Terms and Conditions of Trade

Introduction

These Terms and Conditions of Trade ("Terms") govern the supply of all products ("Products") and services ("Services") by Hermetrix Technologies APAC Limited ("we", "us", "our") to you ("Customer", "you", "your").

By placing an order for Products or engaging our Services, you agree to be bound by these Terms.

1. Definitions

"CGA"

means the Consumer Guarantees Act 1993.

"Consumer"

means a Customer acquiring Products or Services for personal, domestic, or household use.

"Business Customer"

means a Customer acquiring Products or Services for business purposes.

"Statement of Work" or "SOW"

means a separate written document defining the scope, deliverables, timelines, and fees for Services.

"Confidential Information"

means any non-public information disclosed by one party to the other, whether orally, in writing, or otherwise, that is marked as confidential or would reasonably be understood to be confidential given its nature and the circumstances of disclosure.

2. Anonymity-Focused Engagements

Where you elect to engage us using pseudonymous identifiers, minimal contact details, or privacy-enhancing communication methods, you acknowledge and agree that:

1. We do not require your legal name or identifying information unless necessary to comply with applicable law, taxation, or payment processor requirements;
2. You are responsible for ensuring that any information you provide is sufficient for us to deliver Products or Services;
3. Anonymity choices may limit our ability to verify authority, recover credentials, respond to disputes, or provide certain support functions; and
4. We will not attempt to re-identify you beyond what is strictly necessary to perform our contractual and legal obligations.

3. Supply of Products

3.1 All Product sales are subject to availability.

3.2 Consumer Rights: If you are a Consumer, the guarantees provided by the CGA apply and cannot be excluded or limited.

3.3 Business Customers: If you are a Business Customer, you agree that the provisions of the CGA are excluded pursuant to section 43(2) of the CGA, provided the Products are acquired for business purposes. Any SOW, invoice, or order confirmation may confirm business use.

3.4 Warranty and Proof of Purchase: We will provide reasonable proof of purchase for warranty purposes. Warranty claims require reasonable proof of purchase. We retain only the minimum purchase-related information necessary to meet our obligations under the CGA and these Terms. Unauthorised modification, misuse, or damage may void manufacturer warranties but does not affect statutory rights under the CGA where applicable.

4. Provision of Services

4.1 Our Services include operational security (OPSEC) consultation, privacy-focused technology guidance, and implementation support based on industry-standard principles and practical expertise.

4.2 Nature of Services: Services are advisory in nature and based on recognised security frameworks, industry best practices, and practical experience. Services do not constitute formal security audits, penetration testing, compliance certifications, or legal, regulatory, or financial advice. We are not licensed auditors or legal advisors.

4.3 Scope and Client Responsibility: Services are defined exclusively in the applicable Statement of Work. You retain full responsibility for all decisions regarding your security posture, configurations, and operational use. You acknowledge that anonymity-preserving measures and minimal data disclosure are implemented at your direction and may involve trade-offs in availability, recovery, or support.

4.4 Reasonable Skill and Care: We will perform Services with reasonable skill and care consistent with generally accepted industry standards.

4.5 No Reliance: Services are provided for informational and advisory purposes only. You do not rely on the Services as a substitute for independent technical, legal, compliance, or risk advice. Actions taken based on Services are taken at your own discretion and risk.

4.6 Threat Model Limitations: Any threat modelling or OPSEC guidance is based solely on information you choose to disclose. We are not responsible for risks arising from incomplete, inaccurate, or intentionally withheld information provided in the interest of anonymity.

5. Fees, Payment and Taxes

5.1 Prices are in New Zealand Dollars (NZD) and exclude GST unless stated otherwise.

5.2 Payment for Products is due at the time of order. Payment terms for Services are as specified in the Statement of Work.

5.3 Overdue amounts may incur interest at 1.5 percent per month or part thereof.

5.4 You are responsible for all applicable taxes, duties, or government charges unless expressly agreed otherwise in writing.

6. Intellectual Property

6.1 All pre-existing intellectual property owned by either party remains its sole property.

6.2 All tools, methodologies, frameworks, processes, and know-how used or developed by us remain our intellectual property.

6.3 Client Deliverables Licence: Deliverables created specifically for you are licensed on a non-exclusive, perpetual, non-transferable basis for your internal business use only. This licence survives termination. Redistribution, resale, sublicensing, or public disclosure is prohibited without prior written consent.

6.4 We may use de-identified or anonymised information derived from Services for internal purposes, provided such information cannot reasonably be re-identified and does not reveal the existence, identity, or threat profile of any specific client.

7. Confidentiality

7.1 Each party must keep Confidential Information confidential and not disclose it except with prior written consent or as required by law.

7.2 Confidential Information does not include information that is public through no fault of the receiving party, was lawfully known prior to disclosure, independently developed, or lawfully obtained from a third party.

7.3 Confidentiality obligations survive for three (3) years after termination or completion of Services.

7.4 Upon request following termination, we will securely delete or return Confidential Information, subject to legal retention requirements. We apply strict data minimisation principles.

7.5 Existence of Engagement: Unless required by law, the existence of your engagement with us is treated as Confidential Information.

8. Secure Communication

8.1 Standard email does not provide end-to-end encryption with non-ProtonMail users.

8.2 For sensitive information, PGP encryption is strongly recommended.

8.3 Our public PGP key and fingerprint are available via our website. You are responsible for independent verification. We do not support third-party encryption tools.

8.4 Transmission of information via unencrypted channels carries inherent risk. To the fullest extent permitted by law, we are not responsible for interception or compromise where encryption was not used at your election.

8.5 Where alternative secure communication platforms are requested, we make reasonable efforts to accommodate but do not warrant third-party platform security or availability.

9. Limitation of Liability

9.1 Products (Business Customers): Liability is limited to the price paid for the relevant Product. Indirect or consequential loss is excluded.

9.2 Services: Total aggregate liability is limited to fees paid for the relevant Services in the twelve (12) months preceding the claim, except for fraud, gross negligence, or willful misconduct.

9.3 Excluded Losses: We are not liable for indirect, consequential, special, or punitive damages including loss of profits, data, business interruption, or reputational harm, except where prohibited by law.

9.4 Third-Party Components: We are not responsible for third-party software, hardware, operating systems (including GrapheneOS), applications, or services.

9.5 Security Incidents: No system is immune from attack. We are not liable for losses arising from security incidents, including those related to pseudonymous engagement or data minimisation, except where directly caused by our gross negligence or willful misconduct.

9.6 Liability caps apply notwithstanding any indemnity, to the fullest extent permitted by law.

10. Indemnity

You indemnify and hold harmless Hermetrix Technologies APAC Limited and its personnel from claims, losses, liabilities, costs, and expenses arising from your breach of these Terms, misuse of Products or Services, violation of law or third-party rights, or negligent or wrongful acts in implementing our recommendations.

11. Termination

11.1 Either party may terminate ongoing Services with fourteen (14) days written notice.

11.2 We may terminate immediately for non-payment, material breach, or insolvency.

11.3 Upon termination, outstanding fees become payable immediately. Anonymised records may be retained where required for legal, accounting, or risk obligations, provided they cannot reasonably be linked back to you.

11.4 Termination does not affect accrued rights or obligations.

12. Data Protection

Each party will comply with applicable privacy laws, including the Privacy Act 2020. Where personal information is processed on your behalf, we do so only in accordance with documented instructions and appropriate safeguards, applying strict data minimisation principles.

13. Force Majeure

Neither party is liable for failure or delay caused by events beyond reasonable control. If such events continue for more than sixty (60) days, either party may terminate affected Services.

14. Assignment

Neither party may assign these Terms without consent, except we may assign to an affiliate or in connection with a merger or sale of assets.

15. Dispute Resolution

Disputes will first be negotiated in good faith, then mediated, and if unresolved, submitted to the courts of New Zealand.

16. General

These Terms are governed by New Zealand law. They constitute the entire agreement. Amendments apply prospectively only. Invalid provisions do not affect the remainder. No partnership or agency relationship is created.