Does Cyberbase AI train on your data?

No. Cyberbase AI does not train AI models on customer data. Your security documentation, policies, and questionnaire responses remain completely private. We use your data solely to provide the service you've requested, never to improve our underlying models or for any other purpose.

Does Cyberbase AI provide indemnification?

Yes. Cyberbase AI provides indemnification for intellectual property claims related to our service. Enterprise customers receive comprehensive indemnification coverage as part of their agreement. Contact our sales team for specific terms and coverage details.

Can Cyberbase AI provide a single-tenant architecture for my organization?

Yes. Cyberbase AI offers single-tenant architecture for enterprise customers with strict data isolation requirements. Single-tenant deployments provide dedicated infrastructure, enhanced security controls, and complete data segregation. This option is available on our Enterprise plan.

Does Cyberbase AI have a SOC 2 Type II?

Yes. Cyberbase AI is SOC 2 Type II compliant. Our certification covers security, availability, and confidentiality trust service criteria. We undergo annual audits by an independent third-party auditor. Customers can request our SOC 2 Type II report through our security portal.

How does Cyberbase AI protect data?

Cyberbase AI protects data with enterprise-grade security controls. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. We implement strict access controls, regular security audits, and continuous monitoring. Our infrastructure runs on SOC 2 compliant cloud providers with geographic redundancy.

What models does Cyberbase AI use, and who sees the data?

Cyberbase AI uses the Anthropic ISO 42001-certified models through their Commercial Terms of Service, which prohibit training and have strict data lifecycle management requirements, including data deletion and privacy requirements.

How many subprocessors does Cyberbase AI have?

Cyberbase AI maintains a minimal subprocessor list to reduce third-party risk. As per our Data Protection Addendum, Cyberbase AI only has 3 subprocessors, which include AWS, Google, and Anthropic. Cyberbase AI notifies customers of any subprocessor changes in advance per our data processing agreement.

Terms of Service - Cyberbase.ai | AI Security Automation

Last updated: 02.23.2026 v1.1

The protection of Customer's intellectual property is paramount to the Company. We are committed to ensuring the confidentiality, integrity, and security of Customer Data entrusted to us. Company will never sell, license, or otherwise disclose any portion of Customer Data to third parties except as necessary to provide the Services to you or your organization, and only under strict confidentiality and data protection obligations, nor will we permit any third party to train models or derive insights from Customer Data. The Company will never use Customer Data to train any general-purpose model. Ever.PLEASE READ THESE TERMS CAREFULLY. BY ACCESSING OR USING THE SERVICES PROVIDED BY THE COMPANY, YOU AGREE TO BE BOUND BY THESE TERMS OF SERVICE. IF YOU DO NOT AGREE TO THESE TERMS, YOU MAY NOT ACCESS OR USE THE SERVICES.

1. DEFINITIONS

"Cyberbase.ai" ("Company," "we," "us," or "our") refers to the AI-powered software-as-a-service (SaaS) platform owned and operated by Cyberbase Inc., including all tools, features, functionalities, services, modules, content, documentation, and associated APIs."Customer" ("you," "your") means the individual or legal entity entering into this agreement to use the Services, including all Authorized Users acting on your behalf."Services" means the platform and software provided by the Company that enable automated redlining of contracts, analysis of security requirements, due diligence response automation, security posture monitoring, market requirements mapping, and related support services."Customer Data" means any data, documents, information, metadata, or content that is submitted, uploaded, transmitted, stored, or otherwise made available by or on behalf of Customer through the Services."Output" means any results, analyses, insights, redlines, recommendations, AI-generated summaries, or other information generated by the Services in response to Customer Data."Aggregated Data" means de-identified or anonymized data derived from Customer Data, which is combined with data from other customers and used by the Company for analytics, product development, training, benchmarking, and improving service capabilities."Customer Marks" means Customer's company name, trade name, logo, and trademarks as provided during account registration or otherwise made available to the Company in connection with the Services.

2. ACCESS TO THE SERVICES

Subject to the terms and conditions of this Agreement, the Company grants you a limited, non-exclusive, non-transferable, non-sublicensable, and revocable right to access and use the Services for your internal business operations.You shall ensure that:

All use of the Services by Authorized Users is in compliance with these Terms;
Login credentials are maintained in strict confidence;
You shall promptly notify us of any breach or suspected breach of security or unauthorized access to your account.

The Company reserves the right to suspend or terminate access for any use that, in our reasonable judgment, violates these Terms or jeopardizes the security or performance of the Services.

3. ACCEPTABLE USE

You agree not to:

Attempt to decompile, reverse engineer, copy, frame, mirror, or derive source code or model weights of the Services;
Upload or transmit unlawful, infringing, libelous, obscene, or harmful content;
Use the Services to create competing products;
Introduce malicious software or circumvent security features;
Upload sensitive government-classified data or data subject to export control restrictions without written authorization.

You are solely responsible for ensuring that your use of the Services and submission of Customer Data complies with all applicable laws, regulations, and contractual obligations.

4. CUSTOMER DATA, OUTPUT & AGGREGATED DATA

4.1 Ownership and License

Customer retains all rights, title, and interest in and to Customer Data and Output. You hereby grant the Company a limited, worldwide, non-exclusive, royalty-free license to host, process, analyze, use, reproduce, modify, and display Customer Data solely as necessary to:

Provide and improve the Services;
Generate Output on your behalf;
Create Aggregated Data as defined below.

4.2 Output

You acknowledge and agree that Output is AI-generated and may contain inaccuracies, omissions, or errors. It is your responsibility to review Output for accuracy and completeness prior to relying on it for any decision-making purposes. Output does not constitute legal, security, compliance, or business advice and is provided solely as a facilitative tool.

4.3 Aggregated Data

The Company may, in the ordinary course of providing Services, generate Aggregated Data derived from Customer Data. Such Aggregated Data is used solely in a de-identified and anonymized form and is designed to ensure that neither Customer nor any individual data subject can be identified, re-identified, or reasonably associated with such data.Aggregated Data may be used internally by the Company to enhance overall system intelligence, measure system usage patterns, maintain and improve service functionality, and better understand general industry trends. Aggregated Data will not contain any Customer-identifiable information, will not be reverse engineered to infer Customer-specific inputs or outputs, and will not be used to train, retrain, fine-tune, or otherwise inform any machine learning or artificial intelligence models, unless Customer has explicitly agreed to such use in a separate, written agreement.The Company retains all rights, title, and interest in Aggregated Data, provided it remains in a form that is non-attributable to Customer and does not compromise the confidentiality of Customer Data.All Aggregated Data will be de-identified such that it cannot reasonably be used to identify you or any natural person and shall be owned exclusively by the Company.You grant us a perpetual, irrevocable, worldwide, royalty-free license to use, reproduce, modify, distribute, and display Aggregated Data for any lawful business purpose.

5. DATA SECURITY AND PRIVACY

The Company will maintain administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of Customer Data, consistent with the ISO 27001 standard and the AICPA’s System and Organization Controls (SOC) framework.

Customer Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent).
Access to Customer Data is limited to personnel with a need-to-know, under confidentiality obligations.
We will notify you without undue delay if we become aware of any unauthorized access, use, or disclosure of your Customer Data.
For details, please review our Privacy Policy.

6. SERVICE LEVEL AGREEMENT (SLA)

The Company targets a monthly uptime percentage of 99.5%. Uptime excludes scheduled maintenance, force majeure events, and outages due to third-party service providers.

Maintenance: Planned maintenance will be announced with at least 24 hours' notice.
Service Credits: In the event of service interruption below SLA, your sole remedy is a credit toward future services equal to a prorated portion of the applicable subscription fees.
Support: Email support is provided to all customers during business hours. Enterprise customers may receive enhanced SLAs as defined in their Order Form.

7. FEES & PAYMENT

All fees are payable as specified in your Order Form or subscription portal.

Invoicing and Payment: Invoices are due within 30 days of issuance unless otherwise specified. Payments not received when due are subject to interest at 1.5% per month or the maximum allowed by law.
Non-Payment: We may suspend Services for unpaid amounts upon 5 days' written notice.
Taxes: You are responsible for all applicable sales, use, VAT, and other taxes or duties, excluding our income taxes.

8. TERM & TERMINATION

These Terms commence upon your acceptance and remain in effect for the duration of your subscription unless terminated earlier in accordance with this section.

Either party may terminate these Terms for material breach upon 30 days' written notice if the breach is not cured.
Upon expiration or termination, access to the Services will cease. You will have 30 days to request export of your Customer Data in a standard format.
Sections 3, 4, 5, 9, 10, 11, 12, 13, 14, and 16 shall survive termination.

9. INTELLECTUAL PROPERTY

The Company and its licensors retain all intellectual property rights in the Services, including but not limited to software, models, algorithms, user interface designs, and documentation.You agree not to:

Copy, modify, distribute, or create derivative works of the Services;
Use any trademarks, service marks, or branding without our prior written consent.

Any feedback or suggestions you provide may be used by us without restriction, attribution, or compensation.Customer's grant of rights in Customer Marks under Section 10 (Publicity Rights) is separate from and does not affect any intellectual property rights of either party under this Section 9.

10. PUBLICITY RIGHTS

10.1 Grant of Rights. Customer hereby grants the Company a limited, non-exclusive, non-transferable, royalty-free license to use Customer Marks on the Company's website, in marketing and promotional materials, in customer lists, and in investor or sales materials, solely to identify Customer as a user of the Services. The Company shall: (a) use Customer Marks in accordance with Customer's trademark usage guidelines, to the extent such guidelines have been provided to the Company in writing; (b) not alter, distort, or modify Customer Marks except to resize proportionally; and (c) not use Customer Marks in any manner that implies Customer's endorsement, sponsorship, or affiliation with the Company beyond the actual customer relationship.10.2 Extended Use. Any use of Customer Marks beyond the scope described in Section 10.1 — including but not limited to case studies, testimonials, press releases, or conference presentations featuring Customer — shall require Customer's separate prior written consent.10.3 Opt-Out. The Customer may opt out of the use described in Section 10.1 at any time by sending written notice to legal@cyberbase.ai. The Company will cease such use within fifteen (15) business days of receiving the opt-out request and will confirm removal in writing.10.4 Termination of Rights. The rights granted under this Section 10 shall terminate automatically upon the earlier of: (a) termination or expiration of Customer's subscription to the Services; or (b) the Company's receipt of a valid opt-out request pursuant to Section 10.3. Following termination of these rights, the Company shall have a thirty (30) day wind-down period to remove Customer Marks from materials already in circulation or production.10.5 Ownership. For the avoidance of doubt, Customer retains all right, title, and interest in and to Customer Marks. Nothing in this Section shall be construed as an assignment of any rights in Customer Marks to the Company.10.6 Applicability. The rights granted under this Section 10 shall apply to all Customers who have created an account and actively used the Services. For the avoidance of doubt, these rights apply regardless of whether a Customer is on a free, beta, early access, or paid plan.

11. CONFIDENTIALITY

Each party agrees to use the same degree of care it uses to protect its own confidential information (but in no event less than reasonable care) to protect the other party's confidential information.Confidential information does not include information that is:

Publicly available through no fault of the receiving party;
Known to the receiving party prior to disclosure;
Independently developed without reference to the disclosing party's information;
Disclosed under legal compulsion, with prompt notice to the disclosing party where legally permitted;
Used by the Company solely in accordance with Section 10 (Publicity Rights), limited to Customer Marks as defined herein.

Obligations survive for a period of three (3) years following termination.

12. INDEMNIFICATION

By Customer

You shall defend, indemnify, and hold harmless the Company and its officers, directors, employees, and agents from any claims, damages, liabilities, or expenses arising from:

Your use of the Services;
Violation of these Terms;
Customer Data or Output shared with third parties;
Allegations that Customer Data violates law or infringes third-party rights.

By Company

We will indemnify you from any third-party claim that the Services infringe any U.S. intellectual property right, provided that:

You promptly notify us;
You allow us sole control of defense and settlement;
You reasonably cooperate.

Our obligations do not apply to claims arising from unauthorized modifications, combinations with third-party content, or your data.

13. WARRANTY & DISCLAIMERS

We warrant that:

The Services will materially conform to documentation;
Support will be delivered in a professional and workmanlike manner.

EXCEPT AS EXPRESSLY STATED, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." WE DISCLAIM ALL IMPLIED WARRANTIES INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. OUTPUT MAY BE INACCURATE OR INCOMPLETE. YOU USE THE SERVICES AND OUTPUT AT YOUR OWN RISK.

14. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

COMPANY'S TOTAL CUMULATIVE LIABILITY UNDER THESE TERMS SHALL NOT EXCEED THE AMOUNTS PAID BY YOU TO US IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
NEITHER PARTY SHALL BE LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOST PROFITS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

These limitations shall not apply to liability for gross negligence, willful misconduct, or indemnified claims.

15. COMPLIANCE & EXPORT CONTROLS

You represent that you are not located in, under the control of, or a national or resident of any country subject to embargo or sanctions under U.S. law.You shall not use the Services to process or transmit data that is subject to the International Traffic in Arms Regulations (ITAR) or other restricted data without our prior written consent.

16. GOVERNING LAW & DISPUTE RESOLUTION

These Terms shall be governed by the laws of the State of California, excluding its conflict of laws rules. Any legal action or proceeding shall be brought in the state or federal courts located in Santa Clara County, California.Each party hereby irrevocably submits to the exclusive jurisdiction of such courts and waives any jurisdictional, venue, or inconvenient forum objections.

17. MISCELLANEOUS

Entire Agreement: These Terms, any Order Forms, and our Privacy Policy constitute the entire agreement.
Waiver & Severability: Failure to enforce a provision shall not constitute a waiver. If any provision is held unenforceable, the remainder shall remain in full force.
Force Majeure: Neither party shall be liable for delay or failure due to events beyond reasonable control.
Assignment: You may not assign these Terms without our written consent. We may assign freely in connection with a merger or sale.
Amendments: We may update these Terms from time to time. We will notify you of material changes, and continued use constitutes acceptance.

For questions or legal notices, contact: legal@cyberbase.ai