Terms & Conditions

Last updated: January 20, 2026

1. Introduction and Acceptance

1. Acceptance of Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("User," "you," or "your") and CyberResilient AB (reg. no. 556702-0200) ("we," "us," "our," or "Company").

CyberResilient AB is part of the Internetworking Stockholm AB corporate group, which also includes:

  • Cyber Defencely Sweden AB (reg. no. 559501-5594)
  • Internetworking Stockholm AB (reg. no. 556990-8220)
  • Navis Mater AB (reg. no. 559537-7184)

These Terms govern your access to and use of the CyberResilient platform ("Platform"), including all related Services, features, content, and applications (collectively, the "Services").

CyberResilient AB may engage other entities within the corporate group to provide certain parts of the Services. You may therefore receive communications, support, or services from any group entity, but your contractual relationship remains with CyberResilient AB.

You must read and expressly accept these Terms before creating an account or using the Services. During the registration process, you will be required to confirm that you have read, understood, and agree to be bound by these Terms by checking the acceptance box.

If you do not agree to these Terms, you may not create an account or use the Services. By checking the acceptance box, you confirm that you accept these Terms on your own behalf and, where applicable, on behalf of the organisation you represent.

2. Eligibility

You must be at least 18 years old and have the legal capacity to enter into binding agreements to use our Services. By using the Services, you represent and warrant that you meet these requirements.

The Services are not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a user is under 18, we will promptly terminate their account and delete their personal data, except where retention is required by law. If you believe a minor has created an account, please contact us immediately at info@cyberdefencely.com.

For business users: By accepting these Terms, you confirm that you have the authority to bind your organisation to these Terms.

3. Changes to Terms

We may update these Terms at any time. Material changes will be notified at least 30 days in advance. Minor updates may be made without prior notice and take effect upon posting. Changes required by law or for urgent security reasons may take effect immediately. Continued use of the Services after the effective date constitutes acceptance of the updated Terms. If you do not agree, you must stop using the Services and may delete your account.

2. Description of Services

1. Platform Overview

CyberResilient currently provides one primary Service:

  • Cybersecurity Maturity Assessment (including but not limited to the following features):
    • Interactive questionnaires to evaluate your organisation's cybersecurity maturity
    • AI-powered analysis and report generation
    • Personalised recommendations based on assessment responses
    • PDF export functionality for reports

2. Freemium Model

The Services are currently offered under a freemium model. Free-tier users are entitled to generate a limited number of reports per assessment as indicated on the Service, subject to change at our discretion. We may at any time adjust the number of reports included in the free tier, including increasing or decreasing free report availability. Such changes will apply prospectively.

We may in the future introduce premium or paid service tiers offering enhanced features, additional reports, or unlimited usage. When premium tiers are introduced, the Terms will be updated to reflect applicable pricing, features, and payment obligations. Continued use of the Services after such updates constitutes acceptance of the revised Terms.

3. AI-Powered Features and Limitations

The Services use AI models (artificial intelligence) to generate reports and recommendations based on your input data. AI-generated content is provided for informational purposes only and does not constitute professional, legal, financial, or security advice.

AI outputs may be inaccurate, incomplete, or contextually inappropriate. We make no warranties regarding their accuracy or reliability.

You are solely responsible for reviewing AI-generated content and determining its suitability for your organisation. You must consult qualified professionals where appropriate.

4. Service Changes and Availability

We may modify, update, or discontinue any part of the Services at any time, including introducing new features or removing existing ones. Material changes that significantly affect your rights will be notified in advance where practicable.

The Services may occasionally be unavailable due to maintenance or circumstances beyond our control. We do not guarantee uninterrupted or error-free operation.

Continued use of the Services after changes take effect constitutes acceptance of the updated version. If you do not agree to the changes, you must stop using the Services and may delete your account.

3. User Accounts and Authentication

1. Account Creation

Users create accounts and log in via email-based magic link authentication. Each user must provide accurate and current information, including a valid email address and display name. Users may be invited by administrators or self-register where permitted. A user may not maintain multiple accounts without explicit permission.

2. Account Security

The user is responsible for maintaining the confidentiality of their account credentials. Users must immediately notify us of any unauthorised access or security breach. We are not liable for losses arising from unauthorised use of your account.

3. Account Termination

We reserve the right to suspend or terminate accounts that: violate these Terms; are involved in fraudulent or illegal activities; pose security risks to the Platform/Service or other users; remain inactive for extended periods (at our discretion). You may request account deletion by contacting support or through the Platform. Upon deletion, we will remove or anonymise personal data in accordance with our privacy policy and applicable legislation.

4. Data Security and Encryption

1. Encryption at Rest

All data on our Platform is encrypted at rest and in transit using industry-standard encryption protocols. For particularly sensitive data, we implement an additional layer of application-level encryption using AES-256-GCM, including: user assessment responses; generated reports and recommendations; personal information (such as names and email addresses). This dual encryption layer ensures that sensitive data remains protected by a separate encryption layer with independently managed keys, even if the underlying storage encryption were compromised.

2. Encryption Key Management

Encryption keys are managed using key versioning. Keys are stored securely and separately from encrypted data. Users do not have direct access to encryption keys.

3. Data in Transit

All data transmitted between users and the Platform is encrypted using TLS/SSL protocols.

4. Security Limitations

While we implement appropriate technical and organisational measures, no system can be guaranteed to be completely secure.

5. Security Incident Notification

In the event of a data breach affecting user data, we will: notify the Swedish Authority for Privacy Protection (IMY) within 72 hours of becoming aware of the breach, where required by law. We will report to IMY as the lead supervisory authority under GDPR for cross-border processing; notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms.

5. Privacy and Data Protection

Privacy Policy

Our Privacy Policy (available at https://www.cyberresilient.se/security-policy) explains how we collect, use, store, and protect personal data. By using the Services, you acknowledge and consent to the processing of your personal data as described in the Privacy Policy.

For users within the European Economic Area (EEA), we process personal data in compliance with GDPR. You have rights regarding your personal data, including the right to access, rectification, and erasure. For more information and to exercise your rights, please see our Privacy Policy or contact info@cyberdefencely.com.

Cookies and Tracking Technologies

We use essential cookies required for security, authentication, and basic functionality. With your explicit consent we may also use analytics and tracking cookies (Google Analytics, LinkedIn Insight Tag) to understand site usage and measure campaigns. You can manage your preferences at any time via the "Cookie Settings" link in the footer. For full details, see our Privacy Policy.

6. Intellectual Property Rights

1. Platform Ownership and Trademarks

All rights, titles, and interests in and to the Platform and Service, including but not limited to all software, designs, trademarks, logos, and proprietary algorithms, are and shall remain the exclusive property of CyberResilient AB, Navis Mater AB, and/or its licensors. CyberResilient's name, logo, and other marks are trademarks of CyberResilient AB. You may not use our trademarks without our prior written consent.

2. Limited User Licence

Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable licence to access and use the Services solely for your internal business purposes. No rights other than the limited licence expressly set out in this Section 6 are granted to you.

3. Restrictions

These restrictions apply in addition to the Acceptable Use Policy in Section 7. You may not, directly or indirectly:

  • copy, modify, reverse engineer, decompile, disassemble, or create derivative works from the Platform;
  • remove or alter copyright, trademark, or other proprietary notices;
  • use automated systems (such as bots, scrapers, or crawlers) to access the Services without permission;
  • resell, sublicense, distribute, or otherwise make the Services or any part of them available to third parties;
  • use the Platform for competitive analysis, benchmarking, or to develop competing products or Services;
  • disrupt or attempt to disrupt the integrity, performance, or security of the Services.

This list is not exhaustive. We reserve the right to suspend or terminate access for conduct that violates the spirit of these restrictions.

4. User Data and Generated Reports

You retain all ownership rights to the data you input into the Platform, including assessment responses and any other information you provide. By using the Services, you grant us a limited, worldwide, royalty-free licence to: process your input data to generate reports and deliver the Services; use anonymised and aggregated data derived from your inputs for product development, service improvement, and training of our AI models; store, process, transmit, and back up your data to the extent necessary to deliver the Services; retain anonymised data even after account deletion for analysis and service improvement.

Reports generated by the Platform based on your input data are provided solely for your internal business purposes. You may use the reports within your organisation for cybersecurity assessment and improvement purposes. You may not: use reports for purposes other than those expressly stated in these Terms; use reports to train competing AI models or Services; commercialise or resell reports or the underlying methodology; extract or reverse-engineer the Platform's algorithms or assessment frameworks from the reports.

We implement technical measures to anonymise user data before using it for product development or AI training. Anonymised data cannot reasonably identify you or your organisation. We may use aggregated, anonymised data to improve assessment frameworks, benchmark industry standards, and enhance AI model performance.

5. Feedback

If you provide suggestions, ideas, feedback, improvement proposals, or other input about the Services ("Feedback"), you hereby grant us a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, transferable, sublicensable licence to use, reproduce, modify, create derivative works from, distribute, and otherwise exploit Feedback for any purpose, including incorporating it into the Services or other products. You waive any moral rights or copyrights you may have in the Feedback. We have no obligation to: implement or use any Feedback; compensate you for Feedback; keep Feedback confidential (unless separately agreed in writing).

7. Acceptable Use Policy

1. Permitted Use

The Services may only be used for lawful, internal business purposes related to cybersecurity maturity assessment. This acceptable use policy applies to all access to the Platform and all outputs generated by the Services. It supplements the intellectual property restrictions in Section 6.

2. Prohibited Uses

You may not use the Services to:

  • engage in illegal activities or facilitate law violations;
  • conduct, attempt, or facilitate unauthorised security testing, scanning, or probing;
  • attempt to gain unauthorised access to accounts, systems, or data;
  • overload, disrupt, or impair the Platform's infrastructure, including denial-of-service (DoS) or similar attacks;
  • impersonate any person or entity, or misrepresent your affiliation;
  • upload, transmit, or distribute viruses, malware, or other harmful code;
  • use the Services in violation of applicable laws, regulations, or third-party rights.

3. Enforcement

Violations may result in immediate suspension or termination of the account, with or without prior notice, as well as potential legal action.

8. Fees, Payment, and Subscription

1. Current Model

Access to features is currently managed administratively.

2. Future Paid Services

We reserve the right to introduce paid subscription tiers or feature-based pricing in the future.

3. No Refunds

If paid services are introduced, fees are generally non-refundable, except where required by law or at our discretion.

9. Communications and Notifications

Email Communication

To provide the Services, we will send you necessary communications via email, including: transactional messages (account creation, password reset, assessment completion); service messages (report generation status, reminders); administrative messages (Terms updates, security alerts). Messages may be sent from any entity within the Internetworking Stockholm AB corporate group from the following email domains: @cyberresilient.se, @cyberdefencely.com, @navismater.com.

10. Third-Party Integrations and Links

1. External Links

The Platform may contain links to third-party websites or Services. We are not responsible for the content, privacy practices, or Terms of these external websites.

2. Third-Party Service Dependencies

The Services rely on third-party providers for certain functionality, including but not limited to:

  • cloud hosting and infrastructure;
  • AI and machine learning models;
  • email delivery services;
  • authentication services;
  • data storage and backup.

We select reputable providers but cannot control or guarantee their performance, availability, or security. We are not liable for:

  • failures, outages, or disruptions caused by third-party providers;
  • changes to third-party services or pricing affecting the Services;
  • security breaches or data incidents at third-party providers (beyond our reasonable control);
  • termination or discontinuation of third-party services.

We reserve the right to change third-party providers at any time without prior notice. In the event of third-party service disruptions, we will take reasonable steps to restore functionality or find alternative solutions.

11. Disclaimers and Limitations of Liability

The Services are provided "as is" and "as available" without warranties of any kind, whether express or implied, including accuracy, fitness for a particular purpose, or uninterrupted operation. We do not guarantee the Platform's security, availability, or the accuracy of AI-generated content. To the fullest extent permitted by law, we are not liable for indirect, consequential, or special damages, including loss of profits, data, business, or goodwill. Some jurisdictions do not allow the exclusion of implied warranties or limitation of liability for incidental or consequential damages. In such jurisdictions, our liability is limited to the fullest extent permitted by law.

12. Indemnification

You agree to indemnify, defend, and hold harmless CyberResilient AB, its subsidiaries, parent company, affiliated companies within the corporate group, officers, directors, employees, agents, and licensors from any claims, liabilities, damages, losses, costs, or expenses (including reasonable legal fees) arising from or in connection with:

  • your use or misuse of the Services;
  • breach of these Terms;
  • infringement of third-party rights;
  • your use of AI-generated reports or recommendations as a basis for security decisions without independent verification or professional advice;
  • your reliance on the Services as the sole basis for cybersecurity measures or compliance decisions;
  • third-party claims alleging that your use of the Services or data you provided infringes their rights;
  • security incidents or data breaches at your organisation that you claim resulted from inadequate recommendations from the Services;
  • your failure to implement appropriate security measures based on your own risk assessment, regardless of Platform recommendations;
  • inaccurate or misleading information you provided in assessments, resulting in incorrect or inappropriate recommendations.

You acknowledge that the Services constitute a self-assessment tool and do not replace professional cybersecurity advice, penetration testing, or independent security audits. Implementation of security measures based on the Services' results is at your own risk and discretion.

13. Termination

1. User Termination

You may terminate your account at any time using the account deletion feature. Upon termination, your access to the Services will cease immediately and your data will be handled in accordance with Section 13.4 below.

2. Termination by Us for Cause

We may immediately suspend or terminate your access if you: breach these Terms; pose a security risk to the Platform or other users; fail to pay fees (if applicable in the future); provide false or misleading information; use the Services in a manner that could damage our reputation or business.

3. Termination by Us without Cause

We reserve the right to terminate your account and access to the Services at any time, for any reason or no reason, with 30 days' written notice to your registered email address. This may include situations where we: discontinue the Services or specific features; change our business model or target market; determine that continuing the relationship is not commercially viable; are required to do so by law or regulatory requirements. Upon termination without cause, we will provide you reasonable assistance to export your data before the termination date.

4. Effect of Termination

Upon termination of your account (whether by you or by us):

Access and Licence: your right to access and use the Services ceases immediately; all licences granted under these Terms terminate.

Data Handling: you have 30 days from the termination date to export data made available to you via the Platform (unless termination was due to a serious breach of these Terms); after 30 days, your personal data and assessment responses will be permanently deleted or anonymised; data in encrypted backups may be retained for up to 30 days for disaster recovery purposes, after which it will be permanently deleted; we may retain anonymised, aggregated data that cannot identify you or your organisation for analytics and service improvement purposes; we may retain certain data as required by law, including for accounting, tax, or legislative purposes (typically 7 years under Swedish law).

Surviving Obligations: you remain responsible for any fees or costs incurred before termination (if applicable); any outstanding payment obligations survive termination; we are not obligated to refund prepaid fees (except where required by law).

14. Dispute Resolution

1. Governing Law

These Terms are governed by and shall be construed in accordance with Swedish law, without regard to conflict of law principles.

2. Jurisdiction

Any disputes arising in connection with these Terms or the use of the Services shall be finally resolved by Swedish courts, with Stockholm District Court as the court of first instance.

3. Informal Resolution

Before initiating formal proceedings, the parties agree to attempt informal resolution by contacting info@cyberdefencely.com.

15. Export Controls and Sanctions

1. Compliance

Users must comply with all applicable export control laws and economic sanctions, including those applicable within the European Union and Sweden.

2. Prohibited Jurisdictions

The Services may not be used in jurisdictions subject to comprehensive sanctions or export restrictions.

16. Accessibility

We strive to make our Services accessible to users with disabilities. If you encounter accessibility barriers, please contact us at info@cyberdefencely.com.

17. Miscellaneous

1. Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and CyberResilient regarding the Services.

2. Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.

3. No Waiver

Our failure to enforce any right or provision does not constitute a waiver of that right.

4. Assignment

You may not assign or transfer these Terms or your rights and obligations hereunder without our prior written consent. We may assign our rights and obligations without restriction.

5. Force Majeure

We are not liable for delays or failures caused by events beyond our reasonable control, including but not limited to natural disasters, war, terrorist attacks, pandemics, strikes, government actions, or third-party infrastructure failures. In such cases, our obligations will be suspended for the duration of the force majeure event. If the event lasts more than 30 days, either party may terminate the agreement without liability.

18. Contact Information

For questions, concerns, or requests regarding these Terms, please contact:

Cyber Defencely Sweden AB

Email: info@cyberdefencely.com

Website: www.cyberdefencely.com

1
Details
2
Verify
3
Org.
4
Welcome

Create a free account

Provide your email and choose a password.

OR

By continuing you agree to our Terms of Service and Privacy Policy.

Verify your email

We sent a 6-digit code to your email.

Didn't receive it?

About your organisation

Help us tailor your experience.

What industry are you in?

Company size

You're all set!

Your free account is ready. You have 2 free maturity assessments waiting for you — no credit card required.

Account created
2 free assessments activated
AI-powered recommendations included
Go to your dashboard
plan
1
Account
2
Verify
3
Org.
4
Billing
5
Payment

Create your account

Provide your email and choose a password.

OR

By continuing you agree to our Terms of Service and Privacy Policy.

Verify your email

We sent a 6-digit code to your email.

Didn't receive it?

About your organisation

Help us tailor your experience.

What industry are you in?

Company size

Choose your billing

Save 20% with an annual subscription.

Total today

Payment details

Your card will be charged .

Secured by Stripe. We never store your card details.

You're all set!

Your Pro subscription is now active.

Subscription activated
Unlimited maturity assessments
AI-powered recommendations included
Go to your dashboard