Esentrysecurity provides cybersecurity and IT audit services, including vulnerability testing, risk assessments, compliance consulting, and implementation of data protection measures. The services are intended exclusively for legal entities and do not include illegal hacking, espionage, or any violation of the law.

Each service is provided based on a written contract specifying the scope, duration, deliverables, and costs. We do not offer implied guarantees regarding the complete elimination of security risks.

The client undertakes to provide complete and accurate information about the IT infrastructure, systems, and data subject to audit or testing. Any omission or misrepresentation may affect the accuracy of the results and may incur the client's liability.

The client is responsible for obtaining necessary consents from third parties (partners, suppliers, employees) before the start of services. Additionally, the client must ensure secure access to systems and designate a technical point of contact for the entire duration of the contract.

• The client shall not use test results to harm third parties.
• The client shall immediately notify Esentrysecurity of any security incident discovered during the collaboration.
• The client shall maintain the confidentiality of received reports and recommendations.

Esentrysecurity undertakes to perform the services with the professional diligence specific to the field, adhering to recognized standards (OWASP, NIST, ISO 27001). The involved personnel hold relevant qualifications and certifications.

Esentrysecurity is not liable for indirect damages, loss of profits, business interruptions, or data loss caused by client actions or uncontrolled external factors. The total liability of Esentrysecurity for any claim is limited to the value of the respective contract.

Confidentiality

All client information and data are treated confidentially, in accordance with the privacy policy available on the website. We do not disclose information to third parties without the client's written consent, except as required by law.

Cybersecurity services cannot completely eliminate risks. Esentrysecurity does not guarantee that the client's systems will be invulnerable after the completion of tests or implementation of recommendations. The client remains responsible for the security of their own infrastructure.

If the services involve access to personal data, the client is the data controller, and Esentrysecurity acts as a data processor, in accordance with GDPR. The client must ensure the legal basis for processing.

• Esentrysecurity is not liable for damages caused by improper use of reports.
• Esentrysecurity is not liable for delays caused by force majeure or events beyond its control.
• Any claim must be submitted in writing within 30 days of service completion.

The contract begins on the signing date and lasts for the period specified therein. Either party may terminate the contract with 30 days' notice if the other party breaches essential obligations and fails to remedy the breach within 15 days of notification.

Upon termination, the client must return all materials and data provided by Esentrysecurity. Esentrysecurity will delete the client's data from its systems, except for what is necessary for legal archiving.

Esentrysecurity reserves the right to modify these terms of use. Any changes will be published on the website at least 15 days before they take effect. Continued use of the services after the modification constitutes acceptance of the new terms.

For legal inquiries, contact us via email at: info@esentrysecurity.com or by mail at our office located at Aleea Crișan nr. 2A, bl. 26, sc. A, et. 7, ap. 1.