Terms of Service
These Terms of Service (“Terms”) govern access to and use of the Cyberion EDR platform operated by Cyberion Security (“Provider”, “we”, “us”). By accessing the website, submitting an access request, installing an agent, or using the management console, you agree to these Terms. If you use the Service on behalf of an organization, you represent that you have authority to bind that organization.
1. Definitions
- Service — the Cyberion EDR website, console, APIs, agents, detection engine, investigation tools, vulnerability features, and related documentation.
- Customer — the organization that has been granted access to deploy agents and use the console.
- Authorized User — an individual with credentials issued by the Customer.
- Agent — software installed on endpoints to send telemetry and execute authorized response actions.
- Customer Data — telemetry, alerts, configurations, and other data submitted to or generated through the Service on behalf of the Customer.
2. Eligibility and access
The Service is offered for professional and enterprise security use. Access may require approval. You must provide accurate information in access requests and keep account credentials confidential. You are responsible for all activity under your account. Notify us immediately at soc@cyberion.security if you suspect unauthorized access.
3. Service description
Cyberion EDR provides endpoint visibility, threat detection, alerting, investigation, optional automated playbooks, host-based vulnerability assessment, and audit capabilities. Features may change over time. We may apply maintenance, updates, or limits (including rate limits on APIs) to protect the Service.
The Service is a security tool, not a guarantee. We do not warrant that all threats, vulnerabilities, or malicious activity will be detected, blocked, or remediated. You remain responsible for your security posture, backups, incident response, and compliance obligations.
4. Customer responsibilities
The Customer and its Authorized Users shall:
- Deploy agents only on systems they own or are authorized to monitor;
- Maintain lawful basis (including notices to personnel) for processing personal data via agents;
- Configure detection rules, playbooks, and retention appropriately for their risk and regulatory requirements;
- Protect agent tokens, API keys, and console credentials;
- Not use the Service to attack, probe, or disrupt systems without authorization;
- Comply with applicable export control, sanctions, and cybersecurity laws.
5. Agent license
Subject to these Terms and any separate agreement with the Customer, we grant a limited, non-exclusive, non-transferable license to install and run Agents solely to use the Service. You may not reverse engineer, sublicense, or remove proprietary notices except as permitted by mandatory law.
6. Acceptable use
You must not:
- Interfere with or overload the Service (including circumventing rate limits or authentication);
- Upload malware or use the Service to distribute harmful code;
- Access another Customer’s data or organizations without authorization;
- Use the Service for illegal surveillance or harassment;
- Misrepresent your identity or affiliation when requesting access.
We may suspend or terminate access for material breach of acceptable use.
7. Playbooks and automated response
Remediation playbooks may recommend or execute actions on endpoints (e.g. process termination, isolation) according to
Customer configuration. The Customer accepts risk of operational impact from such actions. Where
approval_required or similar guardrails exist, the Customer is responsible for reviewing actions before
execution. Provider is not liable for downtime or data loss caused by Customer-approved playbook execution except
as stated in Section 14.
8. Data protection
Processing of personal data is described in our Privacy Policy. Where the Customer is controller and Provider is processor, the parties will execute a data processing agreement (DPA) upon request. Customer Data remains the property of the Customer. We process Customer Data only to provide and improve the Service, support security, and comply with law.
9. Confidentiality
Each party may receive confidential information of the other. The receiving party will protect it with reasonable care and use it only for the purpose of the relationship, except as required by law or with consent.
10. Intellectual property
We retain all rights in the Service, software, documentation, and branding. No rights are granted except as expressly stated. Feedback may be used to improve the Service without obligation to you.
11. Third-party services
The Service may integrate with third-party APIs (e.g. vulnerability databases, webhooks, SMTP, optional LLM providers for analyst assist). Those services are governed by their own terms. Enabling integrations is at the Customer’s risk and configuration.
12. Availability and support
Unless otherwise agreed in writing, the Service is provided on a commercially reasonable efforts basis without guaranteed uptime. Support channels and response times may be defined in a separate support agreement or access letter.
13. Disclaimer of warranties
TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ACCURACY OF DETECTION RESULTS.
14. Limitation of liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW:
- NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL;
- PROVIDER’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF (A) AMOUNTS PAID BY THE CUSTOMER TO PROVIDER FOR THE SERVICE IN THE TWELVE (12) MONTHS BEFORE THE CLAIM, OR (B) ONE THOUSAND EUROS (€1,000), EXCEPT WHERE LIABILITY CANNOT BE LIMITED BY LAW;
- Nothing limits liability for death or personal injury caused by negligence, fraud, or willful misconduct.
15. Indemnification
The Customer will defend and indemnify Provider against third-party claims arising from (a) Customer Data or Customer’s use of the Service in breach of these Terms, (b) unlawful deployment of agents, or (c) playbook actions configured by the Customer, except to the extent caused by Provider’s gross negligence or willful misconduct.
16. Term and termination
These Terms apply while you use the Service. Either party may terminate access for convenience or breach with notice where a separate contract does not specify otherwise. Upon termination, access credentials and agents should be decommissioned. We may retain Customer Data as required by law or backup cycles, then delete per our retention policy.
17. Export and sanctions
You may not use the Service in violation of export control or sanctions laws. You represent that you are not located in, or controlled by, a party subject to comprehensive embargoes prohibiting such use.
18. Governing law and disputes
These Terms are governed by the laws of France, without regard to conflict-of-law rules. Courts located in France shall have exclusive jurisdiction, unless mandatory consumer protection rules require otherwise. Before litigation, the parties will attempt in good faith to resolve disputes within thirty (30) days of written notice to legal@cyberion.security.
19. Changes
We may modify these Terms. Continued use after the effective date of updated Terms constitutes acceptance. Material changes to Customers under contract may require separate notice as agreed.
20. General
- Entire agreement — These Terms, the Privacy Policy, and any signed order or DPA constitute the agreement for use of the Service.
- Severability — If a provision is unenforceable, the remainder stays in effect.
- Assignment — You may not assign these Terms without our consent; we may assign to an affiliate or successor.
- Force majeure — Neither party is liable for delays due to events beyond reasonable control.
21. Contact
Legal notices: legal@cyberion.security
Security: soc@cyberion.security