End User Platform Agreement

2.1Service Availability

CyberRank will provide purchased services as outlined in this Agreement and applicable Purchase orders. However, access may be temporarily unavailable due to:

• Scheduled maintenance (for which advance notice will be given), or
• External factors beyond CyberRank’s control, such as natural disasters, cyberattacks, or third-party service failures.

2.2Security Measures

CyberRank follows industry-standard security protocols and undergoes periodic audits. Any detected security breaches will be promptly reported to affected customers.

2.3Beta Services

Customers may be invited to test beta services at no charge. These features are not yet fully developed and may be modified or discontinued at CyberRank's discretion. Beta services are provided without warranties and may be subject to additional terms.

2.4Service Commitment

CyberRank is committed to ensuring high service availability and performance. While every effort is made to maintain continuous service uptime, interruptions may occur due to maintenance, unforeseen events, or circumstances beyond CyberRank's control.

2.5Standard Support

CyberRank provides standard support with commercially reasonable efforts for the Purchased Services to Customer at no additional charge. Customers can seek assistance for general inquiries, troubleshooting, and technical support during designated support hours via email and online resources.

2.6Premium Support

Customers requiring prioritized support, dedicated account management, or enhanced service-level guarantees may opt for premium support packages under a separate agreement. Specific terms, service scope, and costs for premium support will be detailed in a separate contract.

3.1Free Trial

Customers who register for a free trial or use free features of the services will have temporary access at no cost until either (a) the trial period ends, c) the obtained free credits are used or (c) the customer subscribes to a paid service. If the customer does not subscribe before the trial ends, any customer services data stored in CyberRank’s system may be permanently deleted. During the trial, services are provided “as-is” without warranties. CyberRank assumes no liability for any loss or damage related to the free trial.

3.2Subscriptions

Customers utilize services by expending credits throughout a one-year subscription period. At the conclusion of this period, any unused credits may become void and revoked without the possibility of a refund. If additional credits are purchased during an active Subscription Term, all remaining credits from the existing term will be extended for an additional 12 months. The subscription term begins on the date specified in the purchase order and continues for the agreed period. Subscriptions automatically renew for successive terms unless cancelled in accordance with this Agreement.

3.3Usage Limits

Service usage is subject to limitations, which may include, but are not limited to, the quantities specified in applicable purchase orders. Unless explicitly stated otherwise, the quantity referenced in a purchase order corresponds to Slots or Credits, as applicable. If the customer purchases additional credits, the contractual usage limit will automatically increase to reflect the revised number of Slots or Credits for the remainder of the Subscription Term and beyond, if applicable.

3.4Customer Responsibilities

The customer is responsible for:

• (a)Ensuring all Users comply with this Agreement and for all activities conducted through their use of the Services.
• (b)Maintaining the accuracy, legality, and validity of all Customer Services Data, including obtaining necessary consents or rights to process such data.
• (c)Preventing unauthorized access to or usage of the Services, including securing user credentials and immediately notifying CyberRank of any unauthorized access or suspected breaches.
• (d)Complying with the terms of service of any Non-CyberRank Applications that are integrated with CyberRank’s Services.

3.5Usage Restrictions

Customers may not:

• (a)Provide access to any Service to unauthorized individuals or entities.
• (b)Resell, license, sublicense, lease, rent, or otherwise distribute any portion of the Services, including reports or outputs generated through the platform.
• (c)Use the Services to transmit illegal, defamatory, infringing, or otherwise tortious content or material.
• (d)Introduce or distribute Malicious Code through the Services.
• (e)Use the Services in violation of applicable laws, regulations, or for fraudulent or harmful purposes.
• (f)Interfere with or degrade the integrity or performance of the Services.
• (g)Attempt unauthorized access to the Services or related systems.
• (h)Circumvent contractual usage limitations.
• (i)Publish, display, or copy any part of the Services, including reports and ratings, except as necessary for backup or disaster recovery purposes.
• (j)Remove or alter proprietary notices such as copyright or trademark information from materials obtained through the Services.
• (k)Frame or mirror any part of the Services unless strictly for internal business use.
• (l)Utilize the Services to develop a competing product or service.
• (m)Modify, reverse-engineer, disassemble, or otherwise tamper with CyberRank’s Services or website through manual or automated methods.

3.6Privacy

• Data Collection – CyberRank may collect personal information in connection with a customer’s use of the Services. The CyberRank Privacy Policy details the types of data collected, the purposes of collection, processing methods, and any third parties with whom such data may be shared.
• Customer Obligations – The customer affirms that they have adhered to all Applicable Data Privacy Laws concerning the collection and disclosure of personal information and that they are not relying on CyberRank to fulfill any of their compliance obligations.
• CyberRank Obligations –
  • (i)Such use is strictly for administrative purposes and general usage statistics.
  • (ii)The data does not identify the Customer, its representatives, customers, or employees.
  • (iii)Any public disclosure of aggregated data will be limited to overall trends across CyberRank’s customer base.

3.7Service Suspension

In cases where CyberRank identifies a violation of this Agreement by a User, it may request that the customer suspend that User’s access to the Services. If the customer does not comply, CyberRank reserves the right to suspend that User’s access directly. The suspension will remain in effect until the User has resolved the violation. In the event of a Disruption Event, CyberRank may impose an automatic suspension to prevent or mitigate harm. Such suspensions will be limited to the minimum scope and duration necessary to prevent or halt the disruption. If CyberRank suspends access without prior notice, it will provide the customer with an explanation as soon as reasonably possible upon request.

3.8Non-CyberRank Applications

• Third-Party Applications – CyberRank and third-party providers may offer additional products or services, including Non-CyberRank Applications and consulting services. If a customer chooses to use such Non-CyberRank Applications, all interactions between the customer and the external provider are independent of CyberRank. CyberRank neither guarantees nor supports Non-CyberRank Applications, regardless of whether they are designated or recommended by CyberRank.
• Customer Responsibility – The customer assumes full responsibility for reviewing and understanding any additional terms governing Non-CyberRank Applications, particularly concerning data collection, processing, and privacy practices. CyberRank does not control Non-CyberRank Applications and is not liable for any third-party products, services, websites, or content.

3.9Renewal and Cancellation

Customers may cancel their subscription by providing written notice at least 60 days before the renewal date. Failure to provide timely notice will result in automatic renewal for the next subscription period.

3.10Modification of Subscription

CyberRank reserves the right to update service offerings, pricing, and features at the time of renewal. Customers will be notified of any material changes in advance.

3.11Suspension or Termination

CyberRank may suspend or terminate a subscription if the customer violates any terms of this Agreement, fails to make timely payments, or engages in activities that disrupt CyberRank's infrastructure or security.

3.12Usage Tracking and Compliance

CyberRank reserves the right to monitor and track usage to ensure compliance with the agreed subscription terms. If a customer exceeds allocated limits or misuses the services, CyberRank may impose additional fees or restrict access.

5.1Reservation of Rights

Except for the limited rights expressly granted under this Agreement:

• (a)Except for the limited rights expressly granted under this Agreement, CyberRank retains all ownership, title, and interest in and to the Services, including all associated proprietary materials and intellectual property rights. The Customer does not acquire any rights to the Services, whether by implication or otherwise, beyond those explicitly granted herein.
• (b)The Customer retains full ownership, title, and interest in its Customer Services Data. However, CyberRank is permitted to use Customer Services Data to generate Generic Reports and as specified in Section 5.2.
• (c)CyberRank grants the Customer a non-exclusive right to use and publish only its own aggregated security and privacy ratings at its discretion. No additional rights are granted to the Customer beyond those expressly stated in this Agreement.

5.2CyberRank’s Right to Use Customer Services Data

The Customer grants CyberRank the right to process and use Customer Services Data, including cybersecurity and privacy ratings, in compliance with applicable laws for the following purposes:

• (a)To provide the Services as outlined in this Agreement and the Privacy Policy.
• (b)To communicate with vendors or contacts designated by the Customer.
• (c)To identify and resolve service or technical issues.
• (d)As explicitly authorized by the Customer.
• (e)As required by law.

5.3Customer’s License to Provide Feedback

The Customer grants CyberRank a worldwide, perpetual, irrevocable, transferable, and royalty-free license to use and incorporate into the Services any suggestions, recommendations, enhancements, or other feedback provided by the Customer or its Users, provided that CyberRank does not publicly attribute such feedback to the Customer without consent.

5.4Use of Customer Ratings for Marketing

The Customer grants CyberRank a royalty-free license to use and incorporate its cybersecurity and privacy ratings for marketing purposes, including publishing the ratings on CyberRank’s public website, provided that:

• (i)The Customer’s rating is at least a "B," or
• (ii)The Customer provides explicit consent to publicly disclose its rating.

6.1Definition of Confidential Information

"Confidential Information" refers to all information and materials disclosed by one party ("Disclosing Party") to the other party ("Receiving Party"), whether communicated orally or in writing, that is labeled as confidential or should reasonably be understood as confidential given its nature and the circumstances of disclosure. CyberRank’s Confidential Information includes the Services and any proprietary materials provided through the Services. The Customer’s Confidential Information includes Customer Services Data. Confidential Information of both parties also includes proprietary pricing information, business and marketing strategies, technology, technical specifications, product roadmaps, designs, and operational processes. However, Confidential Information does not include information that:

• (i)Becomes publicly known without any breach of obligation.
• (ii)Was already lawfully in the Receiving Party’s possession before disclosure.
• (iii)Is received from a third party without breach of obligation.
• (iv)Is independently developed by the Receiving Party without use of the Disclosing Party’s Confidential Information.
• (v)Was disclosed under Section 5.4.

6.2Protection of Confidential Information

The Receiving Party agrees to:

• (i)Employ the same level of care to protect the Disclosing Party’s Confidential Information as it does for its own confidential information, but no less than reasonable care.
• (ii)Use Confidential Information exclusively for purposes within the scope of this Agreement.
• (iii)Disclose Confidential Information only to employees, officers, advisors, contractors, and agents who require access for purposes aligned with this Agreement and who are bound by confidentiality obligations consistent with this Agreement.

6.3Compelled Disclosure

The Receiving Party may disclose Confidential Information when legally required by law, regulation, court order, or governmental authority, provided that it gives the Disclosing Party prior notice (unless prohibited by law) and reasonable assistance, at the Disclosing Party’s expense, to challenge or limit the disclosure. If disclosure is required as part of a legal proceeding where the Disclosing Party is a party and does not contest the disclosure, the Disclosing Party shall reimburse the Receiving Party for the reasonable costs of providing secure access to the information.

The Receiving Party may disclose Confidential Information when legally required by law, regulation, court order, or governmental authority, provided that it gives the Disclosing Party prior notice (unless prohibited by law) and reasonable assistance, at the Disclosing Party’s expense, to challenge or limit the disclosure. If disclosure is required as part of a legal proceeding where the Disclosing Party is a party and does not contest the disclosure, the Disclosing Party shall reimburse the Receiving Party for the reasonable costs of providing secure access to the information.

7.1Representations

Each party represents that it has the legal authority to enter into this Agreement and perform its obligations hereunder.

7.2CyberRank's Warranties

CyberRank warrants that:

• (a)The Purchased Services will perform materially in accordance with the specifications detailed in the Documentation.
• (b)Any Professional Services provided will be performed in a competent and professional manner.
• (c)CyberRank has taken commercially reasonable measures to prevent the introduction of Malicious Code into the Services.

In the event of a breach of the above warranties, the Customer’s exclusive remedy shall be as specified in Sections 12.3 (Termination) and 12.4 (Refund or Payment upon Termination).

7.3Mutual Warranties

Both parties warrant that they will comply with all applicable laws and regulations concerning the provision and use of the Services, including data security and breach notification laws.

8.1Indemnification by CyberRank

CyberRank shall defend the Customer against any third-party claims alleging that the Customer’s use of a Purchased Service under this Agreement infringes or misappropriates intellectual property rights ("Claim Against Customer"), provided that the Customer:

• (a)Promptly notifies CyberRank in writing of the claim.
• (b)Grants CyberRank full control over the defense and settlement.
• (c)Provides reasonable assistance.

If an infringement or misappropriation claim arises, CyberRank may:

• (i)Modify the Services to eliminate infringement without reducing functionality.
• (ii)Obtain a license allowing continued use of the Services.
• (iii)Terminate the affected Services upon 30 days’ written notice and provide a refund for prepaid, unused services.

CyberRank’s indemnification obligations do not apply if the claim results from:

• (i)A Non-CyberRank Application.
• (ii)The Customer’s breach of this Agreement.
• (iii)Negligence, recklessness, or willful misconduct by the Customer.
• (iv)The combination of Services with unauthorized products or data.
• (v)Modifications made by the Customer or unauthorized third parties.

8.2Indemnification by Customer

The Customer shall defend CyberRank against any third-party claims alleging that Customer Services Data, or use of the Services in breach of this Agreement, infringes intellectual property rights ("Claim Against CyberRank"). The Customer shall indemnify CyberRank for damages, attorney fees, and costs awarded under a court-approved settlement, provided that CyberRank:

• (a)Promptly notifies the Customer in writing of the claim.
• (b)Grants the Customer full control over the defense and settlement (except that the Customer cannot settle a claim without unconditionally releasing CyberRank of liability).
• (c)Provides reasonable assistance at the Customer’s expense.

The above obligations do not apply to claims arising from CyberRank’s breach of this Agreement or CyberRank’s own negligence, recklessness, or willful misconduct.

8.3Exclusive Remedy

This section provides the exclusive indemnification remedies for both parties regarding claims covered under this Agreement.

10.1Manner of Giving Notice

All notices, consents, and approvals under this Agreement must be in writing and shall be deemed given:

• (i)Upon personal delivery.
• (ii)Two business days after mailing.
• (iii)Two business days after confirmed facsimile transmission.
• (iv)One business day after email transmission (excluding indemnification notices).

10.2Governing Law and Jurisdiction

This Agreement shall be governed by and interpreted under the laws of New Zealand, without regard to conflict-of-law principles. All disputes shall be subject to the exclusive jurisdiction of the courts located in New Zealand, and both parties waive objections to venue.

11.1Entire Agreement and Order of Precedence

This Agreement, including all Purchase Orders, constitutes the complete understanding between the parties and supersedes any prior agreements or representations. Any conflicting terms in Customer-issued documents, such as purchase orders, shall be void. In case of a conflict, the order of precedence is:

• The applicable Purchase Order.
• This Agreement.
• The Documentation.

11.2Assignment

Neither party may assign this Agreement without prior written consent, except in cases of merger, acquisition, or sale of substantially all assets. However, if a party is acquired by a direct competitor of the other party, the other party may terminate the Agreement with written notice.

11.3Relationship of the Parties

The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship.

11.4Third-Party Beneficiaries

This Agreement does not create any third-party beneficiary rights.

11.5Waiver

Failure to enforce any provision of this Agreement shall not constitute a waiver of that provision.

11.6Severability

If any provision is deemed invalid, the remaining provisions shall continue in effect.

11.7Headings

Section headings are for reference only and do not affect interpretation.

11.8Equitable Relief

Each party may seek equitable relief to prevent unauthorized use of its intellectual property.

11.9Force Majeure

Neither party is liable for delays or failures due to causes beyond reasonable control, including natural disasters, terrorism, labor disruptions, and internet failures.

11.10Jury Trial Waiver

EACH PARTY WAIVES ITS RIGHT TO A JURY TRIAL FOR CLAIMS ARISING FROM THIS AGREEMENT. BOTH PARTIES ACKNOWLEDGE THAT THIS WAIVER HAS BEEN DISCUSSED AND KNOWINGLY AGREED TO.