About this agreement
This master services agreement (the "Agreement") sets out the terms on which Red Eagle Tech Ltd provides its managed IT support packages purchased online at redeagle.tech/services/managed-it-support. Red Eagle Tech Ltd is registered in England and Wales with company number 15496321 and VAT registration number 470867070 (registered office: Prospect House, Suite 26, 2 Athenaeum Road, London, N20 9AE), and is registered with the Information Commissioner's Office under reference ZB763188.
These terms are effective from 14 July 2026 (version 1.0).
In this Agreement, "we", "us" and "our" mean Red Eagle Tech Ltd, and "you" and "your" mean the business customer named in the Order. We have deliberately written this Agreement in plain English. It is still a contract, but you should not need a law degree to understand what you are buying and what we have promised.
Contents
- The parties, definitions and interpretation
- How this agreement fits together
- Formation and acceptance - business customers only
- Term, renewal and cancellation
- The services and what's in scope
- Service levels
- Onboarding
- Our 90-day satisfaction promise
- Adding and removing users
- What's not included
- Your obligations
- Third-party products and vendor terms
- Fees and payment
- Price changes
- Acceptable use and fair use
- Warranties and what we can't promise
- Limits on liability
- Indemnities
- Insurance
- Data protection
- Confidentiality
- Intellectual property and your documentation
- Termination and suspension
- Offboarding and exit assistance
- Non-solicitation of staff
- Events beyond our control
- Changes to these terms
- Assignment and subcontracting
- Notices
- General
- Governing law and disputes
Schedules: 1 Service description · 2 Service levels · 3 Data protection · 4 Acceptable use and minimum environment standards · 5 Third-party terms
1. The parties, definitions and interpretation
1.1 This Agreement is between Red Eagle Tech Ltd and the business customer identified in the Order.
1.2 In this Agreement, the following words have the following meanings:
"Order" - the checkout confirmation issued when you complete your purchase, recording the Package, the number of Supported Users, the billing term (Monthly Plan or Annual Plan) and the price. The Order forms part of this Agreement.
"Package" (or "Tier") - the managed IT support package named in your Order: Core, Advanced or Complete (the "business packages"), or VIP A, VIP B or VIP C (the "VIP packages").
"Supported User" - a named person in your organisation (an employee, director or engaged contractor) with an identity we manage for you (normally a Microsoft 365 account), covered by your Package. Per-user pricing, seat changes and the self-serve ceilings in clause 9 are all counted in Supported Users.
"Business Hours" - 08:30 to 17:30 UK time, Monday to Friday, excluding bank holidays in England and Wales. A "Business Day" is any day with Business Hours in it.
"Services" - the managed IT support services for your Package, as described in the Service Description and Schedule 2.
"Service Description" - the published description of what each Package includes and excludes, incorporated by reference under Schedule 1.
"Onboarding" and "Go-live Date" - the set-up work described in clause 7, and the date we confirm by email that it is complete.
"Offboarding" and "Standard Offboarding Pack" - the exit assistance described in clause 24.
"Environment Documentation" - the documentation of your IT environment that we build and maintain while providing the Services: asset registers, configuration records, network documentation, administrative credentials and ticket history.
"Client Data" - data belonging to you or your Supported Users that we access, host, back up or otherwise process in providing the Services.
"Minimum Environment Standards" - the baseline requirements in Schedule 4 that your environment must meet.
"Third-Party Terms" - the vendor end-customer terms listed in Schedule 5.
"Priority" (P1 to P4) - the ticket severity classifications defined in Schedule 2.
1.3 Headings are for convenience and do not affect interpretation. "Including" means "including without limitation". "In writing" includes email. References to legislation are to that legislation as amended or re-enacted.
2. How this agreement fits together
2.1 This Agreement consists of: (a) the Order; (b) these terms (the body of the Agreement); and (c) Schedules 1 to 5.
2.2 If there is any conflict, the order of precedence is: the Order first, then the Schedules, then the body of this Agreement.
2.3 Marketing copy on our website is not part of this Agreement, except for the Service Description, which is expressly incorporated by Schedule 1. Clause 30.1 (entire agreement) reinforces this.
3. Formation and acceptance - business customers only
3.1 A binding contract forms when you complete checkout, having ticked the box confirming you accept this Agreement (including the data processing terms in Schedule 3 and the Third-Party Terms in Schedule 5), and your payment is authorised. This Agreement was available to you before you paid, and a dated copy (or link to the version you accepted) is included with your receipt.
3.2 Our managed IT support packages are sold to business customers only. By purchasing, you warrant that:
you are buying wholly or mainly for the purposes of a business, trade, craft or profession, and not as a consumer; and
the person completing checkout has authority to bind the business named at checkout.
3.3 Because this is a business-to-business contract, consumer protection legislation (including the Consumer Rights Act 2015) does not apply to it. If you are unsure whether you qualify as a business customer, contact us before buying.
4. Term, renewal and cancellation
4.1 Monthly Plans run on a rolling monthly basis with no minimum term. Your plan continues month to month until cancelled. You can cancel at any time - through the billing portal or by asking the helpdesk - and cancellation takes effect at the end of the current billing period. You will not be charged again after that. We do not refund the remainder of a part-used month.
4.2 Annual Plans are billed once yearly in advance at a 10% discount to the monthly price. An Annual Plan renews automatically for a further 12 months at the then-current annual price. We send a renewal reminder by email at least 45 days before each renewal date. You can cancel at any time up to the renewal date, in which case the plan ends at the end of the current prepaid year and does not renew.
4.3 Cancelling an Annual Plan mid-year does not entitle you to a refund of the prepaid period, except under the 90-day satisfaction promise in clause 8. This is stated prominently at checkout.
4.4 Termination rights for both parties, including ours, are in clause 23.
5. The services and what's in scope
5.1 We will provide the Services for the Package and number of Supported Users in your Order, in accordance with this Agreement and the Service Description.
5.2 Servers are not included in any self-serve Package. Server support and management is available only under a separate written quote and order.
5.3 Business software licences are not included. You are responsible for buying and maintaining licences for your business software, including your Microsoft 365 subscriptions (see the Minimum Environment Standards in Schedule 4). The security and management tooling that we deploy to deliver the Services is included and remains our responsibility.
5.4 Work outside the scope of your Package (see clause 10) is chargeable separately and will always be quoted or agreed before we do it.
5.5 Our Packages are defined by outcomes, not by named tools. We may substitute any of the tooling we use to deliver the Services with materially equivalent or better tooling, subject to the subprocessor change process in Schedule 3 where personal data is affected.
6. Service levels
6.1 Schedule 2 sets out how we classify ticket Priority, the response targets for each Priority, how they are measured and what is excluded.
6.2 Our published response times are targets, not guarantees. We will use all reasonable endeavours to meet them, and we track and report our performance honestly, but a missed target is not of itself a breach of this Agreement.
6.3 We do not operate a service-credit scheme. If we persistently fail to meet the response targets, your remedies are (a) escalation to a director under Schedule 2, and (b) your right to leave - cancellation at any time under clause 4 (and, in the first 90 days, the satisfaction promise in clause 8). Those rights, together with clause 6.4, are your sole and exclusive remedy for failure to meet a response target.
6.4 Nothing in clause 6.3 limits your right to terminate for material breach under clause 23, or affects the liability provisions in clause 17.
6.5 Monitoring and managed detection and response (MDR) operate 24/7 as described in Schedule 2. Helpdesk response by our engineers is provided during Business Hours; outside Business Hours, response is limited to automated actions and containment by the CrowdStrike MDR service, plus (on the Complete package only) the out-of-hours emergency contact route described in Schedule 2.
7. Onboarding
7.1 Remote Onboarding is free on every Package. It covers: deployment of our management and security toolstack to in-scope devices; connection of your Microsoft 365 tenant to our management platform (via delegated admin access, GDAP); baseline security configuration; and creation of your initial Environment Documentation.
7.2 Onboarding starts after checkout and a short scheduling call. We confirm your Go-live Date by email once Onboarding is complete.
7.3 Free Onboarding assumes your environment meets the Minimum Environment Standards in Schedule 4. Fixing pre-existing faults, or bringing a non-compliant environment up to standard, is not part of free Onboarding - where remediation is needed we will tell you what is involved and quote for it before doing anything chargeable.
8. Our 90-day satisfaction promise
8.1 If you are not happy in the first 90 days after your Go-live Date, you may terminate this Agreement for any reason by telling us in writing. If you do:
we will provide the Standard Offboarding Pack (clause 24) free of charge;
you keep all your Environment Documentation and your Client Data (clause 22); and
on a Monthly Plan, billing stops at the end of the current billing period.
8.2 If you are on an Annual Plan and terminate under this clause within the first 90 days, we refund the unused whole months of your prepaid year, pro rata. Outside the 90-day window, prepaid periods are not refundable (clause 4.3), and this is stated in bold at checkout.
8.3 The promise applies to your first agreement with us only, once per client group. It is measured from the Go-live Date, and it requires your account to be paid up to date at the point you invoke it.
9. Adding and removing users
9.1 Seat changes are made by asking the helpdesk, by an authorised contact. Our email confirmation of the change is binding on both of us.
9.2 Additions take effect immediately. On a Monthly Plan the new seat is charged pro rata from the change date and appears on your next invoice. On an Annual Plan the new seat is billed pro rata to your plan anniversary.
9.3 Removals take effect from your request. We do not claw back charges for the current billing period, and the seat simply drops off future billing.
9.4 Each Package has a minimum seat count (Core 3, Advanced 5, Complete 10, VIP packages 1) and a self-serve ceiling of 25 Supported Users on business packages and 5 on VIP packages. Removals cannot take you below your Package minimum. If your headcount grows past the ceiling, we will agree a tailored quoted agreement with you; your existing terms continue until the quoted agreement replaces them (at your next renewal, or earlier by agreement).
10. What's not included
10.1 The following are outside the scope of every Package and are chargeable separately at our then-current rate card (available on request) or by quote:
fixing pre-existing faults - problems that existed before your Go-live Date;
hardware repair and replacement costs, including parts and manufacturer charges;
support for software outside your supported software list in the Service Description;
issues caused by changes you or your users make without consulting us, or by declining to follow our written advice (see also the waiver mechanism in clause 11.4);
project work: office moves, new-site setup, migrations, and planned upgrades beyond routine patching;
onsite visits, except where your Package's Service Description says otherwise;
data recovery beyond the documented recovery point and retention capability of the backup services included in your Package; and
server support and management (separate quote - clause 5.2).
10.2 Failures of third-party services we do not operate (for example your internet connection, a Microsoft 365 outage, or a domain registrar problem) are not service failures by us. We will liaise with the third party on your behalf so far as reasonably practicable, but progress depends on the third party's own response times and service levels.
11. Your obligations
11.1 You agree to:
give us the access and cooperation we reasonably need, including granting and maintaining delegated admin access (GDAP) to your Microsoft 365 tenant and administrative credentials for in-scope systems;
hold valid licences for all software we manage for you, including the Microsoft 365 licences required by Schedule 4;
maintain the Minimum Environment Standards in Schedule 4 throughout the term;
nominate and keep current at least one authorised contact for approvals, seat changes and escalations;
keep your Supported User count accurate - every person receiving support or covered by the security tooling must be a paid seat; and
give us accurate, timely information when we ask for it in connection with the Services.
11.2 If you breach the licensing or prerequisite obligations above, the service levels in Schedule 2 are suspended for the affected systems until the breach is fixed. We will tell you in writing when this happens.
11.3 We may rely on instructions from your authorised contacts and are not required to verify instructions that reasonably appear to come from them.
11.4 If we recommend a security remediation in writing and you decline it, we will record the declined recommendation (a "waiver"). We are not liable for incidents, losses or costs that result from a risk we identified and you declined to remediate. We also strongly recommend - but at self-serve tiers do not require - that you hold your own cyber insurance.
12. Third-party products and vendor terms
12.1 The Services are delivered using third-party security and management products (the current list is in Schedule 3, Part C and Schedule 5). Some vendors require their own end-customer terms to apply to your use of their product. Those Third-Party Terms are listed in Schedule 5 and form part of this Agreement; you accept them when you accept this Agreement at checkout.
12.2 Where a vendor gives warranties or commitments for its product, we pass them through to you only to the extent the vendor actually gives them to us. We do not enlarge any vendor's promises.
12.3 Support for all tooling we deploy comes from us, not from the vendor, unless Schedule 5 says otherwise. For example, under CrowdStrike's managed service provider terms, CrowdStrike does not provide services directly to you - we are responsible for providing your support.
12.4 If a vendor changes or discontinues a product, or we decide a different tool serves you better, we may substitute materially equivalent or better tooling under clause 5.5.
13. Fees and payment
13.1 Fees are per Supported User and are stated in your Order. Monthly Plans are billed monthly in advance; Annual Plans are billed yearly in advance at a 10% discount. All prices exclude VAT, which is charged at the applicable rate.
13.2 Payment is collected by our payment provider, Stripe, using the payment method you provide at checkout (card or Bacs Direct Debit). You can update your payment method and download VAT invoices in the billing portal at any time.
13.3 If a payment fails, Stripe retries it automatically and we email you. You then have a 14-day grace period from the first failed payment to bring your account up to date. The Services continue as normal during the grace period.
13.4 If your account is still unpaid at the end of the grace period, we may suspend the Services on written notice. During suspension the response targets in Schedule 2 do not apply, but we keep your monitoring and security tooling running wherever practicable. The Services are reactivated promptly once payment is received.
13.5 If your account is still unpaid 30 days after the first failed payment, we may terminate this Agreement and begin Offboarding under clause 24. Fees remain payable for the period up to termination.
13.6 We may charge statutory interest and compensation on overdue sums under the Late Payment of Commercial Debts (Interest) Act 1998.
14. Price changes
14.1 We may change the price of your Package by giving at least 30 days' notice by email. A change takes effect from your next billing period after the notice period ends - never part-way through a period you have already paid for. Annual Plan prices are locked for the whole of the prepaid year. We will not increase your price more than once in any 12-month period. There is no index-linked formula: because you can cancel at any time (clause 4), your right to leave before a change takes effect is your protection.
14.2 If you do not wish to accept a price change, you may cancel under clause 4 so that your plan ends before the change takes effect.
15. Acceptable use and fair use
15.1 Schedule 4 contains the acceptable use rules for services we operate on your behalf, and a fair-use principle for remote support.
15.2 Remote support on every Package is uncapped for ordinary operational use. If support volumes become persistently and abnormally high, we will start a conversation with you about the causes and options - we will never silently throttle your service.
16. Warranties and what we can't promise
16.1 We warrant that the Services will be performed with reasonable skill and care, consistent with good industry practice.
16.2 All other warranties, conditions and terms implied by statute or common law are excluded to the fullest extent permitted by law. This does not affect the statutory rights referred to in clause 17.1.
16.3 Important - no security guarantee.
The Services include security monitoring, endpoint protection, managed detection and response and related controls. These substantially reduce risk, but no security service can prevent or detect every threat, intrusion or attack. We do not warrant or guarantee that your systems will be free from compromise, malware, unauthorised access or data loss, and the Services are not a substitute for your own governance, insurance and business continuity arrangements. We flag this prominently because it is important, not because we plan to hide behind it.
17. Limits on liability
17.1 Nothing in this Agreement excludes or limits either party's liability for: death or personal injury caused by negligence; fraud or fraudulent misrepresentation; or any other liability that cannot lawfully be excluded or limited.
17.2 Subject to clause 17.1, neither party is liable to the other for: loss of profits, revenue, business, goodwill or anticipated savings; or any indirect or consequential loss, in each case arising under or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty or otherwise.
17.3 Subject to clause 17.1, we are not liable for loss, corruption or destruction of data or Client Data, except to the extent that the loss results from the failure of the backup service included in your Package (currently Axcient) to perform in accordance with its documented recovery point objective and retention settings. This carve-back is scoped to the backup service actually included and configured in your Package; it is not a general guarantee of your data.
17.4 Subject to clauses 17.1 and 17.5, each party's total aggregate liability arising under or in connection with this Agreement in any 12-month period is capped at the greater of (a) 125% of the fees you paid or which were payable in the 12 months preceding the first event giving rise to liability, and (b) £10,000. This general cap applies to all liability except our liability for data protection and loss of personal data, which has its own, higher cap in clause 17.5.
17.5 Our total aggregate liability for breaches of Schedule 3 (data protection) and for loss of personal data is limited to the amount we actually recover under our cyber-insurance policy in respect of the claim, subject to an overall maximum of £500,000 and a minimum of the general cap in clause 17.4. This data-protection cap is higher than, and applies in place of, the general cap in clause 17.4 for such claims, and is the overall ceiling on our liability for data-protection matters. It is aligned with the £500,000 cyber-insurance cover we maintain under clause 19.
17.6 The remedies in clause 6.3 are your exclusive remedy for failure to meet a response target, as set out in that clause and Schedule 2.
18. Indemnities
18.1 We will indemnify you against third-party claims that the tooling we deploy to deliver the Services infringes their intellectual property rights, to the extent we receive equivalent protection from the relevant vendor and pass it through under clause 12.2.
18.2 You will indemnify us against third-party claims and regulatory penalties arising from: content or data you or your users store or transmit unlawfully through the Services; your breach of the acceptable use rules in Schedule 4; or software in your environment for which you do not hold a valid licence.
18.3 The party claiming an indemnity must notify the other promptly, allow the other party to control the defence and settlement of the claim, and take reasonable steps to mitigate its losses.
19. Insurance
19.1 Throughout the term we will maintain, with reputable insurers, professional indemnity insurance of not less than £500,000 and cyber insurance of not less than £500,000. Certificates are available on request. We review these cover levels annually.
20. Data protection
20.1 Where we process personal data on your behalf in providing the Services, you are the controller and we are your processor, and Schedule 3 (the data processing agreement) applies.
20.2 We are a controller in our own right for the personal data we process to run our business - your account and billing details, our correspondence with you, and our service records. Our privacy policy describes that processing.
20.3 Each party will comply with applicable data protection law, including UK GDPR and the Data Protection Act 2018, in performing this Agreement.
21. Confidentiality
21.1 Each party will keep the other's confidential information confidential, use it only for the purposes of this Agreement, and disclose it only to those of its people who need it and are bound by equivalent confidentiality duties.
21.2 These duties do not apply to information that: is or becomes public through no fault of the receiving party; was lawfully known before disclosure; is lawfully received from a third party without duty of confidence; or must be disclosed by law or a regulator (with notice to the other party where lawful).
21.3 Confidentiality obligations survive for 5 years after this Agreement ends, and for trade secrets, for as long as they remain trade secrets.
22. Intellectual property and your documentation
22.1 We retain all intellectual property rights in our pre-existing and generic materials: our scripts, automations, monitoring configurations, playbooks, methods and know-how. We licence them to you for the term of this Agreement, for the purpose of receiving the Services.
22.2 You own your Client Data outright. You also own your Environment Documentation - asset registers, configuration records, credentials and ticket history - except that, where any element embeds our generic materials (clause 22.1), you receive a perpetual, royalty-free licence to use that element rather than ownership of our underlying materials. This is what makes the "leave with all your documentation" promise contractual rather than a marketing line.
22.3 Neither party gains any rights in the other's trade marks or branding.
23. Termination and suspension
23.1 You may cancel at any time under clause 4 (and clause 8 in the first 90 days). No notice period, no exit fee.
23.2 We may terminate for convenience on at least 60 days' written notice, expiring no earlier than the end of your current billing period (or prepaid year on an Annual Plan, unless we refund the unused whole months pro rata).
23.3 Either party may terminate immediately on written notice if the other: commits a material breach and fails to remedy it within 14 days of a written notice describing the breach; or becomes insolvent, enters administration or liquidation, or suffers any analogous event.
23.4 We may terminate for non-payment under clause 13.5.
23.5 We may suspend some or all of the Services, with as much notice as reasonably practicable, where: your account is unpaid past the grace period (clause 13.4); suspension is reasonably necessary to contain a security incident; or you materially breach the acceptable use rules in Schedule 4. We lift suspensions as soon as the cause is resolved. Response targets do not apply during suspension.
23.6 Clauses that by their nature should survive termination do so, including clauses 17, 18, 21, 22, 24, 25, 30 and 31 and Schedule 3's end-of-processing obligations.
24. Offboarding and exit assistance
24.1 Whenever this Agreement ends - whoever ends it, and for whatever reason - we provide the Standard Offboarding Pack free of charge:
export and handover of your Environment Documentation, including administrative credentials and passwords, configuration records, your asset register and your full ticket history (current and historic);
orderly removal of our management and security tooling from your devices and tenant, following each vendor's required removal or transfer process;
transfer of licences and subscriptions to you or your incoming provider, where the vendor permits transfer; and
reasonable cooperation with your incoming IT provider during the handover.
24.2 Extended exit assistance - data migrations to a successor platform, project work, or support beyond the Standard Offboarding Pack - is available at our then-current rate card, agreed in advance, for up to 3 months after termination.
24.3 Deletion or return of personal data at the end of the Services is governed by Schedule 3.
25. Non-solicitation of staff
25.1 Neither party will, without the other's prior written consent, solicit or employ (directly or via a third party) any employee or contractor of the other who was materially involved in the Services, during the term and for 12 months after this Agreement ends.
25.2 If a party breaches clause 25.1, it will pay the other a fee of 35% of the individual's gross annual salary (or annualised fees) at the date of the offer, as a genuine pre-estimate of the recruitment and replacement costs the other party will incur.
25.3 This clause does not prevent either party from hiring someone who responds to a genuine public job advertisement not targeted at the other's staff, or who approaches them without solicitation.
26. Events beyond our control
26.1 Neither party is liable for failure or delay in performing its obligations (other than payment obligations) caused by events beyond its reasonable control, including power or telecommunications failure, natural disaster, epidemic, civil unrest, industrial action, or failure of a cloud platform or vendor service beyond that party's reasonable control.
26.2 The affected party must notify the other promptly, use reasonable endeavours to mitigate, and resume performance as soon as it can. If a force majeure event continues for more than 30 days, either party may terminate on written notice.
26.3 Vendor and third-party outages are already excluded from the response targets under Schedule 2; this clause does not expand those exclusions.
27. Changes to these terms
27.1 We may update this Agreement from time to time. For material changes we will give you at least 30 days' notice by email (not merely a website update) before the change takes effect.
27.2 If you do not accept a material change, you may cancel under clause 4 so that your plan ends before the change takes effect. Continuing to use the Services after the effective date is acceptance of the updated terms.
27.3 Changes never reduce what you have already paid for: on an Annual Plan, your price is locked for the prepaid year (clause 14), and any change materially reducing the Services in your prepaid year entitles you to terminate and receive a pro-rata refund of unused whole months.
28. Assignment and subcontracting
28.1 We may subcontract elements of the Services (the vendor toolchain in Schedule 3 Part C is subcontracting in this sense), but we remain fully responsible to you for our subcontractors' performance.
28.2 Neither party may assign this Agreement without the other's consent (not to be unreasonably withheld), except that either party may assign to a group company or to a purchaser of its business without consent, on notice to the other.
29. Notices
29.1 Notices under this Agreement may be given by email: to you, at the account email address on your Order (keep it current); to us, at the contact address published on our contact page or shown on your Order confirmation.
29.2 A notice sent by email is deemed received on the next Business Day after sending, unless the sender receives a delivery failure.
29.3 Operational requests (including seat changes) made to the helpdesk by an authorised contact, and confirmed by us by email, are binding without a separate formal notice.
30. General
30.1 Entire agreement. This Agreement (the Order, these terms and the Schedules) is the entire agreement between us about the Services and supersedes all earlier discussions and representations, except any made fraudulently. Website marketing copy is not part of it (clause 2.3).
30.2 Severance. If any provision is found unenforceable, the rest of the Agreement is unaffected, and the provision applies with the minimum modification needed to make it enforceable.
30.3 Waiver. Not enforcing a right is not a waiver of it.
30.4 No partnership. Nothing in this Agreement creates a partnership, joint venture or agency between us.
30.5 Third-party rights. Except where Schedule 5 expressly provides that a vendor may enforce specific flow-down terms, no one other than you and us has any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce this Agreement.
31. Governing law and disputes
31.1 This Agreement and any dispute arising out of or in connection with it (including non-contractual disputes) are governed by the law of England and Wales.
31.2 Before starting proceedings, the parties will first escalate the dispute to a senior manager or director of each party, who will meet (in person or remotely) within 14 days and attempt to resolve it in good faith. If that fails, the parties will consider mediation on the CEDR model before litigating. Binding arbitration is deliberately not used, because it is cost-disproportionate at these contract sizes.
31.3 Subject to clause 31.2, the courts of England and Wales have exclusive jurisdiction.
Schedule 1 - service description
S1.1 The definitive description of what each Package includes and excludes (the "Service Description") is the package matrix published at redeagle.tech/services/managed-it-support, as at the date of your Order. It is incorporated into this Agreement by reference, and a dated snapshot (or link to the version current at your Order date) is supplied with your receipt so there is never doubt about what you bought.
S1.2 For convenience, the Packages and their structural terms are summarised below. If this summary and the Service Description ever differ, the Service Description at your Order date prevails; per-seat prices are those shown at checkout and recorded in your Order.
| Package | Sold as | Supported Users (self-serve) | P1 response target |
|---|---|---|---|
| Core | Business package | 3–25 | 1 business hour |
| Advanced | Business package | 5–25 | 30 business minutes |
| Complete | Business package | 10–25 | 30 business minutes |
| VIP A | VIP (micro/individual) package | 1–5 | 1 business hour |
| VIP B | VIP (micro/individual) package | 1–5 | 1 business hour |
| VIP C | VIP (micro/individual) package | 1–5 | 1 business hour |
S1.3 On every Package: 24/7 monitoring and CrowdStrike-delivered managed detection and response are included (scope in Schedule 2); remote Onboarding is free (clause 7); Monthly Plans have no minimum term and Annual Plans carry a 10% discount (clause 4); the 90-day satisfaction promise applies (clause 8).
S1.4 On every Package: servers are excluded and quoted separately (clause 5.2); business software licences, including Microsoft 365, are excluded (clause 5.3); out-of-scope work is chargeable (clause 10).
Schedule 2 - service levels
Part A - priority definitions
| Priority | Definition | Examples |
|---|---|---|
| P1 - critical | Your business (or a whole site or core service) cannot operate, or there is an active security incident. | Everyone offline; email down for all users; suspected ransomware or confirmed compromise. |
| P2 - high | A core business function or several Supported Users are severely degraded, with no reasonable workaround. | A line-of-business application down for a team; a shared mailbox or file store unavailable. |
| P3 - normal | A single Supported User is affected, or a problem has a workaround. | One user's Outlook misbehaving; a printer problem with another printer available. |
| P4 - low | Routine requests and questions with no operational impact. | New starter setup; how-do-I questions; standard changes and advice. |
S2.1 We classify Priority when the ticket is logged, acting reasonably; you can ask us to reclassify and we will not unreasonably refuse.
Part B - response targets
| Priority | Core / VIP A / VIP B / VIP C | Advanced / Complete |
|---|---|---|
| P1 | 1 business hour | 30 business minutes |
| P2 | 4 business hours | 2 business hours |
| P3 | 1 Business Day | 4 business hours |
| P4 | 2 Business Days | 1 Business Day |
S2.2 The targets are response targets, not resolution targets, and are targets rather than guarantees (clause 6.2). We will use all reasonable endeavours to meet them.
S2.3 "Response" means a qualified engineer has begun actively investigating the ticket or has contacted you about it - whichever happens first. It does not mean the issue is resolved.
S2.4 Measurement. The clock starts when the ticket is logged with the helpdesk through a supported channel (portal, email or phone) and runs during Business Hours only. The clock pauses while we are waiting on you (for information, access or approval) or on a third party outside our control.
Part C - hours and 24/7 scope
S2.5 Helpdesk hours: Monday to Friday, 08:30–17:30 UK time, excluding bank holidays in England and Wales.
S2.6 24/7 monitoring and MDR. Automated monitoring of managed devices, and managed detection and response for endpoints delivered by CrowdStrike's Falcon Complete team, operate continuously - 24 hours a day, 7 days a week - on every Package. Outside Business Hours, response is limited to automated actions and MDR containment and remediation of endpoint threats; helpdesk engineers respond in Business Hours.
S2.7 Out-of-hours emergency contact (a route to reach a human for a P1 emergency outside Business Hours) is included on the Complete package only.
Part D - exclusions and remedy
S2.8 The response targets do not apply to:
issues caused by you or your users, including unauthorised changes and declined recommendations recorded under clause 11.4;
periods when your environment does not meet the Minimum Environment Standards (clause 11.2);
failures of third-party services we do not operate (clause 10.2);
periods of suspension (clauses 13.4 and 23.5);
events beyond our reasonable control (clause 26); and
out-of-scope work (clause 10).
S2.9 Escalation. If you believe we are persistently missing targets, you may escalate in writing to a director, who will respond within 2 Business Days with findings and an action plan.
S2.10 The exclusive-remedy position for missed targets is set out in clause 6.3: we do not operate a service-credit scheme, and escalation plus your right to leave is your remedy.
Schedule 3 - data protection (data processing agreement)
Part A - roles and scope
S3.1 For personal data we process on your behalf in delivering the Services ("Client Personal Data"), you are the controller and we are the processor. This Schedule contains the terms required by Article 28(3) UK GDPR.
Part B - processor obligations
S3.2 We will:
process Client Personal Data only on your documented instructions (this Agreement is your instruction set), including for international transfers, unless required by law - in which case we tell you first unless the law prevents it;
ensure everyone we authorise to process Client Personal Data is bound by confidentiality;
implement appropriate technical and organisational security measures (Article 32 UK GDPR);
engage subprocessors only under Part C, and flow down obligations equivalent to this Schedule in a written contract, remaining liable for their performance;
taking into account the nature of the processing, assist you (by appropriate technical and organisational measures, insofar as possible) in responding to data-subject rights requests;
assist you with your security, breach-notification, and data protection impact assessment obligations, taking into account the information available to us;
notify you without undue delay after becoming aware of a personal data breach affecting Client Personal Data;
at the end of the Services, at your choice, delete or return all Client Personal Data (aligned with the Offboarding process in clause 24) and delete existing copies unless law requires storage; and
make available the information necessary to demonstrate compliance with this Schedule, and allow for and contribute to audits (on reasonable notice, no more than once per year unless a regulator requires otherwise or there has been a breach).
Part C - subprocessors
S3.3 You give general written authorisation for the subprocessors in the table below. We will give you at least 30 days' advance written notice of any addition or replacement, and you may object on reasonable data-protection grounds within that period; if we cannot resolve a reasonable objection, you may terminate the affected Services without penalty.
| Subprocessor | Role in the Services | Used in |
|---|---|---|
| NinjaOne | Remote monitoring and management: device inventory, patching, remote support access | All packages |
| CrowdStrike | Falcon endpoint protection (EDR); 24/7 managed detection and response (Falcon Complete); identity threat protection; mobile device protection | All packages |
| Check Point | Harmony Email (email security scanning); Harmony SASE (secure access gateway) | Harmony Email: all packages; Harmony SASE: Complete |
| Cloudflare | Zero-trust network access and DNS filtering | VIP C |
| DNSFilter | DNS content and threat filtering | All packages except VIP C |
| Axcient | Microsoft 365 cloud backup; workstation backup and disaster recovery | Cloud backup: all packages except VIP A; workstation backup: Advanced, Complete, VIP B, VIP C |
| 1Password | Password management vault | All packages |
| usecure | Security awareness training and dark-web monitoring | Advanced, Complete, VIP C |
| Microsoft | Microsoft 365 platform; delegated administration of your tenant via GDAP | All packages |
| Stripe / SendGrid (Twilio) | Billing and payment processing (Stripe); transactional email and service communications (SendGrid) | All clients |
Part D - international transfers
S3.4 We are based in the United Kingdom and process Client Personal Data in the UK. Some of the subprocessors in Part C process Client Personal Data outside the UK, including in the United States - countries not covered by UK "adequacy" regulations. A transfer to such a country is a "restricted transfer" under UK data protection law and needs an appropriate safeguard.
S3.5 For every restricted transfer, we ensure an appropriate safeguard recognised by UK data protection law is in place before the transfer happens - in practice the UK International Data Transfer Agreement (the "IDTA"), or the EU Standard Contractual Clauses as amended by the UK Addendum (the Information Commissioner's International Data Transfer Addendum to the EU SCCs). That safeguard is incorporated into the data processing terms of the relevant subprocessor, which we enter into when we appoint that subprocessor under Part C. We do not reproduce those safeguards in this Agreement because the restricted transfer is between us and the subprocessor, not between you and us - we are both in the UK.
S3.6 We will not appoint, or keep using, a subprocessor that makes a restricted transfer of Client Personal Data unless that safeguard is in place. Where a subprocessor offers a UK or EU data-hosting region for your data, we will use it where that is compatible with the Services. We will give you the details of the safeguard for any subprocessor on your written request.
S3.7 If a safeguard we rely on ceases to be valid (for example after a change in the law or a regulator's decision), or a subprocessor can no longer maintain it, we will without undue delay put an alternative approved safeguard in place or stop the affected transfer, and tell you.
Part E - processing details (Article 28(3) particulars)
| Subject matter | Provision of managed IT support: device management, security monitoring and response, email security, backup, helpdesk support and related services. |
|---|---|
| Duration | The term of the Agreement, plus the offboarding period in clause 24 and any legally required retention. |
| Nature and purpose | Monitoring, securing, backing up, supporting and administering your IT environment and Supported Users' devices and accounts. |
| Types of personal data | Names, business contact details, account identifiers and credentials, device and usage data, email metadata and (incidentally, through backup, email scanning and support access) the content of files and communications. |
| Categories of data subject | Your Supported Users (employees, directors, contractors) and third parties whose data appears in your systems (for example customers and suppliers). |
Schedule 4 - acceptable use and minimum environment standards
Part A - acceptable use
S4.1 For services we operate on your behalf (including filtering, secure access and email security), you and your users must not:
use them for unlawful purposes, or to store or transmit unlawful content;
circumvent, disable or interfere with the security controls we operate (that includes uninstalling agents, disabling MFA, or whitelisting around filtering without our agreement);
use them to infringe others' rights, or to send spam or malicious traffic; or
resell or provide the Services to anyone outside your organisation.
S4.2 Fair use. Remote support is uncapped for ordinary operational use by Supported Users. If usage becomes persistently abnormal (for example, volumes far beyond typical for your headcount, or systematic use for out-of-scope work), we will raise it with you and agree a way forward. We never silently throttle (clause 15.2).
Part B - minimum environment standards
S4.3 Your environment must meet, and continue to meet, the following baseline:
Microsoft 365 Business Premium (or a plan with equivalent security capability agreed with us in writing) for every Supported User on the business packages (Core, Advanced, Complete). VIP packages require a Microsoft 365 subscription that supports the security features in your Package's Service Description.
Supported operating systems: every in-scope device runs an operating system version still receiving security updates from its vendor (for Windows, a supported Windows 11 release or newer; for macOS, a version currently receiving Apple security updates).
Capable hardware: devices within the manufacturer's support life and capable of running a supported operating system and our toolstack.
Multi-factor authentication enabled for all user accounts we manage.
Our toolstack stays installed: the agents and controls we deploy remain installed and enabled on in-scope devices.
Access maintained: our delegated admin (GDAP) access to your tenant, and administrative access to in-scope systems, stays in place.
Licensing: valid licences for all software we manage for you (clause 11.1).
S4.4 If your environment falls below this baseline, clause 11.2 applies (service levels suspended for the affected systems), and remediation work is chargeable under clause 10. We will always tell you before anything becomes chargeable.
Part C - client obligations reminder
S4.5 The obligations in clause 11 (access, cooperation, authorised contacts, accurate seat counts, timely information) form part of this Schedule as operational requirements.
Schedule 5 - third-party terms
S5.1 Your use of the third-party products below is subject to the vendor's end-customer terms listed in this Schedule ("Third-Party Terms"). By accepting this Agreement you also accept the Third-Party Terms. Where a vendor's terms require it, that vendor may enforce its flow-down terms directly (clause 30.5).
S5.2 CrowdStrike (mandatory flow-down). Your use of CrowdStrike Falcon products and the Falcon Complete MDR service is governed by CrowdStrike's Terms and Conditions Applicable to Managed Service Provider Distributor Customers (the CrowdStrike flow-down terms), which are incorporated into this Agreement. Under those terms, CrowdStrike does not provide services or support directly to you: we are responsible for providing all technical support for the CrowdStrike products in your Package. Incorporation of these terms is a mandatory requirement of the CrowdStrike partner programme.
S5.3 The following vendor end-customer terms apply to the products used in your Package:
| Vendor (and where used) | End-customer terms that apply |
|---|---|
| CrowdStrike (all packages) | Falcon end-user terms + MSP distributor flow-down terms (see S5.2); CrowdStrike Global Data Protection Agreement |
| Microsoft 365 (all packages, via CSP) | Microsoft Customer Agreement (accepted at onboarding) + Microsoft Product Terms + Microsoft DPA (aka.ms/dpa) |
| Axcient (backup packages) | Axcient terms and conditions of sale (axcient.com/terms-and-conditions) |
| Check Point - Harmony Email (all) / Harmony SASE (Complete) | Check Point cloud terms / end-user licence (checkpoint.com/about-us/cloud-terms) + Customer DPA |
| Cloudflare (VIP C) | Cloudflare self-serve subscription agreement + DPA (cloudflare.com/terms) |
| DNSFilter (all except VIP C) | DNSFilter Terms of Service (dnsfilter.com/terms-of-service) |
| NinjaOne (all packages) | NinjaOne end-user licence (ninjaone.com/license-agreement) + DPA |
| 1Password (all packages) | 1Password Terms of Service + DPA (1password.com/legal) |
| usecure (Advanced, Complete, VIP C) | usecure Terms of Service incl. its Schedule 2 DPA (usecure.io/legal) - England and Wales law; section 2A MSP/sub-processor chain |
| Pax8 (distributor of the Microsoft, Axcient and DNSFilter products) | Pax8 Partner Terms + Pax8 Products EULA directory + Pax8 DPA - SCCs + UK Addendum (pax8.com/en-us/terms) |
S5.4 Vendor warranties pass through only to the extent we receive them (clause 12.2). If a vendor changes its product or terms, clause 5.5 (substitution) and Schedule 3 Part C (subprocessor changes) apply.