CyberAgora — Master Agreement: Terms of Service

1. DEFINITIONS

• Add-Ons means additional product enhancements (including limit increases and other add-ons) that are made available for purchase.
• Agreement, Master Agreement, or Terms of Service means these General Terms and all materials referred or linked to herein, unless otherwise stated.
• Authorized Users means those employees, agents, and independent contractors of the Customer who are authorized by the Customer to use the Services and the Documentation.
• Billing Period means the period for which you agree to prepay fees under an Order Form. This may be the same length as the Subscription Term specified in the Order Form, or shorter. For example, if you subscribe for a one (1) year Subscription Term with a twelve (12) month upfront payment, the Billing Period will be twelve (12) months.
• Business Day means a day other than the official weekend or a public holiday in the Kingdom of Saudi Arabia.
• Commencement Date means the date of this Agreement or, if different, the date of signing of the Order Form by the Customer.
• Catalog means the master catalog for the Seller to manage centralized product information to be used internally and for order fulfillment purposes.
• Confidential Information means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that a reasonable person would consider confidential, including all information concerning customers or potential customers; past, present, or proposed products; marketing plans; engineering and other designs; technical data; business plans; opportunities; finances; research; development; and the terms and conditions of this Agreement. Confidential Information does not include information that (i) becomes public without breach; (ii) was known to the Receiving Party without breach; (iii) is received from a third party without breach; or (iv) is independently developed by the Receiving Party. Subject to the foregoing exclusions, Customer Data will be considered Confidential Information.
• Customer Materials means all materials that you provide or post, upload, input, or submit via the Subscription Service.
• Consulting Services means professional services provided by the Supplier, which may include training, installation, integration, or other consulting services, as agreed in writing.
• Customer Data means all information that the Customer submits or the Supplier collects via the Subscription Service, including data inputted by the Customer and Authorized Users for the purpose of using the Services, including (without limitation) catalog/product content, product specifications, images, prices, costs, inventory records, Sales Channel credentials, shipping provider credentials, and other data or information provided before or during the subscription period. Customer Data does not include CyberAgora Content.
• Dashboard means any web interface provided by CyberAgora to access the Subscription Service.
• Documentation means the information made available to the Customer by the Supplier online via the CyberAgora customer portal or such other web address notified by the Supplier from time to time, which sets out a description of the Services and user instructions, guides, and tutorials.
• Sales Orders means any purchase or request made by an end-customer to buy one or more products from the Seller.
• Online Orders means any purchase or request made through an electronic platform, such as a website or mobile app.
• Seller is the entity that offers products for sale to customers through Sales Channels and is the rightful owner of the Inventory.
• Sales Channel means any e-commerce software or third-party marketplace integrated with the Subscription Service, where the Seller receives B2C or B2B online orders to manage.
• Shipping Provider means a third-party last-mile and delivery company that picks up orders from Hubs to deliver to the end-customer.
• SKU means “Stock Keeping Unit,” a unique identifier for a specific product or variation.
• Listing means product information specific to a Sales Channel; the Subscription Service may enable management of inventory/pricing of Listings, where supported by that channel.
• Normal Business Hours means 09:00 to 17:00 Arabia Standard Time (AST), Sunday–Thursday, KSA public holidays excluded.
• CyberAgora, we, us, or our means the applicable contracting entity identified in the Contracting Entity section.
• CyberAgora Content means all information, data, text, messages, software, photos, graphics, and other content the Supplier incorporates into the Subscription Service or Consulting Services.
• Order Form means the CyberAgora-approved form or online subscription process by which you agree to use the Subscription Service, products, Add-Ons, or Consulting Services.
• CyberAgora Product(s) means the Supplier’s current or future SaaS modules and tools.
• Personal Data means information relating to an identified or identifiable individual contained within Customer Data and protected as personal data under applicable data protection laws.
• Sensitive Information means, without limitation, credit/debit card numbers; financial account numbers or wire instructions; government-issued identification numbers; biometric information; personal health information; personal information of children protected under applicable child data protection laws; and any other information that falls within special categories of data under applicable law. Official IDs (e.g., Saudi National ID/Iqama) are considered sensitive and are collected/stored only where required by law/competent authority or strictly necessary to verify identity and are deleted once the purpose ends, unless a longer period is legally mandated.
• Subscription Service means the Supplier’s web- and mobile-based applications, tools, and platforms that you subscribe to under an Order Form, any ancillary products and services (including hosting) that we provide, and any updates or enhancements.
• Subscription Term means the initial term of your subscription to the applicable Subscription Service as specified on your Order Form(s), and each subsequent renewal term (if any).
• Third-Party Products means non-embedded third-party products/services that interoperate with or are used in connection with the Subscription Service.
• Third-Party Sites means third-party websites linked to from within the Subscription Service.
• Total Committed Subscription Value means the aggregate amount of Subscription Fees paid or payable during your then-current Subscription Term(s) for all of your CyberAgora accounts, excluding fees for renewals, Consulting Services, and taxes.
• Users means your employees, representatives, consultants, contractors, or agents whom we authorize to use the Subscription Service for your benefit and who have unique user IDs.
• You, your, or Customer means the person or entity using the Subscription Service or receiving the Consulting Services and identified in the applicable account record, billing statement, online subscription process, or Order Form as the “Customer,” including your Affiliates within scope.

2. USE OF SERVICES

• 2.1 Access. During the Subscription Term, we will provide your Users access to use the Subscription Service as described in this Agreement and the applicable Order Form. We may provide some or all elements of the Subscription Service through third-party service providers.
• 2.2 Customer Control. You must ensure that all access, use, and receipt by your Users (including Affiliates' Users) complies with this Agreement; you remain liable for your Affiliates' compliance.
• 2.3 Additional Features. You may subscribe to additional features by placing an additional Order Form or activating features from within your account (if available). This Agreement applies to all such additions.
• 2.4 Limits. Limits applicable to your subscription appear in your Order Form, this Agreement, or within the product.
• 2.5 Modifications. We may modify the Subscription Service (including by adding or removing features) to improve your experience and performance.
• 2.6 Prohibited Use. You will not use the Subscription Service in any way that violates this Agreement or applicable laws.
• 2.7 Legal Restrictions. You may not use the Subscription Service if you are legally prohibited from receiving or using it under the laws of your jurisdiction.
• 2.8 Industry Rules. The Subscription Service is not designed for regulated data sets such as HIPAA or FISMA data; do not use it in a way that would violate GLBA or similar regimes.
• 2.9 Security Incidents (access). You will promptly notify us of any unauthorized use of User IDs, passwords, or your account at [email protected].
• 2.10 No Sensitive Information. The Subscription Service is not designed to process Sensitive Information unless expressly agreed in writing; we disclaim any liability arising from processing Sensitive Information contrary to this clause. Official IDs are handled strictly per the Sensitive Information definition above.
• 2.11 Customer Responsibilities. Your participation may be required (e.g., project manager, executive sponsor, technical resource; planning flows; Sales Channels setup; integration support; success reviews).
• 2.12 Free Trial. Trial access is provided free until (a) the end of the stated trial or (b) the start date of your paid subscription. Unless you purchase before trial end, your trial data may be deleted.
• 2.13 Legacy Products. If you use a legacy product, features/limits may differ. We may migrate you to current products.

3. FEES

• 3.1 Subscription Fees. Fees remain fixed during the initial term unless (i) you exceed limits (e.g., Orders, Users, Hubs, integrations); (ii) you upgrade base packages; (iii) you add features/products; or (iv) otherwise agreed in an Order Form. Usage limits and fees may apply per Order Form.
• 3.2 Renewal Adjustments. Upon renewal, we may update fees to then-current pricing. If applicable, we'll notify you at least sixty (60) days in advance. If you disagree, email a non-renewal notice to [email protected] at least forty-five (45) days before renewal.
• 3.3 Payment of Fees. If paying by card, you authorize us to charge your authorized payment method and to use a third party to process payments. If paying by bank transfer or other method, payment will be reflected on your account within 7 days of our bank credit confirmation.
• 3.4 Invoices. If paying by invoice, we will invoice thirty (30) days before the Subscription Term and each subsequent Billing Period. Amounts are due within ten (10) days of invoice unless otherwise stated.
• 3.5 Payment Info. Keep billing and payment details up to date. All payment obligations are non-cancelable and amounts paid are non-refundable except as expressly provided herein.
• 3.6 Taxes. Fees are exclusive of taxes, which we will charge as applicable. You are not liable for taxes on our income.

4. TERM AND TERMINATION

• 4.1 Term. Your initial Subscription Term is as specified in your Order Form.
• 4.2 Renewal. Either party may renew for additional one (1) year terms by written notice at least sixty (60) days prior to expiration; revised pricing/service levels (if any) to be agreed at least thirty (30) days before expiration.
• 4.3 Non-renewal. Turn off auto-renew or follow cancellation steps at least sixty (60) days prior to term end.
• 4.4 Early Cancellation. You may cancel early; prepaid fees are not refundable and all unpaid fees through term end are immediately due.
• 4.5 Termination for Cause. Either party may terminate for material breach on sixty (60) days’ notice if uncured, or immediately upon insolvency-type events. Nonpayment in accordance with this Agreement is a material breach.
• 4.6 Reputational Harm. We may terminate on thirty (30) days’ notice if, in our good-faith opinion, your conduct has or may adversely affect us or our customers.
• 4.7 No Other Termination. This Agreement may not otherwise be terminated prior to the end of the Subscription Term.
• 4.8 Suspension for Prohibited Acts. We may suspend any User’s access without notice for: (i) unlawful use or breach; (ii) email abuse/SPAM; (iii) repeated IP infringement; or (iv) processing prohibited products.
• 4.9 Use of Customer Data. We may, with reasonable notice, review and delete Customer Data/Materials that we determine in good faith violate these terms.
• 4.10 Suspension for Non-Payment. After one notice of nonpayment, we may suspend access seven (7) days later unless you are disputing in good faith.
• 4.11 Suspension for Present Harm. We may suspend on notice if your use: (i) suffers or launches denial-of-service; (ii) creates a security vulnerability; (iii) consumes excessive resources; or (iv) causes harm to us/others. We’ll limit suspension to the affected portion where feasible.
• 4.12 Free Services. We may suspend/limit/terminate Free Services at any time without notice.
• 4.13 Effect of Termination or Expiration. If your paid subscription is terminated, we may in our discretion continue making Services available unless termination was for cause.
• 4.14 Post-Termination Data Handling. Upon termination, you must cease all use of the Subscription Service and CyberAgora Content. Prepaid fees are non-refundable in all cases. This does not affect your right to export Customer Data as set out in Section 13.14.

5. CUSTOMER DATA

• 5.1 Ownership. You own all rights to Customer Materials and Customer Data. We obtain no ownership rights. You grant us (and our licensors) permission to use Customer Materials and Customer Data only as necessary to provide the Services and as otherwise permitted by this Agreement.
• 5.2 Limits on Use. We will not use Customer Data to contact individuals or companies except as you direct or as necessary to provide the Services and as permitted by law.
• 5.3 Service Operations Data. We may collect minimal telemetry/usage data necessary to operate, secure, and improve the Subscription Service, in accordance with Section 13 and Annexes.
• 5.4 Machine Learning. We may use Customer Data in anonymized form to support product features and functionality.
• 5.5 Regional Data Hosting. All Customer Data is stored in KSA (see Annexes).
• 5.6 Data Transfers. No cross-border transfers of Customer Personal Data will occur under this Agreement unless expressly authorized by the Customer in writing and handled per Section 13.

6. INTELLECTUAL PROPERTY

• 6.1 Intellectual Property Rights. This is an agreement for access to and use of the Subscription Service; no software license is granted. We retain all IP rights to the CyberAgora Products, Content, Subscription Service, Consulting Services, and related materials. You may not copy, rent, lease, sell, distribute, or create derivative works based on them except as expressly authorized.

7. CONFIDENTIALITY

• 7.1 Protection. The Receiving Party will (i) protect the Disclosing Party’s Confidential Information using at least reasonable care; (ii) not use it outside the scope of this Agreement; (iii) not disclose it to third parties except authorized providers bound by confidentiality; and (iv) limit access to personnel/agents who need to know and are bound by equivalent obligations.
• 7.2 Legally Required Disclosure. If required by law, subpoena, or legal process, the Receiving Party may disclose Confidential Information, subject to prompt notice (where lawful) and disclosure of the minimum required.
• 7.3 Survival. Confidentiality obligations survive for one (1) year after expiration or termination.

8. INDEMNIFICATION

• 8.1 By Customer. You will indemnify, defend, and hold CyberAgora harmless from third-party claims arising from (i) your or your Affiliates’ unauthorized/illegal use of the Service; (ii) your breach of this Agreement; (iii) your use of Third-Party Products; or (iv) use by anyone using your credentials.
• 8.2 Procedure. We will notify you, give you control of the defense/settlement, and provide reasonable assistance (at your expense). You will not accept any settlement imposing obligations or admissions on CyberAgora without our prior written consent. [Supplier indemnity intentionally omitted.]

9. DISCLAIMERS; NO LIABILITY

• 9.1 As-Is. Except for obligations expressly stated in this Agreement, the Subscription Service, CyberAgora Content, and Consulting Services are provided “as is” and “as available.” CyberAgora disclaims all warranties—express, implied, or statutory—including merchantability, fitness for a particular purpose, title, and non-infringement.
• 9.2 No Liability. To the maximum extent permitted by law, CyberAgora shall have no liability of any kind arising out of or related to this Agreement or the Services, whether in contract, tort (including negligence), strict liability, or otherwise, including for any indirect, incidental, consequential, special, exemplary, or punitive damages, or any loss of profits, revenue, data, goodwill, or business opportunities. Your exclusive remedy is to discontinue use of the Services.
• 9.3 Third-Party Products. CyberAgora has no responsibility for Third-Party Products you use with the Services.

10. MISCELLANEOUS

• 10.1 Changes. We may modify this Agreement by posting a revised version and notifying you by email. The revised version becomes effective the next Business Day after posting.
• 10.2 Objection to Changes. If you object within thirty (30) days of notice, your subscription remains under the prior terms until the next renewal, after which the current terms will apply. If we cannot reasonably continue under prior terms (e.g., required by law), the Agreement and/or affected Services will terminate.
• 10.3 Force Majeure. Except for payment obligations, neither party is responsible for failure/delay caused by events beyond reasonable control.
• 10.4 Actions Permitted. Except for actions for nonpayment or breach of proprietary rights, no action arising out of this Agreement may be brought more than one (1) year after accrual.
• 10.5 Relationship. The parties are independent contractors.
• 10.6 Compliance with Laws. Each party will comply with applicable laws. We may disclose information as necessary to satisfy any law, regulation, legal process, or governmental request.
• 10.7 Export. You will not export, re-export, or transfer the Services to prohibited countries or individuals.
• 10.8 Severability. If any provision is invalid/unenforceable, it will be replaced with a valid provision that most closely reflects the original intent; the remainder remains effective.
• 10.9 Notices. To CyberAgora: [email protected]; Phone 920013624 (deemed delivered on actual receipt). To Customer: the address/email provided in Customer’s account/Order Form. We may also provide electronic notices via the Subscription Service or email on record.
• 10.10 Entire Agreement. This Agreement (including each Order Form) is the entire agreement for the Subscription Service and Consulting Services and supersedes all other proposals/agreements.
• 10.11 Assignment. You may not assign without our prior written consent, except to a successor by merger, reorganization, sale of all/substantially all assets, change of control, or operation of law, provided the successor is not our competitor. We may assign to an Affiliate or in connection with merger, reorganization, sale of assets, change of control, or operation of law.
• 10.12 No Third-Party Beneficiaries. None intended.
• 10.13 Contract for Services. This is a services contract, not a sale of goods.
• 10.14 Authority. Each party warrants it has full power and authority to enter into this Agreement.
• 10.15 Survival. The following survive expiration/termination: Definitions; Fees; Prohibited and Unauthorized Use; Early Cancellation; Termination for Cause; Suspensions; Effect of Termination or Expiration; Intellectual Property; Customer’s Proprietary Rights; Confidentiality; Indemnification (Customer only); Disclaimers; No Liability; PDPL & Data Protection; Miscellaneous; Jurisdiction and Applicable Law.
• 10.16 Precedence. In case of conflict, the Order Form controls for that order.
• 10.17 Jurisdiction. The parties agree to the exclusive jurisdiction of the courts located in Jeddah, Kingdom of Saudi Arabia.
• 10.18 Applicable Law. This Agreement is governed by the laws of the Kingdom of Saudi Arabia.

11. SERVICE-LEVEL AGREEMENT (SLA)

• 11.1 Service Availability. CyberAgora targets 99.9% monthly platform availability, excluding weekends, KSA public holidays, scheduled maintenance, and events outside CyberAgora’s reasonable control (e.g., third-party integration failures, utility outages, force majeure).
• 11.2 Scheduled Maintenance & Releases. Customers are notified at least 48 hours in advance of any maintenance that may affect availability. Planned maintenance windows are excluded from uptime calculations.
• 11.3 Impact-Based Incident Prioritization

  Client-Selected Impact	Examples	Target First Response	Target Resolution
  Security risk or data exposure	Data breach, credential leak	2 h	≤ 8 h workaround / ≤ 48 h permanent fix
  Operational standstill – system blocked	Cannot create orders, system downtime	2 h	≤ 8 h workaround / ≤ 48 h permanent fix
  Operational degradation – key module impaired	Slow API for shipments	4 h	≤ 48 h
  Minor disruption – work continues	UI glitch, report delay	8 h	≤ 72 h
  UI / Information / Feature request	Label alignment, “how-to” query	48 h	≤ 15 d or roadmap

• 11.4 Communication & Point-of-Contact. For any confirmed P1 incident, CyberAgora provides structured updates at a mutually agreed cadence via the Customer’s preferred channel (ticket portal, email, or phone).
• 11.5 Remedies. Operational issues are handled per the incident process in Sections 11.3–11.4.
• 11.6 Customer Dependencies. SLA timers pause while CyberAgora awaits information, data, or approvals reasonably requested from the Customer to resolve the incident.
• 11.7 Glossary.
  • First Response: time until a qualified support engineer acknowledges the ticket.
  • Workaround: temporary solution restoring critical functionality.
  • Resolution: permanent fix or confirmed root cause with no remaining customer impact.
  • Business Hours: 09:00–17:00 AST (Sun–Thu), KSA public holidays excluded.
  • P1 (Critical): Major outage; urgent fix required.
  • P2 (High): Significant performance issues; impacts operations but not a full stop.
  • P3 (Medium): Minor functional issues with moderate impact.
  • P4 (Low): Cosmetic issues or general queries; addressed via roadmap or routine fixes.

12. PDPL & DATA PROTECTION (Controller/Processor Addendum)

• 12.1 Roles & Scope. For Customer Data, the Customer is the Controller and CyberAgora is the Processor (and may act as sub-processor with respect to listed third parties). Minimal telemetry necessary for service operations may be processed by CyberAgora as a separate Controller; CyberAgora will meet its own PDPL obligations for such data.
• 12.2 Transparency & Notices. Each party will provide clear, accessible privacy notices covering controller identity/contact details, legal bases, purposes, retention/criteria, data subject rights (including withdrawal of consent), and whether provision is mandatory/optional.
• 12.3 Data Subject Rights. CyberAgora will provide channels (email and in-product) to assist the Customer in handling rights requests (access, rectification, erasure, restriction, portability, objection). Responses will be provided within 30 days, extendable once by 30 days with notice and justification. Identity will be verified; third-party data will not be disclosed.
• 12.4 Consent & Direct Marketing. Direct marketing requires opt-in where applicable and must include an easy, free opt-out. CyberAgora will process marketing communications only on documented instructions from Customer.
• 12.5 Security of Processing. CyberAgora will maintain appropriate organizational and technical measures proportionate to risk, including encryption in transit/at rest where appropriate, least-privilege access, MFA for admin, logging/monitoring, vulnerability management, backups/continuity, and consideration of alignment with National Cybersecurity Authority baselines where applicable.
• 12.6 Personal Data Breach. CyberAgora will notify the Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Data, including details and recommended measures. Where required by PDPL, CyberAgora will notify the competent authority within 72 hours and affected data subjects without undue delay; CyberAgora will support Customer’s notifications as Controller.
• 12.7 Sub-processors. Sub-processors are listed in Annex 2. CyberAgora will (i) impose written obligations equivalent to this Section; (ii) remain responsible for sub-processors; and (iii) give prior notice of material changes with a reasonable objection process.
• 12.8 International Transfers. No cross-border transfers of Customer Personal Data will occur under this Agreement. If a transfer becomes necessary and is permitted by law, CyberAgora will obtain Customer’s prior written authorization, implement a PDPL-compliant mechanism, and perform a transfer risk assessment; if safeguards fail or become unenforceable, transfers will be suspended and Customer notified.
• 12.9 Records of Processing. CyberAgora will maintain records of processing activities and retain them for five (5) years after processing ends and make them available to the competent authority upon request.
• 12.10 Data Minimization & Anonymization. Only data necessary for stated purposes will be processed. Where feasible, CyberAgora will apply pseudonymization/anonymization and assess re-identification risks periodically.
• 12.11 Official IDs. CyberAgora will not photograph/copy official identity documents unless required by law or a competent authority, or strictly necessary to verify identity; such data will be securely deleted when the purpose ends, unless legal retention applies.
• 12.12 DPO. If PDPL thresholds apply (e.g., large-scale monitoring or core sensitive data processing), the relevant party will appoint a Data Protection Officer and provide contact details; if thresholds are not met at signature, the parties agree to appoint a DPO if/when thresholds are met.
• 13.13 Audits & Cooperation. CyberAgora will provide information reasonably necessary to demonstrate compliance and will cooperate on regulatory inquiries/audits, subject to confidentiality and security.
• 12.14 Return & Deletion. On termination/expiry, at Customer’s choice CyberAgora will make Customer Data available in CSV format for 30 days, then delete Customer Personal Data from active systems. Backups will be deleted when no longer needed for security/continuity or as legally required. Customer may request a deletion confirmation note; if declined, CyberAgora will keep internal destruction logs.
• 12.15 Governing Law (PDPL matters). KSA law governs this Section and Annexes, with exclusive venue in the courts of Jeddah, KSA.