Skip to Content

CyArt's TERMS AND CONDITONS

Last Update: June 20TH, 2024​

TERMS OF SERVICE

THESE SUBSCRIPTION TERMS AND CONDITIONS (TOGETHER WITH THE ADDITIONAL TERMS OF ANY ORDER, THE “AGREEMENT”) ARE ENTERED INTO BETWEEN YOU, AS AN INDIVIDUAL, COMPANY, CORPORATION, OR OTHER ENTITY (“CUSTOMER”), AND CYART TECH (“CYART”) ON THE DATE OF ACCEPTANCE (THE “EFFECTIVE DATE”). “CUSTOMER” MAY ALSO INCLUDE A VENDOR OF A CUSTOMER REQUESTING INFORMATION VIA THE CYART SERVICES WHO ACCEPTS THESE TERMS AND CONDITIONS. YOU ACCEPT THIS AGREEMENT BY USING THE CYART SERVICES OR OTHERWISE ACKNOWLEDGING YOUR ACCEPTANCE (FOR EXAMPLE, BY CLICKING THE “ACCEPT” BUTTON OR SIGNING AN ORDER REFERRING TO THESE TERMS). IF YOU ARE ACCEPTING THIS AGREEMENT ON BEHALF OF A CUSTOMER ENTITY AS DESCRIBED ABOVE, YOU AND SUCH ENTITY REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT, AND THE TERMS “YOU” OR “YOUR” AND “CUSTOMER” WILL REFER TO SUCH ENTITY. ACCEPTANCE OF THIS AGREEMENT IS A CONDITION OF YOUR ACCESS TO THE CYART SERVICES. IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT, YOU MAY NOT ACCESS OR USE THE CYART SERVICES.

BACKGROUND

CyArt Tech has crafted unique strategies and technology specifically for evaluating the cybersecurity risk borne by organizations, inclusive of their ability to manage risks presented by vendors (termed the “CyArt Technology”). The customer expresses an interest in acquiring, accessing, or subscribing to the services offered by CyArt, as detailed in an Order (as defined further along), which could encompass the management and continuous monitoring of vendor risk (accessible via the CyArt customer portal or the CyArt application programming interface), along with corresponding customer support, customer success, and facilitation services (collectively known as the “CyArt Services”). CyArt agrees to provide such services to the customer in accordance with the stipulations outlined in this Agreement. Each entity involved in this contract is referred to as a “Party” within this document, or collectively as the “Parties.” Acknowledging the aforementioned and the mutual agreements and terms described below, and in return for other beneficial and valuable consideration, the receipt and adequacy of which is recognized, the Parties agree as detailed below:

SECTION 1 — SERVICES

#1.1 Provision of Services: CyArt shall grant the Customer admittance to the CyArt Services throughout the duration of the subscription. CyArt may also incorporate into the CyArt Services specific data, services, or integrations derived from external third-party sources (“Third-Party Services”), which may necessitate the acceptance of separate or additional terms imposed by such third parties for access.

#1.2 Service Utilization: Conforming to the terms and conditions of this Agreement, CyArt bestows upon the Customer a non-exclusive and non-transferable privilege to access and utilize the CyArt Services as follows: (i) access and employ the CyArt Services purely for its internal operational needs; (ii) reproduce and preserve the information and data contained in the CyArt Services made accessible to and accessed by the Customer (the “CyArt Data”) within one or more databases under its control or possession for analysis, manipulation, report generation, or other legitimate activities, all for the purposes mentioned in the preceding clause; (iii) distribute internally, in the normal course of the Customer’s operations, reports, presentations and other materials that incorporate, utilize, or display the CyArt Data of rated organizations or derivatives thereof; (iv) share with any third party, including publicly, any CyArt Data that pertains solely to the Customer and the Customer’s CyArt-assigned industry sector rating; and (v) share the CyArt Data that pertains solely to a rated organization with such organization via functionality embedded in the CyArt Service for the purpose of initiating or maintaining a business relationship, provided that such rated organization is a current or prospective vendor/service provider, regulator, insured, or affiliate (including any portfolio companies or potential acquisition or investment targets) of the Customer.

“Users” are individuals who receive authorization from the Customer to utilize the CyArt Services as permitted herein and who have been assigned user identifications and passwords either by a Customer’s administrative users or CyArt (upon the Customer’s request). Users can be Customer’s employees, contractors or consultants provided that the CyArt Services are employed for the sole advantage of the Customer and that such Users adhere to confidentiality obligations no less restrictive than those in this Agreement. The CyArt Services allow administrative Users to customize access levels on a per-User basis to ensure that each User possesses the desired level of access to the CyArt Data. The Customer bears responsibility and liability for maintaining the secrecy and security of logins and passwords for the CyArt Services, for ensuring the appropriate configuration of access levels in the CyArt portal, and for enforcing compliance with this Agreement, including Sections 1.2, 1.3, and 6, by any Users or other individuals it grants access to the CyArt Services.

#1.3 Limitations: The CyArt Services, the CyArt Data, the databases that store the CyArt Data, and the selection, arrangement, structure, organization, and source code of all the aforementioned elements constitute precious trade secrets of CyArt and its licensors and suppliers. Regardless of any conflicting provision in this Agreement, the Customer shall not, and shall not allow any third party or any Users to: (i) provide or make the CyArt Services or CyArt Data accessible to any third party, either free of charge or for a fee, except as explicitly allowed by this Agreement, including Section 1.2; (ii) remove or alter any copyright, trademark, or other notices contained in the CyArt Services or the CyArt Data; (iii) utilize the CyArt Services or the CyArt Data except as expressly permitted in this Agreement; (iv) employ the CyArt Services to publish or disclose any competitive benchmarking tests or analysis; (v) utilize the CyArt Services or CyArt Data in a manner that breaches applicable law, including, without limitation, using it to deliberately defame, denigrate, or malign any third party, or to participate in or enable, whether on behalf of the Customer, the User, or any other person or entity, any transactions that are prohibited by the U.S. economic sanctions managed by the Office of Foreign Assets Control, U.S. Department of the Treasury or use it to unlawfully access any third party’s network or systems or to compromise the security, integrity, or performance of the same; (vi) utilize the CyArt Services or CyArt Data to initiate or back any legal proceedings or arbitration against any third party, except as expressly permitted by Section 6.2; (vii) interfere with or disrupt the security, integrity, or performance of the CyArt Services or CyArt Data; (viii) attempt to gain unauthorized access to the CyArt Services or its related systems or networks; (ix) access or use the CyArt Services or CyArt Data or any associated documentation to construct or offer a competitive product or service or to divulge such information for the purpose of generating revenue from security products or services; (x) attempt to reverse engineer or decompile the CyArt Services; or (xi) use the CyArt Services in relation to any document associated with the offering of securities (for instance, a prospectus or a “road show” presentation).

SECTION 2 — REMUNERATION AND PAYMENT PROCEDURES

#2.1 Charges: Unless the Customer has procured the CyArt Services through an accredited partner or reseller, the Customer will compensate the fees (the “Fees”) delineated in a quotation or an order form furnished by CyArt (the “Order”). Except as otherwise indicated herein or in an Order, financial obligations to CyArt are non-rescindable and payments rendered are non-reimbursable. Any refunds provided under this Agreement will be made to the entity that transferred the relevant Fee to CyArt and, if applicable, the Customer will solely pursue the authorized partner or reseller to recover such a refund.

#2.2 Tax Obligations: The Customer will bear the burden for all sales, usage, and other analogous taxes stemming from the Customer’s purchase or utilization of the CyArt Services, excluding taxes based on CyArt’s income or revenues. The Customer will not deduct any taxes from any amounts payable to CyArt.

#2.3 Terms of Payment: The Customer will settle in full the amounts stated in any Order within thirty (30) days of receiving the invoice unless otherwise stipulated in the Order. Unless otherwise consented to in writing by CyArt (including in an Order), (i) all remittances will be made by bank wire transfer conforming to CyArt’s directives or by check issued by a bank in India, and (ii) all remittances will be devoid of all setoffs and made in Indian Rupees (INR). If CyArt does not receive payment within the allotted time, it will be deemed a material breach.

SECTION 3 — REPRESENTATIONS, WARRANTIES, AND COVENANTS; INTELLECTUAL PROPERTY INDEMNIFICATION

#3.1 Representations, Warranties, and Covenants: Each Party hereby affirms, guarantees, and promises to the other that: (a) it possesses and will continue to possess the complete right, power, and authority to enter into and fulfill this Agreement and all of the transactions envisioned by this Agreement; (b) no approval, consent, permit, or order from any government authority or other entity is mandated for the conclusion, delivery, and fulfillment of this Agreement by such Party; and (c) it will abide by all relevant laws and regulations in the provision of the CyArt Services and in the utilization and access of the CyArt Services, respectively. The Customer further affirms, guarantees, and promises that: (y) all account and other information provided by the Customer is and will remain accurate in all significant aspects and if there are any substantial changes in such information during the Term, the Customer will notify CyArt of such changes in writing; and (z) it possesses all necessary consents and permissions to provide any information it uploads or otherwise supplies to CyArt in relation to the CyArt Services.

#3.2 Disclaimer of Warranties: EXCEPT FOR WHAT IS EXPLICITLY STATED IN SECTION 3.1:

CYART HEREBY REFUTES ALL EXPRESS AND IMPLIED WARRANTIES OF ANY TYPE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, SUITABILITY FOR A PARTICULAR PURPOSE, ACCURACY, PUNCTUALITY, COMPLETENESS, RELIABILITY, ERROR-FREE OPERATION, SECURITY AGAINST UNAUTHORIZED ACCESS SUCH AS HACKING OR OTHER SIMILAR MEANS, AND NON-INFRINGEMENT. THE CYART SERVICE AND THE CYART DATA (INCLUDING ANY SUGGESTIONS OR FORECASTS) AND ANY THIRD-PARTY SERVICES PROVIDED IN CONJUNCTION WITH THEM, ARE OFFERED ON AN “AS IS” BASIS ONLY, WITHOUT ANY WARRANTIES WHATSOEVER, AND ARE SUBJECT TO MODIFICATIONS AT ANY TIME. THE CUSTOMER ASSUMES ALL RISKS OF DAMAGE OR LOSS FROM DEPENDING UPON OR UTILIZING THE CYART SERVICE, THE CYART DATA, ANY RESULTANT DATA, AND ANY THIRD-PARTY SERVICES PROVIDED IN CONJUNCTION WITH THEM FOR DECISION-MAKING PURPOSES. THE CUSTOMER ACKNOWLEDGES THAT CERTAIN CYART SERVICES DEMAND A SUPPORTED BROWSER AND THAT ACCESS TO THIRD-PARTY SERVICES PROVIDED WITH THE CYART SERVICES MAY HAVE ADDITIONAL REQUIREMENTS. THE CYART SERVICES AND CYART DATA DO NOT CONSTITUTE INVESTMENT OR FINANCIAL COUNSEL, NOR RECOMMENDATIONS TO ACQUIRE, SELL, OR MAINTAIN SPECIFIC SECURITIES.

#3.3 Indemnification for Intellectual Property: CyArt will defend, at its own cost and with lawyers of its choosing, against any lawsuit brought against the Customer and its respective directors, officers, employees, and representatives, collectively referred to as (the “Indemnified Parties”) by a third party, if the lawsuit is predicated on a claim that the CyArt Technology infringes any patents, trademarks, or copyright of a third party (the “Claim”). CyArt will cover those costs and damages that are ultimately awarded to such third-party claimants in any such lawsuit, or in a settlement of such lawsuit, which are specifically attributable to the Claim.

The aforementioned indemnification obligations are contingent on the Customer: (i) immediately providing CyArt with written notice of any such lawsuit; (ii) granting CyArt exclusive control of the defense of any such claim and all related settlement discussions; and (iii) offering assistance and full cooperation in such defense, upon CyArt’s request and at CyArt’s cost.

If the CyArt Technology becomes, or in CyArt’s opinion is likely to become the subject of an infringement claim, then CyArt may, at its sole discretion and expense, either (i) replace or modify the CyArt Technology so that it is non-infringing; (ii) secure for the Customer the right to continue using the allegedly infringing CyArt Technology; or (iii) terminate the Customer’s right to use the CyArt Technology and/or terminate this Agreement, in whole or in part, as appropriate, upon written notice to the Customer and refund the Customer (or authorized partner or reseller if the initial payment was made by such partner or reseller) any prepaid fees attributable to the remainder of the term of the Customer’s subscription to the applicable CyArt Technology. The Customer will have the right to participate, at its expense, in the defense of any claim covered under this Section with counsel of its own choosing.

Notwithstanding the foregoing, CyArt shall have no obligation under this Section or otherwise with respect to any infringement claim based on any use of the CyArt Technology not in accordance with this Agreement; any use of the CyArt Technology in combination with equipment, software, or data not supplied by CyArt if such infringement would have been avoided but for the combination with other equipment, software, or data; any modification of the CyArt Technology by any person other than CyArt or as authorized by CyArt in writing; or the Customer’s continued use of the allegedly infringing CyArt Technology after receiving written notice to cease such use.

THIS SECTION ESTABLISHES CYART’S TOTAL LIABILITY AND THE CUSTOMER’S EXCLUSIVE REMEDY FOR ANY CLAIMS OF INFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHT BY CYART’S PRODUCTS, TECHNOLOGY, OR SERVICES OR BY THEIR DISTRIBUTION, OPERATION, USE, OR RECEIPT.

SECTION 4 — LIMITATION OF LIABILITY

#4.1 TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES, SUPPLIERS, PARTNERS, RESELLERS, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SHAREHOLDERS, INSURERS OR CONTRACTORS (“RELATED PARTIES”) BE LIABLE UNDER THIS AGREEMENT FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES (INCLUDING BUT NOT LIMITED TO LOST REVENUES, PROFITS OR DATA OR OTHER ECONOMIC LOSS) ARISING FROM ANY CAUSE OF ACTION OR LEGAL THEORY, INCLUDING BUT NOT LIMITED TO BREACH OF WARRANTY, BREACH OF CONTRACT, TORT, STRICT LIABILITY OR FAILURE OF ESSENTIAL PURPOSE EVEN IF THE PARTY OR A RELATED PARTY HAS BEEN ADVISED, KNEW, OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES.

#4.2 THE MAXIMUM LIABILITY OF EITHER PARTY UNDER THIS AGREEMENT, TAKEN AS A WHOLE, FOR ANY AND ALL CLAIMS IN CONNECTION WITH THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO CLAIMS FOR INDEMNIFICATION, BREACH OF WARRANTY, BREACH OF CONTRACT, TORT, STRICT LIABILITY, FAILURE OF ESSENTIAL PURPOSE OR OTHERWISE, WILL IN NO CIRCUMSTANCE EXCEED THE FEES PAID OR OWED TO CYART IN THE PAST TWELVE (12) MONTHS UNDER THIS AGREEMENT.

#4.3 NOTWITHSTANDING THE FOREGOING, SECTIONS 4.1 AND 4.2 WILL NOT APPLY WITH RESPECT TO ANY CLAIMS BASED ON A PARTY’S OBLIGATIONS UNDER SECTION 1.2 (USE OF SERVICES), SECTION 1.3 (RESTRICTIONS), SECTION 3.3 (INTELLECTUAL PROPERTY INDEMNIFICATION), OR SECTION 6 (CONFIDENTIALITY), OR ANY OTHER CLAIMS FOR WHICH LIABILITY CANNOT BE EXCLUDED OR LIMITED BY LAW.

SECTION 5 — TERM AND TERMINATION

#5.1 Duration: This Agreement takes effect on the Effective Date and continues until all under this Agreement outlined subscriptions have either expired or been terminated and access to the CyArt Services has been discontinued (such a period will be referred to as the “Term”).

#5.2 Duration of Procured Subscriptions: The tenure of each subscription will be as specified in the applicable Order or as agreed upon between the Customer and the applicable authorized partner or reseller. Once a subscription concludes, access may be rescinded. Unless otherwise specified in an Order, subscriptions procured directly from CyArt will auto-renew for additional periods equivalent to the expiring subscription term or one year (whichever is longer) at the prevailing list prices, unless either Party notifies the other of non-renewal at least thirty (30) days before the end of the relevant subscription term.

#5.3 Termination for Cause: Either Party may instantly conclude this Agreement and any active Orders upon written notice if the other Party: (a) fails to rectify a significant breach of this Agreement within thirty (30) calendar days after receiving written notice of such breach (if capable of cure); (b) becomes insolvent or commits an affirmative act of insolvency; (c) initiates an assignment for the benefit of creditors or takes similar action; (d) submits a voluntary bankruptcy or similar petition; (e) assents to any involuntary bankruptcy or similar petition and such involuntary petition is not dismissed within ninety (90) days; or (f) is adjudged bankrupt or to a similar effect. If the Customer terminates this Agreement for cause only, CyArt will provide the Customer with a pro rata refund of the pre-paid Fees actually paid to CyArt, as of the effective date of termination

#5.4 Effects of Termination: All provisions of this Agreement that reasonably may be interpreted or construed as surviving the Termination of this Agreement will endure the termination of this Agreement, including but not limited to the obligation to pay any accrued but unpaid fees and Sections 3, 4, 5.4, 6, and 7. Furthermore, after the Term, access to the CyArt Services will be rescinded, but the Customer may retain and store, in any medium (including, but not limited to, electronic storage) any reports that include any CyArt Data that was lawfully acquired under this Agreement prior to the expiration or termination of this Agreement, for use by the Customer only as permitted in Sections 1.2 and 1.3.”

SECTION 6 — CONFIDENTIALITY

#6.1 Confidential Information: “Confidential Information” refers to all information of either Party, whether technical, business, or of another nature (including trade secrets, know-how, technology, strategic partners, customers, business plans, promotional and marketing activities, finances, and other business affairs), disclosed by the disclosing Party to the receiving Party or learned by the receiving Party in the course of its discussions, business dealings, or physical or electronic access to the premises or services of the disclosing Party. This information is identified as being proprietary and/or confidential, or the receiving Party should reasonably know to treat it as

SECTION 7 — INTERNSHIP COMMITMENTS AND INFORMATIONS

#7.1 Agreement to Terms

The acceptance of an internship position at CyArt Tech ("Company") represents a significant commitment to professional development and learning. These Terms and Conditions ("Terms") constitute a legally binding agreement between CyArt Tech and the intern ("Intern"). They govern not only the professional relationship but also extend to the use of Company resources, intellectual property, and confidential information. By accepting the internship, you acknowledge that you have read, understood, and agree to comply with all provisions outlined in this document. These Terms are designed to protect both parties' interests while fostering a productive learning environment. The relationship established under these Terms is educational in nature and should not be construed as employment. Any benefits, access, or resources provided are solely for educational purposes and professional development.


#7.2 Internship Structure


7.2.1 Duration and Nature : 
The internship program at CyArt Tech is structured as a remote learning opportunity, designed to provide practical experience in a professional setting while maintaining educational objectives. The standard duration of the internship is established in your individual Internship Agreement, with a minimum commitment of six months and three days required for program completion. This timeframe has been carefully determined to ensure interns can fully engage with projects, develop meaningful skills, and demonstrate professional growth. The remote nature of the internship requires strong self-discipline, excellent time management, and professional communication skills. Interns must maintain regular connectivity during designated work hours and have access to necessary technology infrastructure as specified in the technical requirements document. The Company maintains the right to extend or modify the internship duration based on performance, project requirements, and learning objectives.

7.2.2 Work Schedule : The work schedule is a crucial component of the internship program, requiring careful attention to time management and professional commitments. Interns must maintain consistent attendance according to their assigned schedule, which will be provided upon program commencement. Daily work hours must be accurately logged through the Company's designated time-tracking system, with entries including detailed descriptions of tasks performed and progress made. Any deviations from the standard schedule must be communicated to supervisors with appropriate advance notice. Understanding that emergencies may arise, interns should establish backup communication channels to ensure continuous project updates. The schedule is designed to mirror professional work environments while accommodating educational commitments, requiring a minimum of 40 productive hours per week unless otherwise specified in individual agreements.

7.2.3 Performance Expectations : Performance during the internship is evaluated based on multiple criteria designed to prepare interns for professional careers. Projects assigned must be completed within specified deadlines, with regular progress updates provided through designated communication channels. Quality standards for all deliverables are set at a professional level, requiring attention to detail, thorough testing, and comprehensive documentation. Interns are expected to maintain professional conduct in all interactions, whether with team members, supervisors, or clients. This includes appropriate communication etiquette, meeting participation, and project collaboration. Regular performance reviews will assess technical skills, soft skills, and overall professional development. Constructive feedback should be actively sought and incorporated into future work. Meeting or exceeding these expectations is crucial for successful program completion and potential future opportunities with the Company.

#7.3 Intellectual Property Rights


7.3.1 Company Ownership : All intellectual property created during the internship period falls under the exclusive ownership of CyArt Tech. This encompasses a wide range of creative and technical outputs, including but not limited to: source code, algorithms, software applications, design elements, documentation, research findings, process improvements, and any other materials developed using Company resources or during internship hours. The assignment of rights is comprehensive and includes all current and future rights to modify, distribute, or monetize the created works. This ownership extends to improvements or modifications made to existing Company projects, regardless of the extent of the modification. Interns must properly document all created works and maintain clear records of development processes to ensure proper IP management. The Company's ownership rights persist indefinitely and survive the termination of the internship relationship.

7.3.2 Pre-existing Intellectual Property : Pre-existing intellectual property rights require careful management to protect both the Intern's and Company's interests. Interns must declare any pre-existing intellectual property that may be incorporated into Company projects before such incorporation occurs. This declaration should include detailed documentation of the pre-existing work, its creation date, and any existing licenses or restrictions. When pre-existing IP is incorporated into Company projects, the Company automatically receives a non-exclusive, perpetual license to use, modify, and distribute that IP as part of the larger project. The Intern retains ownership of the pre-existing IP for use in other contexts. However, clear documentation must be maintained to distinguish pre-existing IP from work created during the internship. This helps prevent future disputes and ensures proper attribution of intellectual property rights.
7.3.3 Documentation and Disclosure : Proper documentation is crucial for protecting intellectual property rights. Interns must maintain detailed records of all work performed, including development logs, research findings, and creative processes. These records should clearly distinguish between pre-existing work and new developments created during the internship. Documentation must include comprehensive comments in code, detailed project specifications, and regular progress reports. The documentation process includes creating and maintaining technical specifications, user manuals, API documentation, and any other materials necessary for understanding and utilizing the work created. This documentation becomes part of the Company's intellectual property and must be completed according to Company standards and templates.


#7.4. Confidentiality Obligations

7.4.1 Scope of Confidential Information : Confidential information extends to all non-public information accessed or created during the internship period. This includes, but is not limited to: source code repositories, database structures, system architectures, algorithms, machine learning models, training data, client information, business strategies, marketing plans, financial data, employee information, research and development plans, project specifications, internal communications, and any information marked as confidential or reasonably understood to be confidential. The obligation to protect confidential information applies regardless of how the information was obtained or whether it was explicitly marked as confidential. This includes information obtained through verbal communications, written documents, electronic transmissions, or observation of Company operations.

7.4.2 Duration of Confidentiality : The obligation to maintain confidentiality extends indefinitely beyond the termination of the internship. This perpetual obligation acknowledges that the value of confidential information does not diminish with time and that unauthorized disclosure at any point could harm the Company's interests. The intern must continue to protect confidential information even after the conclusion of the internship period, regardless of their future employment or activities. This includes refraining from using confidential information in future work, academic projects, or personal endeavors. The obligation persists even if similar information becomes publicly available through other means, as the intern's duty is tied to the original confidential nature of the information obtained during the internship.

7.4.3 Security Measures : Interns must implement and maintain strict security measures to protect confidential information. This includes using encryption for data storage and transmission, maintaining secure passwords, using approved virtual private networks (VPNs), and following all Company security protocols. Physical security measures must be implemented when working with confidential information, including maintaining a clean desk policy, proper disposal of physical documents through shredding, and ensuring screens are not visible to unauthorized individuals. Regular security audits will be conducted to ensure compliance with these measures. Any suspected security breaches must be reported immediately to designated security personnel through established channels.

7.4.4 Financial Implications of Breach : Unauthorized disclosure of confidential information that results in financial loss to the Company will have serious consequences. The intern may be held liable for actual damages caused by the breach, including but not limited to: lost business opportunities, damage to client relationships, costs of implementing security measures, legal expenses, and any other quantifiable losses. The Company reserves the right to pursue legal action to recover damages and protect its interests. The financial liability may extend to costs associated with investigating the breach, notifying affected parties, and implementing remedial measures. The determination of financial damages will be based on documented losses and may include both direct and indirect costs resulting from the breach.


7.5 System Usage and Security

7.5.1 Technical Infrastructure Requirements : Interns must maintain and utilize appropriate technical infrastructure throughout the internship period. This includes a dedicated workspace with a reliable internet connection meeting minimum specifications of 10 Mbps download and 5 Mbps upload speeds. The primary work computer must meet or exceed the following specifications: minimum 8GB RAM, modern multi-core processor (Intel i5/AMD Ryzen 5 or better), solid-state drive with at least 256GB storage, and a display capable of 1080p resolution. Secondary or backup systems should be available to ensure continuity of work in case of primary system failure. All systems must run currently supported versions of operating systems with automatic updates enabled. Mobile devices used for Company communications must support current security protocols and be capable of running required authentication applications. The Company reserves the right to audit technical setups and require upgrades if necessary for security or performance reasons.

7.5.2 Software and Tools : All software used during the internship must be legally licensed and approved by the Company. This includes development environments, code editors, version control systems, communication tools, and any other software required for internship duties. The Company will provide licenses for specific required software, but interns are responsible for maintaining general computing software like operating systems and office tools. No cracked, pirated, or unauthorized software may be used in connection with Company work. All software must be kept updated to the latest stable versions to ensure security and compatibility. The Company maintains a list of approved software alternatives to accommodate different operating systems and development preferences while ensuring consistency in output and security.

7.5.3 Access Control and Authentication : Each intern receives unique credentials for accessing Company systems, which must be protected with the utmost security. Two-factor authentication is mandatory for all system access, utilizing both strong passwords and a Company-approved authentication application. Passwords must meet the following criteria: minimum 12 characters, combination of uppercase and lowercase letters, numbers, special characters, no common words or patterns, and no reuse of passwords from other services. Password rotation is required every 60 days, with systems automatically enforcing this policy. Access credentials must never be shared, written down, or stored in unsecured locations. Any suspected compromise of credentials must be reported immediately to the security team, and temporary credentials will be issued while the incident is investigated.

7.5.4 Network Security : All work-related internet access must be conducted through the Company's approved Virtual Private Network (VPN) service. The VPN must be active whenever accessing Company resources, regardless of location or network type. Public Wi-Fi networks should be avoided when possible; if necessary, additional security measures must be implemented as specified in the security guidelines. Network activity is monitored for security purposes, with logs maintained for audit purposes. Bandwidth usage is tracked to ensure efficient resource allocation and identify potential security issues. The Company reserves the right to restrict access to specific websites or services that may pose security risks or impact productivity.

7.5.5 Data Protection and Storage : All work-related data must be stored in Company-approved storage solutions, including designated cloud services and version control systems. Local copies of data must be encrypted using Company-approved encryption methods. Regular backups are mandatory, with verification procedures to ensure data integrity. No Company data may be stored on personal cloud storage services or unauthorized devices. Data transfer must occur only through secure, approved channels. Any data stored locally must be properly wiped using secure deletion methods upon completion of the internship. The Company provides detailed guidelines for data classification and handling procedures based on sensitivity levels.

7.5.6 Security Incident Response : Interns must be familiar with and follow the Company's security incident response plan. This includes recognizing and reporting potential security incidents through appropriate channels within 30 minutes of discovery. Types of incidents requiring immediate reporting include: suspected malware infections, unusual system behavior, unauthorized access attempts, phishing attempts, data loss or exposure, and any violations of security policies. The incident response procedure includes immediate isolation of affected systems, documentation of observations, and cooperation with the security team's investigation. Regular security training is provided to ensure familiarity with these procedures, and mock incidents may be conducted to test response readiness.


7.6 Project and Code Standards

7.6.1 Development Methodology : All development work must strictly adhere to CyArt Tech's established Agile methodology. This includes active participation in daily stand-up meetings, sprint planning sessions, and retrospectives. Sprints are typically structured in two-week intervals, with clear deliverables and milestones defined at the beginning of each sprint. Interns must maintain detailed task tracking in the designated project management system, updating progress daily and logging time spent on each task. The development process includes regular code reviews, pair programming sessions, and technical documentation updates. Adherence to team velocity metrics and sprint commitments is essential, with any potential delays or blockers communicated immediately to project leads. The methodology emphasizes continuous improvement, with interns expected to contribute to process refinements and participate in team discussions for workflow optimization.

7.6.2 Code Quality and Standards : Code quality is paramount and must meet the Company's established standards without exception. This includes adhering to language-specific style guides, maintaining consistent formatting, and following prescribed naming conventions. Code must be self-documenting where possible, with clear variable and function names that indicate purpose. Comments are required for complex logic, business rules, and any code that deviates from standard patterns. Documentation must follow JSDoc or similar standards appropriate to the programming language. Code complexity metrics must stay within defined limits: cyclomatic complexity under 10, method length under 30 lines, and class length under 300 lines. Test coverage requirements are set at a minimum of 80% for new code, with critical paths requiring 100% coverage. Performance optimization is mandatory, with specified maximum execution times for different types of operations.

7.6.3 Version Control Practices : Git is the mandatory version control system, with specific workflows and branching strategies that must be followed. Branch naming must follow the pattern:

type/ticket-number/brief-description (e.g., feature/CYA-123/user-authentication). 

Commit messages must be descriptive and follow the conventional commits specification, including type (feat, fix, docs, etc.), scope, and clear description. No commits should be made directly to main branches. All work must be done in feature branches and merged through pull requests. Pull requests require at least two approved reviews before merging. Commits should be atomic and focused, typically not exceeding 200 changed lines. Regular rebasing is required to maintain clean history, with squashing of commits before merging to main branches.

7.6.4 Testing Requirements : Comprehensive testing is mandatory for all code contributions. This includes unit tests for individual components, integration tests for system interactions, and end-to-end tests for critical user flows. Test cases must cover both positive and negative scenarios, including edge cases and error conditions. Performance tests are required for any code that impacts system response times. Security testing must be performed using approved tools and methodologies. Automated tests must be maintained and updated alongside code changes. Test environments must mirror production configurations as closely as possible. Regular security scans and vulnerability assessments are mandatory, with any identified issues addressed immediately according to severity levels.

7.6.5 Documentation Standards : All projects require comprehensive documentation that meets Company standards. This includes technical documentation, API references, deployment guides, and user manuals where applicable. Documentation must be written in clear, professional English and maintained in Markdown format. Architecture decisions must be documented using Architecture Decision Records (ADRs). API documentation must follow OpenAPI/Swagger specifications. Code changes require corresponding documentation updates in the same pull request. System diagrams must be maintained using approved tools and stored in version control. Regular documentation reviews are conducted to ensure accuracy and completeness. Documentation must include troubleshooting guides and common issue resolutions.

7.6.6 Quality Assurance Process : Quality assurance is an integral part of the development process, not a separate phase. Each feature or fix must pass through defined QA checkpoints before being considered complete. This includes automated testing, manual testing scenarios, security scanning, and performance testing. Bug reports must include detailed reproduction steps, expected vs. actual results, and relevant system information. Critical issues must be addressed within 24 hours of discovery. Regular security audits are conducted using automated tools and manual review processes. Performance benchmarks must be met and documented for all new features. Accessibility testing is mandatory for user-facing components, ensuring compliance with WCAG 2.1 guidelines at the AA level.

7.6.7 Project Management and Tracking

All work must be properly tracked and managed through the Company's project management system. This includes creating and maintaining detailed task cards, updating status regularly, and logging time accurately. Task estimates must be provided and refined based on actual completion times. Dependencies must be clearly documented and communicated to project leads. Weekly progress reports are required, detailing accomplishments, challenges, and upcoming work. Risk assessments must be performed for all major changes, with mitigation strategies documented. Resource requirements must be communicated well in advance of need. Project metrics must be maintained and reported according to Company templates.

7.7 Termination and Refund Policy


7.7.1 Internship Termination Conditions : The Company reserves the right to terminate the internship under specific conditions that warrant immediate action. These conditions include, but are not limited to: unauthorized absence exceeding five consecutive days without proper documentation or communication, breach of confidentiality agreements, violation of intellectual property rights, failure to meet project deadlines consistently, inappropriate behavior during professional interactions, or any actions that could damage the Company's reputation or interests. Performance-based termination may occur after documented warnings and failure to improve within specified timeframes. The Company maintains sole discretion in determining whether conduct or performance warrants termination. In cases of severe misconduct, including security breaches or intentional damage to Company property or reputation, termination will be immediate without prior warning.

7.7.2 Refund Eligibility Period : The refund policy operates under strict temporal guidelines. No refund requests will be considered before completing a minimum duration of six months and three days from the official joining date. This waiting period is non-negotiable and applies to all interns regardless of circumstances. The timing is specifically designed to ensure meaningful participation in the program and prevent premature departures that could impact project continuity. The official joining date is determined by the date of first system access granted to the intern, as recorded in Company logs. Any attempt to circumvent this waiting period through false documentation or misrepresentation will result in immediate termination and forfeiture of refund eligibility.

7.7.3 Qualifying Conditions for Refund : Refunds will only be considered under three specific circumstances, each requiring comprehensive documentation and verification:

a) Medical Emergencies

Must involve serious health conditions that prevent continuation of internship duties

Required documentation includes detailed medical reports from registered practitioners

Diagnosis and prognosis must clearly indicate inability to continue remote work

Medical documentation must be current and from recognized healthcare facilities

Company reserves the right to seek second medical opinions at its discretion

b) Family Emergencies

Limited to immediate family members (parents, siblings, spouse, children)

Must involve critical situations requiring intern's full-time attention

Documentation requirements include official reports (medical, legal, or relevant authorities)

Situation must demonstrably prevent continuation of internship duties

Regular updates and estimated timeline for resolution must be provided

c) Higher Compensation Opportunity

Must be a formal job offer with compensation exceeding 4 LPA (Lakhs Per Annum)

Offer letter must be from a registered company on official letterhead

Must include detailed compensation structure and job description

Company reserves the right to verify offer authenticity directly with employer

Position must be full-time employment, not another internship or contract role

7.7.4 Refund Process and Timeline : The refund process follows a structured timeline with specific requirements at each stage:


a) Initial Request

Must be submitted through official channels in writing

Should include all relevant documentation supporting the claim

Must clearly state which qualifying condition is being claimed

Required to provide detailed explanation of circumstances

b) Review Period

Company will review request within 15 business days

May request additional documentation or clarification

Will conduct necessary verification of submitted documents

May require interviews or discussions with relevant parties

c) Decision and Processing

Final decision communicated in writing.

If approved, refund will be processed after the duration of the internship. Once the duration is completed, the refund will be issued within 7 business days.

Refund issued to original payment method only.

Processing fees may be deducted from refund amount.

7.7.5 Early Termination Penalty : Interns who terminate the program before completion without qualifying conditions must pay a penalty:


a) Penalty Amount

Fixed liquidated damages of INR 10,000

Due within 15 days of termination notice

Non-negotiable unless specifically waived by Company

Subject to legal action if unpaid

b) Exemptions from Penalty

Approved medical emergencies with valid documentation

Verified family emergencies with supporting evidence

Secured higher compensation opportunity (>4 LPA)

Other circumstances at Company's discretion

7.7.6 Company Discretion and Appeals : The Company maintains final authority in all termination and refund decisions:


a) Decision-Making Authority

Company may choose to terminate or extend internship based on circumstances

Can modify refund terms based on specific situations

May request additional verification at any stage

Reserves right to make exceptions to stated policies

b) Appeals Process

One appeal allowed per refund request

Must be submitted within 7 days of initial decision

Requires new or additional supporting documentation

Final decision after appeal is binding

Copyright © CyArt Tech

INDIA