Terms & Conditions

1. Introduction

These Terms and Conditions (“Terms”) govern your access to and use of the website located at primesoc.africa and the managed cybersecurity services (“Services”) provided by Primesoc Limited(“Primesoc”, “we”, “us”, or “our”), a company incorporated under the laws of Kenya.

By accessing our website, requesting a consultation, or engaging our Services, you (“Client”, “you”) agree to be bound by these Terms. If you do not agree, please do not use our website or Services.

These Terms are governed by and construed in accordance with the laws of Kenya, including but not limited to:

• The Data Protection Act, 2019 (Cap. 411C)
• The Computer Misuse and Cybercrimes Act, 2018 (No. 5 of 2018)
• The Kenya Information and Communications Act (Cap. 411A)
• The Consumer Protection Act, 2012
• The Law of Contract Act (Cap. 23)

2. Services

Primesoc provides managed cybersecurity services including, but not limited to: Security Operations Centre (SOC) monitoring, Vulnerability Assessment and Penetration Testing (VAPT), Cyber Threat Intelligence (CTI), Governance Risk and Compliance (GRC), and Security Engineering.

The specific scope, deliverables, timelines, and commercial terms for any engagement are defined in a separate Service Level Agreement (SLA) or Statement of Work (SOW) executed by both parties. In the event of a conflict between these Terms and an SLA or SOW, the SLA or SOW shall prevail.

3. Authorisation and Lawful Use

All penetration testing, vulnerability assessments, and active security testing activities are conducted only under explicit written authorisation from the Client. Unauthorised access to computer systems is a criminal offence under Section 16 of the Computer Misuse and Cybercrimes Act, 2018. Primesoc strictly adheres to ethical and legal boundaries in all engagements.

You warrant that you have the legal authority and all necessary permissions to engage Primesoc to test or monitor the systems, networks, and data covered under your engagement. Primesoc accepts no liability for engagements conducted on systems for which the Client lacked proper authorisation.

4. Data Protection and Privacy

Primesoc is committed to full compliance with the Data Protection Act, 2019and the regulations issued thereunder by the Office of the Data Protection Commissioner (ODPC).

In our capacity as a data processor (where applicable), Primesoc will:

• Process personal data only on documented instructions from the Client (data controller).
• Ensure that persons authorised to process personal data are bound by confidentiality obligations.
• Implement appropriate technical and organisational security measures as required under Section 41 of the Data Protection Act.
• Assist the Client in fulfilling its obligations regarding data subject rights (access, rectification, erasure, objection).
• Delete or return all personal data upon termination of the engagement, at the Client's election.
• Make available all information necessary to demonstrate compliance with data protection obligations.

For full details on how we handle personal data collected through our website (contact forms, cookies, analytics), please refer to our Privacy Policy.

5. Confidentiality

Both parties agree to treat as confidential all non-public information received from the other party in connection with the Services (“Confidential Information”). This includes, but is not limited to, security findings, vulnerability reports, network architecture details, credentials, and business information.

Confidentiality obligations survive termination of the engagement for a period of five (5) years, except where disclosure is required by law or regulatory authority. Primesoc will not disclose Client security findings to any third party without prior written consent.

6. Intellectual Property

All proprietary tools, methodologies, processes, frameworks, and software developed or used by Primesoc in delivering Services remain the exclusive intellectual property of Primesoc. Deliverables (reports, documentation) produced specifically for the Client are licensed to the Client for internal use only.

The Primesoc name, logo, and brand assets are registered trademarks. You may not reproduce or use them without prior written permission.

7. Limitation of Liability

To the fullest extent permitted by applicable Kenyan law:

• Primesoc's total aggregate liability arising out of or in connection with any engagement shall not exceed the total fees paid by the Client under the relevant SOW in the twelve (12) months preceding the claim.
• Primesoc shall not be liable for any indirect, incidental, consequential, special, or punitive damages, including but not limited to loss of data, loss of revenue, or business interruption.
• Primesoc does not guarantee that security testing will identify every vulnerability or that security measures will prevent all incidents. Cybersecurity services reduce risk but cannot eliminate it entirely.

8. Indemnification

The Client agrees to indemnify, defend, and hold harmless Primesoc, its officers, employees, and subcontractors from and against any claims, damages, or expenses (including reasonable legal fees) arising from: (a) the Client's breach of these Terms; (b) the Client's lack of proper authorisation for systems tested; or (c) the Client's violation of any applicable law.

9. Payment Terms

Payment terms for Services are set out in the applicable SOW or SLA. Unless otherwise agreed, invoices are due within thirty (30) days of the invoice date. Late payments may attract interest at the rate prescribed under the Central Bank of Kenya Act or as specified in the SOW. Primesoc reserves the right to suspend Services for overdue accounts after providing seven (7) days written notice.

10. Termination

Either party may terminate an engagement by providing written notice as specified in the applicable SOW. Upon termination, the Client remains liable for fees for Services rendered up to the termination date. Primesoc may immediately terminate or suspend Services if the Client breaches these Terms or engages in unlawful conduct.

11. Website Use

Access to primesoc.africa is provided on an “as is” basis. You agree not to:

• Use the website for any unlawful purpose or in contravention of the Computer Misuse and Cybercrimes Act, 2018.
• Attempt to gain unauthorised access to any part of our website, servers, or infrastructure.
• Transmit any malicious code, spam, or unsolicited communications through our contact forms.
• Scrape, harvest, or reproduce website content without express written permission.

12. Incident Reporting

In the event of a personal data breach discovered during the course of our Services, Primesoc will notify the Client without undue delay (and in any event within 72 hours of becoming aware), consistent with obligations under the Data Protection Act, 2019. The Client remains responsible for notifying the Office of the Data Protection Commissioner where required by law.

13. Dispute Resolution

Any dispute arising out of or in connection with these Terms shall first be referred to good-faith negotiation between the parties. If unresolved within thirty (30) days, disputes shall be referred to mediation administered by the Nairobi Centre for International Arbitration (NCIA). If mediation fails, disputes shall be finally resolved by arbitration under the NCIA Rules, with the seat of arbitration in Nairobi, Kenya.

Nothing in this clause prevents either party from seeking urgent injunctive or declaratory relief from the Kenyan courts.

14. Governing Law and Jurisdiction

These Terms are governed by the laws of the Republic of Kenya. Subject to the dispute resolution clause above, both parties submit to the non-exclusive jurisdiction of the courts of Kenya.

15. Amendments

Primesoc reserves the right to amend these Terms at any time. Material changes will be communicated via our website and/or email. Continued use of our Services after the effective date of any change constitutes acceptance of the revised Terms.

16. Contact

For questions regarding these Terms or to report a compliance concern, contact us at: