Legal
Terms of Use
Last updated: May 29, 2026
These Terms of Use explain the rules that apply when you access or use the Cyvalent websites, online content, contact forms, demo-request flows, waitlist registrations and, where made available to you, the Cyvalent RGX platform or related online services. Please read these Terms carefully. By accessing or using the website or any service covered by these Terms, you agree to these Terms. If you do not agree, you must not use the website or the relevant service.
1. Who we are
The website and related online services are operated by Cyvalent S.à r.l., a Luxembourg private limited liability company / société à responsabilité limitée.
For full company, registration, management, contact and publication information, please see our Legal Notice: [Legal Notice link to be inserted].
For legal questions about these Terms, you may contact us at: [legal contact email to be confirmed, e.g. legal@cyvalent.lu].
2. Scope of these Terms
These Terms apply to your access to and use of:
- the Cyvalent websites operated under the domains www.cyvalent.lu and www.cyvalent.com;
- website content, documentation, articles, landing pages, forms and online materials;
- contact forms, demo requests, waitlist registrations and similar online interactions;
- any newsletter or marketing sign-up functionality, where made available;
- any Cyvalent RGX platform access, beta access, pilot access, trial access or demo environment that Cyvalent makes available to you and that refers to these Terms;
- related online support, communication or account functionality, where provided.
Waitlist-only platform
The Cyvalent RGX platform is currently presented on a waitlist-only basis. Access to paid software, consulting, advisory, implementation, support or customer services may be subject to separate agreements.
3. Relationship with customer agreements
These Terms are general website and online-use terms. They do not replace any written agreement separately entered into between Cyvalent and a customer.
Separate terms may apply to, for example:
- SaaS subscriptions;
- order forms;
- master services agreements;
- consulting agreements;
- statements of work;
- pilot, beta or trial terms;
- service level agreements;
- support terms;
- security appendices;
- data processing agreements;
- subprocessor terms;
- responsible disclosure or vulnerability testing rules.
Conflict resolution
If a separate written agreement applies and conflicts with these Terms, the separate written agreement will prevail for the relevant service, unless it states otherwise.
4. B2B use and authority
Cyvalent's website, platform and services are intended for business and professional use.
By using the website or services on behalf of an organisation, you confirm that:
- you are at least 18 years old;
- you are acting in a professional or business context;
- you are authorised to act for the organisation you represent;
- the information you provide to Cyvalent is accurate, complete and kept up to date;
- you will use the website and services only in accordance with applicable law and these Terms.
Consumer use
The website and services are not directed to individual consumers for private, household or non-professional use. If Cyvalent later offers services to consumers, additional consumer-facing information and terms may apply.
5. Waitlist, demo, beta and pilot access
Submitting a demo request, contact form, waitlist registration or similar request does not guarantee access to Cyvalent RGX, any product feature, any particular timeline, pricing, subscription plan or service availability.
Cyvalent may accept, reject, prioritise, postpone or close waitlist, demo, beta or pilot access at its discretion, subject to any separate written agreement.
Beta, pilot or trial features may be incomplete, experimental, limited in availability, changed, suspended or withdrawn. They should not be used as the sole basis for critical business, legal, regulatory, audit, certification, security or compliance decisions unless Cyvalent has expressly agreed otherwise in writing.
6. Accounts and authorised users
Where account access is made available, you are responsible for:
- keeping account credentials confidential and secure;
- ensuring that each account is used only by the assigned authorised user;
- preventing unauthorised access to your account or organisation workspace;
- promptly notifying Cyvalent if you become aware of unauthorised access, credential compromise or misuse;
- all activities carried out through your account or by users you invite or authorise.
Prohibited sharing
You must not share individual login credentials, allow unauthorised users to access the platform, resell access, or make the service available to another legal entity unless expressly permitted by Cyvalent in writing.
7. Acceptable use
You must use the website, platform and services only for lawful, professional and authorised purposes.
You must not, and must not allow anyone else to:
- use the website or services in violation of applicable law or regulation;
- misuse, disrupt, overload, damage or interfere with the website, platform, systems, networks or infrastructure of Cyvalent or any third party;
- attempt to gain unauthorised access to accounts, systems, networks, data, APIs, administrative interfaces or non-public areas;
- bypass, disable, probe, evade or interfere with authentication, authorisation, rate limits, monitoring, logging or security controls;
- introduce, upload, transmit or facilitate malware, ransomware, spyware, malicious code, exploits, phishing, credential theft, spam or harmful content;
- scrape, crawl, harvest, mine, copy or extract website, platform or database content except as expressly permitted by Cyvalent or by applicable law;
- reverse engineer, decompile, disassemble, benchmark, reconstruct or attempt to derive source code, models, prompts, detection logic, rule sets, workflows, system architecture or non-public functionality, except to the extent such restriction cannot lawfully apply;
- use the services to build, train or improve a competing product or service without Cyvalent's prior written permission;
- remove proprietary notices, trademarks, copyright notices or other rights notices;
- upload or transmit content that is unlawful, infringing, defamatory, misleading, discriminatory, abusive, harmful or violates third-party rights;
- impersonate another person or organisation, misrepresent your identity or submit false information;
- use the services in a way that could harm Cyvalent, its customers, users, partners or third parties.
8. Cybersecurity-specific restrictions
Because Cyvalent operates in the cybersecurity and GRC domain, additional restrictions apply.
Unless Cyvalent has given prior written authorisation, you must not:
- conduct penetration testing, vulnerability scanning, red-team testing, load testing, denial-of-service testing or similar testing against Cyvalent systems;
- use the website, platform, outputs or functionality to scan, probe, attack, monitor, exploit or test third-party systems, networks, applications, accounts or data that you do not own or are not expressly authorised to assess;
- use Cyvalent outputs, recommendations, scripts, workflows, reports or platform capabilities to facilitate unauthorised access, evasion, exploitation, malware development or offensive activity;
- attempt to infer, reconstruct, bypass or evade Cyvalent security controls, detection logic, AI prompts, models, workflows, rule sets or proprietary methodologies.
Responsible disclosure
If you believe you have found a security vulnerability in Cyvalent systems, please report it responsibly to: [responsible disclosure / security contact to be inserted, e.g. security@cyvalent.lu].
9. Customer content and submissions
Where you submit information to Cyvalent through the website, contact forms, demo requests, waitlist registrations, support channels or the Cyvalent RGX platform, you remain responsible for that information.
"Customer Content" means data, files, text, documents, prompts, evidence, security information, risk information, compliance information, governance information, technical information, logs, configuration information or other materials that you or your organisation submit, upload, connect, provide or generate through the services.
As between you and Cyvalent, you retain ownership of your Customer Content.
You grant Cyvalent a limited, non-exclusive, worldwide right to host, store, copy, transmit, process, analyse, display and otherwise use Customer Content only as reasonably necessary to:
- operate, provide, secure and support the website and services;
- respond to your requests;
- provide demos, onboarding, beta, pilot, SaaS, consulting or support services;
- detect, prevent and investigate misuse, abuse, security incidents or unlawful activity;
- comply with applicable law and enforce these Terms or applicable customer agreements.
Your responsibility for Customer Content
You are responsible for ensuring that you have all rights, permissions, authorisations and legal bases required to provide Customer Content to Cyvalent and to permit Cyvalent to process it for the relevant service.
Sensitive information
You should not submit confidential, sensitive, regulated, personal or security-critical information unless the relevant service, contract and data-protection arrangements are appropriate for that information.
10. Personal data, privacy and cookies
Cyvalent processes personal data as described in its Privacy Policy / Privacy Notice: [Privacy Policy link to be inserted].
Where Cyvalent processes personal data on behalf of a customer as part of a SaaS, pilot, beta, consulting or other customer service, a separate Data Processing Agreement or data-processing clause may be required.
Information about cookies and similar technologies is provided in the Cookie Notice: [Cookie Notice link to be inserted].
11. Confidentiality
The website may include public information about Cyvalent's services. Information made publicly available on the website is not confidential.
If you provide non-public business, technical, security, risk, compliance or governance information to Cyvalent, Cyvalent will handle it with reasonable care and in accordance with the applicable agreement, privacy documentation and security arrangements.
Detailed confidentiality obligations for SaaS subscriptions, consulting engagements, beta or pilot programmes should be set out in the applicable customer agreement, statement of work, beta terms, DPA or other written agreement.
12. Intellectual property
Cyvalent and its licensors retain all rights, title and interest in and to the website, Cyvalent RGX platform, software, source code, object code, interfaces, designs, databases, workflows, documentation, graphics, logos, names, trademarks, service marks, AI prompts, models, algorithms, rule sets, control mappings, templates, methods, know-how and other materials made available by or on behalf of Cyvalent.
Except as expressly permitted by these Terms or a separate written agreement, you may not copy, reproduce, modify, adapt, translate, distribute, publish, resell, sublicense, make available, reverse engineer or create derivative works from Cyvalent content, software or services.
Cyvalent grants you a limited, revocable, non-exclusive, non-transferable right to access and use the website and any service made available to you solely for your internal business purposes and in accordance with these Terms and any applicable agreement.
No rights are transferred to you except as expressly stated.
13. Feedback
If you provide suggestions, ideas, improvement requests, bug reports or other feedback, Cyvalent may use that feedback to improve its website, platform, services and business without obligation to compensate you.
Cyvalent will not intentionally identify you publicly as the source of feedback without your permission, unless required by law or agreed otherwise.
14. AI-supported features
Cyvalent RGX may include or later include AI-supported functionality, such as analysis, drafting, summarisation, mapping, recommendations, workflow support, risk or control suggestions, evidence support, compliance support or similar assistance.
AI-supported features are intended to assist professional users. They do not replace human expertise, professional judgment, legal review, audit review, compliance assessment, management decision-making or customer validation.
AI outputs may be incomplete, inaccurate, outdated, biased, inconsistent or unsuitable for your specific circumstances. You are responsible for reviewing, validating and deciding whether and how to rely on any AI-supported output.
Unless expressly agreed in writing, Cyvalent does not warrant or represent that AI outputs or platform outputs are:
- legally correct;
- complete or error-free;
- sufficient for regulatory compliance;
- audit-ready;
- regulator-approved;
- certification-ready;
- suitable for any specific legal, audit, risk, compliance or security decision;
- sufficient to eliminate security, operational, legal, regulatory or compliance risk.
Automated decisions
You must not use AI-supported features or outputs for unlawful purposes or for automated decisions that produce legal or similarly significant effects on individuals unless a separate written agreement and appropriate legal, data-protection and AI-governance assessment are in place.
15. Cybersecurity, GRC and compliance outputs
Cyvalent may provide information, tools, workflows, templates, recommendations, reports or consulting support relating to cybersecurity, cyber governance, risk management, compliance, controls, evidence, policies, third-party risk, security operations or regulatory frameworks.
Unless expressly agreed in writing, such outputs are provided as professional support and business information only. They do not constitute legal advice, regulatory advice, audit opinion, certification, assurance opinion, financial advice or regulator-approved guidance.
You remain responsible for:
- your own security programme;
- your own compliance obligations;
- the accuracy and completeness of information you provide;
- management decisions;
- implementation of controls;
- validation of outputs;
- engagement of qualified legal, audit, certification or regulatory advisers where needed.
No guarantee of compliance
Cyvalent does not guarantee that use of its website, platform or services will result in full compliance, certification, audit success, regulator acceptance, risk elimination, incident prevention or a secure environment.
16. Third-party services, integrations and links
The website or services may refer to, integrate with or link to third-party websites, tools, platforms, providers, standards, frameworks, content or services.
Cyvalent is not responsible for third-party websites, services, content, terms, availability, security or privacy practices. Your use of third-party services may be subject to separate terms between you and the relevant third-party provider.
Where integrations or third-party providers are used as part of a customer service, further details may be set out in the applicable customer agreement, DPA, subprocessor list, security documentation or order form.
17. Availability, changes and roadmap
Cyvalent aims to provide accurate and useful website and service information, but the website and any online services are provided on an "as available" basis.
Cyvalent may update, change, suspend, discontinue or restrict access to the website, content, demos, waitlists, beta features, pilot features, platform features or services at any time, subject to any separate written agreement.
Public statements about planned features, roadmaps, timelines, prices or availability are informational only and do not create a binding commitment unless expressly agreed in a written contract signed or accepted by Cyvalent.
18. Suspension and termination
Cyvalent may suspend or restrict your access to the website, platform or services if Cyvalent reasonably believes that:
- you have breached these Terms or another applicable agreement;
- your use creates a security, legal, regulatory, operational or reputational risk;
- your account or credentials have been compromised;
- suspension is necessary to protect Cyvalent, its customers, users, systems or third parties;
- suspension is required by law or by a competent authority;
- you misuse a waitlist, demo, beta, pilot or account feature.
Notice
Where reasonably possible and appropriate, Cyvalent will try to notify you and give you an opportunity to remedy the issue. Cyvalent may act without prior notice where necessary for security, legal, operational or risk reasons.
19. Disclaimers
To the maximum extent permitted by applicable law, the website, content and services covered by these Terms are provided on an "as is" and "as available" basis.
Cyvalent does not warrant that:
- the website or services will be uninterrupted, error-free, secure or always available;
- all content will be accurate, complete, current or suitable for your purposes;
- defects will be corrected within a particular time;
- the website or services will meet your requirements;
- outputs will be free from errors, omissions or vulnerabilities.
Mandatory liability
Nothing in these Terms excludes or limits any liability that cannot be excluded or limited under applicable law.
20. Limitation of liability
To the maximum extent permitted by applicable law, Cyvalent will not be liable under these Terms for indirect, incidental, special, punitive or consequential damages, loss of profit, loss of revenue, loss of business opportunity, loss of goodwill, loss of anticipated savings, business interruption or loss of data, whether based on contract, tort, negligence or any other legal theory.
Where a separate written customer agreement applies, liability will be governed by that agreement.
Where no separate written customer agreement applies, Cyvalent's liability under these Terms is limited to direct and foreseeable loss caused by Cyvalent's breach of these Terms, subject always to any mandatory liability that cannot lawfully be excluded or limited.
Nothing in these Terms limits liability for fraud, wilful misconduct, or any other liability that cannot be excluded or limited under applicable law.
21. Your responsibility for misuse and third-party claims
You are responsible for your use of the website and services, your Customer Content, your accounts, and the actions of users you authorise.
To the extent permitted by applicable law, you agree to hold Cyvalent harmless from third-party claims, losses, damages, costs or expenses arising from:
- your breach of these Terms;
- your unlawful use or misuse of the website or services;
- Customer Content you provide;
- your unauthorised security testing, scanning, probing or activity against Cyvalent or third-party systems;
- your infringement or alleged infringement of third-party rights.
22. Changes to these Terms
Cyvalent may update these Terms from time to time, for example to reflect changes in services, website functionality, legal requirements, business operations or security practices.
The updated version will be indicated by the "Last updated" date above. Continued use of the website or relevant services after the updated Terms are posted means that you accept the updated Terms.
For material changes affecting paid customers, the applicable customer agreement may provide additional notice or change-management rules.
23. Governing law and jurisdiction
These Terms and any non-contractual obligations arising out of or in connection with them are governed by the laws of the Grand Duchy of Luxembourg, without prejudice to any mandatory laws that may apply.
Subject to any mandatory jurisdiction rules and any separate written agreement, the competent courts of Luxembourg City, Grand Duchy of Luxembourg, shall have jurisdiction over disputes arising out of or in connection with these Terms.
24. Contact
For questions about these Terms, contact:
- Company
- Cyvalent S.à r.l.
- Address
- 2, rue Jean Engling L-1466 Luxembourg Grand Duchy of Luxembourg
- [legal contact email to be confirmed, e.g. legal@cyvalent.lu]
- Main contact
- contact@cyvalent.lu
- Phone
- +352 691 898 941
- Contact form
- [Contact form link to be inserted]