Terms & Conditions

1.1 These Terms & Conditions ("Agreement") govern the provision of all services, including but not limited to website design, development, digital marketing, consulting, and hosting services, by Morningstar Digital Pty Ltd ("Morningstar Digital," "we," "us," or "our") to you, the client ("you" or "your").

1.2 By engaging Morningstar Digital's services, whether via a signed agreement, written confirmation, electronic acceptance, or by conduct, payment, and continued use as described in clause 1.5, you acknowledge that you have read, understood, and agree to be bound by these Terms & Conditions.

1.3 This Agreement, including any referenced policies or supplementary agreements, constitutes the entire agreement between the parties and supersedes all prior negotiations, agreements, understandings, and communications, whether written or oral.

1.4 Morningstar Digital reserves the right to update, modify, or amend this Agreement at any time. Any modifications will become effective 30 days after notification via our website or by direct email to the client. Continued use of our services constitutes acceptance of the updated terms.

1.5 Acceptance by Conduct, Payment and Continued Use. You are deemed to have read, understood, accepted and agreed to be bound by these Terms if you do any of the following: request, approve, receive, access, use or continue to use any services provided by us; pay, part-pay, authorise payment of, or fail to dispute an invoice within the stated dispute period; maintain a payment method on file; authorise recurring billing; continue to receive hosting, care plan, maintenance, marketing, advertising, consulting, support or other services after being notified of these Terms; or otherwise act in a manner consistent with receiving the benefit of the services. This applies whether or not a separate proposal, order form, statement of work or signed agreement has been executed.

1.6 Existing and Legacy Customers: If you received services from us before these Terms were published or updated, these Terms apply to all services supplied on or after the effective date notified to you by email, invoice, account notice, website notice, payment link, proposal or other written communication. Your continued use of the services, continued receipt of services, payment of any invoice, maintenance of a payment method on file, or failure to cancel before the effective date constitutes acceptance of these Terms.

1.7 Any purchase order, supplier onboarding document, vendor portal term, procurement term, invoice note, payment remittance term, email footer or other document provided by you is for administrative convenience only and does not amend, override or form part of this Agreement unless expressly agreed in writing by one of our authorised directors. Any such terms are rejected and have no legal effect.

2.1 Ownership of deliverables

2.1.1 Morningstar Digital retains full ownership of all intellectual property, including but not limited to website code, graphics, written content, concepts, templates, and strategies, until full payment of all outstanding invoices.

2.1.2 Upon full payment, ownership of the final work product (excluding any third-party software, stock images, or licensed content) is transferred to you.

2.2 Third-party materials & licensing

2.2.1 Any third-party assets, including but not limited to fonts, stock images, licensed plugins, and external software integrations, remain the property of their respective owners and are subject to their own licensing agreements.

2.2.2 If third-party software or materials are used in your project, it is your responsibility to comply with licensing terms and renewals.

2.3 Confidentiality & non-disclosure

2.3.1 All project details, pricing, strategies, and proprietary methodologies shared by Morningstar Digital are considered confidential information. You may not disclose this information to third parties without explicit written consent from Morningstar Digital.

2.3.2 Morningstar Digital will maintain strict confidentiality regarding any proprietary information provided by you unless disclosure is required by law.

2.4 Marketing rights

2.4.1 Morningstar Digital retains the non-exclusive, royalty-free right to use client names, logos, testimonials, and case study content, and final project deliverables (including website design, visual assets, and project screenshots) for promotional purposes (e.g., website, pitch decks, advertising, and social media channels).

2.4.2 Right to Signature:

• Morningstar Digital may display a signature, link, or credit on the final website or digital property created or managed by us.

2.4.3 Opt-Out Provision:

• Clients may opt-out of the Signature Right (2.4.2) or the Showcase Right (2.4.1, inclusion of project deliverables in social media/promotional materials) by providing explicit written notice to Morningstar Digital.
• If no written objection is received, the client is deemed to have granted permission for these uses.

3.1 Content & compliance

3.1.1 You are solely responsible for ensuring that all materials (text, images, videos, files, etc.) provided to Morningstar Digital do not infringe on third-party copyrights, trademarks, or intellectual property rights.

3.1.2 You agree to indemnify, defend, and hold Morningstar Digital harmless against any claims, damages, losses, liabilities, and legal costs arising from the use of unauthorised materials or failure to comply with applicable laws.

3.2 Indemnification for third-party claims

3.2.1 You agree to indemnify and hold Morningstar Digital, its directors, employees, contractors, and agents harmless from any claims, liabilities, costs, or damages, including legal fees, arising out of:

• The content provided by you.
• Any third-party legal claims related to your website or marketing materials.
• Your failure to comply with privacy laws, consumer protection laws, eCommerce regulations, or accessibility requirements.

4.1 Restriction on hiring Morningstar Digital employees & contractors

4.1.1 You agree that during the term of engagement and for a period of 36 months following termination of services, you shall not directly or indirectly solicit, recruit, employ, or engage any employee, contractor, or subcontractor of Morningstar Digital without prior written consent.

4.1.2 If this restriction is breached, you agree to pay liquidated damages of AUD $60,000 (GST exclusive) as a reasonable estimate of Morningstar Digital's recruitment, training, and operational costs.

5.1 Website performance

5.1.1 Morningstar Digital makes commercially reasonable efforts to develop websites optimised for search engine ranking. However, we do not guarantee specific search engine rankings, visitor traffic, or conversion rates, as these are influenced by external factors beyond our control.

5.1.2 Any alterations made by you or third parties post-delivery, including but not limited to unauthorised changes in code, plugins, or hosting environment, void all warranties and service guarantees.

5.1.3 We do not guarantee any particular commercial outcome, including search ranking, traffic, leads, sales, revenue, conversion rate, return on ad spend, cost per lead, cost per acquisition, email deliverability, page speed score, Core Web Vitals score, platform approval, account status, or uninterrupted availability. Any forecasts, estimates, benchmarks, case studies or examples are illustrative only and are not promises or guarantees of future performance.

5.2 Hosting & server management

5.2.1 If Morningstar Digital provides website hosting services, you agree that:

• Hosting fees are billed on a monthly or annual basis.
• Late payments may result in service suspension or termination.
• Morningstar Digital is not responsible for server downtimes caused by third-party providers.

5.2.2 If hosting is provided by a third party, Morningstar Digital is not responsible for compatibility issues, performance degradation, or security vulnerabilities caused by the hosting provider.

5.3 Hosting fair use & acceptable use policy

5.3.1 Purpose: To ensure equitable and high-performance service delivery across all client accounts, Morningstar Digital operates under a Fair Use Policy for hosting, plugins, and support services.

5.3.2 Resource Allocation by Plan: Each Care Plan includes a specific allocation for disk storage and bandwidth to ensure optimal performance and fair resource distribution across our network. Clients are responsible for monitoring their usage and ensuring it remains within the limits of their selected plan.

If hosted in Kinsta:

• Essentials Plan: Includes up to 10GB of disk storage, 100GB of CDN bandwidth, and 100GB of monthly bandwidth.
• Pro Plan: Includes up to 25GB of disk storage, 250GB of CDN bandwidth, and 250GB of monthly bandwidth.
• Expert Plan: Includes up to 50GB of disk storage, 500GB of CDN bandwidth, and 500GB of monthly bandwidth.

If hosted in Synergy Wholesale:

• Essentials Plan: Includes up to 10GB of disk storage, 2 GB RAM, 200% CPU, Auto SSL.
• Pro Plan: Includes up to 25GB of disk storage, 4 GB RAM, 300% CPU, Auto SSL.
• Expert Plan: Includes up to 50GB of disk storage, 6 GB RAM, 400% CPU, Auto SSL.

5.3.3 Overage Charges: Clients whose usage exceeds the allocated resources for their plan will incur overage charges. Morningstar Digital will notify the client upon exceeding their limits. Overage charges are billed as follows:

If hosted in Kinsta:

• Disk Storage: AUD $150 per month for each additional 10GB block.
• Bandwidth: AUD $100 per month for each additional 100GB block.
• CDN: AUD $150 per month for each additional 100 GB block.

If hosted in Synergy Wholesale:

• Disk Storage: AUD $150 per month for each additional 10GB block.

Continued excess usage may result in an immediate plan upgrade, suspension, or repricing at Morningstar Digital's discretion.

5.3.4 eCommerce Website Requirement: Due to the increased resource demands and security considerations of transactional websites, all client sites with eCommerce functionality are required to be on a Pro Plan or higher. eCommerce functionality is defined as any feature or plugin that facilitates online payment processing, including but not limited to WooCommerce, Easy Digital Downloads, MemberPress, and direct payment gateway integrations such as Stripe or PayPal. Morningstar Digital reserves the right to upgrade any eCommerce site on an Essentials Plan to the Pro Plan to ensure service stability and security. The client will be notified at least 30 days prior to any such mandatory upgrade.

5.3.5 Dual Access & Retroactive Overage Charges

• Clients maintain shared access to their hosted environments and websites, including the ability to make changes, upload content, and manage files at any time.
• Any overuse of disk storage, bandwidth, CDN data, or other resource allocations caused by client actions—including uploads or content modifications—will result in retroactive overage charges.
• Retroactive Billing Period: Morningstar Digital reserves the right to backdate overage charges for a period of up to five (5) years to cover excessive or unauthorised usage beyond plan limits.
• Discretionary Adjustment: Morningstar Digital may, at its discretion, apply discounts or adjust retroactive overage charges based on client plan status (e.g., annual plans) or other mitigating factors.
• Client Responsibility: It is the client's responsibility to monitor their usage and ensure compliance with plan limits. Morningstar Digital is not liable for costs incurred due to client actions, including the upload of large files or excessive content during shared access periods.

5.3.6 Plugin Usage

• Standard plugins such as Gravity Forms, Yoast SEO, and performance tools are included in Morningstar Digital Care Plans.
• Specialised plugins (e.g., LMS platforms, social media integrations) may be billed separately.
• Clients will be advised in advance when a plugin falls outside standard coverage. Ongoing costs for such plugins will be passed through or added to monthly billing as appropriate.
• WooCommerce support is available exclusively on Pro and Expert Care Plans. Clients on lower plans who require WooCommerce functionality must upgrade prior to requesting support for WooCommerce-related features or issues.
• A list of included plugins is available upon request.
• If a plugin license is purchased by Morningstar Digital on behalf of a client, a 10% surcharge will be applied to the plugin cost to cover management and administrative overhead.
• Clients may alternatively choose to purchase the license directly. However, in such cases, the client is solely responsible for managing the license, renewals, and any related support issues, as Morningstar Digital will not have account-level access or authority to provide plugin-related assistance.

5.3.7 Support Scope Limitations

• Support tickets cover bug fixes, updates, and minor changes.
• New site builds, major redesigns, or app-level features cannot be requested via support and must be scoped separately.
• Unused support time does not roll over, accumulate, or carry forward.
• Unused time cannot be offset against future invoices, project work, or overage charges.
• Abuse of support may lead to limitations, repricing, or refusal of non-standard requests.
• Support requests are handled as promptly as reasonably possible; however, response and resolution times are not guaranteed unless agreed in a separate written SLA. Some issues may require third-party, hosting, vendor, developer, or client input, which may affect resolution timeframes.

5.3.8 Prohibited & Excessive Use

• Clients may not use hosting for: malware, adult content, crypto mining, phishing, or high-risk applications.
• Custom scripts or integrations must be approved by Morningstar Digital.
• Excessive CPU, bandwidth, or memory use may trigger account review.

5.3.9 Backup Usage Restrictions

• Morningstar Digital provides daily backups strictly for disaster recovery and platform restoration.
• Backups are provided as a risk-reduction measure only and are not a guarantee against data loss. You must maintain your own complete, current and independent backups of all website files, databases, business records, customer data, orders, form submissions, media and other critical content. We are not liable for corrupted backups, failed backups, failed restoration, incomplete restoration, missing data, lost form submissions, lost orders, or any data loss occurring between backup points.
• Hosting accounts may not be used for external file storage, media archives, or non-website backups.
• Misuse of storage for unrelated data may result in file removal, suspension, or reclassification of your plan.

5.3.10 Enforcement

• Morningstar Digital enforces this policy at its discretion and reserves the right to adjust plans, pricing, or access based on usage patterns.
• Clients are encouraged to discuss special requirements in advance for custom arrangements.

5.4 Revisions & feedback management

5.4.1 Revision Requests: For website builds and other project-based services, Morningstar Digital includes up to two (2) rounds of revision requests per project or site.

5.4.2 Bulk Processing Requirement: All feedback and revision requests must be consolidated and submitted in bulk to ensure efficient processing. Incremental or fragmented requests will not be accommodated.

5.4.3 Communication Channels: All feedback and change requests must be communicated in writing via email only (support@morningstardigital.com.au). Requests sent via other channels (e.g., WhatsApp, Slack, text) will not be accepted.

5.4.4 Consolidation Timeline: Clients are responsible for consolidating all feedback and revisions within a ten (10) calendar day period after initial delivery or prior milestone completion. Once this window has passed, any outstanding revisions will be considered additional work and subject to a separate scope and fee agreement.

5.4.5 Additional Rounds & Charges: Any additional revision requests beyond the included rounds may be accommodated at Morningstar Digital's discretion and will incur additional charges as per standard hourly rates.

5.5 Design iterations & scope

5.5.1 Standard Iteration Allowance: All new website design projects include up to three (3) rounds of design iterations. These cover visual and structural changes based on consolidated client feedback. Further requests will be considered out of scope and charged at the standard billing rate. Once design approval is received in writing, further changes will require a new scope of work and may incur additional charges.

5.5.2 Feedback Consolidation: To ensure efficient processing, feedback must be consolidated and submitted as a complete set within five (5) business days of each design delivery. Fragmented or delayed feedback may result in additional charges or timeline extensions. Clients are responsible for consolidating internal stakeholder feedback prior to submission. Multiple stakeholder submissions across different requests may be treated as separate iterations.

5.6 Third-party services disclaimer

5.6.1 You acknowledge that websites, hosting environments, plugins, themes, DNS records, domain registrars, SSL certificates, payment gateways, analytics tools, advertising platforms, CRM systems, APIs, email systems and other third-party services may fail, change, suspend access, become incompatible, suffer downtime, be compromised, or discontinue features. We are not liable for any loss, downtime, data loss, failed transaction, lost enquiry, lost sale, lost lead, ranking change, advertising disruption, tracking error, deliverability issues, plugin conflict, security vulnerability or business interruption caused by or related to any third-party service, client action, unauthorised change, expired licence, unpaid third-party account, platform policy change, or event outside our reasonable control.

5.6.2 Any advice, assistance, troubleshooting or implementation we provide in relation to third-party services is provided in good faith, on an as-is and as-available basis, and does not make us responsible for the performance, security, legality, availability, or fitness for purpose of those third-party services.

5.6.3 We are not responsible for any issues, outages, security incidents, data loss, compatibility problems, functionality issues, loss of rankings, loss of leads, loss of revenue, or performance degradation resulting from actions, changes, omissions, or configurations made by the client or any third party.

This includes, but is not limited to, modifications to website code, content, plugins, themes, hosting environments, DNS records, domains, email services, tracking systems, integrations, advertising platforms, security settings, user permissions, server configurations, or other technical infrastructure.

Any work required to investigate, diagnose, restore, recover, remediate, or rectify issues arising from such actions may be treated as out-of-scope work and charged at our standard rates.

6.1 Payment schedule

6.1.1 Payments are due as per the agreed proposal or invoice schedule. All services require an initial deposit before commencement. Overage charges and hourly services are automatically billed to the client's payment method on file at the start of each calendar month.

6.1.2 Final payment must be made before project completion or website launch.

6.1.3 Payment of this invoice, part-payment of this invoice, authorisation of payment, continued receipt of services, continued use of hosted or managed services, or failure to cancel services in writing before the next billing period constitutes acceptance of our Terms & Conditions available at: https://www.morningstardigital.com.au/terms-and-conditions. These Terms apply to all services supplied by us, including services supplied without a separately signed agreement.

6.2 Late payment fees

6.2.1 Late payments are subject to:

• Interest at 1.5% per month on overdue amounts.
• Service suspension for accounts overdue by more than 30 days.

6.2.2 If an account remains overdue for 60 days, Morningstar Digital reserves the right to terminate services and seek legal recourse for outstanding payments.

6.3 Refund policy

6.3.1 All deposits and milestone payments are non-refundable.

6.3.2 No refunds will be issued once services have commenced, unless Morningstar Digital fails to deliver work as contractually agreed.

6.4 Overage billing terms

6.4.1 The standard hourly rate for all overage work is AUD $147 per hour, excluding GST, and is billed in 15-minute increments.

6.4.2 Overage work includes tasks requested outside of the client's included plan scope, such as urgent fixes, custom development, additional plugin setup, or requests made via support that exceed the care plan's standard limits.

6.4.3 Overage charges will be processed automatically via the card on file unless otherwise agreed in writing.

6.5 Cancellation policy for recurring services

6.5.1 To ensure a smooth offboarding experience and uninterrupted support during the transition, a minimum 30-day cancellation notice is required for all recurring services, including but not limited to hosting, Care Plans, Growth Plans, and any other subscription-based services provided by Morningstar Digital.

6.5.2 This notice period allows our team to plan the safe migration of your services, finalise billing, and ensure your account is properly closed without disruption.

6.5.3 Cancellation requests must be submitted in writing via email to support@morningstardigital.com.au at least 30 days prior to the intended termination date. Full charges will continue to apply during this period.

6.5.4 While Morningstar Digital may choose to waive this notice period on a case-by-case basis, it remains an enforceable condition unless explicitly waived in writing.

6.5.5 Client Responsibility for Notification of Service Changes

• The client is responsible for providing written notice to Morningstar Digital of any intended cancellation, migration, or transition of services to another provider. This includes, but is not limited to, changes involving website hosting, development platforms, or engagement with third-party agencies.
• Failure to notify Morningstar Digital of such changes does not constitute cancellation of services, and all recurring services will continue to be billed in accordance with the agreed terms until formal notice is received and processed.
• Morningstar Digital will not be responsible for any service overlap or associated costs resulting from the client's engagement with third-party providers without prior written notice.

6.5.6 Right to Terminate: Morningstar Digital reserves the right to terminate any recurring service agreement by providing 30 days written notice to the client. This right may be exercised at Morningstar Digital's sole discretion and without requirement to provide cause. Upon expiry of the notice period, all services will cease and any outstanding invoices will become immediately payable. Morningstar Digital will provide reasonable assistance to facilitate an orderly transition of services during the notice period.

6.5.7 Immediate Service Suspension: We may immediately suspend, restrict or cease any service, access, support, deployment, campaign, hosting environment, website, plugin, integration or account management activity without liability if you reasonably believe: payment has failed, been reversed or disputed; the account is overdue; continued service creates a security, legal, reputational, operational or platform risk; your use may affect other customers or infrastructure; or you or your users breach these Terms; you fail to provide required information or access; or a third-party provider suspends, limits or changes the relevant service.

6.6 Care plan activation timing

6.6.1 Care Plans will automatically commence 28 days after the proposal acceptance date, regardless of the project's go-live status. This policy ensures momentum is maintained, encourages timely progress, and allows Morningstar Digital to allocate resources efficiently.

6.6.2 Clients are granted a 4-week grace period following proposal acceptance during which Care Plan billing will not apply. If a project is delayed beyond this period, Care Plan fees will begin accruing as scheduled.

6.6.3 One-time exceptions may be granted upon request for genuine roadblocks. Clients must submit a written request for a pause of up to 14 days, subject to Morningstar Digital's approval.

6.7 Project inactivity & dormancy policy

6.7.1 If no substantive client communication or project progress occurs for a continuous period of 90 days, Morningstar Digital reserves the right to classify the project as inactive and place it on hold.

6.7.2 Upon entering inactive status:

• All timelines, deliverables, and pricing may be subject to re-scoping.
• A restart fee may apply if additional planning or rework is required.
• Any unpaid invoices will remain due and enforceable, regardless of project status.

6.7.3 Clients will be notified via email before the project is placed on hold, with a final notice issued at the 90-day mark. If no response is received within 14 days of the final notice, the project will be paused indefinitely.

6.7.4 Resuming an inactive project requires a written request. If the project has been inactive for more than 6 months, a new proposal and updated pricing may be required to continue.

6.8 Third-party advertising spend, disbursements and payment authority

6.8.1 Unless otherwise agreed in writing, all third-party advertising spend, including Google Ads, Meta Ads, Microsoft Ads, marketplace advertising, software, data, tracking, call tracking, landing page tools and other media or platform costs, is the client's sole responsibility and must be paid directly by the client to the relevant third-party platform.

6.8.2 Morningstar Digital is not required to fund, advance, guarantee, or place its own payment method on any client advertising account. Where Morningstar Digital agrees, at its discretion, to pay or advance any third-party advertising spend or platform cost on behalf of the client, that amount is a reimbursable disbursement and becomes immediately payable by the client upon invoice or written notice.

6.8.3 The client authorises Morningstar Digital to charge any approved payment method held on file for all reimbursable disbursements, third-party advertising spend, platform costs, management fees, overage fees, late fees, recovery costs and other amounts due under this Agreement, provided the charge relates to amounts properly incurred or payable in connection with the client's services.

6.8.4 Where Morningstar Digital has funded third-party advertising spend on behalf of the client, Morningstar Digital may apply an administration fee of 1.0% of the funded amount to cover financing, reconciliation, merchant, account management and administrative overheads, unless waived in writing.

6.8.5 Any reimbursable disbursement not paid by the due date will accrue interest at 1.0% per month, calculated daily and compounded monthly, or the maximum amount permitted by law, whichever is lower. Morningstar Digital may also recover reasonable debt recovery, legal, merchant, chargeback and collection costs incurred in recovering overdue amounts.

6.8.6 If any advertising spend, disbursement, invoice or payment method fails, is reversed, is disputed, or remains overdue, Morningstar Digital may immediately pause, suspend, reduce, or cease campaign management, remove its payment method from any advertising account, restrict access to work product, or terminate the relevant services. Morningstar Digital is not liable for any loss of leads, revenue, traffic, rankings, data, advertising performance or business opportunity resulting from such suspension.

6.8.7 The client must ensure that all advertising accounts remain adequately funded and that valid payment details are maintained with the relevant platform. The client is responsible for all spend incurred in advertising accounts that Morningstar Digital manages or administers on the client's behalf, including spend authorised by the client's staff, contractors or account users.

6.8.8 Any waiver, discount, delayed enforcement, or decision not to charge interest, administration fees or recovery costs in a particular case does not waive Morningstar Digital's rights in any other case and does not vary this Agreement unless confirmed in writing by Morningstar Digital.

7.1 Security measures & infrastructure

7.1.1 Morningstar Digital employs a multi-layered, commercially reasonable security approach to protect client websites and data from cyber threats. This includes, but is not limited to, the enforcement of secure connections (HTTPS/TLS), application-level hardening, and regular software patching.

7.1.2 Infrastructure Security: Where Morningstar Digital provides hosting services, we utilise enterprise-grade third-party infrastructure (e.g., Google Cloud Platform via Kinsta). We rely on our hosting partners to maintain independent security certifications (such as SOC 2 Type II and ISO 27001) and to provide infrastructure-level protections, including firewalls, DDoS mitigation, and isolated container technology.

7.1.3 While Morningstar Digital implements robust security protocols, no system is entirely immune to vulnerabilities. We do not guarantee absolute immunity from hacking, malware, or zero-day exploits.

7.2 Access control & personnel security

7.2.1 Principle of Least Privilege: Morningstar Digital enforces strict access controls for all personnel. Access to client environments, hosting dashboards, and sensitive data is granted strictly on a need-to-know basis and is governed by the principle of least privilege.

7.2.2 Authentication: Multi-Factor Authentication (MFA) is mandated for all Morningstar Digital personnel accessing critical infrastructure, password managers, and client production environments.

7.2.3 Personnel Vetting: All Morningstar Digital employees and contractors undergo professional vetting and are bound by strict confidentiality and acceptable use agreements prior to being granted access to client systems.

7.3 Business continuity, backup & recovery protocols

7.3.1 Morningstar Digital maintains operational procedures designed to ensure business continuity and rapid recovery in the event of an incident.

7.3.2 Backup Strategy: We perform automated daily backups of all managed websites. These backups are securely stored off-site (e.g., on Google Cloud) with a standard retention period of up to 90 days.

7.3.3 Restoration (RTO/RPO): In the event of data loss or a security breach, Morningstar Digital will initiate restoration procedures from the most recent clean backup. We target a Recovery Time Objective (RTO) of commercially reasonable promptness (typically within 2 to 4 business hours during standard operating hours) and a Recovery Point Objective (RPO) of 24 hours.

7.3.4 While backups are actively monitored and periodically tested, Morningstar Digital does not guarantee absolute data accuracy or completeness. Clients are strongly encouraged to maintain their own independent data exports for critical business records.

7.4 Incident management & breach notification

7.4.1 Upon the confirmed detection of a critical security incident or data breach impacting a client's website, Morningstar Digital will promptly initiate our incident response procedures to: a) Lock down access and contain the compromised system. b) Investigate the root cause and scope of the incident. c) Remove malicious code and remediate identified vulnerabilities. d) Restore the website to its most recent clean state.

7.4.2 Notification: Morningstar Digital will notify the affected client of a confirmed, material security breach without undue delay, and generally within 48 hours of confirmation, providing available details regarding the nature of the breach and the mitigation steps taken.

7.4.3 You acknowledge that Morningstar Digital's role is limited to securing and restoring the web application platform. Any legal, regulatory, or mandatory public notification obligations (e.g., under the Notifiable Data Breaches scheme) remain the sole responsibility of the client.

7.5 Data breach liability

7.5.1 In the event of a data breach or hacking incident, Morningstar Digital is not liable for loss of revenue, customer data, or reputational damage.

7.5.2 You are responsible for ensuring compliance with data protection laws (e.g., GDPR, CCPA).

7.6 Backup restoration services

7.6.1 Morningstar Digital performs daily website backups, which are securely stored on Google Cloud with a 90-day retention period.

7.6.2 In the event of a breach or data loss, Morningstar Digital will restore the website from the most recent clean backup within a commercially reasonable timeframe, typically within 2 business hours.

7.6.3 While backups are provided, Morningstar Digital does not guarantee data accuracy or completeness and recommends clients maintain their own data exports where applicable.

7.7 Incident response process

7.7.1 Upon notification or detection of a security incident, Morningstar Digital will promptly:

1. Lock down access to the compromised system.
2. Investigate the root cause.
3. Remove any malicious code or vulnerabilities.
4. Restore the website to its most recent clean state.
5. Provide a summary of actions taken post-incident.

7.7.2 You acknowledge that Morningstar Digital's role is limited to restoring platform integrity and that additional forensics or notification obligations remain your responsibility.

7.8 Client responsibilities

7.8.1 You are responsible for the security of any third-party integrations, plugins, or applications installed without Morningstar Digital's approval.

7.8.2 You are required to use secure passwords and access controls for all accounts and notify Morningstar Digital immediately if a potential security issue is suspected.

7.9 General limitation of liability

7.9.1 Exclusion of Consequential Loss: To the maximum extent permitted by law, Morningstar Digital shall not be liable for any indirect, special, incidental, punitive, or consequential damages, including but not limited to loss of revenue, loss of profits, loss of anticipated savings, loss of business opportunity, loss of data, or business interruption, arising out of or in connection with the provision of services, whether based on breach of contract, tort (including negligence), strict liability, or otherwise, even if Morningstar Digital has been advised of the possibility of such damages.

7.9.2 Liability Cap: To the maximum extent permitted by law, our total aggregate liability for all claims arising out of or in connection with the services is limited to the lesser of: (a) the fees paid by you for the affected service in the three months immediately preceding the event giving rise to the claim; or (b) AUD $5,000. This cap applies whether the claim arises in contract, tort including negligence, statute, equity or otherwise.

7.9.3 Statutory Guarantees: Nothing in this Agreement excludes, restricts, or modifies any guarantee, right, or remedy conferred by the Competition and Consumer Act 2010 or any other applicable law that cannot be excluded, restricted, or modified by agreement. Where such liability cannot be excluded, Morningstar Digital's liability is limited, at its option, to the re-supply of the services or the payment of the cost of having the services re-supplied.

7.10 Analytics & monitoring tools

7.10.1 Morningstar Digital may use third-party analytics and monitoring tools (such as Microsoft Clarity, Google Analytics, and other similar services) to gather technical and behavioural data about website usage. These tools assist in understanding how users interact with websites and improving overall user experience and performance.

7.10.2 Such tools may collect anonymised or aggregated information such as click activity, scrolling behaviour, and browser data. They do not capture sensitive information like passwords or payment details.

7.10.3 By engaging Morningstar Digital's services or using websites developed or maintained by Morningstar Digital, you acknowledge and consent to the use of these analytics tools in accordance with our Privacy Policy.

7.10.4 Morningstar Digital is not liable for any third-party misuse of data collected by these analytics tools. Clients are responsible for ensuring that their own privacy policies and consent mechanisms comply with applicable privacy and data protection laws.

8.1 Prior written consent required

You or any third party acting on your behalf are strictly prohibited from conducting any form of penetration testing, vulnerability scanning, or security assessment on any website, application, or infrastructure hosted or managed by Morningstar Digital without obtaining our explicit prior written consent. To request consent, you must submit a detailed proposal at least thirty (30) days in advance, outlining the scope, methodology, timing, and the third-party vendor (if any) conducting the test.

8.2 Rules of engagement

8.2.1 All approved penetration tests must be conducted in accordance with a mutually agreed-upon Rules of Engagement document. This document will specify the permitted testing window, target IP addresses and URLs, acceptable and prohibited testing techniques (e.g., denial-of-service attacks are strictly forbidden), and points of contact.

8.2.2 You and your third-party vendor must agree to perform testing in a manner that avoids disruption to our services and other clients. You are solely responsible for the actions of your chosen testing vendor.

8.3 Remediation of findings

8.3.1 Upon completion of an approved test, you must provide us with the full, unredacted report of the findings. Morningstar Digital will review the findings and classify them based on their severity and risk.

8.3.2 Morningstar Digital will, within a commercially reasonable timeframe, provide a remediation plan for any identified and validated vulnerabilities that are directly within the scope of our service obligations. This plan will outline the proposed actions and an estimated timeline.

8.3.3 The costs associated with remediating vulnerabilities discovered through your penetration test will be handled as follows: a. Pre-existing Vulnerabilities: For vulnerabilities in the core application or infrastructure managed by Morningstar Digital, remediation will be performed as part of your existing service agreement, subject to the overage billing terms for work exceeding your plan's scope. b. Client-Introduced Vulnerabilities: For vulnerabilities arising from custom code, third-party plugins, or configurations implemented at your request, remediation will be scoped as a new project and will be billable at our standard hourly rates.

8.4 Limitation of liability for testing

You acknowledge that penetration testing is designed to exploit system weaknesses and can cause damage to vulnerable systems. You agree that Morningstar Digital shall not be liable for any damage, service interruption, data loss, or other negative consequences resulting from the penetration test. You are advised to fully back up your systems and data before any test.

8.5 Indemnification

You agree to indemnify, defend, and hold Morningstar Digital harmless from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or related to the penetration testing activities conducted by you or your third-party vendor, including but not limited to any claims from third parties alleging damage or data compromise.

9.1 Morningstar Digital may suspend or terminate services immediately if:

• You violate these Terms & Conditions.
• Payments are overdue beyond 60 days.
• Your project involves illegal, unethical, or high-risk activities.

9.2 We are committed to maintaining a respectful, safe, and professional environment for both clients and our team. We may suspend, restrict, or terminate services where a client or their representatives engage in abusive, threatening, harassing, discriminatory, aggressive, or otherwise inappropriate conduct toward our team.

9.3 Upon termination, you must immediately cease use of Morningstar Digital's proprietary materials, and any unpaid work will remain the property of Morningstar Digital.

10.1 All disputes shall first be attempted to be resolved amicably through negotiation.

10.2 If unresolved, disputes shall be referred to binding mediation in Sydney, Australia, before proceeding with litigation.

10.3 This Agreement shall be governed by and construed in accordance with the laws of New South Wales, Australia.

10.4 Nothing in the dispute resolution process prevents us from seeking urgent injunctive relief, suspending services, protecting our systems or intellectual property, recovering unpaid amounts, defending or responding to a chargeback or payment dispute, or taking collection action.

11.1 Morningstar Digital reserves the right to update these Terms & Conditions. The latest version will always be available on our website.

11.2 If any provision of this Agreement is found to be unenforceable, the remaining provisions shall remain in full effect.