Terms of Service

These Terms of Service (“Terms”) form a binding agreement between CymBytes Technologies Private Limited, a company incorporated in India (“CymBytes”, “we”, “us” or “our”), and the individual or legal entity (“you” or “Customer”) accessing or using the CymBytes cyber range platform, websites, APIs, content, and related services (collectively, the “Service”).

By creating an account, clicking “I agree”, executing an order form that references these Terms, or otherwise using the Service, you accept these Terms. If you are accepting on behalf of an organization, you represent that you have authority to bind that organization, and references to “you” mean both you and that organization.

You must be at least 18 years old and able to enter into a binding contract to use the Service. You are responsible for maintaining the confidentiality of your credentials, for all activity under your account, and for ensuring that anyone you invite as an authorized user complies with these Terms.

You agree to provide accurate registration information, keep it current, and promptly notify us at support@cymbytes.com of any suspected unauthorized access. We may suspend or close accounts that we reasonably believe are compromised, fraudulent, or in violation of these Terms.

Access to the Service is provided on a subscription basis under the plan, term, and fees specified in your order form or on our pricing pages. Unless otherwise stated, fees are quoted exclusive of applicable taxes (including GST), which you are responsible for paying.

Trial or evaluation access, where offered, is provided on an “as is” basis without warranty and may be modified or terminated by us at any time. Subscriptions renew automatically for successive terms equal to the initial term unless either party gives written notice of non-renewal at least thirty (30) days before the end of the then-current term. Except where required by law, fees are non-refundable once paid.

The Service is intended for lawful cybersecurity training, exercises, research, and assessment within isolated environments we provision for you. You agree not to, and not to permit any user to:

• use techniques learned in or tools provided through the Service to attack, disrupt, scan, or gain unauthorized access to any system, network, account, or data outside of the lab environments we allocate to you;
• exfiltrate, redistribute, or publish lab content, scenarios, answer keys, scoring logic, or other proprietary material, including via screen recording, scraping, or AI training;
• interfere with the integrity or performance of the Service, including by stress-testing, bypassing quotas, evading metering, or attempting to escape from a lab environment;
• use the Service to violate any law, infringe intellectual property rights, transmit malware that is not part of an authorized lab payload, or harass any person; or
• reverse engineer, decompile, or otherwise attempt to derive source code from the Service except to the extent expressly permitted by applicable law notwithstanding this restriction.

We may investigate suspected violations and suspend access without notice where we believe immediate action is necessary to protect the Service or our customers.

You retain all rights in the content, reports, configurations, and other materials you upload to or generate within the Service (“Customer Content”). You grant us a worldwide, non-exclusive, royalty-free license to host, process, transmit, and display Customer Content solely as needed to provide and support the Service, to enforce these Terms, and to comply with law.

You are responsible for the accuracy and legality of Customer Content and for ensuring you have the rights to submit it. Our handling of personal data is described in our Privacy Policy.

The Service, including lab scenarios, attack chains, scoring rubrics, software, documentation, designs, and trademarks, is owned by CymBytes or its licensors and is protected by intellectual property laws. Subject to these Terms and timely payment of fees, we grant you a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Service during your subscription term for your internal training and assessment purposes.

We welcome feedback. If you provide suggestions or ideas about the Service, you grant us a perpetual, irrevocable, royalty-free license to use them without restriction or obligation to you.

We may make pre-release features, labs, or AI capabilities available to you on a beta or early-access basis. Beta features are provided “as is”, may be changed or withdrawn at any time, and are excluded from any service level commitments. You agree to treat information about beta features as confidential until we make it generally available.

The Service runs on third-party cloud infrastructure and integrates with third-party identity, telemetry, and AI providers. Your use of the Service is subject to the operational and security characteristics of those providers. We are not responsible for, and do not warrant, the availability or performance of third-party services outside our control.

We will provide the Service with reasonable skill and care and in substantial conformance with its published documentation. Except as expressly stated in these Terms, the Service is provided on an “as is” and “as available” basis.

To the maximum extent permitted by law, CymBytes disclaims all other warranties, whether express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement, and any warranties arising out of course of dealing or usage of trade. We do not warrant that the Service will be uninterrupted, error-free, or that it will detect or prevent every security threat.

To the maximum extent permitted by law, neither party will be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, goodwill, or data, even if advised of the possibility of such damages.

Each party’s total aggregate liability arising out of or relating to these Terms will not exceed the fees paid or payable by you to CymBytes for the Service in the twelve (12) months immediately preceding the event giving rise to the claim. These limitations apply regardless of the form of action, whether in contract, tort, or otherwise. Nothing in these Terms excludes liability that cannot be excluded under applicable law.

You agree to defend, indemnify, and hold CymBytes and its affiliates, officers, employees, and agents harmless from any third-party claims, damages, liabilities, and expenses (including reasonable legal fees) arising out of (a) your or your users’ use of the Service in violation of these Terms or applicable law, (b) Customer Content, or (c) your infringement or misappropriation of any third-party right.

These Terms remain in effect for so long as you use the Service. Either party may terminate for material breach if the breach is not cured within thirty (30) days after written notice. We may suspend access immediately to protect the Service or comply with law.

On termination, your right to use the Service ends, and we may delete Customer Content after a reasonable retention period. Sections that by their nature should survive termination (including those on intellectual property, disclaimers, liability, indemnity, and governing law) will survive.

We may update the Service and these Terms from time to time. If we make material changes to these Terms, we will provide reasonable advance notice (for example, by email to your account contact or via an in-app notice). Continued use of the Service after the effective date of a change constitutes acceptance of the updated Terms.

You acknowledge that the Service includes content, tools, and techniques relating to cybersecurity and is subject to applicable export, sanctions, and trade laws, including those of India and the United States. You represent and warrant that you, your organization, and each of your authorized users:

• are not located in, organized under the laws of, ordinarily resident in, or a national of any country or region that is the target of comprehensive economic sanctions (currently including Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, Luhansk, Zaporizhzhia, and Kherson regions of Ukraine);
• are not on, and are not owned 50% or more or otherwise controlled by any party on, the U.S. Treasury Department’s Specially Designated Nationals (SDN) and Blocked Persons List, the U.S. Department of Commerce’s Denied Persons List or Entity List, or any equivalent list maintained by the Government of India, the United Kingdom, the European Union, or the United Nations;
• will not use the Service in connection with the design, development, production, stockpiling, or use of nuclear, chemical, or biological weapons, missile technology, or other weapons of mass destruction;
• will use techniques, payloads, exploits, and tooling provided through or learned from the Service only within the isolated lab environments we allocate to you or against systems you are independently authorized in writing to test, and will comply with all applicable computer-misuse, unauthorized-access, and wiretap laws;
• will not use the Service to perform offensive operations on behalf of a government, intelligence service, or military organization of any sanctioned country; and
• will not export, re-export, transfer, or make available the Service, or any output, content, lab artifact, or derivative work generated through it, in violation of applicable export-control or sanctions laws.

We may screen accounts, payment instruments, and IP addresses against sanctions and export-control lists, and may refuse, suspend, or terminate access at any time if we determine in our reasonable judgment that continued provision of the Service would breach these representations or applicable law. You agree to notify us promptly at legal@cymbytes.com if any of the representations in this Section become inaccurate.

These Terms are governed by the laws of India, without regard to its conflict-of-laws rules. The parties submit to the exclusive jurisdiction of the competent courts located in Bengaluru, Karnataka, India, for any dispute arising out of or relating to these Terms or the Service, except that either party may seek injunctive relief in any court of competent jurisdiction to protect its intellectual property or confidential information.

These Terms, together with any order form and our Privacy Policy, are the entire agreement between the parties regarding the Service and supersede all prior agreements on the subject. If any provision is held unenforceable, the remaining provisions remain in effect. Neither party may assign these Terms without the other’s consent, except that we may assign to an affiliate or in connection with a merger, acquisition, or sale of assets. Failure to enforce any provision is not a waiver of future enforcement. Notices to CymBytes should be sent to legal@cymbytes.com.