UNIFIED LICENSE AGREEMENT
(Governing all CSG Products and Services)
This Unified License Agreement ("Agreement") is a legally binding contract between Communication Security Group Inc., a company registered in the Cayman Islands ("CSG"), and any individual or organization ("Customer") that downloads, accesses, or uses any CSG product, service, software, or platform.
By installing, accessing, or using any CSG application or service — including but not limited to Cellcrypt, Cellcrypt Government, Seecrypt, or any future CSG-branded variant (the "CSG Apps") — the Customer agrees to be bound by this Agreement. If you do not agree, you must not use the Service.
Use of CSG products is also subject to applicable data protection and export control laws.
This Agreement governs all use of CSG products and Services. It applies to:
All prior versions of end-user licence, enterprise licence, or data-processing terms are superseded by this Agreement.
For the duration of a valid subscription, CSG grants the Customer a non-exclusive, non-transferable, non-sublicensable, revocable license to use the Apps and Services solely for lawful internal communication and collaboration.
Each authorized user requires a valid license. Customers may manage user credentials and licences through the Enterprise Management Portal (EMP) or equivalent interface.
Customers may not:
All intellectual property in the CSG Apps, Servers and Services, and associated technology remains the exclusive property of CSG. No ownership rights are transferred.
CSG provides secure communications through cross-platform Apps and associated back-end infrastructure (Servers).
Services include end-to-end encrypted messaging, voice, video, file transfer, and management functions.
All CSG products implement a Zero-Trust, multi-layer cryptographic architecture. Communications are encrypted end-to-end using combinations of Elliptic Curve Cryptography (ECC) and Post-Quantum Protection (PQP) algorithms such as CRYSTALS-Kyber and Classic McEliece, providing resistance to "harvest now, decrypt later" attacks.
CSG may update, modify, or replace features to improve security or performance. Customers are required to install updates promptly.
The Apps do not support calls to emergency services (e.g., 112/999/911). Customer must ensure users are informed and have alternative access to emergency services.
The Customer is responsible for:
The Customer must immediately notify CSG of any unauthorized access, breach, or loss of credentials.
The Customer will indemnify CSG against any third-party claims arising from misuse of the Service or violations of law by the Customer or its users.
CSG will provide the Service using industry-standard security and encryption technologies consistent with the current state of the art.
CSG will use reasonable efforts to ensure availability and rectify interruptions as quickly as possible.
CSG may suspend access temporarily for maintenance or to prevent unlawful or abusive use.
In respect of CSG's publicly hosted services, CSG will process personal data only as described in this Agreement and in compliance with Swiss and European data-protection standards.
The Customer shall pay the applicable subscription or license fees in advance, either monthly or annually.
Invoices are payable within the stated due date and without deduction.
Failure to pay may result in suspension or termination of the Service.
CSG reserves the right to adjust fees with at least 30 days' notice before renewal. Customers may terminate within 30 days of receiving notice of a price increase.
All taxes are the Customer's responsibility. CSG will collect and remit taxes only where legally required.
Agreements are valid for one year and automatically renew unless cancelled with 30 days' written notice before expiry.
Trial versions expire automatically and are not renewed.
Either party may terminate immediately for material breach not cured within 30 days.
If CSG materially fails to provide the Service and does not cure within 30 days after notice, Customer may terminate the affected Service and receive a pro‑rata refund of prepaid, unused fees.
Upon termination, Customer data will be deleted or returned subject to legal retention obligations.
For publicly hosted Services, the Customer is the controller (or a processor for its controller) and CSG acts as processor. For CSG's own operations—licensing, billing, fraud prevention, and aggregated telemetry—CSG acts as an independent controller per its Privacy Notice. Customer and CSG data remain logically segregated.
Processor activities are governed by a separate DPA provided at purchase or on request. The DPA sets processing limits, transfer safeguards (EU SCCs, UK Addendum, Swiss FDPIC), and Subprocessor notice terms, and prevails over this Agreement in case of conflict.
CSG will not process Customer Personal Data as processor until a DPA is in force. Absent a DPA, features needing processor access may be disabled, though CSG may process its own controller data (e.g., billing or anonymised telemetry).
A Subprocessor list is available on request. CSG gives 30 days' notice before changes; Customer objection or termination rights (with pro-rata refund) are defined in the DPA. Subprocessors never access plaintext Customer data, and encryption keys remain secured under CSG control.
CSG applies proportionate technical and organisational measures, including end-to-end encryption, strong cryptography, separation of duties, multi-factor controls, vulnerability management, and annual independent testing. Under its zero-trust model, Customer content stays encrypted end-to-end; only minimal metadata is processed in secure systems.
Services are primarily hosted in Switzerland. Customer content is processed in the chosen region, with limited cross-border access for support, delivery, telemetry, or approved Subprocessors per the DPA. Where transfers occur to non-adequate countries, CSG applies the EU SCCs (2021/914) with UK Addendum/IDTA and Swiss FDPIC variations as set out in the DPA.
CSG will notify Customer of any government request for Customer data (unless legally barred), seek to narrow or challenge overbroad demands, and never disclose encryption keys or plaintext content. Aggregated transparency reporting may be published where lawful.
All information exchanged under this Agreement is confidential. Both parties must protect such information using reasonable security measures.
The Customer may not disclose CSG technical documentation, source code, or encryption details without written consent.
All rights, titles, and interests in CSG technology, software, trademarks, and cryptographic designs remain with CSG.
Customers must comply with export control laws that may restrict access to encryption technology.
Reverse engineering or modification of CSG products is strictly prohibited.
The internet and mobile networks may experience disruptions outside CSG's control. CSG is not liable for any interruptions, delays, or losses caused by such external factors.
Neither party is liable for indirect, incidental, special, consequential, exemplary or punitive damages, or for lost profits, revenues, goodwill or data.
Each party's aggregate liability arising out of or related to this Agreement will not exceed the amounts paid or payable by Customer to CSG for the affected Services in the 12 months before the first event giving rise to liability.
For (a) IP indemnity, (b) breach of confidentiality, or (c) verified, material breach of the DPA resulting in a Security Incident, the cap is the greater of the standard cap or 2× such amount. Nothing limits liability that cannot be excluded by law.
CSG may update policies, security documentation and non‑material terms to reflect improvements or legal changes.
Material changes to fees, liability, data‑protection obligations or scope of Services require Customer consent (not to be unreasonably withheld).
If a required legal change materially reduces Customer's rights, Customer may terminate the affected Service on 30 days' notice with a pro‑rata refund of prepaid, unused fees.
This Agreement is governed by the laws of the Cayman Islands. The parties submit to the jurisdiction of the courts of the Cayman Islands.
For clarity, the governing law and venue for international data-transfer instruments (SCCs/UK Addendum/Swiss variations) are set in the DPA and may differ from the Cayman Islands.
If any clause of this Agreement is held invalid, the remaining clauses remain in full effect.
No failure or delay in enforcing a right constitutes a waiver of that right.
This Agreement constitutes the entire understanding between the parties regarding the use of CSG products and supersedes all prior terms.