Terms & Conditions

4.2  Invoicing and Payment Terms

• Invoices are issued electronically to the billing contact designated by the Client in the Engagement Letter.
• Payment is due within thirty (30) calendar days of the invoice date, unless otherwise specified in the Engagement Letter (“Payment Due Date”).
• All fees are stated and payable in U.S. Dollars (USD).
• Retainer payments must be received in full prior to the commencement of the service period to which they apply.
• Fixed-price project fees are typically structured with a portion due upon engagement execution and the balance tied to defined milestones as specified in the SOW.

4.3  Late Payments

Invoices not paid by the Payment Due Date are subject to the following consequences:

• A late payment fee of one and a half percent (1.5%) per month (18% per annum) will accrue on any outstanding balance from the Payment Due Date until the date of full payment.
• NABAYA reserves the right to suspend services — including access to client portals, ongoing advisory, or managed IT support — upon fifteen (15) days written notice if any invoice remains unpaid past the Payment Due Date.
• NABAYA reserves the right to terminate an engagement for non-payment pursuant to Section 12 of these Terms.
• The Client is responsible for all costs of collection, including reasonable attorneys’ fees, if NABAYA is required to pursue collection of unpaid amounts.

4.4  Disputed Invoices

If the Client disputes any portion of an invoice, the Client must notify NABAYA in writing within fifteen (15) calendar days of the invoice date, specifying the disputed amount and the basis for the dispute. Undisputed portions of the invoice must be paid by the Payment Due Date. The parties agree to work in good faith to resolve any billing dispute within thirty (30) days of notification.

4.5  Taxes

All fees are exclusive of applicable taxes. The Client is responsible for all sales, use, goods and services, value-added, withholding, and similar taxes imposed by any taxing authority on the services provided under these Terms, excluding taxes on NABAYA’s income. Where NABAYA is legally required to collect taxes, they will be added to the applicable invoice.

4.6  Expenses

NABAYA will obtain prior written approval from the Client before incurring any reimbursable expenses exceeding $250 per item. Approved expenses — including travel, accommodation, software licensing, and certification fees incurred on the Client’s behalf — will be invoiced at cost with supporting documentation.

5.  Intellectual Property

5.1  NABAYA Materials

NABAYA retains sole and exclusive ownership of all pre-existing intellectual property, including methodologies, frameworks, templates, tools, scripts, checklists, assessment models, and proprietary processes developed by NABAYA prior to or independent of any specific Client engagement (collectively, “NABAYA Materials”). NABAYA Materials are licensed to the Client on a non-exclusive, non-transferable, revocable basis solely for the Client’s internal use in connection with the specific engagement for which they were provided.

The Client may not reproduce, distribute, modify, reverse-engineer, sublicense, or use NABAYA Materials for any purpose beyond the scope of the engagement without prior written consent from NABAYA.

5.2  Deliverables

Upon receipt of full payment of all Fees applicable to a completed engagement, NABAYA grants the Client a non-exclusive, perpetual, royalty-free license to use the Deliverables produced specifically for that Client under that engagement for the Client’s internal business purposes. Unless the applicable Engagement Letter expressly states otherwise, NABAYA retains ownership of the Deliverables and the underlying methods used to produce them.

The Client may not resell, redistribute, or present NABAYA’s Deliverables as the Client’s own original work to third parties without NABAYA’s prior written consent.

5.3  Client Materials

The Client retains all right, title, and interest in and to all materials, data, documents, and information provided by the Client to NABAYA in connection with an engagement (“Client Materials”). The Client grants NABAYA a limited, non-exclusive license to use Client Materials solely to perform the agreed services. NABAYA will not use Client Materials for any other purpose, and will return or securely destroy Client Materials upon engagement completion or termination, as directed by the Client.

5.4  NABAYA Brand and Marks

The NABAYA name, logo, and all associated trademarks and service marks are the exclusive property of NABAYA Business Solutions LLC. The Client may not use NABAYA’s trademarks, trade names, logos, or other brand elements in any marketing, press release, social media, or public communication without NABAYA’s prior written consent. Client references or testimonials are subject to NABAYA’s prior review and written approval.

5.5  Open Source Components

Where NABAYA incorporates open-source software components into any Deliverable, NABAYA will identify such components and the applicable open-source license(s). The Client’s use of such components is subject to the applicable open-source license terms, which take precedence over this Agreement to the extent they conflict.

6.  Confidentiality

6.1  Mutual Confidentiality Obligations

Each party (“Receiving Party”) agrees to hold in strict confidence all Confidential Information received from the other party (“Disclosing Party”) and to use such information solely to perform or receive the services contemplated by this Agreement. Each party agrees to:

• Protect the Disclosing Party’s Confidential Information using at least the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care
• Limit access to Confidential Information to personnel who have a need-to-know for purposes of the engagement and who are bound by confidentiality obligations at least as protective as those in this Agreement
• Not disclose Confidential Information to any third party without the prior written consent of the Disclosing Party
• Promptly notify the Disclosing Party in writing upon discovery of any unauthorized disclosure or use of Confidential Information

6.2  Exceptions

Confidentiality obligations do not apply to information that:

• Is or becomes publicly available through no fault of the Receiving Party
• Was already known to the Receiving Party prior to disclosure, as evidenced by prior written records
• Is independently developed by the Receiving Party without reference to the Disclosing Party’s Confidential Information
• Is rightfully received from a third party without restriction on disclosure
• Is required to be disclosed by law, court order, or binding regulatory requirement, provided the Receiving Party gives the Disclosing Party prompt written notice (to the extent permitted by law) and cooperates with any effort by the Disclosing Party to seek a protective order

6.3  Duration

Confidentiality obligations survive the termination or expiration of this Agreement and any specific engagement for a period of five (5) years, except with respect to trade secrets, which shall remain confidential for as long as they qualify as trade secrets under applicable law.

6.4  Security Engagement Confidentiality

For engagements involving penetration testing, vulnerability assessments, or other offensive security activities, the scope, methodology, results, and findings of such assessments constitute Confidential Information of the highest sensitivity. Unauthorized disclosure of penetration test findings could expose the Client to significant security risk. The Client agrees to restrict distribution of security assessment reports to personnel with a legitimate need to know and to implement appropriate access controls over such documents.

Cybersecurity Firm Standard

As a cybersecurity firm, NABAYA applies industry-leading confidentiality protocols to all engagement data. We do not reference specific Client names, findings, or outcomes in public materials or case studies without the Client’s explicit written consent.

7.  Data Protection and Privacy

7.1  Personal Data Processing

To the extent NABAYA processes personal data on the Client’s behalf in connection with a service engagement (for example, processing employee records during a HIPAA compliance assessment or handling network logs during incident response), the parties will execute a Data Processing Agreement (DPA) that defines the scope of processing, the parties’ respective responsibilities, security measures, and data subject rights obligations in accordance with applicable law.

7.2  Website Data

NABAYA’s collection and use of personal data submitted through the NABAYA website — including contact forms, consultation bookings, and quiz submissions — is governed by NABAYA’s Privacy Policy, available at www.nabayasolutions.com/privacy-policy, which is incorporated herein by reference.

7.3  Security Measures

NABAYA implements administrative, technical, and physical security measures consistent with industry standards — including those defined in NIST SP 800-53, the NIST Cybersecurity Framework, and ISO 27001 — to protect Client data in NABAYA’s possession or control. These measures include:

• Encryption of data in transit using TLS 1.2 or higher and encryption of sensitive data at rest
• Access controls restricting Client data to authorized NABAYA personnel on a need-to-know basis
• Multi-factor authentication (MFA) on all systems used to access or store Client data
• Regular security reviews and vulnerability assessments of NABAYA’s internal infrastructure
• Secure deletion of Client data at the conclusion of each engagement per NIST 800-88 or equivalent standards

7.4  Data Breach Notification

In the event NABAYA becomes aware of a security incident that results in unauthorized access to, or disclosure of, Client’s personal data or Confidential Information in NABAYA’s possession, NABAYA will:

• Notify the Client of the confirmed breach within seventy-two (72) hours of becoming aware of it, or as required by applicable law, whichever is sooner
• Provide a preliminary assessment of the scope and impact of the incident
• Cooperate with the Client’s reasonable investigation and remediation efforts
• Take prompt steps to contain the breach and prevent further unauthorized access

7.5  Applicable Law

NABAYA’s data protection practices are designed to comply with the Maryland Online Data Privacy Act (MODPA), applicable U.S. federal privacy law, and the EU General Data Protection Regulation (GDPR) where applicable to EU residents. For engagements involving HIPAA-covered entities or their business associates, NABAYA will execute the required Business Associate Agreement (BAA) prior to any access to protected health information (PHI).

8.  Disclaimers and Limitations of Liability

8.1  No Guarantee of Audit Passage or Regulatory Approval

NABAYA’s services are designed to improve the Client’s security posture and compliance readiness. However, NABAYA does not guarantee that the Client will pass any specific audit, receive certification from any standards body, satisfy any regulatory requirement, or win any government contract as a result of NABAYA’s services. Audit outcomes are determined by independent auditors applying their own judgment and are outside NABAYA’s control.

8.2  No Guarantee of Absolute Security

NABAYA does not warrant or represent that its cybersecurity services will render the Client’s systems impenetrable, breach-free, or fully secure. Cybersecurity is an ongoing discipline, not a fixed state. NABAYA’s assessments reflect the security posture of the Client’s environment at the time of the assessment, based on information available to NABAYA, and do not constitute a representation regarding future security conditions.

8.3  Disclaimer of Warranties

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NABAYA PROVIDES ALL SERVICES AND WEBSITE CONTENT “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, OR COMPLETENESS. NABAYA DOES NOT WARRANT THAT THE WEBSITE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.

8.4  Limitation of Liability

CRITICAL LIMITATION

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NABAYA’S TOTAL CUMULATIVE LIABILITY TO THE CLIENT FOR ANY CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT OR ANY ENGAGEMENT — WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE — SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID BY THE CLIENT TO NABAYA DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

8.5  Exclusion of Consequential Damages

IN NO EVENT WILL NABAYA BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES — INCLUDING LOST PROFITS, LOST REVENUE, LOSS OF BUSINESS, LOSS OF DATA, REPUTATIONAL HARM, COST OF SUBSTITUTE SERVICES, OR BUSINESS INTERRUPTION — EVEN IF NABAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY OF LIABILITY.

8.6  Third-Party Actions

NABAYA is not liable for any harm, loss, or damage caused by the actions or omissions of third parties, including but not limited to threat actors, ransomware operators, regulatory bodies, auditors, subcontractors not selected by NABAYA, or the Client’s own personnel or vendors. NABAYA’s penetration testing and vulnerability assessment services identify weaknesses based on known techniques at the time of testing; NABAYA is not responsible for vulnerabilities that arise after the assessment period or that were not detectable using the agreed testing methodology.

8.7  Essential Basis of the Bargain

The Client acknowledges that the limitations of liability and disclaimers in this Section 8 reflect a reasonable allocation of risk between the parties and are an essential basis of the bargain between NABAYA and the Client. NABAYA’s fees are set in part in reliance on these limitations.

9.  Indemnification

9.1  Client Indemnification

The Client agrees to indemnify, defend, and hold harmless NABAYA and its members, managers, officers, employees, contractors, and agents from and against any and all claims, actions, losses, liabilities, damages, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to:

• The Client’s breach of any representation, warranty, or obligation under this Agreement
• The Client’s failure to obtain required authorizations for NABAYA to access systems, networks, or data
• The Client’s use of NABAYA’s Deliverables or services in a manner not authorized under this Agreement
• Any claim by a third party (including regulatory bodies) arising from the Client’s own non-compliance with applicable laws, regulations, or contractual obligations
• Any gross negligence or willful misconduct by the Client or the Client’s personnel

9.2  NABAYA Indemnification

NABAYA agrees to indemnify, defend, and hold harmless the Client from and against any third-party claims alleging that NABAYA’s Deliverables infringe any third party’s valid U.S. intellectual property rights, provided that NABAYA is promptly notified of the claim, has sole control over the defense and settlement, and the Client cooperates fully with NABAYA’s defense. This indemnification does not apply to claims arising from the Client’s modification of Deliverables or use of Deliverables outside the scope of the applicable license.

10.  Acceptable Use of the NABAYA Website

10.1  Permitted Use

The NABAYA website is made available for lawful, legitimate business purposes, including learning about NABAYA’s services, submitting inquiries, booking consultations, and accessing educational resources. The website is intended for use by business professionals and organizations.

10.2  Prohibited Conduct

The Client and all visitors to the NABAYA website agree not to:

• Use the website for any unlawful purpose or in violation of any applicable law or regulation
• Attempt to gain unauthorized access to any part of the website, NABAYA’s internal systems, or any data not intended for public access
• Introduce malware, viruses, Trojan horses, worms, or any other harmful code to the website or NABAYA’s infrastructure
• Engage in scraping, crawling, or automated data collection without NABAYA’s prior written consent
• Impersonate NABAYA, its personnel, or any other person or entity in connection with the website
• Submit false, misleading, or fraudulent information through any website form or inquiry channel
• Use the website to transmit unsolicited commercial communications (spam)
• Interfere with or disrupt the integrity or performance of the website or its underlying infrastructure

10.3  Interactive Tools Disclaimer

The NABAYA website may offer interactive tools such as a Compliance Readiness Quiz or ROI Calculator. These tools produce generalized outputs based on user inputs and are intended for educational and preliminary assessment purposes only. They do not constitute professional security, legal, or compliance advice and should not be used as the sole basis for business or regulatory decisions.

11.  Conflicts of Interest

NABAYA will disclose to the Client any known material conflict of interest before commencing an engagement. NABAYA will not knowingly represent competing organizations in the same market segment in a manner that would compromise the Client’s Confidential Information or NABAYA’s professional objectivity.

NABAYA may engage other clients in the same industry as the Client, provided there is no material conflict of interest and NABAYA’s obligations of confidentiality are maintained. Where a potential conflict is identified mid-engagement, NABAYA will notify the Client promptly and the parties will work in good faith to address it.

12.  Term and Termination

12.1  Term

These Terms are effective from the date of first access to the NABAYA website or execution of any Engagement Letter and remain in effect until terminated pursuant to this Section or until the conclusion of all active engagements, whichever is later.

12.2  Termination for Convenience

Either party may terminate an ongoing engagement for convenience upon thirty (30) days prior written notice to the other party. Upon termination for convenience:

• The Client will pay NABAYA for all services rendered and expenses incurred up to the effective date of termination
• For fixed-price engagements, the Client will pay the proportionate value of work completed at the time of termination, as reasonably determined by NABAYA
• For retainer engagements, no refund will be issued for the current service month; any unused portion of prepaid fees for future months will be refunded within thirty (30) days

12.3  Termination for Cause

Either party may terminate an engagement immediately upon written notice if the other party:

• Materially breaches this Agreement and fails to cure such breach within fifteen (15) calendar days of written notice describing the breach in reasonable detail
• Becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to bankruptcy, receivership, or similar proceedings
• Engages in conduct that, in the terminating party’s reasonable judgment, poses a material security risk to the other party’s systems or data

In the event NABAYA terminates for the Client’s material breach, all outstanding fees become immediately due and payable, and NABAYA may suspend access to any ongoing services without further notice.

12.4  Effect of Termination

Upon termination or expiration of any engagement:

• Each party will promptly return or securely destroy the other party’s Confidential Information in its possession, unless retention is required by law
• NABAYA will deliver any Deliverables completed as of the termination date, subject to receipt of all undisputed fees due
• Licenses granted to the Client for NABAYA Materials are revoked unless expressly stated otherwise in the Engagement Letter
• Provisions that by their nature should survive termination — including Sections 5 (IP), 6 (Confidentiality), 8 (Limitations), 9 (Indemnification), 13 (Dispute Resolution), and 14 (General) — will continue in full force

13.  Dispute Resolution

13.1  Good Faith Negotiation

In the event of any dispute, claim, or controversy arising out of or relating to this Agreement, any engagement, or the breach, termination, or validity thereof, the parties agree to first attempt to resolve the dispute through good-faith negotiation. Either party may initiate this process by delivering written notice to the other party identifying the nature of the dispute and the resolution sought. The parties will engage in negotiations for no less than thirty (30) calendar days from such notice before escalating to mediation.

13.2  Mediation

If good-faith negotiation fails to resolve the dispute within thirty (30) days, either party may request non-binding mediation before a mutually agreed mediator in the State of Maryland. Costs of mediation will be shared equally unless otherwise agreed. Mediation is a condition precedent to litigation, except for claims for injunctive or other equitable relief.

13.3  Governing Law and Jurisdiction

This Agreement is governed by the laws of the State of Maryland, without regard to its conflict of law principles. Any dispute not resolved through negotiation or mediation that proceeds to litigation will be subject to the exclusive jurisdiction of the state and federal courts located in Prince George’s County, Maryland, and both parties consent to personal jurisdiction in those courts.

13.4  Exception for Equitable Relief

Nothing in this Section prevents either party from seeking immediate equitable relief — including injunctive relief or specific performance — from a court of competent jurisdiction where necessary to prevent irreparable harm, including but not limited to unauthorized disclosure of Confidential Information or misappropriation of intellectual property.

13.5  Attorneys’ Fees

In any litigation arising from this Agreement, the prevailing party is entitled to recover its reasonable attorneys’ fees and litigation costs from the non-prevailing party, to the extent permitted by applicable law.

14.  General Provisions

14.1  Entire Agreement

These Terms, together with any applicable Engagement Letter, SOW, MSA, NDA, and DPA, constitute the entire agreement between NABAYA and the Client with respect to the subject matter hereof and supersede all prior and contemporaneous negotiations, representations, warranties, and understandings, whether oral or written.

14.2  Amendments

NABAYA reserves the right to update or modify these Terms at any time. Updated Terms will be posted at www.nabayasolutions.com/terms and will become effective thirty (30) days after posting. For active engagement clients, material changes to Terms will be communicated in writing. Continued engagement with NABAYA following the effective date of any update constitutes acceptance of the revised Terms. Amendments to specific Engagement Letters or Statements of Work require written agreement by both parties.

14.3  Severability

If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, that provision will be modified to the minimum extent necessary to make it enforceable or, if modification is not possible, severed from these Terms. The remaining provisions will continue in full force and effect.

14.4  Waiver

No failure or delay by either party in exercising any right, power, or remedy under these Terms will operate as a waiver of that right. A waiver is effective only if made in writing and signed by the waiving party, and applies only to the specific instance described — it does not constitute a general waiver of the same or other rights.

14.5  Force Majeure

Neither party will be liable for any failure or delay in performance caused by circumstances beyond its reasonable control, including but not limited to natural disasters, government actions, acts of terrorism, cyberattacks by third parties on NABAYA’s own infrastructure, labor disputes, pandemics, or failures of third-party infrastructure providers. The affected party must promptly notify the other party of the force majeure event and its expected duration, and will resume performance as soon as reasonably practicable.

14.6  Assignment

The Client may not assign, transfer, delegate, or sublicense any rights or obligations under this Agreement without NABAYA’s prior written consent, which will not be unreasonably withheld. NABAYA may assign this Agreement to an affiliate or in connection with a merger, acquisition, or sale of substantially all of NABAYA’s assets, provided NABAYA gives the Client written notice and the successor entity assumes all of NABAYA’s obligations herein. Any purported assignment in violation of this Section is void.

14.7  Independent Contractor

NABAYA is an independent contractor. Nothing in this Agreement creates an employment relationship, partnership, joint venture, agency, or fiduciary relationship between NABAYA and the Client. NABAYA personnel engaged in service delivery are not employees of the Client and are not entitled to Client employee benefits. NABAYA is solely responsible for its own employment taxes, benefits, and compliance with employment law.

14.8  No Third-Party Beneficiaries

These Terms are for the sole and exclusive benefit of NABAYA and the Client. Nothing in this Agreement, express or implied, is intended to or will confer upon any other person or entity any legal or equitable right, benefit, or remedy of any nature under or by reason of this Agreement.

14.9  Notices

All formal notices under this Agreement must be in writing and delivered by: (i) email with confirmed delivery receipt to the email address specified in the Engagement Letter; (ii) overnight courier; or (iii) certified U.S. mail, return receipt requested, to: