Client Portal →

Watch Cloud Cyber Security LLC

Customer Service Agreement

Including Exhibit A — Services by Package  |  Exhibit B — Fees & SLA

By completing an Order or using the Services, Customer agrees to this Agreement.

1. Definitions

1.1  "Authorized User" means Customer's employees and contractors authorized to use the Services solely for Customer's internal business purposes.

1.2  "Confidential Information" means non-public information disclosed by one party to the other that is designated confidential or that should reasonably be understood as confidential given its nature and the circumstances.

1.3  "Device" means an endpoint or host (e.g., workstation, laptop, server, mobile, or VM) enrolled in the Services.

1.4  "Fees" means the amounts due for Services as set forth in Exhibit B (Fees), Orders, or SOWs.

1.5  "Order" means an ordering document (including online checkout) that references this Agreement and identifies the Services, subscription term, device counts, and Fees.

1.6  "Services" means collectively Company's cybersecurity services and any Third-Party Services provided or resold by Company, as described in Exhibit A (Services by Package & SLA) and applicable Orders/SOWs.

1.7  "Third-Party Services" means products or services provided by third-party vendors (e.g., MDR/SOC platforms, EDR, VPN, training platforms) that may be provisioned, managed, or resold by Company and are subject to such vendors' end-user terms.

2. Scope; Access; Changes to Services

2.1 Provision of Services.

Company will provide the Services to Customer in accordance with this Agreement and applicable Orders/SOWs. Customer grants Company the necessary access, credentials, and permissions to deploy and operate the Services on Customer Devices and network(s).

2.2 Service Modifications.

Company may modify, enhance, or discontinue features from time to time with reasonable notice where practicable.

2.3 Third-Party Services.

Customer acknowledges that Third-Party Services are governed by the relevant vendor's terms, SLAs, and privacy notices. Company does not control and is not responsible for third-party outages, defects, or changes, and disclaims all liability arising therefrom. Company will reasonably coordinate with vendors on Customer's behalf.

3. Customer Obligations

3.1 Security Hygiene.

Customer is responsible for: (a) timely OS/security patches and updates; (b) enabling MFA; (c) maintaining backups and verifying restorability; (d) ensuring Devices remain connected to the internet for monitoring; (e) promptly de-provisioning departed users; and (f) following Company guidance and policies.

3.2 Environment Changes.

Customer must promptly notify Company of new Devices, network changes, or material environment modifications that could affect the Services.

3.3 Cooperation.

Customer will promptly review and act on alerts, guidance, and tickets. Company is not responsible for Customer's failure to act or delays.

3.4 Compliance/Insurance.

Customer remains solely responsible for its regulatory compliance (including FTC Safeguards Rule and IRS Publication 4557 where applicable) and for maintaining appropriate cyber insurance commensurate with its risk profile.

3.5 Use Restrictions.

Customer shall not: (a) resell or provide the Services to third parties; (b) reverse engineer or circumvent technical controls; (c) use the Services in violation of laws; or (d) use the Services to compete with Company.

4. Fees; Billing; Taxes; Audits

4.1 Fees & Fee Changes.

Fees are as set forth in the applicable Order or SOW. Company may update Fees for upcoming Renewal Terms or for usage changes (e.g., Device counts) with 30 days' notice.

4.2 Billing & Payment.

Unless otherwise stated in an Order:

  • Billing: Monthly in advance (or annually in advance if selected).
  • Net Terms: Due upon receipt; late balances accrue 1.5% per month (or the maximum allowed by law), plus reasonable collections costs and attorneys' fees.
  • Auto-Debit: Customer authorizes Company to charge the designated payment method for recurring Fees and usage adjustments.

4.3 Device Counts.

Fees adjust automatically based on the greater of (i) the device count on the Order or (ii) the number of Devices actually onboarded or detected using licensing telemetry during the billing period. Customer will cooperate with audits (reasonable notice, not more than twice per year).

4.4 Taxes.

Fees are exclusive of taxes; Customer is responsible for all sales, use, VAT, GST, and similar taxes (excluding taxes on Company's income).

4.5 No Setoff.

Customer may not withhold, reduce, or set off Fees.

5. Term; Renewal; Suspension; Termination

5.1 Term.

The initial term for each Order starts on the purchase date in that Order and continues for the Initial Term stated (default one (1) year), renewing automatically for successive one-year Renewal Terms unless either party gives 30 days' notice before the current term ends.

5.2 Suspension.

Company may suspend Services for: (a) non-payment; (b) security or legal risk; (c) Customer breach. Suspension does not relieve payment obligations.

5.3 Termination for Cause.

Either party may terminate an Order or this Agreement for material breach not cured within 15 days after written notice.

5.4 Company Termination for Convenience.

Company may terminate any Order or Service for convenience upon 30 days' notice; Company will refund prepaid, unused Fees for the terminated Service as Customer's exclusive remedy.

5.5 Customer Early Termination.

If Customer terminates for convenience or without cause, Customer must pay an Early Termination Charge equal to the lesser of: (a) the remaining Fees for the then-current term, or (b) three (3) months of Fees.

5.6 Effect of Termination.

Upon termination or expiration: (a) all amounts due become immediately payable; (b) Customer will cease use of and uninstall Service components; (c) each party will return or destroy the other's Confidential Information (except one archival copy as required by law or for record-keeping). Sections intended to survive (including 3–4, 6–12, and payment obligations) shall survive.

6. Confidentiality; Publicity

6.1 Confidentiality.

Receiving party will use disclosing party's Confidential Information only to exercise its rights/perform obligations and will protect it using at least reasonable care. Exceptions apply to information that is public without breach, known before disclosure, independently developed, or rightfully received from a third party.

6.2 Injunctive Relief.

Breach of confidentiality may cause irreparable harm; the non-breaching party may seek equitable relief without posting bond.

6.3 Publicity.

Company may use Customer's name and logo in customer lists, websites, and case studies; Customer may opt out by written notice.

7. Data; Privacy; Security; Templates

7.1 Data Use.

Company may process telemetry, logs, indicators of compromise, and other operational data to provide and improve the Services, including aggregated/anonymized analytics.

7.2 Personal Information.

Each party will comply with applicable privacy laws, including GLBA where applicable. Neither party will use or disclose personal information other than to perform under this Agreement.

7.3 Data Processing; Cross-Border.

Customer authorizes Company and its subprocessors to process data in locations where they operate, subject to appropriate safeguards.

7.4 No Legal Advice; Templates.

Company may provide WISP and Incident Response Plan templates and security training content for convenience only. Templates are not legal advice and must be reviewed and customized by Customer and its counsel.

8. Intellectual Property

8.1 Ownership.

Company and its licensors retain all rights, title, and interest in and to the Services, documentation, portals, playbooks, templates, training content, and any deliverables or configurations, including all related IP rights.

8.2 License.

During the term, Company grants Customer a limited, non-exclusive, non-transferable, revocable right for Authorized Users to access and use the Services for Customer's internal business purposes.

8.3 Feedback.

Feedback is voluntary and may be used by Company without restriction; Customer assigns all rights in Feedback to Company.

9. Warranties; Disclaimers

9.1 Mutual Authority.

Each party represents it has the authority to enter this Agreement.

9.2 Service Disclaimer.

THE SERVICES, TEMPLATES, AND ANY THIRD-PARTY SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE," WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR RESULTS. SECURITY IS PROBABILISTIC; NO SERVICE CAN GUARANTEE PREVENTION OF ALL THREATS OR REGULATORY COMPLIANCE.

10. Indemnification

10.1 By Customer.

Customer will defend, indemnify, and hold harmless Company and its affiliates, officers, directors, employees, agents, and vendors from claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of: (a) Customer data or instructions; (b) Customer's breach of this Agreement or laws; or (c) use of the Services in violation of Section 3.5.

10.2 By Company (Limited).

Company will defend Customer from third-party claims alleging that Customer's authorized use of the Services (excluding Third-Party Services) directly infringes a U.S. patent, copyright, or trademark, and will pay final damages awarded by a court or agreed in settlement. Company may, at its option: (i) procure the right to continue use; (ii) modify or replace the Services; or (iii) terminate the affected Service and refund prepaid, unused Fees. This Section does not apply to claims arising from Customer data, combinations not provided by Company, or use contrary to documentation.

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

(a) EXCLUSION OF DAMAGES. NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, COVER, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY.

(b) CAP. COMPANY'S TOTAL LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT WILL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO COMPANY FOR THE AFFECTED SERVICES IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO LIABILITY.

(c) ALLOCATIONS. THESE LIMITATIONS APPLY REGARDLESS OF THEORY OF LIABILITY AND FORM AN ESSENTIAL BASIS OF THE BARGAIN.

12. Dispute Resolution; Arbitration; Class Action Waiver

12.1 Good-Faith Resolution.

The parties will attempt in good faith to resolve disputes through their executive contacts before escalating.

12.2 Arbitration.

Any dispute arising out of or relating to this Agreement shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The seat and venue of arbitration shall be Palm Beach County, Florida. A single arbitrator shall preside unless the parties agree otherwise. Judgment on the award may be entered in any court of competent jurisdiction.

12.3 Injunctive Relief & Small Claims.

Either party may seek temporary injunctive relief in court to protect Confidential Information or IP. Either party may bring an individual action in small claims court.

12.4 Class Action Waiver & Jury Trial Waiver.

Disputes will be conducted only on an individual basis; class, consolidated, or representative actions are waived. THE PARTIES WAIVE JURY TRIAL to the extent permitted by law.

12.5 Limitations Period.

Any claim must be filed within one (1) year after the cause of action accrues, or it is permanently barred.

13. Marketing Communications Consent

By entering this Agreement and providing contact information (including phone, mobile, mailing address, and email), Customer authorizes Company and its representatives to contact Customer for marketing, informational, and transactional purposes via phone, SMS/MMS, email, and other electronic means. Message/data rates may apply. Customer may opt out of marketing at any time (reply "STOP" or use unsubscribe links). Consent is not a condition of purchase and opting out of marketing does not affect necessary transactional communications.

14. Electronic Signatures; Records

Customer consents to electronic delivery of disclosures and use of electronic signatures and records. Paper copies are available on request and may incur a reasonable fee. Customer agrees to maintain accurate contact details and system requirements necessary to receive and retain electronic records.

15. Compliance with Laws; Export; Anti-Circumvention

Each party will comply with applicable laws. Customer will not export or re-export the Services in violation of export control/sanctions laws. Customer shall not bypass Company to procure substantially similar services from Company's vendors for the purpose of avoiding Fees during the term and for 12 months thereafter (non-circumvention).

16. Assignment; Subcontracting; Independent Contractors

Customer may not assign this Agreement without Company's prior written consent (not to be unreasonably withheld). Company may assign to an affiliate or in connection with a merger, acquisition, or sale of assets and may subcontract portions of the Services. The parties are independent contractors.

17. Force Majeure

Neither party is liable for delays or failures due to events beyond its reasonable control (including power/internet outages, cyberattacks on infrastructure, vendor failures, labor disputes, acts of God, or governmental actions). Payment obligations are excluded.

18. Notices

Notices must be in writing and delivered by email with confirmation, certified mail, courier, or via the Service portal to the contacts listed above (or updated by notice). Notice is deemed given upon confirmation/receipt.

19. Entire Agreement; Order of Precedence; Waiver; Severability

This Agreement (with Exhibits, Orders, SOWs, and incorporated policies) is the entire agreement. In case of conflict, the following order of precedence applies: (1) Order (pricing/quantities/term only), (2) SOW, (3) this Agreement, (4) Exhibits, (5) Policies. No waiver is effective unless in writing. If any provision is unenforceable, the remainder remains in effect.

20. Governing Law

This Agreement is governed by the laws of the State of Florida, without regard to conflicts-of-law rules, and subject to Section 12 for dispute resolution.

Exhibit A

Services by Package & Service Level Agreement (SLA)

A.1  Overview

Watch Cloud Cyber Security provides endpoint-focused cybersecurity services designed to reduce risk and aid in detection, triage, and response. Services are organized into three (3) subscription packages. Each package includes the services described below, delivered as managed services unless otherwise noted. All packages are subject to the SLA in Section A.5.

Out of Scope for all packages (unless covered by a separate SOW): On-site work, digital forensics, legal notifications, regulator reporting, eDiscovery, breach counsel, PR, data restoration, helpdesk, MSP services, and hands-on keyboard remediation.

Cyber Shield

Foundation plan for financial and insurance professionals

A.2  Cyber Shield — Included Services

1.  24/7 Threat Monitoring & Managed Detection

Continuous telemetry collection and monitoring for enrolled Devices. Triage of alerts, enrichment, and remediation guidance with actionable steps. Ticketing, notifications, and periodic reporting.

Note: Services are designed to detect and help mitigate threats but do not guarantee detection or prevention of all attacks.

2.  Antivirus Protection

Deployment and management of antivirus/anti-malware software on enrolled Devices to detect and quarantine known threats.

3.  Remote Device Management

Remote monitoring and basic management of enrolled Devices to support service delivery, patch visibility, and security posture assessment.

4.  Incident Response Support

Upon confirmation of a Security Incident on a protected Device, Company will provide guidance, triage support, and recommended remediation steps. Customer remains responsible for executive decisions and execution. Hands-on keyboard remediation requires a separate IR SOW.

5.  Regulatory Alignment Support

Guidance to assist Customer in understanding applicable cybersecurity regulatory requirements, including the FTC Safeguards Rule and IRS Publication 4557. Does not constitute legal advice.

6.  Written Information Security Plan (WISP) — Template

A customizable WISP template reflecting the Services provided under this package. Customer must tailor, review, and adopt with its counsel. Company is not providing legal advice.

7.  Incident Response Plan — Template

A customizable Incident Response Plan template with suggested steps. Customer must adapt and adopt internally. Company provides guidance during an incident; hands-on execution requires a separate SOW.

8.  Self-Serve Onboarding

Access to Company's self-guided onboarding resources, documentation, and setup instructions for deploying Services on enrolled Devices.

Practice Defender

For established practices and multi-staff firms  |  Audit Support Included

A.3  Practice Defender — Included Services

Practice Defender includes all Cyber Shield services (Section A.2) plus the following:

1.  1-on-1 Onboarding

A dedicated onboarding session with a Company representative to configure and deploy Services, verify coverage, and walk Customer through the platform and reporting tools.

2.  Dedicated Account Manager

Customer will be assigned a dedicated Account Manager as the primary point of contact for ongoing service management, renewals, escalations, and strategic guidance.

3.  Dark Web Monitoring

Continuous monitoring of dark web sources, forums, and credential marketplaces for Customer's domain(s) and designated email addresses. Customer will be notified of confirmed exposures via ticket and email.

4.  Email Monitoring

Monitoring of Customer's email environment for indicators of compromise, account takeover attempts, suspicious login activity, and anomalous behavior. Supports Microsoft Office 365 and Google Workspace environments.

5.  Phishing Awareness Training

Access to Company's phishing awareness education platform including training modules covering social engineering, credential phishing, and best practices for identifying and reporting suspicious communications.

6.  Phishing Simulations

Periodic simulated phishing campaigns sent to Customer's users to test susceptibility and reinforce training. Results and participation metrics provided by request.

7.  Microsoft Office & Google Workspace Alerts

Real-time alerting on anomalous or suspicious activity within Customer's Microsoft Office 365 or Google Workspace environment, including unauthorized access attempts, permission changes, and data exfiltration signals.

8.  Microsoft Office & Google Workspace Backup

Automated backup of Customer's Microsoft Office 365 or Google Workspace data (email, files, and contacts as applicable). Backup retention and restoration are subject to plan parameters and additional storage charges where applicable.

9.  Watch Cloud Readiness Kit (Audit Support)

Upon Customer notification that it is facing or anticipating a regulatory audit or examination (including FTC Safeguards Rule or IRS-related reviews), Company will provide the Watch Cloud Readiness Kit: a curated package of documentation, evidence artifacts, and guidance materials to support Customer's audit response. Does not constitute legal advice; Customer and its counsel remain responsible for all regulatory submissions and responses.

Firm Elite

For high-volume and multi-location firms  |  5 Device Minimum

A.4  Firm Elite — Included Services

Firm Elite includes all Practice Defender services (Section A.3) plus the following:

1.  Priority Incident Response

Firm Elite Customers receive prioritized escalation and response for confirmed Security Incidents. Company will assign senior personnel and provide accelerated triage, remediation guidance, and executive communication during active incidents.

2.  Dedicated Security Specialist

Customer will be assigned a dedicated Security Specialist with deeper technical expertise to support ongoing threat management, security posture reviews, and strategic security planning beyond standard account management.

3.  Quarterly Security Reviews

Scheduled quarterly meetings with Customer's designated contacts and Company's Security Specialist to review threat landscape activity, security posture, coverage gaps, incidents, and recommended improvements. Delivered via video conference or on-site (travel costs not included for on-site).

4.  Multi-Location Support

Services are designed and coordinated to support Customer environments spanning multiple physical locations, with unified visibility, reporting, and management across all enrolled Devices and locations under the same Order.

A.5  Service Level Agreement (SLA) — All Packages

SLA Item Commitment
Monitoring Window 24x7x365 monitoring and triage for all enrolled Devices across all packages.
Incident Notification For confirmed Security Incidents (high-risk attacks on protected Devices), Company will notify Customer via ticket, email, and/or phone within one (1) business day of confirmation.
Priority Response (Firm Elite) Accelerated triage and senior escalation for active Security Incidents. Response timing dependent on incident severity and Customer cooperation.
Availability Exclusions Scheduled maintenance; outages or delays caused by third-party vendors, Customer environment, internet/ISP, or force majeure events.
Customer Dependencies Customer must: maintain endpoint connectivity and supported OS versions; apply patches and updates timely; provide and maintain accurate contacts and escalation paths; and act promptly on remediation guidance.

Disclaimer: Deployment of the Services does not guarantee that intrusions, compromises, or other unauthorized activity will not occur. Customer remains responsible for acting on alerts and guidance. Company is not liable for Customer's failure to act, delays, misconfigurations, unsupported systems, or changes made without Company's knowledge.

Exhibit B

Fees, Billing & Payment Terms

B.1  Package Summary

Package Best For Device Minimum
Cyber Shield Foundation plan for financial and insurance professionals. 1 device minimum
Practice Defender For established practices and multi-staff firms. Includes audit support. 1 device minimum
Firm Elite For high-volume and multi-location firms. 5 device minimum

Fees for each package are set forth in the applicable Order. Annual billing options are available; terms are stated in the Order.

B.2  Fee Schedule Notes

  • Minimum Commitment: One (1) Device minimum per Order (five (5) for Firm Elite).
  • True-Up: Fees adjust based on the greater of (i) the device count on the Order or (ii) the number of Devices actually onboarded or detected using licensing telemetry during the billing period.
  • Cloud Backup Storage: Microsoft Office & Google Workspace backup (Practice Defender and Firm Elite) is subject to additional storage charges beyond standard plan parameters. Storage rates are quoted separately upon request.
  • Onboarding/Offboarding Fees: Company may charge a reasonable one-time onboarding or offboarding fee where significant effort is required. Quoted in advance upon request.
  • Fee Changes: Company may modify Fees for upcoming Renewal Terms or for usage changes with 30 days' notice.
  • Refunds: Refunds are at Company's discretion, except as expressly stated in Sections 2.2 and 5.4.

B.3  Payment Terms

Term Detail
Billing Cycle Monthly in advance (or annual in advance if selected).
Due Date Upon receipt.
Late Fees 1.5% per month (or maximum allowed by law) on overdue balances.
Collections Customer pays reasonable costs of collection, including attorneys' fees.
Taxes Fees are exclusive of all applicable taxes; Customer is responsible for payment.
Auto-Debit Authorization Customer authorizes Company to charge the designated payment method for recurring Fees, usage true-ups, and adjustments.

End of Agreement