Master Service Agreement

This Master Service Agreement (“Agreement” or “MSA”) governs the provision and use of services provided by MRB CORPORATION LIMITED trading as CyberSiARA (“CyberSiARA”, “we”, “our”, or “us”) to customers (“Customer”, “you”, or “your”).

By accessing, purchasing, implementing, or using CyberSiARA services, the Customer agrees to the terms of this Agreement.

If this Agreement conflicts with a signed Order Form, Statement of Work, Data Processing Addendum, Service Level Agreement, or other written agreement between the parties, the signed written agreement shall take priority.

1. About CyberSiARA

CyberSiARA provides AI-powered cybersecurity technologies, including behavioural analysis, bot mitigation, human verification, fraud prevention, and related security services designed to help organisations protect websites, applications, APIs, authentication systems, and digital environments against automated abuse, malicious activity, and cyber threats.

2. Scope of Services

CyberSiARA may provide services including:

• AI-powered bot protection;
• behavioural analysis technologies;
• human verification services;
• API integrations;
• dashboards and reporting;
• onboarding and implementation support;
• threat detection and prevention services;
• technical support and related cybersecurity services.

Specific services, pricing, onboarding scope, support terms, and commercial terms may be defined separately through:

• quotations;
• order forms;
• Statements of Work (“SOWs”);
• subscription plans;
• invoices;
• or separate written agreements.

3. Customer Responsibilities

The Customer agrees to:

• provide accurate information reasonably required for onboarding and service delivery;
• maintain appropriate security controls within its own systems and environments;
• comply with applicable laws and regulations;
• cooperate reasonably with CyberSiARA during implementation and support activities;
• ensure authorised use of the services by its personnel, contractors, and users.

The Customer remains responsible for:

• its internal systems;
• endpoint security;
• account credentials;
• user access management;
• customer-side configuration;
• and compliance obligations applicable to its business operations.

4. Acceptable Use

The Customer shall not use CyberSiARA services:

• for unlawful, fraudulent, abusive, or malicious activities;
• to violate the rights of others;
• to distribute malware or harmful code;
• to conduct unauthorised attacks, penetration attempts, scanning, or abusive automation;
• to interfere with systems, networks, accounts, data, or services;
• to reverse engineer, decompile, or attempt to extract source code from CyberSiARA technologies unless permitted by applicable law;
• in breach of applicable laws or regulations.

CyberSiARA reserves the right to suspend or restrict services where serious misuse, abuse, unlawful activity, or security risks are reasonably identified.

5. Service Availability and Support

CyberSiARA will use commercially reasonable efforts to maintain service availability and platform reliability.

Planned maintenance, security updates, emergency maintenance, infrastructure events, third-party service interruptions, or events outside CyberSiARA’s reasonable control may occasionally affect service availability.

Where applicable, service levels, support response targets, and uptime commitments may be governed by separate Service Level Agreements (“SLAs”) or written customer agreements.

6. Security and Compliance

CyberSiARA maintains commercially reasonable administrative, technical, and organisational safeguards designed to protect platform integrity, customer environments, and service availability.

Security measures may include:

• encrypted communications;
• access controls;
• infrastructure monitoring;
• vulnerability management;
• secure cloud hosting;
• logging and alerting mechanisms;
• operational security procedures.

CyberSiARA may periodically update or improve security controls in response to evolving cybersecurity threats, operational requirements, legal requirements, or industry standards.

CyberSiARA will notify affected customers without undue delay where it becomes aware of a confirmed security incident that materially affects the confidentiality, integrity, or availability of customer data processed by CyberSiARA, subject to applicable laws and contractual obligations.

7. Audit and Compliance Information

Upon reasonable request and subject to appropriate confidentiality obligations, CyberSiARA may provide information reasonably necessary to demonstrate compliance with applicable security and data protection obligations.

Any audit rights, security reviews, or compliance assessments shall be subject to reasonable notice, scope, frequency, and confidentiality restrictions, and shall not compromise CyberSiARA’s systems, security, other customers, or confidential information.

8. Privacy and Data Protection

CyberSiARA is committed to maintaining responsible privacy and data protection practices.

Where CyberSiARA processes personal data on behalf of the Customer, such processing shall be governed by:

• applicable privacy and data protection laws;
• this Agreement;
• the CyberSiARA Privacy Policy;
• and, where applicable, separate Data Processing Addendums (“DPAs”).

CyberSiARA’s services are designed to minimise unnecessary collection of personal data and to support privacy-conscious security practices wherever reasonably possible.

The Customer remains responsible for:

• determining its own lawful basis for processing;
• providing required privacy notices;
• obtaining required consents where applicable;
• configuring the services appropriately;
• and complying with applicable privacy and data protection laws.

9. Subprocessors

CyberSiARA may use carefully selected third-party service providers, infrastructure providers, cloud providers, software providers, or subprocessors to support delivery, operation, hosting, monitoring, maintenance, and improvement of the services.

Where CyberSiARA engages subprocessors to process personal data on behalf of the Customer, CyberSiARA will ensure that appropriate contractual obligations are in place requiring such subprocessors to protect personal data in accordance with applicable data protection laws and the relevant Data Processing Addendum, where applicable.

CyberSiARA remains responsible for using reasonable care in the selection and management of subprocessors used to support the services.

10. Confidentiality

Each party agrees to treat non-public information disclosed in connection with this Agreement as confidential.

Confidential information shall not be disclosed to third parties except:

• where required by law;
• with prior written consent;
• to authorised personnel, advisers, contractors, or subcontractors who are subject to appropriate confidentiality obligations;
• or where reasonably necessary to perform obligations under this Agreement.

This obligation does not apply to information that:

• is publicly available through no breach of confidentiality;
• was already lawfully known;
• is lawfully received from a third party without confidentiality restrictions;
• or is independently developed without use of confidential information.

11. Intellectual Property

CyberSiARA retains all rights, title, and interest in and to:

• its software;
• technologies;
• platforms;
• algorithms;
• trademarks;
• intellectual property;
• documentation;
• know-how;
• and related materials.

No ownership rights are transferred to the Customer under this Agreement.

The Customer retains ownership of its own systems, data, content, and intellectual property.

Subject to payment of applicable fees and compliance with this Agreement, CyberSiARA grants the Customer a limited, non-exclusive, non-transferable right to access and use the services during the applicable subscription or service period.

12. Third-Party Services

CyberSiARA services may rely on or integrate with third-party infrastructure, cloud providers, software, or technology services.

CyberSiARA is not responsible for:

• failures caused by third-party providers;
• internet connectivity issues;
• customer infrastructure failures;
• customer-side misconfiguration;
• or events outside CyberSiARA’s reasonable control.

13. Fees and Payment

Fees, subscription terms, onboarding costs, and payment schedules shall be defined in applicable quotations, order forms, invoices, subscription plans, or separate commercial agreements.

The Customer shall pay all undisputed invoices in accordance with the agreed payment terms.

Failure to pay undisputed invoices within agreed payment terms may result in suspension of services.

Unless otherwise agreed in writing, fees are non-refundable except where required by applicable law or expressly stated in a written agreement.

14. Suspension and Termination

CyberSiARA may suspend or terminate services where:

• this Agreement is materially breached;
• payment obligations are not met;
• unlawful activity is identified;
• continued use presents operational, reputational, legal, or security risks;
• or suspension is required to protect CyberSiARA, the Customer, users, infrastructure, or third parties.

Either party may terminate services in accordance with applicable contractual terms or separate written agreements.

Upon termination:

• access to services may be disabled;
• customer access credentials may be revoked;
• outstanding fees may become payable;
• and applicable customer data handling processes may be completed in accordance with contractual or legal obligations.

Upon termination or expiry of the services, CyberSiARA will return, delete, or make unavailable customer data in accordance with the applicable agreement, Data Processing Addendum, legal requirements, and CyberSiARA’s retention practices.

Backup or archived copies may remain for a limited period where required for legal, security, continuity, or technical reasons, provided they remain protected and are deleted in accordance with CyberSiARA’s normal retention processes.

15. Limitation of Liability

To the maximum extent permitted by applicable law, CyberSiARA shall not be liable for any indirect, incidental, consequential, special, punitive, or loss-of-profit damages arising out of or related to the services.

CyberSiARA’s total aggregate liability arising out of or related to the services shall not exceed the total amount paid by the Customer to CyberSiARA for the applicable services during the twelve (12) months immediately preceding the event giving rise to the claim.

For free services, demonstrations, evaluations, pilots, proofs of concept, or trial access provided without charge, CyberSiARA’s total aggregate liability shall not exceed £100.

Nothing in this Agreement excludes or limits liability for:

• fraud or fraudulent misrepresentation;
• death or personal injury caused by negligence;
• or any liability which cannot legally be excluded under applicable law.

16. No Warranty

Services are provided on an “as available” and “as is” basis.

CyberSiARA does not guarantee that:

• services will always be uninterrupted;
• services will be error-free;
• all threats, bots, or malicious activity will be detected;
• or all cybersecurity incidents can be prevented.

Cybersecurity threats continuously evolve, and no cybersecurity technology can guarantee complete protection against all possible attacks, automated abuse, or malicious activity.

17. Force Majeure

CyberSiARA shall not be liable for delays or failures resulting from events beyond its reasonable control, including:

• internet failures;
• cloud infrastructure outages;
• cyberattacks;
• natural disasters;
• labour disputes;
• governmental actions;
• utility failures;
• war, terrorism, civil unrest, or public emergencies;
• regulatory or legal restrictions;
• or other force majeure events.

18. Assignment

The Customer may not assign or transfer this Agreement without CyberSiARA’s prior written consent, except where permitted under a signed written agreement.

CyberSiARA may assign or transfer this Agreement in connection with a merger, acquisition, corporate restructuring, sale of assets, or transfer of business operations.

19. Notices

Notices relating to this Agreement may be provided by email, through the CyberSiARA platform, through the Customer’s registered contact details, or by other reasonable written means.

The Customer is responsible for maintaining accurate contact details with CyberSiARA.

20. Entire Agreement

This Agreement, together with any applicable order forms, Statements of Work, invoices, SLAs, DPAs, or other written agreements, forms the agreement between the parties regarding the services.

This Agreement replaces any prior discussions, proposals, or understandings relating to the same subject matter, unless otherwise agreed in writing.

21. Survival

Any provisions which by their nature should survive termination shall continue to apply, including provisions relating to confidentiality, intellectual property, payment obligations, limitation of liability, data protection, governing law, and dispute resolution.

22. Governing Law

This Agreement shall be governed by and interpreted in accordance with the laws of England and Wales.

Any disputes arising in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of England and Wales.

23. Changes to this Agreement

CyberSiARA may update or modify this Agreement from time to time to reflect:

• operational changes;
• legal or regulatory requirements;
• security updates;
• product developments;
• or business needs.

Updated versions will be published on the CyberSiARA website together with the revised effective date.

Continued use of services following updates constitutes acceptance of the revised Agreement.

24. Contact Information

For legal, compliance, privacy, or general enquiries, please contact:

MRB CORPORATION LIMITED trading as CyberSiARA
Company Number: 11415351
Registered Office: 51 Brompton Road, Hamilton, Leicester, England, LE5 1PP
Website: www.cybersiara.com
Email: legal@cybersiara.com