Legal

Terms of Service

Last updated: 6 May 2026 · Version 1.1

Plain-English summary.These terms set out how we work together when you engage QMC4 Cyber. The headline commitments — what we'll do, what you're responsible for, what we charge, what we're liable for, and what happens if it ends — are spelled out below in language you can read without a lawyer next to you. The detailed commercial terms for any specific service live in the signed Order Form or Statement of Work that sits alongside this document.

1. The agreement and who it's between

These Terms of Service (the “Terms”) govern the relationship between QMC4 Cyber, a trading division of QMC4 Group Limited, a company registered in Guernsey under company number 77766, with its registered office at Ohana, Hougues Magues Lane, St Sampson, Guernsey GY2 4WA (“QMC4 Cyber”, “we”, “us”, “our”), and the business that engages us (“you”, “the Client”).

The agreement between us (the “Agreement”) is made up of these Terms, the relevant Order Form or Statement of Work (“SOW”) you sign, our Data Processing Addendum, and any service-specific schedules referenced in the SOW. If there is a conflict between them, the SOW takes priority, then the Data Processing Addendum, then these Terms.

These Terms apply to business clients only. Our services are not intended for consumers.

2. The services we provide

We provide managed security and IT services (the “Services”), which may include any of the following depending on what you order:

  • Sentinel — managed detection and response, delivered through a 24/7 security operation backed by an AI-agent layer.
  • Identity— identity threat detection & response and zero-trust controls.
  • Counsel — virtual CISO, governance, certification support and board-level reporting.
  • Foundation — managed IT including endpoint, identity, cloud and helpdesk.
  • Any other professional services described in your SOW.

The exact scope, deliverables, service levels, term and price for the Services you receive will be set out in your SOW. Anything not described there is out of scope unless we agree otherwise in writing.

3. How we'll deliver the Services

We'll deliver the Services with reasonable skill and care, in line with good industry practice for managed security and IT providers, and in accordance with any service levels described in your SOW.

Some of the Services rely on third-party technology and partner suppliers — for example our SOC partners, our identity-protection vendors, and the cloud platforms we operate on. We choose these partners carefully, but we are not responsible for outages, defects or changes in third-party services that are outside our reasonable control. Where a third-party service has its own end-user terms, your use of that service is also subject to those terms.

4. What we need from you

Cyber security only works as a partnership. To enable us to deliver the Services, you agree to:

  • provide the access, information, credentials, log sources and decisions we reasonably need, on a timely basis;
  • make sure that the people, systems and data you give us access to are yours to grant access to, and that you have the authority to do so;
  • act on the recommendations and remediation steps we issue within reasonable timeframes — we cannot defend a system you have asked us to monitor if you refuse to patch or harden it;
  • use the Services only for lawful business purposes, and not in a way that breaks any applicable law, regulation, or third-party right;
  • keep your account credentials and any tokens we issue secure, and tell us straight away if you suspect they're compromised;
  • pay our invoices on time.

If you don't meet these responsibilities and that prevents us from delivering an aspect of the Services, we won't be in breach of the Agreement, our service levels won't apply to that aspect, and we may charge for the additional time we spend.

5. Fees, payment and changes

The fees, billing frequency and payment terms for your Services are set out in your SOW. Unless your SOW says otherwise:

  • fees are quoted in pounds sterling and are exclusive of VAT;
  • invoices are payable within 30 days of the invoice date;
  • we may charge interest on overdue amounts at 4% per year above the Bank of England base rate, accruing daily from the due date until paid in full (whether before or after judgment);
  • we may suspend the Services if any undisputed invoice remains unpaid for more than 30 days after written notice.

We may increase recurring fees once per twelve-month period, on at least 60 days' written notice, by the higher of (a) the most recent annual change in the Guernsey Retail Prices Index (RPIX), as published by the States of Guernsey, and (b) 3%. Any other change to scope, deliverables or price will be agreed in writing through a change order.

6. Term and ending the Agreement

The Agreement starts on the date you accept your SOW and continues for the term set out in it. After the initial term, it auto-renews for successive periods of the same length unless either of us gives written notice of non-renewal at least 90 days before the end of the then-current term.

Either of us can terminate the Agreement immediately on written notice if the other:

  • materially breaches the Agreement and fails to fix it within 30 days of being asked to in writing;
  • becomes insolvent, enters administration, has a receiver appointed, or otherwise can no longer pay its debts as they fall due.

On termination, we'll cooperate reasonably with you to hand over data and documentation, you'll pay any fees properly due up to and including the termination date, and each of us will stop using the other's confidential information. Provisions intended to survive — including confidentiality, limitation of liability, intellectual property and governing law — will continue to apply.

7. Confidentiality

Each party may receive information from the other that is confidential or proprietary. Each party agrees to protect the other's confidential information with at least the same care it uses for its own (and at least reasonable care), to use it only to perform or receive the Services, and to share it only with employees, contractors and advisers who need it and who are bound by equivalent obligations.

These obligations don't apply to information that is or becomes public through no fault of the receiving party, was already known to the receiving party without restriction, is independently developed, or is required to be disclosed by law or by a regulator (in which case the receiving party will, where permitted, give reasonable notice so the disclosing party can seek protective measures).

8. Data protection and security

Where we process personal data on your behalf as part of the Services, we do so as a data processor under your instructions, and the Data Processing Addendum that forms part of the Agreement applies. Where we process personal data as a data controller (for example, for our own business administration and marketing), our Privacy Policy explains how.

We operate aligned to the NCSC Cyber Assessment Framework and NIST CSF, and are Cyber Essentials and Cyber Essentials Plus certified. Specific security commitments and notification timelines are set out in the Data Processing Addendum and any Information Security Schedule referenced in your SOW.

9. Intellectual property

Each party keeps the intellectual property rights it owned before the Agreement, and anything it independently develops outside the Agreement.

We grant you a non-exclusive, non-transferable licence to use any tools, reports, dashboards, playbooks or other materials we provide as part of the Services (“QMC4 Materials”) for your internal business purposes during the term, and afterwards in respect of historic deliverables you already paid for.

You grant us a non-exclusive, royalty-free licence to use the data, content and systems you make available to us (“Client Materials”) to the extent necessary to deliver and improve the Services, and to produce anonymised, aggregated insights that do not identify you or your personnel.

Anything we create specifically for you under an SOW (“Deliverables”) becomes yours on payment, except for any pre-existing or generic components, methodologies, frameworks, templates or know-how we used to create it, which remain ours and are licensed to you under the same terms as the QMC4 Materials.

10. Warranties

We warrant that we'll deliver the Services with reasonable skill and care. Beyond that, and to the maximum extent permitted by law, the Services are provided “as is” and we exclude all other warranties, conditions or representations, whether express or implied — including any implied warranty of fitness for purpose, of satisfactory quality, of non-infringement, or of uninterrupted or error-free operation.

We don't warrant that the Services will detect or prevent every cyber attack. Cyber security is a discipline of risk reduction, not certainty.

11. Limitation of liability

Nothing in the Agreement limits or excludes either party's liability for: death or personal injury caused by negligence; fraud or fraudulent misrepresentation; or any other liability that cannot lawfully be limited or excluded.

Subject to that, neither party will be liable to the other (whether in contract, tort including negligence, breach of statutory duty, or otherwise) for any loss of profits, loss of revenue, loss of business, loss of opportunity, loss of anticipated savings, loss of goodwill, or any indirect or consequential loss, even if foreseeable.

Each party's total aggregate liability arising out of or in connection with the Agreement in any twelve-month period is capped at the fees actually paid by you to us under the Agreement in that twelve-month period. The exclusions and cap apply to the maximum extent permitted by law.

12. Indemnities

You will indemnify us against losses, damages, costs and expenses (including reasonable legal fees) we incur as a result of any third-party claim arising from (a) your use of the Services in breach of the Agreement or applicable law, or (b) any Client Materials infringing a third party's intellectual property rights or breaching applicable law.

We will indemnify you against losses, damages, costs and expenses (including reasonable legal fees) you incur as a result of any third-party claim that the QMC4 Materials, used as we intended, infringe that third party's intellectual property rights in the United Kingdom — provided you tell us promptly, give us sole control of the defence and settlement, and cooperate with us at our cost.

13. Force majeure

Neither party will be liable for any failure or delay in performing its obligations (other than payment obligations) caused by an event outside its reasonable control, including acts of government, war, civil unrest, terrorism, natural disasters, widespread internet outages, or large-scale third-party cloud-platform failures. The affected party will notify the other promptly and use reasonable efforts to resume performance.

14. Notices

Notices under the Agreement must be in writing. Notices to us should be sent to hello@qmc4.com with a copy by post to our registered office. Notices to you will go to the email and postal addresses set out in your SOW.

15. General

  • Assignment.Neither party may assign or transfer the Agreement without the other's prior written consent, except that either party may assign to a successor in connection with a merger, acquisition or sale of substantially all of its assets.
  • Sub-contracting. We may use sub-contractors and partner providers to deliver parts of the Services. We remain responsible for their performance.
  • Independent contractors. We are independent contractors. The Agreement does not create a partnership, joint venture, agency or employment relationship.
  • No third-party rights. A person who is not a party to the Agreement has no rights under the Contracts (Rights of Third Parties) (Guernsey) Law, 2014 to enforce any of its terms.
  • Severability. If any provision is found to be unenforceable, it will be modified to the minimum extent needed to make it enforceable, and the rest of the Agreement will continue in force.
  • Entire agreement. The Agreement is the complete agreement between us about its subject matter, and it supersedes any prior discussions, proposals or representations.
  • Variations. Any change to the Agreement must be in writing and signed by an authorised representative of each party.

16. Governing law and disputes

The Agreement is governed by the laws of the Bailiwick of Guernsey. Each party submits to the exclusive jurisdiction of the courts of Guernsey, except that either party may seek injunctive relief in any court of competent jurisdiction to protect its intellectual property or confidential information.

If a dispute arises, both parties agree to escalate to senior representatives in good faith before starting court proceedings. Neither party is required to mediate or arbitrate, but we'll usually want to.

17. Contact

Questions about these Terms? Email hello@qmc4.com.