Master Service Agreement
Service Provider
Cynetix LLC
Cyber Intelligence & Network Defense
contact@cynetix.io
Client
Company Name:
Address:
Billing Contact:
Services
1.1 Scope of Services
Cynetix shall provide cybersecurity services including, but not limited to, network penetration testing, web application security testing, mobile application security assessments, red team operations, cloud security assessments, and social engineering simulations, as specified in each SOW. Each SOW shall be incorporated into and governed by this Agreement.
1.2 Statements of Work
Each engagement shall be defined in a separate SOW executed by authorized representatives of both parties. In the event of a conflict between this Agreement and any SOW, the SOW shall control with respect to the specific engagement, unless expressly stated otherwise.
1.3 Change Orders
Any changes to the scope of an active engagement must be agreed to in writing by both parties via a signed Change Order before Cynetix is obligated to perform such additional work.
Client Responsibilities
Client agrees to:
- Provide accurate and complete information regarding in-scope systems, networks, and assets prior to each engagement;
- Obtain all necessary authorizations, permissions, and consents from system owners, cloud providers, hosting providers, and any third parties whose systems may be tested;
- Designate a primary technical point of contact reachable throughout the testing period;
- Notify Cynetix immediately of any scheduled maintenance, system changes, or incidents that may affect the engagement;
- Provide timely responses to questions or requests for information necessary to complete the engagement;
- Ensure that Cynetix's activities under this Agreement do not violate any applicable law, regulation, or third-party agreement to which Client is a party.
Fees and Payment
3.1 Fees
Fees for each engagement shall be set forth in the applicable SOW. All fees are stated in United States Dollars (USD) and are exclusive of applicable taxes.
3.2 Payment Schedule
Unless otherwise specified in the SOW, payment terms are as follows:
- 50% of the total engagement fee is due upon execution of the applicable SOW and Rules of Engagement ("Kickoff Payment");
- 50% of the total engagement fee is due upon delivery of the final report ("Completion Payment").
3.3 Late Payments
Invoices not paid within thirty (30) days of the due date shall accrue interest at the rate of 1.5% per month (or the maximum rate permitted by applicable law, whichever is less). Cynetix reserves the right to suspend services for accounts more than fifteen (15) days past due.
3.4 Expenses
Unless included in the SOW fee, reasonable and pre-approved out-of-pocket expenses (travel, lodging, per diem) shall be reimbursed by Client within thirty (30) days of invoice.
3.5 Cancellation
If Client cancels or postpones a confirmed engagement with fewer than ten (10) business days' notice, the Kickoff Payment is non-refundable. If cancellation occurs after testing has commenced, Client shall pay for all work performed to date at Cynetix's standard hourly rates.
Confidentiality
Each party agrees to maintain the confidentiality of the other party's Confidential Information as defined in any executed Non-Disclosure Agreement between the parties, or, in the absence of such an agreement, as defined herein. "Confidential Information" includes all non-public information relating to either party's business, technology, security posture, vulnerabilities, and engagement findings. Cynetix shall not disclose Client's vulnerabilities or assessment results to any third party without Client's prior written consent. Confidentiality obligations shall survive termination of this Agreement for five (5) years.
Intellectual Property
5.1 Client Data
All Client data, systems, and infrastructure information remain the sole property of Client. Cynetix acquires no ownership rights in Client data by virtue of this Agreement.
5.2 Deliverables
Upon receipt of full payment, Cynetix grants Client a non-exclusive, perpetual license to use the written reports and deliverables produced for Client under this Agreement for Client's internal security purposes.
5.3 Cynetix Tools and Methodologies
All tools, scripts, methodologies, frameworks, and know-how developed or used by Cynetix remain the sole and exclusive property of Cynetix, regardless of whether they were used or referenced in the delivery of services to Client. Nothing in this Agreement transfers ownership of Cynetix's pre-existing or independently developed intellectual property.
Representations and Warranties
6.1 By Cynetix
Cynetix represents and warrants that: (a) it has the authority to enter into this Agreement; (b) services will be performed by qualified personnel in a professional manner consistent with industry standards; and (c) Cynetix will comply with all applicable laws in the performance of services.
6.2 By Client
Client represents and warrants that: (a) it has the authority to enter into this Agreement; (b) it owns or has obtained all necessary authorizations for all systems included in any SOW; (c) engaging Cynetix does not violate any applicable law or third-party agreement; and (d) the information provided to Cynetix regarding in-scope systems is accurate and complete.
6.3 Disclaimer
EXCEPT AS EXPRESSLY SET FORTH HEREIN, CYNETIX PROVIDES ALL SERVICES "AS IS" AND DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CYNETIX DOES NOT WARRANT THAT TESTING WILL IDENTIFY ALL VULNERABILITIES OR THAT CLIENT'S SYSTEMS WILL BE SECURE FOLLOWING REMEDIATION.
Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:
- CYNETIX'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT OR ANY SOW SHALL NOT EXCEED THE TOTAL FEES PAID BY CLIENT FOR THE SPECIFIC ENGAGEMENT GIVING RISE TO THE CLAIM IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM;
- IN NO EVENT SHALL CYNETIX BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, BUSINESS, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES;
- CYNETIX SHALL NOT BE LIABLE FOR ANY SYSTEM DOWNTIME, DATA LOSS, OR SERVICE DISRUPTION CAUSED BY TESTING ACTIVITIES CONDUCTED WITHIN THE AUTHORIZED SCOPE DEFINED IN THE ROE AND SOW.
Indemnification
Client shall indemnify, defend, and hold harmless Cynetix and its officers, employees, agents, and contractors from and against any claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to: (a) Client's breach of this Agreement; (b) Client's failure to obtain necessary third-party authorizations; (c) Client's gross negligence or willful misconduct; or (d) any claim by a third party arising from Client's use of the deliverables in a manner inconsistent with this Agreement.
Term and Termination
9.1 Term
This Agreement commences on the Effective Date and continues for a period of one (1) year, automatically renewing for successive one-year terms unless either party provides sixty (60) days' written notice of non-renewal.
9.2 Termination for Cause
Either party may terminate this Agreement or any SOW immediately upon written notice if the other party: (a) materially breaches this Agreement and fails to cure such breach within fifteen (15) days of written notice; (b) becomes insolvent or makes an assignment for the benefit of creditors; or (c) violates any applicable law in connection with this Agreement.
9.3 Effect of Termination
Upon termination, Cynetix shall cease all testing activities. Client shall pay for all services rendered up to the date of termination. Sections 4, 5, 7, 8, 10, and 11 shall survive any termination or expiration of this Agreement.
Compliance and Legal Authorization
The parties acknowledge that penetration testing involves simulated cyberattack activities that would otherwise be unlawful without proper authorization. Client expressly authorizes Cynetix to conduct all activities described in each SOW and Rules of Engagement solely against the systems identified therein, and represents that all such systems are owned by or under the lawful control of Client. Cynetix shall conduct all services in compliance with applicable computer fraud and abuse laws, including but not limited to the Computer Fraud and Abuse Act (18 U.S.C. § 1030) and applicable state laws.
General Provisions
- Governing Law. This Agreement is governed by the laws of the State of Florida, without regard to conflicts of law principles.
- Dispute Resolution. Disputes shall be resolved by binding arbitration per the AAA Commercial Rules. Each party waives the right to a jury trial.
- Independent Contractors. The parties are independent contractors. Nothing herein creates an employment, partnership, or joint venture relationship.
- Non-Solicitation. During the term and for one (1) year thereafter, neither party shall solicit or hire the other's employees or contractors who were involved in the engagement.
- Force Majeure. Neither party is liable for delays caused by circumstances beyond its reasonable control.
- Assignment. Client may not assign this Agreement without Cynetix's prior written consent. Cynetix may assign this Agreement in connection with a merger, acquisition, or sale of substantially all its assets.
- Notices. All notices must be in writing and delivered by email with confirmation of receipt or by certified mail.
- Entire Agreement. This Agreement, together with all SOWs, ROEs, and any executed NDA, constitutes the entire agreement between the parties and supersedes all prior negotiations and understandings.
- Counterparts / Electronic Signatures. This Agreement may be signed electronically or in counterparts, each of which shall constitute an original.
Signatures
By signing below, each party agrees to be bound by the terms of this Master Service Agreement.