as specified in the SOW for fixed-fee engagements.
  • (b) Due Date: Payment is due within thirty (30) days of invoice date ("Net 30"), unless otherwise specified in the SOW.
  • (c) Late Payments: Overdue amounts shall bear interest at the rate of 1.5% per month (18% annually), or the maximum rate permitted by law, whichever is lower.

6. INTELLECTUAL PROPERTY

ThinSky retains all Intellectual Property Rights in its methodologies, frameworks, tools, and processes. Upon full payment of applicable Fees, ThinSky grants Client a non-exclusive, non-transferable, perpetual license to use Deliverables for Client's internal business purposes only.

7. CONFIDENTIALITY

Each party agrees to protect the other party's Confidential Information with at least the same degree of care used to protect its own confidential information. Confidentiality obligations shall survive termination of this Agreement for a period of five (5) years.

8. DATA PROTECTION AND PRIVACY

Both parties agree to comply with applicable privacy legislation, including PIPEDA. For more information about how we handle personal information, please see our Privacy Policy.

9. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THINSKY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES.

THINSKY'S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF:

  • (a) The total Fees paid by Client to ThinSky during the twelve (12) months immediately preceding the claim; or
  • (b) Fifty Thousand Canadian Dollars (CAD $50,000).

10. TERM AND TERMINATION

Either party may terminate this Agreement or any SOW with thirty (30) days' written notice. Either party may terminate immediately upon written notice if the other party materially breaches this Agreement and fails to cure within thirty (30) days of written notice.

11. DISPUTE RESOLUTION

This Agreement shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein. Any dispute shall be resolved by binding arbitration administered by the ADR Institute of Canada, Inc., conducted in Toronto, Ontario.

12. GENERAL PROVISIONS

This Agreement, together with all SOWs and Order Forms, constitutes the entire agreement between the parties. This Agreement may only be amended by a written instrument signed by authorized representatives of both parties.

13. CONTACT INFORMATION

For questions regarding these Terms of Service, please contact:

ThinSky
Email: legal@thinsky.com
Website: www.thinsky.com

© 2025 ThinSky. All rights reserved.

Document Version: 1.0 | Last Reviewed: January 1, 2025