Effective date: 1 June 2026
Operator: SmartSec Academy OÜ
Terms contact: info@smartsecacademy.com
SmartSec Academy provides structured cybersecurity awareness training, completion tracking, certificate issuance, and certificate verification services for organisations and their users.
SmartSec Academy focuses on cybersecurity awareness, human decision-making, and safer everyday behaviour. The training is not technical configuration training, legal advice, incident response advice, or a guarantee against cybersecurity incidents.
SmartSec Academy operates independently and is not affiliated with any other organisation using the name “SmartSec” or similar variations.
By accessing or using the SmartSec Academy website, training platform, certificate verification system, or related services, you agree to these Terms.
You may use SmartSec Academy only if:
• you are authorised by your organisation, or you have been given valid access
• you use the services for lawful, professional, and intended purposes
• you comply with these Terms and applicable laws
• you do not misuse, copy, disrupt, or attempt to bypass the platform
If you access SmartSec Academy through an employer or organisation, you are also responsible for following that organisation’s internal policies.
Where SmartSec Academy is purchased or managed by an organisation, that organisation is responsible for:
• providing accurate user information
• ensuring users are authorised to access the training
• managing internal communication with users
• reviewing training completion information where made available
• ensuring its own use of the services complies with internal policies and applicable requirements
SmartSec Academy may provide the organisation with limited visibility into user enrolment, progress, completion, and certificate status for training administration, assurance, and record-keeping purposes.
SmartSec Academy plans are provided as time-limited access periods unless otherwise agreed in writing.
Each user requires an assigned seat.
Unless otherwise agreed:
• one user equals one seat
• one seat is for one named user only
• seats must not be shared
• seats are not transferable during the access period
• each eligible user may receive one certificate after successful completion
• additional users may require additional seats, an upgraded plan, or a separate purchase
If an employee or user leaves an organisation during the access period, the organisation may not automatically reassign that seat unless SmartSec Academy has expressly agreed to this in writing.
Where login credentials or account access are issued:
• you are responsible for keeping login details confidential
• accounts must not be shared, transferred, sold, or misused
• you must not allow unauthorised access to the platform
• suspected unauthorised access should be reported promptly
• you must not attempt to bypass access controls, completion tracking, or security features
SmartSec Academy may suspend, restrict, or remove access where necessary to protect platform security, service integrity, users, or the business.
SmartSec Academy content is provided for cybersecurity awareness and educational purposes.
Users must not:
• copy, reproduce, download, scrape, sell, or distribute training content without permission
• record, republish, or publicly share training materials without authorisation
• attempt to reverse engineer, bypass, or interfere with platform functionality
• manipulate assessments, completion tracking, certificates, or verification processes
• use the services to upload, transmit, or promote unlawful, harmful, misleading, or abusive content
• use the services in a way that disrupts other users, organisations, or systems
SmartSec Academy may investigate suspected misuse and take appropriate action, including suspension or termination of access.
Certificates may be issued after confirmed completion of the required training and any applicable assessment or completion steps.
Certificates confirm completion of a SmartSec Academy training programme. They do not represent professional licensing, technical certification, employment qualification, legal compliance certification, or a guarantee of cybersecurity competence.
Certificate verification may be provided through a unique certificate reference, QR code, verification page, or other verification method.
Users and organisations must not:
• alter certificates
• create false certificates
• misrepresent certificate status
• reuse certificates outside their intended context
• claim certification where training has not been completed
• use expired, revoked, or invalid certificates as current
SmartSec Academy reserves the right to correct, suspend, revoke, or invalidate certificates issued in error, obtained improperly, misused, or affected by inaccurate information.
Where a SmartSec Academy programme is described as CPD Certified, this refers to the status of the relevant training programme and supporting learning structure.
CPD certification does not mean that an individual learner becomes professionally accredited, licensed, or formally qualified in cybersecurity.
Users and organisations are responsible for using certificate wording accurately and not overstating the meaning of completion.
Pricing, plans, access periods, and included user limits are shown on the SmartSec Academy website or agreed separately in writing.
Unless clearly stated otherwise:
• access is purchased for a defined access period
• purchases do not automatically renew
• renewal is optional and treated as a new purchase or renewal arrangement
• access may expire at the end of the purchased access period
• additional users or requirements may require a separate purchase or custom arrangement
Payments may be processed by third-party payment providers. SmartSec Academy is not responsible for delays, errors, or restrictions caused by third-party payment systems, except where required by law.
Refunds, cancellations, or changes to access may depend on the type of purchase, whether access has already been provided, whether training has been started, and any written agreement between SmartSec Academy and the customer.
Unless otherwise agreed in writing, SmartSec Academy may refuse refunds where:
• access has already been issued
• training has been started or completed
• certificates have been issued
• the service has already been delivered
• misuse, breach, or inaccurate information is involved
Nothing in these Terms affects statutory rights that cannot be excluded by law.
SmartSec Academy may provide free public awareness resources, including videos, articles, guides, or educational materials.
These resources are provided for general awareness only. They are not personalised advice, legal advice, technical security advice, financial advice, or incident response support.
Public resources may be shared for genuine awareness and educational purposes, provided they are not altered, misrepresented, sold, or presented as created by another party.
SmartSec Academy may provide website-based information or support tools, including SmartSecGPT.
These tools are provided to help visitors understand SmartSec Academy, its services, and general cybersecurity awareness concepts.
Responses from website tools should not be treated as legal advice, technical security advice, incident response instructions, or a substitute for professional judgement. Responses may not always be accurate, complete, or current, and should be checked independently where it matters.
Users should not submit passwords, payment details, confidential business information, sensitive personal information, or security credentials through public website tools.
All SmartSec Academy content, materials, videos, scripts, text, designs, logos, trademarks, platform elements, certificates, systems, and related intellectual property belong to SmartSec Academy or its licensors.
Nothing in these Terms gives users or organisations ownership of SmartSec Academy intellectual property.
Users receive only a limited, non-exclusive, non-transferable right to access and use the services for their intended purpose during the applicable access period.
SmartSec Academy aims to provide reliable access to its website, training materials, and related services.
However, we do not guarantee uninterrupted, error-free, or permanently available service.
SmartSec Academy may:
• update or modify training content
• improve or change platform features
• suspend access for maintenance, security, or operational reasons
• remove, replace, or update services where necessary
• correct errors or inaccuracies
Where practical, material service changes will be communicated appropriately.
SmartSec Academy may rely on third-party service providers for hosting, payments, login management, email, analytics, cookie consent, video delivery, security, certificate management, and other operational functions.
Third-party services may be subject to their own terms, privacy notices, availability, and technical limitations.
SmartSec Academy is not responsible for third-party websites, services, or platforms that are not controlled by SmartSec Academy.
Use of SmartSec Academy is subject to our Privacy Policy, which explains how personal information is collected, used, stored, shared, and protected.
Use of cookies and similar technologies is explained in our Cookies Policy.
By using the services, you acknowledge that personal information may be processed as described in those policies.
Users and organisations must not use SmartSec Academy in a way that compromises security, platform integrity, or other users.
You must not:
• attempt unauthorised access
• test, scan, or attack the platform without written permission
• introduce malware or harmful code
• interfere with service availability
• abuse support, forms, chat tools, or account systems
• attempt to obtain other users’ data or credentials
SmartSec Academy may take reasonable steps to investigate, prevent, restrict, or report suspected misuse.
SmartSec Academy provides cybersecurity awareness training designed to support better judgement and decision-making.
The services do not guarantee that users or organisations will avoid cyber incidents, fraud, scams, phishing, social engineering, data loss, or security failures.
Organisations remain responsible for their own technical controls, policies, security decisions, employee management, compliance obligations, and operational risk management.
Training should be used as part of a wider approach to organisational security and awareness.
To the maximum extent permitted by law, SmartSec Academy is not liable for:
• indirect, incidental, special, or consequential losses
• loss of profits, revenue, business, contracts, goodwill, or opportunity
• loss, corruption, or unauthorised disclosure of data caused by third parties or customer-side failures
• cybersecurity incidents affecting a user or organisation
• decisions made by users or organisations after completing training
• service interruptions outside our reasonable control
Nothing in these Terms excludes or limits liability where it cannot legally be excluded or limited.
SmartSec Academy may suspend or terminate access if:
• these Terms are breached
• payment is not completed or is reversed
• access is misused
• false or inaccurate information is provided
• continued access creates legal, security, operational, or reputational risk
• the applicable access period has ended
Users may stop using the services at any time, subject to any organisational agreement, access arrangement, or payment terms.
SmartSec Academy may update these Terms from time to time to reflect changes in services, pricing structure, platform operations, legal requirements, or business practices.
The latest version will be published on the SmartSec Academy website.
Continued use of the services after updated Terms are published means the updated Terms apply from that point onward.
Unless otherwise agreed in writing, the governing law and jurisdiction may depend on the SmartSec Academy contracting entity and customer location.
Where services are provided by SmartSec Academy OÜ, these Terms are governed by the laws of Estonia.
Where services are provided by SmartSec Academy Ltd, these Terms are governed by the laws of England and Wales.
Nothing in this section affects rights that cannot be excluded under applicable law.
For questions about these Terms, contact:
info@smartsecacademy.com