Disclaimer & Limitation of Liability

1. Nature of Security Audits

Security code reviews and audits are professional assessments based on industry best practices, established security standards, and expert analysis. However, it is important to understand:

• No guarantee of completeness: We cannot guarantee that every security vulnerability will be identified
• Point-in-time assessment: Audits reflect the state of the system at the time of review
• Scope limitations: Findings are limited to the agreed scope of work
• New vulnerabilities: New attack vectors and vulnerabilities are discovered regularly
• Implementation dependent: Effectiveness depends on proper implementation of recommendations

2. Website Disclaimer

2.1 Information Accuracy

While we strive to provide accurate and up-to-date information on auditcode.co.uk, we make no warranties about:

• Completeness or accuracy of website content
• Suitability for particular purposes
• Uninterrupted website availability
• Freedom from errors or omissions

2.2 External Links

Our website may contain links to external sites. We are not responsible for:

• Content of external websites
• Privacy practices of third-party sites
• Accuracy of external information
• Availability of linked resources

3. Service Limitations

3.1 Professional Opinion

Our audit findings represent professional security opinions based on:

• Information provided by the client
• Code and systems within agreed scope
• Current security knowledge and standards
• Time and resources allocated to the engagement

3.2 No Guarantee of Security

AuditCode does not and cannot guarantee:

• Complete elimination of security vulnerabilities
• Prevention of all future security breaches
• Compliance certification or regulatory approval
• Specific outcomes from implementing recommendations
• Protection against zero-day exploits or unknown vulnerabilities

3.3 Client Responsibility

Clients remain responsible for:

• Implementation of security recommendations
• Ongoing security monitoring and maintenance
• Staff training and security awareness
• Incident response and breach notification
• Compliance with applicable laws and regulations

4. Limitation of Liability

4.1 Maximum Liability

To the fullest extent permitted by law, AuditCode's total liability for any claims arising from or related to our services shall not exceed the total fees paid for the specific engagement giving rise to the claim.

4.2 Excluded Damages

We shall not be liable for:

• Indirect or consequential losses
• Loss of profits, revenue, or business opportunities
• Loss of data or business interruption
• Reputational damage
• Third-party claims
• Punitive or exemplary damages

4.3 Exceptions

Nothing in this disclaimer excludes or limits liability for:

• Death or personal injury caused by negligence
• Fraud or fraudulent misrepresentation
• Breach of implied terms about title or quiet possession
• Any other liability that cannot be excluded by law

5. Specific Service Disclaimers

5.1 GDPR Compliance Audits

GDPR audit reports provide recommendations based on current regulations. We do not:

• Provide legal advice (consult your legal counsel)
• Guarantee regulatory approval or certificationGuarantee protection from penalties or enforcement actions
• Monitor ongoing compliance after audit completion

5.2 SOC 2 & ISO 27001 Readiness

Readiness assessments identify gaps and provide recommendations. We do not:

• Provide official certification (performed by accredited bodies)
• Guarantee successful certification outcome
• Act as your certified auditor for compliance purposes

5.3 Vulnerability Testing

XSS, MitM, and other vulnerability assessments:

• Are limited to testing methodologies and timeframes agreed
• May not identify all potential attack vectors
• Reflect vulnerabilities at the time of testing
• Do not guarantee prevention of future exploits

5.4 AI Code Review

AI-assisted analysis enhances review efficiency but:

• AI findings are verified by human experts
• AI may produce false positives or miss issues
• Final recommendations are based on expert judgment
• AI tools are supplementary to manual review

6. Time Limitations

Security landscapes evolve rapidly:

• Audit validity: Findings are accurate at the time of assessment
• Code changes: Audit does not cover post-engagement code modifications
• New threats: New vulnerabilities may emerge after audit completion
• Regular assessment: We recommend periodic re-audits (annually or after major changes)

7. Professional Indemnity Insurance

AuditCode maintains professional indemnity insurance covering our services. Coverage details are available upon request for active or prospective clients.

8. Force Majeure

We are not liable for delays or failures due to circumstances beyond reasonable control, including:

• Natural disasters or extreme weather
• War, terrorism, or civil unrest
• Government actions or legal restrictions
• Pandemic or public health emergencies
• Infrastructure failures (power, internet, etc.)
• Cyberattacks on our own systems

9. Governing Law and Jurisdiction

This disclaimer is governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

10. Severability

If any provision of this disclaimer is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

11. Acknowledgment

By using our services, you acknowledge that:

• You have read and understood this disclaimer
• You accept the limitations and exclusions stated
• You understand the inherent limitations of security assessments
• You will not rely solely on audit findings for security decisions

12. Contact

Questions about this disclaimer:

• Email: contact@auditcode.co.uk
• Website: auditcode.co.uk