Engaiz

Subscriber Agreement for

Program

Last Updated – 20th March, 2025

This Subscriber Agreement (the “Agreement”) is a legal agreement entered into by and between ENGAIZ Inc. (referred to as “ENGAIZ“) and the Participant enrolling in the CyberWarranty360™ Program pursuant to the terms herein. This Agreement governs Participant’s access to benefits available in the CyberWarranty360™ Program. This Agreement is effective on the date Participant fully-enrolls to receive benefits and agrees to the terms set forth herein and the Provider Terms included on the enrollment portal (the “Effective Date”). The enrollment portal is referred to herein as the “Token Portal”.
BY ENROLLING IN THE CyberWarranty360™ PROGRAM AND CLICKING A “SUBMIT” OR “CONTINUE” BUTTON ASSOCIATED WITH THIS AGREEMENT, PARTICIPANT (OR ITS AUTHORIZED AGENT, IF APPLICABLE) EXPRESSLY AND EXPLICITLY ACKNOWLEDGES AND AGREES (I) IT IS A BUSINESS ENTITY ORGANIZED UNDER THE LAWS OF THE UNITED STATES; (II) THIS IS A BINDING AGREEMENT AND PARTICIPANT HEREBY AGREES TO THE TERMS OF THIS AGREEMENT; AND (III) PARTICIPANT ACCEPTS THE OFFER TO ENROLL IN THE CyberWarranty360™ PROGRAM PURSUANT TO THE TERMS HEREIN. PARTICIPANT’S ENROLLMENT IS CONSIDERED ACCEPTED WHEN PARTICIPANT RECEIVES A CONFIRMATION EMAIL FROM ENGAIZ EVIDENCING PARTICIPANT’S SUCCESSFUL ENROLLMENT. IF YOU ARE AN EMPLOYEE OR OTHER REPRESENTATIVE ENTERING INTO THIS AGREEMENT ON BEHALF OF PARTICIPANT, YOU HEREBY REPRESENT AND WARRANT TO ENGAIZ THAT YOU ARE (A) AUTHORIZED TO ENTER INTO THIS AGREEMENT ON BEHALF OF PARTICIPANT; AND (B) YOU ARE OVER 18 YEARS OLD. IF PARTICIPANT DOES NOT ACCEPT ALL THE TERMS AND CONDITIONS IN THIS AGREEMENT OR IS NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT, DO NOT ACCEPT THE TERMS OF THIS AGREEMENT.
In consideration of the mutual covenants and agreements contained herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

1. Definitions

Any capitalized terms not otherwise defined herein shall have the meaning set forth in the Solutions Agreement (“Solutions Agreement”) made by and between Participant and ENGAIZ for the delivery of the ENGAIZ solutions.
  • “BEC Event” means a business email compromise (BEC) that results in funds transfer or invoice fraud.
  • “Benefit End Date” means the last day of the Enrollment Term as set forth on the Enrollment Confirmation.
  • ”Business Income Event” means a Security Breach.
  • “Compliance Event” means a cyber breach that triggers HIPAA, PCI, OSHA, and/or state related violations including, but not limited to data loss, sanctioned non-compliance penalty or fine, or other related expenses.
  • “Cyber Legal Liability Event” means a suit arising out of a breach of privacy and/or security related to a cyberattack, loss or misuse of data, or media peril related to content on Participant’s website where legal defense expenses and settlement costs are incurred.
  • “Enrollment Confirmation” means the email issued by ENGAIZ to Participant confirming Participant’s enrollment in the CyberWarranty360™ Program upon Participant’s enrollment in the Token Portal and sets forth the Benefit Start Date and Benefit End Date.
  • “Enrollment Term” means the period within which Participant may receive Recovery Benefits and which begins on the Benefit Start Date as defined in Section 2(a) below and ends on the Benefit End Date as defined in Section 2(b) below.
  • “Event” means a Ransomware Event, BEC Event, Business Income Event, Compliance Event and Cyber Legal Liability Event.
  • “Provider” means ENGAIZ’s third-party service provider who has contracted with ENGAIZ to provide Participant with the benefits set forth herein.
  • “Ransomware Event” means the unauthorized access to at least one Participant endpoint in the form of ransomware which has caused material harm to Participant, whereby “material harm” must include at least one of the following: (i) the unauthorized acquisition of unencrypted digital data that compromises the security, confidentiality, or integrity of personal information or confidential information maintained by Participant; (ii) public disclosure of personal information or confidential information maintained by Participant; or (iii) the compromise of at least one Participant endpoint resulting the blocking of access to such endpoint.
  • “Recovery Services” means the funds or services provided by Provider to support the repair, remediation, and/or replacement Participant’s environment in which damage was incurred as a result of an Event, including, but not limited to, removing and remediating those elements that caused the Event. and
  • “Security Breach” means the malicious, intentional, and willful misuse of a Participant’s computer system to deny legitimate users’ access to their network that results in the loss of business income (net profit or loss before income taxes) which would have been earned or incurred had no loss occurred, and/or any reasonable, continuing, and normal operating expenses that were affected by the incident, as calculated in the reasonable discretion of Provider Solutions.

2. CyberWarranty360™ Program

  • Benefit Start Date: Participant’s Enrollment Term will begin on the Benefit Start Date. 
  • Benefit End Date: Unless otherwise terminated earlier pursuant to Section 9 below, Participant’s Enrollment Term will automatically terminate on the Benefit End Date. 

3. CyberWarranty360™ Program Benefits.

During the Enrollment Term, Participant may submit a claim by notifying Provider at [email protected] that one of the Events has occurred during the Enrollment Term:
  • Ransomware Event
  • BEC Event
  • Compliance Event
  • Cyber Legal Liability Event and/or
  • Business Income Event.
Should an Event occur, and provided an exclusion set forth in Section 4 below does not apply, Provider will provide Participant with Recovery Services, subject to the following:
  • Participant may only make one (1) claim during the Enrollment Term.
  • Participant must have a commercially reasonable belief that damages resulting from the Event will exceed $5,000.
  • Recovery Services will not exceed Participant’s maximum Program Service Coverage Level as specified within Participant’s enrollment acknowledgement.
  • Payment of the deductible, if any. and
  • Recovery Services are provided in accordance with any additional terms and conditions applicable to such Events as specified in the Program Confirmation Summary attached hereto as Schedule 1.

4. Recovery Service Exclusions

Recovery Services may be restricted to the country in which Participant subscribed to the Solutions. Recovery Services will not be provided if any one or more of the following conditions occur specific to the nature of the loss:
  • Participant fails to take commercially reasonable measures to undertake preventative maintenance, including patching that is up to date per the software manufacturer’s release cycle.
  • Participant fails to deploy an offline data backup solution for critical business data.
  • Participant fails to deploy industry standard and up-to-date anti-virus or comparable prevention tools on its endpoints.
  • Participant does not have the Solutions actively deployed in the Participant’s environment in which the Event occurred.
  • Participant’s Solution Agreement has terminated or expired.
  • Participant is unable to provide proof of the Event or cannot verify the Event through log/event data.
  • There is a systemic failure of ENGAIZ’s infrastructure that results in an Event.
  • If a Participant is regulated under HIPAA/PCI/SEC:
    • Participant has not completed an annual risk assessment and documented risks.
    • PHI Inventory has not been fully completed and accounted for prior to an incident and claim.
    • Subject to Participant’s standard historical employment practices related to HIPAA training for new employees, all of Participant’s employees have not completed HIPAA training within the 12 months prior to any incident and claim.
    • Participant has not adopted and adhered to all privacy and security policies related to the state and/or other federal regulatory requirements to which Participant is subject prior to any Event.
  • The Event did not occur during the Enrollment Term. and
  • Participant does not submit the claim during the Enrollment Term

5. Claim Process

  • Participant must report the Event to the Provider within forty-eight (48) hours of discovery of the Event. PARTICIPANT MUST PROVIDE PROVIDER WITH SUFFICIENT INFORMATION, SUCH DETERMINATION TO BE MADE IN PROVIDER’S REASONABLE DISCRETION, TO VALIDATE THE DAMAGES INCURRED AS A RESULT OF THE EVENT WITHIN FIFTEEN (15) DAYS AFTER DISCOVERY OF THE EVENT. IF PARTICIPANT FAILS TO DELIVER SUCH INFORMATION TO PROVIDER AS SET FORTH HEREIN, PARTICIPANT’S CLAIM WILL BE TREATED AS AN INVALID EVENT THAT IS INELIGIBLE FOR RECOVERY SERVICES PURSUANT TO THE TERMS OF THIS AGREEMENT.
  • Participant understands that it is responsible for reporting any Events to its insurance carrier regardless of whether Participant elects to make a claim with Provider under this CyberWarranty360™ Program.
  • By submitting a claim and information to Provider, Participant understands and acknowledges that Provider has separate terms and conditions related to privacy and data protection as set forth in Provider’s website terms, privacy policies, or other agreements made by and between Participant and Provider which will govern the use and protection of the information. ENGAIZ does not accept liability or responsibility for Provider. Participant understands and agrees that it should review such terms prior to submission of information. In the event Participant requests that ENGAIZ provide information directly to Provider on Participant’s behalf, Participant authorizes and consents to ENGAIZ sharing the information with Provider, subject to the terms set forth in this Section 5(c).
  • Claims made under the CyberWarranty360™ Program are subject to Provider’s standards of review. If Provider denies coverage to Participant for any claim, notwithstanding anything to the contrary in this Agreement, ENGAIZ shall have no liability to Participant
  • To receive Recovery Services under the CyberWarranty360™ Program, Participant agrees to:
    • Provide documentation evidencing the Participant’s date of enrollment in the CyberWarranty360™ Program.
    • Provide log files and information about the symptoms and causes of a network compromise pertaining to the claim. and
    • Verify cyber event via log files and/or other documentation of malicious code that resulted in loss of data and/or records that triggered a violation of state and/or federal regulatory enforcement to which Participant is subject.

6. Warranty Disclaimer

EXCEPT AS SPECIFICALLY SET FORTH HEREIN, ENGAIZ MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY TO PARTICIPANT, REGARDING OR RELATING TO THE CyberWarranty360™ PROGRAM OR ITS SOLUTIONS PROVIDED TO PARTICIPANT UNDER THIS AGREEMENT OR THE SOLUTIONS AGREEMENT, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE CyberWarranty360™ PROGRAM WILL MEET PARTICIPANT’S REQUIREMENTS OR THAT THE OPERATION THEREOF OR ACCESS THERETO WILL BE ERROR FREE, CURRENT OR UNINTERRUPTED. TO THE GREATEST EXTENT ALLOWED BY LAW, ENGAIZ SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE, EXCEPT TO THE EXTENT THAT ANY WARRANTIES IMPLIED BY LAW CANNOT BE VALIDLY WAIVED.

7. Limitation of Liability

FOR ANY CAUSE RELATED TO OR ARISING OUT OF THIS AGREEMENT, WHETHER IN AN ACTION BASED ON A CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR ANY OTHER LEGAL THEORY, HOWEVER ARISING, ENGAIZ WILL IN NO EVENT BE LIABLE TO CUSTOMER OR ANY THIRD PARTY FOR LOST REVENUES, PROFITS, BUSINESS OR GOODWILL, BREACHES BY PROVIDER, OR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES. IN NO EVENT WILL ENGAIZ’S LIABILITY EXCEED $100. THESE LIMITATIONS SHALL APPLY WHETHER OR NOT ENGAIZ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

8. Updates

ENGAIZ reserves the right to modify this Agreement and any terms related to the CyberWarranty360™ Program in ENGAIZ’s sole discretion. Should ENGAIZ make any modifications to the Agreement or the CyberWarranty360™ Program, ENGAIZ will post the amended terms at TERMS LINK and will update the “ Last Updated Date ” within such document or provide notification by such other reasonable notification method implemented by ENGAIZ.

9. Termination

This Agreement, the CyberWarranty360™ Program, and Participant’s Enrollment Term may be terminated by ENGAIZ for convenience and for any reason in ENGAIZ’s sole discretion and ENGAIZ will have no further liabilities to Participant under this Agreement. ENGAIZ will use commercially reasonable efforts to notify Participant of any such termination. For the avoidance of doubt, termination of the Solutions Agreement shall terminate this Agreement, but termination of this Agreement shall not terminate the Solutions Agreement.

10. Survival

Sections 1, 6, 7, 9 and 11 will survive the non-renewal or termination of this Agreement.

11. Survival

  • Except as otherwise provided herein, all notices, requests, consents, claims, demands, waivers and other communications hereunder shall be in writing and shall be deemed to have been given: (a) when delivered by hand (with written confirmation of receipt); (b) on the next business day after the date sent, if sent for overnight delivery by a generally recognized international courier (e.g., FedEx, UPS, DHL, etc.) (receipt requested); or (c) on the date sent by e-mail (with confirmation of transmission) if sent during normal business hours of the recipient, and on the next business day if sent after normal business hours of the recipient. ENGAIZ’s address for notification purposes shall be: [email protected]. Participant’s address for notification purposes shall be as set forth the Solutions Agreement. Either party may update its notice address upon written notice to the other party.
  • Participant shall not be entitled to assign, subcontract, delegate or otherwise transfer any of its rights and/or duties arising out of this Agreement and/or parts thereof to third parties, voluntarily or involuntarily, including by change of control, operation of law or any other manner, without ENGAIZ’s express prior written consent. Any purported assignment, subcontract, delegation, or other transfer in violation of the foregoing shall be null and void.
  • This Agreement shall be governed by the laws of the State of California without regard to the conflicts of law provisions thereof. Any controversy or claim arising out of or relating to this Agreement, or the breach thereof, shall be settled by arbitration in Santa Clara County, California in English and in accordance with the JAMS International Arbitration Rules then in effect. Any judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for preliminary injunctive relief pending a final decision by the arbitrator(s), provided that a permanent injunction and damages shall only be awarded by the arbitrator(s). In any action or proceeding to enforce rights under this Agreement, the prevailing party shall be entitled to recover costs and attorneys’ fees.
  • No failure or delay by ENGAIZ in exercising any right, power or privilege hereunder shall operate as a waiver thereof nor shall any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any other right, power, or privilege.
  • If any provision of this Agreement is held invalid or unenforceable by any court of competent jurisdiction, the other provisions of this Agreement will remain in full force and effect. Any provision of this Agreement held invalid or unenforceable only in part or degree will remain in full force and effect to the extent not held invalid or unenforceable. The parties agree to replace such void or unenforceable provision of this Agreement with a valid and enforceable provision that will achieve, to the extent possible, the economic, business and other purpose of such void or unenforceable provision.
  • This Agreement (including the exhibits hereto) constitutes the parties’ entire agreement by and between the parties with respect to the subject matter hereof and supersedes any prior or contemporaneous agreement or understanding by and among the parties with respect to such subject matter.
  • ENGAIZ is not responsible for any failures or delays in performing under the CyberWarranty360™ Program that are due to events outside of ENGAIZ’s reasonable control.
  • The CyberWarranty360™ Program may not be available in all jurisdictions and is not available where prohibited by law.
CyberWarranty360™ Program Confirmation Summary

Subject to all terms and conditions in the Subscriber Agreement, the CyberWarranty360™ Program provides the following coverage limitations:

Participants enrolled in the $500,000 Level
Program Service Coverage - $500,000 level Per Claim Per Participant
Compliance Event
A Maximum of $100,000 USD
$100,000 USD
Ransomware Event & BEC Event
A Maximum of $100,000 USD
$100,000 USD
Cyber Legal Liability Event
A Maximum of $250,000 USD
$250,000 USD
Business Income Event
A Maximum of $50,000 USD (There is a $2,500 USD per-claim deductible that applies to this Event)
$ 50,000 USD
Participant must first exhaust any other service guarantee that would apply to these expenses.