1. Parties and Acceptance of Terms

This Service Agreement (“Agreement”) is entered into between The Cyber Friend LLC, a Michigan limited liability company (“Provider,” “we,” “us,” or “our”), and the individual or organization completing the subscription checkout (“Subscriber,” “you,” or “your”).

By checking the acceptance checkbox at the bottom of this page and completing payment through Stripe, you confirm that you have read, understood, and agree to be legally bound by all terms in this Agreement. You represent that you have the legal authority to bind yourself or your organization to this Agreement.

The name, business name, and email address you provide on the Stripe checkout page serve as your identifying information under this Agreement. Your Stripe payment receipt, combined with your acceptance on this page, constitutes the complete record of your agreement. This Agreement becomes effective as of the date and time your payment is successfully processed.

2. Onboarding and Customer Service Manager Assignment

Within one (1) business day of your first successful payment, The Cyber Friend LLC will send onboarding documentation to the email address provided during Stripe checkout. This documentation will include your dedicated submission email address, whitelisting instructions, submission best practices, authorized contact list requirements, and the name and dedicated contact email address of your assigned Customer Service Manager.

Every Subscriber is assigned a dedicated Customer Service Manager (“CSM”) who serves as their primary point of contact for all service-related matters including submission questions, credit requests, additional user requests, add-on purchases, billing inquiries, monthly threat report delivery, and dispute escalations. Your CSM is reachable via the dedicated support email address provided in your onboarding documentation. Subscriber should direct all account-related communications through their CSM to ensure timely and accurate handling.

Subscriber is required to return a completed list of authorized contacts — including the full name and email address of each authorized user — within five (5) business days of receiving onboarding documentation. This contact list is required to activate full service and to prevent unauthorized use of the dedicated submission address. The Cyber Friend LLC reserves the right to dismiss submissions from unrecognized addresses until the authorized contact list has been received and confirmed.

Any submission originating from an address not on the authorized contact list will be flagged and may be dismissed without analysis and without consuming a credit, at the Provider’s discretion. Providing an unauthorized, fabricated, or misrepresented contact constitutes a violation of this Agreement and may result in immediate suspension or termination of service without refund.

3. Description of Service and Technical Infrastructure

The Email Threat Analysis service allows Subscribers to submit suspicious emails to The Cyber Friend LLC for review. The Business Plan covers up to fifty (50) authorized users and includes unlimited submission credits per calendar month. There is no monthly submission cap under this plan; however, The Cyber Friend LLC reserves the right to review submission patterns and contact the Subscriber if volume appears inconsistent with normal organizational use or suggests misuse of the service.

Analysis is performed using a combination of trained human analyst review and proprietary technology solutions developed and maintained by The Cyber Friend LLC. These internal solutions incorporate third-party analytical tools and artificial intelligence systems to assist in evaluating submitted email components including embedded links, sender metadata, message headers, and attachment indicators. All analysis is conducted on a server owned and physically managed by The Cyber Friend LLC, operating on a local-access-only basis with no external network access, no third-party vendor connectivity, and no outside system integration at the infrastructure level.

Submitted emails are received through The Cyber Friend LLC’s Microsoft Office 365 environment and transferred to the local analysis server described above. Submitted data is retained for one (1) year from the date of submission and permanently deleted thereafter, unless retention is required for active or anticipated legal proceedings, regulatory compliance, or dispute resolution purposes, in which case The Cyber Friend LLC reserves the right to retain relevant data for as long as reasonably necessary.

4. Recommended Submission Method

The Cyber Friend LLC strongly recommends that Subscribers download suspicious emails as an EML file and submit the EML file as an attachment to the dedicated submission address. This method preserves complete email header data — including the original sender IP address, authentication results, message routing details, and other metadata — that analysts rely on to make accurate and thorough threat determinations.

Forwarding an email rather than submitting it as an EML file will strip significant portions of this header data. Forwarded submissions are accepted; however, the resulting analysis may be limited in scope or result in an inconclusive determination due to the absence of critical metadata. Subscriber acknowledges that the method of submission directly affects analytical quality and that The Cyber Friend LLC bears no responsibility for reduced accuracy or inconclusive results arising from a forwarded submission.

5. Turnaround Time and Service Level Commitment

The Business Plan carries a target turnaround time of twelve (12) hours from the time a submission is received at the dedicated submission address. Coverage is provided seven (7) days a week between the hours of 7:00am and 10:00pm Central Standard Time. Submissions received outside of these coverage hours — including overnight hours between 10:00pm and 7:00am CST — will be queued and addressed at the start of the next available coverage window. The Cyber Friend LLC is not obligated to respond to submissions received outside of stated coverage hours within the twelve (12) hour target until the coverage window resumes.

Turnaround times are targets and not guarantees. Actual response times may vary based on submission volume, email complexity, missing or incomplete submission data, or circumstances beyond the Provider’s reasonable control including but not limited to acts of God, natural disasters, floods, fires, earthquakes, pandemics, acts of war, terrorism, civil unrest, governmental action, internet service provider failures, power outages, or any other event outside the Provider’s reasonable control.

The Provider does not issue automatic credits for delays unless the delay exceeds three (3) business days from confirmed receipt during an active coverage window, in which case Subscriber may contact their assigned CSM to request a credit at the Provider’s discretion. The stricter credit window for the Business Plan reflects the elevated service commitment of this tier.

6. Submission Credits and Usage Policy

The Business Plan includes unlimited submissions per calendar month. There are no monthly credit limits under this plan. The following specific policies apply:

Unreadable or Corrupted Submissions: If The Cyber Friend LLC cannot open, process, or analyze a submitted file due to corruption, incorrect format, or technical incompatibility, Subscriber will be notified and asked to resubmit. No submission is counted until a readable and processable file is successfully received.

Out of Scope Submissions: Submissions clearly not phishing-related — including bulk marketing emails, newsletters, automated notifications, and promotional messages — will be noted and Subscriber will be informed. Due to the unlimited nature of this plan, out of scope submissions do not result in a credit deduction; however, repeated out of scope submissions may be flagged by the assigned CSM and may result in a conversation about appropriate use of the service.

Inconclusive Determinations — Subscriber Response Required: When available data is insufficient to render a definitive verdict, The Cyber Friend LLC will issue a written request for additional information. Subscriber has seven (7) calendar days from the date the request is sent to provide the requested response. If Subscriber does not respond within this window, the ticket will be closed. The Cyber Friend LLC bears no further responsibility for that submission after ticket closure.

Inconclusive Determinations — Provider Determined: In cases where The Cyber Friend LLC independently determines that a definitive verdict cannot be made even with all available data, The Cyber Friend LLC will provide written recommendations for suggested next steps, which may include contacting the purported sender directly to verify legitimacy or consulting with an incident response professional.

Verdict Delivery and Spam or Junk Filtering: Verdicts are delivered to the email address on the authorized contact list. Subscriber is solely responsible for ensuring that communications from The Cyber Friend LLC are not filtered, blocked, auto-deleted, or redirected by client-side rules, security gateways, or spam filters. The Cyber Friend LLC strongly recommends checking spam and junk folders regularly. The Cyber Friend LLC is not responsible for verdicts not received due to Subscriber’s email configuration.

Fair Use: While submissions are unlimited, the Business Plan is intended for use by the Subscriber’s organization only. Submissions on behalf of third parties, clients, or external organizations not affiliated with the Subscriber are not permitted without prior written authorization from The Cyber Friend LLC. Violation of this policy may result in suspension or termination of service.

7. Monthly Threat Summary Report

The Business Plan includes a monthly threat summary report delivered to the Subscriber’s designated Point of Contact. This report is prepared by The Cyber Friend LLC and covers patterns, trends, and notable observations identified across the Subscriber’s submissions during the preceding calendar month. Reports are delivered within five (5) business days following the end of each calendar month.

The monthly threat summary report is provided for informational purposes only and constitutes professional security guidance. It does not constitute legal advice, forensic evidence, or a legally admissible expert opinion. The Cyber Friend LLC makes reasonable efforts to ensure the accuracy and completeness of each report; however, the report is based solely on submissions received during the reporting period and may not reflect all threats encountered by the Subscriber’s organization.

If a Subscriber’s submission volume for a given month is zero, a report may not be generated for that period. The Cyber Friend LLC will notify the Subscriber in that case. Report delivery via email is subject to the same spam and junk folder considerations described in Section 6. The Cyber Friend LLC is not responsible for reports not received due to the Subscriber’s email environment.

8. Additional Submission Credit Packages

Because the Business Plan includes unlimited submissions, additional credit packages are not applicable to this tier. If Subscriber requires supplemental services beyond the scope of this plan, they should contact their assigned CSM to discuss available options.

9. Authorized Users, User Limits, and Additional User Policy

The Business Plan permits up to fifty (50) authorized users per subscription month. The Subscriber is responsible for designating and maintaining their authorized user list, which must be submitted to their CSM as part of the onboarding process. Authorized users may be rotated at the start of each new billing month by submitting an updated list to the assigned CSM prior to the billing renewal date. Mid-cycle additions exceeding fifty (50) users will not be honored for the current billing month.

If Subscriber requires additional users beyond fifty (50), they may contact their CSM. Additional users are billed at ten dollars ($10.00 USD) per additional user per month. The CSM will issue a supplemental invoice and confirmation document which Subscriber must acknowledge before activation. Additional user rates continue until Subscriber submits a written removal request to their CSM or the subscription is fully terminated.

10. Unlimited Contacts Add-On

Subscribers who require an unrestricted number of authorized users may add the Unlimited Contacts add-on for fifteen dollars ($15.00 USD) per month, billed alongside the base subscription rate. This add-on removes the per-user cap entirely. The add-on may be requested through the assigned CSM and remains active until Subscriber submits a written cancellation or the subscription is fully terminated. The Cyber Friend LLC reserves the right to audit submission patterns under this add-on and may flag unusual volumes that suggest misuse or unauthorized external access.

11. Nature of Verdicts and Limitation of Analytical Scope

Verdicts and recommendations provided by The Cyber Friend LLC constitute professional security guidance only. They do not constitute legal advice, forensic evidence, law enforcement referrals, or legally admissible expert opinion. Subscriber is strongly encouraged to use best judgment when reviewing and acting on any verdict and to consult additional resources or professionals when circumstances warrant.

Verdicts are based solely on the content and metadata of the email as submitted. The Cyber Friend LLC does not investigate external systems, networks, or infrastructure beyond the submitted email. No analysis service can guarantee detection of all threats. If Subscriber or Subscriber’s users take action or fail to take action based on a verdict and that decision results in harm or loss, Subscriber assumes full responsibility. The Cyber Friend LLC’s total liability is limited to subscription fees paid in the thirty (30) days preceding the disputed verdict.

12. Billing, Payment, Failed Payments, and Cancellation

Your subscription is billed monthly at $197.00 USD, charged automatically through Stripe on the same calendar date each month. Any active add-ons or additional user fees are billed alongside the base rate. All payments are processed by Stripe and are subject to Stripe’s terms of service in addition to this Agreement.

Failed Payments: In the event of a failed payment, service will be suspended immediately and the dedicated submission address will be deactivated. No submissions will be accepted or analyzed during a suspension period and the monthly threat summary report will not be prepared for any month in which the account is in a failed payment status. The Cyber Friend LLC will notify Subscriber via the email address on file. Service will be reactivated only upon confirmation of successful payment. Accounts in failed payment status for more than thirty (30) calendar days may be terminated at the Provider’s discretion without further notice.

Subscriber may cancel at any time through the Stripe customer portal or by contacting their assigned CSM. Cancellation takes effect at the end of the current billing period. Subscriber retains full access to the service through the end of the paid period, including any monthly threat summary report due for that period. No partial refunds are issued for unused days within a billing cycle.

Monthly fees are non-refundable except where The Cyber Friend LLC failed to activate service within three (3) business days of payment or materially failed to deliver the described service. All refund requests must be submitted in writing to the assigned CSM or info@thecyberfriend.com within fifteen (15) days of the charge in question.

13. Data Handling, Privacy, and Confidentiality

All submitted emails and associated content are treated as confidential and will not be sold, shared, or disclosed to any third party except as required by law or court order. Submitted data is stored within The Cyber Friend LLC’s Microsoft Office 365 environment and on a locally managed, physically isolated analysis server with no external network access. Data is retained for one (1) year and permanently deleted thereafter, unless retention is required for legal or dispute resolution purposes.

Subscriber is responsible for ensuring submitted emails do not contain data subject to regulatory restrictions including but not limited to Protected Health Information under HIPAA, classified government data, or attorney-client privileged communications. The Cyber Friend LLC assumes no liability for Subscriber’s failure to comply with applicable data regulations prior to submission.

14. Indemnification

Subscriber agrees to indemnify, defend, and hold harmless The Cyber Friend LLC, its members, managers, employees, contractors, and agents from and against any and all claims, damages, losses, costs, and expenses — including reasonable legal fees — arising out of or related to: (a) Subscriber’s use of the service; (b) any action or inaction taken based on a verdict or recommendation; (c) submission of data violating applicable law or third-party rights; or (d) breach of any term of this Agreement.

15. Disclaimer of Warranties

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. THE CYBER FRIEND LLC EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THE CYBER FRIEND LLC DOES NOT WARRANT THAT THE SERVICE WILL BE ERROR-FREE, UNINTERRUPTED, OR THAT ALL THREATS WILL BE DETECTED OR CORRECTLY IDENTIFIED.

16. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE CYBER FRIEND LLC SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF DATA, LOSS OF REVENUE, LOSS OF BUSINESS, SECURITY BREACHES, OR COSTS OF SUBSTITUTE SERVICES. IN ALL CASES, THE CYBER FRIEND LLC’S TOTAL LIABILITY SHALL NOT EXCEED THE TOTAL SUBSCRIPTION FEES PAID BY SUBSCRIBER IN THE THIRTY (30) DAYS PRECEDING THE CLAIM.

17. Dispute Resolution and Arbitration

In the event of any dispute, both parties agree to first attempt resolution through good-faith written communication submitted to the assigned CSM or info@thecyberfriend.com, allowing fourteen (14) calendar days for response. If unresolved, both parties agree to binding arbitration in the State of Michigan before resorting to litigation. Each party bears its own arbitration costs unless the arbitrator determines otherwise. Subscriber expressly waives any right to participate in a class action lawsuit or class-wide arbitration against The Cyber Friend LLC.

18. Governing Law

This Agreement shall be governed by the laws of the State of Michigan, without regard to its conflict of law provisions. Any proceedings not resolved through arbitration shall be brought exclusively in the state or federal courts of Michigan, and both parties consent to personal jurisdiction in such courts.

19. Force Majeure

The Cyber Friend LLC shall not be held liable for any failure or delay in performance resulting from causes beyond its reasonable control, including but not limited to acts of God, natural disasters, floods, fires, earthquakes, pandemics, epidemics, acts of war, terrorism, civil unrest, governmental action, internet service provider failures, or power outages. The Cyber Friend LLC will make reasonable efforts to resume service as soon as practicable and will notify Subscribers of any extended disruption.

20. Modifications to This Agreement

The Cyber Friend LLC reserves the right to modify this Agreement at any time. Subscribers will be notified of material changes via email at least thirty (30) days prior to the effective date. Continued use of the service after the effective date constitutes acceptance of the updated terms. Subscriber may cancel before the effective date without penalty if they do not agree to the changes.

21. Entire Agreement and Severability

This Agreement constitutes the entire agreement between the parties regarding the Email Threat Analysis service and supersedes all prior communications, representations, or agreements. If any provision is found unenforceable, it shall be modified to the minimum extent necessary, and all remaining provisions shall continue in full force and effect.