Terms of Service.

These Terms of Service ("Terms") govern professional services delivered by Centuric LLC ("Centuric," "we," "us") under the MyCyberHub.ai brand, including managed compliance programs, GRC platform administration, multi-framework compliance management (SOC 2, HIPAA, PCI-DSS, ISO 27001, advanced NIST CSF), vCISO advisory, audit preparation and coordination, and related services (collectively, the "Services"). By engaging Centuric, signing a Statement of Work or Service Agreement, or otherwise authorizing work, you ("Client") agree to these Terms.

1. The Services

Centuric delivers the following categories of professional services through the MyCyberHub.ai practice:

• Readiness Assessment — scoping, gap analysis against NIST SP 800-171, a written remediation roadmap, and an executive readout
• Remediation & Build — design and deployment of GCC or GCC High enclaves, control implementation, System Security Plan (SSP) and Plan of Action & Milestones (POAM) authoring, and pre-assessment readiness
• Managed Compliance — continuous control monitoring, automated evidence collection, drift detection, quarterly internal reviews, and re-attestation preparation
• Advisory — vCISO advisory, risk register management, board-level security and compliance reporting, vendor risk management, and tabletop exercises

Specific deliverables, schedules, and acceptance criteria for any engagement are set out in a Statement of Work ("SOW") executed by both parties. Where these Terms conflict with an executed SOW or Master Services Agreement, the executed document controls.

2. Client Responsibilities

Centuric's ability to deliver the Services depends on Client cooperation. You agree to:

• Provide timely access to systems, documentation, personnel, and decision-makers necessary to perform the Services
• Designate a Client Point of Contact with authority to approve scope, schedule, and acceptance of deliverables
• Provide accurate information about your environment, including device inventory, user counts, existing IT vendors, current applications, and any contractual or regulatory obligations affecting how IT services may be delivered
• Make business and procurement decisions in a timely manner where those decisions affect the engagement schedule
• Maintain accurate inventories of systems, users, and data flows in scope for the assessment boundary

Delays attributable to Client may shift the schedule and, where they materially extend an engagement, may result in change orders.

3. Acceptable Use

You agree not to use the Services or any Centuric deliverable to:

• Misrepresent your security posture or our recommendations to any third party
• Submit false statements to SPRS or any other government repository
• Circumvent applicable laws, including ITAR, EAR, the Foreign Corrupt Practices Act, or applicable sanctions and export controls
• Conduct, plan, or facilitate fraud, unauthorized access, or other unlawful activity
• Resell, repackage, or sublicense Centuric work product except as expressly permitted in writing

Centuric may suspend or terminate an engagement immediately and without refund if we reasonably believe you have violated this section. We may disclose related information to law enforcement or regulators where required by law.

4. Client Data Handling

In the course of the Services we receive and process Client information, which may include user directories, device inventories, network diagrams, application data, and business records. We agree to:

• Apply commercially reasonable administrative, technical, and physical safeguards including encryption in transit and at rest, role-based access, multi-factor authentication, audit logging, and incident response
• Restrict access to Client information to Centuric personnel with a documented need to know and, where ITAR or contract clauses require, restrict access to U.S. persons
• Use Client information only for the purpose of delivering the Services or as required by law
• Return or destroy Client information at the end of an engagement upon Client request, subject to legal retention obligations and our right to retain work product reflecting our methodology

Where Client engages Centuric to administer a GCC High or other Microsoft enclave, administrative actions are performed by U.S.-citizen Centuric personnel, and the enclave is operated within the U.S. data residency boundary required by the underlying Microsoft offering.

5. Subcontractors

Centuric may engage subcontractors to support delivery, including licensed software providers and regional dispatch partners for onsite work outside Florida. Where applicable, subcontractors are bound by written confidentiality and security obligations no less protective than those in these Terms. Centuric remains responsible for the performance of its subcontractors.

6. Intellectual Property

Centuric retains all right, title, and interest in our methodologies, templates, tools, frameworks, training materials, and any pre-existing intellectual property used or developed independently of any engagement. Upon Client's payment in full for an engagement, Client receives a non-exclusive, perpetual, royalty-free license to use the deliverables produced under that engagement for Client's internal business purposes.

Client retains all right, title, and interest in Client information, configurations specific to Client environments, and Client-authored content. Nothing in these Terms transfers ownership of Client information to Centuric.

7. Fees, Invoicing, and Taxes

Fees for each engagement are specified in the applicable SOW. Unless otherwise stated:

• Fixed-fee engagements (such as Readiness Assessments) are invoiced 50% at kickoff and 50% at delivery
• Time-and-materials engagements are invoiced monthly in arrears for work performed in the preceding period
• Managed Compliance fees are invoiced monthly in advance for the upcoming period
• Travel and out-of-pocket expenses are billed at actual cost without markup, with pre-approval for any expense exceeding $1,000

Invoices are payable Net 30 from the invoice date. Past-due balances may accrue interest at the lesser of 1.5 percent per month or the maximum rate permitted by law. Fees do not include sales, use, value-added, or similar taxes, which are the Client's responsibility where applicable. Federal contractors should consult their contracts and accounting personnel regarding cost-allowability under DFARS and the Federal Acquisition Regulation.

8. Term and Termination

Each engagement begins on the SOW effective date and continues until the deliverables are complete or, for recurring services, until terminated as provided here. Either party may terminate an engagement for material breach by the other that remains uncured for 30 days after written notice. Centuric may terminate immediately on written notice for Client non-payment past 30 days, violation of Acceptable Use, or fraud.

Upon termination, Client will pay for work performed and expenses incurred through the termination date. Centuric will deliver work product completed through that date in its then-current state. Sections that by their nature survive (including IP, Confidentiality, Liability, Indemnification, and Governing Law) will continue in effect.

9. Service Levels and Disclaimers

We will use commercially reasonable efforts to deliver the Services in a professional and workmanlike manner consistent with applicable industry standards. Except as expressly stated in an executed SOW, the Services are provided "as is" and Centuric makes no warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, or non-infringement.

Centuric does not warrant that any Client environment will be free of vulnerabilities, that any specific control will pass assessor scrutiny, that any AI-derived output is free of error, or that any third-party platform on which the Services depend (including Microsoft 365, Microsoft Azure, Microsoft Entra, Microsoft Defender, Microsoft Intune, and Microsoft Purview) will be free of defects or downtime.

10. Limitation of Liability

To the maximum extent permitted by law, Centuric's aggregate liability for any claim arising out of or relating to the Services or these Terms is limited to the fees paid by Client to Centuric in the twelve months preceding the event giving rise to the claim.

In no event will Centuric be liable for indirect, incidental, consequential, special, exemplary, or punitive damages, including lost contracts, lost profits, lost revenue, lost business opportunities, lost data, business interruption, or loss of goodwill, even if advised of the possibility of such damages. This includes any loss alleged to result from a downtime event, security incident, third-party action, or contracting decision by any third party.

11. Indemnification

Client agrees to indemnify and hold harmless Centuric and its officers, employees, agents, and subcontractors from any third-party claims, damages, or expenses (including reasonable attorneys' fees) arising from: (a) Client's use of the Services or deliverables, (b) Client's violation of these Terms or applicable law, (c) Client's submissions to government repositories or representations to prime contractors, or (d) Client's failure to provide accurate scope information.

12. Confidentiality

Each party will protect the other's Confidential Information with at least the same degree of care it uses for its own confidential information, and in any case no less than a reasonable standard of care. "Confidential Information" includes any non-public information disclosed in connection with the Services, marked confidential or that reasonably should be understood as confidential, including network diagrams, system configurations, user data, pricing, and engagement deliverables. Confidentiality obligations survive termination for five years, or longer where required by applicable law.

13. Changes to These Terms

We may update these Terms from time to time. Material changes will be communicated by email to the Client Point of Contact at least 30 days before they take effect, or, for new engagements, will apply to engagements commencing after the effective date of the change. Continued engagement after notice of a material change constitutes acceptance.

14. Governing Law and Disputes

These Terms are governed by the laws of the State of Florida, without regard to conflict-of-laws principles. Any dispute arising out of or relating to these Terms or the Services shall be resolved exclusively in the state or federal courts located in Broward County, Florida, and both parties consent to exclusive personal jurisdiction in those courts. Each party waives any right to a jury trial. Neither party may bring claims as a class representative or in a class action.

15. Miscellaneous

These Terms, together with any executed SOW or Master Services Agreement and the Privacy Policy, constitute the entire agreement between Client and Centuric regarding the Services and supersede any prior understanding. If any provision is held unenforceable, the remainder shall remain in effect. Failure to enforce any provision is not a waiver. Neither party may assign these Terms without the other's prior written consent, except either party may assign in connection with a merger, acquisition, or sale of substantially all assets.

16. Contact

Questions about these Terms should be directed to:

Centuric LLC
13798 NW 4th St., Suite 311
Sunrise, Florida 33325
(954) 691-1650
[email protected]