Document ID: LEG-2026-001 · Effective: January 15, 2026 · Supersedes: LEG-2025-003
Prepared by: Office of the General Counsel · Last reviewed by independent outside counsel: December 2025
IMPORTANT — READ CAREFULLY: These Terms of Service (these "Terms") constitute a legally binding agreement between you (either an individual or the legal entity you represent) ("Customer," "you," or "your") and CYFR Technology, Inc., a Delaware corporation with its principal place of business at 1209 Orange Street, Wilmington, DE 19801 ("CYFR," "Company," "we," "our," or "us"), governing your access to and use of the CYFR platform, including all associated software, applications, application programming interfaces, websites, documentation, and services (collectively, the "Platform").
BY ACCESSING OR USING THE PLATFORM, OR BY CLICKING A BOX OR BUTTON INDICATING YOUR ACCEPTANCE OF THESE TERMS, YOU: (A) REPRESENT THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THESE TERMS; (B) REPRESENT THAT YOU ARE AT LEAST EIGHTEEN (18) YEARS OF AGE AND HAVE THE LEGAL CAPACITY TO ENTER INTO A BINDING AGREEMENT; AND (C) IF YOU ARE ENTERING INTO THESE TERMS ON BEHALF OF A LEGAL ENTITY, REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY. IF YOU DO NOT AGREE TO THESE TERMS, YOU MAY NOT ACCESS OR USE THE PLATFORM.
Capitalized terms used but not defined in the body of these Terms shall have the following meanings:
"Customer Data" means all data, information, files, media, and other content that Customer or its authorized users upload, store, transmit, or otherwise make available through the Platform, in whatever form or format.
"Encryption Keys" means the cryptographic keys generated by or on behalf of Customer for the purpose of encrypting Customer Data prior to transmission to the Platform.
"MSP Partner" means a Managed Service Provider authorized by CYFR to resell access to the Platform to its own customers under a separate partner agreement.
"Zero-Knowledge Architecture" means the technical design of the Platform whereby Customer Data is encrypted client-side using Customer-controlled Encryption Keys prior to transmission to CYFR infrastructure, such that CYFR has no technical ability to access, decrypt, inspect, or monitor Customer Data in unencrypted form.
2.1. Registration. Access to the Platform requires registration of an authorized account ("Account"). You agree to provide accurate, current, and complete information during the registration process and to update such information promptly upon any change.
2.2. Account Security. You are solely responsible for: (a) maintaining the confidentiality of your Account credentials; (b) all activities that occur under your Account; and (c) immediately notifying CYFR of any unauthorized use of your Account or any other breach of security. CYFR shall not be liable for any loss or damage arising from your failure to comply with this Section 2.2.
2.3. One Account Per Entity. You may not register for more than one Account without CYFR's express prior written consent. Accounts are non-transferable. Any attempt to sell, transfer, or assign an Account shall be null and void.
3.1. Ownership. As between CYFR and Customer, Customer retains all right, title, and interest in and to Customer Data. CYFR claims no ownership rights in Customer Data.
3.2. Encryption. The Platform's Zero-Knowledge Architecture requires that Customer Data be encrypted using Customer's Encryption Keys prior to transmission. Customer acknowledges and agrees that: (a) Customer bears sole responsibility for the security, backup, and management of its Encryption Keys; (b) CYFR has no ability to recover lost, corrupted, or destroyed Encryption Keys; and (c) loss of Encryption Keys may result in permanent and irrecoverable loss of Customer Data, for which CYFR shall bear no liability.
3.3. No Monitoring. Consistent with the Zero-Knowledge Architecture, CYFR does not and cannot monitor, screen, review, filter, or moderate Customer Data. CYFR exercises no editorial control over Customer Data and has no obligation to do so.
3.4. Customer Warranty. Customer represents and warrants that: (a) Customer owns or has obtained all necessary rights, licenses, consents, and permissions to use, store, and transmit Customer Data through the Platform; (b) Customer Data does not and will not infringe, misappropriate, or violate any third party's intellectual property rights, privacy rights, publicity rights, or any other proprietary or personal right; and (c) Customer Data complies with all applicable laws, regulations, and industry standards.
Customer shall not, and shall not permit any third party to, use the Platform to:
(a) store, transmit, or otherwise make available any content that is unlawful, harmful, threatening, abusive, harassing, defamatory, obscene, invasive of privacy, or otherwise objectionable;
(b) infringe upon or violate the intellectual property rights, including copyrights, trademarks, trade secrets, or patents, of any third party;
(c) violate any applicable local, state, national, or international law, statute, ordinance, or regulation, including but not limited to those governing export control, data protection, and consumer protection;
(d) attempt to probe, scan, or test the vulnerability of the Platform or to breach any security or authentication measures;
(e) use the Platform to develop a competing product or service, or for any purpose that is competitive with CYFR's business;
(f) resell, sublicense, rent, lease, or otherwise distribute access to the Platform to any third party except as expressly authorized in writing by CYFR or through an authorized MSP Partner arrangement.
CYFR reserves the right, but undertakes no obligation, to investigate violations of this Section 4 and to take appropriate remedial action, including suspension or termination of the Account, upon receipt of a valid legal notice or court order. CYFR's inability to proactively monitor Customer Data due to the Zero-Knowledge Architecture shall not be construed as a waiver of its right to enforce this Section 4 upon receiving actual notice of a violation.
5.1. Platform IP. CYFR and its licensors own all right, title, and interest in and to the Platform, including all software, algorithms, user interfaces, documentation, trademarks, service marks, logos, and trade dress (collectively, "CYFR IP"). No rights in CYFR IP are granted to Customer except the limited, non-exclusive, non-transferable, revocable right to access and use the Platform in accordance with these Terms.
5.2. Feedback. Any feedback, suggestions, or ideas that Customer provides to CYFR regarding the Platform may be used by CYFR without restriction, acknowledgment, or compensation.
6.1. Fees. Access to the Platform is subject to the payment of applicable subscription fees, usage fees, or other charges (collectively, "Fees") as set forth in the applicable order form, MSP partner invoice, or Platform interface. Fees are non-refundable except as expressly provided herein or as required by applicable law.
6.2. Payment Processing. CYFR may use third-party payment processors to process payments. Customer agrees to provide accurate and complete billing information and authorizes CYFR or its payment processors to charge all Fees to the designated payment method.
6.3. Taxes. Fees are exclusive of all applicable taxes, levies, duties, and similar governmental assessments (collectively, "Taxes"). Customer is responsible for all Taxes associated with its use of the Platform, excluding taxes based on CYFR's net income.
6.4. Late Payments. CYFR reserves the right to suspend or terminate access to the Platform for Accounts with Fees more than thirty (30) days past due. Customer shall reimburse CYFR for all reasonable costs incurred in collecting any late payments, including attorneys' fees.
7.1. By Customer. Customer may terminate its Account at any time through the Platform interface or by written notice to CYFR. Upon termination, Customer Data will be rendered irrecoverable within thirty (30) days through cryptographic key destruction.
7.2. By CYFR. CYFR may suspend or terminate Customer's access to the Platform: (a) upon thirty (30) days' prior written notice for any reason or no reason; (b) immediately, upon breach of these Terms by Customer; (c) immediately, upon receipt of a valid legal notice or court order requiring such action; or (d) immediately, if required to protect the security, integrity, or availability of the Platform or the rights of other customers.
7.3. Effect of Termination. Upon termination: (a) all rights granted to Customer under these Terms shall immediately cease; (b) Customer Data will be rendered irrecoverable through cryptographic key destruction; and (c) Customer shall remain liable for all Fees accrued prior to termination.
7.4. Survival. Sections 1, 3, 5, 7.3, 7.4, 8, 9, 10, 11, 12, 13, and 14 shall survive any termination of these Terms.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. CYFR EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, ACCURACY, AND NON-INFRINGEMENT. CYFR DOES NOT WARRANT THAT THE PLATFORM WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE, OR THAT ANY DEFECTS WILL BE CORRECTED. CYFR MAKES NO REPRESENTATIONS CONCERNING THE AVAILABILITY, RELIABILITY, OR PERFORMANCE OF THE PLATFORM. THE DISCLAIMERS IN THIS SECTION 8 ARE A MATERIAL PART OF THE BARGAIN BETWEEN THE PARTIES AND SHALL BE CONSTRUED TO BE SEVERABLE TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
9.1. Exclusion of Damages. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL CYFR, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF GOODWILL, COST OF PROCUREMENT OF SUBSTITUTE SERVICES, OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO THESE TERMS OR THE USE OF OR INABILITY TO USE THE PLATFORM, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EVEN IF CYFR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.2. Cap on Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CYFR'S TOTAL AGGREGATE LIABILITY TO CUSTOMER FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR THE PLATFORM, WHETHER IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED THE GREATER OF: (A) THE FEES PAID BY CUSTOMER TO CYFR DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED UNITED STATES DOLLARS ($100.00). THE FOREGOING CAP SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW AND SHALL NOT BE EXPANDED BY THE EXISTENCE OF MULTIPLE CLAIMS.
Customer agrees to indemnify, defend, and hold harmless CYFR, its affiliates, and their respective officers, directors, employees, agents, successors, and assigns from and against any and all claims, demands, actions, suits, proceedings, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of or related to: (a) Customer's breach of any representation, warranty, or obligation under these Terms; (b) Customer Data, including any claim that Customer Data infringes, misappropriates, or violates any third party's rights; (c) Customer's violation of applicable law; or (d) Customer's gross negligence or willful misconduct.
11.1. Governing Law. These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of laws principles. The United Nations Convention on Contracts for the International Sale of Goods shall not apply.
11.2. Arbitration. Any dispute, claim, or controversy arising out of or relating to these Terms or the breach, termination, enforcement, interpretation, or validity thereof — including the determination of the scope or applicability of this agreement to arbitrate — shall be determined by binding arbitration in Wilmington, Delaware, before a single arbitrator in accordance with the Commercial Arbitration Rules of the American Arbitration Association. Judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof.
11.3. Class Action Waiver. ALL CLAIMS MUST BE BROUGHT IN THE PARTIES' INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION, COLLECTIVE ACTION, OR REPRESENTATIVE PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS OR OTHERWISE PRESIDE OVER ANY FORM OF A REPRESENTATIVE OR CLASS PROCEEDING.
11.4. Exceptions. Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or confidential information.
Each party agrees to maintain the confidentiality of any non-public information disclosed by the other party in connection with the Platform and these Terms. CYFR's confidentiality obligations with respect to Customer Data are satisfied by the Zero-Knowledge Architecture. Customer acknowledges that CYFR processes only encrypted data and that CYFR's inability to access Customer Data in unencrypted form is an inherent feature of the Platform, not a breach of any confidentiality obligation.
CYFR shall not be liable for any failure or delay in performance under these Terms arising out of or caused by circumstances beyond its reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, civil unrest, labor disputes, utility failures, internet service provider failures, denial-of-service attacks, acts of government authorities, pandemics, epidemics, or any other event that could not reasonably have been foreseen or prevented.
14.1. Entire Agreement. These Terms, together with any applicable order form, Master Services Agreement, and the Privacy Policy, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior or contemporaneous understandings, representations, or agreements, whether written or oral.
14.2. Severability. If any provision of these Terms is held to be invalid, illegal, or unenforceable, such provision shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall continue in full force and effect.
14.3. No Waiver. The failure of CYFR to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver must be in writing and signed by an authorized representative of CYFR.
14.4. Assignment. Customer may not assign or transfer these Terms, in whole or in part, without CYFR's prior written consent. CYFR may assign these Terms without restriction. Any attempted assignment in violation of this Section shall be null and void.
14.5. Notices. All notices to CYFR under these Terms shall be in writing and sent to: Office of the General Counsel, CYFR Technology, Inc., 1209 Orange Street, Wilmington, DE 19801, or via electronic mail to legal@cyfr.technology. Notices to Customer may be sent to the email address associated with the Account.
14.6. Relationship of the Parties. The parties are independent contractors. Nothing in these Terms shall create a partnership, joint venture, agency, franchise, or employment relationship between the parties.
14.7. Export Compliance. Customer shall comply with all applicable export and import control laws and regulations, including those of the United States and the jurisdictions in which Customer operates.
14.8. Amendments. CYFR reserves the right to modify these Terms at any time. Material modifications will be communicated to active Customers via electronic mail at least thirty (30) days prior to effectiveness. Continued use of the Platform after the effective date of modifications constitutes acceptance of the modified Terms.
Document Control
LEG-2026-001 · Approved by: General Counsel · Last outside review: independent counsel, December 2025
This document is maintained in CYFR's document management system. Printed copies are uncontrolled.