RiskFortress — Private Risk Intelligence
Binding Legal Instrument

Master Service Agreement & Terms of Use

Document Reference: RF/LEGAL/MSA/2026-001

Effective Date: April 20, 2026  |  Jurisdiction: Greater Noida, Uttar Pradesh, India

This Master Service Agreement and Terms of Use (hereinafter “Agreement” or “MSA”) constitutes a legally binding contract between RiskFortress Intelligence, a Mayalok Ventures entity, DPIIT Registered, Pari Chowk, Greater Noida, Uttar Pradesh 201310, India (hereinafter “RiskFortress”) and any Client engaging its services. By executing a Statement of Work, submitting an intake form, making payment, or engaging in any written confirmation of services, the Client acknowledges full acceptance of and legal obligation under this Agreement. This Agreement supersedes all prior representations, understandings, and negotiations, whether oral or written.

Article I — Nature of Services (Advisory Capacity)

1.1 — Intelligence Advisory Services

RiskFortress provides predictive forensic intelligence, macro-financial forensics, statutory and structural intelligence, OSINT analysis, threat profiling, and discrete consultation services exclusively to qualifying Ultra-High Net Worth Individuals and institutions. All deliverables constitute intelligence advisory outputs — not legal opinions, investment advice, or guarantees of any outcome.

1.2 — Legal Advisory Exclusion

Nothing in any RiskFortress intelligence product, report, dossier, risk map, or communication constitutes legal advice. Clients requiring legal counsel are expressly directed to engage qualified advocates licensed under the Advocates Act, 1961.

1.3 — The Crystal Ball Disclaimer

All intelligence products, threat assessments, risk forecasts, and advisory outputs produced by RiskFortress are probabilistic in nature and represent the best available analytical judgment of RiskFortress at the time of production. They do not constitute guarantees, predictions, or warranties of future events, outcomes, market movements, legal results, or risk materialisation. Intelligence is inherently incomplete. Adversaries adapt. Environments shift. RiskFortress provides the most rigorous analytical framework available — not omniscience.

1.4 — Warranty Disclaimer

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ALL SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. RISKFORTRESS EXPRESSLY DISCLAIMS ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, TITLE, OR NON-INFRINGEMENT. RISKFORTRESS DOES NOT WARRANT THAT SERVICES WILL MEET CLIENT REQUIREMENTS, THAT INTELLIGENCE PRODUCTS WILL BE ERROR-FREE OR UNINTERRUPTED, OR THAT ANY THREAT OR RISK IDENTIFIED REPRESENTS THE TOTALITY OF EXISTING THREATS.

1.5 — Prohibited Uses

Client shall not, under any circumstances, use RiskFortress services or any deliverable therefrom:

  • (a) For any illegal, fraudulent, tortious, or harmful purpose under applicable Indian or international law;
  • (b) To surveil, track, or monitor any individual in violation of applicable privacy or data protection law;
  • (c) To facilitate, plan, execute, or conceal insider trading, market manipulation, financial fraud, money laundering, or any financial crime;
  • (d) To infringe, misappropriate, or circumvent any third-party intellectual property, privacy, or contractual rights;
  • (e) To compete with, replicate, reverse-engineer, or commercially exploit RiskFortress’s proprietary methodologies, analytical frameworks, or intelligence infrastructure.

Article II — Intellectual Property & Confidentiality of Methodologies

2.1 — Exclusive Ownership by Mayalok Ventures

All forensic methodologies, proprietary AI and machine-learning algorithms, threat-detection models, scoring frameworks, prompt libraries, training pipelines, intelligence dossiers, risk maps, threat assessments, macro-financial forensic reports, engagement templates, analytical playbooks, and software tools created, deployed, or refined by RiskFortress — whether developed prior to, during, or after any Client engagement — remain the exclusive intellectual property of Mayalok Ventures and its RiskFortress operating arm. Such property is protected under the Indian Copyright Act, 1957, the Patents Act, 1970, the Designs Act, 2000, the Trade Marks Act, 1999, and applicable trade-secret and confidentiality law in every jurisdiction in which Client operates.

2.2 — License Grant

Upon receipt of full payment per the applicable Statement of Work, Client is granted a limited, non-exclusive, non-transferable, non-sublicensable, revocable license for internal business use only. This license expressly excludes:

  • Reproduction, distribution, or publication of any work product in whole or in part;
  • Reverse-engineering, decompiling, or extracting any methodology or algorithm;
  • Sublicensing, reselling, or transferring work product to any third party;
  • Use in any legal proceeding without prior written authorization from RiskFortress;
  • Use beyond the scope of the engagement for which the work product was produced.

RiskFortress retains all moral rights over its work product. Client’s failure to fully pay engagement fees immediately voids the license granted herein, and all work product must be returned or destroyed within 5 business days.

Article III — Limitation of Liability

ARTICLE III CONTAINS CRITICAL LIMITATIONS ON RISKFORTRESS’S LIABILITY. READ CAREFULLY.

3(a) — Exclusion of Consequential & Indirect Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, RISKFORTRESS SHALL NOT BE LIABLE — UNDER ANY THEORY OF LIABILITY, INCLUDING CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE — FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO: LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF BUSINESS OPPORTUNITY, LOSS OF GOODWILL, LOSS OF DATA, REPUTATIONAL HARM, BUSINESS INTERRUPTION, OR COST OF SUBSTITUTE SERVICES — EVEN IF RISKFORTRESS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

3(b) — Maximum Aggregate Liability Cap

The maximum aggregate liability of RiskFortress to the Client — for all claims arising under or in connection with this Agreement, whether in contract, tort, or otherwise — shall not exceed the total fees actually paid by the Client to RiskFortress in the twelve (12) month period immediately preceding the event giving rise to the claim. This cap applies in aggregate across all claims and is not per-incident.

3(c) — Nature of Services Acknowledgement

The Client expressly acknowledges that RiskFortress’s services constitute intelligence and risk advisory — not guarantees, insurance, or absolute protection against threats, losses, or adverse outcomes. The Client assumes full responsibility for all decisions made, actions taken, or actions not taken based on any RiskFortress deliverable.

3(d) — Client Infrastructure Responsibility

The Client is solely and exclusively responsible for their own cybersecurity posture, IT infrastructure security, access controls, employee security hygiene, and operational security protocols. RiskFortress’s liability does not extend — under any circumstances — to losses, damages, or adverse outcomes arising from the Client’s own infrastructure failures, negligence, failure to implement RiskFortress’s recommended security measures, insider threats, or third-party breaches of Client systems.

3(e) — Zero-Day Vulnerabilities & Subsequent Breach Cap

The Client expressly acknowledges that no intelligence audit, penetration assessment, or threat-model exercise — however rigorously conducted — can identify the totality of presently-unknown (“zero-day”) vulnerabilities, novel adversary tradecraft, or future exploit vectors. RiskFortress’s aggregate liability for any undetected zero-day vulnerability, latent defect in any audited system, or any subsequent breach, intrusion, or compromise occurring after delivery of an intelligence product is capped at the actual service fee paid for that specific engagement, and shall not extend to any incidental, consequential, regulatory, reputational, or third-party damages arising therefrom.

3(f) — Scope of Limitation

The limitations and exclusions set forth in this Article III apply to the fullest extent permitted by applicable Indian law and survive termination of this Agreement. They reflect a deliberate allocation of risk and form an essential basis of the bargain between the parties; the fees charged would be materially higher absent these limitations.

Article IV — Indemnification

Client shall defend, indemnify, and hold harmless RiskFortress Intelligence and all of its affiliates, directors, officers, employees, contractors, agents, and successors (collectively, “Indemnified Parties”) from and against any and all claims, demands, actions, proceedings, liabilities, losses, damages, penalties, fines, costs, and expenses (including reasonable legal fees) arising out of or related to:

  • (a) Client’s misuse, modification, or unauthorized distribution of services or any work product;
  • (b) Client’s breach of any term, representation, or warranty under this Agreement;
  • (c) Client’s violation of any applicable law, regulation, or third-party right;
  • (d) Actions taken or not taken by Client based on intelligence, reports, or recommendations delivered by RiskFortress;
  • (e) Third-party claims arising from Client’s business operations, decisions, or conduct;
  • (f) Submission of false, incomplete, misleading, or unauthorized information to RiskFortress in the course of any engagement.

RiskFortress reserves the right to participate in the defense of any indemnified claim at Client’s sole expense with counsel of RiskFortress’s choosing. No settlement of any indemnified claim may be entered into by Client without the prior written consent of RiskFortress.

Article V — Fees, Payment Terms & Refund Policy

  • (a) Fee Structure: All fees are specified in the applicable Statement of Work, quoted in Indian Rupees (INR) unless expressly stated otherwise in writing.
  • (b) Payment Schedule: Fifty percent (50%) of the total engagement fee is payable as a non-refundable advance upon execution of the Statement of Work or written engagement confirmation. The remaining fifty percent (50%) is payable upon delivery of the final intelligence product or completion of the engagement milestone.
  • (c) Late Payment: Amounts unpaid beyond fifteen (15) days of the due date shall attract interest at the rate of eighteen percent (18%) per annum, compounding monthly, from the due date to the date of actual payment.
  • (d) GST & Taxes: All fees quoted are exclusive of Goods and Services Tax (GST) and all applicable taxes, levies, and duties, which shall be charged at prevailing statutory rates and borne solely by the Client.
  • (e) Refund Policy: The advance fee is non-refundable once intelligence collection, research, or analysis has commenced. Pre-commencement cancellations may receive a refund of the advance less administrative costs, capped at ten percent (10%) of the advance amount. No refunds are available on completed deliverables under any circumstance.

Article VI — Term and Termination

  • (a) Term: This Agreement commences on the Effective Date and continues until completion of all engagement obligations per the applicable Statement of Work, unless earlier terminated in accordance with this Article.
  • (b) Termination for Convenience: Either party may terminate this Agreement upon thirty (30) days’ prior written notice. In the event of Client-initiated termination, Client shall pay for all services delivered and costs incurred up to the effective date of termination.
  • (c) Termination for Cause: RiskFortress may terminate this Agreement immediately upon written notice in the event of: (i) Client’s material breach uncured within fifteen (15) days of written notice; (ii) Client’s insolvency, bankruptcy, or appointment of a liquidator; or (iii) Client’s fraudulent or illegal conduct causing or likely to cause material harm to RiskFortress or third parties.
  • (d) Effects of Termination: Upon termination, Client shall immediately cease use of all work product and pay all outstanding fees. The following provisions survive termination indefinitely: Intellectual Property Rights (Article II), Limitation of Liability (Article III), Indemnification (Article IV), Confidentiality (Article VII), and Dispute Resolution (Article IX).

Article VII — Confidentiality

Both parties shall hold all Confidential Information of the other party in strict confidence, using no less than the same degree of care applied to their own most sensitive information. “Confidential Information” includes: business plans, strategic intelligence, technical data, proprietary methodologies, trade secrets, algorithms, client lists, financial data, engagement terms, and all intelligence products delivered hereunder.

Confidentiality obligations survive termination of this Agreement for a period of seven (7) years for all Confidential Information and indefinitely for trade secrets and proprietary methodologies. Neither party shall disclose Confidential Information to any third party without prior written consent of the disclosing party, except as required by law.

Article VIII — Service Level Expectations & Force Majeure

8.1 — Service Level Expectations

RiskFortress shall use commercially reasonable efforts to deliver intelligence services in accordance with the timelines, scope, and quality standards specified in the applicable Statement of Work. Unless explicitly designated as a binding service-level commitment in writing, the following operate as expectations — not warranties:

  • (a) Intake Acknowledgement: All qualified intake submissions are reviewed and acknowledged within forty-eight (48) business hours.
  • (b) Engagement Onboarding: Formal Statement of Work issuance within seven (7) business days of qualification.
  • (c) Interim Reporting: Mid-engagement intelligence checkpoints at intervals defined per Statement of Work, typically not exceeding fourteen (14) business days.
  • (d) Final Deliverable: Per the timeline expressly stipulated in the Statement of Work, subject to dependencies on Client information, third-party data sources, and adversary environmental shifts.
  • (e) Platform Availability: Secure client portal availability target of 99.5% measured monthly, excluding scheduled maintenance windows and Force Majeure events.
  • (f) Incident Response: Critical engagement-impacting incidents acknowledged within four (4) hours; remediation plan within twenty-four (24) hours.

Failure to meet a non-binding expectation does not constitute breach of this Agreement and does not give rise to any claim, fee adjustment, or liability beyond the limitations set forth in Article III.

8.2 — Force Majeure (Acts of God & Sovereign Risk)

Neither party shall be liable for delays or failures in performance resulting from causes beyond that party’s reasonable control, including but not limited to: natural disasters, floods, earthquakes, fire, acts of war, civil unrest, terrorism, state-sponsored cyber warfare, nation-state APT campaigns, distributed denial-of-service attacks, supply-chain compromise of upstream technology providers, government-mandated internet shutdowns, pandemic or epidemic, changes in applicable law or government orders, sanctions regimes, or failure of critical third-party infrastructure (cloud, telecommunications, payment rails, or registry systems).

The affected party shall notify the other in writing within five (5) business days of the onset of the force majeure event, and shall use commercially reasonable efforts to mitigate impact and resume performance. If the force majeure event continues for a period exceeding ninety (90) days, either party may terminate this Agreement without liability upon written notice, except for payment obligations for services already rendered.

Article IX — Dispute Resolution & Jurisdiction

All disputes, controversies, or claims arising out of or in connection with this Agreement — including its validity, breach, interpretation, or termination — shall be finally and exclusively resolved by binding arbitration under the Arbitration and Conciliation Act, 1996 (as amended).

  • Arbitrator: A sole arbitrator mutually agreed by the parties, or in absence of agreement, appointed by the High Court of Allahabad upon application by either party.
  • Seat & Venue: Greater Noida, Uttar Pradesh, India.
  • Language: English.
  • Award: Final, binding, and enforceable. The arbitral award may be enforced as a decree of court.
  • IP Exception: RiskFortress retains the right to seek immediate injunctive or equitable relief from a court of competent jurisdiction for any actual or threatened breach of intellectual property rights or confidentiality obligations, without prejudice to arbitration.

This Agreement is governed by the laws of the Republic of India. For matters not subject to arbitration, the courts at Greater Noida, Uttar Pradesh shall have exclusive jurisdiction.

Article X — General Provisions

  • Entire Agreement: This MSA, together with the applicable Statement of Work, constitutes the entire agreement between the parties and supersedes all prior negotiations, representations, warranties, and understandings.
  • Severability: If any provision of this Agreement is found to be invalid, illegal, or unenforceable by a competent court, the remaining provisions shall continue in full force and effect.
  • Waiver: No failure or delay by RiskFortress in exercising any right shall constitute a waiver thereof. Any waiver must be in writing and signed by an authorized representative of RiskFortress.
  • Assignment: Client may not assign, transfer, or delegate any rights or obligations under this Agreement without RiskFortress’s prior written consent. RiskFortress may freely assign this Agreement to any affiliate, successor, or acquirer.
  • Notices: All formal notices shall be delivered by hand, registered post with acknowledgement due, or encrypted email to the addresses on record. Notices are effective on receipt.
  • Amendments: No amendment to this Agreement is valid unless made in writing and signed by duly authorized representatives of both parties.

Article XI — Acceptance

BY ENGAGING RISKFORTRESS SERVICES — through execution of a Statement of Work, submission of a secure intake form, making any advance payment, or providing written confirmation of engagement — the Client unconditionally acknowledges that they have read, understood, and agree to be legally bound by all terms of this Master Service Agreement.

The Client further warrants that: (a) they possess full legal authority to enter into this Agreement and bind their organization; (b) no representation, promise, or warranty outside this Agreement has induced their acceptance; and (c) all information provided to RiskFortress is true, complete, and accurate to the best of their knowledge.

For queries regarding this Agreement, contact: legal@riskfortress.in  |  Compliance escalations: compliance@mayalok.com