Terms of Service

These Terms of Service ('Terms') constitute a legally binding agreement between you and Kernova Security Ltd. ('Kernova,' 'we,' 'us,' or 'our'), a company registered in England and Wales. By accessing kernova.io or engaging Kernova for cybersecurity services, you agree to be bound by these Terms.

If you are accessing our services on behalf of an organization, you represent that you have authority to bind that organization to these Terms. References to 'you' or 'Client' include both individual users and the organizations they represent.

Kernova provides cybersecurity services including penetration testing, compliance consulting (NIS2, PCI DSS, ISO 27001, GDPR), cloud security posture management, managed detection and response, threat intelligence, and security training. The specific scope, deliverables, timelines, and fees for each engagement are defined in a separate Statement of Work or Master Services Agreement.

Our website at kernova.io is provided for informational purposes and to facilitate engagement inquiries. Use of the site does not constitute a contractual relationship for the delivery of security services — that requires a signed commercial agreement.

We reserve the right to modify, suspend, or discontinue any aspect of our website or service offerings at any time with reasonable notice.

You may use kernova.io only for lawful purposes and in accordance with these Terms. You agree not to: use the site in any way that violates applicable laws or regulations; submit false or misleading information through our contact forms; attempt to gain unauthorized access to any part of our systems or infrastructure; use automated tools to scrape, crawl, or extract content from our site; or engage in any conduct that restricts or inhibits anyone's use of the site.

Kernova's security services — including penetration testing and red team exercises — are authorized security assessments conducted under signed scope agreements. Any unauthorized attempt to replicate, extend, or apply these techniques outside the agreed scope is strictly prohibited and may constitute a criminal offence under the Computer Misuse Act 1990 (UK) or equivalent legislation.

All content on kernova.io — including text, graphics, the Kernova logo, design elements, and code — is owned by or licensed to Kernova and is protected by intellectual property laws. You may not reproduce, distribute, modify, or create derivative works without our express written permission.

Security assessment reports, compliance deliverables, and other work product produced under a signed client engagement are subject to the intellectual property terms of that specific agreement. Unless otherwise agreed, Kernova retains ownership of methodologies, tools, and frameworks used to produce deliverables, while clients receive a license to use the deliverables themselves.

The Kernova name, logo, and brand marks are trademarks of Kernova Security Ltd. Use of these marks without written authorization is prohibited.

Kernova treats all client information — including technical infrastructure details, vulnerability findings, business processes, and commercial terms — as strictly confidential. We maintain industry-standard confidentiality practices and our personnel are bound by non-disclosure obligations.

Security assessment findings, including identified vulnerabilities, are delivered exclusively to authorized client contacts and are never disclosed to third parties without written client consent, except where required by law or where the vulnerability poses imminent risk to critical national infrastructure.

Clients engaging Kernova agree to treat Kernova's methodologies, tooling, pricing, and proprietary processes as confidential commercial information.

To the fullest extent permitted by applicable law, Kernova's total liability arising from or related to these Terms or any security engagement shall not exceed the fees paid by the client for the specific engagement giving rise to the claim in the twelve months preceding the claim.

Kernova shall not be liable for any indirect, incidental, special, consequential, or punitive damages — including loss of revenue, loss of data, or business interruption — even if we have been advised of the possibility of such damages.

Nothing in these Terms limits or excludes liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by English law.

Penetration testing and red team engagements carry inherent risk. Clients accept that authorized security testing may cause temporary service disruption or system instability, and Kernova's liability for such effects is limited to those arising from gross negligence or wilful misconduct outside the agreed scope.

Kernova warrants that its services will be performed with reasonable skill and care by qualified security professionals. We do not warrant that our services will identify every security vulnerability or that our recommendations will render your systems impenetrable.

The website and its content are provided 'as is' without warranties of any kind, express or implied, including but not limited to merchantability, fitness for a particular purpose, or non-infringement. Security threat intelligence and blog content represent our analysis at the time of publication and may become outdated.

We do not guarantee the availability of our website and accept no liability for downtime, data loss caused by technical failures, or inaccuracies in publicly available content.

Either party may terminate a services engagement in accordance with the termination provisions of the applicable Statement of Work or Master Services Agreement. These Terms governing website use remain in effect indefinitely.

We reserve the right to terminate or restrict your access to kernova.io immediately and without notice if we determine that you have violated these Terms or applicable law.

Upon termination of a services engagement, provisions relating to intellectual property, confidentiality, limitation of liability, and governing law shall survive.

These Terms are governed by and construed in accordance with the laws of England and Wales. Any dispute arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Before initiating formal proceedings, parties agree to attempt good-faith resolution through direct negotiation for a period of 30 days. If unresolved, either party may refer the matter to mediation before the Centre for Effective Dispute Resolution (CEDR) as a non-binding step prior to litigation.

We may revise these Terms from time to time. Material changes will be communicated via a notice on our website at least 14 days before they take effect. Your continued use of kernova.io after the effective date constitutes acceptance of the revised Terms.

For active service engagements, changes to Terms will not retroactively affect the governing terms of a signed Statement of Work unless both parties agree in writing.