Terms of Service

Name: SecureAZ
Address: 19 Como Street, Takapuna, Auckland, 0622, NZ
Telephone: 0800 001 136

Last Updated: 4 April 2026

Welcome to SecureAZ. Please read these Terms of Service (“Terms”) carefully before using any website, platform, or service operated by SecureAZ Limited (“SecureAZ”, “we”, “us”, or “our”), including:

The SecureAZ marketing and information website located at https://secureaz.co.nz (the “Website”); and

The SecureAZ customer application platforms located at https://app.secureaz.co.nz and https://app.secureaz.com (the “App”),

(collectively referred to as the “Platforms”).

By accessing or using the Platforms or any SecureAZ service, you (“User”, “you”, or “your”) agree to be legally bound by these Terms in their entirety. If you do not agree, you must immediately cease use of the Platforms and all SecureAZ services.

These Terms govern all services provided by SecureAZ, including but not limited to cyber awareness training, phishing simulation campaigns, penetration testing, cyber health assessments, and the App platform (collectively, “Services”). These Terms constitute a binding legal agreement governed by the laws of New Zealand.

1. Company Information

SecureAZ Limited is incorporated and legally based in New Zealand and provides cybersecurity services to clients in New Zealand and internationally.

Registered Contact:

Email: [email protected]

Phone: 0800 001 136

Hours: Monday to Friday, 8AM to 6PM (NZST)

Website: https://secureaz.co.nz

App Platforms: https://app.secureaz.co.nz and https://app.secureaz.com

2. Acceptance of Terms

By using the Platforms, you confirm that:

You are at least 18 years of age, or are accessing the Platforms under the supervision of a parent or legal guardian who agrees to these Terms;

You have the legal capacity and authority to enter into this agreement;

If acting on behalf of an organisation (“Client Organisation”), you have full authority to bind that organisation to these Terms and to authorise the Services described herein, including phishing simulations conducted against employees of that organisation; and

Your use of the Platforms and Services complies with all applicable laws and regulations in New Zealand and any jurisdiction in which your organisation operates.

3. Licence to Use the Platforms

SecureAZ grants you a limited, revocable, non-exclusive, non-transferable licence to access and use the Platforms solely for lawful personal or business purposes in accordance with these Terms.

You must not:

Reproduce, copy, redistribute, republish, download, transmit, or otherwise exploit any part of the Platforms without prior written consent from SecureAZ;

Use the Platforms for any unlawful, fraudulent, or malicious purpose;

Attempt to gain unauthorised access to any part of the Platforms, servers, or network infrastructure;

Introduce viruses, malware, or any other harmful code;

Reverse engineer, decompile, disassemble, or otherwise attempt to derive source code from the App;

Scrape, harvest, or mine data from the Platforms using automated means without express written consent;

Resell, sublicence, or otherwise commercialise access to the App without written agreement;

Use credentials belonging to another user to access the App;

Share login credentials with unauthorised parties;

Impersonate SecureAZ, its employees, or any other person or entity; or

Engage in any conduct that could damage, disable, overburden, or impair the Platforms.

SecureAZ reserves the right to revoke this licence and suspend or terminate your access at any time, without notice, for any breach of these Terms.

4. App Platform — User Accounts

4.1 Account Registration

Access to the App at https://app.secureaz.co.nz and https://app.secureaz.com requires registration of a user account. You agree to:

Provide accurate, current, and complete information during registration and keep it updated;

Maintain the confidentiality of your login credentials and not share them with any third party;

Notify SecureAZ immediately at [email protected] if you suspect any unauthorised access to your account; and

Accept responsibility for all activity conducted through your account, whether or not authorised by you.

4.2 Account Security

SecureAZ implements reasonable technical and organisational security measures to protect the App. However, you acknowledge that:

No system is completely secure and SecureAZ cannot guarantee the absolute security of your account or data;

You are responsible for maintaining appropriate security practices on your end, including using strong passwords and enabling any multi-factor authentication features offered; and

SecureAZ is not liable for any loss or damage arising from your failure to maintain the security of your credentials.

4.3 Suspension and Termination of Accounts

SecureAZ may suspend or terminate your account and access to the App at any time, with or without notice, if:

You breach these Terms;

Your subscription or payment lapses;

SecureAZ reasonably suspects fraudulent or unlawful activity on your account; or

SecureAZ discontinues the App or any feature thereof.

Upon termination, your right to access the App ceases immediately. SecureAZ will retain data in accordance with its Privacy Policy and applicable law.

5. Services — Cyber Awareness Training

5.1 Nature of Training Services

SecureAZ provides cyber awareness training content and courses through the App and associated platforms. You acknowledge that:

Training content is provided for educational purposes and reflects SecureAZ’s understanding of current cybersecurity risks and best practices at the time of publication;

Cybersecurity threats evolve rapidly and training content may not reflect the latest threats at all times;

Completion of training does not guarantee that employees or users will not fall victim to cyberattacks; and

SecureAZ is not responsible for any security incident that occurs despite completion of training by employees or users.

5.2 Client Responsibilities for Training

If you are deploying training on behalf of a Client Organisation, you warrant that:

You have obtained all necessary consents, authorisations, and approvals required under applicable employment agreements, privacy laws, and workplace policies before deploying training to employees or third parties;

You have notified employees or participants of monitoring or tracking associated with training completion to the extent required by law;

You will not use training results or completion data to unlawfully disadvantage, discipline, or dismiss employees without proper process; and

SecureAZ bears no responsibility for any employment, legal, or regulatory consequences arising from your use of training data or results.

6. Services — Phishing Simulations

6.1 Nature of Phishing Simulation Services

SecureAZ provides phishing simulation services, which involve sending simulated (non-malicious) phishing emails and other social engineering communications to employees or users of Client Organisations for the purpose of measuring and improving security awareness (“Simulations”).

You understand and agree that:

Simulations are designed to mimic real-world phishing attacks and will be indistinguishable from genuine phishing attempts to recipients;

SecureAZ acts solely as a service provider executing Simulations on your instruction and with your authorisation;

SecureAZ does not independently target, contact, or collect data from individuals — all Simulations are conducted strictly within the scope authorised by the Client Organisation; and

SecureAZ is not responsible for the reaction, distress, complaints, or conduct of any employee or recipient of a Simulation.

6.2 Client Authorisation and Legal Responsibility

BY REQUESTING PHISHING SIMULATION SERVICES, YOU WARRANT AND REPRESENT THAT:

You are a duly authorised representative of the Client Organisation and have full legal authority to authorise the sending of simulated phishing communications to employees, contractors, and/or other individuals within the scope agreed;

You have obtained all necessary internal approvals, including from executive leadership, HR, legal, and any applicable works councils, unions, or employee representatives, as required by your organisation’s policies and applicable law;

The Simulations will only target individuals within the agreed scope and you will not expand the target list without prior written approval from SecureAZ;

You have reviewed and complied with all applicable New Zealand laws, including the Harmful Digital Communications Act 2015, the Privacy Act 2020, and the Unsolicited Electronic Messages Act 2007, and any other relevant legislation, in authorising Simulations;

You accept full legal responsibility for ensuring that Simulations are conducted in a lawful manner within your organisation; and

SecureAZ shall not be liable for any claim, complaint, regulatory action, employment dispute, or legal proceeding brought by any employee, contractor, or third party arising from or in connection with Simulations conducted under your authorisation.

6.3 Employee Complaints and Distress

You acknowledge that phishing simulations can cause stress, embarrassment, or distress to recipients, particularly those who interact with a simulated phishing communication. You agree that:

SecureAZ bears no liability whatsoever for any psychological distress, emotional harm, reputational impact, or adverse consequences experienced by any employee or recipient arising from a Simulation;

Any employee complaints, grievances, or legal claims arising from Simulations are your sole responsibility to manage and respond to;

You will implement appropriate policies and communications within your organisation to manage employee expectations and responses to Simulations; and

SecureAZ recommends (but does not require) that you inform employees in general terms that security testing may occur, without disclosing specific timing or methods.

6.4 Simulation Scope and Accuracy

You acknowledge that:

SecureAZ will conduct Simulations strictly within the agreed scope, targeting only the domains, email addresses, and individuals specified by you;

SecureAZ is not responsible for Simulation emails that are blocked, filtered, delayed, or not delivered by your email infrastructure or third-party email security tools;

Simulation results, click rates, and reporting data are indicative only and subject to technical limitations including email filtering, caching, auto-preview opens, and other variables beyond SecureAZ’s control;

Simulation results do not constitute a comprehensive security audit and should not be relied upon as the sole measure of your organisation’s phishing resilience; and

SecureAZ makes no warranty that Simulations will accurately replicate every real-world phishing technique or that results will predict actual susceptibility to genuine phishing attacks.

6.5 No Misuse of Simulation Infrastructure

SecureAZ’s phishing simulation infrastructure is provided exclusively for legitimate security awareness purposes. You must not:

Use SecureAZ’s infrastructure or Services to send unsolicited, malicious, or deceptive communications outside the agreed Simulation scope;

Attempt to use simulation templates, domains, or sending infrastructure for any purpose other than authorised Simulations;

Misrepresent simulation results to employees, regulators, insurers, or third parties; or

Use Simulation data to unfairly target, discipline, or disadvantage specific employees without proper process.

Any misuse of SecureAZ’s simulation infrastructure will result in immediate termination of Services and may be reported to relevant authorities.

6.6 Regulatory and Insurance Compliance

You acknowledge that:

SecureAZ’s phishing simulation services may be used to support cyber insurance applications and compliance requirements, but SecureAZ makes no warranty that use of its Services will satisfy any specific regulatory, insurance, or compliance obligation;

You are responsible for verifying with your insurer, regulator, or compliance team whether SecureAZ’s Services meet your specific requirements; and

SecureAZ is not responsible for any failure to obtain, maintain, or comply with insurance coverage or regulatory requirements.

7. Fees and Payment

7.1 Fees

Fees payable for the Services are as set out in the applicable proposal, quote, order form, or subscription page provided by SecureAZ. Unless otherwise agreed in writing, all fees are stated in New Zealand Dollars (NZD) and are exclusive of GST, which will be added where applicable.

7.2 Invoicing and Payment Terms

Unless otherwise agreed in writing, invoices are due for payment within fourteen (14) days of the date of invoice. SecureAZ may charge interest on overdue amounts at a rate of 1.5% per month or the maximum rate permitted by law, whichever is lower.

7.3 Suspension for Non-Payment

SecureAZ may suspend access to the Platforms and Services, in whole or in part, if any invoice remains unpaid for more than seven (7) days after the due date. SecureAZ will use reasonable efforts to notify you before suspending access. Suspension does not relieve you of the obligation to pay outstanding amounts.

7.4 Non-Refundable Fees

All fees paid to SecureAZ are non-refundable except where required by applicable law, including the Consumer Guarantees Act 1993 (where it applies).

7.5 Subscription Renewal

Annual subscriptions to the Services will automatically renew for successive twelve-month periods unless either party provides written notice of cancellation at least thirty (30) days prior to the end of the current subscription period. SecureAZ will make reasonable efforts to notify you in advance of upcoming renewals.

8. Free Cyber Health Check Tool

SecureAZ may offer a free cyber health check tool (“Tool”) via the Platforms. By using the Tool:

You consent to SecureAZ using your name, email address, and contact information to contact you regarding Services and cybersecurity information;

You acknowledge that results generated by the Tool are indicative only and do not constitute a comprehensive security assessment or guarantee of security;

You agree that SecureAZ shall not be liable for any decisions made in reliance on the Tool’s output;

You warrant that any information you provide is accurate, current, and complete; and

The Tool is provided free of charge and on an “as is” basis with no warranty of any kind.

9. Data Collected Through the Services

9.1 Simulation Data

In the course of providing phishing simulation services, SecureAZ will collect and process data relating to recipient interactions with Simulations, including click rates, credential submission events, and training completion (“Simulation Data”). You acknowledge that:

Simulation Data is collected on your behalf and remains your responsibility as data controller under the New Zealand Privacy Act 2020;

SecureAZ acts as a data processor in relation to Simulation Data and will process it only in accordance with your instructions and these Terms;

You are responsible for ensuring that the collection and use of Simulation Data complies with applicable privacy laws and your organisation’s privacy obligations; and

SecureAZ will retain Simulation Data for a period consistent with its Privacy Policy and will delete it upon request or upon termination of Services, subject to any legal retention obligations.

9.2 Personal Information

SecureAZ collects personal information in connection with your use of the Platforms and Services, including names, email addresses, phone numbers, organisation details, and App usage data. All personal information is handled in accordance with SecureAZ’s Privacy Policy (available at https://secureaz.co.nz/privacy-policy) and the New Zealand Privacy Act 2020.

9.3 Privacy Policy Incorporation

Your use of the Platforms and Services is also governed by SecureAZ’s Privacy Policy (available at https://secureaz.co.nz/privacy-policy), which is incorporated into these Terms by reference. In the event of any conflict between these Terms and the Privacy Policy regarding the handling of personal information, these Terms shall prevail.

9.4 Overseas Data Storage and Processing

You acknowledge and consent to the fact that SecureAZ and its service providers may store and process information, including personal information and Simulation Data, in countries outside New Zealand, including through third-party cloud hosting providers. SecureAZ will use reasonable safeguards to protect the security and confidentiality of data stored or processed overseas, consistent with the New Zealand Privacy Act 2020 and its Privacy Policy.

10. User Obligations and Prohibited Conduct

In addition to obligations set out elsewhere in these Terms, you must not:

Use the Platforms or Services to harass, threaten, or harm any individual or organisation;

Infringe any intellectual property rights of SecureAZ or any third party;

Violate any applicable laws, including privacy, employment, data protection, and electronic communications laws;

Circumvent or attempt to circumvent any security or access controls on the Platforms;

Use the App in any way that imposes an unreasonable or disproportionately large load on SecureAZ’s infrastructure; or

Engage in any activity that, in SecureAZ’s sole discretion, is harmful to the Platforms, Services, or other users.

11. Uploaded Content

Where you upload, submit, or provide any content to the Platforms, including but not limited to employee lists, CSV files, logos, images, phishing templates, or other materials (“Uploaded Content”), you warrant and represent that:

You own or have all necessary rights, licences, and permissions to use and provide the Uploaded Content;

The Uploaded Content does not infringe the intellectual property rights, privacy rights, or any other rights of any third party;

The Uploaded Content does not contain any unlawful, defamatory, obscene, or otherwise objectionable material; and

You grant SecureAZ a non-exclusive, royalty-free licence to use the Uploaded Content solely for the purpose of providing the Services to you.

SecureAZ reserves the right to remove or disable access to any Uploaded Content that it reasonably considers to be unlawful, infringing, or otherwise inappropriate, without prior notice.

12. Marketing and Communications

By using the Platforms or submitting your contact details, you consent to receiving marketing communications from SecureAZ. You may opt out at any time by:

Clicking the unsubscribe link in any marketing email; or

Emailing [email protected] with your opt-out request.

Opting out of marketing does not affect transactional or service-related communications.

13. Intellectual Property

All content on the Platforms, including but not limited to text, graphics, logos, icons, training content, simulation templates, software, and data, is the property of SecureAZ Limited or its licensors and is protected by New Zealand and international intellectual property laws.

Nothing in these Terms grants you any right, title, or interest in SecureAZ’s intellectual property. You must not use any SecureAZ trade marks, logos, or branding without prior written consent.

Any feedback, suggestions, or ideas provided to SecureAZ may be used by SecureAZ without restriction or compensation.

14. Non-Binding Representations

Unless expressly agreed in writing, all descriptions, demonstrations, marketing materials, pricing examples, proposals, and statements regarding the Services are illustrative only and do not form a binding commitment. The specific terms and scope of any engagement shall be as set out in a signed order form, statement of work, proposal, or other written agreement between you and SecureAZ.

15. Service Availability

SecureAZ does not guarantee any minimum level of uptime, availability, or response time for the Platforms or Services unless expressly agreed in a separate written service level agreement.

You acknowledge that:

The Platforms may be subject to scheduled and unscheduled maintenance windows, during which access may be limited or unavailable;

Features, functionality, or components of the Platforms and Services may be changed, updated, or discontinued at SecureAZ’s discretion with reasonable notice where practicable; and

SecureAZ will use reasonable efforts to minimise disruption but accepts no liability for any downtime, interruption, or service degradation except as required by law.

16. Beta and Preview Features

SecureAZ may from time to time make beta, preview, or experimental features available through the Platforms (“Beta Features”). You acknowledge that:

Beta Features are provided “as is” and “as available” without warranties of any kind;

Beta Features may contain errors, bugs, or defects and may not function as intended;

SecureAZ may change, suspend, or withdraw Beta Features at any time without notice; and

Beta Features are excluded from any service commitments, service level agreements, warranties, or indemnities under these Terms.

Your use of Beta Features is entirely at your own risk.

17. Disclaimer of Warranties

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

The Platforms and all Services are provided on an “AS IS” and “AS AVAILABLE” basis without warranties of any kind, express or implied;

SecureAZ does not warrant that the Platforms or App will be uninterrupted, error-free, virus-free, or secure at all times;

SecureAZ does not warrant the accuracy, reliability, completeness, or currency of any content on the Platforms;

SecureAZ does not warrant that phishing simulations will be delivered successfully to all intended recipients, or that simulation results will accurately reflect real-world susceptibility;

SecureAZ does not warrant that training or simulations will prevent any security incident, data breach, or cyberattack;

SecureAZ does not warrant that use of its Services will satisfy any regulatory, insurance, or compliance requirement; and

Any reliance on information, results, or recommendations from the Platforms or Services is entirely at your own risk.

Nothing in these Terms excludes warranties implied by the Consumer Guarantees Act 1993 (NZ) that cannot lawfully be excluded.

Consumer Guarantees Act 1993 — Contracting Out

Where the Services are acquired for business purposes (as defined in the Consumer Guarantees Act 1993), the parties agree that the Consumer Guarantees Act 1993 does not apply to the supply of the Services to the maximum extent permitted by law.

18. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, SECUREAZ AND ITS DIRECTORS, EMPLOYEES, AGENTS, AND AFFILIATES SHALL NOT BE LIABLE FOR:

Any direct, indirect, incidental, special, consequential, punitive, or exemplary damages;

Loss of profits, revenue, data, goodwill, or business opportunity;

Any security incident, data breach, or cyberattack that occurs despite the use of SecureAZ Services;

Employee complaints, grievances, claims, or legal proceedings arising from phishing simulations or training conducted under your authorisation;

Regulatory fines, penalties, or enforcement actions arising from your use of the Services;

Any failure of phishing simulation emails to be delivered, opened, or tracked due to technical limitations;

Damages arising from unauthorised access to or alteration of your account or data;

Any third-party conduct or content accessible via the Platforms; or

Any interruption, suspension, or cessation of the Platforms or App,

arising from or in connection with your use of the Platforms or Services, even if SecureAZ has been advised of the possibility of such damages.

Where liability cannot be excluded by law, SecureAZ’s total aggregate liability is limited to the greater of: (a) NZD $100; or (b) the total fees paid by you to SecureAZ in the 12 months immediately preceding the claim.

19. Indemnification

You agree to indemnify, defend, and hold harmless SecureAZ Limited and its directors, officers, employees, agents, contractors, and licensors from and against any claims, liabilities, damages, losses, penalties, fines, costs, and expenses (including reasonable legal fees) arising from or related to:

Your use of or inability to use the Platforms or Services;

Your breach of these Terms;

Your violation of any applicable law or regulation, including privacy, employment, and electronic communications laws;

Any claim by an employee, contractor, or third party arising from a phishing simulation or training programme conducted under your authorisation;

Your failure to obtain necessary consents and authorisations before deploying Services;

Your violation of any third-party rights; or

Any content or information you submit to SecureAZ.

20. Cybersecurity Disclaimer

You acknowledge that:

No cybersecurity product, training programme, or phishing simulation can guarantee complete protection against all threats;

The cybersecurity threat landscape evolves constantly and new attack techniques may emerge that are not covered by SecureAZ’s Services;

SecureAZ’s Services are intended to improve security awareness and posture, not to replace your organisation’s internal security policies, controls, incident response plans, or professional security advice;

A high phishing simulation click rate does not necessarily indicate negligence, and a low click rate does not guarantee immunity from real phishing attacks; and

SecureAZ is not responsible for any security incident, data breach, ransomware attack, or loss that occurs regardless of whether you have used SecureAZ Services.

21. Third-Party Links and Services

The Platforms may contain links to third-party websites or services. SecureAZ does not endorse, control, or assume responsibility for third-party content, privacy policies, or practices. You access third-party websites entirely at your own risk.

22. Confidentiality

Each party agrees to keep confidential any non-public information disclosed by the other party that is designated as confidential or that reasonably should be understood to be confidential (“Confidential Information”), and not to use it for any purpose other than performing under these Terms.

This obligation does not apply to information that: (a) is or becomes publicly known through no fault of the receiving party; (b) was already known to the receiving party; (c) is disclosed with prior written approval; or (d) must be disclosed by law, regulation, or court order.

Notwithstanding the above, SecureAZ may use aggregated, de-identified data derived from use of the Services for benchmarking, product improvement, and research purposes, provided that no individual or organisation is identifiable from such data.

23. Termination

SecureAZ may suspend or terminate your access to the Platforms and Services immediately and without notice in the event of:

Material breach of these Terms;

Unlawful conduct or conduct that poses a security risk to the Platforms, other users, or third parties;

Non-payment of fees after notice has been provided under Section 7.3; or

Fraudulent or abusive use of the Platforms or Services.

For any other reason, SecureAZ will provide reasonable notice (not less than seven (7) days) where practicable before suspending or terminating access.

Upon termination: (a) your licence to use the Platforms ceases immediately; (b) you must cease all use of SecureAZ’s intellectual property; and (c) Sections 7, 13, 17, 18, 19, 20, 22, and 25 survive termination.

24. Changes to These Terms

SecureAZ may modify these Terms at any time. Changes take effect upon posting to the Platforms. The “Last Updated” date reflects when changes were last made.

Your continued use of the Platforms or Services after changes are posted constitutes acceptance of the revised Terms. For material changes, SecureAZ will make reasonable efforts to notify registered users by email or prominent notice on the Platforms.

25. Governing Law and Dispute Resolution

25.1 Governing Law

These Terms are governed exclusively by the laws of New Zealand. The New Zealand courts shall have exclusive jurisdiction over any dispute arising from or in connection with these Terms or the Services.

25.2 Dispute Resolution

In the event of a dispute, the parties agree to:

First attempt resolution by good-faith negotiation between senior representatives within 14 days of written notice;

If negotiation fails, submit to mediation in New Zealand administered by a mutually agreed mediator; and

If mediation fails, submit to the exclusive jurisdiction of the courts of New Zealand.

25.3 Class Action Waiver

To the extent permitted by law, you waive any right to bring or participate in a class action or class-wide proceeding against SecureAZ.

26. General Provisions

26.1 Entire Agreement

These Terms, together with SecureAZ’s Privacy Policy and any applicable service agreements, order forms, or statements of work, constitute the entire agreement between you and SecureAZ and supersede all prior agreements and understandings on the subject matter.

26.2 Order of Precedence

In the event of any conflict or inconsistency between documents forming part of the agreement between you and SecureAZ, the following order of precedence shall apply (highest priority first):

Signed Statement of Work or Order Form;

Master Services Agreement (if any);

These Terms of Service;

SecureAZ’s Privacy Policy; and

Website content and marketing materials (for reference only and not binding).

26.3 Severability

If any provision of these Terms is found to be unlawful, void, or unenforceable, that provision will be severable and will not affect the validity of the remaining provisions.

26.4 No Waiver

SecureAZ’s failure to exercise or enforce any right or provision does not constitute a waiver of that right or provision.

26.5 Assignment

You may not assign or transfer any rights or obligations under these Terms without SecureAZ’s prior written consent. SecureAZ may freely assign its rights and obligations.

26.6 Force Majeure

SecureAZ will not be liable for any failure or delay in performance resulting from causes beyond its reasonable control, including but not limited to acts of God, natural disasters, pandemics, cyberattacks on SecureAZ’s own infrastructure, power failures, or government actions.

26.7 Electronic Communications

You consent to receive communications from SecureAZ electronically. All agreements, notices, and disclosures provided electronically satisfy any legal requirement that such communications be in writing.

27. Contact Us

For any questions, concerns, or complaints about these Terms or SecureAZ’s practices:

Email: [email protected]

Phone: 0800 001 136

Hours: Monday to Friday, 8AM to 6PM (NZST)

Website: https://secureaz.co.nz/contact