cybermata

CYBERMATA TERMS OF SERVICE

CYBERMATA TERMS OF SERVICE

Last Updated: February 19, 2024

1. Acceptance of Terms

By accessing or using Cybermata's cloud security posture management services ("Service"), you agree to be bound by these Terms of Service ("Terms"). The Service analyzes and secures cloud infrastructure (AWS, Azure, GCP, Kubernetes) and connected code repositories (GitHub, GitLab, Bitbucket, Azure DevOps) via automation. If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization to these Terms.

2. Service Overview

  • Cloud-Native Security Platform: The Service is a 100% cloud-based platform hosted in US data centers compliant with SOC 2, ISO 27001, and industry standards.
  • Unified Security Solution: The Service integrates compliance automation, vulnerability management, and security monitoring into a single platform designed for resource-constrained teams.
  • Automation: Security workflows (e.g., drift remediation, compliance checks, questionnaire responses) are executed at your direction. You retain complete control over deployments and remediation actions.
  • AI-Assisted Compliance: The Service leverages artificial intelligence to streamline SOC 2 and ISO 27001 compliance processes, reducing manual overhead.
  • Data Access: You grant Cybermata read-only API access to your cloud accounts and repositories solely for the purpose of delivering the Service. We maintain least-privilege access principles.

3. Your Responsibilities

  • Authorization: You warrant that you own or have proper rights to all monitored cloud accounts and repositories.
  • Account Security: You are responsible for maintaining the security of your Cybermata account credentials and your cloud provider credentials, IAM roles, and source code security.
  • Appropriate Configuration: You are responsible for properly configuring the Service according to your specific security requirements.
  • Compliance: You agree to use the Service in accordance with applicable laws (e.g., GDPR, CCPA, HIPAA) and third-party terms (AWS/Azure/GCP etc.).
  • Resource Allocation: You are responsible for allocating sufficient resources to address security findings identified by the Service.

4. Data Processing & Security

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • No PII Storage: Cybermata minimizes data collection and does not intentionally process or store your customers' personally identifiable information (PII).
  • Data Retention: Configuration data and security findings are retained only as long as necessary to provide the Service.
  • Incident Response: Cybermata will notify you of confirmed data breaches impacting your account within 72 hours and provide mitigation guidance.
  • Access Controls: Cybermata implements role-based access controls, regular security reviews, and follows the principle of least privilege for all internal systems.
  • Continuous Monitoring: Cybermata's systems are continuously monitored for security threats and vulnerabilities.

5. Intellectual Property

  • Your Data: You retain ownership of all cloud configurations, code, and logs analyzed by the Service.
  • Cybermata IP: The Service, including its algorithms, dashboards, workflows, and documentation are Cybermata's property or licensed to Cybermata.
  • Benchmarking: You authorize Cybermata to use anonymized and aggregated data to improve the Service and provide industry benchmarks.
  • Feedback: Suggestions and feedback submitted become Cybermata's property without any obligation of compensation.

6. Subscription and Billing

  • Subscription Tiers: The Service is offered in tiered subscription plans based on infrastructure size and feature requirements.
  • Payment Terms: Subscriptions are billed monthly or annually, with payment due within 30 days of invoice.
  • Price Changes: Cybermata reserves the right to modify pricing with 60 days' notice for existing customers.
  • Refunds: No refunds are available for partial subscription periods.

7. Service Level Agreement

  • Uptime Commitment: Cybermata targets 99.9% uptime, excluding scheduled maintenance.
  • Maintenance Windows: Scheduled maintenance will be communicated at least 48 hours in advance.
  • Support Response: Cybermata will respond to critical security issues within 4 business hours and non-critical issues within 1 business day.

8. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." CYBERMATA EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CYBERMATA DOES NOT GUARANTEE THE PREVENTION OF SECURITY INCIDENTS OR COMPLIANCE WITH ALL APPLICABLE LAWS AND STANDARDS. THE SERVICE IS A TOOL TO ASSIST YOUR SECURITY EFFORTS, NOT A REPLACEMENT FOR PROPER SECURITY PRACTICES.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CYBERMATA'S TOTAL LIABILITY FOR ALL CLAIMS RELATED TO THE SERVICE SHALL BE LIMITED TO THE AMOUNT PAID BY YOU FOR THE SERVICE IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM. IN NO EVENT SHALL CYBERMATA BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION.

10. Indemnification

You agree to indemnify and hold harmless Cybermata from any claims, damages, liabilities, costs, and expenses (including reasonable attorney's fees) arising from your use of the Service, your violation of these Terms, or your infringement of any third-party rights.

11. Termination

  • Term: The subscription term begins on the date you first access the Service and continues until terminated.
  • Termination by You: You may terminate your subscription with 30 days' written notice.
  • Termination by Cybermata: Cybermata may terminate or suspend your access for: (1) material breach of these Terms, (2) suspected abuse or security risks, or (3) extended non-payment.
  • Effect of Termination: Upon termination, your right to access the Service will cease immediately. Cybermata will delete your data within 60 days of termination, except as required by law.

12. Confidentiality

Each party agrees to protect the other's confidential information with the same degree of care it uses to protect its own confidential information, but no less than reasonable care. Confidential information includes security findings, account information, and proprietary technology details.

13. Compliance Assistance

Cybermata provides tools to assist with compliance frameworks but does not guarantee compliance certification. You remain responsible for maintaining compliance with applicable regulations and standards.

14. Updates to Terms

Cybermata may update these Terms from time to time. Material changes will be communicated at least 30 days before taking effect. Your continued use of the Service after changes take effect constitutes acceptance of the revised Terms.

15. Governing Law

These Terms shall be governed by the laws of the State of Delaware, without regard to its conflict of law principles. Any disputes shall be resolved exclusively in the state or federal courts located in Delaware.

16. General Provisions

  • Assignment: You may not assign these Terms without Cybermata's prior written consent.
  • Force Majeure: Neither party shall be liable for failures due to circumstances beyond reasonable control.
  • Severability: If any provision is found unenforceable, the remaining provisions remain in effect.
  • Entire Agreement: These Terms constitute the entire agreement between you and Cybermata regarding the Service.

17. Contact Information

For questions about these Terms, contact legal@cybermata.com. For support issues, contact support@cybermata.com.