Skip to content

User Agreement

This End User Agreement outlines the terms and conditions governing your use of the services provided by CybaVerse LTD (hereinafter referred to as “CybaVerse,” “we,” or “us”).

Between

(1) CybaVerse LTD with registered office at First Floor, 1-3 South Street, Chichester, West Sussex, PO19 1EH and registered number 11537535 (“Cybaverse”); and

(2) The Customer as identified in the Order (“Customer”)

Background

A. CybaVerse has developed specialised digital cyber security software tools, accessible to its clients through a Software as a Service (SaaS) model. This enables customers to manage their cyber security through an online management system.

B. The Customer intends to utilise CybaVerse’s offerings for its organisational needs.

C. CybaVerse agrees to provide its services, and the Customer commits to accepting and paying for these services in accordance with the terms outlined in this Agreement.

1. Definitions and Interpretation

In this Agreement, the following terminologies will possess the subsequent interpretations:

a) “CybaVerse Dashboard” which signifies the online interface (as may be updated by CybaVerse periodically) through which the Customer and Customer Users can manage their cyber security.

b) "Platform" refers to the complete CybaVerse software framework, which includes the CybaVerse Dashboard. This infrastructure facilitates the delivery of services and encompasses all versions, updates, enhancements, tools, methods, models, expertise, code, functionalities, and other elements created or owned by CybaVerse.

2. Detailed Service Provision

2.1 Upon CybaVerse's confirmation of a relevant order and receipt of the appropriate fees in line with the payment terms, and provided the Customer complies with the conditions of the chosen Plan and this Agreement's terms, CybaVerse pledges to provide the Customer with the designated Services.

3. Customer Accountabilities

3.1 The Customer authorises CybaVerse to access its digital systems and networks, including Target Systems and any software or data within these frameworks, for purposes consistent with the Computer Misuse Act 1990 and its subsequent amendments. The Customer also confirms its ongoing right throughout the duration of this Agreement to grant such access.

4. Intellectual Property Rights and Copyright

4.1 All intellectual property rights in the Service, including software, design, text, images, and data, are the property of CybaVerse Ltd or its licensors. This includes, but is not limited to, copyright, trademarks, patents, trade secrets, and other proprietary rights. Users are granted a limited, non-exclusive, non-transferable license to use the Service in accordance with this Agreement. Any unauthorized use, reproduction, modification, or distribution of the Service or its content is strictly prohibited and may result in legal action.

5. Confidentiality

5.1 Both parties are obligated to maintain the confidentiality of each other's confidential information acquired through this Agreement. This information must not be used or disclosed except for Agreement-related purposes or with written consent. Any disclosure to employees, agents, or consultants must be under similar confidentiality obligations. Each party must ensure compliance by these individuals, remaining accountable for any breaches.

5.2 Confidentiality obligations do not apply to information that is publicly available, pre-existing without confidentiality constraints, independently received, or legally mandated to be disclosed.

5.2.1 is in, or has become part of, the public domain other than as a result of a breach of the obligations of confidentiality under this Agreement; or

5.2.2 was in its written records prior to the date of this Agreement and not subject to any confidentiality obligations; or

5.2.3 was independently disclosed to it by a third party entitled to disclose the same; or

5.2.4 is required to be disclosed under any applicable law, or by order of a court or governmental body or authority of competent jurisdiction

5.3 The Customer must ensure that its users adhere to these confidentiality obligations.

5.4 The confidentiality obligations persist even after the Agreement's termination.

6. Warranties And Indemnities

6.1 CybaVerse warrants that:

6.1.1 the Service shall comply in all material respects with the Service Specification and shall be provided with all reasonable skill and care and good industry practice.

6.1.2 it has full right, power and authority to enter into this Agreement; and

6.1.3 Save as expressly set out here, any other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this Agreement whether by statute, common law or otherwise, are hereby excluded to the fullest extent permitted by law, including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality and fitness for purpose.

6.2 The Customer warrants that:

6.2.1 It, and its representative signing up to the Agreement, has full right, power and authority to enter into this Agreement;

6.2.2 it has all the rights, licenses, permits, approvals and clearance of third party rights as required by applicable laws and as are necessary to perform its obligations and allow CybaVerse to perform its obligations under this Agreement;

6.3 Cybaverse will indemnify the Customer from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the Customer payable in relation to any third party claims or actions as a result of or in connection with any breach by CybaVerse.

6.4 The Customer will indemnify CybaVerse from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against CybaVerse payable in relation to any third party claims or actions as a result of or in connection with any breach by the Customer.

6.5 Each Party will fully indemnify the other from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the other as a result of or in connection with any breach by the other of clause 7 (Confidentiality).

6.6 In all cases, the indemnified party agrees to:

6.6.1 promptly notify the indemnifying party of any allegation of infringement or other claim that may give rise to reliance on an indemnity, which comes to its attention, and give the indemnifying party all reasonable assistance subject to reimbursement by the indemnifying party of the indemnified party’s costs so incurred;

6.6.2 not to make any admission, settle, compromise or negotiate the settlement of any such claim without the prior consent of the indemnifying party (such consent not to be unreasonably withheld) provided that the indemnifying party considers and defends any claim diligently, using competent counsel and in such a way as not to bring the reputation of the indemnified party into disrepute; and

6.6.3 allow the indemnifying party to conduct and settle all negotiations and proceedings, save that the indemnifying party may not conclude settlement of any negotiations and proceedings which may have a material effect (whether financial, practical or in terms of reputation) on the indemnified party without the indemnified party’s prior written consent which will not be unreasonably withheld.

7. Limitation Of Liability

7.1 Nothing in this Agreement shall exclude or limit:

7.1.1 either Party’s liability for death or personal injury caused by that Party’s negligence, fraud or fraudulent misrepresentation, or any liability which cannot be legally excluded or limited;

7.1.2 the Customer's liability to pay the Fees.

7.2 Neither party will be liable, whether in contract, tort (including negligence) breach of statutory duty, or otherwise, for any of the following losses or

damage (whether or not such losses or damage were direct, foreseen, foreseeable, known or otherwise) howsoever arising in respect of any: special, indirect, incidental or consequential loss or damage; loss of actual or anticipated profits; loss of business or contracts; loss of revenue or of the use of money; loss of anticipated savings; and/or loss of goodwill, arising out of or in connection with this Agreement.

7.3 the maximum aggregate liability of CybaVerse to the Customer for all claims arising in connection with this Agreement whether in contract, tort (including negligence) or breach of statutory duty, misrepresentation or otherwise shall be limited to £1,000,000 (one million pounds).

7.4 CybaVerse shall have no liability towards any End Customer.

8. Term, Termination And Suspension

8.1 This Agreement will begin on the Effective Date and continue for the Term, unless terminated in accordance with these terms.

8.2 Either Party may terminate this Agreement if the other party commits a material breach of this Agreement that is capable of remedy and which the party in breach has not remedied within 30 days of receipt of a written notice identifying the breach.

8.3 CybaVerse may terminate this Agreement immediately and/or suspend the Service without notice if the Fee has not been received by the due date or if the provision of the Service is found to be unlawful in the jurisdiction or territory in which it is used.

8.4 In the event of any termination of this Agreement by CybaVerse will not refund nor shall credit, and the Customer will not be entitled to any refund or credit for, any portion of the Fee for any unused part of the Term.

8.5 Upon termination of this Agreement for any reason whatsoever:

8.5.1 the relationship of the Parties shall cease and all rights granted under this Agreement to access and use the Service shall cease immediately;

8.5.2 any provision which is expressly or by implication intended to come into force or remain in force on or after termination will continue in full force and effect.

8.6 The termination of this Agreement shall be without prejudice to the rights and remedies of either Party which may have accrued up to the date of termination.

9. Force Majeure

9.1 A Party will not be in breach of this Agreement nor liable for any failure or delay in performance of any obligations (except for those in relation to payment) under this Agreement, and the date for performance of the obligations affected will be extended accordingly, as a result of Force Majeure, provided that such Party shall:

9.1.1 promptly notify the other Party in writing of the matters constituting the Force Majeure and shall keep that Party fully informed of their continuance and of any relevant change of circumstances whilst such Force Majeure continues; and

9.1.2 take all reasonable steps available to it to minimize its effects on the performance of its obligations under this Agreement.

9.2 If Force Majeure continues for longer than 30 days, either Party may, whilst the Force Majeure continues, immediately terminate this Agreement by notice in writing to the other.

10. Parties

10.1 The Customer is prohibited from assigning, transferring, charging, or otherwise reallocating any of its rights or responsibilities under this Agreement.

10.2 A third party not involved in this Agreement possesses no rights (whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise) to enforce any terms of this Agreement.

10.3 Neither Party may leverage the creditworthiness of the other or falsely represent itself as the other or as an agent, partner, employee, or representative of the other. Neither Party may present itself in such a manner or assert any power or authority to create obligations of any nature on the other's behalf.

10.4 No actions by the Parties under this Agreement constitute or are seen as establishing a partnership, joint venture, employer-employee relationship, or principal-agent relationship.

10.5 This Agreement is governed by and construed in accordance with the laws of the United Kingdom.

10.6 Any disputes related to this Agreement will be subject to the exclusive jurisdiction of the courts of the United Kingdom.

Permissions - Vulnerability Scanning

To properly and efficiently determine if vulnerabilities exist on the target systems or applications automated scanning will be undertaken.

We will need to collect information regarding each of the targets you would like to scan. This information will be either an IP or URL, this information is stored on a cloud server.
Scanning can generate traffic and alerts that mimic a genuine attack. Unless the test is specifically to determine the effectiveness of any defensive product, you systems should be set to log/warn rather than log/block the testing source IP address and where possible, rate limiting should be suspended for the duration of the test.
The IP address that will be used to conduct the scan are below.

  • 151.104.34.102
  • 167.172.58.24

  • 151.104.32.104

  • 151.104.34.175

  • 151.104.35.212

  • 151.104.35.215

  • 151.104.32.131

  • 151.104.32.115

  • 151.104.34.237

  • 151.104.34.255

  • 151.104.35.70

  • 151.104.33.138

  • 151.104.33.133

  • 151.104.35.241

In the event that scanning is to be performed in a production environment, the customer understands that there is a risk of business interruption. If there are actions that may be performed on the website that incur a cost (for example a financial application performing a credit check) there also exists a chance of increased costs for the testing period to the customer if the functionality is required to be tested. Another example is form submissions, automated scanning may generate an increased number of form submissions during the scanning period.


The customer undertakes to inform the CybaVerse of any such functionality prior to uploading targets.

By agreeing to the user terms, the customer owns the systems to be scanned and person completing this form has the appropriate authority to allow a company to perform any necessary scanning.

The customer has created a full back up of all systems to be scanned and has verified that the back-up procedure will enable the customer to restore systems to their pre-scan state.

The service necessarily involves the use of network tools and techniques designed to detect security vulnerabilities, and while regular scanning will efficiency and the likelihood of a vulnerability existing being detected it is however, impossible to identify and eliminate all of the risks involved with the use of these tools and techniques.

Permissions - Cyber Essentials

Agreeing to these terms of use you are confirming the parameters and and scope of the Cyber Essentials assessment. 
 
Answer each of the questions as fully as possible. You acknowledge that the completion of the Cyber Essentials certification is a responsibility shared between the Company and its authorised representative. You understand that the information provided during the certification process is crucial for the assessment of its cyber security measures. 
 
The Company agrees to provide accurate and truthful information during the Cyber Essentials certification process. Any inaccuracies or omissions may impact the validity of the certification and the overall assessment of the Company's cyber security posture.
 
The Company commits to implementing and maintaining the necessary cyber security controls and measures outlined in the Cyber Essentials scheme. Failure to comply with these requirements may result in the revocation of the certification.
 
The Company acknowledges that the Cyber Essentials certification is not a guarantee of absolute cyber security and that the assessment is based on the information provided at the time of certification. The Company agrees that neither the Cyber Essentials certification body nor any associated entities shall be held liable for any cyber security incidents or breaches that may occur after the certification date.
 
Once you have completed all questions you must submit them for marking. An assessor will then review your questions and provide any feedback appropriate. Your answers will be stored on our database for your reference next year. You have access to the portal for 6 months before your assessment window elapses and you will need to pay to access the portal again. 

Permissions - Cyber Essentials Plus

The audit is a validation of the answers you provided during the Cyber Essentials self-assessment questionnaire (SAQ). The audit requires an assessor to check certain settings and configurations on the devices in your sample set. You will need to check all these configurations and requirements ahead of time to ensure an efficient and timely audit.

You will be generated a random sample set based on the information you submitted on your Cyber Essentials Assessment.

Your Cyber Essentials Plus audit needs to be completed within 90 days from the date of your Cyber Essentials certificate date. We suggest that you complete the pre audit checks as soon as possible, as failure to meet this deadline will result in you needing to pay for an additional Cyber Essentials certification. All pre audit checks will need to be completed before you are able to book your audit, which is subject to our availability. If during your audit we are unable to complete all the checks associated with your sample set, due to the pre audit checks not being completed to an appropriate standard, then there may be an additional cost charged.

Permissions - Penetration testing

By agreeing to the user agreement you are confirming the parameters and scope of the assessment, identifying and providing authority to test the targeted systems. Please ensure that all information is correct when it is entered, with particular attention being paid to the IP addresses and any credentials you provided.

Further information and guidance can be found here.

To properly and efficiently determine if vulnerabilities exist on the target systems or applications, both manual and automated testing will be undertaken.

This testing can generate traffic and alerts that are indistinguishable from a genuine attack. Unless the test is specifically to determine the effectiveness of any defensive product, they should be set to log/warn rather than log/blog for the testing source IP address and where possible, rate limiting should be suspended for the duration of the test.

In the event that testing is to be performed in a production environment, the customer understands that there is a risk of business interruption. If there are actions that may be performed on the website that incur a cost (for example a financial application performing a credit check) there also exists a chance of increased costs for the testing period to the customer if the functionality is required to be tested. The customer undertakes to inform the tester of any such functionality prior to testing commencing.

By agreeing to the user agreement the customer declares that:

  • The customer owns the systems to be tested and person completing this form has the appropriate authority to allow a company to perform any necessary testing.
  • The customer has created a full back up of all systems to be tested and has verified that the back-up procedure will enable the customer to restore systems to their pre-test state.
  • The service necessarily involves the use of network tools and techniques designed to detect security vulnerabilities, and that is impossible to identify and eliminate all of the risks involved with the use of these tools and techniques.
  • The customer has arranged for the necessary access to the endpoints to be tested and understands that disruption to testing may result in incomplete coverage of the test.
  • The customer is fully aware of and accepts all the testing requirements.