Cipher Master Subscription Agreement

1.1 These Terms & Conditions (“Terms”) apply to the services ordered by Customer in an Order Form that references these Terms (each, an “Order Form”).

1.2 If there is a conflict between an Order Form and these Terms, the Order Form controls.

2.1 “Services” means Cipher’s hosted software and related features made available to Customer as described in the Order Form. Cipher may modify the Services from time to time and will use reasonable efforts to provide notice of material changes.

2.2 Trials/Beta. Any pilot, trial, or beta features are provided as-is and may be suspended or discontinued at any time. Data provided during a trial or beta may be deleted after the trial unless Customer purchases the applicable Services.

3.1 Fees and payment terms are as stated in the Order Form. Fees are exclusive of taxes. Customer is responsible for all applicable taxes (excluding Cipher’s income taxes).

3.2 Overage charges (if any) apply as stated in the Order Form.

4.1 Cipher grants Customer a limited, non-exclusive, non-transferable right to access and use the Services during the term set out in the Order Form, solely for Customer’s internal business purposes.

4.2 Customer will not (and will not permit others to):

• (a) reverse engineer, decompile, or otherwise attempt to derive source code;
• (b) bypass or interfere with security or access controls;
• (c) use the Services to infringe rights or violate law;
• (d) resell or provide the Services to third parties except as expressly permitted in the Order Form;
• (e) introduce malware or conduct penetration testing without prior written consent; or
• (f) use the Services to build a competing product.

5.1 “Customer Data” means data Customer provides to the Services. Customer retains ownership of Customer Data.

5.2 Cipher acts as a data subprocessor to Customer and processes Customer Data solely to provide the Services and as otherwise permitted by the Order Form.

5.3 Regionality. By default, processing occurs in Google Cloud Platform (GCP) U.S. regions, unless otherwise agreed in writing.

5.4 No Model Training. Cipher does not use Customer’s personal data for model training, fine-tuning, or product improvement unless expressly agreed in writing.

5.5 Deletion and retention are governed by the Order Form and Customer’s configuration (including optional ephemeral/no-retention modes).

5.6 A Data Processing Addendum (DPA) and, where applicable, a Business Associate Agreement (BAA) are available upon request and, when executed, are incorporated by reference.

6.1 Cipher maintains administrative, technical, and organizational measures appropriate for a hosted SaaS provider; details are described in Cipher’s Security Statement and Privacy Policy (as updated from time to time).

6.2 Customer is responsible for its users’ accounts, credentials, and configurations.

7.1 The Services may interoperate with third-party services (e.g., telephony, voice synthesis, CRM/EHR). Customer’s use of third-party services is governed by those providers’ terms.

7.2 Cipher is not responsible for third-party services, their availability, security, or performance.

8.1 The Services may generate or facilitate AI-assisted outputs. AI outputs may be inaccurate, incomplete, or unsuitable for reliance without human review. Customer determines fitness for purpose and is responsible for its use of outputs.

8.2 Cipher disclaims responsibility for decisions made based on AI outputs.

9.1 Each party will protect the other’s Confidential Information with reasonable care and use it only to perform under these Terms and the Order Form.

9.2 Confidential Information excludes information that is public, independently developed, or rightfully obtained from third parties without restriction.

9.3 If required by law, a party may disclose Confidential Information after providing notice (if legally permitted).

10.1 Cipher retains all rights, title, and interest in and to the Services, software, and related materials.

10.2 Customer retains all rights in Customer Data. Customer grants Cipher a limited license to process Customer Data to provide the Services and as otherwise permitted in the Order Form.

11.1 The Services are provided “as is” and “as available.” Cipher disclaims all warranties, express or implied, including merchantability, fitness for a particular purpose, and non-infringement.

11.2 Cipher does not warrant that the Services will be error-free or uninterrupted.

12.1 To the maximum extent permitted by law, neither party is liable for indirect, incidental, consequential, special, exemplary, or punitive damages, or for lost profits, revenues, goodwill, or data.

12.2 Aggregate Cap. Each party’s total liability arising from or related to the Services will not exceed the Fees paid by Customer to Cipher for the Services in the twelve (12) months preceding the event giving rise to the claim.

13.1 Term is as stated in the Order Form.

13.2 Cipher may suspend access to the Services for non-payment or if Customer’s use poses a security risk or violates these Terms.

13.3 Either party may terminate an Order Form for material breach not cured within thirty (30) days after written notice.

13.4 Upon termination, Customer’s access ends; Customer will pay any undisputed amounts due; each party will return or delete the other’s Confidential Information, subject to standard backup/archival practices.

14.1 Each party will comply with applicable laws, including export control and sanctions laws. Customer will not permit access or use in embargoed countries or by prohibited parties.

14.2 Each party will comply with applicable anti-corruption and anti-bribery laws.

15.1 With Customer’s consent, Cipher may use Customer’s name and logo to identify Customer as a Cipher customer.

16.1 Neither party may assign these Terms or an Order Form without the other’s consent, except to an affiliate or in connection with a merger, reorganization, or sale of substantially all assets (with notice).

16.2 Notices must be in writing and deemed given upon receipt to the contacts specified in the Order Form (or by email to an authorized contact if expressly permitted).

16.3 Force Majeure: Neither party is liable for delays or failures due to causes beyond its reasonable control.

16.4 Severability; Waiver: If any provision is unenforceable, the remainder remains in effect. A waiver must be in writing and is not ongoing unless stated.

16.5 Governing Law; Venue: New York law (conflict-of-laws excluded); courts in New York County, New York.

16.6 Entire Agreement: These Terms plus the Order Form (and any DPA/BAA, if executed) are the entire agreement for the Services.