End User License Agreement

1. Acceptance of this End User License Agreement

By accessing and using the CYBERWHITE platform ("Software") operated by INNONET PTY LTD ACN 625 992 529 ATF ABN 31598198475 trading as "CYBERWHITE" ("we," "our," or "us"), you accept and agree to be bound by the terms and provisions of this End User License Agreement ("EULA"). If you do not agree to abide by the terms of this EULA, please do not install, access, or use the Software.

2. License Grant

Subject to your compliance with this EULA, CYBERWHITE grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Software for your internal business purposes. The Software provides a comprehensive cybersecurity assessment and maturity platform that includes:

• Security framework assessments (SMB1001, Essential 8, NIST CSF, SOC 2, CYBERWHITE Framework)
• Microsoft 365 security integration, analysis, and automated compliance scanning
• Compliance Agents - automated M365 tenant scanning and policy assessment
• CARS (CYBERWHITE Adaptive Risk Scoring) algorithm for risk prioritization
• Cross-framework compliance mapping, gap analysis, and remediation guidance
• Multi-tenant client management for MSPs and consultants
• Reporting, documentation, and compliance evidence collection

3. User Accounts and Registration

To access certain features of the Service, you must register for an account. You agree to:

• Provide accurate, current, and complete information during registration
• Maintain and update your account information
• Maintain the security of your password and account
• Accept responsibility for all activities under your account
• Notify us immediately of any unauthorized use of your account

4. Acceptable Use Policy

You agree not to use the Service to:

• Violate any applicable laws or regulations
• Infringe upon the rights of others
• Distribute malware, viruses, or other harmful code
• Attempt to gain unauthorized access to our systems
• Interfere with or disrupt the Service
• Use the Service for any unlawful or fraudulent purpose
• Reverse engineer, decompile, or disassemble any part of the Service

5. Subscription and Payment Terms

CYBERWHITE offers subscription-based services with the following terms:

• Subscription fees are billed monthly in advance
• All fees are non-refundable except as required by law
• We reserve the right to change pricing with 30 days notice
• Failure to pay may result in service suspension or termination
• You may cancel your subscription at any time through your account settings

5.1) Plan Eligibility and Organization Size Verification:

• The Business Professional plan is designed for organizations with 0-49 employees. Organizations with 50 or more employees must contact us for custom enterprise pricing.
• You agree to provide accurate information about your organization size during registration and to update this information if your organization grows.
• We reserve the right to verify your organization size through automated means, including but not limited to Microsoft 365 user count verification via Microsoft Graph API, LinkedIn company data, ABN/ASIC records, or other publicly available information.
• If we determine that your organization exceeds the employee limit for your current plan, we reserve the right to: (a) contact you to upgrade to an appropriate plan; (b) adjust your billing to reflect the correct pricing tier; or (c) suspend or terminate your subscription with 30 days written notice if you do not upgrade.
• Misrepresentation of organization size to obtain lower pricing constitutes a material breach of this EULA and may result in immediate termination of service, back-billing for the price difference, and potential legal action.
• For MSP Professional plans, client limits are enforced at the system level. Exceeding your plan's client limit will require an upgrade to continue adding clients.

5.2) Fair Use Policy - Business Professional Plans Only:

The Business Professional plan includes unlimited Essential Eight, SMB1001, and NIST for SMB assessments, and 10 Microsoft 365 integrations per month, subject to our Fair Use Policy:

• Reasonable Use: The Business Professional plan is intended for normal business security assessment activities, typically 5-7 assessments per month for your own organization.
• Microsoft 365 Integration Limit: Business Professional plans are limited to 10 M365 security integrations per month. Additional integrations require an upgrade or add-on purchase.
• Prohibited Use: You may not use the Business Professional plan to provide commercial consulting services, resell assessments, or conduct assessments for third-party organizations. Such activities require an MSP Professional or Enterprise plan.
• Usage Monitoring: We monitor assessment usage patterns. If your usage significantly exceeds normal business use (e.g., 15+ assessments per month consistently), we may contact you to discuss upgrading to an appropriate plan.
• System Protection: To ensure platform stability, only one assessment can be active at a time per account. This prevents automated or bulk assessment abuse.

Note: This Fair Use Policy applies only to Business Professional plans. MSP Professional and Enterprise plans have different terms and pricing structures designed for commercial consulting use. Consultants and MSPs should contact us for appropriate pricing.

5.3) Custom Pricing and Plan Modifications:

• Right to Custom Pricing: CYBERWHITE reserves the absolute right to offer custom pricing to any customer category based on factors including but not limited to: organization size (number of employees), number of managed clients, industry sector, geographic location, volume commitments, partnership arrangements, educational or non-profit status, or any other criteria at our sole discretion.
• Price Adjustments: We may adjust pricing for your account if your organization's characteristics change (e.g., employee count increases, client count changes) with 30 days written notice. You may cancel your subscription if you do not agree to adjusted pricing.
• No Price Matching: Custom pricing offered to one customer does not entitle other customers to equivalent pricing. Each customer relationship is individually assessed.
• Enterprise and Volume Agreements: Organizations requiring custom terms, volume licensing, or enterprise features should contact us directly. Enterprise agreements may supersede standard EULA terms where explicitly stated in writing.

5.4) Client Slot Allocation and License Protection (MSP Plans):

• Permanent Client Slots: For MSP and Consultant plans, each client you create consumes one permanent license slot. Client slots cannot be recovered by deleting clients. This policy protects assessment data integrity and prevents license abuse.
• No Client Deletion: To maintain compliance records and audit trails, clients cannot be deleted from the platform. Clients may be archived but will continue to count toward your license allocation.
• Slot Recovery: License slots may only be recovered through: (a) subscription upgrade to a higher tier; (b) annual renewal with slot reset (subject to approval); or (c) special arrangement with CYBERWHITE support.
• License Abuse: Attempting to circumvent license limits through client deletion/recreation, account manipulation, or other means constitutes a material breach of this EULA and may result in immediate termination without refund.

5.5) Compliance Agents and M365 Tenant Access:

• Tenant Authorization: By connecting a Microsoft 365 tenant to CYBERWHITE Compliance Agents, you warrant that you have proper authorization to grant read-only access to that tenant's security configuration and policies.
• Scope of Access: Compliance Agents access M365 Security Score, Conditional Access policies, security configurations, and related compliance data through Microsoft Graph API. Access is read-only and least-privilege.
• MSP Tenant Responsibility: MSPs connecting client tenants are solely responsible for obtaining proper authorization from each client organization before connecting their tenant. CYBERWHITE is not liable for unauthorized tenant connections.
• Data Processing: M365 compliance data retrieved through Compliance Agents is processed and stored in accordance with our Privacy Policy and applicable data protection laws including the Australian Privacy Act 1988.
• Scan Frequency: Compliance Agent scans may be limited based on your subscription tier. Automated scanning intervals and manual scan limits are enforced at the system level.

5.6) MSP Per-Client Billing (Premium MSP Plans):

• Per-Client Pricing: Premium MSP subscriptions are billed based on the number of active clients managed through the CYBERWHITE platform. The per-client rate is established in your subscription agreement and may vary based on your pricing tier.
• Automatic Client Tracking: The system automatically tracks the number of clients associated with your account. Your subscription quantity and billing are adjusted automatically when clients are added or removed.
• No Client Caps: Premium MSP plans have no maximum client limit. You may add unlimited clients, and your billing will scale accordingly based on your agreed per-client rate.
• Proration: When clients are added mid-billing cycle, charges are prorated for the remaining days in the billing period. When clients are removed, credits are applied to your next invoice on a prorated basis.
• Minimum Billing: A minimum of one (1) client is required to maintain an active Premium MSP subscription. Subscriptions with zero clients may be suspended.
• Billing Frequency: Per-client charges are billed monthly in arrears based on your client count at the end of each billing period, or as otherwise specified in your subscription agreement.
• Rate Changes: Your per-client rate is fixed for the duration of your contract term. Rate changes may occur upon contract renewal with 30 days written notice.
• Client Definition: A "client" is defined as any organization or entity for which you have created a client account in the CYBERWHITE platform, regardless of whether that client has active assessments or M365 connections.

6. AI Functionality and Third-Party AI Services

6.1) Use of AI Services: CYBERWHITE uses Microsoft Azure OpenAI services (powered by OpenAI GPT-4) to deliver AI-powered features including gap analysis, remediation guidance, and compliance insights.

6.2) Data Processing: Only data inputted as part of using AI features is sent to Azure OpenAI. Your data is not used to train OpenAI models and is not stored beyond immediate processing.

6.3) Content Safety: All AI inputs and outputs are filtered through Azure Content Safety services, which apply content moderation to detect and prevent harmful content. This includes filtering for violence, hate speech, self-harm, and sexual content.

6.4) AI Output Disclaimer: AI-generated content is for informational purposes only. You acknowledge that:

• AI outputs may contain errors or outdated information
• AI recommendations should be reviewed by qualified personnel
• CYBERWHITE does not guarantee accuracy of AI-generated content
• You are responsible for decisions based on AI outputs
• AI outputs do not constitute certification or compliance guarantee

6.5) Personal Data: We recommend not including personal or sensitive data in AI inputs unless necessary. You are responsible for ensuring inputs comply with privacy laws.

7. Data Security and Privacy

We implement industry-standard security measures. However:

• You are responsible for the security of your own data and systems
• We cannot guarantee absolute security of data transmission
• You should maintain appropriate backups of your data
• Our Privacy Policy governs collection and use of your information

8. Intellectual Property

The Service and its original content, features, and functionality are owned by INNONET PTY LTD ACN 625 992 529 ATF ABN 31598198475 trading as "CYBERWHITE" and are protected by international copyright, trademark, patent, trade secret, and other intellectual property laws.

You retain ownership of any data you submit to the Service, but grant us a license to use, store, and process such data as necessary to provide the Service.

9. Limitation of Liability

9.1) Despite anything to the contrary, to the maximum extent permitted by law:

1. a) we will not be liable for any Consequential Loss;
2. b) if a Party's liability for any Liability under this EULA will be reduced proportionately to the extent the relevant Liability was caused or contributed to by the acts or omissions of the other Party (or any of its Personnel), including any failure to mitigate that Liability; and
3. c) our aggregate liability for any Liability arising from or in connection with this EULA will be limited to, and must not exceed in aggregate for all claims $1,000.

9.2) Despite anything to the contrary, to the maximum extent permitted by law, we will not be liable for, and you waive and release us from and against, any Liability, caused or contributed to by, arising from or connected with:

9.3) To the maximum extent permitted by law, you indemnify and continue to indemnify us against all Liability we suffer or incur arising from or as a consequence of a breach of clause 5 (Intellectual Property), your use of the Services contrary to this EULA, including from any claim relating to the Data.

1. a) loss of, or damage to, any property or any injury to or loss to any person;
2. b) the Computing Environment;
3. c) any breach by you of this EULA or any Laws;
4. d) any reliance on the Services (including any reports produced) by you, including for the purposes of complying with any obligations on you (including under any Laws);
5. e) your acts or omissions;
6. f) any use or application of the Services by a person or entity other than you, or other than as reasonably contemplated by this EULA;
7. g) any Third-Party Inputs; and
8. h) any event outside of our reasonable control (including a Force Majeure Event, and a fault, defect, error or omission in the Computing Environment or Customer Data).

9.4) You acknowledge and agree that:

1. a) you are responsible for your use of the Services;
2. b) you use the Services and any associated programs and files at your own risk;
3. c) we do not warrant that the Services is error-free or will be uninterrupted;
4. d) from time to time, we may make certain services and/or features available to you for use which are still in their beta stage. These beta stage services have not been fully tested and are provided on an 'as is' basis; and, to the fullest extent permitted by Law, we make no representations, warranties or guarantees in relation to such beta stage services; and
5. e) we may pursue any available equitable or other remedy against you if you breach any provision of this EULA.

10. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

11. Termination

11.1) Termination by CYBERWHITE: We may terminate or suspend your account and access to the Service immediately, without prior notice, for conduct that we believe violates this EULA or is harmful to other users, us, or third parties. This includes but is not limited to: license abuse, misrepresentation of organization size, unauthorized tenant connections, or breach of acceptable use policies.

11.2) Termination by User: You may terminate your account and this EULA at any time by emailing us at support@cyberwhite.ai with 30 days written notice. Upon termination, your access to the Service will cease at the end of the notice period. No refunds will be provided for unused portions of prepaid subscriptions except as required by Australian Consumer Law.

11.3) Effect of Termination: Upon termination of this EULA, all rights and licenses granted to you will immediately cease, and you must discontinue all use of the Service. Provisions that by their nature should survive termination will remain in effect.

11.4) Data Retention: Upon termination: (a) Your assessment data and reports will be retained for 90 days to allow data export; (b) After 90 days, your data may be permanently deleted at our discretion; (c) We may retain anonymized, aggregated data indefinitely for analytics and service improvement purposes; (d) Compliance audit logs may be retained as required by law or for legitimate business purposes.

11.5) No Liability on Termination: CYBERWHITE shall not be liable to you or any third party for termination of access to the Service, including loss of data, business interruption, or any consequential damages arising from termination.

12. Australian Consumer Law

12.1) Certain legislation, including the Australian Consumer Law (ACL) in the Competition and Consumer Act 2010 (Cth), and similar consumer protection laws and regulations, may confer you with rights, warranties, guarantees and remedies regarding the provision of the Services that cannot be excluded, restricted or modified (Statutory Rights).

12.2) You agree that our Liability for the Services is governed solely by the ACL and this EULA.

12.3) Subject to your Statutory Rights, we exclude all express and implied warranties, representations and guarantees of any kind (whether under statute, law, equity or on any other basis) and all materials, work, goods and services (including the Services) are provided to you without warranties, representations and guarantees of any kind, unless expressly stated in this EULA.

13. Governing Law and Dispute Resolution

13.1) These Terms shall be governed by and construed in accordance with the laws of New South Wales, Australia, without regard to its conflict of law provisions.

13.2) Any dispute arising out of or in connection with this EULA shall first be attempted to be resolved through good faith negotiation. If the dispute cannot be resolved within 30 days, either party may refer the matter to mediation administered by the Australian Disputes Centre (ADC) in Sydney, NSW.

13.3) If mediation fails to resolve the dispute within 60 days, either party may commence legal proceedings in the courts of New South Wales, Australia. Both parties irrevocably submit to the exclusive jurisdiction of such courts.

13.4) Nothing in this clause prevents either party from seeking urgent interlocutory relief from a court of competent jurisdiction.

14. Service Availability and Modifications

14.1) We aim to provide continuous access to the Service but do not guarantee uninterrupted availability. The Service may be temporarily unavailable due to maintenance, updates, or circumstances beyond our control.

14.2) We reserve the right to modify, suspend, or discontinue any feature or functionality of the Service at any time with or without notice. We will endeavor to provide reasonable notice for significant changes.

14.3) Third-party integrations (including Microsoft 365) are subject to the availability and terms of those third-party services. We are not responsible for changes, outages, or discontinuation of third-party services.

15. Changes to Terms

We reserve the right to modify these Terms at any time. We will notify users of any material changes via email or through the Service. Continued use of the Service after such modifications constitutes acceptance of the updated Terms.

16. Contact Information

If you have any questions about this End User License Agreement, please contact us at: