Terms of Service

2. Services Provided

Service Description and Specifications

CypSec engineers comprehensive cybersecurity solutions and provides services designed to meet the stringent requirements of government entities, defense contractors, and commercial organizations operating in high-threat environments. Our services encompass advanced threat detection, prevention, and response capabilities, including but not limited to managed security services, security consulting, vulnerability assessments, penetration testing, incident response, forensic analysis, and the provision of specialized cybersecurity platforms and technologies.

All services are delivered subject to applicable Service Level Agreements (SLAs) that establish specific performance metrics, response times, resolution commitments, and availability guarantees. These SLAs form an integral part of the contractual relationship and are incorporated herein by reference. Performance metrics may vary based on service tier, deployment model, and specific contractual arrangements.

We recognize that government and defense clients require tailored solutions to address unique operational requirements, classification levels, and regulatory compliance obligations. CypSec therefore provides customization options for service configurations, security controls, deployment architectures, and integration specifications, subject to mutual agreement and any applicable security clearance or authorization requirements. All customizations must be formally documented through written amendments or statements of work signed by authorized representatives of both parties.

Limitations and Disclaimers

While CypSec employs industry-leading cybersecurity measures and technologies, we do not guarantee complete or absolute protection against all cyber threats, attacks, or vulnerabilities. Our services are designed to significantly reduce risk and enhance security posture, but the evolving nature of cyber threats means that no security solution can provide infallible protection.

Users acknowledge and agree that: (a) vulnerability assessments and penetration testing are limited to agreed-upon scopes, timeframes, and methodologies; (b) certain features or functionalities may be restricted based on classification levels, security clearances, regulatory requirements, or technical compatibility; (c) service performance may vary based on network conditions, system configurations, third-party integrations, or other factors beyond our reasonable control; and (d) services may not be available in all geographic locations or for all types of systems or environments.

CypSec reserves the right to temporarily suspend or limit service availability for: (i) scheduled maintenance, upgrades, or system modifications; (ii) emergency security patches or critical updates; (iii) response to security incidents or threats; (iv) compliance with legal or regulatory requirements; or (v) force majeure events including acts of God, war, terrorism, civil unrest, government actions, or other circumstances beyond our reasonable control. We will provide reasonable advance notice of scheduled maintenance where practicable.

CypSec makes no representations or warranties regarding: (1) uninterrupted or error-free service operation; (2) complete accuracy of threat intelligence, vulnerability assessments, or security recommendations; (3) effectiveness against previously unknown or zero-day threats; or (4) compatibility with all third-party systems, applications, or configurations. Users are responsible for maintaining appropriate backup, disaster recovery, and business continuity measures independent of CypSec services.

Service Availability and Maintenance

CypSec maintains military-grade infrastructure designed to achieve minimum availability standards as specified in applicable Service Level Agreements. For government and defense clients, specific availability commitments may be enhanced based on classification requirements, mission-critical designations, or contractual specifications. All availability metrics are measured and reported in accordance with industry standards and applicable regulatory frameworks.

Regular maintenance activities are essential for maintaining optimal security and performance. Scheduled maintenance may encompass: (a) deployment of security patches, updates, and firmware revisions; (b) infrastructure upgrades and capacity enhancements; (c) database optimization and data integrity verification; and (d) implementation of new security features or capabilities. Maintenance windows are scheduled to minimize operational impact and are typically conducted during designated low-usage periods.

CypSec will provide advance notification of scheduled maintenance through approved communication channels, which may include: (i) official service status portals; (ii) secure email notifications to authorized contacts; (iii) dashboard alerts within customer portals; or (iv) direct communication through designated account representatives. Notification timeframes may vary based on service tier, classification level, and contractual requirements, with critical systems receiving priority notification protocols.

In the event of unplanned service disruptions, CypSec maintains comprehensive incident response procedures designed to: (1) rapidly identify root causes through systematic diagnostic protocols; (2) implement immediate corrective measures to restore service functionality; (3) maintain continuous communication with affected stakeholders through designated channels; and (4) provide regular status updates until full service restoration is achieved. All incidents are subject to post-event analysis and documentation requirements.

Real-time service status information is available through multiple channels, including primary service status portals, backup communication systems, and direct liaison with account representatives. For government and defense clients, status communications may be subject to additional security protocols, classification requirements, or restricted distribution channels as specified in applicable agreements.

3. User Responsibilities

Account Registration and Management

Access to CypSec services requires completion of our formal account registration process. All users must provide complete, accurate, and current information during registration, including: (a) full legal name and organizational affiliation; (b) valid personal, corporate or government email address; (c) official contact information; (d) verification of authorization to access services on behalf of the registering entity; and (e) any additional information required for security clearance, classification level, or regulatory compliance purposes.

Users must establish strong authentication credentials meeting CypSec's security requirements, which may include: (i) complex password policies with minimum length and character requirements; (ii) mandatory multi-factor authentication using approved methods; (iii) regular credential rotation schedules; and (iv) prohibition against credential sharing or delegation. All credentials must be treated as sensitive information and protected in accordance with applicable security protocols.

CypSec reserves the right to implement enhanced identity verification procedures, which may include: (a) government-issued identification verification; (b) corporate authorization documentation; (c) security clearance validation for classified systems; (d) biometric authentication where required; and (e) periodic re-verification of user identity and authorization. Failure to complete verification requirements may result in account suspension or termination.

Registered users bear sole responsibility for: (1) maintaining current and accurate account information at all times; (2) immediately updating contact information, organizational affiliation, or authorization status upon any change; (3) monitoring account activity and immediately reporting any suspicious or unauthorized access; (4) complying with all applicable policies, procedures, and security requirements; and (5) ensuring that account usage remains within authorized scope and purpose. Users acknowledge that failure to maintain accurate information may constitute a security incident requiring immediate remediation.

Security Obligations

Users must implement and maintain appropriate technical, administrative, and physical security measures to protect account credentials, authentication tokens, and access mechanisms. These measures must meet or exceed industry standards for information security, including compliance with applicable government and defense security requirements.

All authentication credentials must be: (a) maintained in strict confidence and never shared with any third party under any circumstances; (b) protected using approved password management systems meeting CypSec security standards; (c) composed of complex passwords meeting minimum length and character requirements as specified by CypSec; and (d) rotated at intervals prescribed by applicable security policies or upon any indication of potential compromise.

Users must enable and maintain multi-factor authentication using CypSec-approved methods, which may include: (i) hardware security tokens meeting FIPS 140-2 Level 2 or higher standards; (ii) biometric authentication systems approved for government use; (iii) mobile-based authentication applications using cryptographic protocols; or (iv) other methods as specified by CypSec for enhanced security requirements.

Users must immediately report any suspected or actual security incidents, including: (1) unauthorized access attempts or successful breaches; (2) loss or compromise of authentication credentials; (3) detection of anomalous account activity; (4) suspected malware or unauthorized software installations; and (5) any other circumstances that could impact the security or integrity of CypSec services. Reports must be made through designated secure channels and include all relevant details for investigation purposes.

Users bear full responsibility for all activities conducted through their accounts, regardless of whether such activities are authorized or unauthorized, except where such unauthorized use results directly from CypSec's gross negligence or willful misconduct. Users acknowledge that failure to implement adequate security measures or to report security incidents promptly may result in termination of services and potential liability for resulting damages.

Prohibited Conduct

Users are strictly prohibited from: (a) accessing or attempting to access any accounts, systems, networks, or data without explicit authorization; (b) circumventing, disabling, or interfering with security-related features of the Services; (c) reverse engineering, decompiling, or disassembling any portion of the Services; or (d) engaging in any activity that could interfere with, disrupt, or impose an unreasonable burden on CypSec infrastructure or third-party systems.

The following activities are expressly forbidden: (i) introduction, transmission, or distribution of malware, viruses, worms, trojan horses, ransomware, or other malicious code; (ii) conducting unauthorized vulnerability assessments, penetration testing, or security scanning against CypSec or third-party systems; (iii) engaging in phishing, social engineering, or other fraudulent activities; (iv) harvesting, collecting, or storing personal information without proper authorization; or (v) using the Services to conduct illegal surveillance or espionage activities.

Users must not: (1) upload, transmit, or distribute content that infringes intellectual property rights, violates privacy rights, or contains classified information without proper clearance; (2) engage in harassment, threats, or abusive behavior toward CypSec personnel or other users; (3) use the Services for any purpose that violates applicable laws, regulations, or government policies; or (4) assist any third party in engaging in prohibited activities.

Violations of these provisions will result in immediate account suspension or termination, potential criminal and civil liability, and reporting to appropriate law enforcement or regulatory authorities. CypSec reserves the right to: (a) monitor user activities and system usage to detect violations; (b) implement automated systems to identify suspicious or malicious behavior; (c) cooperate fully with law enforcement investigations; and (d) pursue all available legal remedies for damages resulting from prohibited activities.

Users must immediately report any suspected violations of these Terms or any security incidents through designated secure channels. Failure to report known violations may result in account termination and potential liability for resulting damages. All reports will be handled confidentially and investigated promptly by qualified security personnel.

Legal Compliance

Users must comply with all applicable federal, state, local, and international laws, regulations, and government policies governing cybersecurity operations, data protection, and information security. This includes but is not limited to: (a) Swiss data protection laws and the General Data Protection Regulation (GDPR) where applicable; (b) defense and military regulations including ITAR, EAR, and NATO security requirements; (c) government cybersecurity frameworks such as NIST, ISO 27001, and FedRAMP; (d) classification and handling requirements for sensitive or classified information; and (e) industry-specific compliance standards relevant to government contractors and defense suppliers.

Users acknowledge that cybersecurity activities may be subject to multiple overlapping legal frameworks, including: (i) laws of the jurisdiction where the user is located; (ii) laws of the jurisdiction where data is processed or stored; (iii) international treaties and agreements governing cross-border data transfers; and (iv) specific contractual obligations with government entities. Users are responsible for understanding and complying with all applicable requirements and must obtain necessary legal clearances before engaging in any activities that may be restricted or regulated.

Users bear sole responsibility for all content, data, and information transmitted, processed, or stored through CypSec services, including: (1) ensuring that all content complies with applicable laws and regulations; (2) obtaining necessary rights and permissions for any third-party content or intellectual property; (3) protecting personal data and privacy rights in accordance with applicable data protection laws; and (4) maintaining appropriate records and documentation to demonstrate compliance with regulatory requirements.

Users agree to indemnify, defend, and hold harmless CypSec, its affiliates, officers, directors, employees, and agents from and against any and all claims, demands, actions, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from or related to: (a) user's violation of any applicable laws, regulations, or government policies; (b) user's infringement of intellectual property rights or other proprietary interests; (c) user's handling of sensitive, classified, or regulated data without proper authorization; or (d) user's failure to obtain necessary approvals, licenses, or clearances for their activities. This indemnification obligation survives termination of the user relationship and extends to all related investigations, proceedings, and enforcement actions.

4. Data Privacy and Security

Data Collection and Processing

For purposes of these Terms, "personal information" encompasses any data relating to an identified or identifiable natural person, including but not limited to: (a) identification data such as name, government identification numbers, passport details, and security clearance information; (b) contact information including email addresses, telephone numbers, and physical addresses; (c) biometric data such as fingerprints, facial recognition templates, or other biometric identifiers; (d) technical identifiers including IP addresses, device identifiers, and geolocation data; and (e) professional information such as job titles, organizational affiliations, and authorization levels.

CypSec may collect and process the following categories of personal information: (1) identification and contact data provided during account registration or service configuration; (2) authentication credentials and security-related information; (3) system usage data and access logs; (4) communications with CypSec personnel or support systems; (5) information required for security clearance verification or classification purposes; and (6) data obtained from third-party sources such as government databases, security clearance systems, or authorized partner organizations.

Personal information is collected through: (i) direct user interactions including registration forms, service requests, and support communications; (ii) automated technical means such as cookies, web beacons, logging systems, and analytics tools; (iii) third-party integrations with government authentication systems or corporate identity providers; and (iv) publicly available sources where permitted by applicable law.

Processing of personal information is conducted based on: (a) contractual necessity for service provision and account management; (b) compliance with legal obligations including national security requirements and regulatory frameworks; (c) legitimate interests in maintaining service security and preventing fraud; and (d) explicit consent where required for specific processing activities. Processing purposes include service delivery, security monitoring, compliance verification, customer support, and service improvement initiatives.

CypSec provides comprehensive information regarding data collection practices through privacy notices and data processing agreements. Users retain rights to access, rectify, restrict, or object to processing of their personal information, subject to applicable legal limitations and national security requirements. Withdrawal of consent does not affect processing conducted prior to withdrawal or processing required for contractual performance or legal compliance.

Data Usage and Disclosure

Personal information is processed exclusively for legitimate business purposes including: (a) service provision, configuration, and optimization; (b) security monitoring, threat detection, and incident response; (c) compliance with contractual obligations and regulatory requirements; (d) customer support and technical assistance; (e) service improvement and analytics; and (f) communication regarding service-related matters. Processing activities are conducted in accordance with applicable data protection laws and government security requirements.

CypSec may share personal information with: (i) authorized third-party service providers who support service delivery and are bound by confidentiality and security obligations; (ii) government authorities or law enforcement agencies when required by law, court order, or national security requirements; (iii) affiliated entities within the CypSec corporate structure for legitimate business purposes; and (iv) successor entities in connection with mergers, acquisitions, or asset transfers. All third-party recipients must demonstrate adequate security measures and comply with applicable data protection standards.

Where personal information is transferred across international borders, CypSec implements appropriate safeguards including: (1) adequacy decisions recognized by applicable regulatory authorities; (2) standard contractual clauses approved by competent data protection authorities; (3) binding corporate rules where applicable; and (4) specific government-to-government agreements or treaties. Transfers to jurisdictions with differing data protection standards are conducted only with proper authorization and security controls.

Personal information is processed only to the extent necessary for specified purposes and is retained for periods consistent with applicable legal, regulatory, and operational requirements. Users may restrict certain processing activities through account settings or by contacting CypSec directly, subject to contractual obligations and legal requirements. Marketing communications are provided only with explicit consent and may be discontinued at any time through established opt-out mechanisms.

Users acknowledge that CypSec may be required to provide access to personal information in response to lawful requests from government authorities, including national security agencies, law enforcement entities, or regulatory bodies. Such disclosures will be made in accordance with applicable laws and only to the extent legally required. Where permitted by law, CypSec will attempt to notify affected users of such requests unless prohibited by legal or security considerations.

Security Safeguards

CypSec implements defense-in-depth security architecture incorporating multiple layers of protection including: (a) FIPS 140-2 Level 3 validated encryption for data at rest using AES-256 or stronger algorithms; (b) TLS 1.3 or stronger encryption protocols for data in transit; (c) hardware security modules (HSMs) for key management and cryptographic operations; (d) network segmentation and micro-segmentation to isolate sensitive data; and (e) continuous monitoring systems with real-time threat detection capabilities.

Access to personal information is governed by comprehensive access control policies including: (i) role-based access control (RBAC) with principle of least privilege enforcement; (ii) mandatory multi-factor authentication using government-approved tokens or biometric systems; (iii) privileged access management (PAM) with session recording and monitoring; (iv) regular access reviews and recertification processes; and (v) segregation of duties for critical operations. All access attempts are logged, monitored, and subject to audit review.

All CypSec personnel with access to personal information undergo: (1) comprehensive background investigations appropriate to the sensitivity level of data accessed; (2) security clearance verification where required for government contracts; (3) annual security awareness training and specialized data protection education; (4) signed confidentiality and non-disclosure agreements; and (5) continuous evaluation and monitoring for security compliance. Personnel access is immediately revoked upon termination or when access is no longer required.

CypSec maintains continuous security assessment and compliance validation including: (a) quarterly vulnerability assessments conducted by independent third-party security firms; (b) annual penetration testing performed by certified ethical hackers; (c) continuous compliance monitoring against NIST Cybersecurity Framework, ISO 27001, and SOC 2 standards; (d) government-specific compliance audits for classified or sensitive systems; and (e) real-time security posture monitoring with automated threat intelligence integration.

In the event of any suspected or actual security incident affecting personal information, CypSec will: (i) immediately activate incident response procedures and containment measures; (ii) conduct comprehensive impact assessment and forensic analysis; (iii) notify affected users and regulatory authorities within timeframes required by applicable laws and contracts; (iv) implement corrective actions and security improvements to prevent recurrence; and (v) provide regular status updates throughout the incident resolution process. All incidents are subject to post-incident review and documentation requirements.

Data Retention and Lifecycle Management

CypSec maintains comprehensive data retention policies that balance operational requirements, legal obligations, and privacy considerations. Retention periods are determined based on: (a) statutory and regulatory requirements including national security directives and government record-keeping mandates; (b) contractual obligations with government entities and defense contractors; (c) operational necessity for service delivery, security monitoring, and incident investigation; (d) classification levels and sensitivity designations; and (e) litigation hold requirements or pending legal proceedings.

Personal information is retained according to established schedules that vary by data category and processing purpose: (i) account credentials and authentication data for the duration of active service plus seven years for audit and compliance purposes; (ii) security logs and access records for minimum periods required by applicable security frameworks; (iii) communication records for durations specified by government contract requirements; and (iv) backup and archival data according to disaster recovery and business continuity requirements. Retention periods may be extended when required by legal proceedings or regulatory investigations.

Users maintain rights to access their personal information subject to national security restrictions, classification requirements, and contractual limitations. Access requests must be submitted through designated secure channels and will be processed within timeframes required by applicable law. Users may request correction of inaccurate information, though certain data elements may be immutable for security or audit purposes. Requests for data portability or transfer will be evaluated based on technical feasibility and security requirements.

When personal information reaches the end of its retention period or upon valid user request, CypSec implements secure deletion procedures including: (1) cryptographic erasure using NIST-approved methods for encrypted data; (2) multiple-pass overwriting for magnetic storage media meeting DoD 5220.22-M standards; (3) physical destruction of storage devices using shredders or degaussers meeting government security requirements; and (4) certified destruction with chain of custody documentation for classified or sensitive materials. Deletion is performed across all systems including primary storage, backup systems, and archival media.

Backup and archival systems maintain personal information according to separate retention schedules designed for disaster recovery and business continuity purposes. These systems implement: (a) encryption at rest using government-approved algorithms; (b) access controls limiting retrieval to authorized personnel; (c) periodic review and purging of outdated backup sets; and (d) secure destruction of backup media at end of life. Users acknowledge that backup systems may retain data beyond primary system deletion dates for legitimate business purposes.

5. Intellectual Property Rights

Ownership of Content

All rights, title, and interest in and to the Services, including without limitation all software, platforms, algorithms, databases, interfaces, documentation, methodologies, trade secrets, and any related improvements, modifications, or derivative works, are and shall remain the exclusive property of CypSec. This includes all patents, copyrights, trademarks, service marks, trade names, trade dress, and other intellectual property rights associated with the Services, whether registered or unregistered, and all applications, registrations, renewals, and extensions thereof.

Users retain all right, title, and interest in and to any data, information, or materials that they upload, transmit, or otherwise provide to CypSec in connection with the Services ("User Content"), subject to the license granted herein and any applicable government or classification requirements. Users represent and warrant that they have all necessary rights, permissions, and authorizations to provide such User Content and to grant the licenses contemplated herein, including appropriate security clearances and classification approvals where required.

Users hereby grant to CypSec a worldwide, perpetual, irrevocable, royalty-free, fully paid-up, non-exclusive license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, display, and otherwise exploit the User Content, in whole or in part, for the purposes of: (a) providing, maintaining, and improving the Services; (b) performing analytics and generating insights to enhance service offerings; (c) complying with legal obligations and regulatory requirements; (d) protecting the rights, property, or safety of CypSec, its users, or the public; and (e) exercising or defending legal claims. This license includes the right to sublicense such rights to third-party service providers as necessary for service delivery.

For government and defense clients, User Content may be subject to additional classification requirements, export control regulations, and national security considerations. Users acknowledge that CypSec may be required to maintain and process certain User Content in accordance with government contract requirements, security clearance obligations, and applicable defense regulations. All processing of classified or controlled information must be conducted within appropriate secure environments and in compliance with relevant security protocols.

CypSec reserves all rights not expressly granted to users under these Terms. No rights or licenses are granted by implication, estoppel, or otherwise, except as expressly set forth herein. Users acknowledge that the Services contain valuable trade secrets and proprietary information of CypSec, and that any unauthorized use or disclosure would cause irreparable harm to CypSec for which monetary damages would be inadequate.

License Terms and Conditions

Subject to full compliance with these Terms of Service and any applicable government security requirements, CypSec grants to users a limited, non-exclusive, non-transferable, revocable license to access and use the Services solely for authorized internal business purposes. This license does not include any right to: (a) sublicense, distribute, or make the Services available to third parties; (b) modify, adapt, translate, or create derivative works based on the Services; (c) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code or underlying algorithms; or (d) remove, obscure, or alter any proprietary notices or labels.

For users accessing Services under government contracts or with security clearance requirements, additional restrictions apply: (i) use is limited to authorized government purposes and personnel with appropriate clearances; (ii) Services may not be accessed from or transferred to unauthorized locations or systems; (iii) technical data and software may be subject to export control regulations including ITAR and EAR; and (iv) all use must comply with applicable security classification guides and handling procedures. Users acknowledge that violation of these restrictions may constitute a breach of national security laws.

The license granted herein is subject to the following express prohibitions: (1) use of the Services for any purpose that is unlawful, prohibited by these Terms, or inconsistent with authorized government activities; (2) interference with or disruption of the integrity or performance of the Services or third-party data contained therein; (3) attempt to gain unauthorized access to the Services or related systems or networks; (4) use of any automated means including scripts, bots, or scraping tools to access or monitor the Services; or (5) use of the Services to store or transmit infringing, libelous, or otherwise unlawful material.

This license commences upon acceptance of these Terms and continues until terminated. CypSec may terminate this license immediately and without notice: (a) for breach of any provision of these Terms; (b) if required by law, regulation, or government directive; (c) upon termination of underlying government contracts or agreements; or (d) for security concerns or suspected unauthorized access. Upon termination, users must immediately cease all use of the Services, delete any downloaded materials, and destroy all copies of CypSec intellectual property in their possession or control.

All restrictions, limitations, and obligations set forth in this Section survive termination of the license and continue in full force and effect. Users acknowledge that any unauthorized use or disclosure of CypSec intellectual property following termination will result in irreparable harm and may subject users to criminal and civil liability under applicable laws, including the Computer Fraud and Abuse Act and similar international statutes.

Trademark and Copyright Protection

All CypSec trademarks, service marks, trade names, trade dress, logos, and slogans, whether registered or unregistered, are exclusively owned by CypSec and are protected under national and international intellectual property laws. This includes but is not limited to: (a) service names and product designations; (b) distinctive color schemes and design elements; and (c) all associated taglines and marketing materials. These assets constitute valuable corporate property and may not be used without express written authorization.

Users are granted a limited, non-exclusive, non-transferable license to use CypSec trademarks and copyrighted materials solely for: (i) identification of CypSec as the service provider within authorized documentation; (ii) referencing CypSec services in compliance with these Terms; and (iii) other uses expressly authorized in writing by CypSec. All uses must comply with CypSec's brand guidelines and must not: (1) create confusion regarding ownership or affiliation; (2) dilute or tarnish the CypSec brand; or (3) imply endorsement or partnership without explicit authorization.

For government and defense clients, use of CypSec trademarks and copyrighted materials may be subject to additional restrictions: (i) use in classified environments requires prior security clearance and approval; (ii) incorporation into government documentation must comply with applicable procurement regulations; (iii) use in international contexts may require export control compliance; and (iv) all uses must maintain the integrity and reputation of CypSec as a trusted security provider to government entities.

The following uses of CypSec intellectual property are expressly prohibited: (a) modification, alteration, or distortion of trademarks or logos; (b) use in connection with any products or services that compete with CypSec offerings; (c) use in any manner that is misleading, defamatory, or otherwise damaging to CypSec reputation; (d) registration or attempted registration of any CypSec marks or confusingly similar marks; and (e) use in violation of any applicable laws, regulations, or government policies.

CypSec actively monitors for unauthorized use of its intellectual property and reserves the right to: (1) investigate any suspected infringement or misuse; (2) demand cessation of unauthorized use through formal legal notice; (3) pursue legal remedies including injunctive relief and monetary damages; (4) cooperate with law enforcement authorities in criminal enforcement actions; and (5) take any other action necessary to protect its intellectual property rights. Users agree to cooperate fully with any enforcement actions and to provide reasonable assistance in protecting CypSec intellectual property rights.

6. Payment Terms

Pricing and Payment Obligations

All pricing for CypSec services is established through written quotations, statements of work, or government contracts executed by authorized representatives. Pricing may be based on various models including: (a) fixed-price contracts for defined service periods; (b) time-and-materials arrangements for professional services; (c) usage-based pricing tied to specific metrics such as data volume, user count, or transaction levels; and (d) subscription-based models with recurring charges. All pricing is exclusive of applicable taxes, duties, and government-imposed fees unless expressly stated otherwise.

For government and defense clients, pricing is subject to applicable procurement regulations including: (i) Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) requirements; (ii) most-favored customer pricing obligations where applicable; (iii) government audit rights and cost accounting standards; and (iv) security clearance and facility clearance requirements that may affect service delivery costs. All government pricing is subject to contract modification procedures and formal change order processes.

Payment terms are specified in individual contracts and may vary based on client type, service tier, and government requirements. Standard terms require payment within thirty (30) days of invoice date unless otherwise agreed. Late payments may incur interest charges at the maximum rate permitted by law. CypSec reserves the right to suspend services for accounts with overdue balances, subject to applicable government contract termination procedures and notice requirements.

All payment transactions are processed through secure payment gateways compliant with Payment Card Industry Data Security Standard (PCI DSS) Level 1 requirements. Payment methods may include: (1) government purchase cards subject to applicable transaction limits and approval requirements; (2) electronic funds transfer (EFT) to designated government or commercial bank accounts; (3) wire transfers for international transactions; and (4) other methods as expressly authorized in written contracts. Users authorize CypSec to charge designated payment methods for all agreed-upon fees and charges.

All transactions are processed in the currency specified in the applicable contract or statement of work. For international transactions involving government entities, compliance with applicable foreign exchange regulations, export control requirements, and international banking protocols is required. Currency conversion fees and international transaction charges are the responsibility of the user unless otherwise specified in the contract.

Subscription and Service Plans

CypSec offers multiple service tiers designed to address varying security requirements and operational needs of government and commercial clients. Each tier provides specific capabilities, performance levels, and support entitlements as detailed in service descriptions and statements of work. Service tiers may include: (a) Basic Security Services providing fundamental threat detection and prevention; (b) Advanced Security Services incorporating comprehensive monitoring and incident response; (c) Enterprise Security Services delivering full-spectrum cybersecurity with dedicated resources; and (d) Custom Government Solutions tailored to specific agency requirements and classification levels.

For government subscription plans, all changes are subject to applicable procurement regulations including: (i) formal contract modification procedures for changes exceeding simplified acquisition thresholds; (ii) approval by contracting officers or authorized representatives; (iii) compliance with competition requirements where applicable; and (iv) adherence to funding availability and fiscal year limitations. Subscription modifications may require security reauthorization and updated facility clearance verification.

Subscriptions automatically renew for successive periods equal to the initial term unless: (1) either party provides written notice of non-renewal at least sixty (60) days prior to term expiration; (2) government funding is not appropriated or becomes unavailable; (3) security clearance or authorization is revoked or suspended; or (4) termination occurs in accordance with applicable contract provisions. Early termination may be subject to early termination fees as specified in individual contracts.

Users may request changes to service tiers subject to: (a) completion of security assessment and authorization processes for higher-tier services; (b) availability of appropriate security clearances and facility clearances; (c) compliance with any applicable export control or technology transfer requirements; and (d) acceptance of revised pricing and terms. Downgrades may be restricted during active security incidents or when classified information has been accessed.

CypSec reserves the right to adjust subscription pricing upon renewal with advance notice as required by applicable contracts. For government clients, price adjustments are subject to: (i) most-favored customer pricing analysis where applicable; (ii) government audit rights and cost analysis; (iii) formal contract modification procedures; and (iv) congressional notification requirements for significant increases. Commercial pricing adjustments require thirty (30) days advance notice unless otherwise specified in individual agreements.

Tax Obligations and Compliance

All amounts payable to CypSec are exclusive of applicable taxes, duties, and government-imposed charges. Users are responsible for payment of all applicable taxes including but not limited to: (a) value-added tax (VAT) or goods and services tax (GST) where applicable; (b) sales and use taxes based on delivery location; (c) withholding taxes required under international tax treaties; and (d) any digital services taxes or similar levies imposed on technology services. CypSec will collect and remit taxes only where legally obligated to do so based on applicable nexus requirements.

Government entities and tax-exempt organizations must provide appropriate documentation to support tax exemption claims including: (i) valid tax exemption certificates or government purchase cards; (ii) official procurement documentation establishing tax-exempt status; (iii) applicable international organization exemptions under treaties or agreements; and (iv) diplomatic tax exemption cards where applicable. All exemption documentation must be current, valid, and acceptable under applicable tax laws. CypSec reserves the right to request additional documentation or deny exemption claims that do not meet legal requirements.

Cross-border transactions may be subject to complex tax implications including: (1) import duties or customs fees on software or technology transfers; (2) digital services taxes imposed by various jurisdictions; (3) permanent establishment considerations under tax treaties; and (4) transfer pricing regulations for related party transactions. Users acknowledge responsibility for determining and complying with all applicable international tax obligations and agree to indemnify CypSec for any tax liabilities arising from their failure to properly assess or remit required taxes.

CypSec maintains comprehensive tax reporting and documentation systems to ensure compliance with applicable tax laws. Users will receive appropriate tax invoices or receipts as required by applicable law. For government contracts, all tax documentation will comply with applicable procurement regulations and audit requirements. Users agree to provide accurate tax identification information and to promptly notify CypSec of any changes in tax status or jurisdiction that may affect tax obligations.

All tax matters are subject to audit by appropriate tax authorities and government oversight bodies. Users agree to maintain complete and accurate records of all transactions and to cooperate fully with any tax audits or investigations. CypSec reserves the right to adjust previously invoiced amounts to reflect correct tax calculations and to recover any underpaid taxes plus applicable interest and penalties. Disputes regarding tax obligations will be resolved in accordance with applicable tax laws and dispute resolution procedures.

7. Termination

Termination by CypSec

CypSec reserves the right to terminate user access and services immediately upon occurrence of any of the following events: (a) material breach of these Terms of Service including failure to cure any breach within thirty (30) days of written notice; (b) violation of applicable laws, regulations, or government security requirements; (c) compromise or suspected compromise of security clearances or facility clearances; (d) engagement in activities that threaten national security or the security of CypSec systems; (e) non-payment of amounts due after applicable cure periods; or (f) any other circumstances that in CypSec's reasonable judgment require immediate termination to protect its interests, comply with legal obligations, or maintain service integrity.

For government and defense clients, termination is subject to additional requirements including: (i) compliance with applicable Federal Acquisition Regulation (FAR) termination clauses; (ii) coordination with contracting officers and authorized representatives; (iii) completion of security debriefing and clearance revocation procedures; (iv) return or destruction of classified materials and controlled technical data; and (v) transition assistance as required by contract terms. Termination of government contracts may require congressional notification and compliance with specific procurement regulations.

CypSec will follow established termination procedures including: (1) issuance of written termination notice specifying grounds and effective date; (2) provision of reasonable opportunity to cure breaches where feasible and appropriate; (3) coordination of data return or destruction in accordance with applicable security requirements; (4) completion of final accounting and settlement of outstanding obligations; and (5) implementation of transition assistance as contractually required. Termination becomes effective upon the date specified in the termination notice or immediately for security-related terminations.

CypSec reserves the right to immediately suspend services without prior notice when: (a) required by law, regulation, or government directive; (b) necessary to prevent imminent harm to national security or CypSec systems; (c) user activities pose immediate security threats; or (d) required to comply with court orders or legal process. Suspension will be followed by formal termination proceedings unless the underlying issues are resolved to CypSec's satisfaction within reasonable timeframes.

Upon termination by CypSec, users must: (i) immediately cease all use of services and return or destroy all CypSec materials; (ii) pay all outstanding fees and charges through the termination date; (iii) cooperate with data transition and return procedures; and (iv) maintain confidentiality obligations indefinitely. Refunds for prepaid services are provided only as required by applicable contracts and are subject to deduction for costs incurred and damages suffered by CypSec.

Termination by User

Users may terminate their account or subscription upon satisfaction of all outstanding obligations and compliance with applicable notice requirements. Termination requests must be submitted through designated channels and include: (a) written notice specifying the desired termination date; (b) confirmation of satisfaction of all payment obligations; (c) acknowledgment of post-termination responsibilities; and (d) completion of any required security clearance return or debriefing procedures. For government clients, termination may require coordination with contracting officers and compliance with applicable procurement regulations.

Users must provide advance notice of termination as specified in individual contracts, typically not less than thirty (30) days prior to desired termination date. Notice must be submitted through approved communication channels and must include: (i) user identification and account details; (ii) specific services to be terminated; (iii) requested termination date; and (iv) reason for termination where contractually required. Failure to provide adequate notice may result in additional charges for services provided during the notice period.

Government and defense clients must comply with applicable termination procedures including: (1) formal contract modification requests processed through contracting officers; (2) completion of security debriefing and clearance return procedures; (3) return or destruction of classified materials and controlled technical data; (4) transition assistance as required by FAR termination clauses; and (5) compliance with congressional notification requirements for significant contract terminations. Early termination may be subject to government approval and funding availability constraints.

User-initiated termination requires: (a) completion of termination request forms provided by CypSec; (b) settlement of all outstanding fees, charges, and penalties; (c) return or destruction of CypSec materials and confidential information; (d) completion of data export or transition procedures; and (e) acknowledgment of ongoing confidentiality obligations. CypSec will provide written confirmation of termination and final account status upon completion of all termination requirements.

Upon user termination: (i) all access to services is immediately suspended; (ii) user accounts are deactivated and credentials revoked; (iii) data retention and return procedures are initiated in accordance with applicable contracts and security requirements; (iv) final billing is processed for services provided through termination date; and (v) any prepaid amounts are refunded subject to applicable contract terms and deduction for services provided. Users acknowledge that certain data may be retained for legal, regulatory, or security purposes even after account termination.

Refunds for prepaid services are calculated based on unused portions of service periods, subject to: (a) deduction for services provided through termination date; (b) application of any early termination fees specified in contracts; (c) retention of amounts for outstanding obligations or damages; and (d) compliance with government contract refund requirements where applicable. Refund processing typically occurs within thirty (30) days of termination confirmation, though government contracts may require additional approval processes.

Post-Termination Consequences

Upon termination becoming effective, all user access to CypSec services is immediately suspended without liability to CypSec. Users acknowledge that: (a) all accounts, credentials, and access privileges are revoked; (b) ongoing security monitoring and threat protection services are discontinued; (c) data processing and storage services are terminated; and (d) all associated features, functionalities, and support services become unavailable. For government clients, termination may require coordination with successor contractors and transition of security operations.

Termination results in permanent loss of access to all user data, content, and configurations stored within CypSec systems. Users acknowledge that: (i) data retrieval may not be possible following termination; (ii) backup and archival data will be processed according to applicable retention schedules; (iii) classified or controlled information must be returned or destroyed per security requirements; and (iv) CypSec bears no responsibility for data loss following termination. Users are strongly advised to complete all data exports and backups prior to termination effective dates.

All outstanding payment obligations survive termination and become immediately due and payable. Users remain liable for: (1) all fees and charges incurred through the termination date; (2) any early termination fees specified in applicable contracts; (3) costs associated with data return or destruction; (4) expenses related to security clearance return or debriefing procedures; and (5) reasonable collection costs including attorneys' fees. Government contracts may require specific closeout procedures and final audit requirements.

The following provisions survive termination indefinitely: (a) confidentiality and non-disclosure obligations regarding proprietary and classified information; (b) intellectual property rights and restrictions on use of CypSec materials; (c) limitation of liability and disclaimer of warranties; (d) dispute resolution procedures and governing law provisions; (e) indemnification obligations for pre-termination activities; and (f) compliance with applicable export control and national security requirements. These surviving obligations are essential to protect CypSec's legitimate business interests and comply with regulatory requirements.

Users must continue to comply with: (i) all confidentiality obligations regarding CypSec proprietary information and third-party data; (ii) return or destruction requirements for all CypSec materials, documents, and equipment; (iii) security clearance return and debriefing procedures as required by government contracts; (iv) ongoing cooperation with any investigations or legal proceedings; and (v) compliance with all applicable laws and regulations governing terminated relationships. Failure to satisfy post-termination obligations may result in legal action and additional liability.

8. Limitation of Liability

Warranty Disclaimers

CypSec provides the Services on an "AS IS" and "AS AVAILABLE" basis without any representations or warranties of any kind, whether express, implied, statutory, or otherwise. CypSec specifically disclaims all express warranties including, but not limited to, warranties of title, non-infringement, merchantability, and fitness for a particular purpose. No oral or written information provided by CypSec, its agents, or employees shall create any warranty not expressly stated in these Terms of Service.

For government and defense clients, CypSec makes no warranties regarding: (a) the suitability of Services for specific mission requirements or threat environments; (b) the effectiveness of security measures against advanced persistent threats or nation-state actors; (c) the compatibility of Services with classified systems or sensitive compartmented information facilities; (d) the uninterrupted availability of Services during national security emergencies or crisis situations; or (e) the complete accuracy of threat intelligence or vulnerability assessments in rapidly evolving threat landscapes.

Users acknowledge that the Services may be subject to limitations including: (i) temporary interruptions due to security updates, maintenance activities, or threat response actions; (ii) performance variations based on network conditions, system configurations, or third-party integrations; (iii) detection capabilities that may not identify all threats, vulnerabilities, or attack vectors; (iv) false positives or false negatives in threat detection algorithms; and (v) dependencies on third-party data sources, threat intelligence feeds, and external security services that are beyond CypSec's control.

Users expressly acknowledge that: (1) cybersecurity threats are constantly evolving and no security solution can provide absolute protection; (2) the Services are designed to reduce, not eliminate, security risks; (3) successful threat prevention depends on proper configuration, deployment, and maintenance by qualified personnel; (4) user actions and configurations may affect the effectiveness of security measures; and (5) CypSec does not guarantee protection against all forms of cyber attacks, including zero-day exploits, advanced persistent threats, or insider threats.

CypSec makes no warranties regarding the appropriateness of Services for processing classified information above specified classification levels or for use in environments requiring special access programs. Users are solely responsible for ensuring that Services meet applicable security classification guides, handling procedures, and compartmentalization requirements for their specific operational environments.

Liability Limitations and Exclusions

In no event shall CypSec's total aggregate liability to any user for all claims arising out of or relating to these Terms of Service or the Services exceed the total amount actually paid by such user to CypSec for the Services during the twelve (12) month period immediately preceding the event giving rise to the liability. This limitation applies regardless of the form of action, whether in contract, tort (including negligence), strict liability, or otherwise, and regardless of whether CypSec has been advised of the possibility of such damages.

CypSec shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, including but not limited to: (a) loss of profits, revenue, business opportunities, or anticipated savings; (b) loss or corruption of data, information, or business records; (c) costs of procurement of substitute goods or services; (d) business interruption or cessation; (e) reputational harm or loss of goodwill; (f) failure to meet any duty including of good faith or reasonable care; and (g) any other intangible losses, even if CypSec has been advised of the possibility of such damages. This exclusion applies regardless of the legal theory under which such damages are sought.

For government and defense applications, CypSec's liability is further limited by: (i) the inherent risks associated with cybersecurity operations in high-threat environments; (ii) the evolving nature of cyber threats and attack vectors that may not be detectable by current technology; (iii) the dependency on accurate threat intelligence and user-provided information; (iv) the potential for cascading effects from security incidents that cannot be reasonably foreseen; and (v) the limitations of liability imposed by government contracting regulations and sovereign immunity principles where applicable.

Users acknowledge that CypSec's liability for data-related damages is specifically limited to: (1) the cost of recovering data from CypSec's most recent backup where available; (2) the direct costs of recreating data that cannot be recovered from backups; and (3) the reasonable costs of investigating and remedying security breaches. CypSec is not liable for: (a) loss of classified or sensitive information that users have failed to properly protect or backup; (b) damages resulting from user failure to implement recommended security measures; (c) losses arising from third-party attacks or security incidents beyond CypSec's reasonable control; or (d) consequential damages from business interruption or operational disruption.

The limitations and exclusions set forth herein apply to the maximum extent permitted by applicable law. Certain jurisdictions may not allow the exclusion or limitation of certain types of damages, in which case these limitations and exclusions shall apply to the fullest extent permitted by such jurisdiction's laws. Users acknowledge that these limitations are fundamental elements of the bargain between the parties and that CypSec would not provide the Services without such limitations. Users who do not agree with these limitations must immediately discontinue use of the Services.

Indemnification Obligations

Users agree to indemnify, defend, and hold harmless CypSec, its affiliates, officers, directors, employees, agents, successors, and assigns from and against any and all claims, demands, actions, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees and investigation costs) arising out of or relating to: (a) user's breach of any provision of these Terms of Service; (b) user's violation of any applicable laws, regulations, or government policies; (c) user's infringement or misappropriation of intellectual property rights or other proprietary interests; (d) user's handling of classified, sensitive, or controlled information without proper authorization; (e) user's failure to maintain required security clearances or facility clearances; and (f) any unauthorized access to or use of CypSec services attributable to user's account or credentials.

For government and defense applications, users additionally indemnify CypSec against: (i) claims arising from violation of national security regulations or export control laws; (ii) damages resulting from improper handling of classified information or controlled technical data; (iii) liability for security breaches affecting government systems or data; (iv) claims related to failure to comply with specific contractual security requirements; and (v) any actions that result in loss of security clearances or facility clearances for CypSec personnel or facilities. Users acknowledge that these indemnification obligations are essential given the high-risk nature of government cybersecurity operations.

Upon receipt of any claim subject to indemnification, CypSec will: (1) promptly notify the user in writing of the claim; (2) provide reasonable cooperation and information for the defense; (3) permit the user to assume sole control of the defense and settlement negotiations; and (4) reasonably assist in the defense at the user's expense. Users may not settle any claim without CypSec's prior written consent if such settlement: (a) imposes any liability or obligation on CypSec; (b) requires admission of wrongdoing by CypSec; or (c) affects CypSec's intellectual property rights or business operations.

Users must: (i) provide CypSec with prompt written notice of any claim subject to indemnification; (ii) grant CypSec sole control of the defense and settlement negotiations; (iii) provide all reasonable assistance and cooperation in the defense; (iv) refrain from making any admissions or statements that could prejudice the defense; and (v) maintain confidentiality regarding the claim and defense strategy. CypSec reserves the right to participate in the defense at its own expense and to retain separate counsel if necessary to protect its interests.

Indemnification obligations survive termination of these Terms and continue indefinitely with respect to claims arising from activities during the term of service. Users acknowledge that these indemnification provisions are essential considerations in CypSec's willingness to provide services and that failure to honor indemnification obligations constitutes a material breach. CypSec may offset indemnification amounts against any amounts owed to user or pursue collection through appropriate legal channels. The indemnification obligations are in addition to and not in limitation of any other rights or remedies available to CypSec.

9. Dispute Resolution

Arbitration Framework

Any dispute, claim, or controversy arising out of or relating to these Terms of Service, the Services, or the relationship between CypSec and user, including but not limited to claims for breach of contract, tort, violation of statute, or equity, shall be resolved exclusively through binding arbitration administered by the Swiss Chambers' Arbitration Institution (SCAI) in accordance with its International Arbitration Rules. This agreement to arbitrate constitutes a waiver of the right to litigate such disputes in court or to have such disputes decided by a jury, except as otherwise provided herein.

For disputes involving government contracts or national security matters, the following exceptions apply: (a) disputes requiring classification review or involving classified information may be subject to special procedures approved by appropriate government authorities; (b) termination disputes under Federal Acquisition Regulation (FAR) clauses may require administrative procedures before arbitration; (c) disputes involving export control violations or national security concerns may be referred to appropriate government agencies; and (d) injunctive relief necessary to protect classified information or national security interests may be sought in competent courts.

The arbitration shall be conducted by a single arbitrator who shall be: (i) a licensed attorney with at least fifteen (15) years of experience in technology law, cybersecurity law, or government contracting; (ii) familiar with Swiss law and international arbitration practices; and (iii) cleared to handle classified information if required by the nature of the dispute. If the parties cannot agree on an arbitrator within thirty (30) days, the arbitrator shall be appointed by the SCAI in accordance with its rules.

The arbitration shall be conducted in German unless otherwise agreed by the parties. The arbitrator shall have broad discretion to manage the proceedings including: (1) determining the scope and timing of discovery; (2) ruling on the admissibility of evidence; (3) deciding motions for summary disposition; and (4) establishing procedures for handling confidential or classified information. Discovery shall be limited to what is reasonably necessary to resolve the dispute efficiently and economically.

Users expressly waive any right to participate in any class action, collective action, or representative action against CypSec. All disputes must be brought on an individual basis only, and the arbitrator shall have no authority to consolidate claims or conduct class-wide proceedings. This waiver is material to the arbitration agreement and would result in different terms absent this provision. If this class action waiver is found unenforceable, then the entire arbitration agreement shall be null and void.

The arbitrator's decision shall be final and binding on all parties and may be enforced in any court of competent jurisdiction. The award shall include: (a) written findings of fact and conclusions of law; (b) allocation of arbitration costs and reasonable attorneys' fees; and (c) any other relief deemed appropriate by the arbitrator. Judgment on the award may be entered in any court having jurisdiction, including courts in Switzerland or other jurisdictions where enforcement is sought.

Governing Law and Jurisdiction

These Terms of Service shall be governed by and construed in accordance with the substantive laws of Switzerland, specifically the laws of the Canton of Zurich, without regard to its conflict of laws principles or the United Nations Convention on Contracts for the International Sale of Goods. The application of Swiss law reflects the international nature of CypSec's cybersecurity operations. All disputes shall be resolved under Swiss substantive law, regardless of the user's location or the location where services are performed.

For disputes involving government contracts, the governing law may be modified as follows: (a) U.S. government contracts are governed by federal law including the Contract Disputes Act and applicable procurement regulations; (b) NATO or international organization contracts may be governed by international agreements or specific treaty provisions; (c) contracts with foreign governments are subject to applicable bilateral agreements and international law; and (d) where required by applicable law, mandatory provisions of the user's home jurisdiction may apply despite Swiss governing law selection.

Notwithstanding Swiss law designation, the following mandatory laws apply where required: (i) data protection laws of the user's jurisdiction where personal information is processed; (ii) export control and sanctions laws applicable to technology transfers; (iii) national security and classification requirements of relevant governments; (iv) consumer protection laws that cannot be waived by contract; and (v) criminal laws applicable to cybersecurity activities. Users acknowledge that Swiss law may not be applied to the extent it conflicts with mandatory applicable laws.

In the event of any conflict between Swiss law and the laws of any other jurisdiction, the following hierarchy applies: (1) mandatory national security and defense regulations of the relevant government authority; (2) international treaties and agreements to which Switzerland or the relevant jurisdictions are parties; (3) mandatory data protection and privacy laws where personal information is processed; (4) export control and technology transfer regulations; and (5) Swiss substantive law as the primary governing law. The parties agree to resolve any conflicts in accordance with this hierarchy and applicable international law principles.

Users acknowledge that Swiss governing law applies to all aspects of the relationship including: (a) contract formation, interpretation, and enforcement; (b) tort claims arising from service provision; (c) intellectual property rights and obligations; (d) data protection and privacy obligations; (e) termination and post-termination obligations; and (f) dispute resolution procedures. This governing law selection survives termination of the Terms and applies to all related claims whether arising during or after the term of service. Users who do not agree to Swiss governing law must immediately discontinue use of the Services.

Jurisdiction and Venue

The courts of Zurich, Switzerland shall have exclusive jurisdiction over any disputes arising out of or relating to these Terms of Service, the Services, or the relationship between CypSec and users. This jurisdiction is exclusive of all other courts and tribunals, and all parties irrevocably submit to the personal jurisdiction of such courts. Users expressly waive any objection to jurisdiction or venue in Zurich courts, including objections based on inconvenient forum, forum non conveniens, or lack of personal jurisdiction.

For disputes involving government entities, jurisdiction may be modified as required by applicable law: (a) U.S. government disputes may be subject to the Contract Disputes Act and federal court jurisdiction; (b) disputes with international organizations may be subject to applicable international immunities and jurisdictional protocols; (c) foreign government disputes may be subject to sovereign immunity principles and diplomatic protections; and (d) where required by applicable treaties or agreements, alternative dispute resolution forums may be utilized. These exceptions apply only to the extent they conflict with exclusive Swiss jurisdiction.

Notwithstanding the exclusive jurisdiction clause, CypSec reserves the right to seek injunctive relief or other equitable remedies in any court of competent jurisdiction worldwide to: (i) protect its intellectual property rights and confidential information; (ii) prevent unauthorized access to or use of the Services; (iii) enforce security obligations and classification requirements; (iv) protect national security interests where applicable; and (v) prevent irreparable harm that cannot be adequately compensated by monetary damages. Users consent to jurisdiction in any court where such relief is sought.

All users consent to service of process through the following methods: (1) personal delivery by internationally recognized courier service to the address provided during registration; (2) certified mail to the user's registered address with proof of delivery; (3) electronic service via email to the user's registered email address; or (4) such other methods permitted by applicable law or court rules. Users must maintain current contact information and promptly update any changes to ensure proper service. Failure to maintain accurate contact information does not invalidate service attempts.

Users irrevocably waive: (a) any defense of inconvenient forum or forum non conveniens; (b) any objection to venue within Zurich courts; (c) any claim that Zurich courts lack personal jurisdiction; (d) any right to remove or transfer proceedings to other jurisdictions; and (e) any immunity from legal process that may otherwise be available. These waivers are material inducements for CypSec to provide services and would result in different terms absent such waivers. Users acknowledge that these jurisdictional provisions are reasonable given CypSec's Swiss domicile and international operations.

10. Amendments to the Terms of Service

Amendment Procedures

CypSec reserves the right to modify, amend, or update these Terms of Service at any time in its sole discretion to reflect: (a) changes in applicable laws, regulations, or government policies; (b) modifications to service offerings, technologies, or security requirements; (c) updates to industry standards or best practices; (d) feedback from government agencies, defense contractors, or security auditors; and (e) operational requirements or business necessities. No amendment becomes effective until properly communicated to users through designated channels.

For government and defense clients, amendments may be subject to additional requirements including: (i) formal contract modification procedures under applicable procurement regulations; (ii) approval by contracting officers or authorized representatives; (iii) compliance with change order processes and pricing adjustments; (iv) security reauthorization for modified services; and (v) congressional notification requirements for significant contract changes. All government contract amendments must comply with applicable Federal Acquisition Regulation (FAR) and agency-specific requirements.

CypSec will provide advance notice of material amendments through: (1) secure email notification to registered users and authorized contacts; (2) prominent posting on customer portals and service dashboards; (3) direct communication through account managers for enterprise clients; (4) incorporation into updated statements of work or contract modifications; and (5) such other methods as may be required by applicable contracts or regulations. Notice periods will be reasonable given the nature and significance of the changes.

Material amendments include but are not limited to: (a) significant changes to liability limitations or warranty disclaimers; (b) modifications to data processing, storage, or protection requirements; (c) updates to security obligations or classification handling procedures; (d) changes to dispute resolution procedures or governing law; and (e) material alterations to service levels, availability commitments, or support obligations. All material amendments require explicit user acknowledgment before becoming effective.

Users acknowledge receipt of amendments by: (i) clicking "Accept," "Acknowledge," or similar electronic confirmation; (ii) continuing to use Services after notice of amendments; (iii) executing contract modifications or updated statements of work; or (iv) such other methods as specified in the amendment notice. Failure to acknowledge material amendments within specified timeframes may result in service suspension or termination. Users who do not agree to material amendments must discontinue service use immediately upon notice.

Acceptance and Implementation

Users may accept amendments through designated procedures including: (a) electronic acknowledgment via secure customer portals or service dashboards; (b) written acceptance executed by authorized representatives; (c) continued use of Services following notice of amendments; or (d) execution of contract modifications or updated statements of work. All acceptances affecting businesses or government agencies must be made by users with appropriate authority to bind their organizations to modified terms.

Continued access to or use of Services after notice of material amendments constitutes acceptance of such amendments. This implied acceptance applies to: (i) ongoing service utilization beyond specified acknowledgment deadlines; (ii) submission of new service requests or purchase orders after amendment notice; (iii) participation in training or implementation of amended security procedures; and (iv) any other affirmative actions indicating acknowledgment of modified terms. Users who do not accept amendments must immediately cease all service use.

Users may reject amendments by: (1) providing written notice of rejection within specified timeframes; (2) discontinuing all service use immediately upon notice; (3) completing account closure procedures as specified by CypSec; and (4) satisfying all outstanding obligations before amendment effective dates. Rejection of material amendments results in automatic service termination without liability to CypSec. Users acknowledge that rejection may affect their ability to access data or transition to alternative service providers.

Government and defense clients may have additional options for addressing amendments including: (a) formal contract modification procedures and negotiations; (b) appeals through contracting officers or procurement authorities; (c) compliance with applicable change order processes; (d) security reauthorization requirements for modified services; and (e) congressional notification procedures for significant contract changes. All government contract amendments must comply with applicable procurement regulations and approval processes.

Amendments apply prospectively from the effective date except where: (i) required by applicable laws or government regulations to apply retroactively; (ii) necessary to correct manifest errors or clarify ambiguities; (iii) required for national security or classification compliance; or (iv) expressly stated to apply retroactively in the amendment notice. Users acknowledge that certain amendments may affect ongoing obligations or liabilities arising from pre-amendment activities. All retroactive applications are limited to the maximum extent permitted by applicable law.

11. Miscellaneous

Complete Agreement

These Terms of Service constitute the complete, final, and exclusive agreement between CypSec and users regarding the subject matter hereof, and supersede all prior or contemporaneous agreements, representations, warranties, understandings, negotiations, and discussions, whether oral or written. This agreement includes all appendices, exhibits, statements of work, order forms, and other documents expressly incorporated by reference. No other terms, conditions, or provisions shall be binding upon CypSec unless expressly accepted in writing by an authorized representative.

For government and defense contracts, these Terms supersede any conflicting provisions in: (a) standard government terms and conditions unless expressly incorporated by reference; (b) agency-specific regulations that conflict with mandatory commercial terms; (c) prior agreements or understandings that are not formally incorporated into the contract; and (d) any terms that are prohibited by applicable procurement regulations. However, mandatory government clauses required by law or regulation are incorporated as specified in applicable contract documents.

In the event of any conflict or inconsistency between provisions, the following order of precedence applies: (1) the main body of these Terms of Service; (2) applicable government contract clauses and regulations; (3) statements of work and technical specifications; (4) service level agreements and performance metrics; (5) security requirements and classification guides; and (6) other incorporated documents. Conflicts are resolved by giving precedence to documents higher in this hierarchy.

All provisions that by their nature should survive termination survive indefinitely including: (i) confidentiality and non-disclosure obligations; (ii) intellectual property rights and restrictions; (iii) limitation of liability and warranty disclaimers; (iv) dispute resolution procedures; (v) governing law and jurisdiction provisions; and (vi) indemnification obligations. These provisions remain effective regardless of contract termination or expiration and continue to bind the parties.

The failure of either party to enforce any provision of these Terms shall not constitute a waiver of such provision or any other provision. All waivers must be express and in writing signed by authorized representatives. No course of dealing, usage of trade, or failure to object to inconsistent terms shall modify or supplement these Terms. The parties acknowledge that these Terms represent their complete understanding and that no additional terms are implied by law or custom.

Severability and Survival

If any provision of these Terms of Service is determined to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be severed from these Terms and the remaining provisions shall remain in full force and effect. The invalidity of any particular provision shall not affect the validity of: (a) confidentiality and security obligations; (b) intellectual property protections; (c) limitation of liability provisions; (d) dispute resolution procedures; or (e) any other provisions that by their nature should survive partial invalidity.

For government and defense contracts, severability is subject to: (i) mandatory government clauses that cannot be severed under applicable procurement regulations; (ii) national security requirements that must be preserved regardless of severability; (iii) classification requirements that cannot be modified by contractual provisions; (iv) export control obligations that are mandated by law; and (v) international treaty obligations that supersede contractual severability. Courts are instructed to preserve government interests to the maximum extent permitted by law.

If any provision is found invalid but could be made valid through modification, the court is authorized and directed to modify such provision to the minimum extent necessary to make it valid and enforceable while preserving the original intent and commercial purpose. The parties expressly agree that courts should employ judicial modification rather than severance where such modification would better effectuate the parties' original intent and maintain the overall structure of these Terms.

In the event of severance, the parties shall negotiate in good faith to replace the invalid provision with a valid provision that most closely reflects the original economic intent and risk allocation. If the parties cannot agree on a replacement provision within sixty (60) days, either party may request that the matter be submitted to binding arbitration for determination of an appropriate replacement provision that preserves the original bargain to the maximum extent possible.

If multiple provisions are found invalid, courts shall sever and/or modify provisions progressively, beginning with those least essential to the overall agreement structure, until the maximum permissible portion of these Terms can be preserved. The parties acknowledge that these Terms are carefully structured to address complex cybersecurity operations and that piecemeal severance may be necessary to preserve essential protections and obligations. All provisions relating to national security, classification, and government requirements shall be given maximum possible effect.

Waiver Provisions

No waiver of any provision of these Terms of Service shall be effective unless it is in writing and signed by an authorized representative of the party against whom enforcement is sought. All waivers must be specific, intentional, and clearly identify the provision being waived and the scope of such waiver. General waivers or waivers by implication are expressly prohibited and shall have no force or effect. The requirement for written waivers applies to all provisions including confidentiality obligations, security requirements, and limitation of liability provisions.

For government and defense contracts, waivers are subject to additional restrictions: (a) waivers of mandatory government clauses required by procurement regulations are prohibited; (b) waivers affecting national security interests or classification requirements require government approval; (c) waivers of sovereign immunity or government rights must be approved by appropriate authorities; (d) waivers of audit rights or oversight obligations are ineffective; and (e) any waiver that would violate applicable laws or regulations is null and void. Government entities retain all rights and remedies provided by law regardless of any attempted waiver.

No course of dealing, usage of trade, or failure to object to inconsistent terms shall be construed as a waiver of any provision of these Terms. The parties acknowledge that: (i) operational flexibility or accommodation in specific circumstances does not constitute general waiver; (ii) temporary non-enforcement does not affect future enforcement rights; (iii) partial enforcement does not waive rights regarding other breaches; and (iv) good faith efforts to resolve disputes do not constitute waiver of legal rights. All rights and remedies are cumulative and may be exercised separately or together.

The waiver of any particular provision on any particular occasion shall not: (a) affect the enforceability of such provision on any other occasion; (b) limit the right to enforce such provision in the future; (c) affect the enforceability of any other provision; or (d) create any estoppel or similar defense against future enforcement. Each instance of non-enforcement must be independently evaluated and expressly waived if such waiver is intended.

Any waiver granted may be: (1) limited to specific circumstances or time periods; (2) subject to conditions that must be satisfied to maintain effectiveness; (3) revocable upon breach of any condition or material change in circumstances; and (4) interpreted strictly according to its express terms. Waivers do not create any expectation of future waivers or modify the fundamental nature of these Terms. All provisions remain available for enforcement regardless of any prior waiver.

Assignment and Transfer

CypSec may assign, transfer, or delegate any or all of its rights and obligations under these Terms of Service to: (a) any affiliate, subsidiary, or successor entity within the CypSec corporate structure; (b) any entity that acquires substantially all of CypSec's assets or business operations; (c) any entity with which CypSec merges or consolidates; or (d) any entity to which CypSec transfers service operations, provided that such assignee agrees in writing to be bound by these Terms. Such assignments may occur without user consent but require written notice to affected users.

For government and defense contracts, assignment is subject to: (i) Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS) assignment clauses; (ii) government approval for novation agreements when required; (iii) security clearance transfer and facility clearance requirements; (iv) compliance with change of ownership notification requirements; and (v) continuation of performance obligations during transition periods. Government assignments require formal contract modification and approval by contracting officers.

Users may not assign, transfer, delegate, or sublicense any rights or obligations under these Terms without CypSec's prior written consent, which shall not be unreasonably withheld. Prohibited assignments include: (1) transfer to entities without appropriate security clearances or facility clearances; (2) assignment to competitors of CypSec as determined in CypSec's reasonable discretion; (3) transfer that would violate applicable export control or national security laws; (4) assignment in connection with any fraudulent or illegal transaction; and (5) any assignment that would materially impair CypSec's ability to perform its obligations.

CypSec's consent to user assignment may be conditioned upon: (a) demonstration of assignee's technical and financial capability to perform obligations; (b) provision of adequate assurance of future performance; (c) assignee's agreement to be bound by all Terms; (d) completion of security clearance and facility clearance transfers where applicable; (e) payment of reasonable administrative fees for assignment processing; and (f) execution of assignment and assumption agreements in form and substance satisfactory to CypSec. Consent must be obtained before any attempted assignment.

Any attempted assignment in violation of these provisions is null and void and constitutes a material breach of these Terms. Such violations entitle CypSec to: (i) immediate termination of services; (ii) pursuit of all available remedies for breach; (iii) injunctive relief to prevent unauthorized transfers; and (iv) recovery of damages resulting from the attempted assignment. Users remain jointly and severally liable for all obligations regardless of any attempted assignment.

These Terms are binding upon and inure to the benefit of the parties and their respective permitted successors and assigns. All references to parties shall include their successors and assigns where the context permits or requires. The provisions of these Terms are intended to be severable and shall survive any assignment or transfer to the maximum extent permitted by applicable law.

Contact and Communications

Users may contact CypSec through the following official channels: (a) primary business address as per CypSec's imprint; (b) customer support via email at contact@cypsec.ch for service-related inquiries; (c) legal department at legal@cypsec.ch for contractual matters and legal notices; and (d) emergency security contact for critical incidents using CypSec's contact form. All official communications must be directed to these designated channels to ensure proper handling and response.

For government entities and classified communications, CypSec maintains: (i) secure communication channels approved for appropriate classification levels; (ii) facility clearances and personnel clearances for handling controlled information; (iii) designated government contracting officers and program managers; (iv) secure facilities for in-person meetings and document exchanges; and (v) compliance with applicable security protocols for classified information handling. Government clients must use approved secure communication methods for all classified or sensitive information.

Users may establish communication preferences including: (1) primary language for communications (German, English, Russian, Spanish, Portuguese, or other agreed languages); (2) preferred contact methods (email, secure portal, telephone, or physical mail); (3) escalation procedures for urgent matters; (4) authorized representatives for receiving legal and contractual communications; and (5) specific requirements for handling confidential or proprietary information. All preferences must be documented through official account management channels.

Legal notices, contract modifications, termination notices, and other formal communications must be: (a) in writing and signed by authorized representatives; (b) delivered through approved channels with confirmation of receipt; (c) sent to the most current contact information on file; and (d) compliant with applicable service level agreements and response time requirements. Electronic communications are deemed received upon confirmation of delivery to the designated email addresses or secure portals.

Users must promptly notify CypSec of any changes to contact information, authorized representatives, or communication preferences. CypSec shall notify users of changes to its contact information through: (i) updates to official websites and customer portals; (ii) email notifications to registered users; (iii) incorporation into updated contract documents; and (iv) such other methods as may be required by applicable regulations. Failure to maintain current contact information does not invalidate properly delivered communications.

All users consent to service of legal process through the designated channels and acknowledge that proper service may be effected by: (1) personal delivery to the registered business address; (2) certified mail to the last known address; (3) electronic service via designated email addresses; or (4) such other methods as permitted by applicable law or court rules. Service is deemed effective upon confirmation of delivery regardless of actual receipt.