This Enterprise Master Services Agreement ("MSA") is a template enterprise contract for C4CI Arch. It applies only when incorporated into an order form, signed agreement, or authorised organisation acceptance record between C4CI Group Belgium BV/SRL, enterprise number BE 1030.600.254, registered office at Nieuwstraat 41, 2260 Westerlo, Belgium ("C4CI"), and the customer identified in that order ("Customer").
For self-serve, trial, free-tier, or unauthenticated use, the public Terms of Service apply unless an enterprise order states otherwise.
1. Contract Structure
The enterprise contract consists of:
- the applicable order form;
- this MSA;
- the Data Processing Addendum;
- the Security Exhibit;
- the Support and SLA Policy, if included in the order;
- the AI Addendum, if AI-assisted features are enabled;
- other exhibits expressly incorporated by the order form.
If there is a conflict, the order form controls first, then a signed exhibit, then this MSA, then product policies. The Data Processing Addendum controls for processor obligations regarding Customer Personal Data.
2. Services
C4CI will provide the services described in the order form and product documentation. Arch supports infrastructure discovery, architecture visualisation, drift review, audit evidence workflows, billing operations, and related governance features.
The service is designed to be read-only by default. Where write, remediation, or approval-backed actions are available, they are performed only through the product controls and approval paths exposed for those features.
C4CI may update the services to improve performance, security, reliability, compliance, or product value, provided the update does not materially reduce the core functionality purchased by Customer during the order term.
3. Access and Authorised Users
Customer may allow authorised users to access the services within the purchased scope. Customer is responsible for account administration, role assignment, identity-provider configuration, user offboarding, and all actions taken through Customer accounts, credentials, and connected systems.
Customer must ensure that users comply with the agreement and have authority to perform the actions they take in the services.
4. Customer Systems and Content
Customer retains ownership of Customer Content and connected systems. Customer grants C4CI the rights needed to host, process, transmit, display, secure, support, and improve the services for Customer.
Customer is responsible for ensuring that it has the rights, notices, consents, permissions, and legal bases required to connect systems and submit Customer Content to the services.
Customer must not submit secrets, private keys, access tokens, special-category personal data, or regulated data into free-text fields unless the product explicitly identifies the field as designed for that data and the parties have agreed appropriate safeguards.
5. Acceptable Use
Customer must not use the services to:
- violate law, sanctions, export controls, third-party rights, or contractual restrictions;
- access, scan, disrupt, modify, or test systems without authorisation;
- bypass authentication, authorisation, tenant isolation, rate limits, usage limits, metering, or security controls;
- upload malware, exploit code, unlawful content, or harmful content;
- extract or infer another tenant's data, secrets, identifiers, or system information;
- overload, benchmark, resell, sublicense, or reverse engineer the services except where applicable law gives Customer a non-waivable right to do so;
- rely on AI-assisted outputs without human review for safety-critical, legal, employment, financial, medical, or similarly high-impact decisions.
6. Fees, Payment, and Taxes
Customer will pay the fees in the order form. Unless the order form states otherwise, fees are exclusive of taxes, non-cancellable, and non-refundable.
Invoices are due within 30 days of invoice date unless the order form states otherwise. Late amounts may accrue interest at the lower of 1.5 percent per month or the maximum allowed by law. C4CI may suspend paid services for overdue amounts after reasonable notice.
Customer is responsible for taxes, duties, withholding, and similar charges other than taxes based on C4CI's net income.
7. Confidentiality
Each party may receive confidential information from the other. The receiving party must protect confidential information using at least reasonable care and may use it only to perform or receive the services.
Confidential information does not include information that is public without breach, already known without confidentiality obligation, independently developed, or lawfully received from a third party.
The receiving party may disclose confidential information to personnel, advisers, contractors, subprocessors, and affiliates who need to know it and are bound by confidentiality obligations. The receiving party may also disclose information when required by law, after giving notice where legally permitted.
8. Data Protection and Security
C4CI will process personal data as described in the Privacy Policy and Data Processing Addendum. C4CI will maintain security measures described in the Security Exhibit.
Customer remains responsible for its own cloud, repository, identity, billing, security, backup, retention, audit, and compliance obligations.
9. AI-Assisted Features
AI-assisted features are governed by the AI Addendum where enabled. Customer is responsible for reviewing AI-assisted outputs before relying on them, submitting them as evidence, or using them to change systems.
Unless an order form states otherwise, C4CI does not use Customer Content to train public foundation models.
10. Third-Party Services
The services may interoperate with third-party services such as cloud providers, identity providers, source-control providers, payment processors, support tools, design tools, observability tools, hosting providers, and AI providers. Third-party services are governed by their own terms.
C4CI is not responsible for third-party services or Customer-managed credentials, infrastructure, permissions, or provider changes.
11. Intellectual Property
C4CI and its licensors retain all rights in the services, software, interfaces, models, workflows, documentation, templates, and product know-how.
Customer retains all rights in Customer Content. C4CI may use feedback, suggestions, and improvement ideas without restriction or compensation, provided C4CI does not misuse Customer Confidential Information or Customer Content.
12. Warranties
C4CI warrants that it will provide the services in a professional and workmanlike manner and materially in accordance with the applicable documentation during the order term.
Customer warrants that it has authority to enter into the order, connect systems, submit Customer Content, and instruct C4CI to process Customer Personal Data.
13. Disclaimers
Except as expressly stated, the services are provided "as is" and "as available." C4CI disclaims implied warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, error-free operation, and accuracy of outputs.
Nothing in this MSA excludes liability that cannot be excluded under applicable law.
14. Indemnities
C4CI will defend Customer against third-party claims alleging that the services, as provided by C4CI and used according to the agreement, infringe that third party's intellectual property rights. C4CI may modify the services, procure a right to continue use, or terminate the affected services with a prorated refund if C4CI reasonably determines that infringement risk cannot be resolved.
Customer will defend C4CI against third-party claims arising from Customer Content, connected systems, Customer instructions, unauthorised credentials, Customer breach of the agreement, or Customer violation of law or third-party rights.
The indemnified party must promptly notify the indemnifying party, provide reasonable cooperation, and allow the indemnifying party to control the defence and settlement, provided no settlement admits fault or imposes non-monetary obligations without the indemnified party's consent.
15. Liability Limits
Unless an order form states otherwise, each party's total aggregate liability arising out of or relating to the agreement is limited to the amounts paid or payable by Customer to C4CI under the applicable order in the 12 months before the event giving rise to liability. If the applicable order has been active for less than 12 months, the cap is based on the shorter period. Unless an order form states otherwise, the general liability cap will not be less than EUR 10,000.
For claims arising from confidentiality obligations, data-protection obligations, security obligations, or C4CI's intellectual-property indemnity, each party's total aggregate liability is limited to the greater of two times the general liability cap or EUR 25,000 unless an order form states a different super-cap.
Neither party will be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost savings, loss of goodwill, loss of data, loss of business opportunity, or business interruption.
The damages exclusion does not exclude direct damages that cannot be excluded under applicable law or direct damages expressly recoverable under the confidentiality, data-protection, security, or indemnity provisions, subject to the applicable cap.
The liability caps do not apply to Customer's payment obligations, fraud, wilful misconduct, intentional misappropriation of intellectual property, or liability that cannot be limited under applicable law. Data-protection liability may be subject to a different cap in the order form.
16. Suspension
C4CI may suspend access if C4CI reasonably believes that Customer use creates a security, legal, privacy, operational, billing, or compliance risk; if payment is overdue; if credentials are compromised; or if suspension is required by law or a third-party provider.
C4CI will use reasonable efforts to provide notice and limit suspension to the affected services where practical.
17. Term and Termination
This MSA applies for the term of the applicable order. Either party may terminate an order for material breach if the breach is not cured within 30 days after written notice. C4CI may terminate immediately for misuse, unlawful activity, or security risk that cannot reasonably be cured.
After termination, Customer must stop using the services and pay outstanding amounts. C4CI will handle Customer Content according to the Data Processing Addendum and product retention controls.
18. Publicity
C4CI may identify Customer as a customer only if the order form allows it or Customer gives written approval. Customer may state that it uses C4CI, provided it does not imply endorsement or disclose C4CI Confidential Information.
19. Export and Sanctions
Each party must comply with applicable export-control, sanctions, and trade compliance laws. Customer must not use the services in embargoed jurisdictions, for prohibited end users, or for prohibited end uses.
20. Governing Law and Disputes
This MSA is governed by Belgian law, without regard to conflict-of-law rules. Unless mandatory law requires another forum, disputes will be handled by the competent courts for C4CI's registered office in Belgium.
Before formal proceedings, the parties will use reasonable efforts to resolve disputes in good faith through executive escalation.
21. Notices
Legal notices to C4CI must be sent to support@c4ci.io unless the order form identifies a different legal notice address. Operational notices may be sent through the product, email, support channels, or account contacts.