BrainTrust Client Agreement
MTradecraft, LLC
This Agreement (“Agreement”) is entered into by and between MTradecraft, LLC (“MTradecraft”), located in Dallas, Texas, and the individual or organization (“Client”) subscribing to the MTradecraft BrainTrust membership service.
1. Scope of Services
Client is subscribing to the BrainTrust membership tier, which may include the following services depending on level of service selected:
- Access to templates, tools, and walkthroughs for cybersecurity compliance tasks.
- Access to FieldCraft employee cybersecurity training platform.
- Email-based guidance and answers to compliance and cybersecurity questions.
- Intelligence and threat assessment guidance for marketing, insurance, compliance, operational, and documentation purposes.
- All services are non-transferable and intended for the subscribing client only.
2. Support and Communication
Support and Audit requests should be submitted via email to support@mtradecraft.com.
Support & Response
Upon receipt, a support ticket will be generated in our Zoho Desk system. We aim to respond within 48 hours, with most issues addressed sooner. Requests are prioritized based on urgency and topic.
Support levels by tier
BrainTrust Premium
Email-based ticket support only. Responses are prioritized over non-member inquiries. Real-time access to a consultant is not included.
Consultant Tier
Everything in BrainTrust Premium plus scheduled Zoom consultations to discuss specific compliance and cybersecurity issues in greater depth.
Remote CISO Tier
Includes all support from the Consultant Tier plus remote hands-on assistance, where our team can securely log in to your environment to implement or troubleshoot directly.
Scans, Reports, and Documentation by Tier
| Tier | Included Scans & Reports | Cadence | Cybersecurity Compliance Documentation |
|---|---|---|---|
| BrainTrust Premium | CRVT™ Cyber Risk & Threat Report | 1× per year | Client-authored. We provide guidance/templates as appropriate; drafting is not included. |
| Consultant | CRVT Report; External Vulnerability Scan Report | CRVT: Quarterly (4×/yr) • External: Monthly (12×/yr) | Client-authored. We review and advise; drafting is not included. |
| Remote CISO | Internal Vulnerability Scan Report; External Vulnerability Scan Report; CRVT Report | All three: Monthly (12×/yr each) | MTradecraft-authored. We write and maintain your cybersecurity compliance documentation. |
3. Fees and Payment
BrainTrust Membership Terms
Premium Membership
- The BrainTrust Premium tier is offered as a month-to-month service.
- Membership fees are billed automatically on the date of initial signup and on that same date each month thereafter.
- Membership may be canceled online at any time. No advance notice is required.
- No partial refunds will be issued for unused time within a billing cycle.
- A canceled subscription may be restarted at any time by reactivating online.
Consultant and Remote CISO Memberships
- Both the Consultant and Remote CISO tiers require a one-year (12-month) commitment.
- Members may choose to pay the annual fee up front or in monthly installments.
- If paying monthly, the included annual audit will not be performed until the end of the first year of membership.
- If paying the full year of membership up front, the audit may be performed immediately.
- Membership automatically renews on an annual basis unless written notice of cancellation is provided at least thirty (30) days prior to the renewal date.
General Payment Terms
Membership benefits, including access to templates, workflows, reports, or support channels, may be withheld during any period of suspension or delinquency.
Failure to remit payment when due may result in suspension or termination of service at MTradecraft’s discretion.
4. Confidentiality
Confidentiality and Data Protection
MTradecraft’s Responsibilities
- MTradecraft treats all client data, records, and communications as strictly confidential.
- All client information is secured in accordance with industry standards, including encryption, access controls, and regular security reviews, as outlined in the MTradecraft Cybersecurity and Privacy Policy.
- Client information will never be sold, rented, or shared with third parties outside the scope of agreed services. Information will only be disclosed when required by law, legal process, or regulatory authority, and the client will be notified of such disclosure whenever legally permissible.
- Internal access to client information is limited to MTradecraft personnel directly involved in the delivery of contracted services.
Client Responsibilities
- The client agrees to maintain the confidentiality of MTradecraft’s proprietary methodologies, tools, processes, reports, templates, training content, and other support materials provided during the engagement.
- Such materials are provided solely for the client’s internal use and may not be reproduced, distributed, or disclosed to third parties without prior written consent from MTradecraft.
- Any unauthorized use or disclosure of MTradecraft’s proprietary materials will be considered a material breach of this agreement.
- Reselling, sublicensing, or otherwise using MTradecraft’s materials for commercial gain is strictly prohibited. Such actions constitute a violation of the U.S. Copyright Act (17 U.S.C. §101 et seq.), the Defend Trade Secrets Act (18 U.S.C. §1836 et seq.), and related intellectual property laws, and will be subject to prosecution and damages to the fullest extent permitted.
- The client acknowledges that unauthorized use, disclosure, or resale of MTradecraft’s materials would cause irreparable harm for which monetary damages may be inadequate. Accordingly, MTradecraft shall be entitled to seek immediate injunctive relief, in addition to any other remedies available at law or in equity, without the need to post bond or prove actual damages.
Mutual Obligations
Confidentiality obligations will survive the termination or expiration of this agreement.
Both parties agree to implement reasonable measures to safeguard any confidential information exchanged during the course of the engagement.
5. Limitations
Scope of Services; No Legal or IT Implementation
- MTradecraft provides guidance, analysis, training, and templates related to regulatory compliance and cybersecurity operations.
- We do not implement, configure, or administer IT systems or security tooling, and we do not provide legal representation or legal opinions. Clients should consult qualified counsel, insurers, and IT providers for matters in those domains.
No Guarantees; Independent Judgement Required
- Regulatory positions and examiner expectations evolve. MTradecraft does not guarantee audit/exam outcomes, regulator interpretations, approvals, certifications, incident avoidance, or threat eradication.
- Our materials and recommendations are for informational/operational use and are not a substitute for legal, insurance, accounting, or IT-engineering advice. Clients remain responsible for final decisions and implementation.
Disclaimer of Warranties
- All services, reports, templates, and training are provided on an “as-is” and “as-available” basis, without warranties of any kind, express or implied, including merchantability, fitness for a particular purpose, non-infringement, or results.
Limitation of Liability; Exclusion of Damages
- To the maximum extent permitted by law, MTradecraft’s total aggregate liability for any and all claims arising out of or related to this Agreement shall not exceed the fees paid by Client to MTradecraft in the twelve (12) months preceding the event giving rise to the claim.
- In no event will MTradecraft be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages (including lost profits, loss of data, loss of business, or reputation harm), even if advised of the possibility of such damages.
- The foregoing limitations apply to all theories of liability (contract, tort, negligence, strict liability, statute, or otherwise).
- These limitations do not apply to losses finally determined to have resulted from MTradecraft’s willful misconduct or fraud.
Client Responsibilities
Client is responsible for obtaining its own legal advice, cyber insurance determinations, and IT implementation support.
Client is responsible for implementing recommended controls, maintaining secure configurations, granting necessary access, and ensuring timely remediation of findings.
6. Term and Termination
This Agreement remains active as long as the Client remains a paying subscriber to the BrainTrust service. Either party may terminate this Agreement with written notice. Upon termination, Client access to services and materials will be revoked.
7. Dispute Resolution
Governing Law; Arbitration
Survival
This arbitration provision shall survive the termination or expiration of this Agreement
Governing Law
This Agreement shall be governed by, and construed in accordance with, the laws of the State of Texas, without regard to conflict of law principles.
Exclusive Arbitration
Any claim, dispute, or controversy arising out of or relating to this Agreement, the services provided, or the relationship of the parties shall be resolved exclusively by final and binding arbitration administered by the American Arbitration Association (AAA) (or a mutually agreed equivalent) in accordance with its Commercial Arbitration Rules.
Venue
The arbitration shall be conducted solely in Collin County, Texas, and the parties expressly consent to such venue as the exclusive forum. No arbitration may be conducted in any other jurisdiction.
Arbitrator’s Authority
The arbitrator shall have the exclusive authority to resolve any dispute relating to the interpretation, applicability, enforceability, or formation of this Agreement, including any claim that all or part of this Agreement is void or voidable.
The arbitrator may award any remedy available at law or in equity, subject to the limitations of liability set forth in this Agreement.
Costs
Each party shall bear its own arbitration costs, fees, and expenses, including attorney’s fees, unless the arbitrator determines that applicable law requires otherwise.
Waiver of Court Proceedings
The parties knowingly and voluntarily waive any right to a trial by jury or to litigate in any court (state or federal) except to enforce an arbitration award or to seek injunctive relief as expressly permitted in this Agreement.
8. Entire Agreement
This document constitutes the full understanding between the parties and supersedes all previous verbal or written agreements relating to BrainTrust membership. Modifications to this Agreement must be in writing and agreed to by both parties.
Breach Remediation Disclaimer
MTradecraft does not provide breach response or remediation services. We are not equipped to conduct incident forensics, data recovery, or legal notification work related to cybersecurity breaches. While we may assist in analyzing documentation, advising on preventative controls, or recommending vendors, all post-breach actions—including containment, recovery, or disclosure—remain the responsibility of the Client and/or its designated incident response provider.
By subscribing to the BrainTrust membership and submitting payment, the Client acknowledges and agrees to the terms outlined in this Agreement.