Terms of Service

This summary provides a high-level overview of our Terms of Service, but the full terms below govern your relationship with Enigma Labs Technology Limited (operating as Enigma Cyber). By using our cybersecurity platform, you agree to these terms.

What you're agreeing to:

• Using our AI-powered cybersecurity services for your organization's security needs
• Paying subscription fees according to your selected plan (monthly or annual)
• Following our Acceptable Use Policy and keeping your account credentials secure
• Understanding that while we strive for 99.9% uptime, no security solution can guarantee absolute protection

What you can expect from us:

• Professional cybersecurity services as described in our Documentation, performed with reasonable care and skill (as required by Article 17 of the DIFC Implied Terms in Contracts and Unfair Terms Law)
• Secure handling of your data in accordance with our Privacy Policy and Data Processing Addendum
• Service credits if we fail to meet our 99.0% uptime threshold (up to 20% of monthly Fees), in addition to your right to terminate for sustained material breach
• Protection of your confidential information
• Notification without undue delay (in any event within 48 hours of confirmation) of any confirmed Personal Data Breach affecting your data, consistent with Regulation 8 of the DIFC Data Protection Regulations

Important limitations:

• Our aggregate liability is capped at 12 months of Fees paid (with carve-outs for matters that cannot be limited under DIFC law, including death or personal injury caused by negligence, fraud, and gross negligence or wilful misconduct)
• Each limitation and exclusion in these Terms is intended to satisfy the "reasonableness" test in Article 40 of the DIFC Implied Terms in Contracts and Unfair Terms Law
• All Fees are non-refundable once paid, save for the specific refund cases listed in Section 5.7 (which cross-references Sections 3.5, 13.5, 14.5, and 18.8 — covering material diminution, third-party IP claims, our termination for convenience, and prolonged Force Majeure)
• You remain responsible for your overall security posture and decisions
• Disputes are resolved before the DIFC Courts (Court of First Instance, with appeal to the Court of Appeal); see Section 17 for limited carve-outs (interim injunctive relief, small-claims tribunal)

Key contacts:

• Legal questions: legal@enigmacyber.com
• Technical support: support@enigmacyber.com
• Security issues: security@enigmacyber.com
• Billing inquiries: billing@enigmacyber.com

1.1 Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between Enigma Labs Technology Limited (operating as Enigma Cyber), a DIFC limited liability company holding DIFC License No. CL13349, with its registered office at IH-00-01-01-OF-01, Level 1, Innovation One, Dubai International Financial Centre, Dubai, United Arab Emirates ("Enigma Labs," "Enigma Cyber," "we," "us," or "our") and the organization accepting these Terms ("Customer," "you," or "your"). These Terms govern your access to and use of the Enigma Labs cybersecurity platform and related services.

By clicking "I Accept," creating an account, accessing, or using our Services, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use the Services.

1.2 Eligibility and Authority

You represent and warrant that:

• You are at least 18 years of age (the age of majority under applicable law in the United Arab Emirates)
• You have the legal authority to bind the organization you represent to these Terms
• The organization you represent is a business entity, not an individual consumer
• All registration information you provide is accurate, complete, and current

1.3 Electronic Acceptance

Your electronic acceptance of these Terms, whether by clicking "I Accept" or using the Services, constitutes a valid and binding agreement under the laws applicable in the Dubai International Financial Centre, including the DIFC Electronic Transactions Law (DIFC Law No. 2 of 2017, as amended), which gives legal effect to electronic records, signatures, and contracts.

1.4 Incorporated Documents

These Terms incorporate by reference the following documents, which form an integral part of this Agreement:

1.5 Order Forms and Statements of Work

When you enter into an Order Form or Statement of Work (SOW) with Enigma Labs, those documents become part of this Agreement. In the event of any conflict between documents, the following order of precedence applies:

1. Data Processing Addendum — for data-protection matters
2. Order Form / Statement of Work — for specific commercial terms
3. These Terms of Service — for general terms
4. Privacy Policy — for Personal Data matters not addressed in the DPA

1.6 Fair and Transparent Terms

These Terms are intended to be fair, transparent, and balanced. They have been drafted with regard to the DIFC Implied Terms in Contracts and Unfair Terms Law (DIFC Law No. 6 of 2005, as amended by DIFC Law No. 2 of 2022) (the "Unfair Terms Law"). Where any provision excludes or restricts liability, it is intended to satisfy the reasonableness test in Article 40 of the Unfair Terms Law. Nothing in these Terms purports to exclude or restrict any liability that cannot lawfully be excluded or restricted under the Unfair Terms Law or any other applicable law, including liability for death or personal injury caused by negligence (Article 37(1) of the Unfair Terms Law), fraud, or fraudulent misrepresentation.

The following terms have the meanings set forth below wherever used in this Agreement:

3.1 Description of Services

Enigma Labs provides professional cybersecurity services. Our Services include:

3.2 Service Delivery

The Services are provided via:

• Cloud-hosted infrastructure accessible through web browsers
• RESTful API access for integrations and automation
• Online Documentation provided to Customer through the Platform

3.3 Support Services

Standard support included with all subscriptions:

• Email support during business hours (09:00–18:00 Gulf Standard Time, Monday–Friday, excluding UAE public holidays)
• Response time within 24 hours for non-critical issues
• Access to online Documentation and knowledge base

Premium support packages (available for additional fees):

• Priority response times
• Phone support
• Dedicated support representative
• 24/7 coverage options

3.4 Exclusions

The following are not included in the standard subscription:

• Professional services (implementation, training, consulting) — available separately
• Custom software development
• On-premises deployment
• 24/7 phone support (unless purchased)
• Managed security services

3.5 Modifications to Services

Enigma Labs reserves the right to:

• Modify, enhance, or discontinue features with 30 days advance notice for material changes
• Discontinue features entirely with 90 days advance notice
• Add new features and functionality at any time

Where a modification would materially diminish the Services received under an active Subscription Term, Customer may terminate the affected portion of the Services and receive a pro-rata refund of prepaid Fees for the unused period — this preserves the Customer's protections under the Unfair Terms Law in respect of contractual performance.

3.6 Beta and Preview Features

From time to time, Enigma Labs may offer beta, pilot, or preview features:

• These features are provided "AS IS", and Enigma Labs disclaims all warranties in respect of them to the maximum extent permitted by applicable law, subject to the reasonableness test in Article 40 of the Unfair Terms Law
• They may be discontinued at any time without notice
• They may contain bugs or defects
• They must not be used for production or mission-critical workloads
• Enigma Labs has no liability for issues arising from beta features, save for liability that cannot lawfully be excluded
• Beta features are clearly labeled as such in the platform

3.7 Subcontractors

Enigma Labs may use subcontractors to perform portions of the Services, provided that:

• Enigma Labs remains fully responsible for their performance and compliance with this Agreement
• Subcontractors are bound by confidentiality obligations at least as protective as those in this Agreement
• For Personal Data processing, subcontractors are engaged in accordance with the controller/processor requirements of the DIFC Data Protection Law and the executed Data Processing Addendum

3.8 Insurance

Enigma Labs maintains appropriate insurance coverage for a company of its size and nature, including cyber-liability insurance. Details of coverage are available upon request for enterprise customers under NDA.

4.1 Registration Requirements

To use the Services, you must:

• Complete the registration process with accurate, complete, and current information
• Maintain current contact and billing information at all times
• Designate at least one Account Administrator
• Provide a valid business email address (consumer email domains such as gmail.com, yahoo.com, hotmail.com, and outlook.com are not permitted for primary account registration)

4.2 Account Administrator Responsibilities

The Account Administrator is responsible for:

• Managing Authorized Users, including adding and removing access
• Controlling access permissions and role assignments
• Ensuring all Authorized Users comply with these Terms
• Maintaining accurate contact information for all users
• Responding to communications from Enigma Labs
• Designating a security contact for incident notifications

4.3 User Credential Security

Customer is responsible for:

• All activity that occurs under Customer's account credentials
• Ensuring Authorized Users use strong, unique passwords
• Enabling multi-factor authentication (MFA) when available (strongly recommended)
• Ensuring credentials are not shared among users
• Immediately notifying Enigma Labs of any suspected unauthorized access at security@enigmacyber.com
• Maintaining credential security as part of Customer's overall security posture

4.4 Unauthorized Access

If you suspect any unauthorized access to your account:

• Immediately change all passwords
• Review account activity logs
• Notify Enigma Labs at security@enigmacyber.com within 24 hours
• Cooperate with any investigation
• Document the suspected incident for your records

4.5 Account Suspension by Enigma Labs

Enigma Labs may suspend your account immediately, without prior notice, if:

• We detect a security threat or unauthorized access
• We suspect violation of the Acceptable Use Policy
• Required by law or legal process (including any binding direction issued by the Commissioner of Data Protection or other competent authority)
• Necessary to protect the integrity of our platform or other customers

Any such suspension will be exercised in good faith and for no longer than is reasonably necessary to address the underlying cause.

5.1 Subscription Terms

Enigma Labs offers the following subscription options:

• Subscriptions begin on the Effective Date
• All subscriptions automatically renew unless cancelled with proper notice
• Subscription terms are as specified in the applicable Order Form

5.2 Cancellation and Non-Renewal

To prevent auto-renewal:

• Provide written notice of cancellation at least 30 days before the renewal date
• Send notice to: legal@enigmacyber.com
• Include your account identifier and organization name
• Enigma Labs will acknowledge receipt within 5 business days

5.3 Fees and Payment

• Fees are as specified in the Order Form or published pricing
• All Fees are quoted in USD (United States Dollars) for Customers established outside the United Arab Emirates, and in AED (UAE Dirhams) for Customers established in the United Arab Emirates, unless otherwise specified in the Order Form
• Another currency may be agreed in writing on a Customer-by-Customer basis
• Payment is due within 30 days of invoice date (Net 30)
• Invoices are sent electronically to the billing contact on file
• Accepted payment methods: bank transfer, credit card, or as agreed in writing

5.4 Taxes

• All Fees are exclusive of taxes
• Customer is responsible for all applicable taxes, including:
  • Value Added Tax (VAT) where applicable
  • Sales tax, use tax, or similar transactional taxes
  • Withholding taxes (Customer to gross-up so that Enigma Labs receives the full Fee net of withholding)
• Enigma Labs will charge and remit UAE VAT in accordance with Federal Decree-Law No. 8 of 2017 on Value Added Tax (as amended) and applicable implementing regulations, as in force from time to time
• Customer must provide a valid tax registration number or VAT-exemption documentation where it claims an exemption

5.5 Late Payment

If payment is not received by the due date:

• Interest accrues at 1.5% per month (or, if lower, the maximum rate permitted by the law applicable to the contract)
• Enigma Labs may suspend Services if payment is more than 15 days overdue, after providing 5 days written notice
• Customer remains liable for all Fees during any suspension period
• Enigma Labs may engage collection agencies and recover reasonable collection costs
• Continued non-payment for 60+ days constitutes a Material Breach

5.6 Price Changes

• Enigma Labs may change Fees with 60 days written notice before the next renewal
• Price changes do not affect the current Subscription Term
• If a price increase exceeds 10% of the current Fees, Customer may terminate the Agreement effective at the end of the current Subscription Term by providing written notice within 30 days of receiving the price change notice
• For price increases of 10% or less, continued use after the renewal date constitutes acceptance

5.7 No Refunds Except as Provided

Save as expressly provided in this Section 5.7, Sections 14.5 (termination for convenience by Enigma Labs), 13.5 (infringement remedies), 3.5 (material diminution of Services), and 18.8 (prolonged Force Majeure), Fees are non-refundable once paid. In particular:

• No pro-rata refunds are owed for early cancellation by Customer or termination for Customer's Material Breach
• No refunds for unused portions of the Subscription Term in those circumstances
• Service credits are applied to future invoices only, not refunded in cash

The exception cases above are intended to ensure that this Section 5.7, taken as a whole, satisfies the reasonableness test under Article 40 of the DIFC Implied Terms in Contracts and Unfair Terms Law (in particular, that the no-refund default does not fall foul of Article 38 by leaving Customer without a meaningful remedy in any scenario where Enigma Labs is the source of the non-performance).

5.8 Disputed Invoices

If you dispute an invoice:

• Notify Enigma Labs in writing within 15 days of receipt
• Pay all undisputed portions by the due date
• Provide detailed explanation of the dispute with supporting documentation
• Parties will work in good faith to resolve within 30 days
• Undisputed portions remain subject to late payment provisions

6.1 Customer Data Ownership

Customer retains all rights, title, and interest in and to Customer Data. Nothing in this Agreement transfers ownership of Customer Data to Enigma Labs.

6.2 License Grant to Enigma Labs

Customer grants Enigma Labs a limited, non-exclusive, worldwide license to:

• Process Customer Data solely to provide the Services
• Store and back up Customer Data for service delivery
• Generate aggregated, anonymized statistics from operation of the Services to improve and develop the Services, provided that such statistics do not identify Customer or any individual

This license terminates upon termination of the Agreement and deletion of Customer Data.

6.3 Customer Responsibilities

Customer is solely responsible for:

• The accuracy, quality, and legality of Customer Data
• Obtaining all necessary rights, consents, and authorizations under applicable data-protection laws (including, where applicable, the DIFC Data Protection Law and the laws of the territories in which Customer's Data Subjects are located) to submit Customer Data to the Services
• Ensuring use of Services complies with all applicable laws
• Evaluating alerts and taking appropriate security actions in a timely manner
• Overall security posture and security-related decisions
• Configuring the Services appropriately for their environment
• Maintaining independent backups of critical data, refreshed at least weekly (the Services are not designed to be Customer's sole backup solution)
• Actions of all Authorized Users
• Ensuring Authorized Users comply with these Terms

6.4 Prohibited Content

Customer shall not submit data that:

• Violates any applicable law or regulation
• Infringes third-party intellectual property, privacy, or other rights
• Contains malware, viruses, or code intended to harm Enigma Labs systems
• Is subject to export-control restrictions that Customer has not disclosed
• Contains unlawful, harmful, threatening, defamatory, or obscene content

6.5 Data Processing Addendum

Where Enigma Labs processes Personal Data on behalf of Customer in the course of providing the Services, Customer and Enigma Labs shall enter into a Data Processing Addendum (DPA) that meets the controller/processor contract requirements of the DIFC Data Protection Law. The DPA is incorporated by reference into this Agreement and takes precedence over conflicting terms for Personal Data matters.

Where Customer's processing is also subject to a foreign data-protection regime (for example, where Customer's own Data Subjects are EU/EEA, UK, or Swiss residents), the parties may agree additional controller/processor terms (such as standard contractual clauses approved under the relevant foreign regime) in the DPA. The DPA — not these Terms — governs any such cross-regime allocation.

Enterprise customers should contact legal@enigmacyber.com to execute a DPA.

6.6 Personal Data Breach Notification

In the event of a confirmed Personal Data Breach affecting Customer Data while in Enigma Labs' possession or control:

• Where Enigma Labs is acting as Customer's processor, Enigma Labs will notify Customer's designated security contact without undue delay after becoming aware of the Personal Data Breach (in any event, within 48 hours of confirmation), so as to enable Customer to discharge its own notification obligations under the DIFC Data Protection Law or any other applicable regime.
• Notification will include: nature of the incident, categories and approximate number of Data Subjects affected, categories and approximate number of records affected, likely consequences, and measures taken or proposed to address the breach (in each case to the extent then known).
• Where Enigma Labs is acting as controller in respect of the affected data, Enigma Labs will report the Personal Data Breach to the Commissioner of Data Protection in accordance with Article 41 of the DIFC Data Protection Law and Regulation 8.1 of the Data Protection Regulations, and will notify affected Data Subjects as required by Article 42 and Regulation 8.2.
• Enigma Labs will cooperate with Customer's reasonable investigation requests and provide updates as material new information becomes available.

This obligation operates in addition to any notification or assistance commitments in the Data Processing Addendum.

6.7 Data Export and Portability

• Customer may export Customer Data at any time through the platform's export features
• Upon written request, Enigma Labs will provide reasonable assistance with data export
• Standard export formats: JSON, CSV
• Export functionality may be subject to technical limitations
• Large data exports may require scheduling to minimize service impact

6.8 Data Deletion

Upon termination of the Agreement:

• Customer has 30 days to export Customer Data
• After the 30-day export period, Enigma Labs will delete Customer Data
• Deletion timeline: within 90 days of the export period expiration
• Some data may be retained as required by law or for legitimate business purposes (anonymized analytics, billing records, defence of legal claims)
• Backup copies may persist for up to 180 days in encrypted backup systems before automatic deletion
• Upon request, Enigma Labs will provide written confirmation of deletion

7.1 Uptime Commitment

Enigma Labs commits to providing the following level of service availability:

7.2 Availability Measurement

• Availability is calculated as: (Total minutes in month − Downtime minutes) / Total minutes in month × 100
• Downtime begins when Enigma Labs confirms the issue through its monitoring systems, or when Customer reports it with reasonable evidence, whichever is earlier
• Downtime ends when the Services are restored and accessible

7.3 Scheduled Maintenance

• Regular maintenance window: Saturdays 02:00–06:00 Gulf Standard Time
• Advance notice: 7 days for scheduled maintenance
• Scheduled maintenance is excluded from uptime calculations
• Enigma Labs will use reasonable efforts to minimize disruption
• Maintenance notifications sent to Account Administrator email

7.4 Emergency Maintenance

Enigma Labs may perform emergency maintenance without advance notice when necessary for:

• Security patches or critical updates
• System stability issues
• Prevention of data loss

Emergency maintenance is excluded from uptime calculations. Enigma Labs will notify Customers as soon as practicable.

7.5 Service Credits

If monthly availability falls below 99.0%, Customer may request a service credit:

Credit Terms:

• Maximum credit per month: 20% of monthly Fees
• Credits are applied to future invoices only (no cash refunds)
• Credits are not cumulative across months and do not carry over if unused within 12 months
• Request deadline: Within 30 days of the incident
• Request method: Email to support@enigmacyber.com with incident details including dates, times, and impact description
• Enigma Labs will respond to credit requests within 10 business days; failure to respond within this period constitutes acknowledgment of the request

7.6 Exclusions from Uptime Commitment

The following are excluded from the uptime calculation and credit eligibility:

• Scheduled or emergency maintenance
• Customer's acts or omissions
• Customer's equipment, software, or network connections
• Third-party services or internet connectivity issues
• Force majeure events
• Suspension due to Customer's breach or non-payment
• Features labeled as beta, preview, or pilot
• Factors outside Enigma Labs' reasonable control
• Outages lasting less than 5 consecutive minutes

7.7 Service Credits as Primary Remedy

SERVICE CREDITS ARE CUSTOMER'S PRIMARY REMEDY for any failure to meet the Uptime Commitment in any given month, intended to be a fair pre-estimate of loss in line with the reasonableness test in Article 40 of the Unfair Terms Law.

This does not exclude Customer's right to:

• terminate the Agreement for Material Breach in accordance with Section 14.3 where Enigma Labs sustains availability below 95.0% for three or more consecutive months, or for any single month below 90.0%;
• recover any liability that cannot lawfully be excluded under the Unfair Terms Law, including liability for matters listed in Section 12.3 (Excluded Claims).

7.8 Uptime Reporting

Upon request, Enigma Labs will provide Customer with monthly uptime reports showing availability metrics for the preceding period.

8.1 Permitted Use

Customer may use the Services only for lawful business purposes in accordance with this Agreement and applicable laws (including the laws of the DIFC, the United Arab Emirates, and any other jurisdiction in which Customer or its Authorized Users operate).

8.2 Prohibited Uses

Customer shall not, and shall not permit Authorized Users to:

Illegal Activities:

• Use Services for any unlawful purpose or in violation of any applicable law
• Facilitate illegal activities by third parties
• Violate export-control, sanctions, or trade-restriction laws (including those of the UAE, the United States, the United Kingdom, the European Union, and any other applicable regime)
• Engage in fraud, money laundering, or terrorist financing

Security Violations:

• Attempt to gain unauthorized access to any systems, networks, or data
• Probe, scan, or test vulnerabilities of Enigma Labs systems without authorization
• Interfere with or disrupt the Services or servers
• Circumvent security features or access controls
• Use the Services to attack or scan systems Customer does not own or have explicit written permission to test
• Distribute malware, viruses, worms, or harmful code

Misuse:

• Send spam, phishing messages, or unsolicited communications
• Harass, abuse, stalk, or harm others
• Impersonate any person or entity
• Collect data about other Enigma Labs customers
• Use the Services to mine cryptocurrency without authorization

Commercial Restrictions:

• Resell, sublicense, or transfer access to the Services without authorization
• Use the Services to build a competitive product or service
• Perform competitive analysis or benchmarking without written consent
• Exceed usage limits specified in the Order Form

Technical Restrictions:

• Reverse engineer, decompile, disassemble, or attempt to derive source code (save to the extent that such restriction is prohibited by applicable mandatory law)
• Copy, modify, or create derivative works of the Services
• Remove or alter proprietary notices, labels, or marks
• Use automated tools (bots, scrapers) to access Services except through approved APIs
• Frame or mirror any part of the Services without authorization

8.3 Consequences of Violation

Enigma Labs may:

• Immediately suspend or terminate access for AUP violations
• Terminate without notice for serious violations
• Hold Customer liable for Fees during suspension
• Report illegal activities to appropriate authorities
• Seek indemnification for losses caused by violations

8.4 Reporting Violations

Report suspected violations to: security@enigmacyber.com

9.1 Enigma Labs Intellectual Property

Enigma Labs retains all rights, title, and interest in and to:

• The Services, Platform, and all software
• All algorithms, machine-learning models, and technology
• Documentation and training materials
• Trademarks, logos, brand elements, and trade dress
• Any improvements, modifications, or derivative works
• Aggregated, anonymized insights derived from usage data

9.2 License Grant to Customer

Subject to Customer's compliance with this Agreement, Enigma Labs grants Customer a limited, non-exclusive, non-transferable, non-sublicensable license to:

• Access and use the Services during the Subscription Term
• Use Documentation in connection with permitted use of Services
• Access the Platform through web browsers and approved APIs

This license terminates upon termination of this Agreement.

9.3 License Restrictions

Customer shall not:

• Copy, modify, or create derivative works of the Services
• Reverse engineer, decompile, or disassemble the Services (save to the extent that such restriction is prohibited by applicable mandatory law)
• Sell, resell, sublicense, or transfer the Services
• Use the Services to build a competing product or service
• Remove or alter proprietary notices or markings
• Use Enigma Labs trademarks without prior written permission

9.4 Feedback

If Customer provides suggestions, ideas, or feedback about the Services ("Feedback"):

• Customer grants Enigma Labs a perpetual, irrevocable, royalty-free, worldwide license to use Feedback
• Enigma Labs may incorporate Feedback into the Services without obligation to Customer
• Feedback is provided without any confidentiality obligation
• Customer has no right to compensation for Feedback

9.5 Customer Intellectual Property

Customer retains all rights in Customer Data and Customer's pre-existing intellectual property. Customer grants only the limited licenses expressly stated in this Agreement.

9.6 No Implied Licenses

Except for the express licenses granted in this Agreement, neither party grants any rights to its intellectual property. All rights not expressly granted are reserved.

9.7 Publicity and References

Neither party shall use the other's name, logo, or trademarks in any publicity, advertising, or marketing materials without prior written consent, except that:

• Enigma Labs may list Customer's company name as a client in general marketing materials and on its website
• Customer may opt out of such listing by written notice to legal@enigmacyber.com

10.1 Definition of Confidential Information

"Confidential Information" means non-public information disclosed by one party ("Discloser") to the other ("Recipient") that:

• Is marked as "confidential" or "proprietary" at the time of disclosure; or
• Should reasonably be understood to be confidential given its nature and the circumstances of disclosure

10.2 Enigma Labs Confidential Information

Includes but is not limited to:

• Services, software, algorithms, and technology
• Pricing, business plans, and strategies
• Security measures, architecture, and vulnerabilities
• Non-public product roadmaps
• Third-party audit reports and security assessments

10.3 Customer Confidential Information

Includes but is not limited to:

• Customer Data
• Business information submitted through the Services
• Security configurations and vulnerability information
• Non-public business plans and strategies

10.4 Exclusions

Confidential Information does not include information that:

• Is or becomes publicly available without breach of this Agreement
• Was known to Recipient before disclosure by Discloser
• Is independently developed by Recipient without use of Confidential Information
• Is rightfully received from a third party without restriction

10.5 Confidentiality Obligations

Recipient shall:

• Use Confidential Information only for purposes of this Agreement
• Protect Confidential Information with at least the same care as its own confidential information (minimum: reasonable care)
• Limit disclosure to employees and contractors with a need to know who are bound by confidentiality obligations at least as protective as these
• Not disclose to third parties without Discloser's prior written consent

10.6 Permitted Disclosures

Recipient may disclose Confidential Information if required by law or by binding direction of a competent regulatory authority (including the Commissioner of Data Protection), provided Recipient:

• Gives Discloser prompt written notice (where legally permitted)
• Cooperates with Discloser's efforts to seek a protective order
• Discloses only the minimum amount required

10.7 Duration

Confidentiality obligations survive termination of this Agreement for:

• 5 years for general Confidential Information
• Indefinitely for trade secrets
• Until deletion for Customer Data

11.1 Enigma Labs Warranties

Enigma Labs warrants that:

• It has the authority to enter into this Agreement
• The Services will perform materially as described in the Documentation
• Services will be provided with reasonable care and skill, as required by Article 17 of the DIFC Implied Terms in Contracts and Unfair Terms Law, by appropriately qualified personnel
• Enigma Labs will comply with applicable laws in providing the Services
• To Enigma Labs' knowledge, the Services do not infringe third-party Intellectual Property Rights

11.2 Customer Warranties

Customer warrants that:

• It has the authority to enter into this Agreement
• It will comply with all applicable laws in using the Services
• It has all necessary rights to submit Customer Data
• Customer Data does not violate third-party rights

11.3 Disclaimers

To the maximum extent permitted by applicable law, and subject to (a) the express warranties stated in Section 11.1, (b) the implied term about care and skill in Article 17 of the Unfair Terms Law (which cannot be excluded except so far as the exclusion satisfies the reasonableness test in Article 40), and (c) any other liability that cannot lawfully be excluded:

The Services are otherwise provided "AS IS" and "AS AVAILABLE", and Enigma Labs disclaims all other warranties, representations, and conditions, whether express, implied, statutory, or otherwise, including any implied terms of merchantability, fitness for a particular purpose, non-infringement, and accuracy or completeness of results.

Enigma Labs does not warrant that:

• The Services will be uninterrupted, error-free, or completely secure
• All security threats will be detected or prevented
• The Services will meet all Customer requirements
• Defects will be corrected
• The Services will be compatible with all systems or software

11.4 Cybersecurity-Specific Disclaimers

The Services are designed to help detect and respond to security threats but cannot guarantee prevention of all security incidents. No security solution can provide absolute protection.

Customer acknowledges and agrees that:

• The Services provide information and alerts that require Customer evaluation and action
• Customer remains solely responsible for its overall security posture and decisions
• Enigma Labs is not liable for security incidents that occur despite the Services functioning as designed (subject to Enigma Labs' obligation to perform with reasonable care and skill under Section 11.1)
• The effectiveness of the Services depends in part on Customer's configuration, response time, and overall security practices
• Customer should not rely on the Services as its sole security measure
• Threat detection is based on known patterns and AI analysis, which may not identify all threats, including novel or zero-day attacks

11.5 Third-Party Services

The Services may integrate with third-party services. Enigma Labs makes no warranties regarding third-party services and is not responsible for their availability, security, or performance.

11.6 Beta Features

Beta, pilot, or preview features are provided "AS IS" without any warranty, subject always to the reasonableness test in Article 40 of the Unfair Terms Law and to any liability that cannot lawfully be excluded. They may be discontinued at any time without notice.

The limitations and exclusions in this Section 12 are intended to operate as a fair allocation of risk between two business parties, and to satisfy the requirement of reasonableness in Article 40 of the Unfair Terms Law. Nothing in this Section excludes or restricts any liability that cannot lawfully be excluded under the Unfair Terms Law or any other applicable law.

12.1 Excluded Categories of Damages

To the maximum extent permitted by applicable law, neither party shall be liable for any:

• Indirect, incidental, special, consequential, or punitive damages
• Loss of profits, revenue, or business
• Loss of data or data-breach costs (except as part of direct damages subject to the cap in Section 12.2)
• Business interruption
• Loss of goodwill or reputation
• Cost of substitute services

Regardless of the theory of liability (contract, tort, strict liability, or otherwise), and even if advised of the possibility of such damages.

12.2 Liability Cap

Except for Excluded Claims (Section 12.3), each party's total aggregate liability under this Agreement shall not exceed the total Fees paid or payable by Customer in the twelve (12) months immediately preceding the event giving rise to the claim.

12.3 Excluded Claims

The following are not subject to the limitations in Sections 12.1 or 12.2:

• Customer's payment obligations for Fees
• Either party's indemnification obligations under Section 13
• Breaches of confidentiality obligations under Section 10
• Death or personal injury caused by negligence (Article 37(1) of the Unfair Terms Law, which expressly cannot be excluded)
• Gross negligence or wilful misconduct
• Fraud or fraudulent misrepresentation
• Any liability arising from a Personal Data Breach to the extent it gives rise to statutory liability under the DIFC Data Protection Law (including any administrative fine imposed under Article 62 of that Law and any compensation claim a Data Subject may make under that Law) or any other applicable data-protection law
• Any other liability that cannot lawfully be excluded or restricted under applicable law

12.4 Acknowledgment

Customer acknowledges that:

• The Fees reflect the allocation of risk in this Agreement
• The limitations of liability are essential to the Agreement
• Enigma Labs would not enter into this Agreement without these limitations
• These limitations are intended to satisfy the reasonableness test in Article 40 of the Unfair Terms Law and apply even if any remedy fails of its essential purpose, save to the extent prohibited by applicable mandatory law

12.5 Multiple Claims

The existence of multiple claims does not increase the liability cap. All claims arising from related facts or circumstances shall be treated as a single claim for purposes of the liability cap.

13.1 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Enigma Labs, its affiliates, and their officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from:

• Customer Data or Customer's use of Customer Data
• Customer's violation of this Agreement, including the Acceptable Use Policy
• Customer's violation of applicable laws
• Customer's infringement of third-party rights
• Claims by Customer's Authorized Users or end-users
• Customer's use of the Services in combination with other products or services not provided by Enigma Labs

13.2 Enigma Labs Indemnification

Enigma Labs shall defend, indemnify, and hold harmless Customer from and against any third-party claims that the Services (as provided by Enigma Labs and used in accordance with this Agreement) infringe a third party's Intellectual Property Rights, and shall pay any damages finally awarded or settlement amounts.

13.3 Exclusions from Enigma Labs Indemnification

Enigma Labs has no obligation for claims arising from:

• Customer's modification of the Services
• Combination of Services with products not provided by Enigma Labs
• Customer's use of the Services after notice to discontinue due to infringement
• Customer's use in violation of this Agreement
• Open-source components used in accordance with their licenses
• Customer Data or Customer-provided specifications

13.4 Indemnification Procedures

The indemnified party must:

• Provide prompt written notice of the claim to the indemnifying party (delay does not relieve obligations except to the extent of prejudice)
• Give the indemnifying party sole control of defense and settlement
• Provide reasonable cooperation (at indemnifying party's expense)
• Not admit liability or settle without the indemnifying party's prior written consent

13.5 Infringement Remedies

If the Services are held to infringe or Enigma Labs reasonably believes they may infringe, Enigma Labs may at its option and expense:

• Obtain the right to continue providing the Services
• Modify the Services to be non-infringing while maintaining material functionality
• Replace the Services with non-infringing alternatives of substantially equivalent functionality
• If none of the above are commercially reasonable, terminate the affected Services and provide a pro-rata refund of prepaid Fees for the unused period

14.1 Term

• This Agreement begins on the Effective Date
• Initial Subscription Term as specified in Order Form (monthly or annual)
• Auto-renews for successive periods of the same length unless terminated
• Continues until terminated as provided herein

14.2 Non-Renewal

Either party may prevent renewal by providing written notice at least 30 days before the renewal date:

• Customer notice to: legal@enigmacyber.com
• Enigma Labs notice to: Customer's registered email address
• Notice via email and registered post recommended for important communications

14.3 Termination for Cause by Either Party

Either party may terminate if the other party:

• Commits a Material Breach (as defined in Section 2) and fails to cure within 30 days of written notice specifying the breach
• Becomes subject to bankruptcy, insolvency, receivership, or liquidation proceedings (including any proceeding under the DIFC Insolvency Law)
• Ceases operations or makes an assignment for benefit of creditors

14.4 Termination for Cause by Enigma Labs

Enigma Labs may terminate immediately without notice or cure period if Customer:

• Fails to pay Fees within 60 days of due date
• Materially violates the Acceptable Use Policy
• Uses the Services in a manner that threatens the security or integrity of the platform
• Engages in illegal activity using the Services
• Attempts to circumvent security controls or access unauthorized data

14.5 Termination for Convenience by Enigma Labs

Enigma Labs may terminate for convenience with 90 days written notice. In this case, Customer receives a pro-rata refund of prepaid Fees for the unused portion of the Subscription Term.

14.6 Termination for Convenience by Customer

Customer may terminate for convenience at any time with written notice. However:

• No refunds of prepaid Fees (subject to Section 5.7 exception cases)
• Customer remains liable for Fees through the end of the current Subscription Term

14.7 Effects of Termination

Upon termination or expiration:

• Customer's access to Services terminates immediately (or at end of notice period, as applicable)
• Customer must cease all use of the Services
• Customer has 30 days to export Customer Data (see Section 6.8)
• After 30 days, Enigma Labs will delete Customer Data (within 90 days total)
• Each party must return or destroy the other's Confidential Information upon request
• Termination does not relieve Customer of obligation to pay accrued Fees

14.8 Survival

The following provisions survive termination:

• Section 2 (Definitions)
• Section 5 (payment obligations for accrued Fees) and 5.7 (No Refunds)
• Section 6.8 (Data Deletion)
• Section 9 (Intellectual Property Rights)
• Section 10 (Confidentiality) — for 5 years (indefinitely for trade secrets)
• Section 11 (Warranties and Disclaimers)
• Section 12 (Limitation of Liability)
• Section 13 (Indemnification)
• Section 14.7–14.8 (Effects of Termination, Survival)
• Section 17 (Governing Law and Dispute Resolution)
• Section 18 (General Provisions)

15.1 Right to Suspend

Enigma Labs may suspend Customer's access to Services, in whole or in part, if:

• Customer fails to pay Fees within 15 days of due date (after 5 days written notice)
• Customer violates the Acceptable Use Policy
• Required by law or legal process (including any binding direction issued by the Commissioner of Data Protection or another competent authority)
• Necessary to prevent harm to Enigma Labs, other customers, or third parties
• Customer's use poses a security risk to the platform
• Customer's account shows signs of unauthorized access

15.2 Notice

Enigma Labs will provide reasonable advance notice of suspension when feasible, except:

• Immediate suspension for serious AUP violations
• Immediate suspension for active security threats
• Suspension required by law or legal process

15.3 During Suspension

• Customer remains liable for all Fees during suspension
• Customer Data will be preserved during suspension
• If suspension continues for more than 60 days, Enigma Labs may delete Customer Data after providing 30 days advance written notice
• Suspension does not terminate the Agreement unless converted to termination

15.4 Resumption

Services will be restored promptly when:

• Overdue payments are received in full (including interest and costs)
• AUP violation is remedied to Enigma Labs' reasonable satisfaction
• Security threat is resolved
• Legal requirement is lifted

15.5 Good-Faith Limitation

Enigma Labs shall not be liable to Customer or any third party for any suspension exercised in good faith and in accordance with this Section 15.

16.1 Right to Modify

Enigma Labs may modify these Terms of Service from time to time.

16.2 Notice of Changes

Material changes include:

• Changes to Fees or payment terms
• Changes to limitation of liability
• Changes to Customer's substantive rights
• Changes to dispute-resolution provisions
• Changes to data handling or security practices

16.3 Acceptance of Changes

• Continued use of Services after the effective date constitutes acceptance
• If Customer objects to material changes, Customer may terminate before the effective date by providing written notice
• Termination for objection to material changes: pro-rata refund of prepaid Fees for the unused period, and no further payment obligations after the termination date

16.4 Current Terms

The current version of these Terms is always available at: https://enigmacyber.com/tos

Previous versions are available upon request to legal@enigmacyber.com.

17.1 Governing Law

This Agreement, and any dispute, claim, or non-contractual obligation arising out of or in connection with it, shall be governed by and construed in accordance with the laws applicable in the Dubai International Financial Centre, including (without limitation) the DIFC Contract Law, the DIFC Law of Obligations, the DIFC Implied Terms in Contracts and Unfair Terms Law, the DIFC Data Protection Law, and the DIFC Electronic Transactions Law, in each case as in force from time to time.

17.2 Exclusive Jurisdiction — DIFC Courts

Subject to Sections 17.3 (informal resolution), 17.5 (small claims), and 17.6 (injunctive relief), the parties submit to the exclusive jurisdiction of the DIFC Courts — namely the DIFC Court of First Instance, with appeal to the DIFC Court of Appeal — for the resolution of any dispute arising out of or in connection with this Agreement. The language of proceedings shall be English.

17.3 Informal Resolution

Before commencing proceedings, the parties shall attempt to resolve disputes informally:

• The complaining party sends written notice describing the dispute to the other party
• Parties have 30 days to attempt resolution through good-faith negotiation
• If not resolved within 30 days, either party may commence proceedings in accordance with Section 17.2

17.4 Costs

Each party shall bear its own costs and legal fees, unless the DIFC Courts award costs in accordance with their Rules.

17.5 Small Claims

Either party may bring a low-value monetary claim before the Small Claims Tribunal of the DIFC Courts, where the value of the claim falls within the Tribunal's jurisdictional limits as in force from time to time.

17.6 Injunctive Relief

Notwithstanding the exclusive jurisdiction provision in Section 17.2, either party may seek interim injunctive or other equitable relief from any court of competent jurisdiction to protect its Intellectual Property Rights or Confidential Information, without being required to post bond, and without prejudice to the substantive resolution of the dispute by the DIFC Courts.

17.7 Class Action Waiver

To the extent permitted by applicable law, all disputes shall be resolved on an individual basis. Neither party shall bring claims as a plaintiff or class member in any class, consolidated, or representative action.

18.1 Entire Agreement

This Agreement, including all documents incorporated by reference, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements, representations, and understandings, whether written or oral.

18.2 Order of Precedence

In case of conflict between documents, the following order of precedence applies:

1. Data Processing Addendum
2. Order Form or Statement of Work
3. These Terms of Service
4. Privacy Policy

18.3 Severability

If any provision of this Agreement is held invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid while preserving the parties' intent, or if modification is not possible, severed from the Agreement.

18.4 Waiver

No waiver of any provision of this Agreement shall be effective unless in writing and signed by the waiving party. Failure to enforce any right does not constitute a waiver of that right. A waiver of any breach does not constitute a waiver of any subsequent breach.

18.5 Assignment

• Customer may not assign this Agreement without Enigma Labs' prior written consent, which shall not be unreasonably withheld
• Enigma Labs may assign this Agreement to an affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets
• Any attempted assignment in violation of this section is void
• This Agreement binds and benefits the parties and their permitted successors and assigns

18.6 No Third-Party Beneficiaries

This Agreement is solely for the benefit of the parties hereto. No third party has any rights under this Agreement, except that Enigma Labs' affiliates are third-party beneficiaries of the limitation of liability and indemnification provisions, and except for any statutory rights that data subjects may have under the DIFC Data Protection Law or any other applicable data-protection law.

18.7 Independent Contractors

The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, agency, or employment relationship between the parties.

18.8 Force Majeure

Neither party is liable for delays or failures in performance due to circumstances beyond its reasonable control ("Force Majeure"), including:

• Natural disasters, pandemics, epidemics, or acts of God
• War, terrorism, riots, or civil unrest
• Government actions, regulations, embargoes, or sanctions
• Internet or telecommunications failures not caused by the affected party
• Cyberattacks on third-party infrastructure
• Labor disputes not involving the affected party's employees
• Power outages or utility failures

The affected party must:

• Provide prompt notice of the Force Majeure event
• Use reasonable efforts to mitigate the impact
• Resume performance as soon as reasonably practicable

If Force Majeure continues for more than 60 days, either party may terminate affected Services with written notice, and Customer will receive a pro-rata refund of prepaid Fees for the affected period.

Force Majeure does not excuse payment obligations for Services actually rendered prior to the Force Majeure event.

18.9 Notices

All legal notices must be in writing and sent to:

To Enigma Labs: Enigma Labs Technology Limited Attn: Legal Department IH-00-01-01-OF-01, Level 1, Innovation One Dubai International Financial Centre Dubai, United Arab Emirates Email: legal@enigmacyber.com

To Customer: The address and email provided during registration or as updated in account settings.

Notices are effective:

• When delivered personally
• One business day after sending by recognized overnight courier
• Upon confirmed delivery by email (read receipt or reply)
• Three business days after sending by registered mail

For important notices (termination, breach, legal claims), sending via both email and registered post is recommended.

18.10 Export and Sanctions Compliance

Customer shall comply with all applicable export-control, sanctions, and trade-restriction laws and regulations, including those of the United Arab Emirates (including the UAE Federal Law No. 13 of 2007 on Commodities Subject to Import and Export Control, as amended, and UAE sanctions administered by the Executive Office for Control and Non-Proliferation), the United States (including the Export Administration Regulations and OFAC sanctions), the United Kingdom, the European Union, and any other applicable regime. Customer shall not export or re-export the Services, or use the Services on behalf of, or for the benefit of, any prohibited country, person, or entity, including any person or entity listed on UN, UAE, US, UK, or EU sanctions lists.

18.11 Anti-Corruption and Anti-Money Laundering

Each party represents and warrants that it has not and will not, in connection with this Agreement:

• Violate any applicable anti-corruption, anti-bribery, or anti-money-laundering laws, including the UAE Federal Decree-Law No. 31 of 2021 issuing the Crimes and Penalties Law (and any successor or amending federal law), the UAE Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations (as amended), the UK Bribery Act 2010, and the US Foreign Corrupt Practices Act of 1977 (as amended)
• Offer, pay, promise, or authorize payment of money or anything of value to any government official, political party, or public international organization to influence official action or obtain improper advantage
• Engage in money laundering or terrorist financing

Violation of this section constitutes a Material Breach permitting immediate termination.

18.12 Government Customers

If Customer is a government entity, additional terms may apply. Contact legal@enigmacyber.com before accepting these Terms.

18.13 Audit Rights

Upon Customer's written request (no more than once per calendar year), Enigma Labs shall provide Customer with:

• Copies of available third-party audit reports and security attestations relevant to Enigma Labs' technical and organisational measures, subject to confidentiality obligations
• Written responses to reasonable security questionnaires (up to 100 questions)

On-site audits of Enigma Labs' facilities are not permitted except:

• As required by applicable data-protection law (including, where applicable, audit rights under the DIFC Data Protection Law, subject to the Data Processing Addendum)
• Following a confirmed Personal Data Breach affecting Customer Data
• Subject to separate written agreement on scope, timing, and cost allocation

18.14 Language

This Agreement is in English. The DIFC operates in English by statute. If translated into any other language, the English version prevails in case of conflict or ambiguity.

18.15 Headings

Section headings are for convenience only and do not affect the interpretation of this Agreement.

18.16 Construction

This Agreement shall not be construed against either party as the drafter. Both parties have had the opportunity to review this Agreement with legal counsel. The terms "include," "includes," and "including" are not limiting.

19.1 Legal Inquiries

For questions about these Terms:

• Email: legal@enigmacyber.com
• Mail: Enigma Labs Technology Limited, Attn: Legal Department, IH-00-01-01-OF-01, Level 1, Innovation One, Dubai International Financial Centre, Dubai, United Arab Emirates

19.2 Technical Support

For technical support:

• Email: support@enigmacyber.com
• Hours: Monday–Friday, 09:00–18:00 Gulf Standard Time

19.3 Security Issues

To report security issues or Acceptable Use Policy violations:

• Email: security@enigmacyber.com
• Response: Within 24 hours for security matters

19.4 Billing Inquiries

For billing questions:

• Email: billing@enigmacyber.com

19.5 Privacy Matters

For privacy-related questions:

• Email: privacy@enigmacyber.com
• DPO: dpo@enigmacyber.com
• Privacy Policy: https://enigmacyber.com/privacy
• Regulator: Commissioner of Data Protection, DIFC — Level 14, The Gate, PO Box 74777, Dubai, UAE; commissioner@dp.difc.ae

19.6 General Inquiries

For all other inquiries:

• Email: info@enigmacyber.com
• Website: https://enigmacyber.com

This document is governed by the laws applicable in the Dubai International Financial Centre, and is intended to be consistent with the DIFC Implied Terms in Contracts and Unfair Terms Law (DIFC Law No. 6 of 2005), the DIFC Data Protection Law (DIFC Law No. 5 of 2020, as amended), the DIFC Electronic Transactions Law (DIFC Law No. 2 of 2017, as amended), and other DIFC laws as in force from time to time. It is intended for business-to-business relationships. Enigma Labs Technology Limited recommends that all customers review these Terms with their legal counsel before accepting.

© 2026 Enigma Labs Technology Limited. All rights reserved.