Terms of Service

Version 2.3 | Last Updated: March 2026 | Effective Date: March 2026

IMPORTANT: These Terms contain a binding arbitration clause (governed by the Federal Arbitration Act), class action waiver, limitation of liability, and no-refund policy for digital products. Please read carefully before purchasing.

1. Agreement to Terms and Electronic Signature

These Terms of Service ("Terms") constitute a legally binding agreement between you ("Customer," "you," or "your") and CyberPolicyPros LLC ("CyberPolicyPros," "we," "us," or "our"). By checking the "I agree to the Terms of Service" checkbox at checkout and completing your purchase, you: (a) confirm you have read and understood these Terms; (b) provide your electronic signature indicating agreement, as that term is defined under the Electronic Signatures in Global and National Commerce Act (ESIGN), 15 U.S.C. § 7001 et seq., and the Uniform Electronic Transactions Act as adopted in Maryland; and (c) agree to be bound by these Terms as of the date of purchase.

CyberPolicyPros records the following electronic signature metadata at the time of checkout: your email address, IP address, timestamp, and checkbox confirmation state. This record constitutes the audit trail for your electronic signature and is retained in accordance with Section 13.

If you are purchasing on behalf of an organization, you represent and warrant that you have authority to bind that entity. "You" includes both the individual completing the purchase and any entity on whose behalf the purchase is made.

Electronic Records Consent (15 U.S.C. § 7001(c)). By proceeding with an electronic transaction, you consent to receive all disclosures, agreements, and records relating to your purchase in electronic form. You have the right to receive a paper record of any electronic disclosure or agreement at no charge by contacting support@cyberpolicypros.net. To withdraw your consent to electronic records, email support@cyberpolicypros.net; withdrawal applies only to future records and does not affect the validity of any electronic signature or record already provided. To ensure continued electronic delivery, you may update your contact information at any time by emailing support@cyberpolicypros.net or updating your account at cyberpolicypros.net/my-account.

1A. Eligibility and Capacity

By purchasing, you represent that: (a) you are at least 18 years of age or the age of majority in your jurisdiction, whichever is greater; (b) you have the legal capacity to enter into binding contracts; (c) if acting on behalf of a business entity, you have authority to bind that entity; and (d) you are not prohibited from receiving our services under applicable law. We reserve the right to refuse service to anyone who does not meet these requirements.

2. Services Description

  • Policy Template Packages. CPGF-structured cybersecurity policy documentation templates organized by compliance framework and maturity tier. Delivered as editable Microsoft Word (.docx) files.
  • Risk Assessment Templates. Framework-specific risk assessment methodology documents including threat catalogs and risk registers. Delivered as editable Microsoft Word (.docx) files.
  • Audit Evidence Packages. Control-family-specific evidence checklists documenting what assessors and auditors look for by framework. Delivered as editable Microsoft Word (.docx) files.
  • Annual Update Subscriptions. Recurring subscription delivering updated policy documentation when a framework publisher releases a significant revision. See Section 4.5 for subscription-specific terms.
  • Advisory Services. Limited consulting engagements as separately scoped and quoted in a separate written agreement.

3. Disclaimer - No Legal or Regulatory Advice

CyberPolicyPros is not a law firm and does not provide legal advice, legal representation, or regulatory compliance certification. Nothing in our products or communications constitutes legal advice or creates an attorney-client relationship.

Our policy templates are professional reference documents designed to help organizations build structured compliance programs. They are starting points that require customization for your specific environment, systems, personnel, and regulatory obligations. The degree to which our documents satisfy your regulatory requirements depends on how you populate, implement, and maintain them: factors entirely within your control and outside ours. We do not guarantee that our documents will satisfy the specific requirements of your regulator, auditor, or certifying body.

4. Payment Terms

4.1 Fixed-Fee Pricing

All policy template packages and digital product purchases are sold at fixed, published prices. No hourly charges, overages, or hidden costs apply to digital product purchases. Published prices are subject to change without notice, but prices in effect at the time of your completed purchase are binding for that transaction.

4.2 Pricing Tier Rationale

CyberPolicyPros prices its products according to organization size, compliance scope, risk profile, and framework complexity. Pricing tiers reflect differences in compliance scope and organizational risk exposure. All tiers deliver CPGF-structured documentation appropriate to the selected framework and maturity level.

4.3 No Refund Policy for Digital Products

All digital product purchases are final. Please review product descriptions carefully before purchasing.

All purchases of digital products are final and non-refundable once the download link has been activated or the product files have been delivered, which occurs immediately upon successful payment. Exceptions: (a) If CyberPolicyPros cannot deliver the files due to a technical error on our end, you are entitled to redelivery or a full refund. (b) If delivered files are materially different from the product description, you may request a refund within 7 days. (c) Nothing in this section limits rights you may have under applicable consumer protection law that cannot be waived by contract. To request a refund under an exception, contact support@cyberpolicypros.net within 7 days of delivery.

4.4 Payment Processing

Payments are processed by Stripe, Inc. or other third-party payment processors. CyberPolicyPros does not store credit card or payment account information. Your payment information is subject to the payment processor's privacy policy and terms of service.

4.5 Annual Subscription Terms

If you purchase an Annual Update Subscription, the following additional terms apply. These disclosures are also presented at the point of sale as required by the FTC's Negative Option Rule, 16 C.F.R. Part 425:

  • Auto-Renewal. Your subscription will automatically renew at the end of each annual term at the then-current subscription price unless you cancel before the renewal date. You authorize us to charge your payment method on file for each renewal term. The amount charged, renewal frequency, and cancellation method are disclosed at checkout.
  • Cancellation. You may cancel your subscription at any time: (a) online via your account dashboard at cyberpolicypros.net/my-account, or (b) by emailing support@cyberpolicypros.net. Cancellation via either method is equally effective. Cancellation takes effect at the end of the current billing period. You will not be charged for subsequent renewal terms after cancellation is confirmed in writing by CyberPolicyPros. Consistent with the FTC Negative Option Rule, 16 C.F.R. § 425.6 (2024), the cancellation process is no more burdensome than the enrollment process.
  • Renewal Reminder. For annual subscriptions, CyberPolicyPros will send a renewal reminder notice to your email address on file at least 30 days before your subscription renewal date, consistent with the Maryland Automatic Renewal Law, Md. Code, Com. Law § 14-12B03. The reminder will state the renewal price, renewal date, and cancellation instructions.
  • Subscription Refunds. Annual subscription fees are non-refundable once the subscription term has begun, except where required by applicable law. If you cancel mid-term, you retain access through the end of your paid period.
  • Price Changes. We will provide at least 30 days' written notice by email before increasing subscription pricing. If you do not cancel before the renewal date following a price change notification, you consent to the new price.
  • License Scope for Subscriptions. The license granted under Section 8 covers the specific version of documentation delivered. Annual Update Subscriptions include a license to each updated version delivered during the active subscription term. Upon subscription cancellation, your license to previously delivered versions remains in effect; no new versions will be delivered.

5. Delivery of Digital Products

Upon successful payment, we will deliver your purchased documentation files to the email address provided at checkout, typically within 3-10 business days. If you experience a delivery issue due to a technical difficulty on our end, contact support@cyberpolicypros.net with your order confirmation number. CyberPolicyPros is not responsible for delivery failures caused by incorrect email addresses, spam filters, or customer-side technical issues.

6. Documentation Quality Guarantee

If, within 90 days of your purchase date, your auditor or assessor identifies a deficiency directly and solely attributable to a factual error or structural omission in our delivered documentation, we will revise the relevant documents at no additional charge, subject to: (a) the deficiency is documented in writing by your auditor; (b) it is attributable to our documentation, not your failure to implement or customize it; (c) it does not result from a framework revision published after your delivery date; and (d) you submit the request within 90 days of purchase. This guarantee is our sole and exclusive obligation with respect to documentation quality and does not constitute a warranty of audit success, regulatory approval, or compliance certification.

7. Deliverables: AS IS Disclaimer

IMPORTANT: This section limits your warranty rights. Read carefully.

ALL DELIVERABLES, DOCUMENTS, TEMPLATES, AND DIGITAL PRODUCTS ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CYBERPOLICYPROS EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO: any implied warranty of merchantability; any implied warranty of fitness for a particular purpose (including fitness for your specific compliance program, audit, regulatory submission, or certification); any warranty that deliverables will be error-free, complete, or current beyond the delivery date; any warranty that deliverables will satisfy the requirements of your specific regulator, auditor, or certifying body; and any warranty of non-infringement with respect to third-party frameworks or standards bodies. YOUR USE OF OUR DELIVERABLES IS ENTIRELY AT YOUR OWN RISK. The quality guarantee in Section 6 is your exclusive remedy for documentation deficiencies, subject to its stated conditions and limitations.

8. Intellectual Property and License

CyberPolicyPros retains all copyright and intellectual property rights in our policy templates, frameworks, methodologies, and documentation. Upon payment, we grant you a non-exclusive, non-transferable, perpetual license to use, customize, and implement the purchased documentation within your organization. You may not resell, sublicense, distribute, or make available our documentation to third parties outside your organization, except that you may share completed and customized policies with your auditors, assessors, and regulators as required by your compliance program. For Annual Update Subscriptions, the scope of this license is governed by Section 4.5. In the event of a CyberPolicyPros merger, acquisition, or dissolution, this license shall transfer to the successor entity and remain in effect for versions already delivered.

9. Copyright and DMCA Policy

We respect intellectual property rights and expect our customers to do the same. If you believe content on cyberpolicypros.net infringes your copyright, please send a DMCA takedown notice to legal@cyberpolicypros.net including: identification of the copyrighted work; identification of the allegedly infringing material and its URL; your name, address, telephone, and email; a statement of good faith belief that the use is not authorized; and a statement under penalty of perjury that the information is accurate and that you are the copyright owner or authorized to act on their behalf. See 17 U.S.C. § 512(c)(3).

Counter-Notification (17 U.S.C. § 512(g)). If you believe material was removed in error, you may submit a counter-notification to legal@cyberpolicypros.net including: identification of the removed material and its prior location; a statement under penalty of perjury that you have a good faith belief the material was removed by mistake or misidentification; your name, address, telephone, and email; consent to jurisdiction of the federal court in your district; and your signature. Upon receipt of a valid counter-notification, we will forward it to the original complainant and may restore the material after 10-14 business days unless the complainant files a court action.

10. Prohibited Uses

You agree not to: violate any applicable law or third-party right; misrepresent our products as your own independently developed original work; fraudulently represent compliance status to regulators, auditors, customers, or partners based on unimplemented or uncustomized templates; resell, sublicense, or distribute our documentation to third parties outside your organization; scrape or systematically copy our website, documentation, or methodology; attempt unauthorized access to our systems, networks, or data; or use our content to train, fine-tune, or improve artificial intelligence or machine learning models without prior written permission.

11. Export Controls and Sanctions Compliance

Our products and services are subject to United States export control laws, including the Export Administration Regulations (EAR) and OFAC regulations. By purchasing, you represent and warrant that:

  • You are not located in, organized under the laws of, or a resident of any country or territory subject to U.S. comprehensive sanctions, currently including Cuba, Iran, North Korea, Russia, Syria, Belarus, Venezuela, Myanmar (Burma), and the Crimea, Donetsk, and Luhansk regions of Ukraine (E.O. 13849, 13850, 14014, 14024, 14038). This list is subject to change as OFAC updates its sanctions programs.
  • You are not identified on any U.S. government denied-party list, including the OFAC Specially Designated Nationals and Blocked Persons List (SDN List), the Commerce Department Entity List, or the Denied Persons List.
  • You will not export, re-export, or transfer our products to any sanctioned country, denied party, or individual without required U.S. government authorization.

CyberPolicyPros reserves the right to refuse or immediately terminate service to any customer it reasonably believes may be in violation of applicable export control or sanctions laws, without refund.

12. Confidentiality

CyberPolicyPros treats all information you provide in connection with your purchase as confidential and will not disclose it to third parties except: (a) as necessary to deliver your products or provide contracted services; (b) to service providers and subprocessors bound by confidentiality obligations no less protective than those in this section; (c) as required by applicable law, regulation, or court order, in which case we will provide you with reasonable advance notice where legally permissible; or (d) with your prior written consent.

13. Privacy and Data Collection

Your use of cyberpolicypros.net is subject to our Privacy Policy, incorporated into these Terms by reference. We collect your name, email address, company name, IP address, electronic signature metadata (timestamp, checkbox state, IP address), and order information. We do not sell, rent, or share your personal information with third parties for their marketing purposes.

Data Retention. We retain your personal information for seven (7) years from the date of your last transaction with us, or as otherwise required by applicable law, whichever is longer.

Your Rights. Depending on your jurisdiction, you may have the following rights: (a) the right to know what personal information we collect and how it is used; (b) the right to request correction of inaccurate information; (c) the right to request deletion of your information, subject to our legal retention obligations; (d) the right to opt out of the sale or sharing of your information (we do not sell or share your data); and (e) the right to non-discrimination for exercising your privacy rights. Contact legal@cyberpolicypros.net to exercise these rights. We will respond within 45 days.

Data Breach Notification. In the event of a breach of the security of personal information maintained by CyberPolicyPros that is reasonably likely to cause harm to Maryland residents, we will notify affected individuals in the most expedient time possible and without unreasonable delay, consistent with the Maryland Personal Information Protection Act, Md. Code, Com. Law § 14-3504. Notification will be provided by email to the address on file or by substitute notice as permitted by law.

14. Limitation of Liability

IMPORTANT: This section significantly limits our financial liability to you.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CYBERPOLICYPROS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST DATA, BUSINESS INTERRUPTION, FAILED AUDITS, LOSS OF FEDERAL CONTRACTS OR CERTIFICATIONS, REGULATORY PENALTIES OR FINES, OR COSTS OF SUBSTITUTE SERVICES, ARISING FROM OR RELATED TO YOUR USE OF OUR PRODUCTS OR SERVICES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL CUMULATIVE LIABILITY TO YOU FOR ANY AND ALL CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR OUR PRODUCTS SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL AMOUNT YOU PAID TO CYBERPOLICYPROS FOR THE SPECIFIC PRODUCT OR SERVICE GIVING RISE TO THE CLAIM IN THE TWELVE (12) MONTHS PRECEDING THE EVENT; OR (B) FIVE HUNDRED DOLLARS ($500.00). Some jurisdictions do not allow the exclusion or limitation of certain categories of damages. In such jurisdictions, our liability is limited to the maximum extent permitted by applicable law.

15. Indemnification

You agree to defend, indemnify, and hold harmless CyberPolicyPros LLC, its members, officers, employees, contractors, and agents from and against any third-party claims, liabilities, damages, judgments, costs, and fees (including reasonable attorneys' fees) arising from or related to: (a) your use or misuse of our products or services; (b) your violation of these Terms; (c) your misrepresentation of compliance status to any regulator, auditor, customer, or third party; (d) your violation of any applicable law or third-party rights; or (e) your use of our documentation in connection with any government contract, federal procurement, or regulatory submission.

16. Force Majeure

CyberPolicyPros shall not be liable for any delay or failure to perform resulting from causes beyond our reasonable control, including acts of God, natural disasters, war, terrorism, governmental action, internet or telecommunications failures, cyberattacks, power outages, pandemic or public health emergency, or labor disputes not involving our own employees. In the event of a qualifying force majeure event, our performance obligations will be suspended for the duration of the event, and we will provide notice and make reasonable efforts to resume performance as soon as practicable.

17. Governing Law and Dispute Resolution

17.1 Governing Law

These Terms are governed by and construed in accordance with the laws of the State of Maryland, without regard to its conflict of law provisions. CyberPolicyPros LLC is a Maryland limited liability company with its principal place of business in Prince George's County, Maryland.

17.2 Commercial Contract - Not Subject to Federal Procurement Law

These Terms constitute a commercial contract between private parties. Nothing in these Terms, and no product or service delivered hereunder, shall be construed as a government contract or procurement vehicle subject to the Federal Acquisition Regulations (FAR), the Defense Federal Acquisition Regulation Supplement (DFARS), the Contract Disputes Act, the Tucker Act, or any other federal procurement statute. Our products are commercial items sold at established commercial prices. The fact that a customer may be a federal contractor or may use our documentation in connection with a federal contract does not alter the exclusively commercial and private nature of this transaction.

17.3 Notice

Any notice required under these Terms must be in writing and delivered by: (a) email with confirmation of receipt to the addresses specified in Section 19; or (b) certified mail, return receipt requested, to the physical address specified in Section 19. Email notices are deemed received when the recipient acknowledges receipt or when delivery is confirmed by the sender's email system. Mailed notices are deemed received three (3) business days after deposit with the U.S. Postal Service.

17.4 Informal Resolution

Before initiating any formal dispute resolution proceeding, the party seeking resolution must first provide written notice to the other party describing the nature of the dispute, the relief sought, and contact information. The receiving party has 30 days after receipt of proper notice to attempt informal resolution. This is a condition precedent to arbitration, except for claims seeking emergency injunctive relief under Section 17.7.

17.5 Binding Arbitration

If informal resolution fails, any dispute, claim, or controversy arising from or relating to these Terms, or the breach, termination, enforcement, interpretation, or validity thereof, including the determination of the scope or applicability of this arbitration agreement, shall be resolved by binding arbitration. This arbitration agreement is governed by the Federal Arbitration Act, 9 U.S.C. §§ 1-16 (the "FAA"), which preempts state arbitration law to the maximum extent permitted. Arbitration shall be administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted in Prince George's County, Maryland, or by remote hearing at either party's election. The arbitrator's award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

Fee Allocation. CyberPolicyPros will pay all AAA filing fees, case management fees, and arbitrator compensation for claims where the amount in dispute is $10,000 or less, unless the arbitrator determines the claim was filed frivolously or for an improper purpose. For claims exceeding $10,000, AAA fee allocation follows the AAA Commercial Arbitration Rules.

17.6 Class Action Waiver

ANY ARBITRATION OR LEGAL PROCEEDING SHALL BE CONDUCTED ON AN INDIVIDUAL BASIS ONLY. YOU WAIVE ANY RIGHT TO PARTICIPATE IN OR BRING A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR OTHER REPRESENTATIVE PROCEEDING AGAINST CYBERPOLICYPROS. The arbitrator may not consolidate more than one person's claims and may not otherwise preside over any form of a representative or class proceeding.

17.7 Intellectual Property and Injunctive Relief Carve-Out

Notwithstanding the arbitration obligation above, either party may seek emergency injunctive relief, a temporary restraining order, or other provisional equitable relief from a court of competent jurisdiction in Maryland to protect intellectual property rights, proprietary methodologies, confidential information, or trade secrets, without first exhausting the informal resolution or arbitration procedures. Seeking such relief shall not constitute a waiver of either party's right to arbitration for all other claims.

17.8 Governing Language

These Terms are written in the English language. The English language version of these Terms controls in the event of any inconsistency, conflict, or dispute arising from a translated version, whether official or unofficial.

18. General Provisions

18.1 Entire Agreement

These Terms, together with the Privacy Policy incorporated herein by reference and any applicable order confirmation, constitute the entire agreement between you and CyberPolicyPros and supersede all prior or contemporaneous agreements, understandings, negotiations, representations, or warranties, whether written or oral.

18.2 Severability

If any provision of these Terms is found invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable, or severed from these Terms if modification is not possible, without affecting the remaining provisions, which shall continue in full force and effect.

18.3 No Waiver

Our failure or delay in exercising or enforcing any right, remedy, power, or privilege shall not operate as a waiver thereof. No single or partial exercise precludes any further exercise. No waiver of any breach shall be deemed a continuing waiver or a waiver of any subsequent breach.

18.4 Assignment

You may not assign, delegate, or transfer any of your rights or obligations under these Terms, by operation of law or otherwise, without our prior written consent. Any attempted assignment without consent is void. CyberPolicyPros may assign these Terms without your consent in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets, provided the assignee assumes all obligations under these Terms.

18.5 Maryland Consumer Protection Act

Nothing in these Terms waives, limits, or otherwise affects any rights you may have under the Maryland Consumer Protection Act, Md. Code, Com. Law § 13-101 et seq. (the "MCPA"). Under MCPA § 13-408, Maryland consumers have a private right of action for unfair or deceptive trade practices that cannot be waived by contract. To the extent any provision of these Terms conflicts with your non-waivable rights under the MCPA or any other mandatory consumer protection statute, the applicable statute controls.

18.6 Relationship of the Parties

The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, franchise, employment, or fiduciary relationship between the parties.

18.7 Changes to These Terms

CyberPolicyPros may update these Terms from time to time. When we make material changes, we will post the updated Terms at cyberpolicypros.net/terms-of-service with a new "Last Updated" date and provide notice by email to customers with active subscriptions. For one-time purchases completed before an update, the Terms in effect at the time of your purchase govern that transaction. For subscription customers, your continued use of the subscription service after the effective date of updated Terms constitutes acceptance of the revised Terms.

19. Contact Information

CyberPolicyPros LLC
15503 Brinton Way
Brandywine, MD 20613

Legal inquiries: legal@cyberpolicypros.net
Customer support: support@cyberpolicypros.net
Website: cyberpolicypros.net

By checking the "I agree to the Terms of Service" box at checkout and completing your purchase, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service. | CyberPolicyPros LLC | Version 2.3 | March 2026

Scroll to Top