Terms of Service

Welcome to SignumCyber (“Company,” “we,” “us,” or “our”). These Terms of Service (“Terms”) govern your use of our website located at www.signumcyber.com (the “Site”), as well as the SignumCyber cybersecurity risk assessment platform and any related products or services we offer (collectively, the “Services”). By executing a subscription agreement, accepting access to the platform, or otherwise using our Services, you agree to be bound by these Terms. If you do not agree, please discontinue use of our Services.

1. Eligibility & Accounts

Eligibility

You must be at least 18 years old and authorized to act on behalf of your organization to use our Services. By accessing or using our Services, you represent that you meet these requirements.

Account Provisioning

Platform access is not self-service. Upon execution of a subscription agreement and receipt of payment, SignumCyber will provision your account and provide access credentials. You agree to provide accurate, current, and complete information as requested during the onboarding process and to update such information as necessary.

Account Security

You are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account. You must notify us immediately if you suspect unauthorized use of your account. SignumCyber is not liable for any loss arising from unauthorized access to your account resulting from your failure to safeguard your credentials.

Authorized Users

Your subscription may permit multiple authorized users within your organization. You are responsible for ensuring that all authorized users comply with these Terms. You may not share login credentials between individuals or allow access by persons outside your organization without our prior written consent.

2. Description of Services

SignumCyber provides a subscription-based cybersecurity risk assessment and security posture management platform. The Services include, but are not limited to, the following capabilities:

• Technology-enabled cybersecurity assessments aligned with industry frameworks
• Risk analysis, scoring, and prioritized recommendations
• Cybersecurity plan creation and implementation tracking
• Recommendation completion tracking with estimated and realized impact metrics
• Report generation and export capabilities
• Project management features to drive security posture improvements within your organization
• Ongoing platform updates including new assessment questions, updated recommendations, revised scoring, and framework alignment updates

You acknowledge and agree that:

User-Provided Data

Our analysis, recommendations, risk scores, and assessments depend on the accuracy and completeness of the information you provide. We cannot verify or guarantee the truthfulness of your responses. Inaccurate or incomplete inputs will affect the quality and reliability of outputs.

Guidance & Recommendations

Any recommendations, criticality scores, risk levels, estimated impacts, or implementation guidance we provide are directional in nature and serve as general informational guidance only. These outputs are designed to help inform your cybersecurity decision-making but do not constitute professional cybersecurity consulting, legal advice, or a guarantee of any particular security outcome. Actual risk can vary significantly based on your unique circumstances, threat environment, and how you implement any recommended measures.

No Guarantee of Security

Use of our Services does not guarantee that you will avoid cybersecurity breaches, incidents, or regulatory penalties. You remain solely responsible for selecting and implementing security measures appropriate for your organization. SignumCyber is a tool to support your cybersecurity program, not a replacement for professional judgment or comprehensive security operations.

3. Subscription Terms

Subscription Model

Access to the SignumCyber platform is provided on an annual subscription basis. All subscriptions have a minimum term of one (1) year from the subscription start date (“Subscription Term”).

Subscription Fees

Fees for each Subscription Term will be set forth in your subscription agreement or order form. Subscriptions may be offered at discounted rates when paid in advance for the full Subscription Term or longer periods. All payments are processed through traditional banking channels (wire transfer, ACH, or similar bank-to-bank methods). SignumCyber does not accept online payments or process credit card transactions. Specific pricing, discount structures, and payment schedules will be documented in your subscription agreement.

Minimum Commitment

Due to the nature of our Services—which provide ongoing access to assessments, recommendations, scoring, implementation tracking, reporting, and project management tools throughout the Subscription Term—all subscriptions require a minimum one-year commitment. Early termination does not entitle you to a refund of fees already paid or relieve you of the obligation to pay fees for the remainder of the Subscription Term, except as expressly provided in these Terms.

Renewal

Subscriptions will renew automatically for successive one-year terms at the then-current subscription rate unless either party provides written notice of non-renewal at least thirty (30) days before the end of the current Subscription Term. We will provide you with notice of any pricing changes at least sixty (60) days before your renewal date.

Refund Policy

Due to the comprehensive nature of our platform—which delivers immediate access to assessments, scoring, recommendations, and reporting upon account provisioning—refunds are generally not available after your account has been activated. If you have not accessed the platform or used any assessment functionality within ten (10) calendar days of account provisioning, you may request a full refund by contacting legal@signumcyber.com. Refund requests are evaluated at our discretion. No refunds will be issued for partial subscription periods or early termination after the 10-day window.

4. Platform Updates & Service Commitments

Ongoing Updates

As part of your subscription, SignumCyber commits to providing platform updates at least twice per year. These updates may include new or revised assessment questions, updated recommendations, recalibrated scoring, and alignment with changes to applicable cybersecurity frameworks and industry standards.

Framework Currency

SignumCyber maintains alignment with applicable cybersecurity frameworks and adapts the platform’s recommendations, scoring, and assessment content to reflect changes in technology, threat landscape, regulatory requirements, and framework revisions. We do not guarantee that framework updates will be incorporated within any specific timeframe following their publication, but we will make commercially reasonable efforts to keep the platform current.

Service Availability

We will use commercially reasonable efforts to maintain platform availability. Scheduled maintenance will be communicated in advance. We do not guarantee uninterrupted or error-free operation of the Services.

Modifications to Services

We reserve the right to modify, enhance, or discontinue features of the Services at any time. We will provide reasonable notice of material changes. If a modification materially diminishes the core functionality of the Services during your Subscription Term, you may terminate your subscription and receive a prorated refund for the unused portion of your then-current Subscription Term.

5. User Content & Data Ownership

Your Data

All data, information, and materials you provide through the Services—including questionnaire responses, assessment inputs, plan configurations, and implementation tracking data—remain your property (“Your Data”). You grant SignumCyber a limited, non-exclusive, non-transferable, royalty-free license to use Your Data solely to provide, maintain, and improve the Services during your active subscription. This license terminates upon the effective deletion of Your Data following account termination (see Account Termination & Data Handling below).

Platform Outputs

Reports, scores, recommendations, impact estimates, and other outputs generated by the platform based on Your Data (“Platform Outputs”) are provided for your internal business use. You may share Platform Outputs within your organization and with your advisors, auditors, or regulators as needed for your cybersecurity program. You may not resell, redistribute, or commercially exploit Platform Outputs as a standalone product or service.

Testimonials

You may voluntarily provide testimonials, feedback, or reviews. By submitting a testimonial, you grant us the right to display, edit, publish, or otherwise use your testimonial (including your name and/or company name) on our Site or in marketing materials. To remove or update a published testimonial, contact legal@signumcyber.com.

Data Portability

During your active subscription, you may export Your Data and Platform Outputs using the platform’s report generation and export features. Upon account termination, data export is available during the 90-day grace period described under Account Termination & Data Handling below.

6. Confidentiality & Data Protection

Private Information

Your questionnaire responses, assessment data, cybersecurity plans, implementation tracking, and other data you upload or generate through the Services are treated as confidential within our systems and are not displayed publicly or shared with other customers.

Security Measures

We implement industry-standard security measures to protect Your Data, including encryption in transit and at rest, access controls, and regular security monitoring. Our security practices are described in our Minimum Security Standards, available upon request. While we use commercially reasonable security practices, no system is completely secure and we cannot guarantee absolute security of your data.

Public Information

Certain features, such as testimonials or user-submitted stories, may be displayed publicly if you opt to make them public. You are solely responsible for the content you choose to share publicly.

Privacy Policy

Our collection, use, and protection of personal information is governed by our Privacy Policy. By using our Services, you acknowledge that you have read and understood our Privacy Policy.

7. Anonymized & Aggregated Data

Collection

We reserve the right to collect and aggregate non-personal information or de-identify personal information so that it no longer reasonably identifies you or your organization (“Anonymized Data”).

Use

We may use, license, and distribute Anonymized Data for legitimate business purposes, including research, industry benchmarking, analytics, product development, and publication of cybersecurity readiness metrics. For example, we may compile industry-wide cybersecurity posture insights derived from aggregated user data.

No Personal Identification

Anonymized Data will not contain your name, contact information, or other identifiers that can directly link the data to you or your organization.

8. Acceptable Use

You agree not to:

1. Use the Services for any unlawful purpose or in violation of any applicable laws.
2. Upload or transmit any virus, malware, or malicious code.
3. Harass, threaten, or defame any individual or entity, or engage in hate speech or discriminatory behavior.
4. Attempt to gain unauthorized access to our systems or other users’ accounts.
5. Interfere with or disrupt the operation or security of the Services.
6. Copy, reproduce, scrape, or systematically extract platform content, assessment questions, recommendations, scoring methodologies, or framework content for use outside the platform or to create a competing product or service.
7. Share login credentials with unauthorized individuals or allow access to persons outside your organization without prior written consent.
8. Misrepresent Platform Outputs as constituting a professional security audit, certification, or compliance attestation.

9. Intellectual Property

Platform Ownership

The SignumCyber platform, including all assessment content, questions, scoring methodologies, recommendation engines, framework mappings, user interface designs, and underlying technology, is and remains the exclusive property of SignumCyber and is protected by applicable intellectual property laws. Your subscription grants you a limited, non-exclusive, non-transferable right to access and use the platform during your Subscription Term.

Restrictions

You may not copy, modify, reverse engineer, decompile, disassemble, or create derivative works based on the platform or any of its components. You may not remove or alter any proprietary notices, trademarks, or branding from the platform or Platform Outputs.

Feedback

If you provide suggestions, ideas, or feedback regarding the Services, you grant us an unrestricted, irrevocable, royalty-free license to use and incorporate such feedback without obligation to you.

10. Marketing & Communications

Service Communications

By using our Services, you consent to receive transactional communications related to your subscription, including service updates, platform update notifications, security notices, and account-related messages. These communications are part of the Service and cannot be opted out of while your subscription is active.

Marketing Communications

We may send promotional materials, product announcements, and newsletters. You may opt out of marketing communications by following the unsubscribe link in the email or contacting legal@signumcyber.com. Opting out of marketing communications does not affect transactional communications.

Advertising

We may use aggregated, de-identified information to optimize our marketing campaigns and measure effectiveness. We will not share your personally identifiable data with third-party advertisers without your explicit consent.

11. Disclaimers

As-Is & As-Available

The Services (including all assessments, analysis, dashboards, scores, recommendations, impact estimates, and project management tools) are provided on an “as is” and “as available” basis.

No Warranty

To the fullest extent permitted by law, SignumCyber disclaims all warranties, whether express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement.

Cybersecurity Incident Disclaimer

You acknowledge that no risk assessment, recommendation, cybersecurity plan, or implementation tracking can guarantee immunity from cyber threats or breaches. SignumCyber shall not be liable for any data breach, cyberattack, or other unauthorized access to your systems, even if our Services, recommendations, or suggested measures are used or followed.

Score and Impact Accuracy

Risk scores, estimated impacts, and realized impact calculations are based on the data you provide and our scoring methodology. These figures are approximations intended to inform your decision-making and are not guarantees of actual risk reduction or security improvement.

12. Account Termination & Data Handling

Termination by You

You may elect not to renew your subscription by providing written notice at least thirty (30) days before the end of your current Subscription Term. Your access will continue through the end of the paid Subscription Term. Mid-term cancellation requests will be evaluated on a case-by-case basis; no refunds are guaranteed for mid-term cancellations.

Termination by Us

We may suspend or terminate your access to the Services, with or without notice, for material violations of these Terms, suspected illegal activity, non-payment of subscription fees, or any other reason that we determine in good faith requires termination. If we terminate for convenience (not for cause), we will provide a prorated refund for the unused portion of your Subscription Term.

Effect of Termination

Upon termination or expiration of your subscription, your right to access the platform ceases at the end of the Subscription Term. We will maintain Your Data for a 90-day grace period during which you may request data export or account reactivation. After the 90-day grace period, Your Data will be permanently deleted from our production systems in accordance with our data retention policies. Provisions regarding intellectual property, limitation of liability, indemnification, confidentiality obligations, and dispute resolution shall survive termination.

Data Deletion

Following the 90-day grace period, deletion of Your Data is permanent and irreversible at the application level. Certain data may be retained as required by law (such as billing records for tax compliance) or as necessary for our legitimate business interests (such as minimal account metadata for legal compliance).

13. Limitation of Liability

Cap on Liability

To the fullest extent permitted by law, SignumCyber’s total cumulative liability to you for any and all claims arising out of or related to these Terms or your use of the Services shall not exceed the total subscription fees actually paid by you to SignumCyber during the twelve (12) months immediately preceding the event giving rise to the claim.

Exclusion of Consequential Damages

In no event shall SignumCyber (including its affiliates, officers, directors, employees, and agents) be liable for any indirect, incidental, consequential, special, exemplary, or punitive damages, or for any loss of profits, revenues, data, business opportunities, or goodwill, regardless of the theory of liability (contract, tort, negligence, strict liability, or otherwise) and regardless of whether SignumCyber has been advised of the possibility of such damages.

Essential Purpose

You acknowledge that these limitations reflect a reasonable allocation of risk and are a fundamental part of the basis of the bargain between you and SignumCyber. The Services would not be provided without these limitations.

14. Indemnification

You agree to defend, indemnify, and hold harmless SignumCyber, its affiliates, officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising out of or related to:

1. Your use or misuse of the Services;
2. Any violation of these Terms;
3. Any inaccurate or misleading information you provide;
4. Your breach of any applicable laws or regulations;
5. Any claim by a third party arising from your use of Platform Outputs or reliance on our recommendations.

15. Governing Law & Dispute Resolution

These Terms and any disputes arising from or related to them are governed by the laws of the State of Utah, without regard to conflict-of-laws principles.

Mandatory Mediation

Any dispute must first be submitted to mandatory mediation in the State of Utah. Each party will bear its own costs of mediation.

Further Proceedings

If mediation fails to resolve the dispute within sixty (60) days, either party may seek relief in a court of competent jurisdiction located in Utah.

16. Changes to the Terms

We reserve the right to modify these Terms at any time. If we make material changes, we will provide at least thirty (30) days’ notice by posting updated Terms on the Site, sending email notification, or providing in-app notification. By continuing to use the Services after the effective date of any changes, you agree to be bound by the revised Terms. If you do not agree to the revised Terms, you may terminate your subscription in accordance with the Account Termination & Data Handling section above.

17. Miscellaneous

Entire Agreement

These Terms, together with the Privacy Policy and any applicable subscription agreement or order form, constitute the entire agreement between you and SignumCyber regarding the Services and supersede all prior agreements and understandings.

Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect.

Waiver

Our failure to enforce any provision of these Terms shall not be deemed a waiver of that provision or any other provision.

Assignment

You may not assign or transfer your rights under these Terms without our prior written consent. We may assign our rights and obligations under these Terms in connection with a merger, acquisition, or sale of all or substantially all of our assets.

Force Majeure

Neither party shall be liable for delays or failures in performance resulting from circumstances beyond its reasonable control, including but not limited to natural disasters, acts of government, internet or infrastructure failures, cyberattacks on third-party providers, pandemics, or other force majeure events.

18. Contact Us

If you have any questions or concerns regarding these Terms, please contact us at:

Email: legal@signumcyber.com