SKUNKWORK™ + SKUNKHOST™ — Full Terms, Conditions & SLA

1.1 Parties and trading names

(a) This Agreement is made between:

(i) SKUNKWORK GROUP LTD (Company No. 16541413), registered in England and Wales, with its principal office at 50 Darnley Street, Gravesend, Kent, DA11 0PH, United Kingdom (the “Company”, “we”, “us”, “our”); and

(ii) the person or entity purchasing, subscribing to, accessing, or using any Services (the “Client”, “you”, “your”).

(b) “SKUNKWORK™” and “SKUNKHOST™” are trading names and service brands operated by the Company. Any reference to SKUNKWORK™ or SKUNKHOST™ is a reference to the Company unless expressly stated otherwise.

(c) This is a single combined contract for SKUNKWORK™ and SKUNKHOST™ services. Unless a director of the Company expressly agrees in writing, no separate or conflicting terms apply.

1.2 Acceptance and contract formation

(a) This document (including all Schedules and documents incorporated by reference) is the “Agreement”.

(b) You accept and agree to be legally bound by this Agreement when you do any of the following:

(i) place an order through the Client Portal;

(ii) pay an invoice;

(iii) access or use any Services, systems, or tooling;

(iv) submit a Ticket or otherwise request work; or

(v) permit or request the Company to access your systems, hosting, website(s), or third-party accounts.

(c) No signature is required. If you are acting on behalf of a business or other legal entity, you confirm you have authority to bind that entity. If you do not have authority, you remain personally liable.

1.3 Key documents and incorporation by reference

(a) This Agreement includes (and incorporates by reference) the following, as updated from time to time in accordance with clause 1.7:

(i) the Scope of Work schedule (what we do and do not undertake);

(ii) the Service Level Agreement (“SLA”) (operating hours, response targets, and delivery timeframes);

(iii) the Acceptable Use Policy (“AUP”);

(iv) the Privacy Policy and Cookie Policy;

(v) product, plan, and service specifications displayed in the Client Portal at the time of order (including any included quotas/limits such as “one website per plan”);

(vi) any Quotes issued in the Client Portal and accepted by you; and

(vii) any Order Confirmation / Invoice that references the Services purchased.

(b) If you purchase additional items (including domains, transfers, licences, plugins, or other third-party products), those purchases may also be subject to third-party terms. You agree to comply with all applicable third-party terms.

1.4 Definitions (capitalised terms)

In this Agreement, the following definitions apply:

“Account” means your registered account with the Company in the Client Portal.

“Additional Charges” means fees not included in your fixed-fee Plan, including third-party licences, paid plugins, premium vendor services, registry fees, emergency/out-of-scope work (where agreed), and any other charges expressly identified as additional.

“Agreement” has the meaning given in clause 1.2(a).

“AUP” means the Acceptable Use Policy, as incorporated by clause 1.3.

“Approved Secure Channels” means (i) the Client Portal/Ticketing system; and (ii) where the Company elects to provide them, secure tools used by the Company for exchanging or confirming sensitive data (which may include Zoho Mail and/or Zoho Vault). The Company may refuse to accept sensitive data sent via unapproved or insecure channels.

“Business Day” means Monday to Friday in the United Kingdom, excluding public holidays.

“Client Portal” means the Company’s client management and ticketing portal (WHMCS), used for orders, billing, Tickets, Quotes, service notices, and account management.

“Content” means any text, images, videos, code, data, branding, credentials, files, or other material you supply or authorise for use in connection with the Services.

“Covered Website” means the single (1) website included within a Plan. A Covered Website is a single WordPress installation and its primary domain and content stack (themes/plugins/configuration) as recorded in the Account. Each Plan covers one Covered Website only, in all circumstances, unless the Company agrees otherwise in writing.

“Credit” / “Credit Balance” means a non-cash account credit recorded in the Client Portal which may be applied against future invoices. Credit is not a refund and is not redeemable for cash except where required by law. Credits are applied in accordance with Part 11 (Upgrades/Downgrades/Credits) and Part 12 (Refund Policy).

“Data” means any personal data, confidential information, credentials, or other information processed or stored by the Company in connection with the Services.

“Delivery Timeframe” means the target time window for completion of a Task, as set out in the SLA, subject to exclusions and dependencies.

“Downgrade” means any change that reduces Plan level, hosting resources, quotas, priority, or included features, whether requested by you or required for compliance, security, or technical reasons.

“Execution” means the point at which the Company begins work on a Task (including preparatory work), which may include investigation, logging into systems, reviewing files, making changes, or reserving production capacity.

“Fees” means all amounts payable by you to the Company, including subscription fees, hosting fees, domain fees, Additional Charges, and any taxes (including VAT).

“Force Majeure Event” means any event outside a party’s reasonable control, including (without limitation) internet/telecoms failures, third-party platform outages, power failures, strikes, civil disorder, acts of government, natural disasters, and similar events.

“Hosting Services” means managed WordPress hosting services provided under the SKUNKHOST™ brand (including any hosting bundled with a Plan), together with related tooling and support as described in this Agreement.

“Kit” means a predefined, protocol-driven service module with a defined scope and outcome, which may be purchased as a one-off or used within Plan scope (where included).

“Plan” means a subscription plan offered by the Company (including SKUNKWORK™ maintenance plans and any bundled hosting), as selected in the Client Portal and confirmed by invoice/order confirmation.

“Plesk” means the hosting management interface used for certain Hosting Services (including Plesk Obsidian), where applicable.

“Quote” means a written quotation issued through the Client Portal for Additional Charges (including licences/plugins) which becomes binding when accepted by you in the Client Portal (or otherwise in writing as the Company permits).

“SLA” means the service level terms (hours, response targets, delivery timeframes, exclusions, and service credits) incorporated by clause 1.3.

“Scope of Work” means the schedule describing what the Company undertakes and what it does not undertake, incorporated by clause 1.3.

“Services” means any services, work, hosting, support, maintenance, Kits, domain services, and related deliverables provided by the Company under this Agreement.

“Task” means a request for work submitted by you (normally via a Ticket) to be delivered under a Kit, Plan scope, Quote, or other agreed basis.

“Ticket” means a support/task ticket raised in the Client Portal, forming the formal record of instructions, scope, access requests, approvals, updates, and completion.

“Upgrade” means any change that increases Plan level, hosting resources, quotas, priority, or included features.

“Working Hours” means the operating hours applicable to your Plan as stated in the SLA (and as may be displayed in the Client Portal and on the Company’s website).

1.5 Interpretation rules

(a) Headings are for convenience and do not affect interpretation.

(b) Words in the singular include the plural and vice versa. References to a “person” include an individual, partnership, company, or other entity.

(c) “Including” (and similar) means “including without limitation”.

(d) References to legislation include that legislation as amended, extended, re-enacted, or replaced from time to time.

(e) If you are a “consumer” under applicable UK law, nothing in this Agreement limits or excludes your statutory rights. Where any clause would be unenforceable against a consumer, it shall be interpreted to the minimum extent necessary to comply with law.

1.6 Order of precedence and entire agreement

(a) This Agreement is the entire agreement between the parties in relation to the Services and supersedes all prior statements, discussions, and understandings (whether oral or written).

(b) If there is any conflict or inconsistency, the following order of precedence applies (highest first):

(i) a bespoke written agreement signed by a director of the Company;

(ii) any accepted Quote (but only for the items expressly covered by that Quote);

(iii) this Agreement (including Schedules);

(iv) the order confirmation / invoice for the relevant purchase;

(v) the Plan/service specification shown in the Client Portal at the time of order; and

(vi) all other materials (marketing pages, general guidance, emails, and messages), which are non-binding.

(c) For avoidance of doubt, no Client purchase order terms or “supplier onboarding” terms apply unless expressly accepted in writing by a director of the Company.

1.7 Changes to this Agreement

(a) The Company may update this Agreement to reflect:

(i) legal or regulatory changes;

(ii) security, risk, or fraud prevention needs;

(iii) improvements to operational clarity; or

(iv) changes to Services, Plans, tooling, or processes.

(b) Where changes are material and adversely affect you, the Company will provide notice via the Client Portal and/or by email. Unless you cancel to take effect at the end of your current paid billing period, continued use after the effective date of the update constitutes acceptance.

(c) Changes required by law or for urgent security reasons may take effect immediately.

1.8 Severability

If any clause (or part of a clause) is unlawful, invalid, or unenforceable, it shall be severed and the remainder of this Agreement shall continue in full force and effect.

1.9 Assignment and subcontracting

(a) You may not assign, transfer, or subcontract any of your rights or obligations under this Agreement without the Company’s prior written consent.

(b) The Company may subcontract elements of the Services and/or assign this Agreement to an affiliate, successor, or purchaser of its business, provided that this does not reduce your statutory rights.

1.10 Third party rights

A person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.

PART 2 — ACCOUNTS, PLATFORMS & COMMUNICATIONS

2.1 Client Portal (WHMCS) as the system of record

(a) The Company uses its client management portal (WHMCS) as the primary system of record for:

(i) orders, products, subscriptions, renewals and cancellations;

(ii) invoices, payments, Credits, and Quotes;

(iii) Tickets (support requests and Tasks), including instructions, approvals, delivery updates, and completion notices; and

(iv) service notices and operational communications relating to your Account and Services.

(b) Except where the Company expressly agrees otherwise in writing, requests for work, approvals, and service communications must be made through Tickets in the Client Portal.

(c) You acknowledge and agree that the Company may rely on Client Portal records (including Ticket history, timestamps, attachments, and acceptance logs) as evidence of instructions, scope, delivery, and completion.

2.2 Account registration, eligibility and accuracy

(a) You must maintain an Account to access and manage Services.

(b) You must provide accurate, complete, and up-to-date information for your Account (including legal name/entity name, billing address, and contact email address).

(c) You are responsible for ensuring the contact email address on your Account remains current. Notices sent to the contact email address on your Account and/or posted in the Client Portal will be treated as received in accordance with clause 2.7.

(d) The Company may refuse registration, suspend access, or require additional verification where it reasonably believes an Account may be fraudulent, insecure, or in breach of this Agreement.

2.3 Authorised users and account security

(a) You are responsible for:

(i) keeping login credentials confidential;

(ii) ensuring only authorised persons access the Account; and

(iii) all actions taken through your Account (including purchases, Tickets, approvals, and instructions), whether or not authorised by you.

(b) If you permit multiple users to access the Account (staff, contractors, agencies), you must ensure you have internal controls and authority management in place. The Company is not responsible for disputes between you and your authorised users.

(c) You must notify the Company immediately via a Ticket if you suspect unauthorised access, compromised credentials, or suspicious activity.

2.4 Tickets are mandatory for Tasks and support

(a) All Tasks and support requests must be raised as Tickets in the Client Portal, unless the Company explicitly confirms an alternative process in writing for a particular matter.

(b) A Ticket must contain a clear brief sufficient for the Company to understand the requested outcome and the acceptance criteria. If the brief is unclear or incomplete, the Company may request clarification and/or pause the Delivery Timeframe until the information is provided.

(c) Unless your Plan expressly includes concurrency, Tickets are handled consecutively in accordance with your Plan’s queue and the SLA. Submitting multiple Tickets does not create parallel execution.

2.5 Platform tooling and access boundaries

(a) Depending on your Services, you may interact with (or the Company may use) one or more operational tools, which may include:

(i) the Client Portal (WHMCS) for billing, Quotes and Tickets;

(ii) a hosting control panel such as Plesk (including Plesk Obsidian) for Hosting Services; and

(iii) Approved Secure Channels for exchanging or confirming Sensitive Data (as defined below).

(b) Any access to hosting platforms or control panels that the Company grants to you (including any Plesk access) may be limited, withdrawn, or restricted at the Company’s discretion for security, stability, compliance, or risk management reasons.

(c) Where you are granted access to any hosting platform/control panel, you are responsible for actions taken using that access. The Company is not liable for outages, data loss, misconfiguration, or security incidents caused by your actions or by third parties acting under your authority.

2.6 Approved Secure Channels and Sensitive Data rules

(a) “Sensitive Data” includes (without limitation) passwords, passphrases, API keys, authentication tokens, private keys, 2FA recovery codes, banking/payment data, identity documents, and any special category personal data.

(b) You must share Sensitive Data only through Approved Secure Channels.

(c) Approved Secure Channels are:

(i) the Client Portal/Ticketing system; and

(ii) where the Company elects to provide them, secure tools used by the Company for exchanging or confirming Sensitive Data (which may include Zoho Mail and/or Zoho Vault or similar secure credential-sharing mechanisms).

(d) The Company may refuse to accept, process, or store Sensitive Data that is sent via unapproved or insecure channels (including plain-text email, messaging apps, social media, or phone calls), and any resulting delay will be treated as a client-caused delay under the SLA.

(e) Where the Company uses Zoho Mail and/or Zoho Vault (or similar secure tooling), you acknowledge that:

(i) the Company may require you to use those tools for Sensitive Data exchange/confirmation as a condition of commencement of a Task; and

(ii) the Company may change its tooling from time to time for security and operational reasons.

2.7 Notices and communications

(a) Operational communications may be provided by:

(i) posting a notice in the Client Portal;

(ii) messaging through a Ticket; and/or

(iii) sending an email to the primary contact email address on your Account.

(b) A notice is deemed received:

(i) when posted in the Client Portal; and/or

(ii) when sent by email to your Account’s primary contact email address (whether or not you actually read it), unless the sender receives an automated delivery failure message.

(c) You are responsible for ensuring emails from the Company are not blocked by spam filters and for maintaining your email deliverability.

(d) The Company may provide additional contact addresses for convenience and escalation, including (but not limited to):

complaints@skunkwork.co.uk

privacy@skunkwork.co.uk

team@skunkwork.co.uk

support@skunkwork.co.uk

hosting@skunkwork.co.uk

jobs@skunkwork.co.uk

(and/or any updated addresses displayed in the Client Portal from time to time).

2.8 Authority to grant access and give instructions

(a) You warrant that you own, control, or are duly authorised to grant access to any systems, websites, domains, hosting platforms, third-party accounts, and Content that you ask the Company to work on.

(b) If you instruct the Company to act on behalf of a third party (or within a third party’s environment), you warrant that you have the necessary permissions and that the instruction does not breach any third-party terms.

(c) The Company may require evidence of authority or ownership (including domain registrant verification, admin access confirmation, or business authorisation) before commencing work, particularly for domain, DNS, and security-sensitive requests.

2.9 Client responsibilities for access, credentials, and continuity

(a) You are responsible for maintaining access to your own third-party accounts (including domain registrars, DNS providers, analytics, ad accounts, plugin vendors, and payment processors) unless the Company explicitly agrees otherwise in writing.

(b) The Company may, at its discretion, assist with access continuity and account recovery, but:

(i) such assistance may be subject to the SLA and/or Additional Charges; and

(ii) the Company is not responsible for third-party verification processes, timeframes, or outcomes.

(c) You are responsible for maintaining your own internal credential storage and access controls. The Company strongly recommends least-privilege access and time-limited credentials wherever possible.

2.10 Recordkeeping and instruction integrity

(a) Where there is any inconsistency between communications, the most recent clear instruction recorded in the relevant Ticket will prevail, unless the Company confirms otherwise in writing.

(b) Verbal instructions (including by phone) are not binding unless confirmed in writing via Ticket.

2.11 Emergency contact and safety controls

(a) For security, fraud-prevention, or service stability reasons, the Company may:

(i) temporarily restrict access to platforms;

(ii) require verification before proceeding with high-risk requests (including DNS changes, domain transfers, billing changes, password resets, or payment method changes); and/or

(iii) pause work pending confirmation.

(b) The Company is not liable for delays resulting from reasonable security controls, verification steps, or fraud-prevention measures.

2.12 Tool availability and third-party dependency

(a) The Client Portal and any third-party systems (including control panels, registries, and vendor platforms) may be unavailable from time to time due to maintenance, outages, or third-party issues.

(b) The Company will use reasonable efforts to restore access or provide alternatives where practical, but platform availability is subject to third-party dependencies and the SLA exclusions.

PART 3 — SERVICES OVERVIEW (WHAT WE PROVIDE)

3.1 Services covered by this Agreement

(a) The Company provides the following categories of Services under this single combined Agreement:

(i) SKUNKWORK™ subscription services (maintenance, support, and task delivery under a Plan);

(ii) One-Off Kits (protocol-driven, predefined service modules);

(iii) SKUNKHOST™ managed WordPress Hosting Services (including hosting bundled with Plans where applicable);

(iv) domain-related services (including registrations, renewals, transfers, and DNS support) where purchased through the Client Portal; and

(v) Additional Charges supplied via Quotes (including third-party plugins, licences, and other chargeable items).

(b) The specific Services you receive are those shown in:

(i) the Client Portal at the time of order;

(ii) the invoice/order confirmation for your purchase; and

(iii) any accepted Quote(s).

3.2 SKUNKWORK™ subscription Plans (maintenance and task delivery)

(a) SKUNKWORK™ Plans provide an ongoing subscription-based service which may include (depending on the Plan purchased):

(i) routine maintenance, monitoring, and/or technical support;

(ii) task delivery via Tickets in accordance with the Scope of Work and SLA;

(iii) access to, and completion of, certain Kits where included; and

(iv) hosting and/or hosting-related support where bundled or purchased.

(b) Plan features, queue priority, operating hours, response targets, delivery timeframes, and any usage limits are governed by:

(i) the Plan specification shown in the Client Portal and/or on the Company website at the time of order; and

(ii) the SLA.

(c) A Plan is not an “all-you-can-eat” service. Work must remain within:

(i) the Scope of Work;

(ii) Plan limits (including “one website per plan”, where applicable);

(iii) fair use and operational constraints; and

(iv) any technical, security, or third-party constraints.

(d) The Company may reasonably reclassify a Task (e.g., low/medium/high complexity) where the original classification is inaccurate, and will notify you via Ticket.

3.3 One-Off Kits (protocol-driven modules)

(a) A “Kit” is a defined service module with a specific scope and outcome, delivered through the Ticketing system.

(b) Kits may be:

(i) purchased as a one-off (as shown in the Client Portal); and/or

(ii) available within a Plan where expressly included.

(c) Kits are delivered in accordance with:

(i) the Kit description and any included protocol steps;

(ii) the Scope of Work; and

(iii) the SLA (including exclusions and dependency pauses).

(d) Where a Kit requires third-party licences, paid plugins, premium services, or other Additional Charges, these will be provided via Quote(s). Your acceptance of any Quote is required before such items are purchased, provisioned, or installed.

3.4 SKUNKHOST™ Hosting Services (managed WordPress hosting)

(a) SKUNKHOST™ Hosting Services are managed WordPress hosting services provided by the Company, which may be purchased as:

(i) standalone Hosting Services; and/or

(ii) bundled with a SKUNKWORK™ Plan.

(b) Hosting Services may include (depending on the product purchased):

(i) provisioning and management of the hosting environment;

(ii) access to a hosting control panel (such as Plesk, including Plesk Obsidian) where applicable;

(iii) backups/restores subject to the Hosting Terms and any applicable limits;

(iv) performance and security controls subject to fair use and platform constraints; and

(v) support via Tickets, subject to your Plan and the SLA.

(c) Hosting resource limits, fair use constraints, and any included quotas (including storage, memory, CPU, and related thresholds) are defined by:

(i) the product specification in the Client Portal at the time of order; and

(ii) the Hosting Terms in Part 8 and relevant Schedules.

(d) The Company may use one or more infrastructure providers and licensed software tools to operate the Hosting Services. The Company may change providers, configurations, or tooling where required for security, compliance, performance, or operational reasons, provided that the Services continue to be delivered in substantially equivalent form.

3.5 Domains, DNS and transfer support

(a) If you purchase domain-related products (including registrations, renewals, or transfers) through the Client Portal, the Company will provide the domain services as described at the time of purchase and subject to:

(i) this Agreement (including Part 9); and

(ii) any applicable registry/third-party provider terms.

(b) Domain-related actions (including transfers, renewals, and DNS changes) may be constrained by registry rules, anti-fraud controls, or third-party timeframes. The Company does not control registry decision-making or external provider processing times.

(c) For avoidance of doubt:

(i) domain ownership and registrant responsibilities remain with you (see Part 9); and

(ii) the Company does not assume liability for losses arising from expiry, deletion, registrant contact failures, or third-party registrar actions outside the Company’s control.

3.6 Third-party products, services, and dependencies

(a) Your website(s), hosting, domains, and Tasks may depend on third-party products and services, including but not limited to:

(i) plugin/theme vendors;

(ii) registries and registrars;

(iii) payment processors;

(iv) email, DNS, and analytics providers; and

(v) marketplaces and platform APIs.

(b) The Company may recommend third-party products or configurations. Recommendations are provided in good faith based on the information available at the time, but the Company does not warrant that any third-party product will remain available, compatible, secure, or suitable for your needs.

(c) Unless expressly included in your Plan or a Quote, third-party fees are your responsibility.

3.7 Quotes and Additional Charges (plugins, licences, premium services)

(a) Fixed-fee Plans cover the Services expressly included in the Plan specification and Scope of Work. Additional Charges (including third-party licences, paid plugins, premium vendor services, and other pass-through costs) are not included unless explicitly stated.

(b) Additional Charges are supplied as Quotes via the Client Portal. A Quote becomes binding only when accepted by you in the Client Portal (or otherwise in writing where the Company permits).

(c) Once a Quote is accepted and the relevant third-party product/service is purchased, provisioned, activated, or delivered, those fees are non-refundable except where required by law.

(d) If a plugin/licence or third-party product later proves unsuitable for your needs, this does not:

(i) constitute a defect in the Company’s Services;

(ii) create grounds for a refund; or

(iii) entitle you to cancel your Plan mid-period without charges.

Any further changes, replacements, or redesigns required may be treated as a new Task and/or may require a new Quote.

3.8 No professional advice

(a) The Company provides technical and operational services. Unless expressly agreed in writing:

(i) the Company does not provide legal, financial, tax, medical, or regulated professional advice; and

(ii) you remain responsible for obtaining independent advice appropriate to your circumstances, including compliance obligations.

3.9 Service descriptions and guidance

(a) The Company may publish guidance on its website and/or in the Client Portal about how the Services work (including process notes for WHMCS, ticketing, or hosting tooling). Such guidance is informational and does not override this Agreement.

(b) If there is any inconsistency between general guidance and this Agreement, the Agreement prevails in accordance with clause 1.6.

PART 4 — SCOPE OF WORK, EXCLUSIONS & CLIENT RESPONSIBILITIES

4.1 Scope of Work (incorporation and purpose)

(a) The “Scope of Work” is a schedule to this Agreement which defines:

(i) the categories of work the Company undertakes;

(ii) the categories of work the Company does not undertake; and

(iii) any conditions, dependencies, or limitations that apply to in-scope work.

(b) The Scope of Work is incorporated by reference under clause 1.3 and forms part of this Agreement.

(c) Where your request is outside the Scope of Work, the Company may (at its discretion):

(i) decline the request; or

(ii) offer a Quote for additional work, where feasible.

(d) Until the Scope of Work schedule is published and/or finalised, the Company will apply its reasonable operational boundaries consistent with:

(i) the Plan and Kit specifications displayed in the Client Portal at the time of order; and

(ii) the Company’s published guidance and service descriptions.

Any ambiguity will be resolved in favour of operational safety and scope containment.

4.2 One Covered Website per Plan (client responsibility to comply)

(a) Each Plan includes support and task delivery for one (1) Covered Website only, in all circumstances.

(b) You are responsible for:

(i) clearly identifying the Covered Website within each Ticket; and

(ii) ensuring that requests relate only to the Covered Website.

(c) Requests involving additional websites, additional WordPress installations, materially separate projects, or multi-site management are outside Plan scope unless:

(i) you purchase an additional Plan; or

(ii) the Company issues and you accept a Quote; or

(iii) the Company expressly agrees otherwise in writing.

4.3 Your responsibilities: access, licensing, and cooperation

(a) You must provide all information and cooperation reasonably required to deliver the Services, including:

(i) a clear brief and acceptance criteria;

(ii) relevant logins/access (via Approved Secure Channels);

(iii) timely approvals and responses to questions; and

(iv) confirmations required for security-sensitive or irreversible actions.

(b) You are responsible for ensuring you have valid rights, licences, and permissions for any Content, third-party products, and third-party accounts you ask the Company to use, including:

(i) plugins/themes/fonts/stock assets;

(ii) API services;

(iii) payment gateways; and

(iv) marketing/analytics tools.

(c) Unless explicitly included in your Plan, you are responsible for purchasing and maintaining third-party licences and subscriptions. Where the Company procures such items on your behalf, they will be provided via Quote(s) under clause 3.7.

4.4 Third-party constraints and “best efforts” delivery

(a) You acknowledge that many Tasks depend on third-party systems or providers. The Company does not control third parties and cannot guarantee:

(i) availability, performance, or compatibility of third-party systems;

(ii) processing timeframes (e.g., registries, payment processors);

(iii) vendor bug fixes; or

(iv) outcomes dependent on third-party approvals.

(b) The Company will use reasonable efforts to deliver Services within scope, but delays caused by third-party constraints or missing dependencies are SLA exclusions.

4.5 Environments, staging, testing, and deployment boundaries

(a) Unless expressly agreed otherwise, the Company may choose (acting reasonably) the most appropriate environment for completing a Task, including:

(i) staging;

(ii) development; and/or

(iii) production.

(b) You acknowledge that:

(i) some Tasks require changes in production (e.g., urgent fixes, DNS changes);

(ii) deployment may be contingent on your approval or on dependency completion; and

(iii) any delay in providing approvals or access pauses the Delivery Timeframe under the SLA.

(c) You are responsible for:

(i) reviewing and approving deliverables promptly;

(ii) verifying business-critical workflows (payments, booking forms, lead capture, integrations);

(iii) confirming that content and legal/compliance requirements (including accessibility, privacy, cookie consent, and sector-specific rules) are met for your use-case.

(d) Unless expressly agreed in writing, the Company does not provide regulated compliance certification (e.g., legal compliance audits, PCI certification), and you must seek appropriate specialist advice.

4.6 Completion standard: “meets the brief”

(a) Work is deemed “Completed” when the Company has delivered the output described in the Ticket brief (or agreed clarifications), and that output materially meets the stated acceptance criteria.

(b) If you request changes that:

(i) materially alter the agreed brief;

(ii) introduce new requirements or design direction; or

(iii) expand scope beyond the agreed acceptance criteria,

then those changes are treated as a new Task and may require a new Ticket and/or Quote.

(c) The Company may, at its discretion, provide minor refinements as goodwill, but is not obliged to do so where the request constitutes a scope change.

4.7 Redesigns, new direction, and scope creep

(a) Redesigns, reworks, “start again” requests, or new creative direction are not included unless expressly stated in the Plan/Kit scope or agreed by Quote.

(b) If a deliverable meets the brief, dissatisfaction with styling preferences, subjective taste, or later strategic changes does not constitute a defect and is not grounds for refund or Credit beyond what is expressly provided in Part 11 and Part 12.

4.8 Risks and client approvals (irreversible or high-impact actions)

(a) Certain actions are inherently high-impact or irreversible (including DNS changes, domain transfers, email migrations, payment gateway changes, large-scale updates, or security hardening that may block access). The Company may require explicit written confirmation via Ticket before proceeding.

(b) You accept that proceeding with such actions may result in temporary downtime, disruption, or change in behaviour. Where the Company has warned of such risk and you authorise the action, the Company is not liable for the inherent consequences of the authorised action.

4.9 Data, credentials, and least-privilege access

(a) You must provide access in a secure manner and only to the extent necessary for the Task.

(b) The Company may request:

(i) administrator access where required; or

(ii) least-privilege access where feasible.

(c) Where you decline to provide required access, the Company may:

(i) pause or refuse the Task; and/or

(ii) treat the delay as a client-caused delay under the SLA.

4.10 Your responsibility for backups and business continuity

(a) Unless expressly included in the Hosting Services purchased and stated in Part 8 / the Hosting specification, you remain responsible for:

(i) independent backups; and

(ii) business continuity planning.

(b) Even where the Company provides backups/restores as part of Hosting Services, you acknowledge that:

(i) backups may fail due to factors outside the Company’s control (e.g., corruption, malware, third-party outages);

(ii) backups are not a substitute for your own risk management; and

(iii) the Company’s liability remains limited in accordance with Part 16.

4.11 Client-caused delays and “hold” state

(a) If a Task cannot proceed due to missing information, access, approvals, or dependencies for which you are responsible, the Company may place the Task in a “Hold” state.

(b) Time spent waiting for client inputs does not count towards Delivery Timeframes and is an SLA exclusion.

4.12 No guarantee of outcomes and reliance on assumptions

(a) Unless expressly stated in writing, the Company does not guarantee specific outcomes such as:

(i) rankings, traffic, conversions, revenue, or lead volume;

(ii) approval by third-party platforms;

(iii) compatibility across all devices/plugins/themes; or

(iv) uninterrupted operation where third-party dependencies exist.

(b) Where you ask the Company to proceed based on assumptions (e.g., “use the plugin you think is best”), you accept that:

(i) the Company will act reasonably based on information available at the time; and

(ii) subsequent dissatisfaction does not constitute grounds for refund.

PART 5 — PLANS, COVERAGE LIMITS & FAIR USE

5.1 Plan scope and included features

(a) Each Plan includes only the features, inclusions, and limits expressly stated:

(i) in the Plan specification shown in the Client Portal at the time of order; and/or

(ii) in the relevant invoice/order confirmation; and/or

(iii) in any accepted Quote(s).

(b) Plan inclusions may include (depending on the Plan purchased):

(i) task delivery via Tickets;

(ii) maintenance and monitoring activities;

(iii) access to certain Kits;

(iv) hosting and/or hosting support (where bundled or purchased); and

(v) support availability during specified Working Hours.

(c) Plan inclusions do not include:

(i) third-party licence costs, paid plugins, premium vendor services, or pass-through charges, unless expressly stated (see clause 3.7); or

(ii) out-of-scope work as defined in the Scope of Work.

5.2 One Covered Website per Plan (non-negotiable baseline)

(a) Each Plan covers one (1) Covered Website only, in all circumstances.

(b) If you require Services for more than one website, you must:

(i) purchase additional Plan(s) (one per Covered Website); or

(ii) obtain a Quote from the Company (at the Company’s discretion); or

(iii) obtain the Company’s express written agreement for an alternative arrangement.

(c) The Company may refuse work, re-scope work, or require additional Plans/Quotes where Tickets relate to multiple websites or multiple materially separate projects.

5.3 Task queue model: consecutive execution is the default

(a) Unless your Plan expressly includes concurrency, Tasks are handled one at a time, consecutively, in the order determined by the Company based on:

(i) the SLA;

(ii) operational priority (including incidents/outages/security issues);

(iii) dependencies and readiness; and

(iv) fairness and workload management.

(b) Submitting multiple Tickets does not mean multiple Tasks will be started simultaneously. Multiple Tickets create a queue.

(c) If a Task is completed earlier than its Delivery Timeframe, the Company may begin the next Task consecutively, subject to capacity and priority.

(d) The Company may merge, split, or reorder Tasks where reasonable to:

(i) reduce risk;

(ii) unblock dependencies;

(iii) address incidents; or

(iv) improve efficiency,

provided that this does not unfairly prejudice you.

5.4 Concurrency for Tech Team™ and limits on simultaneous work items

(a) Certain Plans may include concurrency (i.e., the ability for the Company to work on more than one Task at a time for the same Client). Concurrency is only provided where explicitly stated in the Plan specification or agreed in writing.

(b) Where concurrency is included, the Company may impose a reasonable maximum number of concurrent active Tasks and/or simultaneous work items.

(c) Unless otherwise stated in the Client Portal for your Plan:

(i) the Company may cap concurrent active Tasks for Tech Team™ to a maximum of fifteen (15) at any one time; and

(ii) the Company may require any excess Tickets to remain queued until capacity becomes available.

(d) The Company retains discretion to determine which Tasks are treated as “active” and which remain queued, including to prioritise incidents or security matters.

5.5 Fair use and abuse prevention

(a) All Plans are subject to fair use, meaning you must use the Services in a manner that is:

(i) consistent with the intended purpose of the Plan;

(ii) within scope; and

(iii) not abusive, exploitative, or designed to circumvent Plan limits.

(b) Without limitation, the following are examples of abuse or unfair use:

(i) repeatedly submitting fragmented Tickets intended to force concurrency where not included;

(ii) attempting to use a single Plan to cover multiple websites/projects;

(iii) repeatedly changing requirements after work has commenced to increase workload without a Quote;

(iv) requesting excessive emergency work which is not an incident;

(v) attempting to exploit upgrade/downgrade rules to obtain service without paying the intended Fees.

(c) If the Company reasonably believes you are engaging in unfair use or abuse, the Company may:

(i) require you to consolidate Tickets;

(ii) reclassify Tasks as higher complexity;

(iii) require a Quote and/or additional Plan(s);

(iv) place Tasks on Hold pending clarification; and/or

(v) suspend or terminate Services in accordance with Part 15 and Part 11 (as applicable).

5.6 Task readiness requirements (dependencies and access)

(a) A Task is “Ready” when:

(i) a clear brief and acceptance criteria are provided;

(ii) all required access is provided via Approved Secure Channels; and

(iii) required confirmations for high-impact actions are provided via Ticket.

(b) If a Task is not Ready, the Company may place it on Hold. Time on Hold does not count towards Delivery Timeframes under the SLA.

5.7 Reclassification and scope containment

(a) The Company may reclassify a Task’s complexity (low/medium/high) where the request, dependencies, or risk profile reasonably requires it.

(b) Where reclassification materially changes expected Delivery Timeframes, the Company will notify you via Ticket.

(c) The Company may propose alternative approaches to keep work within scope, including phased delivery, reduced scope, or a Quote for additional work.

5.8 No guaranteed capacity; service is delivered within SLA constraints

(a) The Company will use reasonable efforts to meet SLA response and delivery targets but does not guarantee uninterrupted capacity, instant execution, or exact completion times.

(b) SLA targets are subject to:

(i) your Plan’s Working Hours;

(ii) Task readiness and dependencies;

(iii) incident prioritisation; and

(iv) SLA exclusions.

5.9 Plan misuse and remediation

(a) If the Company determines that a Plan is being used in a manner inconsistent with this Agreement, the Company may require remediation, which may include:

(i) purchase of additional Plans;

(ii) acceptance of a Quote for additional work; and/or

(iii) reduction of scope to comply with Plan limits.

(b) Failure to remediate after notice may result in suspension or termination in accordance with Part 11 and Part 15.

5.10 Relationship to pricing guarantee

(a) The Company’s “prices fixed until 2027” commitment applies to subscription Fees for Plans as described in Part 10 and does not:

(i) expand Plan scope;

(ii) remove fair use limits; or

(iii) include third-party costs (plugins/licences/registry fees), which may change in line with vendor pricing.

PART 6 — TICKETS, BRIEFS, ACCEPTANCE & REVISIONS

6.1 Tickets are the only valid method of requesting work

(a) All Tasks and support requests must be submitted as Tickets in the Client Portal.

(b) Requests made outside the Ticketing system (including via social media, informal messaging, or verbal requests) are not binding and will not be treated as valid instructions unless the Company confirms them in writing via Ticket.

(c) The Company may, at its discretion, convert information received via other channels into a Ticket; however, the Company is not obliged to do so.

6.2 What constitutes a valid brief

(a) A “valid brief” is the minimum information required for the Company to begin work safely and accurately. A valid brief must include (as applicable):

(i) the Covered Website to which the request applies;

(ii) the requested outcome (what “done” looks like);

(iii) acceptance criteria (how success will be assessed);

(iv) relevant constraints (brand rules, existing integrations, compliance constraints);

(v) priority and any time sensitivity (with reasons); and

(vi) required files, assets, access details, and relevant links.

(b) If a Ticket does not contain a valid brief, the Company may request clarification and place the Task on Hold until the brief is complete.

(c) Clarification requests and waiting time pause Delivery Timeframes under the SLA.

6.3 When work starts (“Execution”)

(a) “Execution” begins when the Company starts work on your Task, including (without limitation):

(i) reviewing the brief in detail and planning execution steps beyond trivial triage;

(ii) logging into systems, platforms, or accounts;

(iii) investigating issues (including diagnostics, replication, or log review);

(iv) implementing changes (including configuration, code, content, or deployment);

(v) reserving production capacity or scheduling work windows; or

(vi) purchasing, provisioning, or activating any third-party product/service after Quote acceptance.

(b) You acknowledge that some Tasks require initial diagnostic work to determine cause and options. Such diagnostic work constitutes Execution.

(c) Once Execution has begun, any refund entitlement is governed by Part 12 (Refund Policy) and may become ineligible in accordance with that Part.

6.4 Readiness, dependencies, and “Hold” state

(a) A Task may only proceed where it is Ready (see clause 5.6).

(b) The Company may place a Task on Hold where:

(i) access is missing or invalid;

(ii) approvals/confirmations are required (especially for high-impact actions);

(iii) required assets or licences are missing;

(iv) third-party dependencies must be resolved; or

(v) the scope or brief is unclear.

(c) Time spent in Hold state does not count towards Delivery Timeframes and is an SLA exclusion.

6.5 Ordering, prioritisation, and queue operation

(a) Unless your Plan expressly includes concurrency, Tasks are worked on consecutively under Part 5.

(b) The Company may prioritise:

(i) outages and security incidents;

(ii) risk-to-service stability matters;

(iii) Tasks that are Ready; and

(iv) Tasks that unblock multiple subsequent Tasks.

(c) The Company is not required to follow the chronological order of Ticket submission where doing so would increase risk, reduce service stability, or cause unreasonable inefficiency.

6.6 Acceptance criteria and completion (“meets the brief” rule)

(a) A Task is deemed Completed when the Company has delivered the output described in the brief (and any agreed clarifications) and it materially meets the stated acceptance criteria.

(b) Completion may be evidenced by:

(i) confirmation in the Ticket;

(ii) delivery of files, links, credentials changes, configuration notes, or deployment confirmations in the Ticket;

(iii) publication of changes in production/staging; and/or

(iv) other objective confirmation described in the Ticket.

(c) Unless a different acceptance period is stated in the Ticket, you must review deliverables promptly and notify the Company of any objective non-conformance with the agreed brief within a reasonable period (and in any event within fourteen (14) days). After that period, the work is deemed accepted.

(d) The Company is not responsible for issues arising from:

(i) changes you or third parties make after Completion;

(ii) third-party platform changes after Completion; or

(iii) incompatibilities introduced by new plugins/themes/code installed by you or third parties after Completion.

6.7 Revisions, adjustments, and what is included

(a) Where a deliverable materially meets the brief but requires minor adjustments to align with the acceptance criteria, the Company may (acting reasonably) make such adjustments as part of completing the Task.

(b) Revisions are limited to changes necessary to meet the agreed acceptance criteria in the brief. Revisions do not include:

(i) new requirements;

(ii) expanded scope;

(iii) additional pages/sections/components not specified;

(iv) changes in design direction or strategy; or

(v) additional integrations or platform migrations not specified.

(c) The Company may request you to consolidate feedback into a single response where practical. Excessive fragmented feedback may be treated as a client-caused delay under the SLA.

6.8 Scope changes, redesigns, and new direction = new Task and/or Quote

(a) If you request changes that materially alter the brief or introduce new requirements, those changes are scope changes and constitute a new Task.

(b) Without limitation, the following are scope changes:

(i) redesign requests after a deliverable meets the brief;

(ii) “start again” requests;

(iii) new features, new layouts, new pages, or new user flows;

(iv) changing brand, style, or creative direction after delivery; or

(v) adding additional plugins, licences, premium services, or third-party integrations not included in the original brief.

(c) Scope changes may require:

(i) a new Ticket;

(ii) reclassification of complexity; and/or

(iii) an Additional Charge via Quote.

6.9 Client-supplied materials and approvals

(a) You are responsible for supplying accurate Content, assets, and instructions.

(b) You warrant that you have the rights to use all materials you supply and that they do not infringe third-party rights.

(c) You are responsible for final review and approval of deliverables. The Company is not liable for errors in client-supplied Content, including spelling, legal wording, pricing, product claims, or compliance statements, unless those errors were introduced by the Company contrary to the brief.

6.10 Change control and instruction integrity

(a) The Company will rely on the most recent clear instruction recorded in the Ticket.

(b) Where a Ticket contains conflicting instructions, the Company may pause work and request clarification.

(c) If you instruct the Company to proceed without clarifying conflicts, you accept the risk of that instruction.

6.11 Evidence and audit trail

(a) The Ticket record is the authoritative audit trail for:

(i) what was requested;

(ii) what was agreed;

(iii) what was delivered; and

(iv) when Completion occurred.

(b) You agree that the Company may use Ticket records to resolve disputes, including billing disputes and SLA disputes.

6.12 No guarantee of uninterrupted workflow

(a) The Company will use reasonable efforts to progress Tasks in accordance with the SLA, but you acknowledge that:

(i) Task delivery depends on readiness, dependencies, and capacity;

(ii) incidents may cause reprioritisation; and

(iii) certain Tasks may require scheduled windows or third-party involvement.

(b) Any timeframes stated in Tickets are estimates unless explicitly stated as binding and are subject to SLA exclusions.

PART 7 — SERVICE LEVEL AGREEMENT (SLA): HOURS, RESPONSE TARGETS & DELIVERY TIMEFRAMES

7.1 Purpose and scope of this SLA

(a) This Service Level Agreement (“SLA”) sets out the Company’s service operating model, including:

(i) Working Hours by Plan;

(ii) how Tickets are triaged and prioritised;

(iii) target response and delivery timeframes for Tasks; and

(iv) exclusions, dependencies, and measurement rules.

(b) The SLA applies to all Services delivered through the Client Portal and Ticketing system, including:

(i) subscription Tasks under Plans;

(ii) Kit delivery (one-off or within Plan scope);

(iii) support requests; and

(iv) Hosting Services support (to the extent support is delivered via Tickets and is not otherwise governed by separate Hosting metrics in Part 8).

(c) The SLA does not apply to:

(i) work not requested via Ticket (unless the Company agrees otherwise in writing);

(ii) professional services not included in your Plan and not covered by an accepted Quote;

(iii) work that is paused due to client-caused delay, missing access, or dependencies (see clause 7.12);

(iv) periods where Services are suspended due to non-payment, fraud prevention, AUP breach, security risk, or other contractual enforcement actions; or

(v) third-party or registry processes outside the Company’s control (including domain registry transfer windows).

(d) This SLA is a “target and operating framework” and not a guarantee of fixed delivery times. The Company will use reasonable efforts to meet the targets stated, subject to:

(i) the Plan purchased;

(ii) capacity and incident load;

(iii) readiness and dependencies; and

(iv) the exclusions in clause 7.12.

7.2 Definitions specific to the SLA

In addition to the definitions in Part 1, the following apply for this SLA:

“Clock Start” means the time at which the applicable SLA measurement begins for a Ticket/Task.

“Clock Stop” means the time at which the applicable SLA measurement ends for a Ticket/Task.

“Initial Response” means a first acknowledgement and triage update in the relevant Ticket (which may include requests for clarification, access, confirmation, or a proposed approach). An Initial Response is not necessarily a completion or resolution.

“Substantive Response” means an update that includes meaningful progress, findings, or deliverables (e.g., diagnostics results, a fix applied, files delivered, a staging link, a deployment notice, or a clear plan and next steps).

“Incident” means an unplanned interruption or degradation to the availability, performance, integrity, or security of a Covered Website or Hosting Service where immediate attention is reasonably required to reduce risk of harm.

“Request” means a non-incident Task (e.g., content changes, design tweaks, improvements, feature enablement) that can be scheduled and delivered in accordance with the normal queue.

“Priority Level” means the Company’s severity classification used to triage Tickets (P1–P4 or similar).

7.3 Timezone and time measurement

(a) All Working Hours, cut-offs, and SLA timeframes are measured in United Kingdom local time (Europe/London), including daylight savings time where applicable.

(b) All timestamps in the Client Portal/Ticketing system are treated as the authoritative record for measuring SLA performance.

(c) Where Working Hours are stated as ranges (e.g., 9:00 AM–5:30 PM), the Company may allocate breaks, handovers, and internal scheduling within those periods. The Company’s obligation is to provide service availability within the stated window, not to provide continuous uninterrupted human attention for every minute of the window.

7.4 Working Hours by Plan (service windows)

(a) The Company operates Plan-specific Working Hours. Unless your Plan expressly provides otherwise, queue activity outside your Plan’s Working Hours rolls into the next Working Hours window.

(b) Working Hours are as follows:

(c) “Closed” means no general queue processing is guaranteed during that day, but the Company may (at its discretion) provide limited monitoring or incident triage, particularly where service stability or security risk exists.

(d) The Company may observe public holidays. On public holidays, queue activity may be reduced, and timeframes may extend by the duration of the closure/reduced service.

(e) The Company may amend Working Hours from time to time by updating this Agreement in accordance with clause 1.7 and/or publishing updates in the Client Portal.

7.5 Ticket intake, triage and classification

(a) On receipt of a Ticket, the Company will:

(i) acknowledge and triage the Ticket;

(ii) classify the Ticket as an Incident or a Request;

(iii) assign a Priority Level;

(iv) identify missing information, access, or confirmations; and

(v) determine whether the Ticket is within Scope of Work and within your Plan.

(b) Where a Ticket contains multiple unrelated requests, the Company may require you to:

(i) split the Ticket into separate Tickets; and/or

(ii) prioritise which item to execute first,

to preserve clarity and auditability.

(c) The Company may reject, re-scope, or quote for out-of-scope work.

(d) A Ticket that is not Ready (see clause 7.10) may be placed on Hold and will not progress under the standard SLA clock until it becomes Ready.

7.6 Priority levels and incident response model

(a) The Company may use a priority model similar to the following:

P1 — Critical Incident:

- Total outage, severe security incident, ransomware/malware causing active harm, payment/checkout failure for a live store, or a risk of immediate business interruption.

- The Company may bypass the normal task queue to address P1 incidents.

P2 — Major Incident:

- Material degradation or partial outage; major feature unavailable; severe errors affecting many users; security vulnerability with meaningful exposure.

- The Company may reprioritise queued Requests to reduce harm.

P3 — Standard Request / Minor Incident:

- Routine Tasks; non-critical bugs; configuration changes; content updates; improvements.

P4 — Low priority / Advisory:

- General questions, planning, guidance, “how-to”, non-urgent optimisations, backlog items.

(b) Priority Level assignment is at the Company’s reasonable discretion, taking into account:

(i) user impact;

(ii) business risk;

(iii) technical risk;

(iv) security risk; and

(v) dependency constraints.

(c) The Company may reclassify Priority Level as new information becomes available.

(d) Abuse of incident labelling (e.g., marking routine Requests as emergencies) may be treated as unfair use under Part 5.

7.7 Response targets (Initial and Substantive)

(a) Response targets vary by Plan, ticket type (Incident vs Request), Priority Level, and Working Hours.

(b) Unless the Company has published explicit numeric response targets for your Plan, the Company’s response commitment is to provide reasonable efforts to:

(i) issue an Initial Response during Working Hours as soon as practicable; and

(ii) provide Substantive Responses at reasonable intervals appropriate to the Priority Level and complexity of the Task.

(c) If numeric response targets are published in the Client Portal or referenced in a Plan specification at the time of purchase, those targets apply and are incorporated into this SLA.

(d) The Company may satisfy an Initial Response by:

(i) acknowledging receipt;

(ii) requesting missing information/access;

(iii) advising of queue position or expected start window; and/or

(iv) recommending immediate risk-reduction steps.

(e) The Company will not be in breach of response targets where delays arise from:

(i) Tickets submitted outside Working Hours (see clause 7.8);

(ii) client-caused delays (see clause 7.12);

(iii) third-party outages; or

(iv) security verification steps reasonably required (Part 2).

7.8 Clock Start rules (when SLA timing begins)

(a) Unless stated otherwise, the SLA clock begins at the later of:

(i) the time the Ticket is submitted; and

(ii) the start of the next applicable Working Hours window.

(b) If a Ticket is submitted outside Working Hours, Clock Start is the next opening of Working Hours for your Plan.

(c) If the Ticket lacks a valid brief or required access/confirmations, Clock Start is the time the Ticket becomes Ready (as defined in clause 7.10).

(d) For Incidents, the Company may (at its discretion) begin triage outside Working Hours. Where it does, the Company may treat Clock Start as the time triage commenced; however, the Company is not obliged to do so unless expressly stated in your Plan specification.

7.9 Delivery Timeframes (Requests and Tasks)

(a) Delivery Timeframes are target windows for completing Tasks, aligned to complexity tiers (Low/Medium/High) and your Plan.

(b) The Delivery Timeframe is measured during Working Hours only and excludes time on Hold.

(c) The Company may deliver faster than the Delivery Timeframe. Early completion does not entitle the Client to accelerated parallel delivery beyond what the Plan permits.

(d) Delivery Timeframes are not guarantees and may extend due to:

(i) the exclusions in clause 7.12;

(ii) reclassification of complexity;

(iii) incident reprioritisation; or

(iv) changes requested by the Client.

7.10 Task readiness (“Ready” definition) and Hold rules

(a) A Task is “Ready” only when:

(i) a valid brief and acceptance criteria are provided;

(ii) the Covered Website is identified;

(iii) required access has been provided and verified via Approved Secure Channels;

(iv) required confirmations for high-impact actions have been provided; and

(v) any required Quotes have been accepted (where third-party costs or out-of-scope work is involved).

(b) If any Ready condition is missing, the Company may place the Task on Hold and request the missing items via Ticket.

(c) While on Hold:

(i) the SLA clock is paused;

(ii) Delivery Timeframes do not run; and

(iii) queue position may be affected, as the Company may proceed with other Ready Tasks.

(d) Once the Task becomes Ready, it will re-enter the queue in a position determined by the Company acting reasonably, taking account of:

(i) fairness to other Clients;

(ii) how long the Task was on Hold; and

(iii) whether the Task is an Incident.

7.11 Published Delivery Timeframes (Low / Medium / High)

(a) The Company publishes Delivery Timeframes by Plan and complexity tier. Unless amended under clause 1.7, the Delivery Timeframes are:

┌───────────────────┬───────────────────────────┬───────────────────────────┬──────────────────────────────┐

│ Plan │ Low Tasks │ Medium Tasks │ High Tasks │

├───────────────────┼───────────────────────────┼───────────────────────────┼──────────────────────────────┤

│ Care™ │ < 8 hours │ 48 hours │ 3–7 business days │

│ Grow™ │ < 4 hours │ Next business day │ 2–4 business days │

│ Tech Team™ │ < 2 hours │ Same day* │ < 48 hours │

└───────────────────┴───────────────────────────┴───────────────────────────┴──────────────────────────────┘

(b) “Same day” for Tech Team™ Medium Tasks is subject to the cut-off rule:

(i) same-day applies to Medium Tasks submitted before 10:00 AM; and

(ii) Medium Tasks submitted after 10:00 AM may roll into the next working period, depending on queue load and readiness.

(c) “Business day(s)” in Delivery Timeframes means Business Days as defined in Part 1. Time outside Working Hours does not count towards the timeframe.

(d) Delivery Timeframes apply to Tasks that are:

(i) within Scope of Work;

(ii) within Plan scope and limits;

(iii) Ready; and

(iv) not subject to exclusions in clause 7.12.

(e) Where the Company publishes a complexity classification per Kit, that classification will generally determine whether the above Low/Medium/High timeframe applies. The Company may reclassify where the actual request materially differs from the typical Kit scope.

7.12 SLA exclusions (events that pause or extend timeframes)

The following are SLA exclusions. Where any exclusion applies, response and/or delivery targets may be paused or extended without breach:

(a) Client-caused delays, including:

(i) missing/incomplete briefs;

(ii) delayed replies or approvals;

(iii) failure to provide access or required confirmations;

(iv) providing incorrect credentials or permissions; or

(v) failure to accept required Quotes for third-party costs.

(b) Third-party dependency delays, including:

(i) vendor platform outages or degraded performance;

(ii) registry transfer/propagation windows;

(iii) plugin/theme vendor bugs or incompatibilities;

(iv) payment processor verification or review delays; or

(v) API rate limits and access restrictions.

(c) Security and verification controls, including:

(i) anti-fraud checks;

(ii) identity/authority verification;

(iii) high-risk change verification (DNS, domains, billing);

(iv) containment actions in response to malware; and/or

(v) access restrictions required to maintain platform integrity.

(d) Force Majeure Events (Part 1).

(e) Planned maintenance windows (Company or third-party), including:

(i) planned control panel maintenance;

(ii) planned server updates;

(iii) planned security patching; or

(iv) platform upgrades.

(f) Unplanned incident load, including:

(i) widespread internet outages;

(ii) upstream provider incidents;

(iii) vulnerability events affecting many clients; or

(iv) emergency patching requirements.

(g) Scope changes or moving goalposts after Execution has started, including:

(i) redesign requests;

(ii) new features not in the brief; or

(iii) materially changing acceptance criteria.

(h) Work suspended due to contract enforcement, including:

(i) non-payment;

(ii) chargebacks;

(iii) AUP breach; or

(iv) unlawful instructions.

7.13 Queue mechanics and interaction with SLA

(a) The SLA operates within the queue model described in Part 5. Unless concurrency is included in your Plan, Tasks are delivered consecutively.

(b) The Company may reorder the queue to address:

(i) P1/P2 Incidents;

(ii) Tasks that unblock other Tasks;

(iii) Tasks that become Ready sooner; and/or

(iv) risk-reducing fixes.

(c) The Company is not required to start a specific Task immediately upon Ticket submission, even if its Delivery Timeframe is short, because Delivery Timeframes assume the normal operation of the queue and readiness conditions.

7.14 Client obligations to support SLA performance

To support the SLA, you agree to:

(a) submit Tickets with clear briefs and acceptance criteria;

(b) provide required access promptly via Approved Secure Channels;

(c) respond to clarification requests in a timely manner;

(d) consolidate feedback where practical; and

(e) avoid bundling multiple unrelated requests in a single Ticket unless the Company agrees.

7.15 Escalation, complaints and SLA disputes

(a) If you believe an SLA target has been missed, you must raise it via Ticket and provide:

(i) the Ticket reference;

(ii) the relevant Plan;

(iii) the requested SLA metric (response or delivery);

(iv) your evidence; and

(v) the impact experienced.

(b) The Company will review the Ticket audit trail and determine whether an exclusion applied.

(c) If you remain dissatisfied after Ticket-based review, you may escalate in accordance with Part 17 (Complaints). For convenience, the Company provides complaints@skunkwork.co.uk, but the Company may still require formal tracking via Ticket.

(d) Any SLA dispute must be raised within thirty (30) days of the relevant event, otherwise it is deemed waived.

7.16 Service credits for SLA performance (non-hosting)

(a) Unless expressly stated in a Plan specification or agreed in a Quote, the Company does not provide cash refunds for SLA misses.

(b) If the Company offers a service credit remedy for a proven material SLA failure (outside exclusions), such remedy will be:

(i) provided as Credit only (Part 11);

(ii) applied to future invoices; and

(iii) the sole remedy for the SLA failure, subject to your statutory rights.

(c) The existence of a Credit remedy (if any) does not expand the Company’s liability beyond Part 16.

7.17 Hosting availability and uptime metrics

(a) Hosting availability metrics, maintenance windows, and any hosting-specific remedies are addressed in Part 8 (Hosting Terms) and relevant Hosting schedules.

(b) Ticket response and delivery for hosting support requests is governed by this SLA, while platform availability targets (if any) are governed by Part 8.

7.18 Continuous improvement and operational discretion

(a) The Company may improve its internal processes, tooling, staffing model, and triage methods from time to time.

(b) The Company retains discretion to allocate resources and schedule work in a manner that preserves:

(i) service stability;

(ii) security posture;

(iii) quality and auditability of delivery; and

(iv) fairness across Clients.

(c) Nothing in this SLA requires the Company to take actions that would materially increase risk to the Client’s systems, data, or service stability.

7.19 Relationship to limitation of liability

This SLA sets service targets and an operating framework. Liability (if any) for service issues is limited by Part 16, and nothing in this SLA creates unlimited liability or liability for indirect losses.

PART 8 — HOSTING TERMS (SKUNKHOST™): TECHNICAL & OPERATIONAL

8.1 Scope of Hosting Services

(a) This Part 8 applies where you:

(i) purchase SKUNKHOST™ Hosting Services as a standalone product; and/or

(ii) receive SKUNKHOST™ Hosting Services bundled with a SKUNKWORK™ Plan; and/or

(iii) request hosting-related Tasks, support, or configuration changes within any Ticket.

(b) Hosting Services are “managed WordPress hosting” services unless expressly stated otherwise. Where the Company agrees to host non-WordPress applications, that will be:

(i) by written agreement only; and

(ii) subject to additional constraints, risk assessment, and (where applicable) Additional Charges.

(c) Hosting Services are delivered as a shared operational platform with defined limits, security controls, and acceptable use constraints. You are purchasing a managed service, not unrestricted server administration rights.

(d) The Company may provide Hosting Services using:

(i) Company-operated infrastructure; and/or

(ii) third-party infrastructure providers (e.g., datacentre and connectivity vendors); and/or

(iii) licensed control panels and security tools.

The Company reserves the right to change underlying infrastructure providers, configurations, and tooling for security, performance, compliance, or operational reasons, provided that the Hosting Services continue to be delivered in substantially equivalent form.

8.2 Hosting product tiers and what is included (Core™ vs Pro™)

(a) Hosting tier specifications are those:

(i) displayed in the Client Portal at the time of order; and/or

(ii) set out in the relevant invoice/order confirmation; and/or

(iii) published in the Company’s hosting plan module and incorporated by reference, subject to clause 1.6 (order of precedence).

(b) For clarity and convenience, the following hosting tier characteristics are commonly associated with the two main SKUNKHOST™ tiers (the “Indicative Hosting Spec Table”).

IMPORTANT: The Client Portal product specification at the time of your order is the authoritative spec if any discrepancy exists.

INDICATIVE HOSTING SPEC TABLE (subject to order precedence in clause 1.6)

┌───────────────────────────────┬───────────────────────────────┬───────────────────────────────┐

│ Feature / Limit │ SKUNKHOST™ Core™ │ SKUNKHOST™ Pro™ │

├───────────────────────────────┼───────────────────────────────┼───────────────────────────────┤

│ Covered WordPress Builds │ X1 managed WordPress build │ X1 managed WordPress build │

│ Storage Technology │ NVMe disk │ NVMe disk │

│ NVMe Disk Space │ 3GB (indicative) │ 10GB (indicative) │

│ Monthly Traffic │ Unlimited (fair use applies) │ Unlimited (fair use applies) │

│ MySQL Databases │ Unlimited (fair use applies) │ Unlimited (fair use applies) │

│ Subdomains │ Unlimited (fair use applies) │ Unlimited (fair use applies) │

│ Domain Aliases │ Unlimited (fair use applies) │ Unlimited (fair use applies) │

│ Email Mailboxes │ 3 mailboxes (indicative) │ 15 mailboxes (indicative) │

│ Mail Storage (shared) │ As specified at order │ As specified at order │

│ Managed Backups │ 1 daily per site (indicative) │ 1 daily per site (indicative) │

│ Engine / Web Server │ LiteSpeed Enterprise │ LiteSpeed Enterprise │

│ Security Tooling │ Imunify360 + WebTotem │ Imunify360 + WebTotem │

│ Management Interface │ Plesk (Obsidian where used) │ Plesk Obsidian (where used) │

└───────────────────────────────┴───────────────────────────────┴───────────────────────────────┘

(c) Hosting tiers include a standard toolset on the hosting node (“Standard Infrastructure Assets”), which may include developer tooling, WordPress management tooling, security tooling, and monitoring tooling. The included toolset may change over time and may differ by tier, but is typically aligned to an equivalent set of capabilities.

(d) Where the Company advertises specific tool names and/or versions, these are provided for transparency and comparability. They are not a guarantee that the same version will remain installed indefinitely. The Company may upgrade, patch, replace, or retire tools in order to maintain security and stability.

8.3 One (1) site per Hosting Service / per Plan

(a) Unless the Company expressly agrees otherwise in writing, each Hosting Service (and each Plan that includes hosting) supports one (1) managed WordPress build / one (1) Covered Website only.

(b) Hosting multiple websites under one hosting product is outside scope unless:

(i) the Client purchases additional Hosting Services; or

(ii) the Company issues and the Client accepts a Quote; or

(iii) the Company provides written approval for a multi-site arrangement (rare; subject to strict boundaries).

(c) Where a Client attempts to host multiple distinct websites under one hosting product without authorisation, the Company may:

(i) require immediate remediation (additional services/Quotes);

(ii) suspend additional sites; and/or

(iii) treat the matter as unfair use under Part 5.

8.4 Management interface (Plesk) and access boundaries

(a) The Company may provide you access to a hosting management interface (including Plesk Obsidian or other Plesk variants). Any such access is provided:

(i) for convenience; and

(ii) subject to security controls; and

(iii) subject to the Company’s right to restrict or revoke access at any time (Part 2).

(b) The Company is a managed hosting provider. Accordingly:

(i) root-level access is not provided to Clients;

(ii) SSH access (if provided) may be restricted, time-limited, and/or approval-based;

(iii) high-risk actions (DNS changes, SSL replacement, mail routing, PHP version changes, security toggles, backup deletion, mass plugin updates) may be restricted to the Company.

(c) If you take any action within a control panel or related tooling that causes:

(i) downtime;

(ii) performance degradation;

(iii) security exposure; or

(iv) data loss/corruption,

you are responsible for the consequences and the Company may treat recovery work as:

(i) a chargeable Task via Quote; and/or

(ii) an incident requiring immediate containment.

(d) The Company may implement guardrails including:

(i) rate limiting;

(ii) brute force protection;

(iii) WAF/firewall controls;

(iv) restricted permissions; and

(v) automated threat response.

These controls may block your access or functionality temporarily where risk is detected.

8.5 Provisioning, configuration, and baseline standards

(a) The Company will provision hosting in accordance with the product specification purchased, which may include:

(i) creating the hosting subscription/site space;

(ii) configuring server-level and site-level security controls;

(iii) issuing SSL certificates (where included);

(iv) provisioning mailboxes (where included);

(v) configuring backups (where included); and

(vi) enabling a standard performance stack (e.g., LiteSpeed + caching where appropriate).

(b) The Company may use templates, automation, and standardised configurations to ensure predictable performance and security.

(c) You acknowledge that:

(i) certain defaults may be enforced to preserve platform stability; and

(ii) requests to deviate from defaults may be refused or quoted.

8.6 Free migration (where applicable) and migration boundaries

(a) Where your Plan or Hosting Service includes “free website migration” at subscription start (where applicable), migration is defined as:

(i) moving one (1) WordPress site to SKUNKHOST™;

(ii) including core WordPress files, database, media library, and basic configuration;

(iii) with a reasonable best-efforts approach to parity of functionality.

(b) Migration may exclude (unless expressly agreed):

(i) re-engineering custom code;

(ii) rebuilding themes/plugins;

(iii) email migrations beyond mailbox provisioning;

(iv) complex multisite conversions;

(v) forensic repair of a compromised site; or

(vi) resolving systemic issues that pre-date migration (malware, corruption, legacy PHP conflicts).

(c) The Company may require:

(i) admin access to WordPress;

(ii) access to the outgoing host;

(iii) DNS control; and/or

(iv) confirmation windows for go-live.

(d) If the site is unstable, compromised, or technically blocked from migration without remediation, the Company may:

(i) pause migration;

(ii) require a security clean or repair as a separate Task/Quote; and/or

(iii) recommend remediation before hosting is activated.

(e) DNS cutover timing and propagation are not controlled by the Company. Any downtime caused by DNS propagation, registrar restrictions, or third-party network caches is an SLA exclusion.

8.7 Backups policy, and limitations

(a) Where “Managed Backups” are included, the Company will configure automated backups in accordance with the hosting tier and platform policy.

(b) Unless the Client Portal specification states otherwise, an indicative baseline is “one (1) daily backup per site.” Backups may be stored on platform backup storage and may be subject to retention windows determined by the Company.

(c) Backup limitations:

(i) backups are taken on a best-efforts basis and may fail due to factors outside the Company’s control (corruption, malware, I/O failures, vendor outages, resource exhaustion);

(ii) backups may be incomplete where files are locked, being written, or are excluded by standard backup rules;

(iii) restoration may not fully recover a site to a working state where the root cause is malware, corruption, plugin incompatibility, or external dependency failure; and

(iv) backups do not guarantee that you will not lose data (e.g., content created between backup points).

(d) Restore requests:

(i) you must request a restore via Ticket;

(ii) you must specify the requested restore point (date/time) where known;

(iii) you acknowledge that restoring may overwrite newer data; and

(iv) the Company may require written confirmation via Ticket before restoring.

(e) Restore inclusion:

(i) basic restores may be included as part of Hosting Services (as specified at order); however

(ii) complex restores, repeated restores, forensic recovery, or malware cleanup may be treated as chargeable work via Quote.

(f) Client obligations:

(i) you remain responsible for independent backups unless your risk appetite and compliance obligations are satisfied by the hosted backup policy;

(ii) you must not treat managed backups as your only business continuity strategy.

8.8 Security responsibilities, hardening, and malware handling

(a) The Company provides a security-forward hosting environment and may include tools such as WAF/firewall, malware scanning, and automated mitigation.

(b) Shared responsibility:

(i) the Company is responsible for securing the hosting platform and applying server-level patches, subject to operational discretion;

(ii) you are responsible for your Content, admin users, passwords, plugin/theme selection, and ongoing operational hygiene unless your Plan expressly includes full managed security work.

(c) Security best practice expectations:

(i) strong passwords and MFA where available;

(ii) least-privilege admin accounts;

(iii) prompt removal of unused plugins/themes/users;

(iv) avoiding nulled/pirated plugins and themes;

(v) avoiding insecure file permissions.

(d) Malware or compromise:

(i) if the Company detects malware, suspicious activity, or compromise indicators, the Company may take immediate containment actions, including suspending the site, isolating the account, blocking traffic, or disabling services;

(ii) the Company will notify you via Ticket where practicable;

(iii) the Company may require remediation steps before restoring normal service.

(e) Malware remediation:

(i) basic automated cleaning (where tooling allows) may be attempted;

(ii) manual remediation, forensic work, hardening, and re-platforming may require a Quote unless explicitly included in your Plan scope.

(f) Security actions are taken to protect:

(i) your data and services;

(ii) the Company’s infrastructure; and

(iii) other Clients.

Security containment steps are not SLA breaches, and the Company is not liable for losses caused by necessary containment actions.

8.9 Updates, maintenance windows, and “Smart Updates”

(a) The Company may perform maintenance on hosting infrastructure and tooling (including kernel updates, security patches, control panel upgrades, and monitoring updates).

(b) Planned maintenance:

(i) may cause temporary interruption or degraded performance;

(ii) will be scheduled to minimise impact where reasonably possible; and

(iii) is an SLA exclusion (Part 7) and is not counted as downtime for uptime guarantees where the Company has acted reasonably.

(c) WordPress/plugin/theme updates:

(i) may be performed by you, by the Company, or by automated tooling (where available/appropriate);

(ii) can cause incompatibilities; and

(iii) may require rollback, patching, or redevelopment.

(d) Where “Smart Updates” or staged update tooling is available, the Company may use it; however, no tooling guarantees a perfect outcome. Updates remain inherently risky due to third-party code.

(e) If you request the Company to perform updates outside normal scope or in high-risk contexts, the Company may require:

(i) staged testing;

(ii) additional backups;

(iii) maintenance windows; and/or

(iv) a Quote.

8.10 Performance, caching, and resource governance

(a) The Company provides a performance stack intended to optimise WordPress delivery (for example, LiteSpeed and caching controls), but performance depends on:

(i) theme quality;

(ii) plugin footprint;

(iii) database health;

(iv) media size and optimisation;

(v) traffic patterns; and

(vi) third-party API calls.

(b) The Company may enforce resource governance to protect the platform, including:

(i) CPU/memory limits per subscription;

(ii) I/O and process limits;

(iii) connection throttling;

(iv) caching enforcement; and

(v) restrictions on long-running tasks or heavy cron jobs.

(c) “Unlimited” (traffic, databases, subdomains, aliases) means:

(i) no fixed numeric cap is stated for that category; but

(ii) fair use applies, and the Company may restrict activity that threatens platform stability.

(d) Prohibited or high-risk workload patterns may include:

(i) crypto-mining;

(ii) bulk scraping;

(iii) distributed stress tools;

(iv) heavy video hosting and streaming (unless expressly agreed);

(v) public file archives; and

(vi) workloads not aligned with WordPress hosting.

8.11 Email services (where included): acceptable use and limitations

(a) Some Hosting Services include mailbox provisioning and/or mail routing.

(b) Email is provided for normal business correspondence and standard transactional use.

(c) Prohibited email uses include:

(i) spam;

(ii) unsolicited bulk email;

(iii) phishing or deceptive content;

(iv) malware distribution; or

(v) any unlawful communications.

(d) The Company may impose sending limits, rate limits, and abuse detection. If abuse is detected, the Company may:

(i) throttle or block email sending;

(ii) suspend mail services;

(iii) require remediation; and/or

(iv) terminate services for serious breach under Part 15.

(e) Deliverability:

(i) email deliverability depends on many external factors (recipient filtering, IP reputation, DMARC/DKIM/SPF alignment, content scoring);

(ii) the Company does not guarantee inbox placement.

(f) The Client is responsible for:

(i) lawful mailing practices;

(ii) accurate sender identity configuration; and

(iii) maintaining compliant marketing email practices where applicable.

8.12 SSL certificates and encryption

(a) The Company may provide SSL certificate issuance and management (e.g., Let’s Encrypt or other certificate providers) as part of Hosting Services.

(b) SSL automation is best-efforts and may fail due to:

(i) DNS misconfiguration;

(ii) domain ownership validation failures;

(iii) rate limits; or

(iv) third-party certificate authority issues.

(c) If you request custom or premium certificates, those may require a Quote and may be subject to third-party terms.

8.13 Uptime guarantee, measurement rules, and exclusions

(a) The Company may publish an “uptime guarantee” for Hosting Services.

(b) Unless the Client Portal specification states otherwise, uptime is typically measured as:

(i) service availability of the HTTP/HTTPS endpoint and/or hosting platform service to the public internet; and

(ii) across a calendar month (or other measurement period stated in the product specification).

(c) Uptime measurement excludes (without limitation):

(i) planned maintenance windows (clause 8.9);

(ii) client-caused downtime (misconfiguration, plugin changes, credential changes, content injections);

(iii) third-party outages or failures (DNS providers, registrars, CDNs, payment gateways, upstream carriers);

(iv) force majeure events;

(v) security containment actions (clause 8.8);

(vi) outages caused by exploitation of vulnerabilities in third-party code installed by the Client; and

(vii) downtime affecting only the Client’s local network, ISP, or device.

(d) The Company may use internal and/or third-party monitoring to evaluate uptime.

(e) The Company’s sole remedy for a proven hosting uptime shortfall (where not excluded) is service Credits in accordance with clause 8.14 and Part 11. No cash refunds are provided, except where required by law.

8.14 Hosting service credits (sole remedy; credits only)

(a) If the Client believes the uptime guarantee has not been met, the Client must:

(i) raise a Ticket within thirty (30) days of the alleged shortfall;

(ii) provide evidence (timestamps, affected domains, monitoring data where available); and

(iii) allow the Company to investigate and confirm whether an exclusion applied.

(b) If the Company confirms a hosting uptime shortfall that is not excluded, the Company may grant service Credits. Credits:

(i) are applied to your Credit Balance in the Client Portal;

(ii) are non-cash and non-refundable;

(iii) are applied to future invoices; and

(iv) are the sole remedy.

(c) Credit caps:

(i) any Credits granted for uptime issues will be capped at the hosting Fees paid for the affected service period unless the Company agrees otherwise; and

(ii) nothing in this clause expands liability beyond Part 16.

(d) The Company may publish a credit schedule (percentage-based) in a Hosting schedule/appendix. If published, that schedule will apply. If no schedule is published, the Company will determine Credits acting reasonably, proportionate to the verified impact, subject to cap.

8.15 Resource upgrades, downgrades, and downgrade safety audits

(a) Upgrades and downgrades are governed by Part 11. This clause provides hosting-specific safeguards.

(b) Hosting downgrades that reduce resource ceilings (including disk/memory allocations) can cause service instability where current usage exceeds the new tier.

(c) Accordingly:

(i) upgrades may take effect immediately (subject to provisioning);

(ii) downgrades are subject to technical feasibility checks; and

(iii) the Company may refuse or defer a downgrade where it would reasonably risk downtime, corruption, or service failure.

(d) Where the Company advertises a Pro → Core (or higher → lower) hosting downgrade audit, the audit will typically include:

(i) storage utilisation vs new tier limits;

(ii) mailbox utilisation vs new tier limits (where applicable);

(iii) database size and backup feasibility;

(iv) performance footprint and any known high-load services; and

(v) risk assessment for stability.

(e) If a downgrade is feasible:

(i) the Company will apply it in accordance with Part 11;

(ii) any price difference is handled as Credit only (never a refund), applied against future invoices.

(f) If a downgrade is not feasible:

(i) the downgrade may be rejected or deferred until the Client reduces usage to within the lower tier limits; and

(ii) any pricing difference that would otherwise have applied will be handled as Credit only, not a cash refund, subject to Part 11 and the Company’s billing mechanics.

(g) The Company is not liable for downtime caused by Client attempts to downgrade while exceeding lower tier limits or by Client refusal to remediate usage.

8.16 Data retention, deletion, and end-of-service handling

(a) While Hosting Services are active and paid, the Company will host the Covered Website subject to this Agreement.

(b) Upon cancellation, termination, or non-payment leading to suspension:

(i) access may be restricted;

(ii) services may be suspended; and

(iii) data may be scheduled for deletion after a retention period determined by the Company.

(c) Retention windows may vary by service type and risk profile and may be published in the Client Portal. The Client is responsible for exporting any required data before cancellation/termination.

(d) The Company is not responsible for data loss where:

(i) the Client cancels service without exporting data;

(ii) invoices remain unpaid beyond reasonable recovery windows; or

(iii) deletion is required for legal, compliance, or security reasons.

(e) If the Client requests an export or handover, the Company may:

(i) provide a standard export (files/database) as a chargeable service via Quote; and/or

(ii) require that all Fees are paid before providing handover.

8.17 Suspension rights and protective actions

(a) The Company may suspend Hosting Services (in whole or in part) immediately if:

(i) there is a security threat or compromise;

(ii) the Client breaches the AUP;

(iii) the Client engages in abuse (spam, malware, unlawful content);

(iv) the Client’s site threatens platform stability (resource abuse);

(v) a chargeback occurs; or

(vi) non-payment persists beyond reasonable reminders.

(b) The Company will notify the Client via Ticket where practicable. However, urgent suspensions for security may occur without prior notice.

(c) Suspension does not relieve the Client of payment obligations for the period already invoiced, and refunds are not provided for suspension time, except where required by law.

8.18 Ownership, control, and responsibility boundaries

(a) The Client owns its Content and website data, subject to third-party rights.

(b) The Company owns and controls:

(i) the hosting platform and its configurations;

(ii) the operational toolchain; and

(iii) standard templates and automation used to deliver Hosting Services.

(c) The Company does not assume responsibility for:

(i) the Client’s legal compliance obligations;

(ii) the Client’s domain ownership and renewals (see Part 9);

(iii) the business outcomes of hosting (traffic, sales, ranking);

(iv) third-party service failures; or

(v) data loss caused by Client actions, third-party actions, or malware introduced via insecure practices.

8.19 Prohibited activities (hosting AUP alignment)

(a) The AUP (Part 15) applies fully to Hosting Services.

(b) Without limitation, you must not use Hosting Services to:

(i) distribute malware;

(ii) conduct phishing or fraud;

(iii) host illegal content;

(iv) facilitate hacking, scanning, or brute forcing;

(v) send spam or unsolicited bulk email;

(vi) operate open relays or insecure mail gateways; or

(vii) abuse bandwidth/resources in a way that threatens the platform.

(c) If prohibited activity is detected, the Company may suspend or terminate immediately and may report to relevant authorities where required by law.

8.20 Support boundaries for hosting

(a) Hosting support is delivered via Tickets and subject to your Plan’s Working Hours and SLA.

(b) “Support” includes reasonable assistance with:

(i) hosting environment status;

(ii) basic configuration guidance;

(iii) uptime/incidents affecting the hosting platform;

(iv) routine hosting controls (SSL, DNS pointers, backups where included);

(v) basic email mailbox provisioning (where included).

(c) Hosting support does not include (unless a Plan/Kit/Quote expressly provides it):

(i) ongoing web development outside Scope of Work;

(ii) complex email migrations;

(iii) deliverability consulting for mass mail;

(iv) custom server tuning per-client beyond standard offering;

(v) third-party vendor dispute handling; or

(vi) legal compliance responsibility.

8.21 Third-party licences, bundled plugins, and included assets (where applicable)

(a) Where the Company advertises included third-party plugins, themes, or licences as part of a hosting tier or Plan:

(i) inclusion is subject to the Company’s current vendor agreements, tool availability, and licensing terms;

(ii) included assets may change, be replaced, or be withdrawn if vendor terms change, provided that the Company maintains a substantially equivalent service level where reasonably possible; and

(iii) the Company is not liable for vendor withdrawal, version discontinuation, or vendor security incidents.

(b) Where the Client requests specific third-party licences not included, those must be provided via Quote(s) under clause 3.7. Once purchased/provisioned, those third-party costs are non-refundable except where required by law.

8.22 Limitation of liability specific to hosting

(a) Hosting Services are provided on a managed basis with defined limits and shared responsibility.

(b) The Company’s liability for hosting issues is limited by Part 16. For avoidance of doubt:

(i) the Company is not liable for indirect or consequential losses (lost profits, lost sales, reputational harm);

(ii) the Company is not liable for failures arising from third-party dependencies;

(iii) the Company is not liable for client-caused downtime or losses; and

(iv) service Credits (if any) are the sole remedy for uptime shortfalls.

(c) Nothing in this Part 8 limits liability that cannot be limited under applicable law.

8.23 Survival

Clauses in this Part 8 that by their nature should survive termination (including limitation of liability, ownership boundaries, AUP enforcement rights, and dispute procedures) shall survive termination or expiry of Hosting Services.

PART 9 — DOMAINS, DNS & TRANSFERS

9.1 Scope and applicability

(a) This Part 9 applies where you:

(i) purchase domain-related products or services (including registrations, renewals, transfers, privacy protection, DNS hosting, or related add-ons) through the Client Portal; and/or

(ii) request the Company’s assistance with domain, DNS, or transfer-related actions via Ticket; and/or

(iii) rely on a domain name to operate your Covered Website or hosted services.

(b) Domain services are subject to:

(i) this Agreement;

(ii) the product specification in the Client Portal at the time of order;

(iii) the invoice/order confirmation; and

(iv) registry and provider terms and policies (including, where applicable, ICANN rules, Nominet rules for .uk domains, or other registry-specific policies).

(c) The Company may provide domain services directly or via third-party registrars/resellers. Where a third party is involved, the Company is not responsible for the third party’s internal processes, timeframes, verification requirements, or outages.

9.2 Registrant responsibility (owner-managed domains)

(a) Domains are fundamentally “owner-managed” assets. Unless expressly agreed otherwise in writing, you (the Client/Registrant) remain solely responsible for:

(i) maintaining accurate registrant and contact information;

(ii) ensuring renewals are paid on time;

(iii) preventing expiry and loss of domains;

(iv) maintaining access to the email address used for registrant verification and transfers;

(v) safeguarding registrar login credentials and 2FA recovery methods; and

(vi) complying with registry policies.

(b) The Company may assist you with domain-related actions, but such assistance does not:

(i) make the Company the registrant/owner; or

(ii) transfer registrant responsibilities to the Company.

(c) You acknowledge that domain ownership is legally and operationally distinct from hosting. A hosted website may be functioning perfectly while a domain expires or is suspended due to registrant issues. The Company is not liable for losses arising from domain expiry, suspension, or transfer problems outside the Company’s control.

9.3 Account deletion, access loss, and active domain consequences (explicit risk allocation)

(a) You are responsible for ensuring that you do not delete, close, or lose access to domain-related accounts while the domain remains active, registered, or in use.

(b) The Company is not responsible or liable for:

(i) domains that remain active at a registrar while the Client deletes or loses access to the registrar account;

(ii) the Client’s inability to renew, transfer, unlock, or obtain authorisation codes due to Client account deletion, identity issues, or failure to maintain access to registrant emails;

(iii) domains that enter expiry, redemption, or auction due to missed renewals caused by Client actions or inaction; or

(iv) losses arising from registrar security measures, identity verification failures, or registry enforcement action.

(c) If you request the Company to help you recover access or resolve an account deletion/lockout scenario, the Company may:

(i) provide reasonable assistance via Ticket; and/or

(ii) require a Quote for time-intensive recovery work,

but does not guarantee a successful outcome.

9.4 Domain registrations and renewals

(a) Domain registrations and renewals are:

(i) time-sensitive; and

(ii) subject to registry rules; and

(iii) often non-refundable once processed.

(b) Unless the Client Portal specification states otherwise, domain registrations and renewals are billed:

(i) in advance; and

(ii) for the applicable registration period (e.g., 1 year, 2 years), as selected at order.

(c) Auto-renewal (where enabled):

(i) may be available in the Client Portal;

(ii) is the Client’s responsibility to configure and maintain; and

(iii) requires valid payment methods and up-to-date billing details.

Auto-renewal is not guaranteed if payment fails, a card expires, or anti-fraud controls block payment.

(d) The Company may send renewal reminders via the Client Portal and/or email; however:

(i) reminders may be affected by spam filtering or email deliverability issues; and

(ii) failure to receive a reminder does not relieve you of responsibility to renew.

(e) Where a domain expires, the domain may enter:

(i) a grace period;

(ii) a redemption period; and/or

(iii) an auction or deletion phase,

depending on registry rules. Fees for redemption or recovery are typically higher than standard renewal fees and are treated as Additional Charges.

(f) The Company is not responsible for third-party/registry-imposed fees or timeframes and cannot guarantee recovery of an expired domain.

9.5 Domain transfers (inbound and outbound)

(a) Transfers are subject to registry/registrar rules, which may include:

(i) transfer locks (e.g., newly registered domains, recent transfers, security locks);

(ii) verification requirements;

(iii) email confirmations; and

(iv) waiting periods.

(b) For inbound transfers (to the Company’s domain provider):

(i) you must provide accurate domain details, including correct registrant contact emails;

(ii) you may need to provide an authorisation/EPP code (where applicable);

(iii) you may need to unlock the domain; and

(iv) you must approve transfer requests promptly.

(c) For outbound transfers (away from the Company’s provider):

(i) you must request transfer via Ticket (for auditability);

(ii) you must complete registry/registrar confirmations promptly; and

(iii) the Company may require that all outstanding invoices are paid before processing outbound transfer assistance, to prevent fraud.

(d) Transfer completion is not guaranteed. Transfers can fail due to:

(i) incorrect authorisation codes;

(ii) mismatched registrant information;

(iii) registrar denial (fraud protection);

(iv) pending disputes, locks, or legal holds;

(v) DNSSEC issues or misconfiguration; and/or

(vi) third-party outages.

(e) The Company will use reasonable efforts to assist with transfers purchased through the Client Portal, but is not liable for transfer failures outside its control.

9.6 DNS services and propagation realities

(a) DNS changes may be requested via Ticket. DNS changes may include:

(i) A/AAAA records;

(ii) CNAME records;

(iii) MX records;

(iv) TXT records (SPF/DKIM/DMARC/verification records);

(v) SRV records; and

(vi) nameserver changes.

(b) DNS changes are inherently subject to propagation and caching, which the Company does not control. Even after a correct DNS change is made, it may take time to be recognised across:

(i) global recursive resolvers;

(ii) corporate networks;

(iii) ISP caches; and

(iv) device caches.

(c) You acknowledge that:

(i) propagation delays are not SLA breaches; and

(ii) temporary inconsistencies in global DNS resolution are expected behaviour.

(d) High-impact DNS actions (nameserver changes, MX changes, major cutovers) may require explicit confirmation via Ticket and may be scheduled in a maintenance window to reduce risk.

(e) If you make DNS changes yourself (or via a third party) that break services, the Company is not liable for resulting downtime or losses, and recovery work may require a Quote if outside scope.

9.7 DNSSEC, email authentication and verification records

(a) DNSSEC (where enabled) can improve security but may also increase configuration complexity and risk. The Company may:

(i) support DNSSEC where feasible; and/or

(ii) require it to be disabled during certain migrations or troubleshooting.

(b) Email authentication records (SPF/DKIM/DMARC) are commonly required for deliverability. The Company may provide best-efforts guidance or assistance, but:

(i) deliverability is not guaranteed; and

(ii) recipient filtering is outside the Company’s control.

(c) Verification records (e.g., for Google/Microsoft/third-party SaaS) may be required and are Client responsibility to maintain unless the Company is instructed otherwise via Ticket.

9.8 Domain privacy, WHOIS, and regulatory requirements

(a) Some registries require accurate registrant details and may suspend or delete domains if registrant data is inaccurate or unverified.

(b) Privacy protection (where available) may be offered as an add-on. Privacy services are subject to provider availability and registry rules, and may not be available for all TLDs.

(c) The Client remains responsible for compliance with any legal requirement to publish business information (e.g., company details on a website) regardless of WHOIS privacy settings.

9.9 Suspension, disputes, legal holds and registry enforcement

(a) Domains may be suspended or placed on hold due to:

(i) non-payment;

(ii) suspected fraud;

(iii) UDRP/DRS disputes (or similar dispute procedures);

(iv) court orders;

(v) registry policy enforcement;

(vi) malware/phishing complaints; or

(vii) inaccurate registrant data or verification failures.

(b) The Company is not responsible for registry decisions or dispute outcomes.

(c) Where a domain is subject to a dispute or legal hold, the Company may be unable to:

(i) transfer the domain;

(ii) change registrant details; or

(iii) make certain DNS changes,

until the hold is lifted.

9.10 Non-refundable nature of domain services (important billing rule)

(a) Domain registrations, renewals, redemptions, transfers, and registry fees are typically non-refundable once processed, because the Company and/or its providers incur irreversible costs with the registry.

(b) Where you request cancellation of a domain service after processing begins, you acknowledge that:

(i) the Company may be unable to reverse the transaction; and

(ii) refunds will not be provided, except where required by law or where the registry/provider issues a refund to the Company (in which case the Company may pass through the refund, net of any non-recoverable costs).

(c) Credits:

(i) Where the Company elects to offer goodwill for a domain service issue, it will be by Credit only and at the Company’s discretion.

(ii) Credits do not apply where the issue arises from Client-caused delays, failure to maintain access, or registry enforcement.

9.11 Relationship to hosting, website continuity, and cutover responsibility

(a) A domain is often the “front door” to your website. Successful operation depends on:

(i) active domain registration;

(ii) correct DNS configuration;

(iii) functioning hosting; and

(iv) correct SSL issuance/renewal.

(b) The Company can support hosting and DNS, but you remain responsible for domain ownership and renewals unless explicitly contracted otherwise.

(c) If the Client requests a migration or cutover, the Client must:

(i) keep the domain active and unlocked as required;

(ii) ensure registrant emails are accessible; and

(iii) respond promptly to transfer approvals and verification requests.

Failure to do so may cause delays and is an SLA exclusion.

9.12 Domain-related security and anti-fraud controls

(a) Domain actions (transfers, DNS changes, ownership changes) are high risk. The Company may require:

(i) identity verification;

(ii) proof of ownership;

(iii) written confirmation in a Ticket; and/or

(iv) waiting periods,

before executing domain-related actions.

(b) The Company may refuse to process domain actions where:

(i) fraud is suspected;

(ii) the request is inconsistent with the Account history; or

(iii) a third party claims ownership.

(c) The Company is not liable for delays arising from reasonable security controls.

9.13 Client instructions and liability boundaries

(a) Where you instruct the Company to perform a domain action, you accept responsibility for the consequences of that action, including:

(i) temporary downtime from DNS propagation;

(ii) email disruption from MX changes; and

(iii) service interruption from misconfigured records.

(b) Where the Company warns of risks and you authorise the action, the Company is not liable for those inherent risks provided the Company acted with reasonable care and skill.

9.14 Survival

The responsibilities and liability boundaries in this Part 9 (including registrant responsibility, non-refundable domain service rules, and security controls) survive termination or expiry of Services to the extent they are relevant to events occurring during the term.

PART 10 — BILLING, PRICING, DISCOUNTS, QUOTES & TAXES

10.1 General billing principles

(a) The Company operates a “pay in advance” billing model for subscriptions and recurring services unless expressly agreed otherwise in writing.

(b) All Fees are payable in accordance with:

(i) the Plan or product specification shown in the Client Portal at the time of purchase;

(ii) the invoice/order confirmation; and

(iii) any accepted Quote(s).

(c) Unless expressly stated otherwise, Services are billed:

(i) monthly in advance for subscription Plans and hosting; and

(ii) at the time of order for one-off items (including Kits, domains, transfers, and pass-through costs).

(d) The Company does not provide cash refunds once a billing period has been paid for, except:

(i) as expressly stated in Part 12 (24-hour new-client refund window, subject to strict conditions); or

(ii) where required by law.

(e) Where any adjustment is due (including from approved downgrades, SLA remedies, goodwill gestures, or billing corrections), the Company’s default remedy is Credit (not cash refund), applied to your Account in the Client Portal, unless law requires otherwise.

10.2 Currency, invoicing format and system of record

(a) Invoices and Quotes are issued via the Client Portal and form part of the authoritative billing record.

(b) The Company may issue electronic invoices only (e-invoicing). You agree that invoices delivered via the Client Portal and/or by email are valid for all purposes.

(c) Unless stated otherwise on your invoice, Fees are billed in GBP sterling.

(d) If the Company offers multi-currency billing, currency conversion rates and conversion fees (if any) may be applied by:

(i) payment processors;

(ii) banks/card issuers; and/or

(iii) the Company’s billing platform,

and the Company is not responsible for third-party conversion costs.

10.3 Taxes (including VAT)

(a) Fees are stated exclusive of VAT unless expressly stated as inclusive.

(b) Where VAT applies, VAT will be added at the applicable rate at the time of invoicing.

(c) If you are VAT-registered and eligible for VAT treatment, you must provide accurate VAT information. The Company may:

(i) validate VAT information; and/or

(ii) apply VAT unless and until valid evidence is provided.

(d) You are responsible for any other taxes, duties, or levies arising from your purchase or use of Services, except where the Company is legally obliged to collect them.

10.4 Subscription billing cycles and renewals

(a) Subscription Plans and recurring Hosting Services renew automatically at the end of each billing cycle unless cancelled in accordance with Part 11.

(b) Unless stated otherwise:

(i) your billing period runs from the date of purchase/renewal to the end of that period (e.g., one calendar month from the renewal date); and

(ii) the next period is invoiced in advance.

(c) If you cancel a subscription, cancellation takes effect at the end of the current paid period (see Part 11). No refund is provided for unused time within a paid period.

(d) If you do not cancel and do not pay, non-payment consequences apply (clause 10.12), including possible suspension.

10.5 Pricing guarantee until 2027 (what is fixed and what is not)

(a) The Company guarantees that the base subscription price of your Plan(s) will remain fixed until 31 December 2027 (the “Price Guarantee”), subject to the exclusions in this clause.

(b) The Price Guarantee applies to:

(i) the recurring subscription fee for your active Plan(s); and

(ii) the recurring fee for your Hosting Service tier (where it is a recurring subscription fee).

(c) The Price Guarantee does NOT apply to:

(i) VAT or other taxes (which may change by law);

(ii) domain registry pricing, redemption fees, transfer fees, or other registry/provider charges;

(iii) third-party licences, paid plugins, premium vendor services, or other pass-through costs;

(iv) new products, new Plans, optional add-ons, or one-off Kits introduced after your purchase;

(v) chargeable work provided via Quote(s);

(vi) Fees arising from your upgrade to a different Plan or higher tier (upgrades change the base subscription fee to the upgrade fee); and/or

(vii) costs resulting from changes you request that move you to a different billing basis.

(d) If the Company is required by law or regulation to alter pricing, billing methodology, or tax handling, such changes may be made notwithstanding the Price Guarantee.

(e) If you pause Services and later restart, you will restart on the then-current pricing model in accordance with Part 11 (and any previous discount codes may be invalidated).

10.6 Payment methods, processors and anti-fraud controls

(a) You must pay invoices using the payment methods offered in the Client Portal. The Company may use third-party payment processors (including card processors and bank transfer providers).

(b) You authorise the Company and its payment processors to:

(i) process payments for invoices you approve/owe;

(ii) store payment tokens (not full card details) where supported by the processor; and

(iii) perform fraud-prevention checks.

(c) The Company may:

(i) refuse a payment method;

(ii) require alternative payment; and/or

(iii) delay provisioning,

where fraud is suspected or additional verification is required.

(d) You are responsible for ensuring your payment method is valid, has sufficient funds, and remains up to date. Failed payments may result in suspension under clause 10.12.

10.7 Quotes for Additional Charges (plugins, licences, premium services, out-of-scope work)

(a) Fixed-fee Plans cover only what is expressly included in your Plan specification and within the Scope of Work.

(b) Any items or costs not included within the Plan are “Additional Charges” and must be:

(i) issued as a Quote in the Client Portal; and

(ii) accepted by you before the Company purchases, provisions, installs, or commits to them.

(c) Quotes may include (without limitation):

(i) third-party licences and paid plugins;

(ii) premium vendor services;

(iii) domain redemption fees or registry fees;

(iv) complex migrations or recovery work;

(v) bespoke development outside the standard Scope of Work; and/or

(vi) expedited/out-of-hours work (where offered).

(d) Quote acceptance:

(i) A Quote becomes binding when accepted by you in the Client Portal (or in writing where the Company permits).

(ii) Acceptance may create irreversible third-party costs. You acknowledge that acceptance may immediately render those costs non-refundable.

(e) No refund for unsuitability:

(i) If a plugin/licence/vendor service later proves unsuitable for your needs, this does not constitute grounds for a refund (cash or credit) for the third-party cost.

(ii) Suitability depends on many variables (compatibility, vendor changes, your requirements evolving). The Company may recommend products in good faith but does not guarantee future suitability or vendor behaviour.

(iii) Any replacement, redesign, or alternative approach required is a new Task and may require a new Quote.

(f) The Company may decline to procure certain third-party products if:

(i) licensing terms are incompatible with managed hosting;

(ii) the vendor is known to be insecure or non-compliant;

(iii) the product is “nulled” or pirated; or

(iv) the product conflicts with platform stability.

10.8 Deposits, prepayments and Credit handling

(a) Where you make a deposit or prepayment (whether for a Plan, a Kit, or bespoke work):

(i) it is applied against Fees owed; and

(ii) unless explicitly refundable under Part 12 or required by law, it is not refundable in cash.

(b) Where you are entitled to an adjustment (for example, an approved downgrade credit, a billing correction, or an agreed goodwill allowance), the Company will apply the adjustment as Credit to your Account.

(c) Credit is:

(i) non-cash;

(ii) non-transferable;

(iii) not redeemable for money; and

(iv) applied automatically to the next invoice(s) unless the Company agrees otherwise.

This does not affect your statutory rights.

10.9 Credits: application order and practical rules

(a) The Company may apply Credit to invoices in the following order (unless the Client Portal workflow states otherwise):

(i) overdue invoices (if any);

(ii) current recurring subscription invoices;

(iii) one-off invoices and Quotes.

(b) Credit cannot be used to reverse or claw back:

(i) third-party registry charges already incurred; or

(ii) third-party licence/vendor charges already incurred,

unless the Company actually receives a refund from the provider and elects to pass it through.

(c) The Company may refuse to apply Credit to invoices where doing so would:

(i) breach anti-fraud controls;

(ii) breach legal obligations; or

(iii) conflict with provider/registry rules.

10.10 Discounts and discount codes (single-use and conditions)

(a) The Company may offer promotional discount codes from time to time.

(b) Unless expressly stated otherwise, all discount codes are:

(i) single-use per customer (one redemption per customer account); and

(ii) non-transferable; and

(iii) subject to validity periods and eligibility rules stated at the time of issue.

(c) Discount codes may:

(i) apply only to specific Plans/products;

(ii) exclude third-party costs (plugins/licences/domains);

(iii) exclude existing customers or apply only to new customers; and/or

(iv) be limited in quantity or time.

(d) Discount codes cannot be applied retroactively to already paid invoices unless the Company agrees otherwise in writing.

(e) Pauses and discount invalidation:

(i) If you pause your subscription (Part 11), any discount code or promotional pricing associated with that subscription may become invalid.

(ii) On restarting after a pause, your Fees will be charged at the full then-current price unless the Company expressly reissues a promotion in writing.

(f) Abuse prevention:

(i) The Company may refuse discount application where it reasonably suspects abuse (multiple accounts, fraudulent identities, chargeback risk).

(ii) The Company may revoke discounts applied in error and reissue an invoice for the correct amount.

10.11 Billing corrections and errors

(a) If the Company discovers a billing error (overcharge or undercharge), the Company may correct it by:

(i) issuing a corrected invoice; and/or

(ii) applying Credit for overcharges; and/or

(iii) requesting payment of undercharges.

(b) The Company will use reasonable efforts to notify you of material corrections. You agree to cooperate in resolving billing errors.

(c) A billing correction does not create grounds for cancellation mid-period or for refunds beyond what is required by law.

10.12 Late payment, suspension and service restriction

(a) If you fail to pay an invoice by its due date, the Company may (without limiting any other rights):

(i) suspend Services (including Hosting Services and ticket execution);

(ii) restrict access to the Client Portal;

(iii) pause all queued Tasks and decline new Tasks;

(iv) remove or disable optional features;

(v) charge reasonable administrative fees for reinstatement (where stated in the Client Portal); and/or

(vi) terminate the Agreement for material breach (Part 11 and Part 15).

(b) Suspension for non-payment is not a breach of SLA by the Company. SLA clocks are paused during suspension.

(c) During suspension:

(i) websites may become unavailable;

(ii) email services may be disabled;

(iii) access to backups may be restricted; and

(iv) data may be scheduled for deletion after a retention period under Part 8.

(d) If you later restore payments, reinstatement may require:

(i) security review;

(ii) system integrity checks; and/or

(iii) re-provisioning.

These may be chargeable via Quote where the Company incurs additional work beyond normal reinstatement.

(e) The Company is not responsible for losses arising from non-payment suspension, including loss of traffic, sales, ranking, or customer communications.

10.13 Chargebacks and payment disputes (strict rule)

(a) A “chargeback” or “payment reversal” is treated as a serious breach because it creates direct costs and risk for the Company.

(b) If you initiate a chargeback or payment reversal without first raising a Ticket and allowing a reasonable dispute resolution period:

(i) the Company may immediately suspend Services;

(ii) the Company may permanently terminate Services for fraud prevention; and

(iii) the Company may add an administrative fee to cover processor costs and time spent responding.

(c) If a chargeback occurs, all Credits and promotions may be revoked at the Company’s discretion (subject to law), and the Company may require cleared funds before reinstating services.

(d) You must not use chargebacks as a substitute for your contractual remedy framework (Credits, complaints process, dispute resolution). Where you have a legitimate billing concern, you must raise it via Ticket first.

10.14 Invoice disputes: process and deadlines

(a) If you dispute an invoice, you must:

(i) raise a Ticket promptly (and in any event within fourteen (14) days of invoice issue);

(ii) identify the invoice number and disputed line item(s);

(iii) provide your reasoning and supporting evidence; and

(iv) propose the correction you believe is required.

(b) The Company will investigate the dispute by reference to:

(i) Client Portal records;

(ii) Ticket logs and scope notes;

(iii) Quote acceptance records; and

(iv) service specifications at the time of order.

(c) Undisputed amounts remain payable by the due date. If you fail to pay undisputed amounts, the Company may suspend Services under clause 10.12.

(d) If a dispute is resolved in your favour:

(i) the Company will correct the invoice and/or apply Credit as appropriate; and

(ii) no cash refund will be issued unless required by law.

(e) If you do not raise a dispute within the timeframe in clause 10.14(a), the invoice is deemed accepted, subject to your statutory consumer rights.

10.15 “No refunds once a month has been paid” (core billing rule)

(a) Except for Part 12 (24-hour new-client policy) and statutory rights, all payments are final for the billing period already invoiced and paid.

(b) The Company does not refund:

(i) subscription fees for unused time within a billing period;

(ii) hosting fees for unused time within a billing period;

(iii) domain registration/renewal/transfer fees once processed; or

(iv) third-party licence/plugin/vendor fees once purchased or provisioned.

(c) Where adjustments apply (including approved downgrades), the Company’s remedy is Credit only, applied to future invoices.

10.16 Pricing changes outside the guarantee scope

(a) The Company may change:

(i) one-off Kit prices;

(ii) domain pricing (where registry/provider changes occur);

(iii) third-party pass-through costs; and

(iv) out-of-scope hourly/quoted rates (if offered),

at any time, provided that changes apply only to new purchases/renewals or future Quotes and do not retroactively change already-paid invoices.

(b) The Company will use reasonable efforts to display current pricing in the Client Portal.

10.17 Refunds required by law and consumer rights

(a) Nothing in this Agreement limits or excludes your statutory consumer rights.

(b) Where the law requires a refund (for example, due to cancellation rights that apply and have not been waived, or where Services were not provided with reasonable care and skill and a refund is an appropriate statutory remedy), the Company will comply with its legal obligations.

(c) In all cases, the Company will prefer (where lawful and appropriate) to remediate service issues through:

(i) re-performance; and/or

(ii) Credits,

before providing cash refunds.

10.18 Record retention and auditability

(a) The Company will retain billing records, invoice records, and Quote acceptance records for legal and operational purposes.

(b) You consent to the Company using billing records and Ticket records:

(i) to administer the Services;

(ii) to prevent fraud; and

(iii) to resolve disputes.

Data protection obligations are governed by Part 13.

10.19 Relationship to other Parts

(a) Part 11 governs upgrades, downgrades, pauses, cancellations, and the Credit-only mechanics for plan changes.

(b) Part 12 governs the 24-hour new-client refund window and strict ineligibility triggers.

(c) Part 16 governs limitation of liability and confirms that billing remedies are limited and proportionate.

(d) Part 17 governs complaints and escalation routes.

10.20 Practical summary (non-binding)

(a) You pay in advance.

(b) Subscription prices are fixed until 31 December 2027 for Plan base fees (with defined exclusions).

(c) Discounts are single-use and can be invalidated by pause/restart.

(d) Third-party licences/plugins are charged separately via Quotes and are not refundable if later deemed unsuitable.

(e) Downgrades and other adjustments are handled as Credit (not refunds).

(f) Chargebacks trigger immediate suspension and may result in termination.

PART 11 — UPGRADES, DOWNGRADES, CREDITS, PAUSES & CANCELLATIONS

11.1 Purpose and scope of Part 11

(a) This Part 11 governs:

(i) Plan and product changes (Upgrades and Downgrades);

(ii) Credits arising from plan changes and billing adjustments;

(iii) pauses and restarts of subscriptions; and

(iv) cancellations and end-of-service handling.

(b) This Part 11 applies to all subscription-based Services, including:

(i) SKUNKWORK™ Plans;

(ii) SKUNKHOST™ Hosting Services (where billed on a recurring basis); and

(iii) any bundled services within Plans.

(c) One-off purchases (e.g., one-off Kits, domain purchases, domain transfers, and third-party licences) are generally not subject to upgrade/downgrade mechanics. Their billing treatment is governed by Part 10 and Part 12.

(d) This Part 11 must be read with:

(i) Part 10 (Billing rules: pay in advance; no refunds);

(ii) Part 7 (SLA: readiness and exclusions);

(iii) Part 8 (Hosting: technical feasibility constraints); and

(iv) Part 12 (Refund policy).

11.2 1-click plan changes (general principle)

(a) The Company may permit “1-click” upgrades and downgrades via the Client Portal.

(b) Where 1-click changes are offered, you acknowledge and agree that:

(i) the Client Portal’s workflows (including date/time of change, pricing displayed, and credit calculations) form part of the authoritative record;

(ii) the Company may implement safety checks or approval steps for technical reasons (especially for hosting downgrades); and

(iii) a plan change request does not guarantee immediate implementation if feasibility checks are required.

11.3 Upgrades — instant effect and unlimited frequency

(a) Upgrades are permitted at any time during any billing cycle.

(b) Upgrades are:

(i) unlimited in frequency; and

(ii) effective immediately (or as soon as provisioning completes, where provisioning is required).

(c) Upgrade billing:

(i) Upgrades are billed immediately upon upgrade request and/or as otherwise determined by the Client Portal workflow.

(ii) If the Company uses a proration model, the Client Portal will calculate the proration.

(iii) If the Company uses a “charge the difference” model for the remaining period, the Client Portal will calculate the difference.

(iv) Any amounts payable are due immediately and may be required before the upgrade is applied.

(d) Where an upgrade is applied, the upgraded Plan’s:

(i) Working Hours;

(ii) delivery timeframes;

(iii) queue priority; and

(iv) included features/limits,

apply from the time the upgrade is effective.

(e) The Company is not liable for any Client losses arising from choosing a lower tier and later requiring an upgrade; the upgrade mechanism is provided as a convenience.

11.4 Downgrades — limited frequency and safety controls

(a) Downgrades are permitted, but are restricted and controlled to protect service stability and to prevent scenarios where reduced resources could cause website failure, instability, or data loss.

(b) Downgrades are limited to:

(i) one (1) downgrade per monthly billing cycle, per Account, unless the Company expressly agrees otherwise in writing.

(c) The Company may refuse, delay, or reject a downgrade where:

(i) technical feasibility checks indicate a meaningful risk to stability or data integrity;

(ii) the Client is exceeding the lower tier’s resource limits;

(iii) the downgrade would violate “one website per plan” or other Plan limits;

(iv) the Client is in breach of the AUP or has active security containment measures;

(v) the Client has overdue invoices; and/or

(vi) there is suspected abuse of plan change rules.

(d) A downgrade request may be treated as “pending” until checks are complete. During “pending” status:

(i) the existing Plan remains active; and

(ii) the Client remains liable for Fees under the existing Plan until the downgrade is accepted and applied.

11.5 Timing of downgrades — end-of-period default and exceptions

(a) The default rule for downgrades is:

(i) the downgrade takes effect at the end of the current paid billing period.

(b) However, where the Company offers a credit-based downgrade mechanism (as set out in clause 11.7) and/or where hosting resources must be verified (clause 11.6), the Company may:

(i) audit within the current period; and

(ii) apply the downgrade and/or Credit once feasibility is confirmed,

provided that the Company is not required to implement any downgrade immediately if doing so would increase risk.

(c) The Company may, acting reasonably, determine the most operationally safe timing for applying the downgrade. The Client acknowledges that immediate resource reduction is not always safe, and accepts that the Company’s safety assessment prevails.

11.6 Hosting resource downgrade safety audit (Pro → Core and similar)

(a) Hosting downgrades that reduce allocated resources (e.g., memory, storage, mailboxes, performance ceilings) are higher risk and require a safety audit.

(b) Where the Client requests a downgrade from a higher hosting tier to a lower hosting tier (including Pro → Core), the Company will perform a feasibility audit.

(c) Audit timeframe:

(i) the Company will aim to complete the downgrade feasibility audit within three (3) Working Hours (the “Audit Window”), subject to SLA exclusions and incident prioritisation.

(d) What the audit may include:

(i) disk usage and file count/inodes against the lower tier limits;

(ii) mailbox count and mailbox storage against the lower tier limits (where applicable);

(iii) database size, backup feasibility, and restore risk;

(iv) current resource utilisation trends (CPU, memory, I/O);

(v) presence of unusually heavy workloads (cron storms, scans, large imports);

(vi) security status (malware, quarantine, abuse flags);

(vii) platform-specific constraints (control panel subscription limits, packaging); and

(viii) risk of breaking changes if limits are reduced.

(e) Audit outcomes:

(i) “Approved” — the downgrade is technically feasible and may be applied safely;

(ii) “Conditionally Approved” — feasible if the Client first reduces usage (e.g., delete files, reduce mailbox storage, remove unused backups, optimise database);

(iii) “Rejected” — not feasible at this time because the site is materially above limits or the risk of failure is unacceptably high.

(f) If conditionally approved:

(i) the Company will provide remediation requirements via Ticket;

(ii) the Task may be placed on Hold until remediation is complete; and

(iii) the Client may resubmit the downgrade request after remediation (but the “one downgrade per monthly billing cycle” rule still applies unless the Company waives it in writing).

(g) If rejected:

(i) the downgrade request will not be implemented at that time; and

(ii) the Client may remain on the current tier or upgrade further.

(h) The Company is not liable for losses caused by a Client’s attempt to force a downgrade while exceeding limits or by the Client’s refusal to remediate.

11.7 Credits for downgrades — credit-only model (no refunds)

(a) The Company does not provide cash refunds for downgrades once a billing period has been paid.

(b) Where a downgrade is approved and results in a lower recurring fee, the Company will:

(i) calculate the fee difference in accordance with the Client Portal workflow; and

(ii) apply the difference as Credit to the Client’s Account (the “Downgrade Credit”).

(c) Credit application:

(i) the Downgrade Credit is applied to your Credit Balance in the Client Portal;

(ii) it will automatically reduce your next invoice(s) (Part 10.9); and

(iii) it is not redeemable as cash.

(d) The Downgrade Credit is the sole remedy for a downgrade price differential. The Client has no entitlement to:

(i) a cash refund;

(ii) partial refunds for unused time; or

(iii) any alternative remedy, except where required by law.

(e) If the Client is in arrears:

(i) the Company may first apply Credit to overdue invoices; and

(ii) any remaining Credit may then reduce future invoices.

11.8 If a downgrade is impossible and/or an upgrade is rejected — Credit handling

(a) If a downgrade is deemed impossible (rejected) after audit, and/or if an upgrade request is rejected for compliance/security/fraud reasons, the Company will not provide a cash refund.

(b) Where the Client has paid sums in connection with a rejected plan change request (for example, an upgrade payment that could not be applied due to fraud controls, or a downgrade workflow that created an adjustment), the Company will:

(i) apply the relevant amount to the Client’s Credit Balance; and

(ii) apply that Credit to future invoices.

(c) For avoidance of doubt, rejection of a plan change does not create a refund right. The Company’s remedy remains Credit only, unless law requires otherwise.

11.9 Pausing subscriptions — timing limits and discount invalidation

(a) The Company may offer the ability to “pause” a subscription. Pauses are subject to strict timing rules.

(b) Pausing is permitted only:

(i) between monthly subscriptions; and

(ii) at the end of the current billing period.

Pauses cannot be applied during an active billing period.

(c) If you request a pause:

(i) Services continue until the end of the current paid period; and

(ii) the pause takes effect at renewal.

(d) During a pause:

(i) the Company is not obliged to provide support or task delivery;

(ii) queued Tasks may be closed, archived, or left inactive at the Company’s discretion; and

(iii) hosting and/or domains may be suspended if they are not paid separately or if they are bundled and the bundle is paused.

(e) Discount codes and promotions:

(i) any discount codes, promotional pricing, or grandfathered promotional terms associated with the paused subscription become invalid upon pause, unless the Company expressly agrees otherwise in writing;

(ii) restarting after a pause will incur the full then-current price at the time of restart.

(f) The Company may set minimum pause durations, maximum pause durations, or limits on pause frequency, which may be displayed in the Client Portal.

(g) Pauses do not create any refund entitlement, and do not convert paid Fees into cash.

11.10 Restarting after a pause

(a) When you restart a paused subscription:

(i) you may be required to select a current Plan offering in the Client Portal; and

(ii) Fees will be charged at the then-current full price.

(b) Any previous discount codes do not automatically reapply.

(c) Any Credits on your Account will continue to apply to future invoices under Part 10.9.

(d) The Company may require:

(i) updated onboarding information;

(ii) re-verification of access credentials; and/or

(iii) re-confirmation of the Covered Website.

11.11 Cancellation — how to cancel and when it takes effect

(a) You may cancel a subscription by using the cancellation function in the Client Portal (where available) and/or by raising a cancellation request via Ticket.

(b) Unless the Company expressly agrees otherwise in writing, cancellation takes effect at the end of the current paid billing period.

(c) You remain responsible for all Fees up to the end of the paid billing period. No refund is provided for unused time in the billing period.

(d) Cancellation of a SKUNKWORK™ Plan does not automatically cancel:

(i) domains;

(ii) third-party licences; or

(iii) other separate products,

unless the Client explicitly cancels those items in the Client Portal or via Ticket and the cancellation is technically possible and permitted by provider terms.

11.12 Effect of cancellation on Tasks and queue

(a) On cancellation (effective end-of-period):

(i) the Company will cease accepting new subscription Tasks after the effective cancellation date;

(ii) the Company may, at its discretion, complete Tasks already in progress before the effective date, subject to capacity and time remaining; and

(iii) Tasks not started or not completed by the effective date may be closed or left incomplete.

(b) The Client acknowledges that subscription service is delivered “during the active subscription period.” If a Client submits a large backlog shortly before cancellation, the Company is not obliged to complete all backlog before the end of the paid period.

(c) The Company may offer:

(i) a Quote for post-cancellation completion of outstanding items; and/or

(ii) a recommendation to remain subscribed until the backlog is cleared.

(d) If the Client cancels while a Task is in Hold state due to Client-caused delays, the Company is not obliged to resume or complete that Task after the cancellation effective date unless paid separately by Quote.

11.13 Effect of cancellation on Hosting Services (general)

(a) If Hosting Services are cancelled, suspended, or end due to non-payment:

(i) hosting access may be restricted;

(ii) the site may become unavailable; and

(iii) data may be deleted after a retention period (Part 8).

(b) The Client is responsible for exporting site data before hosting ends. The Company may provide an export via Quote.

(c) If hosting is bundled with a Plan and the Plan is cancelled, hosting may cease unless the Client:

(i) purchases standalone hosting; or

(ii) otherwise arranges continuation.

11.14 Termination for breach (Company rights)

(a) The Company may suspend or terminate Services immediately (or with notice) where:

(i) the Client breaches the AUP;

(ii) fraud is suspected;

(iii) chargebacks occur;

(iv) non-payment persists;

(v) unlawful instructions are provided; or

(vi) the Client’s actions create unreasonable security risk or harm to the platform.

(b) Termination for breach does not entitle the Client to refunds. Credits (if any) are applied only where law requires or where the Company elects in writing.

11.15 Discretion and anti-abuse enforcement

(a) The upgrade/downgrade/credit mechanisms are provided to balance flexibility with platform safety.

(b) The Company may implement additional anti-abuse controls, including:

(i) limiting changes per month;

(ii) requiring manual review for suspicious changes; and/or

(iii) requiring remediation before applying a downgrade.

(c) If the Company reasonably suspects that plan change mechanisms are being used to circumvent pricing, fair use, or platform safety constraints, the Company may:

(i) refuse plan changes;

(ii) require a minimum term at a tier;

(iii) require a Quote for increased workload; and/or

(iv) suspend services for abuse under Part 15.

11.16 No waiver; relationship to consumer rights

(a) The Company’s “credit only” approach and plan change limitations do not affect statutory consumer rights.

(b) If you are a consumer, and the law requires a different remedy in a specific scenario, the Company will comply with law.

11.17 Practical examples (non-binding but illustrative)

(a) Upgrade example:

- You are on Grow™ and upgrade to Tech Team™ mid-cycle.

- The upgrade takes effect immediately and you are charged the difference/proration as calculated in the Client Portal.

- New SLA hours and timeframes apply from the effective time.

(b) Downgrade example (approved):

- You request Pro → Core.

- The Company audits within the Audit Window.

- The downgrade is approved and applied at the safe point determined by the Company.

- The price difference is applied as Credit and offsets your next invoice.

(c) Downgrade example (rejected):

- You request Pro → Core but the site exceeds Core storage.

- The Company rejects the downgrade (or conditionally approves it subject to remediation).

- No refund is issued. If any adjustment is created, it becomes Credit.

- You may reduce usage and reattempt downgrade (subject to the “one per cycle” rule unless waived).

(d) Pause example:

- You request a pause halfway through a month.

- The pause is scheduled for the end of the billing period (not mid-period).

- Discounts become invalid; restart later is at full price.

(e) Cancellation example:

- You cancel on day 10 of your billing month.

- Service continues until day 30/31 (end of paid period).

- No refund is issued for unused time.

PART 12 — REFUND POLICY (INCLUDING THE 24-HOUR NEW CLIENT WINDOW)

12.1 Purpose and strict nature of this policy

(a) This Part 12 sets out the Company’s refund policy and the limited circumstances in which a refund may be issued.

(b) The Company’s default policy is “no refunds once a billing period has been paid”, with remedies (where any are provided) delivered by Credit only. This Part 12 establishes a narrowly defined exception for new clients within a 24-hour window.

(c) This policy must be read alongside:

(i) Part 10 (Billing: pay in advance; no refunds as a general rule; Credits-only adjustments);

(ii) Part 6 (Execution and acceptance); and

(iii) Part 11 (Plan changes; Credit-only mechanics).

(d) Nothing in this Part 12 limits or excludes statutory consumer rights. Where law requires a refund, the Company will comply (see clause 12.12).

12.2 General rule: no refunds after payment

(a) Except as set out in this Part 12 and except where required by law, the Company does not provide refunds (cash or card reversals) for:

(i) subscription fees;

(ii) hosting fees;

(iii) Kits and one-off work;

(iv) domain registrations, renewals, transfers, redemptions, and registry fees once processing begins;

(v) third-party licences, paid plugins, and vendor services once purchased/provisioned; or

(vi) any unused portion of a billing period.

(b) Where an adjustment is due, the Company’s remedy is Credit only (Part 10 and Part 11), applied to the Client’s Account.

12.3 24-hour new-client refund window (the only contractual refund policy)

(a) The Company offers a discretionary “new client satisfaction refund” within the first twenty-four (24) hours of a new client’s initial subscription purchase (“24-Hour Refund Window”), subject to strict eligibility criteria and ineligibility triggers.

(b) This refund policy applies only to:

(i) a Client’s first-ever subscription purchase with the Company (first Plan purchase); and

(ii) made through the Client Portal; and

(iii) where the Client is genuinely new (not a returning client restarting under a new account for the purpose of using the refund window).

(c) The 24-Hour Refund Window begins at:

(i) the timestamp of successful payment recorded in the Client Portal; and

(ii) ends exactly 24 hours later.

(d) The Client must request the refund by:

(i) raising a Ticket in the Client Portal within the 24-hour window; and

(ii) clearly stating that they are requesting a refund under the new-client 24-hour policy.

12.4 Eligibility requirements (must meet all)

To be eligible for a refund under the 24-Hour Refund Window, you must meet ALL of the following:

(a) You are a new client making your first subscription purchase with the Company (see clause 12.3(b)).

(b) You request the refund within the 24-Hour Refund Window (clause 12.3(c)–(d)).

(c) No Execution has commenced on any Task (as defined in Part 6).

(d) You have not submitted any Task Ticket outside of support triage (see clause 12.5) and you have not requested or permitted any work to begin.

(e) You have not accepted any Quote that causes third-party costs to be incurred (plugins/licences/domains/provisioning fees).

(f) You are not in breach of this Agreement and there is no fraud suspicion, chargeback attempt, or misuse.

12.5 Ineligibility triggers (blunt and enforceable)

(a) The new-client refund becomes immediately ineligible if ANY of the following occurs within the 24-hour window:

(i) You submit any Task Ticket that is not purely support triage.

- For avoidance of doubt, requesting changes, fixes, design work, development work, migration work, configuration changes, or “please start work” instructions are Tasks.

- Submitting such a Task Ticket is treated as a request for service delivery and triggers Execution readiness.

(ii) Any work is undertaken by the Company.

- “Work undertaken” includes Execution as defined in Part 6, including investigation, review beyond trivial triage, logging into systems, or making changes.

(iii) You provide access credentials and instruct the Company to proceed.

- Providing access alone is not necessarily Execution, but providing access with instruction to commence work triggers Execution and therefore ineligibility.

(iv) You accept a Quote and/or any third-party purchase is made on your behalf.

- Once a third-party cost is incurred (domains, licences, paid plugins, premium services), refunds are not available for those costs.

(v) You request or permit urgent actions (especially security, DNS, or platform changes).

- If you instruct urgent or high-impact work, you are consuming services and the refund is ineligible.

(vi) You attempt a chargeback or payment reversal.

- Chargebacks are treated as a serious breach (Part 10.13) and void refund eligibility.

(b) For avoidance of doubt:

(i) If you submit a Task Ticket (outside of basic support triage), you have begun using the service.

(ii) If the Company begins diagnostic work, you have begun consuming the service.

(iii) If either of the above occurs, your refund eligibility is void.

12.6 What qualifies as “support triage” (refund-safe communication)

(a) The Company recognises that a new client may need to ask questions before deciding.

(b) “Support triage” means:

(i) asking general questions about the Plan, scope, or how the process works;

(ii) clarifying what is included/excluded;

(iii) requesting onboarding instructions; or

(iv) requesting information without asking the Company to execute Tasks.

(c) “Support triage” does NOT include:

(i) submitting a list of requested changes and asking the Company to begin;

(ii) providing instructions to implement or deploy anything;

(iii) requesting investigation of a specific bug or issue (because investigation is Execution);

(iv) requesting migration steps be performed; or

(v) asking the Company to “review my site and fix what you find” (this is Execution).

(d) The Company’s classification of whether a Ticket is triage vs a Task is final, acting reasonably and by reference to the Ticket content and audit trail.

12.7 Deposits, onboarding fees, and prepayments — credited after window

(a) If you pay an onboarding fee, deposit, setup fee, or prepayment (however described), such payments are treated as Fees.

(b) If a refund is not available under this Part 12:

(i) those payments are not refundable in cash; and

(ii) where the Company elects to provide an adjustment (at its discretion), it is provided as Credit only.

(c) Where the Company provides Credit for any reason:

(i) Credit is applied to the Account;

(ii) Credit offsets future invoices; and

(iii) Credit is not redeemable for cash.

12.8 Partial refunds, pro-rata refunds, and “unused time”

(a) The Company does not provide pro-rata refunds or partial refunds for unused time within a billing period.

(b) If you cancel mid-period, services continue to the end of the paid period (Part 11) and no refund is issued.

(c) This rule applies regardless of whether you used the service heavily or lightly during the period.

12.9 Refund method, timing, and processing (where a refund is approved)

(a) If the Company approves a refund under the 24-Hour Refund Window:

(i) the refund will be returned to the original payment method where possible; or

(ii) where the original method is not available, the Company may request alternative details and/or issue Credit at its discretion, subject to law.

(b) The Company may deduct from any approved refund:

(i) non-recoverable payment processor fees;

(ii) third-party costs already incurred; and/or

(iii) any amounts owed by the Client to the Company,

to the extent permitted by law.

(c) Refund timing depends on banking/payment processor timeframes. The Company is not responsible for delays after the refund instruction has been submitted to the processor.

12.10 Non-refundable items (explicit list)

Even where a refund is otherwise considered, the following are non-refundable once processing begins:

(a) domains, transfers, renewals, redemptions, and registry/provider fees;

(b) third-party plugin licences and paid vendor services;

(c) one-off products already delivered or substantially delivered;

(d) work already undertaken (Execution);

(e) any Fees incurred for out-of-hours or emergency work where agreed;

(f) any Services suspended/terminated due to breach, abuse, fraud, or chargeback.

12.11 Evidence and audit trail

(a) The Client Portal record is the authoritative evidence for:

(i) time of purchase/payment;

(ii) time of refund request;

(iii) Ticket submissions and content;

(iv) Quote acceptance;

(v) Execution commencement; and

(vi) service delivery.

(b) The Company may rely on:

(i) timestamps;

(ii) activity logs;

(iii) system access logs; and

(iv) Ticket transcripts,

to determine eligibility.

(c) If the evidence shows an ineligibility trigger occurred, the refund request will be rejected.

12.12 Statutory rights (consumer protections) and legal compliance

(a) If you are a consumer, you may have statutory rights under UK consumer law (including the Consumer Rights Act 2015 and related regulations) which cannot be excluded.

(b) If a statutory right applies that entitles you to a refund, repair, or repeat performance, the Company will comply with the law.

(c) Where the law permits, and where appropriate, the Company may first offer:

(i) repeat performance (fixing the issue);

(ii) a service credit; or

(iii) an alternative remedy,

before issuing a cash refund.

(d) Nothing in this Agreement affects rights that cannot legally be waived.

12.13 Relationship to Credits-only policy

(a) If a refund is not available under this Part 12, the Client’s remedies (if any) are:

(i) delivery of the Services within scope; and/or

(ii) Credits as provided by Part 11, Part 7, or goodwill at the Company’s discretion; and/or

(iii) the complaints and dispute process in Part 17.

(b) The Company does not provide cash refunds except within the strict 24-hour new-client window and where required by law.

12.14 Practical examples (non-binding)

(a) Refund eligible:

- New client buys first Plan.

- Within 24 hours, they raise a Ticket saying they are unhappy and request a refund.

- They have not submitted any Task Ticket and the Company has not begun Execution.

- Refund may be approved.

(b) Refund ineligible (Task submission):

- New client buys first Plan.

- Within 24 hours, they submit a Ticket: “Please migrate my site, install X plugin, and redesign the homepage.”

- This is a Task request and triggers ineligibility, even if no work has begun yet.

(c) Refund ineligible (diagnostic work):

- New client buys first Plan.

- They submit a Ticket: “My site is broken, please investigate.”

- Company begins investigation (Execution).

- Refund becomes ineligible.

(d) Refund ineligible (Quote acceptance):

- New client buys first Plan.

- They accept a Quote for a paid plugin licence.

- Third-party cost is incurred.

- Refund is ineligible for the Plan and the plugin cost (except where required by law).

PART 13 — DATA PROTECTION, PRIVACY, CONFIDENTIALITY & SECURITY

13.1 Purpose and scope

(a) This Part 13 governs how the Company handles:

(i) Personal Data (as defined under UK GDPR);

(ii) Confidential Information;

(iii) credentials and other Sensitive Data; and

(iv) security controls and incident response,

in connection with the Services.

(b) This Part 13 applies to all Services, including:

(i) SKUNKWORK™ Plans and task delivery;

(ii) SKUNKHOST™ Hosting Services;

(iii) domain services purchased through the Client Portal;

(iv) support and operational communications; and

(v) any Approved Secure Channels used to exchange information (including the Client Portal/Ticketing system and, where the Company elects to use them, Zoho Mail and/or Zoho Vault).

(c) This Part 13 must be read with:

(i) Part 2 (Approved Secure Channels; account security);

(ii) Part 6 (Tickets; audit trail);

(iii) Part 8 (hosting; retention; backups);

(iv) Part 9 (domains; registrant responsibilities);

(v) the Company’s Privacy Policy and Cookie Policy (incorporated by reference under Part 1); and

(vi) any data protection notices displayed in the Client Portal.

(d) Nothing in this Part 13 limits or excludes statutory rights that cannot be excluded, including rights under the UK GDPR and the Data Protection Act 2018.

13.2 Definitions (data protection terms)

For the purposes of this Agreement:

“Data Protection Laws” means all applicable data protection and privacy laws and regulations, including:

(i) the UK GDPR;

(ii) the Data Protection Act 2018;

(iii) the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”); and

(iv) any replacement or related laws.

“Personal Data” has the meaning given in the UK GDPR.

“Special Category Data” has the meaning given in the UK GDPR (e.g., health data, biometric data, religious beliefs).

“Controller”, “Processor”, “Processing”, “Data Subject”, “Personal Data Breach”, and “Supervisory Authority” have the meanings given in the UK GDPR.

“Confidential Information” is defined in clause 13.10.

13.3 Roles and responsibilities (Controller vs Processor)

(a) The parties acknowledge that, depending on the context, the Company may act as either:

(i) a Controller (for example, in relation to billing data, account administration, marketing preferences, and operational logs); and/or

(ii) a Processor (for example, where the Company processes Personal Data on behalf of the Client to deliver Tasks, hosting support, website operations, and similar services).

(b) The Client is typically the Controller of end-user data collected through the Client’s website(s) (e.g., customer details, enquiry form submissions, ecommerce data, booking data). The Company typically processes such data only to the extent necessary to deliver the Services.

(c) Where the Company is a Processor:

(i) the Client remains responsible for determining the purposes and lawful basis of processing; and

(ii) the Client instructs the Company regarding processing through Tickets and documented instructions.

(d) The Company is not responsible for the Client’s compliance obligations as Controller, including:

(i) providing privacy notices to end-users;

(ii) obtaining consent where required;

(iii) managing cookie consent and tracking compliance;

(iv) conducting DPIAs where required;

(v) responding to Data Subject requests within statutory timeframes; and

(vi) ensuring lawful international transfers (except to the extent the Company acts as Processor and has obligations under clause 13.8).

(e) The Company may refuse to follow instructions that are:

(i) unlawful;

(ii) outside the Scope of Work;

(iii) technically unsafe or likely to compromise security; or

(iv) inconsistent with this Agreement.

13.4 Lawful basis and use of Client account data (Company as Controller)

(a) The Company processes Client Account data (including contact details, billing information, and portal activity) as Controller for purposes including:

(i) providing and administering the Services;

(ii) billing, invoicing, payments, and fraud prevention;

(iii) customer support, Ticket administration, and service communications;

(iv) security monitoring, logging, and abuse prevention;

(v) compliance with legal obligations; and

(vi) improving services, reporting, and internal analytics (in aggregated and/or pseudonymised form where feasible).

(b) The Company’s lawful bases (depending on context) may include:

(i) performance of a contract (providing Services you have purchased);

(ii) legitimate interests (security, fraud prevention, service improvement);

(iii) compliance with legal obligations (accounting, tax); and/or

(iv) consent (where required for marketing communications or cookies).

(c) Marketing communications:

(i) The Company may send service-related communications (e.g., invoice reminders, security notices, service updates) as necessary to perform the contract.

(ii) Marketing communications (promotions, newsletters) will be sent only in accordance with Data Protection Laws and the preferences recorded in the Client Portal and/or marketing systems. You may opt out at any time using the method provided.

13.5 Data minimisation and Client responsibilities for data shared

(a) You must share only the minimum amount of Personal Data and Sensitive Data necessary for the Task.

(b) You must not share Special Category Data unless:

(i) it is strictly necessary for the Task; and

(ii) you have ensured a lawful basis for doing so as Controller; and

(iii) you have notified the Company in the Ticket that Special Category Data is involved (so the Company can apply appropriate controls).

(c) If you share excessive data unnecessarily, you accept the risk that such data may become part of the Ticket audit trail and be retained under clause 13.9.

(d) Where feasible, you should redact or anonymise:

(i) payment details;

(ii) identity documents; and

(iii) sensitive customer records,

unless explicitly required.

13.6 Approved Secure Channels (mandatory security rule)

(a) You must share credentials and Sensitive Data only through Approved Secure Channels (Part 2), which include:

(i) the Client Portal/Ticketing system; and

(ii) where the Company elects to use them, Zoho Mail and/or Zoho Vault (or equivalent secure credential tools) for secure sharing and confirmation of sensitive information.

(b) The Company may refuse to accept Sensitive Data provided through unapproved channels.

(c) If you choose to send Sensitive Data via insecure channels against Company guidance, you:

(i) assume the risk of interception or compromise; and

(ii) accept that resulting harm may be excluded from Company liability under Part 16.

(d) The Company may require:

(i) time-limited credentials;

(ii) least-privilege access;

(iii) temporary accounts; and/or

(iv) MFA where available,

as a condition of commencing work.

13.7 Security measures (baseline controls; “reasonable and appropriate”)

(a) The Company will implement reasonable and appropriate technical and organisational measures to protect Personal Data and Confidential Information, taking into account:

(i) the nature, scope, context, and purposes of processing;

(ii) the risk of harm to individuals; and

(iii) the state of the art and implementation cost.

(b) Such measures may include (as appropriate and proportionate):

(i) access controls and role-based permissions;

(ii) MFA for administrative systems where feasible;

(iii) encryption in transit (e.g., TLS) for portal and service communications;

(iv) security patching and vulnerability management;

(v) malware scanning and threat detection (especially for hosted environments);

(vi) logging and monitoring for suspicious activity;

(vii) secure credential handling processes (including Zoho Vault-style sharing where used);

(viii) staff confidentiality obligations and security training; and

(ix) backup and recovery controls for hosting (subject to Part 8).

(c) No method of transmission or storage is 100% secure. The Company does not guarantee absolute security, but commits to reasonable measures consistent with a professional managed service.

13.8 Sub-processors, third-party systems, and international transfers

(a) To deliver the Services, the Company may engage sub-processors (third parties that process data on the Company’s behalf), including providers of:

(i) client portal/ticketing infrastructure;

(ii) hosting infrastructure and datacentre services;

(iii) email and secure credential tooling (e.g., Zoho systems where used);

(iv) monitoring, security, backup, and anti-malware tooling;

(v) payment processing; and

(vi) domain registrar/reseller services.

(b) Where the Company acts as Processor, the Company will:

(i) undertake due diligence appropriate to the risk;

(ii) impose data protection obligations on sub-processors substantially equivalent to those in this Part 13; and

(iii) remain responsible for sub-processor performance of their data protection obligations to the extent required by law.

(c) The Company may maintain a current list of sub-processors in the Client Portal, or within its Privacy Policy, and may update it from time to time.

(d) International transfers:

(i) Some sub-processors may store or process data outside the UK.

(ii) Where Data Protection Laws require safeguards for international transfers, the Company will implement appropriate safeguards (for example, UK International Data Transfer Addendum, adequacy regulations, or other lawful transfer mechanisms), to the extent applicable to the Company’s role and obligations.

(iii) The Client acknowledges that global cloud tooling may involve international processing and agrees to such processing where law permits.

(e) The Company is not responsible for international transfers initiated by the Client independently (e.g., the Client installing third-party plugins that export data abroad).

13.9 Data retention, deletion, and recordkeeping (tickets are evidence)

(a) The Company retains Client Portal records (including Tickets, attachments, audit trails, invoices, Quotes, and payment records) for legitimate business purposes including:

(i) contract administration;

(ii) service delivery evidence and dispute resolution;

(iii) security, fraud prevention, and abuse investigations;

(iv) compliance with legal obligations; and

(v) operational continuity.

(b) Because Tickets are the official audit trail, Ticket content and attachments may be retained for a period that extends beyond the termination of Services.

(c) Billing and accounting records may be retained for at least the minimum period required by law (commonly aligned to statutory accounting retention practices), and may be retained longer where necessary to establish, exercise, or defend legal claims.

(d) Hosting data retention upon end-of-service is governed by Part 8. The Client remains responsible for exporting website data before services end.

(e) The Company may:

(i) anonymise data; and/or

(ii) delete data,

when it is no longer required, subject to legal obligations and legitimate interests.

(f) Where the Client requests deletion:

(i) the Company will consider the request in light of legal obligations, dispute risk, and operational necessity;

(ii) some data may be retained where retention is legally required or reasonably necessary; and

(iii) where feasible, the Company may delete or anonymise non-essential records.

13.10 Confidential Information (definition and protection)

(a) “Confidential Information” means any non-public information disclosed by one party to the other in connection with the Agreement, including (without limitation):

(i) business plans, pricing, non-public product details;

(ii) credentials, keys, tokens, security configurations;

(iii) technical architecture and code;

(iv) customer and supplier information;

(v) proprietary methods, protocols, and internal documentation; and

(vi) any information marked confidential or that should reasonably be understood as confidential.

(b) Confidential Information does not include information that:

(i) is or becomes publicly available through no breach;

(ii) was lawfully known to the receiving party prior to disclosure;

(iii) is lawfully received from a third party without restriction; or

(iv) is independently developed without reference to the disclosing party’s Confidential Information.

(c) Each party must:

(i) use Confidential Information only for purposes of performing the Agreement;

(ii) restrict access to those who need to know; and

(iii) protect Confidential Information using reasonable care.

(d) The Company may disclose Confidential Information to:

(i) staff and contractors bound by confidentiality obligations;

(ii) sub-processors required to deliver Services; and

(iii) professional advisers (lawyers/accountants) bound by professional confidentiality,

only where reasonably necessary.

(e) The Company may disclose information where required by law, court order, or regulator request. Where lawful, the Company will use reasonable efforts to notify the Client before disclosure.

13.11 Credential handling and secure verification

(a) The Company may require credentials or access methods to deliver Tasks.

(b) The Company’s approach is to use secure methods and minimise exposure, which may include:

(i) using Zoho Vault or similar secure credential sharing to store/share passwords;

(ii) requesting one-time passwords or time-limited access tokens;

(iii) requesting temporary admin accounts that can be revoked after completion; and

(iv) avoiding persistent shared credentials where feasible.

(c) You acknowledge that:

(i) the Company cannot guarantee that third-party platforms support ideal security features; and

(ii) some legacy platforms may require less secure methods. Where this occurs, the Company may refuse the Task or require the Client to upgrade to a safer approach.

(d) The Client must immediately rotate credentials if it suspects compromise or if an authorised user leaves its organisation.

13.12 Data Subject rights (how requests are handled)

(a) If the Company receives a Data Subject request relating to data for which the Client is Controller (e.g., the Client’s customers), the Company will:

(i) notify the Client where reasonably practicable; and

(ii) provide reasonable assistance, where feasible, to enable the Client to respond.

(b) The Company is not responsible for responding directly to Data Subjects on the Client’s behalf unless:

(i) required by law; or

(ii) specifically agreed as part of a documented service arrangement.

(c) Where assistance is requested and is time-intensive or outside scope, the Company may provide assistance via Quote.

13.13 Processor obligations (where the Company acts as Processor)

Where the Company acts as a Processor on behalf of the Client, the Company will:

(a) process Personal Data only on documented instructions from the Client (typically via Tickets), unless required by law to process otherwise (in which case the Company will inform the Client where lawful);

(b) ensure persons authorised to process the data are subject to confidentiality obligations;

(c) implement appropriate security measures as described in clause 13.7;

(d) engage sub-processors only under appropriate contractual controls (clause 13.8);

(e) assist the Client (where feasible) with:

(i) security incident information required for the Client’s compliance; and

(ii) responding to Data Subject requests,

to the extent required by UK GDPR and proportionate to the nature of the Services;

(f) at the end of processing (e.g., termination), handle data deletion/return in accordance with clause 13.9 and Part 8, subject to legal retention obligations;

(g) make available information reasonably necessary to demonstrate compliance with Processor obligations, taking into account:

(i) confidentiality;

(ii) security; and

(iii) proportionality.

13.14 Personal Data Breaches and incident response

(a) The Company maintains incident response processes appropriate to a managed service business.

(b) If the Company becomes aware of a Personal Data Breach affecting Personal Data processed on behalf of the Client (Company as Processor), the Company will:

(i) notify the Client without undue delay after becoming aware; and

(ii) provide available information reasonably necessary to support the Client’s compliance obligations, such as:

- nature of the breach (where known);

- categories and approximate number of affected records (where reasonably estimable);

- likely consequences (where reasonably assessable); and

- mitigation steps taken or proposed.

(c) The Company’s notification obligation does not require the Company to confirm a breach where the matter is only a suspicion; however, the Company may notify where it considers it prudent.

(d) The Company may temporarily suspend services or take containment actions to protect data and infrastructure, including isolating accounts, blocking traffic, changing passwords, or disabling access. Such actions are not SLA breaches.

(e) The Client is responsible for:

(i) assessing whether notification to the ICO or Data Subjects is required; and

(ii) making any required notifications as Controller.

(f) If a breach is caused by the Client’s actions or systems (e.g., insecure plugins, compromised admin accounts, client-side credential leakage), the Company is not liable for resulting losses beyond Part 16, and remediation may require a Quote.

13.15 Security guidance, “known platforms” and responsibility boundaries

(a) The Company may provide guidance and best practices for common platforms (e.g., WordPress, Plesk, email authentication, DNS configuration). Guidance is informational and not a guarantee of compliance.

(b) Even where the Company configures security controls, the Client remains responsible for:

(i) the legality of its content and operations;

(ii) its internal access management;

(iii) selecting reputable plugins/themes; and

(iv) ensuring it has appropriate insurance and continuity planning for its risk profile.

13.16 Privacy enquiries and contact points

(a) For data protection enquiries, the Company provides an email contact such as privacy@skunkwork.co.uk.

(b) For complaints, the Company provides complaints@skunkwork.co.uk, but the Company may require operational tracking via a Ticket.

(c) Security concerns (suspected compromise) should be reported immediately via Ticket and may also be escalated via support@skunkwork.co.uk or hosting@skunkwork.co.uk where appropriate.

13.17 Audits and assessments (proportionality)

(a) The Client may request information about the Company’s security measures, and the Company will respond with reasonable summaries appropriate to the risk and nature of Services.

(b) The Company does not provide unrestricted access to internal systems, logs, or third-party provider details, except:

(i) where legally required; or

(ii) where expressly agreed in writing; and

(iii) subject to confidentiality and security controls.

(c) Any bespoke audit support or compliance documentation may require a Quote.

13.18 Survival

This Part 13 survives termination or expiry to the extent necessary to:

(i) enforce confidentiality obligations;

(ii) comply with legal retention obligations; and

(iii) resolve disputes.

PART 14 — INTELLECTUAL PROPERTY, LICENSING & CLIENT MATERIALS

14.1 Purpose and scope

(a) This Part 14 governs:

(i) ownership and licensing of deliverables created by the Company;

(ii) ownership of Client Materials and Client Content;

(iii) use of third-party assets (plugins, themes, fonts, stock media, APIs);

(iv) licence compliance and responsibility allocation; and

(v) intellectual property warranties and indemnities.

(b) This Part 14 applies to all Services, including:

(i) subscription Tasks under Plans;

(ii) Kits and one-off services;

(iii) Hosting Services (where configurations, templates, or automation may be used);

(iv) domains and DNS configurations (to the extent configuration work is performed); and

(v) any work delivered under Quote(s).

(c) This Part 14 must be read together with:

(i) Part 4 (Scope of Work; client responsibilities);

(ii) Part 6 (completion standard; scope change);

(iii) Part 10 (Quotes and third-party charges);

(iv) Part 13 (confidentiality and data handling); and

(v) Part 16 (limitation of liability).

14.2 Definitions specific to Part 14

In addition to Part 1 definitions:

“Client Materials” means all Content, materials, data, branding, assets, and instructions supplied or made available by the Client or on the Client’s behalf, including:

(i) logos, trademarks, brand guidelines, copy, images, videos, and audio;

(ii) product information, pricing, policies, and legal text;

(iii) customer data and database content;

(iv) access credentials and configuration details; and

(v) third-party assets or licences the Client provides.

“Deliverables” means the outputs created and provided by the Company under the Services, which may include:

(i) code snippets, theme modifications, plugin configurations, and templates;

(ii) page layouts, design assets, or UI components;

(iii) written documentation, protocols, checklists, and configuration notes;

(iv) backups or exports provided as part of handover (where applicable); and

(v) any other work product delivered via Ticket, file upload, repository, or deployment.

“Company Materials” means any pre-existing materials owned by the Company, including:

(i) proprietary methods, protocols, tasking kits, templates, automations, checklists, and internal documentation;

(ii) reusable code libraries and scripts created by the Company independent of the Client’s specific project; and

(iii) know-how, processes, and operational playbooks.

“Third-Party Materials” means any software, content, assets, code, or services owned by third parties, including WordPress core, plugins, themes, fonts, SaaS tools, and APIs.

14.3 Ownership of Client Materials

(a) The Client retains all right, title, and interest in its Client Materials, including:

(i) trademarks and brand assets;

(ii) website content and product information;

(iii) customer data and databases; and

(iv) any materials the Client supplies.

(b) The Client grants the Company a limited, non-exclusive, worldwide, royalty-free licence during the term of this Agreement to use, reproduce, modify, and display Client Materials solely to:

(i) provide the Services;

(ii) test and troubleshoot issues;

(iii) perform migrations and deployments; and

(iv) maintain and support the Covered Website and Hosting Services,

subject to confidentiality obligations in Part 13.

(c) The Client warrants it has all necessary rights and permissions to grant the licence in clause 14.3(b).

(d) The Client is responsible for maintaining copies of its Client Materials. Unless expressly included in Hosting Services, the Company is not a digital archival service.

14.4 Ownership and licensing of Deliverables (what you get and when)

(a) Subject to clause 14.4(b) and payment of all applicable Fees, the Company grants the Client a non-exclusive, perpetual, worldwide licence to use the Deliverables created specifically for the Client in connection with the Covered Website, for the Client’s internal business purposes.

(b) The Company may withhold delivery, deployment, or licensing rights where:

(i) invoices are unpaid;

(ii) a chargeback has occurred;

(iii) the Client is in material breach; or

(iv) the Deliverables include third-party materials that cannot be lawfully transferred without additional licensing.

(c) Where Deliverables are deployed directly into the Client’s WordPress site or hosting environment, the “delivery” may occur by deployment rather than by sending standalone files. The Ticket record will evidence delivery and completion.

(d) Unless explicitly agreed otherwise in writing:

(i) Deliverables are licensed for use on the Covered Website only; and

(ii) reuse of Deliverables across multiple websites may require additional licensing, additional Plans, or a Quote.

(e) If the Services include design work, the Deliverables are considered accepted when they meet the agreed brief (Part 6). Subjective preference changes later do not alter the licensing terms or trigger refunds.

14.5 Company Materials remain Company property (no transfer)

(a) The Company retains all right, title, and interest in Company Materials.

(b) Nothing in this Agreement transfers ownership of Company Materials to the Client.

(c) The Company grants the Client a limited licence to use Company Materials only to the extent they are embedded in or necessary for the use of the Deliverables on the Covered Website.

(d) The Client must not:

(i) copy, resell, sublicense, or distribute Company Materials as standalone products;

(ii) reverse engineer proprietary processes; or

(iii) remove proprietary notices where applicable,

except to the extent permitted by law.

14.6 Third-Party Materials (plugins, themes, fonts, stock assets) — strict licence allocation

(a) The Client acknowledges that many Deliverables depend on Third-Party Materials.

(b) Unless expressly included in the Plan specification, Third-Party Materials are not included in fixed-fee Plans and may require Additional Charges via Quote (Part 10).

(c) Licence responsibility:

(i) The Client is responsible for ensuring it has valid licences for Third-Party Materials used on the Client’s site, unless the Company expressly provides a licence under a written arrangement.

(ii) Where the Company procures a Third-Party licence on the Client’s behalf, it is treated as a pass-through cost and is governed by Quote terms and third-party terms.

(iii) Once procured/activated, Third-Party licence fees are non-refundable except where required by law or where the third-party vendor issues a refund to the Company.

(d) Not suitable later:

(i) If a Third-Party product later becomes unsuitable (vendor changes, incompatibility, evolving requirements), this does not create refund rights for the licence or for subscription Fees.

(ii) Replacement work is a new Task and may require a new Quote.

(e) Nulled/pirated assets:

(i) The Company will not install, configure, or maintain nulled/pirated plugins/themes or unlicensed assets.

(ii) If such assets are detected, the Company may suspend work and require removal/remediation.

(iii) Any resulting cleanup may be quoted.

(f) Open source:

(i) Open-source components are governed by their licences.

(ii) Where the Company incorporates open-source components into Deliverables, the Client agrees to comply with applicable open-source licence terms.

14.7 Client warranties regarding materials and instructions

The Client warrants that:

(a) it owns or has valid rights to use all Client Materials supplied;

(b) Client Materials do not infringe third-party intellectual property rights;

(c) Client Materials do not contain malware or unlawful content;

(d) instructions provided to the Company are lawful and do not require the Company to breach third-party terms; and

(e) the Client will not ask the Company to deploy content that violates the AUP or applicable law.

14.8 Brand assets, trademarks, and publicity

(a) The Client retains ownership of its trademarks and brand identity.

(b) The Company may refer to the Client’s name and logo as part of delivery (e.g., staging previews, documentation) solely for the purpose of performing Services.

(c) Case studies and portfolio:

(i) The Company will not publish confidential Client data.

(ii) Unless the Client opts out in writing, the Company may list the Client’s name (and general non-confidential description of Services) as a customer reference.

(iii) Where the Company wishes to publish a detailed case study or use screenshots of the Client’s site, it will request permission first via Ticket or written approval.

This clause does not override confidentiality obligations; it creates a permission framework.

(d) The Client may request removal from public references by written request, and the Company will use reasonable efforts to comply, subject to reasonable timeframes and existing materials.

14.9 Repositories, code access, and handover boundaries

(a) Where code is delivered via a repository (Git or similar) or via deployment:

(i) the Company may use its own internal repository structures;

(ii) the Company is not obliged to provide internal commit history that contains Company Materials or confidential internal notes;

(iii) the Company may deliver an export or patch set sufficient for the Deliverable.

(b) If the Client requests a handover package (e.g., full site export, documentation bundle, configuration notes), the Company may provide this:

(i) as part of an included offboarding process if specified; or

(ii) as a chargeable service via Quote.

This is because handovers often require time, risk management, and sensitive data handling.

(c) Where the Client requests credentials or secrets in handover, the Company will provide them only through Approved Secure Channels and may require confirmation of authority (Part 2 and Part 13).

14.10 Moral rights, attribution, and removal of credits

(a) Unless otherwise agreed, the Company may include discreet developer attribution in code comments for internal traceability. Such attribution does not grant the Company ownership of the Client’s site.

(b) If the Client requests removal of visible credits, the Company may comply where practical, provided:

(i) it does not violate third-party licence terms; and

(ii) it does not remove legally required notices.

(c) The Company does not waive moral rights except where required or explicitly agreed in writing.

14.11 Infringement claims and indemnities (Client → Company)

(a) The Client will indemnify and hold harmless the Company against claims, losses, liabilities, and expenses (including reasonable legal fees) arising from:

(i) Client Materials infringing third-party rights;

(ii) unlawful content supplied by the Client;

(iii) Client instructions that cause the Company to breach third-party terms; or

(iv) Client misuse of Deliverables or Services in breach of the AUP.

(b) The Company will:

(i) notify the Client promptly of any claim (where lawful);

(ii) allow the Client to control the defence/settlement (subject to reasonableness);

(iii) provide reasonable cooperation (at the Client’s cost where time-intensive).

The Company may participate with its own counsel at its own cost.

14.12 Infringement claims and indemnities (Company → Client) — limited

(a) To the extent permitted by law, and subject to clause 14.12(b), the Company warrants that it has the right to provide the Deliverables it creates.

(b) The Company does not warrant that Deliverables will be free from third-party claims where:

(i) the Deliverables incorporate Client Materials;

(ii) the Deliverables incorporate Third-Party Materials; or

(iii) the claim arises due to Client modifications, combinations, or uses outside the intended scope.

(c) If the Company receives a credible claim that Company-created Deliverables (excluding Client and third-party components) infringe a third-party IP right, the Company may, at its discretion:

(i) modify the Deliverable to avoid infringement; or

(ii) replace the Deliverable with a functionally similar alternative; or

(iii) terminate the affected portion of Services and provide a Credit for the affected Deliverable (Credit only), as the Client’s sole remedy,

subject always to Part 16 limitations and statutory rights.

14.13 Ownership and licensing upon termination

(a) Termination or expiry does not affect:

(i) the Client’s ownership of Client Materials; or

(ii) the Client’s licence to use Deliverables already delivered and paid for, subject to third-party licence compliance.

(b) The Client must cease using any Company Materials that are not embedded in Deliverables and that were provided only for the duration of service (e.g., access to internal documentation, non-transferred templates).

(c) If the Client’s use of Deliverables depends on Company-provided third-party licences (rare and only where explicitly agreed), continued use may require:

(i) transfer of licensing (where permitted); or

(ii) the Client purchasing its own licence; or

(iii) replacement of the component.

The Company is not liable for vendor restrictions that prevent transfer.

14.14 Relationship to “meets the brief” and “new task” rules

(a) IP licensing does not change the acceptance rules:

(i) where a deliverable meets the brief, it is deemed completed (Part 6);

(ii) redesigns or new direction are new Tasks (Part 6 and Part 4).

(b) Requests for additional deliverables beyond what is agreed may require a new Ticket and/or Quote.

14.15 Survival

This Part 14 survives termination to the extent necessary to:

(i) enforce IP ownership and licence restrictions;

(ii) enforce indemnities and liability allocations; and

(iii) preserve confidentiality obligations relating to Company Materials and Client Materials.

PART 15 — ACCEPTABLE USE POLICY (AUP) & ENFORCEMENT

15.1 Purpose and scope

(a) This Acceptable Use Policy (“AUP”) sets mandatory rules for all Clients using the Services. The AUP is designed to protect:

(i) the Company’s infrastructure and operations;

(ii) the integrity and security of Client websites and data;

(iii) other Clients on shared infrastructure; and

(iv) the public and third parties from harm, illegality, abuse, or fraud.

(b) This AUP applies to all Services and all use of:

(i) the Client Portal and Ticketing system;

(ii) SKUNKHOST™ Hosting Services and any associated platforms (including control panels such as Plesk);

(iii) domain services purchased through the Client Portal;

(iv) any code, content, or automation provided by the Company; and

(v) any third-party resources accessed through or connected to the Services.

(c) This AUP applies to the Client and all of the Client’s users, contractors, administrators, agents, and any other person who accesses or uses the Services under the Client’s authority (“Authorised Users”).

(d) If the Client is hosting content or services for third parties (e.g., membership users, customers, tenants), the Client remains responsible for ensuring those third parties comply with this AUP to the extent their conduct affects the Services.

(e) This AUP is incorporated into the Agreement under Part 1. A material breach of this AUP is a material breach of the Agreement.

15.2 General obligations and guiding principles

(a) You must use the Services lawfully, ethically, and in a manner consistent with the intended purpose of the Services.

(b) You must not use the Services in a manner that:

(i) is illegal or facilitates illegality;

(ii) causes harm to the Company, other Clients, or third parties;

(iii) compromises security or privacy;

(iv) disrupts or degrades platform stability; or

(v) exposes the Company or its providers to legal, regulatory, or reputational risk.

(c) You must follow reasonable security guidance and operational requirements given by the Company, including use of Approved Secure Channels for Sensitive Data.

(d) You must not attempt to circumvent:

(i) Plan limits;

(ii) hosting resource caps;

(iii) queue rules;

(iv) anti-fraud controls; or

(v) security guardrails.

15.3 Prohibited content and unlawful use

You must not use the Services to host, transmit, publish, distribute, or link to content that is:

(a) Illegal content:

(i) content that violates UK law or the law applicable to your use;

(ii) content facilitating or promoting criminal activity;

(iii) content enabling fraud, deception, or identity theft.

(b) Child sexual exploitation material (CSEM):

(i) Any content involving exploitation of minors is strictly prohibited and will be reported to relevant authorities.

(c) Non-consensual intimate imagery:

(i) Content involving intimate imagery shared without consent is strictly prohibited.

(d) Harassment, hate, or discriminatory abuse:

(i) Content that constitutes unlawful harassment or incitement to violence;

(ii) content that is intended to threaten or target protected groups unlawfully.

(e) Malicious or harmful content:

(i) malware distribution;

(ii) trojans, ransomware, spyware, keyloggers;

(iii) malicious scripts intended to compromise devices or systems.

(f) Infringing content:

(i) content that infringes intellectual property rights (copyright, trademark);

(ii) distribution of pirated software or “nulled” plugins/themes.

(g) Exploit content:

(i) publishing exploit code intended to compromise systems;

(ii) instructions for illegal hacking activities (see clause 15.6).

(h) Prohibited regulated content (where unlawful or non-compliant):

(i) unlawful sale of regulated products;

(ii) counterfeit goods;

(iii) services that violate sanctions or export control rules.

15.4 Spam, email abuse, and messaging restrictions

(a) You must not use the Services to send:

(i) unsolicited bulk email (spam);

(ii) phishing emails or deceptive messages;

(iii) malware-laden attachments or links;

(iv) unsolicited marketing messages without lawful basis under PECR/GDPR; or

(v) any communications that violate anti-spam laws or recipient policies.

(b) You must not operate:

(i) open mail relays;

(ii) insecure mail gateways;

(iii) compromised mail scripts; or

(iv) unauthorised mailing list software.

(c) The Company may enforce:

(i) rate limits;

(ii) sending caps;

(iii) outbound filtering; and

(iv) domain authentication requirements (SPF/DKIM/DMARC),

to protect deliverability and infrastructure reputation.

(d) If email abuse is detected, the Company may:

(i) immediately suspend mail sending;

(ii) quarantine mail accounts;

(iii) disable compromised scripts; and/or

(iv) suspend the hosting subscription.

(e) You are responsible for:

(i) your mailing list consent records;

(ii) unsubscribe compliance;

(iii) lawful marketing practices; and

(iv) ensuring forms and scripts on your site do not generate spam.

15.5 Malware, compromise, and security threats

(a) You must not knowingly introduce malware into the hosting environment or into any codebase the Company works on.

(b) You must not:

(i) conceal malicious activity;

(ii) evade malware detection tools;

(iii) disable security tooling without authorisation; or

(iv) reintroduce compromised files after cleanup.

(c) If malware or compromise is detected, the Company may take immediate containment actions, including:

(i) suspending the site;

(ii) quarantining files;

(iii) blocking traffic;

(iv) disabling access or admin accounts;

(v) forcing password resets; and/or

(vi) applying emergency patches.

(d) Containment actions may occur without prior notice where urgent. The Company will notify via Ticket where practicable.

(e) The Client must cooperate with remediation steps, which may include:

(i) plugin/theme removal;

(ii) credential rotation;

(iii) disabling insecure features; and/or

(iv) implementing MFA.

(f) Where compromise is caused by Client negligence (weak passwords, nulled plugins, unmanaged admin accounts), the Company is not liable for resulting losses beyond Part 16. Remediation may require a Quote unless included in Plan scope.

15.6 Prohibited hacking, scanning, and interference activities

(a) You must not use the Services to engage in unauthorised security testing, including:

(i) port scanning;

(ii) vulnerability scanning against third parties without permission;

(iii) brute forcing;

(iv) credential stuffing; or

(v) DDoS attacks.

(b) You must not:

(i) attempt to bypass authentication;

(ii) attempt to access other clients’ data or services;

(iii) attempt privilege escalation on the hosting platform; or

(iv) attempt to exploit server vulnerabilities.

(c) Any such activity is treated as a severe breach. The Company may suspend immediately and report to relevant authorities where required.

(d) The Company may allow legitimate security testing against your own assets only where:

(i) you provide written request via Ticket;

(ii) you prove authority over the assets;

(iii) you provide testing scope and timeframe; and

(iv) the Company approves in writing,

because security testing can disrupt shared infrastructure.

15.7 Resource abuse, “unlimited” fairness, and stability protection

(a) Even where a feature is described as “unlimited” (traffic/databases/subdomains/aliases), you must not use resources in a way that:

(i) threatens platform stability;

(ii) degrades performance for other clients;

(iii) triggers abuse flags; or

(iv) violates provider policies.

(b) Examples of prohibited or restricted resource use include:

(i) crypto-mining and distributed compute;

(ii) heavy file storage or “file archive” hosting unrelated to website operation;

(iii) public video streaming/hosting at scale (unless expressly agreed);

(iv) running bots or scrapers that overwhelm resources;

(v) excessive cron jobs, background workers, or queue consumers not aligned to WordPress hosting;

(vi) storing backups of non-related systems; or

(vii) operating proxy services or VPN endpoints.

(c) If resource abuse is detected, the Company may:

(i) throttle or restrict services;

(ii) require remediation;

(iii) require an upgrade to a suitable tier;

(iv) require removal of abusive components; and/or

(v) suspend or terminate for serious or repeated abuse.

15.8 Content and conduct that creates unacceptable risk

(a) The Company may refuse or terminate Services if your use creates unacceptable risk, including where:

(i) you operate high-fraud businesses without sufficient controls;

(ii) your activities generate repeated abuse complaints;

(iii) your content triggers provider enforcement action; or

(iv) your site is repeatedly compromised due to refusal to remediate insecure practices.

(b) The Company may be required by infrastructure providers or registries to take action, including suspension, where abuse complaints are received.

(c) The Company is not liable for enforcement actions required by providers or registries.

15.9 Prohibited misrepresentation and impersonation

(a) You must not impersonate the Company or represent that you are affiliated with the Company beyond being a customer/client.

(b) You must not misrepresent:

(i) domain ownership;

(ii) email identity;

(iii) business identity;

(iv) legal compliance status; or

(v) authorisation to act for others.

(c) The Company may require proof of identity/authority for high-risk actions and may refuse service where misrepresentation is suspected.

15.10 Plan misuse, ticket misuse, and operational abuse

(a) You must not misuse the ticketing system or operational model, including:

(i) spamming Tickets;

(ii) submitting fragmented Tickets designed to force concurrency or bypass queue rules;

(iii) repeatedly changing requirements mid-task to expand scope without a Quote;

(iv) using abusive language toward staff;

(v) using the refund window as a “free work” mechanism; or

(vi) attempting to exploit upgrade/downgrade rules to avoid paying intended Fees.

(b) The Company may implement:

(i) Ticket consolidation requirements;

(ii) cooldown periods for repeated plan changes (in addition to Part 11 limits);

(iii) manual review requirements; and/or

(iv) suspension for repeated misuse.

15.11 Enforcement actions and remedies (Company powers)

(a) If the Company reasonably believes you have breached this AUP, the Company may take any of the following actions (acting proportionately and reasonably):

(i) issue a warning and request remediation;

(ii) place Tasks on Hold until remediation is complete;

(iii) restrict functionality (e.g., disable mail sending);

(iv) quarantine files or disable plugins/themes;

(v) temporarily suspend some or all Services;

(vi) terminate Services for material breach;

(vii) refuse to process domain changes or transfers pending verification;

(viii) remove or block content that is unlawful or harmful (where technically feasible); and/or

(ix) report to law enforcement or regulators where required.

(b) Immediate suspension without notice may occur where:

(i) malware/phishing is detected;

(ii) active harm is occurring;

(iii) a court/regulator requires action; or

(iv) the Company reasonably believes delay would increase harm.

(c) Enforcement actions do not create refund rights. Payments remain non-refundable in accordance with Part 10 and Part 12, except where required by law.

(d) The Company may charge for remediation work via Quote where:

(i) the breach arose from Client negligence;

(ii) the remediation is outside Plan scope; or

(iii) repeated abuse requires extraordinary effort.

15.12 Notice, remediation windows, and reinstatement

(a) Where feasible, the Company will provide notice of the breach and allow a reasonable remediation window.

(b) The Company is not obliged to provide remediation windows where:

(i) the breach is severe (fraud, hacking, CSEM, malware distribution);

(ii) legal compliance requires immediate action; or

(iii) infrastructure provider terms require immediate suspension.

(c) Reinstatement after suspension may require:

(i) removal of abusive content;

(ii) credential rotation;

(iii) patching and hardening;

(iv) malware cleanup confirmation; and/or

(v) cleared payment of outstanding invoices.

(d) The Company may refuse reinstatement where it reasonably believes future risk remains high.

15.13 Reporting abuse and security concerns

(a) Abuse reports and security concerns should be raised via Ticket immediately.

(b) The Company may also provide contact addresses for convenience, including:

(i) support@skunkwork.co.uk

(ii) hosting@skunkwork.co.uk

(iii) complaints@skunkwork.co.uk

(iv) privacy@skunkwork.co.uk

(c) The Company may request evidence and will handle reports in line with Part 13 (confidentiality and privacy) and Part 7 (SLA) triage rules.

15.14 Survival and interpretation

(a) This AUP survives termination to the extent it relates to breaches occurring during the term or to post-termination enforcement needed to protect the platform.

(b) If any part of this AUP is unenforceable, it shall be severed and the remainder shall continue in effect (Part 1 severability).

(c) The Company’s failure to enforce a provision immediately is not a waiver of its right to enforce later.

PART 16 — LIMITATION OF LIABILITY, DISCLAIMERS & RISK ALLOCATION

16.1 Purpose and interpretation

(a) This Part 16 is a fundamental part of the commercial basis on which the Company provides Services. The Fees charged reflect the allocation of risk set out in this Part 16.

(b) The Client acknowledges that the Services involve:

(i) working with complex technical systems;

(ii) reliance on third-party platforms, vendors, registries, and networks;

(iii) software updates and security risks; and

(iv) operational constraints and shared infrastructure realities.

Accordingly, no provider can eliminate all risk.

(c) This Part 16 applies to all claims, whether in contract, tort (including negligence), breach of statutory duty, misrepresentation, restitution, or otherwise, arising out of or in connection with:

(i) the Agreement;

(ii) the Services;

(iii) Hosting Services;

(iv) domain services;

(v) Tickets, Deliverables, Quotes, or Credits; and/or

(vi) any acts or omissions of the Company, its staff, or its subcontractors.

(d) References to “liability” include any loss, damage, costs, expenses, and claims (including legal fees and regulatory penalties where applicable).

(e) Nothing in this Part 16 affects:

(i) statutory consumer rights that cannot be excluded; or

(ii) liability that cannot legally be limited or excluded.

16.2 Baseline standard of service (reasonable care and skill)

(a) Where the Client is a consumer (and to the extent applicable), the Company will provide Services with reasonable care and skill in accordance with applicable consumer law.

(b) Where the Client is a business customer, the Company will provide Services with reasonable skill and care consistent with professional managed service practices, subject to:

(i) the Scope of Work;

(ii) the SLA and exclusions;

(iii) the Client’s responsibilities; and

(iv) technical feasibility constraints.

(c) The Client acknowledges that:

(i) “reasonable care and skill” does not mean perfection;

(ii) bugs, regressions, and vendor issues can occur; and

(iii) some outcomes depend on third parties, platform changes, or Client actions.

16.3 Disclaimers: no guarantee of outcomes

(a) The Company does not guarantee that the Services will achieve specific business outcomes, including (without limitation):

(i) increased sales or revenue;

(ii) increased traffic, rankings, or conversions;

(iii) improved deliverability or inbox placement;

(iv) approvals by third-party platforms; or

(v) uninterrupted site operation.

(b) The Company does not guarantee that:

(i) any third-party plugin, theme, API, or platform will remain available, compatible, or secure;

(ii) any third-party vendor will maintain pricing, licensing, or behaviour; or

(iii) any third-party service will meet its own uptime promises.

(c) The Company does not guarantee that Tasks will be delivered by a fixed deadline. Timeframes are targets under the SLA and are subject to exclusions, dependencies, and queue operation.

(d) The Company is not responsible for “subjective dissatisfaction” where a Deliverable meets the agreed brief and acceptance criteria (Part 6). A change of mind, rebrand, new strategy, or personal taste change is not a defect.

16.4 No responsibility for Client’s legal/compliance obligations

(a) The Client is solely responsible for:

(i) the legality of its content and products/services;

(ii) regulatory compliance applicable to its business (including sector-specific rules);

(iii) consumer law compliance for the Client’s customers;

(iv) privacy notices, cookie compliance, consent management, and marketing compliance;

(v) accessibility compliance and claims; and

(vi) any contractual obligations the Client has to third parties.

(b) The Company may provide general guidance, but such guidance:

(i) is not legal advice; and

(ii) is not a guarantee of compliance.

The Client must obtain independent professional advice where needed.

16.5 Client responsibility for security hygiene and third-party risk

(a) The Client acknowledges that many security risks arise from:

(i) weak passwords and poor access control;

(ii) reused credentials;

(iii) insecure admin users;

(iv) unlicensed (“nulled”) plugins and themes;

(v) unpatched third-party code; and

(vi) compromised endpoints on the Client’s side.

(b) The Company is not liable for security incidents caused by:

(i) Client negligence or failure to follow security guidance;

(ii) Client refusal to remediate known vulnerabilities;

(iii) third-party code vulnerabilities outside the Company’s control; or

(iv) unauthorised access caused by compromised Client credentials.

(c) The Client is responsible for maintaining appropriate:

(i) internal controls;

(ii) credential rotation practices; and

(iii) off-platform backups if required by its risk profile.

16.6 Excluded losses (no liability for indirect and consequential loss)

(a) To the maximum extent permitted by law, the Company will not be liable for any:

(i) loss of profits, revenue, or anticipated savings;

(ii) loss of business opportunity;

(iii) loss of goodwill or reputation;

(iv) loss or interruption of business;

(v) loss of contracts or customers;

(vi) loss of data (except where directly caused by the Company’s proven breach and subject to the caps below);

(vii) indirect, special, incidental, punitive, or consequential losses; or

(viii) pure economic loss not directly caused by the Company’s breach.

(b) The exclusions in clause 16.6(a) apply even if:

(i) the Company was advised that such losses were possible; or

(ii) such losses were foreseeable,

except where law prohibits such exclusions.

16.7 Liability cap (aggregate limit)

(a) Subject to clauses 16.8 and 16.9, the Company’s total aggregate liability to the Client for all claims arising out of or in connection with the Agreement (whether in contract, tort, or otherwise) is limited to the greater of:

(i) GBP £250; and

(ii) the total Fees actually paid by the Client to the Company for the affected Services in the three (3) months immediately preceding the event giving rise to the claim.

(b) If the claim relates to a one-off Quote or one-off Kit purchase, the “affected Services” for the purposes of clause 16.7(a)(ii) may be treated as the Fees paid for that Quote/Kit (rather than the preceding 3 months), but in all cases the Company’s liability remains capped and proportionate.

(c) For Hosting Services, any service Credits provided under Part 8 are:

(i) non-cash;

(ii) the sole remedy for uptime shortfalls; and

(iii) counted within the cap (i.e., Credits do not expand the cap).

(d) For SLA issues, any Credits under Part 7 are:

(i) non-cash;

(ii) the sole remedy for SLA misses where offered; and

(iii) counted within the cap.

(e) The cap applies per Client Account, not per website, and not per Ticket, and includes all related claims.

(f) The Client acknowledges that the cap reflects the managed service nature of the offering and the fact that the Company is not being paid as an insurer of the Client’s business.

16.8 Unlimited / non-excludable liabilities

Nothing in this Agreement limits or excludes liability for:

(a) death or personal injury caused by negligence;

(b) fraud or fraudulent misrepresentation;

(c) deliberate misconduct (where liability cannot be limited);

(d) any other liability that cannot be limited or excluded under applicable law.

16.9 Business vs consumer carve-outs

(a) If the Client is a consumer, nothing in this Agreement excludes or limits the Client’s rights under consumer law.

(b) Where a consumer remedy requires repeat performance or price reduction/refund, the Company will comply with the law and may not be able to rely on guaranteeing “Credits only” in that specific statutory context.

(c) Where the Client is a business customer, the limitations and exclusions in this Part 16 apply to the maximum extent permitted by law.

16.10 Third-party services, platforms, registries and upstream failures

(a) The Client acknowledges that the Services depend on systems outside the Company’s control, including:

(i) registries/registrars;

(ii) payment processors;

(iii) email networks;

(iv) plugin/theme vendors;

(v) DNS systems and propagation;

(vi) connectivity providers; and

(vii) global internet infrastructure.

(b) The Company is not liable for failures, delays, or losses caused by:

(i) third-party outages or degraded performance;

(ii) registry enforcement actions or disputes;

(iii) vendor licensing changes, security incidents, or discontinuations;

(iv) provider maintenance windows; or

(v) force majeure events,

except to the extent caused directly by the Company’s breach and subject to the caps.

16.11 Client-caused changes, overrides and “you changed it after completion”

(a) The Company is not liable for issues arising from:

(i) changes made by the Client or third parties after completion;

(ii) installation of new plugins/themes/code by the Client or third parties;

(iii) changes in hosting configuration made by the Client; or

(iv) use of credentials by anyone other than the Company’s authorised staff.

(b) If the Company investigates issues caused by Client changes, that work may be:

(i) treated as a new Task; and/or

(ii) chargeable via Quote if outside scope.

16.12 Data loss, backups, and restoration limitations

(a) The Company will use reasonable efforts to configure backups where included (Part 8), but backups are not infallible.

(b) The Company is not liable for data loss where:

(i) the Client failed to maintain independent backups required by its risk profile;

(ii) the loss arises from malware, corruption, or third-party code failures;

(iii) the Client instructs actions that overwrite data (e.g., restore to an earlier point); or

(iv) the loss is caused by Client changes or third-party actions.

(c) Where the Company is liable for data loss (rare, and only where directly caused by the Company’s proven breach), such liability remains subject to:

indicating that

(i) the exclusions in clause 16.6; and

(ii) the cap in clause 16.7.

(d) The Client must promptly notify the Company if data loss is suspected, and must cooperate to mitigate harm (see clause 16.15).

16.13 Security incidents and containment actions

(a) The Company may take protective actions (Part 8 and Part 15) including suspension, quarantine, access restriction, and emergency patching.

(b) The Company is not liable for losses arising from necessary containment actions taken in good faith to protect:

(i) the Client;

(ii) other clients; or

(iii) the hosting platform.

(c) The Company is not liable for losses caused by security incidents that originate from:

(i) Client credentials compromise;

(ii) insecure third-party plugins/themes; or

(iii) client refusal to remediate known security issues.

16.14 Special terms for high-impact instructions (DNS, domains, payments)

(a) Certain Client instructions create known risks (Part 6 and Part 9), including:

(i) DNS changes and nameserver changes;

(ii) domain transfers and registrant changes;

(iii) payment gateway changes;

(iv) email routing changes (MX changes); and

(v) major platform upgrades.

(b) Where the Company warns of inherent risk and the Client authorises the change via Ticket, the Company is not liable for:

(i) propagation delays;

(ii) temporary downtime;

(iii) deliverability disruption;

(iv) third-party verification delays; or

(v) consequences inherent to the authorised action,

except to the extent caused by the Company’s breach and subject to the cap.

16.15 Duty to mitigate and prompt reporting

(a) The Client must take reasonable steps to mitigate loss. This includes (as applicable):

(i) promptly reporting issues via Ticket;

(ii) promptly providing access and approvals;

(iii) refraining from making uncontrolled changes during investigation; and

(iv) following reasonable containment steps.

(b) If the Client fails to mitigate or delays reporting, the Company is not liable for losses that would have been avoided by reasonable mitigation.

16.16 Time limit for bringing claims

(a) To the maximum extent permitted by law, the Client must bring any claim arising out of or in connection with the Agreement within twelve (12) months of:

(i) the act or omission giving rise to the claim; or

(ii) when the Client became aware (or ought reasonably to have become aware) of the act or omission,

whichever is earlier.

(b) This clause does not apply where law prohibits such a limitation period (for example, certain consumer rights and non-excludable claims).

16.17 Insurance recommendation (Client risk management)

(a) The Client is responsible for obtaining insurance appropriate to its business and risk profile, including (where relevant):

(i) cyber insurance;

(ii) business interruption insurance;

(iii) professional indemnity for its own advice;

(iv) ecommerce and product liability coverage; and

(v) data protection risk coverage.

(b) The Company’s Fees do not include an insurance premium for the Client’s business risks.

16.18 Relationship to Credits-only model and no-refund policy

(a) The Client acknowledges that:

(i) the Company’s primary commercial remedies are Credits and repeat performance;

(ii) cash refunds are extremely limited (Part 12); and

(iii) the liability cap prevents the Services being treated as an “insured guarantee”.

(b) Where the Company offers Credits or goodwill, such actions:

(i) do not admit liability;

(ii) do not waive the limitations in this Part 16; and

(iii) do not create a precedent.

16.19 Severability and reasonableness

(a) Each provision of this Part 16 is intended to be severable. If any provision is held unenforceable, it shall be severed or narrowed to the minimum extent necessary, and the remainder shall remain in force.

(b) The parties agree that these limitations are reasonable in light of:

(i) the Fees charged;

(ii) the managed service model; and

(iii) the Client’s ability to obtain insurance and independent backups.

PART 17 — COMPLAINTS, ESCALATION & DISPUTE RESOLUTION

17.1 Purpose and principles

(a) The Company aims to resolve concerns quickly, fairly, and with a clear audit trail.

(b) This Part 17 sets out:

(i) how to raise issues and complaints;

(ii) the escalation pathway;

(iii) how disputes are evidenced and assessed; and

(iv) optional dispute resolution steps.

(c) This Part 17 applies to all complaints and disputes relating to:

(i) Plans and Hosting Services;

(ii) Tasks and Deliverables;

(iii) billing, Credits, upgrades/downgrades, and refunds;

(iv) data protection concerns; and

(v) conduct, support experience, and service quality.

(d) The Company encourages early reporting, clear evidence, and good-faith cooperation by both parties.

17.2 Ticket-first rule (mandatory for operational resolution)

(a) Operational issues must be raised through the Client Portal Ticketing system first, because:

(i) Tickets provide the authoritative record of instructions and delivery;

(ii) Tickets allow assignment, triage, and tracking; and

(iii) Tickets preserve evidence for later escalation if needed.

(b) If a complaint is sent via email (e.g., complaints@skunkwork.co.uk), the Company may:

(i) acknowledge receipt by email; and

(ii) request that the matter is logged via Ticket (or the Company may create a Ticket on your behalf).

The Ticket remains the authoritative record.

(c) Where a complaint concerns a security incident or data protection matter, the Company may still require Ticket logging, subject to confidentiality controls in Part 13.

17.3 How to raise a complaint (required information)

(a) A complaint should include:

(i) the Client name and Client Portal account identifier (where available);

(ii) the relevant Ticket ID(s), invoice number(s), Quote reference(s), or service identifiers;

(iii) a clear description of what happened;

(iv) the date(s) and time(s) relevant to the issue (UK time);

(v) what remedy you are seeking (e.g., re-performance, clarification, Credit);

(vi) evidence (screenshots, logs, emails, portal exports) where applicable; and

(vii) any relevant risk factors (e.g., business-critical outages, compliance deadlines).

(b) Complaints lacking sufficient information may be placed on Hold pending clarification. Timeframes cannot be assessed fairly without adequate detail.

(c) The Company may request:

(i) confirmation of authority (Part 2); and/or

(ii) secure data sharing via Approved Secure Channels (Part 13),

before investigating sensitive matters.

17.4 Complaint channels (provided addresses and their purpose)

For convenience, the Company provides contact addresses, which may be used to initiate or support a complaint, but may still be directed into the Ticket system for tracking:

(a) complaints@skunkwork.co.uk — formal complaints and service dissatisfaction

(b) privacy@skunkwork.co.uk — privacy, UK GDPR, and data protection concerns

(c) support@skunkwork.co.uk — general support queries (may be routed to Tickets)

(d) hosting@skunkwork.co.uk — hosting-related concerns (may be routed to Tickets)

(e) team@skunkwork.co.uk — general team contact (not a substitute for Tickets)

(f) jobs@skunkwork.co.uk — recruitment enquiries (not a support channel)

17.5 Complaint handling stages (internal escalation ladder)

Stage 1 — Operational Resolution (Ticket Resolution)

(a) Most issues are resolved at the operational level via Ticket.

(b) The Company will:

(i) review the Ticket record;

(ii) assess scope and SLA rules;

(iii) propose remediation steps where appropriate; and/or

(iv) explain why a request is out-of-scope or excluded.

(c) The Client must cooperate by providing:

(i) required access;

(ii) confirmations; and

(iii) consolidated feedback (Part 6),

to prevent delays.

Stage 2 — Formal Complaint Review (Complaints Channel + Ticket Evidence)

(d) If unresolved, you may request a formal complaint review.

(e) The Company will:

(i) consider the Ticket audit trail;

(ii) consider billing records and Quote acceptance;

(iii) consider any SLA exclusions;

(iv) consider security and compliance constraints; and

(v) issue a written response outlining the findings and proposed resolution.

Stage 3 — Senior Escalation / Management Review

(f) For complex or high-impact matters, the Company may escalate internally to a senior reviewer/manager.

(g) The senior reviewer may:

(i) request further evidence;

(ii) conduct a broader review; and/or

(iii) propose a final internal position.

17.6 Targets for complaint acknowledgement and updates (non-binding)

(a) The Company will aim to acknowledge formal complaints within a reasonable time during Working Hours.

(b) Investigation time depends on:

(i) complexity;

(ii) evidence availability;

(iii) third-party dependencies; and

(iv) whether sensitive verification is required.

(c) The Company will provide periodic updates where investigation is ongoing, but does not guarantee a fixed resolution time.

(d) These targets do not override SLA rules (Part 7) for operational Tickets, and do not apply during suspension for non-payment, fraud checks, or AUP breaches.

17.7 Remedies available through the complaints process (what you can reasonably expect)

(a) The Company’s remedies for service issues are generally limited to:

(i) clarification of scope and process;

(ii) correction of any proven error by repeat performance;

(iii) reasonable remediation steps consistent with your Plan;

(iv) Credit (non-cash) where appropriate and where not excluded; and/or

(v) explanation of exclusions or limitations.

(b) The Company does not provide cash refunds as a complaint remedy except:

(i) within the strict Part 12 window; or

(ii) where required by law.

(c) The complaints process does not expand liability beyond Part 16.

17.8 Billing disputes and chargeback prevention (must follow process)

(a) If your complaint relates to billing, you must comply with Part 10.14 (invoice disputes), including:

(i) raising the dispute promptly; and

(ii) paying undisputed amounts.

(b) The Client must not initiate a chargeback as a first resort. Chargebacks trigger suspension and may result in termination (Part 10.13).

17.9 Evidence hierarchy (what the Company relies on)

(a) The authoritative evidence for complaint resolution includes:

(i) Client Portal timestamps and logs;

(ii) Ticket transcripts and attachments;

(iii) Quote acceptance records;

(iv) invoice and payment records; and

(v) hosting platform logs (where available).

(b) The Company may disregard:

(i) verbal claims that contradict Ticket history;

(ii) instructions allegedly given outside the Ticket system (unless confirmed in writing by the Company via Ticket);

(iii) screenshots that are incomplete or cannot be verified.

17.10 Conduct expectations and staff protection

(a) The Company expects respectful communication. Abuse, harassment, threats, or discriminatory language toward staff is unacceptable and may be treated as an AUP breach (Part 15).

(b) If abusive conduct occurs, the Company may:

(i) restrict communication channels;

(ii) require written-only communications;

(iii) suspend support; and/or

(iv) terminate for breach,

without creating refund rights.

17.11 Optional alternative dispute resolution (ADR)

(a) If a dispute cannot be resolved through the complaints process, the parties may consider ADR, such as:

(i) mediation; or

(ii) a structured settlement discussion.

(b) ADR is voluntary unless required by law.

(c) Costs of ADR:

(i) unless agreed otherwise, each party bears its own costs; and

(ii) mediator fees (if any) are shared equally.

(d) ADR does not prevent either party from pursuing legal remedies, but is encouraged where it may reduce time and cost.

17.12 Governing law and jurisdiction (UK)

(a) This Agreement (and any dispute or claim arising out of or in connection with it) is governed by the laws of England and Wales.

(b) The courts of England and Wales shall have exclusive jurisdiction, except where:

(i) the Client is a consumer; and

(ii) mandatory consumer protection rules provide the right to bring proceedings elsewhere.

17.13 “Entire agreement” effect and no reliance

(a) Complaints are resolved by reference to the Agreement and the Ticket audit trail.

(b) The Client acknowledges that it has not relied on representations outside the Agreement, except where expressly recorded in the Client Portal or in a Ticket as an agreed written variation.

17.14 Continuous improvement and feedback

(a) The Company may use complaint feedback (in anonymised or aggregated form where feasible) to improve processes, training, and service design.

(b) Any internal improvements do not create retrospective obligations or implied admissions regarding past disputes.

17.15 Survival

This Part 17 survives termination to the extent necessary to:

(i) resolve disputes that arose during the term; and

(ii) enforce ongoing confidentiality and liability provisions.

PART 18 — MISCELLANEOUS LEGAL TERMS (NOTICES, ASSIGNMENT, FORCE MAJEURE, SEVERABILITY, WAIVER, THIRD-PARTY RIGHTS)

18.1 Notices and formal communications

(a) Any notice or other formal communication required or permitted under this Agreement (“Notice”) must be in writing.

(b) The default and preferred method for Notices is via the Client Portal, either:

(i) as a Ticket (for operational matters, service matters, billing matters, and most communications); and/or

(ii) as a Client Portal message or system notification (where available).

(c) Notices may also be delivered by email to the Company’s published addresses, including (without limitation):

(i) support@skunkwork.co.uk

(ii) hosting@skunkwork.co.uk

(iii) complaints@skunkwork.co.uk

(iv) privacy@skunkwork.co.uk

(v) team@skunkwork.co.uk

(vi) jobs@skunkwork.co.uk

For avoidance of doubt:

(A) jobs@skunkwork.co.uk is not a service support channel; and

(B) the Company may require that service-related Notices are recorded via Ticket for auditability.

(d) Notices from the Company to the Client may be served by:

(i) the Client Portal (Ticket updates, portal messages, invoice notifications);

(ii) email to the primary email address on the Client’s Account;

(iii) posting of changes in the Client Portal (where the Agreement allows updates under Part 1); and/or

(iv) any other contact method the Client has explicitly approved within its Account settings.

(e) Notices from the Client to the Company must be served by:

(i) raising a Ticket in the Client Portal (recommended); and/or

(ii) email from an Authorised User email address associated with the Account; and/or

(iii) another method expressly agreed by the Company in writing.

(f) Service of Notice is deemed effective:

(i) for Client Portal Tickets/messages: at the time the Ticket/message is recorded as submitted in the Client Portal;

(ii) for email: at the time the email is sent (provided no delivery failure notice is received), but excluding automated spam filtering effects on the recipient side; and

(iii) for public posting in the Client Portal for Agreement updates: at the time of posting, subject to the notice period rules in Part 1 (where applicable).

(g) The Client is responsible for ensuring its Account contact details are accurate and monitored. Failure to receive a Notice due to:

(i) spam filtering;

(ii) inbox restrictions;

(iii) outdated email addresses; or

(iv) Client-side misconfiguration,

does not invalidate the Notice where the Company has served it in accordance with this clause.

18.2 Authority, identity, and verification for Notices

(a) The Company may require verification of authority before actioning Notices that relate to:

(i) billing changes;

(ii) plan changes outside normal workflows;

(iii) domain/DNS changes;

(iv) high-impact hosting changes;

(v) account ownership changes; or

(vi) release of confidential/sensitive information.

(b) If the Company reasonably suspects fraud, coercion, impersonation, or account compromise, the Company may:

(i) delay actioning the Notice;

(ii) require additional confirmation steps; and/or

(iii) refuse action until verification is complete.

18.3 Assignment, transfer, and subcontracting

(a) Client assignment:

(i) The Client may not assign, transfer, novate, sub-license, or otherwise dispose of any of its rights or obligations under this Agreement without the Company’s prior written consent.

(ii) The Company may withhold consent where the proposed assignment increases risk (fraud, AUP, compliance, or solvency risk).

(b) Company assignment:

(i) The Company may assign, transfer, or novate this Agreement (in whole or in part) to:

(A) a group company; or

(B) a successor in interest in connection with a corporate reorganisation, sale of business, or asset transfer,

provided that the Client’s rights are not materially reduced.

(c) Subcontracting:

(i) The Company may subcontract performance of parts of the Services to contractors and sub-processors, provided that:

(A) the Company remains responsible for overall service delivery to the extent required by law; and

(B) confidentiality and data protection obligations are maintained (Part 13).

(ii) Subcontracting does not create a contractual relationship between the Client and the subcontractor.

18.4 Third-party rights

(a) Unless expressly stated otherwise, a person who is not a party to this Agreement has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.

(b) This does not affect any rights or remedies of third parties that exist independently of that Act (for example, intellectual property owners enforcing their rights).

18.5 Relationship of the parties (independent contractors; no partnership)

(a) The parties are independent contractors.

(b) Nothing in this Agreement creates:

(i) a partnership;

(ii) a joint venture;

(iii) a fiduciary relationship;

(iv) an agency relationship (except where the Company is expressly authorised to act as agent for a specific purpose, such as purchasing a third-party licence via Quote); or

(v) an employer-employee relationship.

(c) Neither party has authority to bind the other party except as expressly set out in this Agreement.

18.6 Entire agreement and order of precedence

(a) This Agreement (including the documents incorporated by reference) constitutes the entire agreement between the parties in relation to its subject matter and supersedes any prior discussions, correspondence, proposals, marketing statements, or understandings, whether oral or written.

(b) The Client acknowledges that it has not relied on any representation, statement, or promise not expressly set out in this Agreement, except where such reliance cannot be excluded by law.

(c) Order of precedence:

(i) Where there is a conflict between documents, the order of precedence is:

1) an accepted Quote (but only for the scope it covers);

2) the invoice/order confirmation and Client Portal product specification at the time of order;

3) this Agreement (Terms & Conditions + SLA);

4) the Scope of Work document (when published, to the extent it clarifies in-scope/out-of-scope);

5) the Company’s general website information pages, knowledge base materials, and guidance content.

(ii) For clarity, “marketing or informational content” does not override this Agreement where inconsistent.

18.7 Variations and amendments

(a) Client-requested variations:

(i) Any variation requested by the Client must be agreed in writing by the Company.

(ii) The Company may implement variations by:

(A) issuing an accepted Quote with amended terms; and/or

(B) confirming a variation via Ticket (expressly stated as a variation); and/or

(C) updating the Client Portal plan specification (where the Client purchases a new plan or accepts revised terms).

(b) Company updates to these Terms:

(i) The Company may update these Terms as described in Part 1 (Changes to Terms).

(ii) Continued use of Services after an update becomes effective constitutes acceptance of the updated Terms, subject to any statutory restrictions.

(c) No informal variation:

(i) Informal conversations, unconfirmed emails, or third-party statements do not vary this Agreement unless explicitly confirmed by the Company in writing.

18.8 Severability (keeping the contract alive)

(a) If any term of this Agreement is held to be invalid, illegal, or unenforceable, that term shall be severed (or modified to the minimum extent necessary) so that the remaining terms remain in full force and effect.

(b) If severing a term would materially undermine the Agreement’s commercial basis, the parties shall negotiate in good faith to replace the severed term with a lawful term that achieves a similar commercial intent.

18.9 Waiver (no accidental surrender of rights)

(a) A waiver is only effective if:

(i) it is in writing; and

(ii) it is expressly identified as a waiver; and

(iii) it is signed/confirmed by the party granting it (which may include confirmation via Ticket or authorised email).

(b) A failure or delay by either party to exercise any right or remedy does not constitute a waiver of that right or remedy.

(c) A waiver of any breach does not constitute a waiver of any subsequent breach.

18.10 Force Majeure (events outside reasonable control)

(a) Neither party shall be liable for any delay or failure to perform obligations (except payment obligations) if caused by a Force Majeure Event as defined in Part 1.

(b) If a Force Majeure Event occurs:

(i) the affected party shall notify the other party as soon as reasonably practicable;

(ii) the affected party shall use reasonable efforts to mitigate the impact; and

(iii) performance shall be suspended for the duration of the Force Majeure Event.

(c) If a Force Majeure Event continues for a prolonged period such that performance is materially affected, either party may terminate the affected Services by Notice, without liability for non-performance during the Force Majeure Event, subject to:

(i) non-refundable billing rules for already-paid periods (Part 10 and Part 12); and

(ii) the Client’s responsibility to export data before termination where feasible.

18.11 Confidentiality survives termination

The confidentiality obligations in Part 13 survive termination or expiry for so long as the information remains confidential, subject to lawful disclosure obligations.

18.12 Survival of key provisions

The provisions that by their nature should survive termination or expiry shall survive, including (without limitation):

(i) Part 10 (billing obligations for amounts already due);

(ii) Part 12 (refund rules for paid periods already processed);

(iii) Part 13 (confidentiality/data protection retention);

(iv) Part 14 (IP, licensing, and indemnities);

(v) Part 15 (AUP enforcement for breaches during term);

(vi) Part 16 (limitations of liability); and

(vii) Part 17 (complaints/dispute framework for disputes arising during term).

18.13 Counterparts and electronic acceptance

(a) This Agreement may be accepted electronically, including by:

(i) ticking an acceptance box in the Client Portal;

(ii) completing checkout where acceptance is presented; or

(iii) continuing to use Services after a posted update becomes effective (subject to Part 1).

(b) Electronic records and signatures are admissible and binding to the extent permitted by law.

18.14 Interpretation rules

(a) Headings are for convenience only and do not affect interpretation.

(b) “Including” means “including without limitation”.

(c) Singular includes plural and vice versa.

(d) Where the Agreement references “acting reasonably”, this means acting in good faith and in a manner consistent with:

(i) platform stability;

(ii) security and compliance obligations;

(iii) fairness across clients; and

(iv) operational feasibility.

(e) If there is any ambiguity, the Company may interpret operational requirements (security, verification, queue safety) in a manner that reduces risk, provided it does not unfairly prejudice the Client beyond what is necessary to achieve stability and compliance.

18.15 Contact address and identity (to be completed)

(a) The Company’s registered details, principal trading address, and legal entity details (company number where applicable) should be included in the “Company Information” section of the website and/or the Client Portal.

(b) If the Company details are updated, the Client Portal and/or website will be treated as the source of truth for those details.