← Back to site

Terms of Service

Last updated: 22 April 2026

Please read these terms carefully. By accessing or using Cyber (hosted at cyber.olyteck.com) you agree to be legally bound by these Terms of Service. If you do not agree, you may not use the service.

Table of Contents

1. Introduction

Welcome to Cyber ("Service", "we", "us", "our"), a multi-tenant security-posture tool for Microsoft 365 / Entra ID operated by olyteck. These Terms of Service ("Terms") govern your access to and use of the Service, including the web console, the scheduled scan workers, email digests, and the platform and tenant administration surfaces.

By signing in with a Microsoft work/school account or otherwise using Cyber, you agree to these Terms and to our Privacy Policy.

2. Eligibility

The Service is intended for use by organisations and their authorised administrators. You must be at least 18 years old and authorised by your organisation to connect its Microsoft 365 tenant to the Service. If you are acting on behalf of a company, you represent that you have authority to bind that company to these Terms.

3. Accounts & registration

3.1 Single sign-on with Microsoft

Access to Cyber uses Microsoft Entra (Azure AD) for identity. We do not store passwords — authentication is performed by your Microsoft tenant, and we only retain the minimum profile information required to run the Service (see our Privacy Policy).

3.2 Tenant admin consent

Scanning requires a tenant administrator to grant admin consent to our read-only Microsoft Graph application. You may revoke that consent at any time from the Microsoft Entra admin centre, which immediately ends the Service's ability to query your tenant.

3.3 Account responsibility

You are responsible for the actions taken by users who can sign in to your tenant and for promoting / demoting tenant administrators inside Cyber. Notify us at [email protected] if you suspect unauthorised access.

4. Plans, trials & billing

4.1 Trial

New tenants may be offered a time-limited trial of the full product. When the trial ends, the tenant is moved to a read-only state until a paid plan is selected; after an additional grace period the tenant is locked.

4.2 Subscriptions & renewal

Paid plans renew automatically at the end of each billing cycle. You can cancel at any time from the Billing page; cancellation takes effect at the end of the current cycle. All payments are processed by Stripe Payments Europe, Ltd. — we never see or store your card data.

4.3 Taxes

Prices shown on the Billing page are in euros (EUR). VAT, if any, is added by Stripe Tax at checkout based on your billing country.

4.4 Refunds

Subscription fees are non-refundable for the current billing cycle. If a regional consumer-protection law grants you a withdrawal right, that right is preserved.

Automatic renewal notice: unless you cancel before the end of the current billing period, paid subscriptions renew automatically and you authorize us (via Stripe) to charge your payment method for the renewal term.

5. What the scanner does

Cyber reads, at scheduled intervals, selected Microsoft Graph endpoints describing your tenant's SharePoint sites, OneDrive drives, Teams-backed sites, external sharing links, user accounts, consented OAuth apps, and tenant-level security posture. It produces findings ("this site is shared to Anyone", "this OAuth app holds Mail.Read", etc.), grouped by severity, with first-seen / last-seen timestamps.

The scanner is read-only by default. It does not modify sharing links, users, apps, or any other tenant state unless an operator explicitly invokes a remediation action from the admin surface.

6. Your Microsoft 365 data

6.1 SAFE-payload rule

A foundational constraint of the Service is that we do not pull or store the contents of your files, the raw sharing URLs, or any access tokens. We only persist the minimum metadata required to identify a finding on repeat runs:

SAFE payload — stored in Cyber's database:
• Graph IDs (tenant, site, drive, user, app)
• Display names, counts, timestamps, severity flags
• Scan-run metadata (when it ran, how long it took, outcome)

NEVER stored:
• File contents (bodies, attachments, OCR text)
• Share URLs (we record that a share exists, not the link)
• Access tokens, refresh tokens, or credential material

Access tokens are held only in memory for the lifetime of a single scan request and discarded immediately afterwards. Refresh tokens are stored encrypted where absolutely required for client-credentials flows, and are scoped to your tenant only.

6.2 Your data remains yours

All metadata we store on your behalf is your tenant's data. We process it only to operate the Service for you, as set out in our Privacy Policy.

7. Intellectual property

7.1 Our IP

The Service, including its source code, scan rules, dashboards, digest templates, and brand, is owned by olyteck or our licensors. Nothing in these Terms transfers ownership to you.

7.2 Your licence to use the Service

Subject to these Terms, we grant you a limited, non-exclusive, non-transferable, revocable licence to use the Service for your internal business purposes.

7.3 Findings & reports

You may share the findings and reports produced by the Service internally and with your advisors and auditors. You may not republish them as a standalone commercial product or resell them as a scanning service of your own.

8. Sub-processors & data location

The Service runs on hosting located in the European Union. We use a small set of sub-processors to operate it, including our payment processor (Stripe), our transactional email provider, and Microsoft Graph itself (which we call on your behalf). The up-to-date list, and a description of each sub-processor's purpose, is in our Privacy Policy.

9. Security expectations

  • Traffic is served over HTTPS only.
  • Session cookies are HttpOnly, Secure, and SameSite=Lax, with session-ID rotation on login and other privilege changes.
  • Mutating admin actions are protected by CSRF tokens.
  • Scans run under the dedicated Entra application granted by your tenant's admin consent, using client credentials — not a user session.

No online service can promise absolute security. If you suspect a breach affecting the Service, email [email protected] immediately.

10. Termination

10.1 Termination by you

You may terminate your subscription at any time from the Billing page and may additionally ask us, by emailing [email protected], to delete the tenant's data we hold. Deletion is processed within 30 days.

10.2 Termination by us

We may suspend or terminate access immediately if you materially breach these Terms, if we reasonably suspect fraud or abuse, or if we are required to by law. We may also discontinue all or part of the Service with reasonable notice.

10.3 Effect of termination

Provisions that by their nature should survive termination (ownership, disclaimers, indemnity, limits of liability, governing law) will survive.

11. Disclaimers & limitation of liability

Disclaimer of warranties

The service is provided "as is" and "as available" without warranties of any kind, either express or implied. To the fullest extent permitted by law, we expressly disclaim all warranties, including implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.

We do not warrant that the service will be uninterrupted, timely, secure, or error-free, or that findings will be comprehensive for your tenant.

Limitation of liability

To the maximum extent permitted by law, in no event shall we, our directors, employees, agents, partners, suppliers, or affiliates be liable for any indirect, incidental, special, consequential or punitive damages, including without limitation, loss of profits, data, goodwill, service interruption, computer damage or system failure, or the cost of substitute services arising out of or in connection with these terms or from your use of or inability to use the service.

In no event will our total liability arising out of or in connection with these terms or from the use of or inability to use the service exceed the greater of (a) the amounts you have paid to us in the twelve (12) months preceding the event giving rise to the liability or (b) one hundred euros (€100).

12. Indemnification

You agree to defend, indemnify and hold harmless olyteck, its affiliates, and its and their respective officers, directors, employees and agents from any claims, liabilities, damages, losses and expenses (including reasonable attorneys' fees) arising out of or in connection with: (a) your breach of these Terms; (b) your misuse of the Service; or (c) content or actions taken by users you authorised to administer your tenant in Cyber.

13. Changes to these Terms

We may update these Terms from time to time. Material changes will be announced by email to the tenant's administrator and by updating the "Last updated" date at the top of this page. Continued use of the Service after changes become effective constitutes your acceptance of the modified Terms.

14. Governing law & disputes

These Terms are governed by the laws of France. Subject to any non-waivable consumer-protection rights you have in your country, the courts of Paris, France have exclusive jurisdiction over disputes arising from these Terms. Before filing any claim, please contact us at [email protected] — we'll do our best to resolve it informally.

15. Severability

If any provision of these Terms is held unenforceable, that provision will be limited or eliminated only to the minimum extent necessary. The remaining provisions will remain in full force and effect.

16. Contact

Questions about these Terms?

Email: [email protected]

Operator: olyteck — SIRET 993 174 499 00018