Effective Date: June 19, 2025
Last Updated: June 19, 2025
This Subscriber Agreement ("Agreement") is a legal binding agreement between you ("Client", "you", or "your") and C Schreiber LLC d/b/a Cyber Heat Map (the "Company"), a limited liability company organized and existing under the laws of Arizona, with its head office located at:
Cyber Heat Map
3784 N Fox Ave
Tucson, AZ 85716
The Company provides the Cyber Heat Map service (“Service”), and the Client wishes to subscribe. Both parties agree to the terms below.
A. The Company will provide the Client with access to the Cyber Heat Map online cybersecurity assessment and planning platform under the annual subscription plan chosen by the Client. Each subscription tier includes specific features and services:
1. Basic Plan: Single-user license to the Cyber Heat Map platform, including access to an online self-assessment tool, membership in the Cyber Bridge online community, and standard chat/email support.
2. Essential Plan: Includes all Basic Plan features, plus additional benchmarking reports (comparing the Client’s cybersecurity posture against peer organizations) and compliance analysis reports.
3. Advanced Plan: Allows up to 100 named users from the Client’s organization. Includes all Essential Plan features, plus a staff cybersecurity skills inventory module and tailored training recommendations for staff.
B. The Service will include any updates and improvements made available by the Company during the subscription period. All plans include access for authorized users to the Cyber Bridge community for peer collaboration and resources, subject to compliance with the Community Guidelines.
C. Service Commitment and Support. The Company will use commercially reasonable efforts to maintain at least 99% monthly uptime for the Service, excluding planned maintenance windows and events beyond the Company’s reasonable control (as described in Section XIV, Force Majeure).
1. Planned maintenance that is expected to cause more than fifteen (15) minutes of downtime will be announced at least twenty-four (24) hours in advance.
2. The Company targets an initial support response within one (1) business day of receipt of a support request submitted through the in-app chat or [email protected].
A. Subscription Term. The initial subscription term under this Agreement is one (1) year and ends one year after activating the subscription (“Subscription Term”).
B. Automatic Renewal. The subscription will automatically renew for successive one-year terms unless either party gives notice of non-renewal at least thirty (30) days before the end of the then-current term. Notice may be provided by email or by using subscription management tools inside the Service. Upon each renewal, the subscription will continue at the then-current annual subscription fee, and no new onboarding fee will be charged for renewal.
C. Termination for Convenience. If either party provides timely notice of non-renewal, the subscription will expire at the end of the current term. Any cancellation or non-renewal will take effect only at the end of the then-current annual term. The Client will not be entitled to any refund or credit for unused months or days in a term if the subscription is canceled or not renewed mid-term.
A. Client License. Subject to this Agreement and the timely payment of fees, the Company grants the Client a limited, non-exclusive, non-transferable license during the Subscription Term to access and use the Service and its associated materials for the Client’s internal business purposes.
B. Account Owner. The Client shall designate one (1) individual as its Account Owner, who will serve as the primary point of contact and manage the Client subscription.
C. Authorized Users. The Service may be used by up to the number of authorized users included in the Client’s chosen plan (for example, one user for Basic, up to 100 users for Advanced).
1. The Client’s employees or contractors who are given access credentials by the Client are considered authorized users and may use the Service on the Client’s behalf.
2. The Client is responsible for ensuring that all authorized users comply with this Agreement and any applicable use guidelines.
3. Each user must have a unique login and shared logins are prohibited. Client will promptly disable credentials of former personnel.
D. Additional Terms. The Client agrees to comply with the Cyber Heat Map Terms & Conditions and Cyber Bridge Community Guidelines and shall ensure that its users do likewise.
1. Client and its users must abide by the Cyber Bridge Community Guidelines (https://cyberheatmap.com/community-guidelines), as may be updated from time to time, and ensure that any use of the community platform by the Client's team is in compliance with those guidelines.
2. Client must also comply with the Company’s standard Terms and Conditions for the Service (https://cyberheatmap.com/terms-and-conditions), as may be updated from time to time.
3. These terms are incorporated by reference into this Agreement, and the Client's users will agree to them when accessing the Service.
E. Any unauthorized use of the Service or breach of these restrictions will be considered a material breach of this Agreement.
F. The license rights granted to the Client are conditioned on compliance with the above terms. Violation of these terms may result in suspension or termination of access (as described in the Termination section below) and other legal remedies.
A. Required Jump Start. All new subscribers are required to complete a Jump Start onboarding program as part of the initial setup. This is a comprehensive onboarding spanning approximately 8 weeks, designed to guide the Client’s team through initial setup and completion of the cybersecurity assessment. Client will select one of the Jump Start programs during checkout:
1. Guided Jump Start: Includes one (1) initial one-on-one orientation session to introduce the Client to Cyber Heat Map and the assessment process, weekly group coaching sessions to assist with completing the assessment, and one (1) follow-up one-on-one session after completion to review results and recommendations.
2. Full Jump Start: Includes eight (8) one-on-one coaching sessions providing in-depth assistance throughout the initial assessment process and help for the Client in developing a comprehensive cybersecurity improvement roadmap.
B. Jump Start Completion Guarantee. The Company guarantees that if the Client actively participates in all sessions and completes all assigned activities, the Client will be able to complete a thorough cybersecurity assessment within the program’s timeframe (approximately 8 hours of sessions).
1. If, after full participation, the assessment is still not completed, the Company will continue to provide coaching and support at no additional charge until the assessment is successfully completed.
2. This extended coaching is provided in lieu of any refund and is the Client’s sole remedy for failure to complete the assessment within the expected timeframe.
A. Upgrade at Any Time. The Client may upgrade to a higher-tier plan (e.g., Basic to Essential or Essential to Advanced) at any point during the Subscription Term by submitting the change in the in-app billing portal or by written request to the Company.
B. Prorated Upgrade Fee. Upon approval, the Company will immediately enable the higher-tier features and charge a pro-rated upgrade fee for the remainder of the current Subscription Term (calculated on a daily basis). The full annual price for the new plan will be billed at the next Renewal Term.
C. Downgrade Notice Requirement. To move to a lower-tier plan (e.g., Advanced to Essential or Essential to Basic), the Client must submit a downgrade request at least thirty (30) days before the end of the current Subscription Term.
1. Effective Date of Downgrade. Downgrades take effect only at the next Renewal Term. No refunds or credits are provided for unused features of the higher-tier plan during the current term.
2. Single-User Downgrade Impact. If a downgrade moves the Client from a multi-user plan to a single-user plan, the Company will, on the renewal date, deactivate all user accounts except the designated primary account owner. Any associated skills-inventory data entered by deactivated users will be permanently deleted after 30 days. The Account Owner will receive email confirmation seven (7) days before deletion.
D. Payment Method & Confirmation. All upgrade or downgrade charges will be processed using the payment method on file. The Company will email the Client a confirmation of each plan change, including any prorated charges and the pricing that will apply at the next Renewal Term and will email any payment-failure notice to the Account Owner.
E. No Retroactive Changes. Plan changes are prospective only. The Company will not retroactively credit or refund fees for periods already elapsed under a different plan tier.
A. Payment at Checkout. All fees, including the one-time Jump Start Onboarding Fee and the initial annual subscription fee for the selected plan, are paid in full at checkout through an accepted online payment method (credit/debit card, ACH, or any processor-supported method). The onboarding program will not begin, and Service access will not be provisioned, until payment is successfully processed.
B. Card-on-File for Renewals. By completing checkout, the Client authorizes the Company (or its payment processor) to store the payment method and automatically charge the applicable annual subscription fee at the start of each Renewal Term. The Company will email a reminder at least 30 days before the renewal charge.
C. Payment Failure and Suspension. If any renewal or other authorized charge is declined, the Company will notify the Client, and the Client will have seven (7) days to provide a valid replacement payment. Failure to do so may result in suspension of Service access until the balance is paid.
1. If the delinquent amount remains unpaid thirty (30) days after the first payment-failure notice, such non-payment will constitute a material breach subject to termination as described in the Termination section below.
D. Taxes. Fees are exclusive of any sales, use, value-added, or similar taxes. Any taxes the Company is legally required to collect will be calculated at checkout and added to the charge. The Client is responsible for all other applicable taxes except those based on the Company’s net income.
E. Price Changes. Subscription plan prices published (available at https://cyberheatmap.com/pricing) may change from time to time. The Company will give the Client at least 30 days’ notice of any increase by email notification, and the new price will apply at the next Renewal Term. Pricing cannot be increased during an active Subscription Term. Client may decline renewal if it does not accept the new price.
A. Confidential Information: In the course of this Agreement, each party may disclose or receive Confidential Information to/from the other. “Confidential Information” means any non-public information, in any form, that is designated as confidential or which should reasonably be understood to be confidential given its nature and the context of disclosure. This includes, without limitation, the Service software, algorithms, product roadmaps, and documentation (which are the Company's Confidential Information), and the Client’s own assessment data and business information provided for the Service (which are the Client’s Confidential Information).
1. Each party (as a recipient of Confidential Information) agrees to protect the other’s Confidential Information and to use it only for purposes of fulfilling this Agreement. The recipient will not disclose the discloser’s Confidential Information to any third party without the discloser’s consent, and will use at least the same degree of care as it uses to protect its own similar confidential information, and no less than a reasonable standard of care. The recipient may disclose Confidential Information only to its personnel or contractors who need to know it for purposes of this Agreement and who are bound by confidentiality obligations at least as strict as those herein.
2. These confidentiality obligations do not apply to information that the recipient can show is or becomes publicly available without breach of this Agreement, rightfully obtained from a third party without confidentiality obligations, or independently developed by the recipient without use of the discloser’s Confidential Information.
B. Client Data Ownership: The Client retains ownership of all data, information, and materials that the Client or its users input into the Cyber Heat Map platform (“Client Data”), including the Client’s cybersecurity assessment results.
1. The Company will use Client Data only for purposes of providing the Service to the Client and as otherwise permitted by this Agreement.
2. The Client may export or download its assessment results and reports in CSV or other supported formats from the Service at any time during the subscription term.
C. Benchmarking Data. The Company may, as part of the Service, aggregate and anonymize data from multiple clients to produce benchmarking statistics or industry insights. Any such aggregated data will not identify any particular client and will not include any of the Client’s Confidential Information. The Company owns all rights to such aggregated, anonymized benchmarking data and may use it to improve the Service and to produce industry reports or community resources.
D. GDPR/UK GDPR. Where Client Data includes personal data subject to the GDPR or UK GDPR, the parties will execute the Company’s standard Data Processing Addendum (DPA) upon the Client’s request, and that DPA will be incorporated into this Agreement.
E. Under no circumstances will the Company disclose the Client’s identifiable assessment details to any third party, except as permitted by this Agreement or as required by law, subpoena, or court order, in which case Company will give Client prompt notice if legally permitted.
A. The Company’s information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for and operate in all material respects as required. The Company has implemented and maintains commercially reasonable technical and administrative safeguards to maintain and protect the integrity, continuous operation, redundancy, and security of all IT Systems and data used in connection with the Services.
B. Company has no unresolved material security incidents that required notice to any client or regulator, and any prior incidents have been fully remediated.
C. The Company is presently in material compliance with all applicable laws or statutes, internal policies, and contractual obligations relating to the privacy and security of IT Systems and data and to the protection of such IT Systems and data from unauthorized use, access, misappropriation, or modification.
D. Security Incident Notice. The Company will notify any affected Client, without undue delay, after the Company becomes aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Confidential Information transmitted, stored, or otherwise processed by the Company in connection with the Services.
A. Company owns and retains all right, title, and interest in and to the Service, including all software, source code, algorithms, databases, documentation, templates, reports, trade names, logos, and any associated inventions, patents, copyrights, and trade secrets (collectively, “Intellectual Property”). This Agreement does not transfer any ownership in the Intellectual Property to the Client or any user.
B. License Grant. During each active Subscription Term, the Company grants the Client a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the Service and its documentation solely for the Client’s internal business purposes and only up to the user limits of the selected subscription tier.
1. Any reports, recommendations, or other deliverables generated for the Client through the Service (“Deliverables”) may be used and reproduced by the Client for its internal purposes. The Company retains all ownership of the underlying methodologies, templates, and content used to generate Deliverables.
2. To the extent that any Deliverables contain Company pre-existing intellectual property or proprietary materials, the Company grants the Client a non-exclusive, royalty-free license to use those materials solely in connection with the Deliverables and the Client’s internal business needs. This means the Client can use and reference the Deliverables internally, but the Client does not obtain ownership of any of the Company’s underlying tools or intellectual property that may be embedded in those Deliverables.
C. Use Restrictions. Client will not and will not allow any third party to:
1. Disassemble, decompile, reverse compile, reverse engineer, or attempt to discover any source code or underlying ideas or algorithms of the Intellectual Property, except to the limited extent that applicable law prohibits reverse engineering restrictions;
2. Modify or create derivative works of the Service. Customizing settings within the Service’s provided functionality for a client is allowed, but the Client cannot build new modules or integrate the Service into another platform without prior written consent from Company.
3. Remove or obscure any copyright, trademark, or other proprietary notices on the platform interface or outputs. The Company’s branding and copyright must remain intact in the software.
4. Probe, scan, or test the vulnerability of the Service or attempt to gain unauthorized access to data not expressly provided to Clients.
D. Feedback. If the Client provides feedback or suggestions to the Company regarding the Service, the Company may use and incorporate that feedback freely and without obligation to the Client. However, the Company’s use of feedback will not breach the confidentiality obligations in this Agreement and does not grant the Company any rights to the Client’s Confidential Information.
A. Each party represents and warrants that it has the full power and authority to enter into and perform this Agreement.
B. TO THE MAXIMUM EXTENT PERMITTED BY LAW, COMPANY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. Except as expressly set forth in this Agreement, the Service and all related materials are provided on an "as is" and "as available" basis. The Company does not guarantee that the operation of the Service will be uninterrupted or error-free, or that the Service will meet any specific requirements of a Client beyond what is stated in the plan features. The Client acknowledges that it is responsible for its use of the Service and for any decisions or actions taken based on information or results obtained through the Service. The Client’s use of the Service is at the Client’s own risk. Company makes no warranty that use of the Service will detect or prevent all cyber threats.
A. Indirect Damages. To the fullest extent permitted by law, neither party shall be liable to the other for any indirect, consequential, special, or incidental damages, or for any lost profits or revenues, business interruption, or loss of business information arising out of or related to this Agreement, even if advised of the possibility of such damages.
B. Direct Damages Cap. Each party’s total cumulative liability to the other for any direct damages arising out of or relating to this Agreement (whether in contract, tort, or otherwise) is limited to the total amount of fees paid by the Client in the twelve (12) months prior to the event giving rise to the claim. If no fees were paid, the Company's total liability in such case is capped at USD $100.
C. Exceptions. The above limitations of liability shall not apply to:
1. the Client’s obligation to pay any fees due;
2. either party’s liability for gross negligence or willful misconduct; or
3. damages resulting from a breach of Section VII (Confidentiality) or misuse of the other party’s Intellectual Property or Confidential Information.
D. Nothing in this Agreement is intended to limit liability in a way that is not permitted by applicable law. If applicable law prohibits the exclusion of certain warranties or the limitation of certain damages, such provisions of this Agreement will be adjusted to the minimum extent necessary to comply with the law.
A. Except as set out in Section XII.B, the Client will indemnify and hold harmless Company, its officers, and employees from any third-party claim arising from Client Data or other content supplied by Client that infringes a third party’s rights, Client’s misuse of the Service, or Client’s violation of law. Client will promptly notify Company of any such claim, allow Company to control the defense and settlement, and cooperate at Company’s expense.
B. The Company will defend any third-party claim that the unmodified Service, as provided by the Company, directly infringes a United States patent, registered trademark, or copyright, and will pay any damages finally awarded (or settlement approved) against the Client, provided the Client promptly notifies the Company of the claim, allows the Company to control the defense and settlement, and reasonably cooperates at the Company’s expense. If such a claim arises, the Company may, at its discretion and expense, obtain a license for continued use of the Service, replace or modify the Service so it is non-infringing and materially equivalent, or terminate the affected portion of the Service and refund any prepaid fees for the remaining portion of the current Subscription Term. This indemnity does not apply to claims arising from Client’s combination of the Service with products or data not provided by the Company, Client’s unauthorized modification of the Service, or use of the Service after the Company has notified the Client to stop.
C. Neither party is liable for claims caused by the other’s modifications or combination of the Service with non-Company products.
D. These indemnities are subject to the liability cap in Section XI and constitute each party’s exclusive remedy for the claims described above.
A. Material Breach. Either party may terminate this Agreement for cause before the end of the Subscription Term if the other party materially breaches this Agreement and fails to cure the breach within thirty (30) days after receiving written notice describing the breach. If a breach is incapable of cure, or if the breach is of a nature that cure is not feasible (for example, a breach of confidentiality or a violation of the license restrictions), the non-breaching party may terminate the Agreement immediately upon notice to the breaching party.
1. The Company may also suspend the Client’s access to the Service or terminate this Agreement immediately upon notice if the Client fails to pay any amount due as provided in Section VI.C, or the Client (including its users) violates the license use restrictions or Community Guidelines in a manner that, in the Company’s reasonable judgment, threatens the security, integrity, or reputation of the Service or its user community.
2. In such cases, the Company will provide notice of suspension or termination to the Client. Suspension of the Service for non-payment will not extend the Subscription Term or relieve the Client of its payment obligations.
B. Effect of Termination. Upon termination or expiration of the Agreement for any reason:
1. The Company will deactivate the Client’s access to the Service (including disabling any user accounts). The Client should export or download any desired assessment results or Client Data before the effective termination date, as access to the Service will no longer be available thereafter.
2. If the Agreement is terminated by the Client due to the Company’s uncured material breach, the Company will refund any prepaid fees that cover the period of the subscription after the effective date of termination, on a pro-rata basis.
3. If the Agreement is terminated by the Company due to the Client’s breach, or if the Client elects to terminate (or not renew) for convenience before the end of a Subscription Term, the Client will not be entitled to any refund of fees paid for that term. In such cases, the Client remains responsible for any unpaid fees covering the remainder of the then-current term.
4. Each party will, upon request of the other, return or destroy any of the other party’s Confidential Information in its possession. The Company will, upon the Client’s request, delete or anonymize any Client Data remaining on the Service’s systems following termination, except that backup or archival copies may be retained in a secure manner for a limited period until they are deleted in the ordinary course of the Company’s data management policies.
5. Any provisions of this Agreement which by their nature should survive termination (including, but not limited to, provisions on confidentiality, limitation of liability, indemnification, and licenses granted to use Deliverables for the Client’s internal purposes) shall survive and remain in effect after termination.
C. Termination or expiration of the Agreement does not relieve either party of any liability or obligation incurred under the Agreement prior to the effective date of termination (including payment obligations up to that date).
A. Definition. Neither party shall be liable for any failure or delay in performing its obligations under this Agreement (other than payment obligations) if such failure or delay is due to circumstances beyond its reasonable control (“Force Majeure Event”). Force Majeure Events include, but are not limited to: acts of God, natural disasters (such as fire, flood, earthquake, or storm), epidemics, pandemics, acts of war, terrorism, civil unrest, government actions or orders, embargoes, labor disputes or strikes (other than those involving the affected party’s own workforce), widespread internet or telecommunications outages, cyberattacks or denial-of-service attacks affecting third-party infrastructure, or failures of third-party hosting or cloud service providers.
B. Notification. The party affected by a Force Majeure Event shall promptly notify the other party in writing (email sufficient) of the occurrence, describing the nature and expected duration of the event and the obligations impacted.
C. Mitigation and Resumption. The affected party shall use commercially reasonable efforts to mitigate the impact of the Force Majeure Event and to resume performance of its obligations as soon as reasonably practicable, including the use of alternate sources or workaround solutions if available.
D. Suspension and Termination Rights. Obligations suspended due to a Force Majeure Event shall be extended for a period equal to the duration of the Force Majeure Event. If a Force Majeure Event continues for more than thirty (30) consecutive days and materially impairs the ability of either party to perform its obligations, either party may terminate this Agreement upon ten (10) days’ prior written notice to the other party.
E. Exclusions. Force Majeure shall not excuse payment obligations for services rendered prior to the Force Majeure Event, nor shall it apply to obligations that could have been reasonably fulfilled through the exercise of due diligence or alternate means.
Neither Party may assign or transfer this Agreement, in whole or in part, without the prior written consent of the other Party, except that either Party may assign this Agreement without consent to an Affiliate, or a successor in connection with a merger, acquisition, corporate reorganization, or sale of substantially all of its assets. Any attempted assignment in violation of this Section is null and void. This Agreement binds and benefits the Parties, their successors, and permitted assigns.
All legal notices under this Agreement will be sent by email to the Client Account Owner or to the Company at [email protected] or by mail to:
Cyber Heat Map
3784 N Fox Ave
Tucson, AZ 85716
This Agreement is governed by the laws of the State of Arizona without regard to conflict-of-laws principles. The Parties consent to exclusive jurisdiction and venue in the state or federal courts located in Pima County, Arizona, except that, if either Party is a governmental entity that cannot legally consent to that venue, the Parties agree to submit to the exclusive jurisdiction of the United States District Court for the District of Arizona.
A. This Agreement, together with any documents incorporated by reference (including the online Terms and Conditions and Community Guidelines mentioned above), constitutes the entire agreement between the Company and the Client with respect to the Client’s subscription to the Service. It supersedes all prior or contemporaneous agreements, understandings, or communications, whether written or oral, concerning the subject matter. In the event of any conflict between this Agreement and any document incorporated by reference, the terms of this Agreement shall prevail (except to the extent that the conflicting document expressly overrides this Agreement on a particular matter).
B. Any amendments or modifications to this Agreement must be made in writing and agreed by both parties (for example, via a written addendum or an online acceptance process). The failure of either party to enforce any provision of this Agreement shall not constitute a waiver of that provision or of any other provision. If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions will remain in full force and effect, and the parties agree to negotiate in good faith to modify the Agreement to reflect the original intent as closely as possible in an enforceable manner.
A. BY CHECKING THE “I AGREE” BOX, CLICKING “PURCHASE,” OR OTHERWISE ELECTRONICALLY INDICATING ACCEPTANCE, the individual completing checkout represents that they have the authority to bind the Client named in the order and, on the Client’s behalf, agrees to be bound by this Subscription Agreement, the Cyber Heat Map Terms & Conditions, and the Cyber Bridge Community Guidelines (collectively, the “Agreement”).
B. The Client acknowledges that:
1. it has reviewed or had the opportunity to review the Agreement before accepting;
2. this electronic acceptance constitutes a legally binding signature under the U.S. Electronic Signatures in Global and National Commerce Act (E-SIGN) and similar laws;
3. the Company will record the date, time, IP address, and version of the Agreement for audit purposes; and
4. a copy of the current Agreement is available for download or printing at any time from www.cyberheatmap.com/legal.
If you do not agree to every term of the Agreement, do not complete checkout or access the Service.
