Indemnification Policy

1. Purpose & Scope

This Indemnification Policy outlines the obligations, procedures, and limitations governing how CyberVault, Inc. ("CyberVault," "we," "us," or "our") and our clients, customers, or authorized users ("you" or "Licensee") will handle claims, damages, losses, and expenses arising from third-party actions, product liability, intellectual property infringement, or security incidents related to our cybersecurity services, software, and platform.

By accessing, purchasing, or utilizing CyberVault's services, you acknowledge and agree to the indemnification terms detailed herein. This policy supplements, and does not replace, our Master Services Agreement ("MSA"), End User License Agreement ("EULA"), or Terms of Service ("ToS").

2. CyberVault's Indemnification Obligations

CyberVault agrees to defend, indemnify, and hold harmless you and your authorized affiliates from and against any third-party claims, lawsuits, judgments, settlements, and reasonable attorney's fees arising directly out of:

Intellectual Property Infringement: Claims alleging that CyberVault's software, platform, or provided tools infringe upon a valid U.S. intellectual property right.
Product Liability & Gross Negligence: Claims arising from bodily injury, death, or tangible property damage caused by CyberVault's gross negligence or willful misconduct.
Security Breach Liability: Claims directly resulting from a verified, third-party data breach of CyberVault's proprietary infrastructure caused by our failure to implement industry-standard security controls.

Important Note: CyberVault's indemnification obligations are strictly limited to claims directly traceable to our services. We do not indemnify against losses stemming from client misconfiguration, unauthorized third-party integrations, or failure to apply recommended security patches.

3. Client Indemnification Obligations

By engaging CyberVault's services, you agree to defend, indemnify, and hold harmless CyberVault, its officers, directors, employees, contractors, and affiliates from and against any claims, damages, liabilities, costs, and expenses (including reasonable legal fees) arising from:

Unauthorized Use: Use of our services in violation of applicable laws, regulations, or this policy.
Client Data & Content: Claims related to the accuracy, legality, or ownership of data, credentials, or configurations you provide to our platform.
Third-Party Integrations: Claims arising from APIs, plugins, or custom scripts you deploy alongside CyberVault's infrastructure without our explicit written authorization.
Violation of Agreements: Breach of your obligations under the MSA, ToS, or data processing addendums.

4. Claim Notification & Cooperation

Immediate notification is required to preserve indemnification rights. The claiming party must:

Provide written notice to CyberVault's legal department within five (5) business days of becoming aware of the claim.
Grant CyberVault sole control over the defense, settlement, and resolution of the claim (subject to reasonable client consultation).
Provide reasonable cooperation, documentation, and access to necessary personnel or systems.

Failure to notify CyberVault within the specified timeframe, or uncooperative conduct that materially prejudices our defense, may void indemnification obligations.

5. Exclusions & Limitations

Neither party shall be liable for, nor indemnify the other against:

Consequential, incidental, indirect, punitive, or special damages (including lost profits, data loss, or business interruption).
Claims arising from force majeure events, acts of war, terrorism, or unavoidable government action.
Losses exceeding the total fees paid by the client to CyberVault during the twelve (12) months preceding the incident, unless otherwise required by applicable law.
Claims based on the client's modification, reverse engineering, or unauthorized redistribution of CyberVault's proprietary technology.

6. Governing Law & Dispute Resolution

This Indemnification Policy shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles. Any disputes arising under this policy shall be resolved through binding arbitration in Wilmington, Delaware, in accordance with the Commercial Arbitration Rules of the American Arbitration Association, except where injunctive relief is sought to protect intellectual property rights.

7. Policy Amendments & Updates

CyberVault reserves the right to modify this Indemnification Policy at any time to reflect changes in technology, legal standards, or business operations. Material changes will be communicated via email and documented in platform notifications. Continued use of our services following the effective date of any amendment constitutes acceptance of the revised terms.

8. Contact & Legal Inquiries

For questions regarding this Indemnification Policy, contract negotiations, or formal legal correspondence, please contact our compliance department:

CyberVault Legal & Compliance Email: legal@cybervault.com
Address: 100 Security Plaza, Suite 400, Wilmington, DE 19801
Reference ID: IND-2025-V4.2

Disclaimer: This document outlines standard indemnification frameworks. For enterprise-specific indemnification caps, mutual indemnification terms, or custom liability structures, please contact our sales or legal teams to negotiate a bespoke addendum.