Master Services Agreement


This Master Services Agreement ("Agreement") governs the use of the CyMyCloud platform, a product offered by CyberMyte, LLC. By accessing or using CyMyCloud services, you acknowledge and agree to be bound by the terms of this Agreement, which is available publicly and subject to change. No signature is required.

All CyMyCloud customers are also required to sign the CyMyCloud Tenant Acceptable Use Policy (AUP), which governs user behavior and data security responsibilities.

 

1. Term and Termination

This Agreement is effective on the date of last signature or acceptance ("Effective Date") and remains in effect until terminated. Either Party may terminate this Agreement or any Statement of Work (SOW) for cause if the other Party materially breaches the Agreement and fails to cure within 30 days of written notice. Termination of the Agreement does not cancel any existing unpaid obligations or active subscription periods unless mutually agreed.

2. Services and Platform Access

CyMyCloud provides managed cloud infrastructure, platform services, and related cybersecurity features via monthly subscription. Services are outlined in the applicable quote, invoice, or Statement of Work and may include onboarding, data migration, service desk support, and user provisioning.

Access to the platform is governed by an Acceptable Use Policy (AUP), Cyber Awareness Training, and other policies listed in the onboarding documentation.

3. Service Levels

CyMyCloud follows a standard service level agreement (SLA) for all subscription services unless otherwise specified in a customer’s quote. SLA response and resolution times are based on priority levels and are outlined in the SLA policy. The platform is supported during normal business hours (08:00 to 17:00 EST, Monday through Friday), excluding holidays.

4. Fees and Payment Terms

Customer agrees to pay all fees per the payment schedule in the Quote or Invoice. Subscriptions are billed monthly in advance unless otherwise specified. Late payments are subject to a 1.5% monthly finance charge or the maximum amount permitted by law.

Failure to pay on time may result in suspension of services until the account is current. CyMyCloud is not liable for any data loss or operational impact due to suspension resulting from non-payment.

5. Compliance and Security

CyMyCloud is designed to support customers who need to handle Controlled Unclassified Information (CUI) and other regulated data. The Provider will maintain security practices aligned with FedRAMP Moderate and CMMC Level 2 controls.

Customer is responsible for:

  • Ensuring users are trained on security awareness annually.
  • Keeping platform users up to date in the platform directory.
  • Notifying CyberMyte of incidents or suspected data breaches.

6. Cybersecurity and Acceptable Use

CyMyCloud is built to support secure collaboration and processing of sensitive data, including Controlled Unclassified Information (CUI). As such:

  • All users must comply with the CyMyCloud Tenant Acceptable Use Policy (AUP), which is required for access. This policy includes mandatory multi-factor authentication (MFA), restrictions on personal device usage, and guidelines for encrypted communications​.
  • Customers are responsible for ensuring their users complete annual cybersecurity awareness training as a condition of continued access.
  • CyMyCloud may suspend access or services for any violations of the AUP or any activity that threatens platform security, including but not limited to unauthorized access, misuse of credentials, or data exfiltration.
  • Customers must report security incidents or suspected breaches within 24 hours by emailing care@cybermyte.io or by submitting a helpdesk ticket at https://corp.cybermyte.io/helpdesk/support-4/knowledgebase.

7. Data Ownership and Usage

Customer retains ownership of all data hosted on CyMyCloud. However:

  • Customer is responsible for ensuring data is lawful to store, transmit, and process within the CyMyCloud environment.
  • CyMyCloud does not claim rights to customer data but reserves the right to enforce platform security policies, including suspending access if data handling violates the AUP or applicable laws.
  • Customer agrees not to use external or unapproved cloud storage for CyMyCloud data.

8. Audit Rights and Compliance Review

CyMyCloud reserves the right to audit tenant environments for compliance with:

  • Platform security requirements
  • Cybersecurity training status
  • Access controls and usage patterns

Customers may request limited audit logs or documentation to support their own compliance efforts (e.g., CMMC, NIST 800-171, ISO 27001), provided such requests do not compromise CyMyCloud’s operational security.

9. Confidentiality

Both Parties agree to maintain the confidentiality of all proprietary or sensitive information shared in the course of service delivery. Confidentiality obligations survive the termination of this Agreement for a period of three (3) years, or longer where required by law.

CyMyCloud may monitor system usage and access logs solely for the purposes of maintaining operational security, ensuring compliance, and supporting customers in incident response.

10. Limitations of Liability

Except in cases of gross negligence or willful misconduct:

  • Neither Party shall be liable for indirect, incidental, or consequential damages, including lost profits or data.
  • CyMyCloud’s total liability for any claim arising from this Agreement shall not exceed the total fees paid by Customer for the six (6) months prior to the claim.

11. Shared Responsibility Matrix

CyMyCloud maintains a detailed System Security Plan (SSP) that outlines security controls implemented by the Provider and those assigned to the Customer. This plan includes a Customer-CyMyCloud Responsibility Matrix that aligns with the Cybersecurity Maturity Model Certification (CMMC) framework.

  • Upon request, Customers may receive a copy of the SSP sections relevant to their own compliance needs, including customer-assigned responsibilities.
  • Customers are expected to review and fulfill their assigned security responsibilities to remain compliant with CMMC, NIST SP 800-171, or similar frameworks.
  • CyMyCloud provides inheritable controls and documented boundaries for systems processing Controlled Unclassified Information (CUI).

12. Indemnification

Each Party shall defend and hold harmless the other from third-party claims resulting from their breach of this Agreement, provided the indemnified Party promptly notifies the other and cooperates in the defense.

CyMyCloud shall not be responsible for data breach claims arising from Customer’s failure to meet their assigned responsibilities outlined in the SSP.

13. Termination

This Agreement may be terminated by either Party with written notice if the other Party:

  • Fails to cure a material breach within thirty (30) days;
  • Ceases business operations or files for bankruptcy;
  • Violates data handling practices that endanger platform security.

Upon termination, Customer will receive a final invoice for services rendered and will have ten (10) business days to export their data unless otherwise agreed.

14. Dispute Resolution and Governing Law

This Agreement is governed by the laws of the Commonwealth of Virginia. Any disputes arising from this Agreement shall be resolved in the state or federal courts located in [insert appropriate jurisdiction, e.g., Fairfax County, Virginia].

15. Entire Agreement

This Agreement, including:

  • The CyMyCloud Tenant Acceptable Use Policy (AUP),
  • The CyMyCloud System Security Plan (SSP),
  • Any active Quotes or Statements of Work (SOWs),

...constitutes the full agreement between the Parties. No verbal or implied agreements are binding unless incorporated into a written amendment signed by both Parties.