These Terms govern your access to and use of Cyphic's APIs, dashboards, managed services and websites ("Services"). By creating an account, calling the API, or accepting an order form, you agree to these Terms on behalf of yourself and any entity you represent.
1. The Services
Cyphic provides token-priced risk intelligence (Cyphic AI), managed security operations (Cyphic Cloud) and bundled cybersecurity tiers (Cyphic 360). All verdicts are advisory and do not constitute final automated decisions. Specific service descriptions, region availability and tier inclusions are published in our documentation and may evolve as products improve.
2. Account and authentication
You are responsible for safeguarding API keys, access tokens, MFA factors and SSO configuration. You must promptly notify us of suspected compromise. We may suspend access where credentials are observed to be leaked publicly, until rotation is confirmed.
3. Acceptable use
- No use to enable unlawful surveillance, discrimination, harassment or harm.
- No re-distribution of raw verdicts to third parties without written consent.
- No attempt to reverse-engineer, scrape, fingerprint or train derivative models on outputs.
- No use that violates export controls or sanctions in your jurisdiction or ours.
- No malicious payloads, illegal content, child sexual abuse material or non-consensual intimate imagery submitted to scoring endpoints.
- No abuse of rate limits, no load testing without prior written approval.
We may suspend or terminate access where these rules are breached. Repeated or material breach is grounds for immediate termination without refund.
4. Tokens and billing
Usage is metered in tokens. Free tokens are provided on signup. Top-ups are charged in the customer's regional currency or accepted crypto. Unused tokens roll over for 12 months from purchase. Enterprise customers may commit to annual token pools with discounts described in the order form. Disputed invoices must be raised within 30 days of issue.
5. Service levels
Production tiers are covered by our SLA. Free and developer tiers are provided as-is with best-effort availability. Service credits are the sole and exclusive remedy for missed SLA targets.
6. Confidentiality
Each party will safeguard the other's confidential information using no less than reasonable care, restrict access to those with a need to know, and not use it except to perform under these Terms. Our security controls are summarised in the Trust Center.
7. Intellectual property
Cyphic and its licensors retain all rights in the Services, models, dashboards and documentation. You retain all rights in your inputs. You grant Cyphic a limited, non-exclusive licence to process inputs solely for the purpose of providing the Services and improving security model robustness on aggregated, anonymised signals.
8. Disclaimers
Verdicts are probabilistic and informational. The Services are provided "as is" and "as available". Cyphic disclaims all implied warranties of merchantability, fitness for a particular purpose and non-infringement, to the maximum extent permitted by law. The customer remains solely responsible for final decisions including approvals, declines, suspensions and disclosures.
9. Limitation of liability
To the maximum extent permitted by law, neither party will be liable for indirect, incidental, special, consequential or punitive damages, lost profits, lost revenues, loss of goodwill or loss of data. Aggregate liability of either party arising out of or related to these Terms is capped at fees paid by the customer to Cyphic in the prior 12 months. The cap does not apply to indemnification obligations, breach of confidentiality, or wilful misconduct.
10. Indemnification
Cyphic will defend you against third-party claims that the Services infringe valid intellectual property rights, subject to prompt notice, sole control of defence and reasonable cooperation. You will indemnify Cyphic against claims arising from your inputs, misuse of the Services or breach of acceptable use.
11. Termination
Either party may terminate for material breach not cured within 30 days of notice. On termination, your access ceases, fees through the effective date remain payable and accrued service credits are forfeited. Sections that by their nature should survive (confidentiality, IP, disclaimers, liability, governing law) survive termination.
12. Modifications
We may modify these Terms by posting an updated version and notifying account administrators by email at least 30 days before changes take effect. Continued use after the effective date constitutes acceptance.
13. Governing law and Forum Selection
These Terms, along with any global commercial claims, platform liabilities, or non-contractual obligations arising out of your interaction with our edge services, shall be governed by, and construed in accordance with, the laws of the State of Maryland, United States. Notwithstanding the foregoing, all local data privacy compliance parameters, localized operational infrastructure deployments, and processing dependencies within our core networks shall be governed by the substantive laws of the Republic of Kenya.
Any dispute, controversy, or claim arising out of or relating to this contractual framework—including its validity, invalidity, breach, or termination—shall be referred to and finally resolved by binding arbitration administered by the Nairobi Centre for International Arbitration (NCIA), in accordance with the NCIA Arbitration Rules, which rules are deemed incorporated by reference into this clause.
The legal place of the arbitration shall be Nairobi, Kenya, or such neutral international seat as mutually agreed by the parties. The language of the proceedings shall be English. To eliminate cross-border operational disruption and unnecessary overhead, the parties explicitly agree that all sub-proceedings, evidentiary discovery exchanges, and hearings shall be conducted remotely via secure electronic conferencing platforms, and any final award shall be enforceable globally under the 1958 New York Convention.
14. Notices
Operational notices are delivered via in-product banners and email to account administrators. Legal notices to Cyphic must be sent in writing to our registered office and copied to legal@cyphic.cloud.