CyStack logo
  • Products & Services
  • Solutions
  • Pricing
  • Company
  • Resources
En

en

    Last updated: 03/24/2026

    These Terms of Service ("Terms") constitute a legal agreement between you ("Customer," "you") and Vietnam CyStack JSC ("CyStack," "we," "us," or "our"), governing your access to and use of CyStack's websites, platforms, products, and services (collectively, the "Services").

    Please read these Terms carefully before using the Services. By creating an account, accessing, or using the Services, you agree to be bound by these Terms. If you do not agree, please do not use the Services.

    1. Definitions

    • "Services" includes all SaaS products (Locker, CyStack Endpoint, WhiteHub, VulnScan, Data Leak Detection), the CyStack Platform (cystack.net), and Professional Services (penetration testing, red teaming, security assessments, SOC, DFIR, training).
    • "Customer Data" means all data, content, and information that you or your Authorized Users input, upload, or generate through the Services.
    • "Authorized Users" means individuals you permit to access and use the Services under your account.
    • "Documentation" means user guides, technical documentation, and policies provided by CyStack, as updated from time to time.
    • "Professional Services" means consulting, testing, and assessment services delivered under a separate Statement of Work (SOW).

    2. Eligibility and Authority

    2.1. If you register on behalf of an organization, you represent and warrant that you have full legal authority to bind that organization to these Terms. In that case, "you" refers to the organization you represent.

    2.2. You may not use the Services if the laws of your jurisdiction prohibit you from doing so.

    2.3. The Services are not intended for individuals under 16 years of age. By using the Services, you confirm that you are at least 16 years old.

    3. Accounts

    3.1. Registration: You must provide accurate, complete, and current information when creating an account. You are responsible for maintaining the accuracy of your account information.

    3.2. Account security: You are responsible for safeguarding your password and credentials, and for all activities that occur under your account. You must notify CyStack immediately upon discovering any unauthorized access.

    3.3. Access: You may only access the Services through the interfaces and APIs provided by CyStack, unless otherwise agreed in writing. You must not attempt to gain unauthorized access to any systems, networks, or other accounts.

    4. Scope of Services and Acceptable Use

    4.1 SaaS Products

    CyStack grants you a non-exclusive, non-transferable, revocable right to access and use the SaaS products you have subscribed to for the duration of your subscription, subject to the feature, capacity, and user limits specified in your plan.

    4.2 Professional Services

    Professional Services are delivered under a separate SOW. Where a specific provision of the SOW directly conflicts with these Terms and both cannot be simultaneously complied with, the SOW prevails for that specific matter only. All other provisions of these Terms remain in effect.

    The authorized scope of all security testing activities (including penetration testing and red teaming) must be expressly defined in the SOW. CyStack is not liable for damages resulting from an inaccurately or incompletely defined scope in the SOW.

    4.3 Prohibited Uses

    You agree not to use the Services to:

    • Violate applicable laws or the rights of any third party.
    • Transmit, store, or distribute malware, viruses, or harmful content.
    • Interfere with, disrupt, or degrade the operation of the Services, servers, or connected networks.
    • Reverse engineer, decompile, or copy the source code of the Services.
    • Access other users' accounts, data, or systems without authorization.
    • Resell, sublicense, or redistribute the Services to third parties without CyStack's written consent.
    • Use the Services to perform security testing on systems you do not own or are not legally authorized to test.

    5. Fees and Payment

    5.1 Plans and Pricing

    CyStack offers Services under plans with features and pricing published at cystack.net/pricing, or under custom quotes for enterprise customers. Certain features may be available free of charge within specified limits.

    5.2 Billing Cycle

    SaaS fees are billed in advance on a monthly or annual cycle depending on your selected plan, unless otherwise agreed.

    5.3 Auto-Renewal

    Unless you cancel before the end of the current billing cycle, your subscription will automatically renew for the same cycle at the then-current price. CyStack will send renewal notice **at least 30 days in advance** for annual plans and **at least 7 days in advance** for monthly plans, via your registered email.

    5.4 Price Changes

    CyStack may adjust pricing. New prices will apply to the next billing cycle and will be communicated at least 30 days in advance. If you do not agree with the new pricing, you may cancel the Services before the new cycle begins.

    5.5 Taxes

    Fees are exclusive of value-added tax (VAT) and other applicable taxes unless otherwise stated. You are responsible for paying all taxes due under applicable law.

    5.6 Professional Services

    Fees for Professional Services are specified in the applicable SOW or service agreement, including scope, timeline, and payment terms.

    6. Cancellation and Refunds

    6.1 Cancellation by Customer

    You may cancel your SaaS subscription at any time through your account dashboard. Cancellation takes effect at the end of the current billing cycle. You retain access to the Services until the end of the paid period.

    6.2 Refunds

    Fees paid are non-refundable, except in the following cases:

    • CyStack fails to deliver the Services as committed for a continuous period exceeding the applicable SLA (if any).
    • Applicable law requires a refund.
    • CyStack elects to issue a refund at its sole discretion in exceptional circumstances.

    6.3 Termination by CyStack

    CyStack may suspend or terminate your access to the Services if:

    • You breach these Terms and fail to cure within 15 days of written notice.
    • You fail to pay fees due within 30 days of the due date.
    • Applicable law requires CyStack to cease providing the Services to you.
    • Continued provision creates a serious security risk or impacts other users.

    7. Customer Data

    7.1 Ownership

    You own all Customer Data. CyStack claims no ownership rights over Customer Data. Nothing in these Terms transfers ownership of your data to CyStack.

    7.2 Limited License

    You grant CyStack the right to access, process, and store Customer Data to the extent necessary to provide, maintain, and improve the Services. This license terminates automatically upon expiration or termination of the service agreement, subject to the retention terms in the Privacy Policy.

    7.3 Data Export

    During your use of the Services and for 30 days after termination, you may request export of your Customer Data in a standard format. After this 30-day period, CyStack may delete Customer Data in accordance with the Privacy Policy.

    7.4 Data Protection

    CyStack processes personal data in accordance with the Privacy Policy and applicable data protection laws, including Vietnam's Law on Personal Data Protection (Law No. 91/2025/QH15), Decree 356/2025/NĐ-CP, and the GDPR for users in the EEA.

    8. Intellectual Property

    8.1 CyStack's Rights

    CyStack owns all intellectual property rights in the Services, including software, interfaces, algorithms, documentation, designs, trademarks, logos, and domain names. Nothing in these Terms transfers any of CyStack's intellectual property rights to you, other than the limited right of use granted in Section 4.

    8.2 Restrictions

    You may not copy, modify, reverse engineer, decompile, create derivative works from, or use CyStack's trademarks, logos, or domain names without prior written consent.

    8.3 Customer Reference

    For organizational customers, you agree that CyStack may use your company name and logo in customer lists, marketing materials, and public communications solely to identify you as a CyStack customer. You may revoke this consent at any time by written notice to CyStack.

    9. Service Availability and Updates

    9.1 Availability

    CyStack endeavors to maintain continuous Service availability but does not guarantee uninterrupted operation. Scheduled maintenance will be communicated at least 24 hours in advance via email or in-product notification, except for emergency maintenance to address security incidents.

    9.2 Updates

    CyStack may update, upgrade, or modify the Services to improve functionality, performance, and security. Updates may be applied automatically. If an update materially affects functionality or compatibility, CyStack will provide at least 7 days' advance notice.

    9.3 Discontinuation

    If CyStack decides to discontinue a product or feature, CyStack will provide at least 90 days' notice and assist you with data export or transition.

    10. Product-Specific Terms

    10.1 Locker Password Manager

    • Locker uses end-to-end encryption with a zero-knowledge architecture. CyStack cannot access your Master Password or vault data in decrypted form.
    • You are responsible for safeguarding your Master Password. If lost, CyStack cannot recover your vault data.
    • You may not use Locker to store content that violates applicable law.

    10.2 CyStack Endpoint

    • CyStack Endpoint collects device-level data necessary for endpoint protection and DLP functions, within the scope configured by your organization's administrator.
    • Organizations deploying CyStack Endpoint are responsible for ensuring compliance with labor laws and privacy regulations in their jurisdiction, including employee notification where required.

    10.3 WhiteHub

    • Organizations participating in Bug Bounty programs on WhiteHub are responsible for defining program scope, reward policies, and report responses.
    • Security researchers using WhiteHub must comply with the code of conduct and Responsible Disclosure policies of each program.
    • CyStack operates as an intermediary platform and is not responsible for the content of vulnerability reports or organizations' reward decisions.

    10.4 VulnScan & Data Leak Detection

    • You may only use VulnScan to scan assets you own or are legally authorized to test.
    • Scan results are provided "as-is." CyStack does not guarantee detection of all vulnerabilities or security risks.

    11. Limitation of Liability

    11.1 Disclaimer

    The Services are provided “as is” and “as available.” CyStack disclaims all warranties, express or implied, including fitness for a particular purpose, non-infringement, and uninterrupted or error-free operation. Use is at your own risk.

    11.2 Liability Cap

    To the maximum extent permitted by law, CyStack’s total liability shall not exceed the fees paid by you for the Services in the 12 months prior to the claim. For free or trial use, CyStack has no liability except as required by law.

    11.3 Excluded Damages

    CyStack is not liable for any indirect, incidental, consequential, or punitive damages, including loss of profits, data, or business opportunities, even if advised of such risks.

    11.4 Exceptions

    Nothing excludes liability where prohibited by law, or for willful misconduct, gross negligence, or material breach of data protection obligations.

    12. Indemnification

    You agree to indemnify, defend, and hold harmless CyStack, its directors, employees, and agents from any claims, losses, liabilities, or costs (including reasonable attorney's fees) arising from:

    • Your breach of these Terms.
    • Your use of the Services in violation of applicable law or third-party rights.
    • Content or data you provide through the Services.

    13. Force Majeure

    CyStack is not liable for failure or delay caused by events beyond its reasonable control, including acts of God, natural disasters, pandemics, war, government actions, infrastructure failures, or large-scale cyberattacks affecting third-party systems on which CyStack relies.

    In such events: (a) CyStack will use commercially reasonable efforts to resume performance; (b) affected obligations are suspended for the duration of the event; and (c) if the event is prolonged, either party may terminate the affected Services by written notice without liability, except for obligations accrued prior to termination.

    14. Third-Party Links

    The Services may contain links to third-party websites, services, or resources. CyStack does not control and is not responsible for the content, privacy policies, or practices of any third party. Your access to third-party links is at your own discretion and risk.

    15. Changes to Terms

    CyStack may modify these Terms. When material changes are made, CyStack will:

    • Update the "Last updated" date at the top of this page.
    • Notify you via email or in-product notification at least 30 days before the changes take effect.

    Your continued use of the Services after the effective date constitutes acceptance of the updated Terms.

    16. Governing Law and Dispute Resolution

    16.1 Governing Law

    These Terms are governed by and construed in accordance with the laws of Vietnam.

    16.2 Dispute Resolution

    Any dispute arising from or related to these Terms shall first be resolved through good-faith negotiation between the parties within 30 days. If negotiation fails, the dispute shall be submitted to the competent courts in Hanoi, Vietnam.

    16.3 Language

    If CyStack provides a translation of these Terms, the Vietnamese version shall prevail in the event of any conflict.

    17. General Provisions

    17.1. Entire Agreement: These Terms, together with the Privacy Policy, Security page, and applicable SOWs, constitute the entire agreement between you and CyStack regarding the Services, superseding all prior agreements.

    17.2. Severability: Invalid provisions shall be modified minimally to be enforceable, or severed if not possible. The remaining provisions shall remain in full force and effect.

    17.3. No Waiver: CyStack's failure to exercise or delay in exercising any right under these Terms does not constitute a waiver of that right.

    17.4. Assignment: You may not assign your rights or obligations under these Terms to any third party without CyStack's prior written consent. CyStack may assign these Terms in connection with a merger, acquisition, or asset sale.

    17.5. Relationship of Parties: Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship between you and CyStack.

    17.6. Survival: Sections on Customer Data (Section 7), Intellectual Property (Section 8), Limitation of Liability (Section 11), Indemnification (Section 12), and Governing Law (Section 16) shall survive termination of these Terms.

    18. Contact

    For questions about these Terms, please contact:

    Vietnam CyStack JSC 

    Email: contact@cystack.net 

    Address: Tan Hong Ha Complex, 317 Truong Chinh, Hanoi, Vietnam Phone: (+84) 247 109 9656