Terms of Service

2.1 What VibeSec Does

VibeSec Advisory provides FORGE Methodology consulting to help knowledge worker teams redesign their business processes for the age of agentic AI. Our Services include:

• FORGE AI Workflow Starter Kit (free downloadable workflow mapping and guardrails resource)
• Advisory Retainers (ongoing monthly advisory access with scheduled sessions)
• Privately scoped Consulting Engagements described in a signed SOW or proposal

2.2 Consulting Relationship

VibeSec acts as an independent advisor to your organization. VibeSec is not your employee, agent, or legal representative. Our recommendations are advisory in nature. You are responsible for making your own business decisions about whether and how to act on our advice, including decisions about AI tool selection, process changes, and security controls.

2.4 Eligibility

Services are available to individuals who are at least 18 years old and to organizations that are legally formed and in good standing. By engaging VibeSec, you represent that you meet these requirements and have authority to enter into this agreement on behalf of your organization.

Intake Description

The FORGE advisory intake is a no-payment form used to collect discovery-call-quality information about your organization, AI tools, process steps, current metric, 90-day target, and likely engagement interest. Submitting an intake does not create a paid engagement, guarantee acceptance, or obligate either party to proceed.

Advisory Nature

Any response, recommendation, or proposed next step based on your intake is advisory in nature. You remain responsible for evaluating, validating, approving, and implementing any process change, AI workflow, guardrail, security control, or business decision before use in your organization.

No Legal, Compliance, or Insurance Advice

FORGE intake review and any related recommendations are not legal advice, compliance advice, insurance advice, or a substitute for advice from your own legal, compliance, security, insurance, or risk advisors.

Client Responsibilities

By submitting an intake, you agree that:

• You will provide accurate information and avoid submitting regulated, confidential, or sensitive information unless it is necessary for review;
• You will not treat intake review as approval to deploy an AI workflow without your own validation and authorization;
• You are responsible for testing any workflow at least 10 times with representative inputs before production use;
• You are responsible for selecting, configuring, approving, and monitoring the AI tools used by your team.

Prior Paid Records

Legacy paid submission, delivery, status, and admin records may remain operational for customers who submitted records before this intake model replaced public low-price checkout. Those legacy records are handled under the terms in effect at the time of purchase and any applicable written agreement.

3.1 Scope of Work

Each Consulting Engagement is governed by a Statement of Work that defines the scope, timeline, Deliverables, and fees. VibeSec will perform the Services described in the SOW using commercially reasonable skill and care. Work outside the agreed scope requires a written change order or new SOW.

3.2 Client Cooperation

Successful delivery depends on your timely cooperation. You agree to:

• Provide accurate and complete information about your organization, workflows, and AI tool usage as reasonably requested;
• Make relevant team members available for async reviews, written clarification, shared documents, and any explicitly approved calls within the agreed timeline;
• Review Deliverables and provide feedback within ten (10) business days of delivery unless otherwise agreed.

3.3 Timeline and Delays

VibeSec will use commercially reasonable efforts to meet the timeline in the SOW. Timelines are estimates, not guarantees. If delays occur due to your unavailability or failure to provide requested information, VibeSec may adjust the timeline accordingly. VibeSec will notify you promptly of any anticipated material delays on our side.

3.4 Revisions

Each Engagement includes one round of revisions to Deliverables based on your feedback. Additional revision rounds may be scoped separately or billed at VibeSec's then-current hourly rate.

4.1 Retainer Scope

Retainer agreements provide ongoing FORGE advisory access on a monthly basis through email, Loom-style recordings, shared docs, and written artifacts. Retainers usually focus on one priority workflow or guardrail problem per month and have a three-month minimum commitment. Calls or live working sessions are not included by default and must be separately approved in writing. The specific scope of each Retainer is defined in the Retainer SOW.

4.2 Monthly Billing

Retainer fees are billed monthly in advance. Each billing cycle runs from the start date to the same date in the following month.

4.3 Retainer Capacity

Retainer capacity is reserved for the current monthly period and does not roll over. Additional requests outside the approved Retainer scope require written approval and may be billed separately at VibeSec's then-current hourly rate.

4.4 Cancellation

Either party may cancel a Retainer with thirty (30) days' written notice after the minimum commitment period. If you cancel during the minimum commitment period, remaining months are due in full. If you cancel after the minimum period, you retain access to Retainer services through the end of the current paid period. No partial refunds are issued for unused portions of a monthly period.

5.1 Fixed-Price Engagements

All Consulting Engagements are fixed-price as specified in the SOW. Unless otherwise agreed in writing:

• Fixed-price Consulting Engagements: 100% due before the engagement begins.
• Milestone engagements: Due according to the payment schedule stated in the signed SOW or proposal.
• Retainers: Monthly in advance, billed on the same date each month.

5.2 Payment Processing

Payments are processed via Stripe invoice or direct bank transfer as specified in your SOW. VibeSec does not store your full credit card number or payment credentials. Your use of Stripe is subject to Stripe's terms of service.

5.3 Late Payment

If a payment is more than fifteen (15) days overdue, VibeSec may pause work on the Engagement until payment is received. VibeSec will notify you by email before pausing work. VibeSec reserves the right to charge interest of 1.5% per month (or the maximum rate permitted by law, whichever is less) on overdue amounts.

5.4 Taxes

All fees are in U.S. Dollars (USD) and do not include applicable sales tax, VAT, or other government-imposed fees, which are your responsibility.

5.5 Expenses

VibeSec does not charge for expenses unless specifically agreed in the SOW. All fees are inclusive of standard operating costs (tools, infrastructure, software licenses). All engagements are delivered remotely unless otherwise specified.

6.1 Deliverable Ownership

Upon full payment, you receive a perpetual, non-exclusive license to use, copy, modify, and distribute the Deliverables for your internal business purposes. This includes sharing Deliverables with your team, board, investors, auditors, insurers, and regulators.

6.2 VibeSec Retains FORGE Framework

VibeSec retains all right, title, and interest in the FORGE Methodology, including the six-pillar framework (Baseline, Skills, Agents, Guardrails, Schedule, and Capture), proprietary templates, assessment tools, and general knowledge developed before or during the Engagement. VibeSec may reuse its general methods, frameworks, and anonymized insights across other client engagements.

6.3 Client Data Ownership

You retain ownership of all information you provide to VibeSec during an Engagement, including your organizational data, workflow documentation, team information, and any materials you share. VibeSec does not claim ownership of your data.

6.4 Restrictions

You may NOT:

• Resell Deliverables or use them as deliverables in a competing consulting service;
• Represent the FORGE framework as your own proprietary methodology;
• Remove VibeSec branding or attribution from Deliverables without written permission.

6.5 Feedback

If you provide feedback, suggestions, or improvement ideas regarding VibeSec's methods or framework, you grant VibeSec a perpetual, irrevocable, royalty-free license to use, modify, and incorporate such feedback without obligation or compensation to you.

7.1 Mutual Confidentiality

During a Consulting Engagement, both parties may share confidential information. "Confidential Information" means any non-public information disclosed by one party to the other, including but not limited to business strategies, workflow details, team structure, technology inventory, AI tool usage, security posture, financial information, and Deliverables.

7.2 Obligations

Each party agrees to:

• Protect the other party's Confidential Information with at least the same care it uses to protect its own confidential information, and no less than reasonable care;
• Use Confidential Information only for the purpose of performing or receiving Services under these Terms;
• Not disclose Confidential Information to third parties without prior written consent, except as permitted below.

7.3 Permitted Disclosures

Confidential Information may be disclosed:

• To employees, contractors, or advisors who need to know and are bound by confidentiality obligations at least as protective as these Terms;
• As required by law, regulation, or court order;
• To VibeSec's professional tools used in delivering the Services (see our Privacy Policy for details on data handling).

7.4 Exceptions

Information is not Confidential Information if it:

• Is or becomes publicly known through no fault of the receiving party;
• Was already known to the receiving party before disclosure;
• Is independently developed by the receiving party without use of the disclosing party's Confidential Information;
• Is rightfully received from a third party without restriction.

7.5 Duration

Confidentiality obligations survive for two (2) years after the conclusion of the Engagement, or for as long as the information remains a trade secret, whichever is longer.

7.6 Client References

VibeSec will not use your name, logo, or identify you as a client in marketing materials without your prior written consent.

8.1 As-Is Services

EXCEPT FOR THE EXPRESS WARRANTY IN SECTION 3.1 (COMMERCIALLY REASONABLE SKILL AND CARE), ALL SERVICES AND DELIVERABLES ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, VIBESEC EXPRESSLY DISCLAIMS:

• THE IMPLIED WARRANTY OF MERCHANTABILITY;
• THE IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE;
• THE IMPLIED WARRANTY OF NON-INFRINGEMENT;
• ANY WARRANTY ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR TRADE USAGE.

8.2 Advisory Nature of Recommendations

VIBESEC'S RECOMMENDATIONS, INCLUDING AGENTIC PROCESS DESIGNS, WORKFLOW REDESIGNS, AI ADOPTION STRATEGIES, GUARDRAILS CONFIGURATIONS, AND SECURITY GUIDANCE, ARE ADVISORY IN NATURE AND BASED ON INFORMATION AVAILABLE AT THE TIME OF THE ENGAGEMENT. VIBESEC DOES NOT GUARANTEE THAT FOLLOWING ITS RECOMMENDATIONS WILL PREVENT SECURITY INCIDENTS, ENSURE REGULATORY COMPLIANCE, OR ACHIEVE ANY PARTICULAR BUSINESS OUTCOME.

8.3 AI Disclaimer

VIBESEC USES ARTIFICIAL INTELLIGENCE TOOLS TO ASSIST WITH ANALYSIS AND DELIVERABLE PREPARATION. AI TECHNOLOGY HAS INHERENT LIMITATIONS INCLUDING BUT NOT LIMITED TO HALLUCINATION, PATTERN MISIDENTIFICATION, AND INABILITY TO UNDERSTAND FULL BUSINESS CONTEXT. VIBESEC APPLIES HUMAN REVIEW TO ALL DELIVERABLES, BUT THIS DOES NOT ELIMINATE THE POSSIBILITY OF AI-RELATED ERRORS.

8.4 Not Legal, Compliance, or Insurance Advice

VIBESEC PROVIDES PROCESS DESIGN AND AI STRATEGY CONSULTING. VIBESEC IS NOT A LAW FIRM, COMPLIANCE AUDITOR, OR INSURANCE ADVISOR. DELIVERABLES THAT REFERENCE COMPLIANCE FRAMEWORKS, REGULATIONS, OR SECURITY STANDARDS ARE PROVIDED FOR INFORMATIONAL PURPOSES AND DO NOT CONSTITUTE LEGAL ADVICE OR COMPLIANCE CERTIFICATION. CONSULT QUALIFIED LEGAL AND COMPLIANCE PROFESSIONALS FOR DEFINITIVE GUIDANCE.

8.5 Jurisdictional Limitations

Some jurisdictions do not allow the exclusion of implied warranties. In such jurisdictions, the above exclusions apply to the maximum extent permitted by applicable law.

9.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL VIBESEC BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO:

• DAMAGES FOR LOSS OF PROFITS, REVENUE, OR BUSINESS OPPORTUNITY;
• DAMAGES FOR LOSS OF DATA OR DATA BREACHES;
• DAMAGES FOR BUSINESS INTERRUPTION OR DOWNTIME;
• DAMAGES FOR SECURITY BREACHES OR CYBERATTACKS THAT OCCUR DESPITE VIBESEC'S RECOMMENDATIONS;
• DAMAGES FOR REGULATORY FINES, PENALTIES, OR COMPLIANCE COSTS;
• DAMAGES FOR LOSS OF GOODWILL OR REPUTATION;
• THIRD-PARTY CLAIMS ARISING FROM YOUR USE OF OR RELIANCE ON DELIVERABLES;

ARISING OUT OF OR RELATED TO THE SERVICES OR ANY DELIVERABLES, REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY (WHETHER IN CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE, OR OTHERWISE), EVEN IF VIBESEC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

9.2 Aggregate Liability Cap

VIBESEC'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR ANY ENGAGEMENT SHALL NOT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY YOU TO VIBESEC FOR THE SPECIFIC ENGAGEMENT GIVING RISE TO THE CLAIM. FOR RETAINER CLIENTS, THE CAP IS THE TOTAL AMOUNT PAID IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

9.3 Insurance Coverage

VibeSec maintains professional liability insurance through Embroker, including:

• Technology Errors & Omissions (E&O) with a $1,000,000 aggregate limit;
• Cyber Liability / Network Security and Privacy Liability with a $1,000,000 aggregate limit;
• AI Coverage Endorsement covering AI-related advisory work.

Insurance coverage does not expand VibeSec's liability beyond the cap in Section 9.2, but provides an additional layer of protection for both parties. Proof of insurance is available upon request.

9.4 Essential Purpose

The limitations in this Section shall apply even if any limited remedy provided herein fails of its essential purpose.

9.5 Jurisdictional Limitations

Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages. In such jurisdictions, VibeSec's liability shall be limited to the maximum extent permitted by applicable law.

9.6 Basis of the Bargain

YOU ACKNOWLEDGE THAT VIBESEC HAS SET ITS FEES AND ENTERED INTO THESE TERMS IN RELIANCE UPON THE WARRANTY DISCLAIMERS AND LIMITATIONS OF LIABILITY SET FORTH HEREIN. THESE DISCLAIMERS AND LIMITATIONS REFLECT A REASONABLE AND FAIR ALLOCATION OF RISK BETWEEN THE PARTIES AND FORM AN ESSENTIAL BASIS OF THE BARGAIN.

10.1 Your Indemnification Obligation

You agree to defend, indemnify, and hold harmless VibeSec from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• Your implementation of VibeSec's recommendations in a manner that causes harm to third parties;
• Your violation of any applicable law, regulation, or third-party right in connection with an Engagement;
• Inaccurate or incomplete information you provide to VibeSec that materially affects the Deliverables.

10.2 VibeSec Indemnification Obligation

VibeSec will defend, indemnify, and hold harmless you from and against any third-party claim that VibeSec's proprietary methods or framework (excluding your data) infringe or misappropriate a valid United States patent, copyright, or trade secret, provided that you give VibeSec prompt notice, reasonable cooperation, and sole control of the defense.

10.3 Indemnification Procedure

The party seeking indemnification must provide prompt written notice of any claim, cooperate with the indemnifying party's defense, and not settle any claim without the indemnifying party's prior written consent if the settlement imposes obligations on the indemnifying party.

11.1 Cancellation Before Work Begins

If you cancel a Consulting Engagement before VibeSec has begun substantive work (within 48 hours of the SOW execution and before any sessions or preparation work), you are entitled to a full refund of any amounts paid.

11.2 Cancellation After Work Begins

If you cancel after VibeSec has begun substantive work, the upfront deposit is non-refundable as it covers work already performed or in progress. You will receive any completed or in-progress Deliverables at the time of cancellation.

11.3 Cancellation by VibeSec

VibeSec may cancel an Engagement if: (a) you fail to provide required cooperation or access for more than fifteen (15) business days after written request; (b) you breach these Terms; or (c) continuing the Engagement would violate applicable law. If VibeSec cancels for convenience (not due to your breach), VibeSec will refund any fees for work not yet performed.

11.4 Session Rescheduling

Advisory delivery is async by default. If a call is separately approved and scheduled, it may be rescheduled once with at least 24 hours' notice. No-shows or cancellations with less than 24 hours' notice are non-refundable.

11.5 Service Defects

If you believe a Deliverable contains material errors or does not conform to the SOW, notify VibeSec in writing within fourteen (14) days of delivery. VibeSec will, at its option, correct the errors or provide a pro-rata refund for the deficient portion. This is your sole remedy for defective Deliverables.

12.1 Effect of Termination

Upon termination of an Engagement or Retainer:

• VibeSec will deliver any completed or substantially completed Deliverables;
• Both parties' confidentiality obligations survive per Section 7.5;
• VibeSec will securely delete or return your Confidential Information within thirty (30) days of your written request;
• Sections 6 (IP), 7 (Confidentiality), 8 (Disclaimers), 9 (Limitation of Liability), 10 (Indemnification), 13 (Governing Law), and 14 (General Provisions) survive termination.

12.2 Data Handling After Engagement

VibeSec retains Engagement files (notes, working documents) for ninety (90) days after the final Deliverable is provided, to support any follow-up questions or revision requests. After 90 days, Engagement files are securely deleted unless you request earlier deletion or agree to extended retention. Financial records (invoices, payment records) are retained as required by applicable tax law.

13.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of laws principles.

13.2 Dispute Resolution

Any dispute arising out of or relating to these Terms or any Engagement shall first be addressed through good-faith negotiation between the parties. If the dispute is not resolved within thirty (30) days, either party may submit the dispute to binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator. The arbitrator's decision shall be final and binding.

13.3 Class Action Waiver

YOU AND VIBESEC AGREE THAT EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION.

13.4 Exceptions

Either party may seek injunctive or equitable relief in any court of competent jurisdiction to prevent infringement or violation of intellectual property rights or breach of confidentiality obligations.

13.5 Small Claims

Either party may bring an individual action in small claims court for disputes within the court's jurisdictional limits.

14.1 Entire Agreement

These Terms, together with the Privacy Policy and any applicable SOW, constitute the entire agreement between you and VibeSec regarding the Services. In the event of a conflict between these Terms and a SOW, the SOW controls for that specific Engagement.

14.2 Modification

VibeSec may update these Terms at any time by posting revised Terms at vibesecadvisory.com/terms with a new "Last Updated" date. Changes apply to Engagements entered into after the effective date of the update. Ongoing Engagements continue under the Terms in effect at the time the SOW was signed.

14.3 Severability

If any provision of these Terms is held invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable, or if modification is not possible, shall be severed. The remaining provisions continue in full force and effect.

14.4 Waiver

The failure of VibeSec to enforce any provision of these Terms shall not constitute a waiver of that provision. A waiver is effective only if in writing and signed by VibeSec.

14.5 Assignment

You may not assign or transfer these Terms or any SOW without VibeSec's prior written consent. VibeSec may assign these Terms in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets.

14.6 Force Majeure

Neither party shall be liable for any delay or failure to perform resulting from causes outside its reasonable control, including acts of God, natural disasters, pandemic, war, terrorism, labor disputes, government actions, internet or infrastructure failures, or third-party service outages.

14.7 Notices

Notices to VibeSec must be sent to [email protected]. Notices to you will be sent to the email address in your SOW. Email notices are deemed received upon transmission.

14.8 Independent Contractor

VibeSec is an independent contractor, not an employee, partner, or joint venturer of yours. Nothing in these Terms creates an employment, agency, or partnership relationship.

14.9 Headings

Section headings are for convenience only and do not affect the interpretation of these Terms.

14.10 No Third-Party Beneficiaries

These Terms are between you and VibeSec only. No third party has any rights under these Terms.