2. Ownership and Use

Cy4Prop owns and retains all right, title, and interest in and to its systems, hardware (including the sensor), software, and all related intellectual property. The Services are provided to Customers on a subscription basis and include access to Deliverables, not to the underlying tools or software.

Customers may not request, access, or replicate Cy4Prop’s internal tools or infrastructure, including the sensor. Deliverables are provided for the Customer’s internal business use only.

3. License Grant

Cy4Prop grants the Customer a limited, non-exclusive, non-transferable license to access and use the Deliverables solely for their internal cybersecurity and risk management purposes, in accordance with this Agreement.

4. Restrictions

Except as explicitly permitted in this Agreement, the Customer shall not:

• Attempt to access, replicate, reverse-engineer, or decompile any internal tools, including the sensor hardware or software used by Cy4Prop.
• Sell, license, transfer, or distribute the Deliverables to third parties.
• Use the Deliverables to provide competing cybersecurity services.
• Alter or remove any proprietary notices included in the Deliverables.
• Use the Services in violation of applicable law or to infringe any third party’s rights.

5. Confidentiality

All non-public business, technical, or financial information disclosed by Cy4Prop to the Customer, including the Deliverables, shall be deemed confidential. The Customer agrees not to disclose such information to third parties or use it for any purpose outside the scope of this Agreement.

6. Customer Data and Anonymized Use

Customer Data remains the property of the Customer. Cy4Prop may:

• Use Customer Data as necessary to perform its obligations under this Agreement.
• Generate and use Anonymized Information derived from Customer Data for internal improvement, benchmarking, analytics, and development of new products and services.
• Share aggregated Anonymized Information with third parties for research or marketing purposes.

Cy4Prop will not disclose identifiable Customer Data to third parties without the Customer’s consent.

7. Representations and Warranties

The Customer represents that:

• It has obtained all necessary consents and provided all required notices regarding the collection and use of any Customer Data.
• Its use of the Services will comply with applicable law and this Agreement.
• Only authorized personnel will access the Deliverables.

8. Disclaimer of Warranties

THE SERVICES AND DELIVERABLES ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. CY4PROP DISCLAIMS ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. NO GUARANTEE IS MADE THAT THE SERVICES WILL IDENTIFY OR PREVENT ALL CYBERSECURITY THREATS OR VULNERABILITIES.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, CY4PROP SHALL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING FROM THIS AGREEMENT OR THE USE OF THE SERVICES. IN NO EVENT SHALL CY4PROP’S AGGREGATE LIABILITY EXCEED THE FEES PAID BY THE CUSTOMER IN THE THREE (3) MONTHS PRIOR TO THE EVENT GIVING RISE TO THE CLAIM.

10. Indemnification

The Customer agrees to indemnify and hold harmless Cy4Prop from any third-party claims, damages, or expenses arising from:

• The Customer’s use of the Services or Deliverables;
• Any breach of this Agreement; or
• The violation of any applicable law by the Customer or its personnel.

11. Suspension and Termination

Cy4Prop may suspend or terminate access to the Services if:

• The Customer breaches this Agreement;
• The Customer’s use poses a threat to Cy4Prop systems;
• Cy4Prop is required to comply with legal or regulatory obligations;
• The Customer ceases to conduct business in the ordinary course.

Upon termination, the Customer must discontinue use of the Deliverables. Any amounts owing to Cy4Prop will become immediately due.

12. Export Control

The Customer agrees to comply with all applicable export control laws and regulations and will not export or re-export the Deliverables or any component thereof in violation of those laws.

13. Client Responsibilities and Service Limitations

A. Client Responsibilities

The Customer shall:

• Designate a primary contact to communicate with Cy4Prop and receive Deliverables.
• Provide timely and accurate data and organizational context as requested.
• Maintain internal cybersecurity controls and protocols.
• Notify Cy4Prop of changes or incidents that may affect service accuracy.
• Use Deliverables internally and not as a substitute for comprehensive cybersecurity programs.
• Ensure compliance with all applicable laws, including data privacy regulations.

B. Service Limitations

• Cy4Prop does not provide vulnerability remediation or incident response unless separately contracted.
• The sensor used to generate reports is owned and operated solely by Cy4Prop.
• Deliverables are advisory and not a substitute for formal technical or legal advice.
• The accuracy of reports depends on available data.
• Cy4Prop does not guarantee the detection or prevention of all cyber threats.
• Temporary service disruptions may occur due to maintenance or other events.

14. Dispute Resolution

This Agreement shall be governed by the laws of the Province of Ontario. Any disputes arising under this Agreement shall be resolved through binding arbitration in Toronto, Ontario, under the Arbitration Act (Ontario), with one arbitrator. Each party submits to the jurisdiction of Ontario courts for injunctive relief or enforcement of an arbitration award.

15. Miscellaneous

The Customer shall:

• This Agreement constitutes the entire agreement between the parties.
• Modifications must be in writing and signed by both parties.
• The Customer may not assign this Agreement without Cy4Prop’s consent.
• Sections regarding ownership, confidentiality, data use, warranties, liabilities, and dispute resolution survive termination.

16. Contact Information

Cy4Prop Cybersecurity Inc.
Email: legal@cy4prop.com