Skip to main content
Scroll to top
Book a Discovery Call

Terms & Conditions

  • Home
  • Terms & Conditions

Last updated: May 2026  Â·  Cyber Threat Defense Consulting Ltd

These Terms & Conditions govern your use of ctdc.io and any engagement with services provided by Cyber Threat Defense Consulting Ltd (“CTDC”, “we”, “us”). By using this website or engaging our services, you agree to these Terms. A separate set of Terms applies to the Romanian locale at ctdc.io/ro/ and to engagements with the Romanian entity.

Services

CTDC provides cybersecurity consultancy, penetration testing, compliance advisory, cloud security, DevSecOps, and related professional services. The specific scope, deliverables, and fees for each engagement are agreed in a separate Statement of Work or engagement letter, which takes precedence over these Terms where there is a conflict.

Acceptable use

You may not use this website or our services for any unlawful purpose, to conduct unauthorised security testing of third-party systems, or in breach of any applicable law or regulation. Access to any testing environment requires explicit written authorisation scoped to that engagement.

Intellectual property

All reports, assessments, methodologies, and materials produced by CTDC in the course of an engagement are the intellectual property of CTDC until full payment is received, at which point deliverables transfer to the client as set out in the engagement letter. CTDC retains the right to use anonymised, aggregated findings for research and improvement purposes.

Confidentiality

Both parties agree to treat all non-public information exchanged in connection with an engagement as confidential. CTDC will not disclose client data, findings, or engagement details to third parties without written consent, except where required by law.

Data processing

Where CTDC accesses or processes personal data on behalf of the client in the course of an engagement (for example, during penetration testing, security assessments, or managed security activities), CTDC acts as a data processor within the meaning of UK GDPR Article 28 and EU GDPR Article 28. In such cases, the parties shall enter into a Data Processing Agreement (DPA) as part of the relevant Statement of Work or engagement letter. The DPA will set out the subject matter, duration, nature, and purpose of the processing, the type of personal data involved, and the obligations and rights of each party. CTDC will process personal data only on documented instructions from the client, implement appropriate technical and organisational security measures, and assist the client in meeting its own GDPR obligations, including data subject requests and breach notification requirements.

Limitation of liability

To the maximum extent permitted by applicable law, CTDC’s total liability for any claim arising from our services shall not exceed the fees paid for the specific engagement giving rise to the claim. CTDC is not liable for indirect, consequential, or punitive damages. Nothing in these Terms limits liability for death or personal injury caused by negligence, or for fraud.

Payment terms

Unless otherwise stated in the engagement letter, invoices are due within 30 days of the invoice date. Late payments accrue interest at 8% per annum above the Bank of England base rate under the Late Payment of Commercial Debts (Interest) Act 1998. CTDC reserves the right to suspend services on accounts overdue by more than 14 days.

Termination

Either party may terminate an engagement by providing written notice as specified in the relevant Statement of Work or engagement letter. On termination, the client shall pay for all work completed up to the termination date. Clauses relating to confidentiality, intellectual property, limitation of liability, and governing law survive termination.

Warranties and disclaimers

CTDC warrants that services will be performed with reasonable skill and care by qualified professionals. CTDC does not warrant that its services will identify all vulnerabilities or that systems will be secure following an engagement. Security assessments reflect the state of the systems at the time of testing.

Force majeure

Neither party shall be liable for delays or failures caused by circumstances beyond their reasonable control, including natural disasters, government actions, cyberattacks on third-party infrastructure, or communications failures. The affected party shall notify the other promptly and use reasonable efforts to resume performance.

Sanctions compliance

CTDC does not provide services to any individual, entity, or jurisdiction that is subject to applicable sanctions or export controls. This includes, without limitation:

  • Sanctions administered by HM Treasury Office of Financial Sanctions Implementation (OFSI) under UK sanctions legislation;
  • Sanctions administered by the European Union under EU Common Foreign and Security Policy (CFSP) regulations;
  • Sanctions administered by the United Nations Security Council (UNSC) pursuant to UN Security Council resolutions;
  • Sanctions administered by the US Department of the Treasury Office of Foreign Assets Control (OFAC), including designations on the Specially Designated Nationals (SDN) list and country-based programmes;
  • Applicable export controls under UK Export Control Order 2008, EU dual-use regulations (Regulation (EU) 2021/821), and US Export Administration Regulations (EAR) where applicable.

Clients represent and warrant that they are not subject to any of the above sanctions regimes and that engaging CTDC will not cause CTDC to be in breach of applicable sanctions law. CTDC reserves the right to terminate any engagement immediately and without liability if it determines, at any time, that continuing would result in a sanctions violation. Any fees paid for completed work prior to termination shall be retained by CTDC.

Governing law and jurisdiction

These Terms are governed by the laws of England and Wales. Disputes arising under these Terms are subject to the exclusive jurisdiction of the courts of England and Wales.

The applicable entity and governing law for a specific engagement will be confirmed in the relevant Statement of Work or engagement letter. For engagements with our Romanian entity, separate terms apply - see ctdc.io/ro/terms.html.

Severability and entire agreement

If any provision of these Terms is found to be unenforceable, the remaining provisions continue in full force. These Terms, together with the applicable Statement of Work or engagement letter, constitute the entire agreement between the parties and supersede all prior representations or understandings.

Changes to these Terms

CTDC may update these Terms from time to time. The current version is always published on this page. For material changes, we will notify active clients by email at least 14 days before the changes take effect.

Contact

For any questions about these Terms, contact contact@ctdc.io or write to 1 Kings Avenue, London N21 3NA, United Kingdom.