Cyberware Terms of Service

(i) Bulhack LTD with registered office Hazdhi Dimiat 14, Elin Pelin, and registered number (VAT) BG206948918; and

(ii) The Customer as identified in the Order (Customer).

I. BACKGROUND

1. Cyberware has developed certain vulnerability scanner software products which it makes available to customers on a SaaS basis, to enable the Customer to find cybersecurity weaknesses in their digital infrastructure.

2. The Customer wishes to take a 7-Day Free Trial of Cyberware’s services for its internal business purposes.

3. Cyberware has agreed to provide, and the Customer has agreed to take a 7-Day Free Trial of Cyberware’s services, subject to the terms and conditions of this Agreement.

II. DEFINITIONS

1. Agreement means these Terms of Service together with any associated Orders, annexes, schedules or other referenced documents.

2. Customer means the legal entity/natural person identified in the Order.

3. Customer User means any employee, agent, contractor or consultant of the Customer authorized to use the Services or who uses the Services on behalf of the Customer.

4. End Customers means any third-party clients, customers, or entities on whose behalf or for whose benefit the Customer uses the Services, including where the Services are used to assess, scan, or test the systems, applications, or infrastructure owned or controlled by such third parties.

5. Cyberware means Bulhack Ltd., the provider of the Services.

6. Services means the vulnerability scanning services and associated platform functionality provided by Cyberware under this Agreement.

7. Vulnerability means any weakness, flaw, or misconfiguration in hardware, software, system design, code, or operational procedures that could be exploited—intentionally or unintentionally—to compromise the confidentiality, integrity, or availability of a system, network, or the information processed, stored, or transmitted by it.

8. Order means the specific order for Services as accepted by Cyberware during the relevant sign-up process.

9. Effective Date means the date that the Order is accepted by Cyberware.

10. Platform means the Cyberware software platform, including the Cyberware Portal, via which the Services are made available, including all versions, amendments, and improvements thereto and/or any other tools, methods, models, know-how, code, functionality, or other elements owned or developed by Cyberware.

11. Platform Data means all usage and/or statistical or other data, information, learnings or know how related to and/or derived from the use of the Platform by customers and users, only in anonymized and aggregated form, and at all times not including any data or information that could individually identify a Customer.

12. Service Specification means the specification of the Services set out at https://getcyberware.com/en/services as updated and amended from time to time by Cyberware to reflect changes, enhancements, and improvements that it makes to the Cyberware systems and technology.

13. Target System means an individual computer system as identified by the IP address, hostname, or other unique identifier assigned to it. Where the same computer system is monitored via multiple IP addresses, hostnames, or other identifiers, each separate entry in the Cyberware Portal will count as a unique system.

14. Weakness means a particular configuration, software patch level, or application code deployment that is reasonably perceived or can be objectively demonstrated to reduce, compromise, or otherwise undermine the confidentiality, integrity, or availability of a Target System, or of the information stored, processed, or transmitted by it.

15. Term means a 7-Day free Trial.

16. Trial means the 7-Day Free Trial plan as made available by Cyberware.

17. Intellectual Property Rights means all intellectual and industrial property rights of any kind, whether registered or unregistered, including without limitation any rights in or to: patents, utility models, inventions, copyrights and related rights, moral rights, database rights, trade marks, service marks, trade names, domain names, designs, rights in computer software (including source code and object code), trade secrets, know-how, business methods, and all applications for and rights to apply for any of the foregoing, anywhere in the world.

18. Confidential Information means the provisions of this Agreement and, in relation to either Party, all information, in any form or medium, which is secret or otherwise not publicly available (either in its entirety or in the precise configuration or assembly of its components), including, without limitation, commercial, financial, marketing or technical information, accounts, business plans, business methods, strategies and financial forecasts, tax records, correspondence, designs, drawings, manuals, specifications, customer, sales or supplier information, technical or commercial expertise, software, formulae, processes, methods, knowledge, know-how and trade secrets, whether disclosed orally, in writing or by electronic means, before or after the date of this Agreement; but excluding any information that:
(i) is or becomes publicly available through no breach of this Agreement,
(ii) was lawfully known to the receiving Party prior to disclosure,
(iii) is lawfully disclosed to the receiving Party by a third party without restriction, or
(iv) is independently developed by the receiving Party without use of or reference to the disclosing Party’s Confidential Information.

III. CYBERWARE SERVICES

1. Cyberware provides cybersecurity testing software designed for automated offensive penetration testing of the Customer’s web applications and public infrastructure. The software is offered as a Software-as-a-Service (SaaS) solution accessible through our website.

2. Cyberware shall deliver cybersecurity services consisting of automated vulnerability scanning, penetration testing, and related security assessments using the SaaS platform.

3. The Services will be performed in accordance with industry best practices and within the scope agreed upon between the parties or public infrastructure associated with the provided domain.

4. Cyberware will generate reports detailing identified vulnerabilities, risk levels, and recommended remediation actions based on the testing results.

5. Cyberware confirms and declares that all analyses, results, processed data, aggregated and structured information, and any other outputs generated in connection with the provision of the Services may be used for purposes related to the delivery, maintenance, optimization, and improvement of the Services and the underlying technologies.

6. Cyberware may analyze such data internally or in collaboration with selected partners, including for commercial purposes, as well as for the enhancement of systems, development of cyber threat intelligence, research and analytical activities, or the training of machine learning models, provided that such use does not result in the direct identification of the Customer or the disclosure of the Customer’s Confidential Information in an individually attributable form.

7. Cyberware shall not copy, reproduce, store, disclose, sell, lease, distribute, or otherwise use any Customer data or information obtained during the provision of the Services for any purposes other than those explicitly authorized in this Agreement.

8. Cyberware shall not access, use, disclose, or retain any Customer Data for any purposes other than necessary to provide the Services, or as explicitly permitted under these Terms. Тhe Customer expressly agrees that Cyberware is entitled to freely access and process any of its data, information, systems, and materials provided or accessed in connection with the purposes of the Services or as agreed under these Terms and Conditions. This consent includes, but is not limited to, the technical processing, storage, transfer, and use of such data within the scope and for the duration defined in these Terms.

9. Cyberware shall implement and maintain appropriate technical and organizational security measures to protect all Customer data from unauthorized access, use, or disclosure.

10. The Customer retains all rights, title, and interest in and to its own data and information, and Cyberware retains ownership of the generated snapshot for purposes of internal analysis, reporting, legal evidence, and compliance, including the demonstration of vulnerabilities and documentation of security incidents. Cyberware does not claim any ownership rights over the underlying technology configuration of the Customer or any third party. The intellectual property of the originating entity is fully respected.

IV. TRIAL & SUBSCRIPTION TERMS

1. Cyberware shall provide the Services to the Customer on a limited, non-exclusive basis for the Term.

2. The Trial is free of charge. If payment card information is collected, the Customer will automatically be enrolled in a paid one-year subscription plan at the end of the Trial unless canceled before that time. Cyberware is authorized to charge the Customer’s card at plan commencement and upon annual renewals. The one-year subscription plan shall be regulated by the Cyberware’s Terms and Conditions.
The Customer hereby expressly authorizes and empowers Cyberware to automatically collect payment at the commencement of the plan and upon each subsequent renewal of the one-year term, unless the Customer notifies Cyberware otherwise. Such notice must be provided to Cyberware in the prescribed form, including acceptable methods such as electronic communication or written notice.

3. Cyberware shall send a reminder notice to the Customer at least 24 hours before the Trial ends.

4. The Customer may use the Services solely:
(i) Use the Services for Customer's internal business purposes in connection with its own target systems;
(ii) To assess vulnerabilities on its own systems or those of its End Customers by plugging its end customer's systems into the target systems (without granting End Customers direct access).

5. The Customer is responsible for ensuring that its Users comply with these terms. Use by unauthorized third parties is prohibited.

V. CUSTOMER RESPONSIBILITIES

1. Any use by the Customer of the Services that violates applicable law or third-party rights is strictly forbidden.

2. The Customer represents and warrants that it has, and will maintain throughout the term of this Agreement, all necessary permissions, authorizations, and consents from the owners or licensors of the Customer's systems and networks (including, but not limited to, the Target Systems) required for Cyberware to provide the Services to the Customer.

3. The Customer hereby permits Cyberware access to the Customer's systems and networks (including, but not limited to, the Target Systems and any applications or data stored thereon) solely for purposes related to compliance with the Cyber Security Act (Regulation (EU) 2019/881 of the European Parliament and of the Council as amended, updated or replaced from time to time), and represents and warrants that it is, and will remain throughout the term of this Agreement, duly authorized to grant such access.

4. The Customer acknowledges and agrees that when using the Service outside Bulgaria, it is solely responsible for ensuring that such use complies with all applicable laws and regulations in the relevant jurisdiction or territory.

5. The Customer shall not, and shall not permit any third party to:
(i) Attempt to download, copy, modify, create derivative works from, frame, mirror, republish, or distribute any part of the Platform except as expressly permitted under this Agreement;
(ii) Attempt to copy, adapt, decompile, disassemble, reverse engineer, or otherwise convert all or any part of the Platform into a human-perceivable form, except to the extent expressly allowed by applicable law, which cannot be waived by agreement;
(iii) Use any knowledge or information acquired through the Platform or Services to develop, create, or market any software product that competes with the Platform;
(iv) Resell, sublicense, or otherwise use the Platform or Services to provide services to third parties, except as expressly agreed with Cyberware, including through authorized partnership or distribution agreements that permit use of the Platform under the partner’s branding.

VI. SECURITY AND RISK DISCLAIMER

1. The Customer acknowledges that, in order to provide the Services, Cyberware will perform penetration testing techniques on the Target Systems, in accordance with the applicable Service Specification, to identify potential vulnerabilities. The Customer further acknowledges that the use of the Services may temporarily increase network bandwidth consumption and/or processing load on the Target Systems during testing. Cyberware shall not be liable for any consequences arising from limitations in the Customer’s network bandwidth or system processing capacity.

2. Cyberware warns that the Services may simulate the exploitation or escalation of existing vulnerabilities, including temporarily increasing the risk level of identified vulnerabilities, solely for the purpose of testing and demonstrating the security posture of the Target Systems, as intended by the nature of the Service.

3. The Customer acknowledges that the Service is not specifically designed or customized for the Customer or the Target Systems, and are provided as-is, and that does not provide any guarantee that all existing or potential Vulnerabilities will be detected. The Customer further acknowledges that, due to the inherent limitations of penetration testing methodologies, including but not limited to time constraints, scope restrictions, and evolving threat landscapes, certain Vulnerabilities may remain undiscovered. The Service is intended to support, but not replace, a comprehensive cybersecurity strategy, and the Customer remains solely responsible for implementing and maintaining appropriate security measures.

4. To the maximum extent permitted by applicable law, Cyberware shall not be liable for any damages, losses, or claims incurred by the Customer, any Customer User, or End Customer or any related third party, whether direct, indirect, incidental, or consequential, arising from or in connection with the use or provision of the Service as intended, including but not limited to any Weakness that is not detected, identified, or reported by the Service.

VII. INTELLECTUAL PROPERTY

1. Cyberware represents that it has, at its own expense, created, developed or validly licensed the Services and the technologies and systems, including the Platform, that constitute part of the Services.

2. As between the Parties, all Intellectual Property Rights in and to the Services, the Platform, the Platform Data, and any associated documentation, software, tools, or materials developed or provided by Cyberware in the course of delivering the Services shall remain the sole and exclusive property of Cyberware or its licensors.

3. No rights, licenses, or interests are granted to the Customer or any third party by implication or otherwise, except for the limited right to access and use the Services as expressly set out in this Agreement.

4. The Customer shall not remove, alter, or obscure any proprietary notices, labels, or marks from the Platform or any materials provided by Cyberware and shall not attempt to claim ownership of or register any rights in respect of Cyberware’s Intellectual Property.

5. The Customer acknowledges and agrees that any suggestions, feedback, or ideas submitted by the Customer regarding the Services may be freely used by Cyberware for any purpose and shall not give rise to any Intellectual Property Rights in favor of the Customer.

VIII. CONFIDENTIALITY

1. Both Parties agree to maintain confidentiality about the confidential information regarding all non-public business, technical, or financial information received under this Agreement.

2. Disclosure is only permitted under strict need-to-know obligations with equivalent confidentiality safeguards.

IX. WARRANTIES AND INDEMNITIES

1. Except as expressly set out in this Agreement, all conditions, warranties, representations, or other terms which might otherwise be implied into this Agreement, whether by statute, common law or otherwise, are hereby excluded to the fullest extent permitted by law, including, without limitation, any implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, or non-infringement.

2. The Customer represents and warrants that:
(i) It and its representative executing this Agreement have full power, authority, and legal right to enter into and perform this Agreement;
(ii) It has obtained and will maintain all rights, licenses, consents, approvals, and authorizations from third parties as required under applicable laws or regulations, and as necessary to perform its obligations and to enable Cyberware to perform the Services under this Agreement.

3. The Customer shall indemnify, defend, and hold harmless Cyberware from and against any and all losses, damages, liabilities, claims, penalties, fines, costs, and expenses (including reasonable external legal fees) arising out of or in connection with any breach by the Customer of clause 9.2 and/or clauses 5.2, 5.3, or 5.4 of this Agreement.

4. Each Party shall indemnify and hold harmless the other Party from and against any and all losses, damages, claims, penalties, fines, costs, and expenses (including reasonable external legal fees) incurred or awarded as a result of or in connection with any breach of clause 8 (Confidentiality) by the indemnifying Party.

X. LIMITATIONS OF LIABILITY

1. Nothing in this Agreement shall exclude or limit the liability of either Party for death or personal injury caused by that Party’s negligence, for fraud or fraudulent misrepresentation, or for any other liability which cannot be excluded or limited under applicable law.

2. Subject to clause 10.1, neither Party shall be liable, whether in contract, tort (including negligence), breach of statutory duty, misrepresentation, or otherwise, for any indirect, incidental, special, consequential, exemplary, or punitive damages, including but not limited to loss of profits, loss of revenue, loss of business, loss of contracts, loss of goodwill, loss of anticipated savings, loss or corruption of data, or any damages arising from business interruption, loss of use, or loss of goodwill, regardless of whether such damages were foreseeable or whether the Party was advised of the possibility of such damages.

3. Cyberware’s total aggregate liability to the Customer arising out of or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, misrepresentation, or otherwise, shall be limited to the total amount of fees actually paid by the Customer to Cyberware under this Agreement during the twelve (12) months immediately preceding the event giving rise to the claim.

4. Cyberware shall not be liable for any damages or losses arising from:
(i) any failure or delay caused by circumstances beyond Cyberware’s reasonable control, including but not limited to force majeure events, acts of God, war, terrorism, civil unrest, strikes, lockouts, labour disputes, governmental actions, pandemics, or failure of third-party services;
(ii) any unauthorized access, use or alteration of Customer’s systems, data or content by third parties;
(iii) loss, corruption, or destruction of data, except where directly caused by Cyberware’s gross negligence or willful misconduct;
(iv) any failure by the Customer to comply with its obligations under this Agreement.

5. The Customer acknowledges and agrees that Cyberware shall have no liability whatsoever to any End Customer or any third party in relation to the provision or use of the Services.

6. The limitations and exclusions of liability set out in this clause shall apply to the fullest extent permitted by law, even if any exclusive remedy fails of its essential purpose.

7. Neither party shall be liable for any losses, damages, costs, or expenses arising directly or indirectly from changes, amendments, or modifications to applicable laws, regulations, or government policies that affect the performance of this Agreement or the provision of the Services.

XI. TERM, TERMINATION, AND SUSPENSION

1. This Agreement shall commence on the date when Cyberware accepts and approves the Customer’s order (the Commencement Date) and shall continue for the Term unless terminated earlier in accordance with the provisions herein.

2. Upon expiry of the trial period, unless the Customer notifies Cyberware otherwise prior to its end, the Customer will be automatically enrolled in a fully paid one-year subscription. By commencing the paid subscription, the Agreement (these Terms and Conditions) shall continue in full force and effect until terminated in accordance with these terms. The Customer hereby authorizes Cyberware to automatically charge payment at the start of such subscription and upon each renewal of the one-year Term until the Customer provides notice to terminate or modify the subscription.

3. Either Party may terminate this Agreement immediately upon written notice to the other Party in the event of a material breach of this Agreement by the other Party.

4. Upon termination of this Agreement for any reason:
(i) All rights and licenses granted hereunder shall immediately terminate, and the relationship between the Parties shall cease;
(ii) Any provisions which by their nature survive termination or expiration shall continue in full force and effect.

5. Termination shall be without prejudice to any accrued rights or remedies of either Party prior to termination.

6. Cyberware may terminate this Agreement at any time, without cause and without prior notice or explanation to the Customer.

7. If Cyberware terminates the Agreement pursuant to clause 11.6 and such termination is not due to any fault or breach of the Customer, Cyberware shall refund the Customer a pro-rata amount of any prepaid subscription fees corresponding to the unused remainder of the current subscription period.

8. No refund shall be due if termination under clause 11.6 is caused by any breach, fault, or wrongful act of the Customer.

XII. ENTIRE AGREEMENT

1. This Agreement supersedes all prior agreements and constitutes the full understanding between the Parties.

2. No implied terms apply except where required by law.

XIII. GOVERNING LAW AND JURISDICTION

1. The Parties expressly agree that the conclusion, existence, validity, interpretation, execution, breach, amendment, termination, intellectual property rights, data protection, contractual and non-contractual liability for damages, and any other matters relating to this Agreement shall be governed by and construed in accordance with the laws of the Republic of Bulgaria.

2. Pursuant to Article 117, para. 2 of the Bulgarian Civil Procedure Code, the Parties agree that any and all disputes arising out of or in connection with this Agreement shall be submitted to the competent court having subject-matter jurisdiction in Sofia, Bulgaria, and shall be resolved in accordance with Bulgarian law.