Terms of Service

Please read these terms carefully before using our website or engaging our services.

Effective Date:March 29, 2026  | Last Updated: March 29, 2026

1. Acceptance of Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Client," "you," or "your") and Sarsa Technology LLC ("Sarsa Technology," "we," "us," or "our"), a cybersecurity consulting firm headquartered in New York, NY.

By accessing or using our website at sarsatechnology.com(the "Site") or engaging our professional services, you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy.

If you do not agree to these Terms, you must not access the Site or use our services. If you are entering into these Terms on behalf of a company or other legal entity, you represent that you have the authority to bind that entity.

2. Description of Services

Sarsa Technology provides cybersecurity consulting services, including but not limited to:

  • Virtual Chief Information Security Officer (vCISO) services
  • Security program development and management
  • Compliance management (SOC 2, ISO 27001, HIPAA, and others)
  • Vendor security questionnaire response
  • Vulnerability assessment and penetration testing (VAPT)

The specific scope, deliverables, timeline, and fees for any engagement will be defined in a separate Statement of Work ("SOW") or service agreement executed by both parties. In the event of a conflict between these Terms and an executed SOW, the SOW will govern with respect to the specific engagement.

3. Client Responsibilities

To enable us to deliver our services effectively, you agree to:

  • Provide timely access to systems, documentation, and personnel reasonably necessary for the performance of services
  • Designate a primary point of contact with sufficient authority to make decisions and provide approvals
  • Ensure that all information provided to us is accurate and complete to the best of your knowledge
  • Obtain any required internal approvals or authorizations before testing or assessment activities commence
  • Comply with all applicable laws and regulations related to your use of our services

Failure to fulfill these responsibilities may affect our ability to deliver services within agreed timelines and may result in additional fees.

4. Confidentiality

Each party acknowledges that, in the course of the engagement, it may receive Confidential Information from the other party. "Confidential Information" means any non-public information disclosed by one party to the other, whether orally, in writing, or electronically, including but not limited to business plans, security architectures, assessment findings, vulnerabilities, customer data, technical documentation, and financial information.

Each party agrees to:

  • Hold the other party's Confidential Information in strict confidence
  • Not disclose Confidential Information to any third party without prior written consent, except as required by law or regulation
  • Use Confidential Information solely for the purpose of fulfilling obligations under the engagement
  • Apply at least the same degree of care to protect Confidential Information as it uses to protect its own confidential information, but in no event less than reasonable care

Confidentiality obligations survive termination of the engagement for a period of three (3) years, except for trade secrets, which remain protected indefinitely.

5. Intellectual Property

All deliverables created specifically for the Client under an executed SOW ("Client Deliverables") — including security policies, risk assessments, compliance documentation, and remediation plans — will be owned by the Client upon full payment of all applicable fees.

Sarsa Technology retains ownership of all pre-existing intellectual property, methodologies, frameworks, templates, tools, and general know-how ("Sarsa IP") used in the delivery of services. To the extent any Sarsa IP is incorporated into Client Deliverables, the Client is granted a non-exclusive, perpetual, non-transferable license to use such Sarsa IP solely in connection with the deliverables provided.

All content on the Site — including text, graphics, logos, and software — is the property of Sarsa Technology or its licensors and is protected by applicable intellectual property laws. You may not reproduce, distribute, or create derivative works from Site content without our prior written consent.

6. Fees and Payment

Fees for services will be set forth in the applicable SOW or service agreement. Unless otherwise specified, invoices are due within thirty (30) days of the invoice date. Late payments may incur interest at a rate of 1.5% per month (or the maximum rate permitted by law, whichever is lower).

We reserve the right to suspend services if payment is more than thirty (30) days overdue, upon fifteen (15) days' written notice. All fees are exclusive of taxes, and the Client is responsible for any applicable taxes, duties, or government-imposed charges.

7. Limitation of Liability

Our services are advisory in nature. While we apply industry best practices and professional diligence, we do not guarantee that your systems will be immune from security incidents, breaches, or compliance failures following our engagement.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SARSA TECHNOLOGY'S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR ANY ENGAGEMENT SHALL NOT EXCEED THE TOTAL FEES PAID BY THE CLIENT TO SARSA TECHNOLOGY DURING THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, BUSINESS OPPORTUNITIES, OR GOODWILL, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE OR WHETHER EITHER PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8. Indemnification

You agree to indemnify, defend, and hold harmless Sarsa Technology, its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising out of or relating to: (a) your breach of these Terms; (b) your use of our services in violation of applicable law; or (c) any third-party claim arising from your failure to implement recommendations provided by Sarsa Technology.

9. Term and Termination

These Terms remain in effect for as long as you use the Site or our services. Either party may terminate a specific engagement as set forth in the applicable SOW. In the absence of termination provisions in the SOW, either party may terminate an engagement upon thirty (30) days' written notice.

Upon termination:

  • The Client will pay for all services rendered through the effective date of termination
  • Each party will return or destroy the other party's Confidential Information upon written request
  • Sections 4 (Confidentiality), 5 (Intellectual Property), 7 (Limitation of Liability), 8 (Indemnification), and 12 (Governing Law) survive termination

We reserve the right to suspend or terminate your access to the Site at any time, without notice, for conduct that we believe violates these Terms or is harmful to other users, us, or third parties.

10. Warranties and Disclaimers

Sarsa Technology warrants that services will be performed in a professional and workmanlike manner consistent with generally accepted industry standards.

EXCEPT AS EXPRESSLY STATED ABOVE, THE SITE AND ALL SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

We do not warrant that the Site will be uninterrupted, error-free, or free of viruses or other harmful components. Content on the Site, including blog articles and resources, is provided for informational purposes only and does not constitute professional advice.

11. Penetration Testing and Assessment Terms

For engagements involving vulnerability assessment or penetration testing, the following additional terms apply:

  • The Client represents that it has the legal authority to authorize testing on all systems and networks in scope
  • Testing will be conducted only within the agreed-upon scope, timeframes, and rules of engagement defined in the SOW
  • Sarsa Technology will exercise reasonable care during testing, but the Client acknowledges that security testing inherently carries a risk of service disruption
  • The Client is solely responsible for maintaining adequate backups of systems and data prior to testing
  • Assessment findings and reports are Confidential Information and must be handled in accordance with Section 4

Sarsa Technology shall not be held liable for any disruptions, outages, or data loss that may occur as a direct result of authorized testing activities, provided that testing was conducted within the agreed scope and in a professional manner.

12. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of laws principles.

Any dispute arising out of or relating to these Terms or our services shall first be submitted to good-faith mediation. If mediation is unsuccessful, the dispute shall be resolved by binding arbitration administered in New York, NY in accordance with the rules of the American Arbitration Association. The prevailing party in any arbitration or legal proceeding shall be entitled to recover its reasonable attorneys' fees and costs.

13. Modifications to These Terms

We reserve the right to update or modify these Terms at any time. Changes will be posted on this page with an updated "Last Updated" date. Your continued use of the Site or our services after any changes constitutes acceptance of the revised Terms. We encourage you to review these Terms periodically.

14. Contact Information

If you have any questions about these Terms, please contact us: