Terms and Conditions:
Effective Date: 04/26/2025
1. Services Provided
Blue Oak Cyber provides cybersecurity consulting and assessment services designed to assist businesses in identifying cybersecurity risks and opportunities for improvement. Our services include phishing simulation, cybersecurity hygiene auditing, and cybersecurity readiness assessments. We focus on small to midsize businesses located in the United States. Our services are not intended for companies subject to GLBA, HIPAA, SOX, GDPR, LGPD, or similar regulatory frameworks.
2. Scope of Services
The scope of services is limited to the deliverables outlined in the specific service package selected by the client at the time of engagement. Any additional services, remediations, or project expansions may require a new agreement and separate pricing.
3. Authority to Engage
By engaging Blue Oak Cyber, the client represents and warrants that they have full authority to enter into contracts and purchase services on behalf of their business or organization.
4. Results Disclaimer
While our services are designed to assist in reducing cybersecurity risks, no service, assessment, or recommendation can guarantee complete protection against security incidents, breaches, or losses. Cybersecurity involves continuously evolving threats and risk factors beyond the control of Blue Oak Cyber.
5. Data Handling and Retention Policy
Blue Oak Cyber does not collect, store, or process personal, financial, or health-related data on behalf of clients. All assessments are conducted based on information voluntarily provided by the client and accessed with their explicit consent.
We do not retain client data beyond the scope of service delivery. Within 30 days of completing an engagement, all client-provided data, system access credentials, assessment notes, reports, and working files are securely deleted from our systems unless otherwise requested in writing by the client.
Clients are responsible for maintaining their own records and copies of deliverables, as Blue Oak Cyber does not archive or reissue materials once the engagement has concluded.
6. Payment Terms
Payment for services is due prior to the delivery of final reports or consultation summaries unless otherwise agreed upon in writing. Custom engagements will have payment terms outlined separately.
7. Limitation of Liability
To the fullest extent permitted by law, Blue Oak Cyber’s liability for any claim arising out of the provision of services shall be limited to the amount paid by the client for such services.
8. Governing Law
These terms shall be governed by and construed in accordance with the laws of the State of Wisconsin, United States of America.
9. Legal and Ethical Compliance
Blue Oak Cyber is committed to operating with integrity and in full compliance with applicable laws. During the course of providing cybersecurity services, if we observe or encounter evidence of illegal activity, financial fraud, the possession or distribution of illicit materials, or any behavior that creates the appearance of criminal conduct, we reserve the right, and may be legally obligated, to report such findings to appropriate authorities.
Blue Oak Cyber will make reasonable efforts to discuss concerns with the client first, unless doing so would risk further harm or violate reporting obligations.
By engaging our services, the client acknowledges and accepts this ethical and legal reporting responsibility.
10. Dispute Resolution
In the event of any dispute, claim, or disagreement arising out of or relating to the services provided by Blue Oak Cyber, both parties agree to first attempt to resolve the matter informally and in good faith.
If a resolution cannot be reached, both parties agree to submit the dispute to binding arbitration administered by the Better Business Bureau (BBB) under its applicable rules and procedures. The decision of the arbitrator shall be final and binding, and may be entered in any court of competent jurisdiction.
11. Claim of Non Profit Status
To qualify for our nonprofit services, your organization must be an active 501(c)(3) public charity, verified by your IRS Determination Letter and the IRS Exempt Organization Search. Organizations that cannot provide proof of 501(c)(3) status or are listed as private foundations are not eligible for these services. Verification is required before any free services are provided.
Questions?
For questions regarding these Terms and Conditions, please contact us at: