Terms of Service

Last updated: January 1, 2026  ·  Cyber Risk Architecture LLC

1. Acceptance of Terms

By accessing or using the CyberRisk Architecture OS platform ("CRAM OS", the "Service"), you agree to be bound by these Terms of Service ("Terms"). If you are accepting on behalf of an organization, you represent that you have the authority to bind that organization to these Terms.

2. Description of Service

CRAM OS is a SaaS-based enterprise cyber risk quantification and management platform. The Service includes the web application at app.cyberriskarchitecture.com, associated APIs, mobile applications, and any related services operated by Cyber Risk Architecture LLC.

3. Accounts and Access

• You must provide accurate and complete registration information.
• You are responsible for maintaining the confidentiality of your credentials and for all activity under your account.
• You must notify us immediately of any unauthorized account access at security@cyberriskarchitecture.com.
• We reserve the right to suspend or terminate accounts that violate these Terms.

4. Subscription Plans and Payment

Access to CRAM OS requires a paid subscription (following any applicable free trial period). Subscription fees are billed in advance on a monthly or annual basis depending on your selected plan.

• Free Trial — New accounts receive a 14-day full-access trial. No credit card is required to start a trial.
• Billing — Subscriptions renew automatically unless cancelled before the renewal date.
• Refunds — Annual subscriptions cancelled within 30 days of the billing date are eligible for a pro-rated refund. Monthly subscriptions are non-refundable after the billing date.
• Price Changes — We will provide at least 30 days' notice of price changes for existing subscriptions.

5. Acceptable Use

You agree not to:

• Use the Service to assess, attack, or probe third-party systems without explicit written authorization from those third parties.
• Reverse-engineer, decompile, or attempt to extract the source code of the platform.
• Resell, sublicense, or white-label the Service without a written reseller agreement.
• Upload malicious code, conduct denial-of-service attacks, or attempt to gain unauthorized access to our infrastructure.
• Violate any applicable law or regulation, including export control laws.

6. Customer Data

You retain all ownership of the security data, asset inventories, and risk information you upload to or generate within CRAM OS ("Customer Data"). By using the Service, you grant us a limited license to process Customer Data solely to deliver the Service to you.

We do not use Customer Data to train machine learning models, benchmark competitors, or for any purpose beyond operating and improving the Service for your organization.

7. Intellectual Property

All platform software, algorithms (including the EISSM/EISSAF framework implementations), UI, documentation, and branding are the exclusive property of Cyber Risk Architecture LLC and are protected by copyright, trade secret, and other applicable law. These Terms do not grant you any rights to our intellectual property beyond the limited license to use the Service.

8. Confidentiality

Each party agrees to protect the other's confidential information using at least the same degree of care it uses for its own confidential information (but no less than reasonable care), and not to disclose it to third parties without prior written consent. This obligation survives termination of these Terms for 3 years.

9. Availability and SLA

We target 99.9% monthly uptime for the core platform, excluding scheduled maintenance windows (communicated at least 48 hours in advance). Enterprise and Large Enterprise subscribers are entitled to SLA credits as specified in their order form.

10. Warranties and Disclaimers

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE". TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE ERROR-FREE OR THAT RISK SCORES WILL BE ACCURATE OR COMPLETE.

CRAM OS is a decision-support tool. Risk scores, compliance assessments, and threat intelligence outputs are informational and do not constitute legal, regulatory, or professional security advice.

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL CYBER RISK ARCHITECTURE LLC BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL, ARISING FROM YOUR USE OF THE SERVICE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR AGGREGATE LIABILITY FOR ANY CLAIM UNDER THESE TERMS SHALL NOT EXCEED THE FEES PAID BY YOU IN THE 12 MONTHS PRECEDING THE CLAIM.

12. Indemnification

You agree to indemnify and hold harmless Cyber Risk Architecture LLC and its officers, employees, and contractors from any claims, damages, or expenses (including reasonable legal fees) arising from your violation of these Terms or misuse of the Service.

13. Termination

Either party may terminate these Terms with 30 days' written notice. We may suspend or terminate your access immediately for material breach, non-payment, or activity that poses a security risk to the platform. Upon termination, your Customer Data will be available for export for 30 days, after which it will be deleted.

14. Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict-of-law provisions. Any disputes not resolved by mutual agreement will be submitted to binding arbitration under AAA Commercial Arbitration Rules in Delaware.

15. Changes to Terms

We may modify these Terms at any time. Material changes will be communicated via email or in-app notification at least 30 days before the effective date. Continued use of the Service after the effective date constitutes acceptance of the revised Terms.

16. Contact

Legal inquiries: legal@cyberriskarchitecture.com
General: contact@cyberriskarchitecture.com
Cyber Risk Architecture LLC · United States