Cobalt logo

Cobalt Platform Services Agreement Review & Rating

Cobalt TermScout certified contract badge

Get Your Contract Certified to Build Trust and Close Deals Faster

Earn trust early, reduce negotiation friction, and accelerate deals withsmoother, faster approvals.

Get your Certification Score Now
Top 8% contract ranking
Contract
Ranking
Top 8%
Ranking

The vendor's agreements were benchmarked against thousands of vendor forms and are in the top 8% for customer favorability.

0
Deal Breakers

80% customer favorability, based on 750 plus contract signals powered by Certify.

80%
Customer Favorable

Indicates balanced, low-risk terms favorable to the customer.

Verified

Top 8% IT contract. No structural blockers. Procurement-ready.

Contract Performance

Start with a quick risk summary, then compare this agreement to similar contracts.

Get your Certification Score
Topic
Rating
Details
Liability and Risk Allocation
70% Customer Favorable

Insurance

Insurance requirements

  • Cobalt must carry general liability insurance
  • Cobalt must carry errors and omissions insurance
  • Cobalt must carry umbrella liability insurance

Summary

Liability cap

  • Cobalt's varying liability cap includes 12 months' fees
  • Cobalt's varying liability cap includes some other amount - see citation
  • A secondary cap on Cobalt's liability covers certain types of data related claims
  • A secondary cap on Cobalt's liability covers claims related to violations of Customer's IP rights
  • A secondary cap on Cobalt's liability covers claims related to violations of obligations relating to confidential information
  • A secondary cap covers claims related to Cobalt's indemnification obligations relating to IP infringement
  • A secondary cap covers claims related to at least some of Cobalt's indemnification obligations (other than relating to data or IP infringement) - see citation
  • Customer's varying liability cap includes 12 months' fees
  • Customer's varying liability cap includes some other amount - see citation
  • A secondary cap covers claims related to Customer's content, data, and/or materials
  • A secondary cap on Customer's liability covers certain types of data related claims (e.g., data breach, loss of data, etc.)
  • A secondary cap covers claims related to violation of Cobalt's IP rights
  • A secondary cap covers Customer's indemnification obligations relating to data
  • A secondary cap covers Customer's indemnification obligations relating to IP infringement
  • A secondary cap covers at least some of Customer's indemnification obligations (other than relating to data or IP infringement)
  • A secondary cap on Customer's liability covers claims related to violations of obligations relating to confidential information
  • A secondary cap covers claims related to Customer's use of the service, violations of an acceptable use policy or other restrictions or responsibilities

Exceptions to the liability cap

  • There are no exceptions to Cobalt's liability cap
  • There are no exceptions to Customer's liability cap

Excluded damages

  • One or more forms of indirect damages are excluded from Cobalt's liability
  • One or more forms of indirect damages are excluded from Customer's liability

Exceptions to excluded damages

  • The damages excluded from Cobalt's liability do not include claims related to data
  • The damages excluded from Cobalt's liability do not include claims related to violations of Customer's IP rights
  • The damages excluded from Cobalt's liability do not include claims related to violations of obligations relating to confidential information
  • The damages excluded from Cobalt's liability do not include indemnification obligations relating to IP infringement
  • The damages excluded from Cobalt's liability do not include at least some indemnification obligations (other than relating to data or IP infringement)
  • The damages excluded from Customer's liability do not include claims related to data (e.g., data breach, loss of data, etc.)
  • The damages excluded from Customer's liability do not include claims related to violation of Cobalt's intellectual property rights
  • The damages excluded from Customer's liability do not include claims related to violations of obligations relating to confidential information
  • The damages excluded from Customer's liability do not include claims related to Customer's use of the service, violations of an acceptable use policy or other restrictions or responsibilities
  • The damages excluded from Customer's liability do not include indemnification obligations relating to data
  • The damages excluded from Customer's liability do not include indemnification obligations relating to IP infringement
  • The damages excluded from Customer's liability do not include at least some indemnification obligations (other than relating to data or IP infringement)

Timing of claims

  • Claims against Cobalt must be brought by Customer in less than or equal to 18 months
  • Claims against Customer must be brought by Cobalt in less than or equal to 18 months

Claims

  • Cobalt indemnifies Customer for claims based on third-party IP infringement
  • Cobalt indemnifies Customer for claims arising from fraud or willful misconduct
  • Cobalt indemnifies Customer for claims arising from gross negligence or recklessness
  • Cobalt indemnifies Customer for claims arising from violation of laws
  • Cobalt indemnifies Customer for claims arising from death or personal injury
  • Customer indemnifies Cobalt for claims based on third-party IP infringement
  • Customer indemnifies Cobalt for claims based on Customer's content, data, and/or materials
  • Customer indemnifies Cobalt for claims arising from fraud or willful misconduct
  • Customer indemnifies Cobalt for claims arising from gross negligence or recklessness
  • Customer indemnifies Cobalt for claims arising from violation of laws
  • Customer indemnifies Cobalt for claims arising from violation of any third party rights (other than IP infringement)
  • Customer indemnifies Cobalt for claims arising from death or personal injury

Scope of obligations

  • Cobalt's IP indemnification covers all types of IP
  • Cobalt's indemnification obligations are the exclusive remedy for indemnified claims
  • Cobalt's indemnification includes the obligation to provide a defense
  • Cobalt's indemnification includes the obligation to hold harmless
  • Customer's IP indemnification covers all types of IP
  • Customer's indemnification obligations are limited to third-party claims
  • Customer's indemnification obligations are the exclusive remedy for indemnifiable claims
  • Customer's indemnification includes the obligation to provide a defense
  • Customer's indemnification includes the obligation to hold harmless

Limitations, conditions, or exclusions

  • Obligations include conditions regarding Customer's cooperation or Cobalt's control of the defense
  • Obligations include conditions regarding Customer's use of the services in breach of the contract
  • Cobalt's indemnity obligations include conditions regarding settlements
  • There are time constraints on when Customer must notify Cobalt of an indemnifiable claim
  • Obligations include conditions regarding Cobalt's cooperation or Cobalt's control of the defense
  • Customer's indemnity obligations include conditions regarding settlements
  • There are time constraints on when Cobalt must notify Customer of an indemnifiable claim

Warranties Offered

SLAs

  • Cobalt does not offer an SLA regarding uptime
  • Cobalt does not offer any other form of SLA

Other warranties

  • Cobalt warrants that the services will meet specified standards of care or conduct

Implied warranties

  • Cobalt disclaims some or all implied warranties
Data & Privacy
90% Customer Favorable

Data Rights

Data provided by Customer

  • Cobalt does not claim ownership of any data provided by Customer
  • Cobalt does not receive usage rights in any data provided by Customer beyond what is necessary to improve or provide the services

Data Security

Subprocessor obligations

  • The contract lists or references a list of some subprocessors
  • Cobalt is required to ensure that subprocessors are bound by data or privacy requirements similar to those in this contract

Security commitments

  • Cobalt makes contractually binding data security commitments

Third party audits, standards, or certifications

  • Cobalt commits to comply with at least one third-party data security audit, standard, or certification
  • Cobalt commits to Soc 2 audits
  • Cobalt commits to ISO 27001 standards and/or certification
  • Cobalt commits to some other audits, standards, or certifications which TermScout was unable to classify - see citation
  • There are no qualifications and/or limitations to Cobalt's commitments to comply with third-party data security audits, standards, or certifications

Data breach notification policy

  • Cobalt commits to notifying Customer of a security breach impacting Customer's data

Summary

Vendor's confidential information

  • Customer must provide some protection of Cobalt's confidential information

Customer's confidential information

  • Cobalt must provide some protection of Customer's confidential information
  • Cobalt explicitly commits not to disclose Customer's confidential information, except as necessary to provide the services
  • Cobalt explicitly commits not to use Customer's confidential information, except as necessary to provide the services

Mutuality

  • All commitments concerning confidential information are mutual

Residuals clause

  • There is a residuals clause

Warranties Offered

Compliance with documentation/specifications

  • Cobalt warrants that the services will comply with certain documentation and/or specifications, but the warranty has some conditions or qualifications

Other warranties

  • Cobalt provides warranties regarding malware, malicious code, spyware, viruses, or similar
Commercial & Payment Terms
60% Balanced Favoring Customer

Payment Terms

Late payment penalties

  • There are no penalties for late payments

Payments due

  • Customer's payment terms are either less than 30 days or not specified in the Agreement

Vendor's expenses

  • Cobalt does not reserve the right to bill Customer for any expenses incurred by Cobalt
Term, Termination, & Control
70% Customer Favorable

Summary

Customer's termination rights

  • Customer has certain rights to terminate for cause

Refunds

  • Customer's termination rights include the right to a refund

Auto-renewal

  • The contract has auto-renew language, but Customer may opt out
  • The contract has auto-renewal language and Customer may opt out by giving less than or equal to 45 days' notice

Vendor's termination and suspension rights

  • Cobalt does not receive the right to terminate the contract for convenience
  • Customer has between 11 and 30 days to cure a breach before Cobalt can terminate for cause
  • Cobalt may suspend Customer's access to the service for payment-related issues
IP & Ownership
60% Balanced Favoring Customer

Customer's IP

Licenses to Customer IP

  • Cobalt receives a right to Customer's suggestions and/or feedback
  • Cobalt receives the right to use Customer's name and/or marks publicly

Publicity rights

  • Cobalt's use of Customer's name and/or marks is subject to Customer's guidelines

Assignment of Customer IP or work product

  • Customer does not assign any work product or other IP to Cobalt

Warranties Offered

Other warranties

  • Cobalt provides warranties regarding IP infringement
  • Cobalt provides warranties regarding its authority to enter into this contract and/or the validity of this contract
Restrictions & Controls
70% Customer Favorable

Summary

Non-compete

  • There are no restrictions on Customer's right to compete with Cobalt

Non-solicit

  • There are no restrictions on Customer's right to solicit

Exclusivity

  • There are no restrictions on Customer's ability to procure similar products or services from other vendors

Vendor's assignment rights

  • Cobalt is allowed to assign in the event of a merger or acquisition
  • Cobalt is allowed to assign in the event of a corporate reorganization
  • There are consent requirements restricting Cobalt's ability to assign the contract
  • Consent requirements do not apply in the event of a merger or acquisition
  • Consent requirements do not apply in the event of a corporate reorganization
  • There are no notice requirements restricting Cobalt's ability to assign the contract
  • There are no restrictions or conditions on Cobalt's right to assign to a competitor of Customer

Customer's assignment rights

  • Customer is allowed to assign in the event of a merger or acquisition
  • Customer is allowed to assign in the event of a corporate reorganization
  • There are consent requirements restricting Customer's ability to assign the contract
  • Consent requirements apply to Customer's assignment rights in the event of a merger or acquisition
  • Consent requirements apply to Customer's assignment rights in the event of a corporate reorganization
  • There are no notice requirements restricting Customer's ability to assign the contract
  • There are restrictions or conditions on Customer's right to assign to a competitor of Cobalt
Contract
Rating
Cobalt
Platform Services Agreement
80% Customer Favorable
Synack
MSA
60% Balanced Favoring Customer
Rapid7 LLC
General Terms and Conditions
60% Balanced Favoring Customer
HackerOne
Customer Terms and Conditions
50% Balanced
BreachLock
Software as a Service
50% Balanced
Bugcrowd
Customer Terms and Conditions_Smrithi
70% Vendor Favorable
NetSPI
NETSPI TERMS AND CONDITIONS
80% Vendor Favorable
Astra IT
Terms of Service
90% Vendor Favorable

Access the complete methodology and detailed breakdown by downloading the full report for in depth insights

Why this Matters

See value, risks, and position at a glance for better decisions.

A certified contract gives buyers an immediate signal that the agreement has already been independently reviewed against objective standards, so they do not need to start from a blank slate. That means procurement and legal can focus on any truly exceptional issues instead of re-litigating the whole paper, helping the vendor get to usage faster.

When a contract is benchmarked and certified as Balanced or Customer Favorable, buyers know the core terms are already aligned with market norms and defined fairness criteria. That reduces the instinct to redline broadly, because the agreement has already cleared a credibility threshold before negotiation begins.

Certification gives internal stakeholders a common, data-backed basis for approval, which lowers the time spent debating whether the contract is “acceptable”. In practice, that lets procurement, legal, and finance move from review mode to decision mode much faster.

A certified contract signals transparency: the vendor is willing to have its terms independently assessed and publicly displayed as fair, balanced, and market-aligned. That kind of external proof reduces suspicion about hidden risk and makes buyers more comfortable moving forward.

Because certification removes uncertainty early, buyers can spend less time negotiating standard terms and more time deciding whether the product is the right fit. TermScout positions this as a way to cut negotiation friction and accelerate time to signature, which directly shortens the overall deal cycle.

How TrustMark™ Works?

1

Data Extraction

Scans and converts legal text into structured data.

2

Objective Scoring

Clauses benchmarked against market data.

3

Deal Breakers

Risks and non-negotiables flagged early.

4

Benchmarking

Compares your contract to market standards.

5

Certification

Contract validated after meeting risk and score thresholds.

Based on 750 plus contract signals benchmarked against market data.

Certified Contract Reports, Explained

Verified™ contract reviews are reviews of contracts that have been carefully checked by contract experts. This review is designed to help users understand the rights and obligations associated with the Platform Services Agreement ("PSA") for Cobalt Labs, Inc.. We looked at the issues found in 'Term Sheets' and did not look for any other issues.

For more information on TermScout's contract review process, visit our methodology page.

In order to qualify for Certification, a contract must meet the following criteria:

  • Achieve a TermScout rating of Balanced or Customer Favorable, and
  • Be free of all designated Deal Breaker clauses.

The difference between certified Balanced and certified Customer Favorable is the TermScout favorability rating achieved by the contract. Each of these criteria is more fully described below.

A contract is balanced when it allocates risks between the parties in a roughly equal manner, as determined by TermScout's two-step, data-driven analysis. First, we use our proprietary AI to abstract over 750 defined data points from each contract we analyze. Then, we use an algorithm to objectively score that data. Because TermScout looks at the exact same set of data points and uses the exact same scoring algorithm in every contract analysis we conduct, you can now compare contracts on an apples-to-apples basis. (You can read more about the data points that TermScout analyzes in every IT contract here.)

This enables us to objectively rate contracts at both the agreement level and by key topic area (e.g., limitations of liability, indemnification, warranties, etc.) and show you which contracts are vendor favorable, which are customer favorable, and which are balanced.

Not all risks are created equal. Even if a contract shifts only a single risk to the buyer, the contract still may not merit certification if that risk is material enough. Examples of these types of Deal Breakers include exclusivity, complete disclaimers of liability, etc. Accordingly, TermScout will not certify a contract if it contains any of the following Deal Breaker clauses,² which TermScout identified by reference to market data and input from prominent buy-side and sell-side legal experts from TermScout's Innovation Advisory Council:

This makes it nearly impossible for a customer to recover from a vendor, no matter what goes wrong - even if the vendor violates other provisions of the contract.

Signing non-competes means contractually promising not to engage in a certain line of business. This is something most businesses want to avoid where possible.

Agreeing not to solicit a vendor's employees, customers, or vendors sounds reasonable, but it places challenging burdens on the customer to ensure they comply.

Agreeing not to procure similar services from other companies can severely hinder a company's ability to do business.

Privacy laws require companies to follow strict rules with respect to how they handle certain types of data. This clause presents major risks to a company's ability to comply with such laws.

It's extremely rare for a customer to need to assign IP rights to an IT vendor. Doing so can materially jeopardize a company's rights in its own IP.

Since most IT services today are delivered "as a service", customers often upload wide varieties of information onto vendors' servers. Confidentiality commitments are expected by most customers.

The goal of TermScout's reports is to provide users with the data necessary to make an informed decision about whether they can accept the terms. The data provided in TermScout's reports includes:

  • Term Sheet: A full report of the key rights and obligations contained in the agreement.
  • Overall Ratings: TermScout's overall impression of the favorability of the contract vis a vis the parties. These ratings are algorithmic approximations of favorability that are based on market data and the subject views of contract experts with experience in the specific type of contract.
  • Rare Clause Radar: TermScout identifies and surfaces a list of the most rare and material clauses that favor your counterparty.
  • Playbooks: Playbooks are a way of programming into TermScout's software a specific set of acceptance criteria for a contract type. All accounts have access to sample Playbooks for select templates, and Pro accounts have the ability to build custom Playbooks.
  • Comparable Contracts: We'll show a list of contracts sorted by favorability ratings and allow for the comparison of similar contracts based on position, industry, and contract type.
  • Market Data: Any right or obligation in a contract can be compared to market data for similar contract types, including data from TermScout's Contract Market Database™ of thousands of public contracts and anonymized and aggregated data from hundreds of negotiated contracts.

Certified Contract Reports contain only a subset of the above data. To access all of the data available, create a free account here and search for the desired contract in Triage.

Please note that this report focuses on the identification of terms from the contract documents listed under 'Scope of Review' and compares them against a defined set of criteria. Certain services may be subject to additional terms not available to TermScout, such as purchase orders and other deal-specific documents. You should always review the terms associated with the specific service you are using and know that TermScout's ratings generally do not cover (a) services purchased through a reseller, (b) offline variants of any of the Agreements, (c) service-specific terms that override any of the terms discussed here, or (d) free services. You also should consult your legal counsel if you have any questions about the meaning, significance or assessment of any agreement or provision.

TermScout prepared this report with an average use-case customer in mind and operated under the assumptions listed below (the "Key Assumptions"). To the extent that provisions in a contract vary based on specific circumstances that differ from the Key Assumptions, TermScout ignores those variations. Additional contract-level assumptions, if any, are disclosed in 'Notes to Customer'.

Key Assumptions

  1. Customer is an average "end user" of the service (i.e. not a partner, distributor, or developer).
  2. Customer is not a government entity.
  3. Customer is a US-based company and is using the service in the US.
  4. Customer is a paying user (i.e. not a user of free services).
  5. Customer is not using beta services.
  6. Unless otherwise noted, service-specific terms that may override or supersede the terms of the Agreement are not reviewed by TermScout.

We reviewed the PSA for Cobalt and any documents specifically listed under 'Scope of Review'. For purposes of this report, "Customer" means the party contracting with Cobalt and "Vendor" means Cobalt.

References herein to the "Agreement" are to the following documents:

TermScout did not review any documents other than those listed above. If other documents form part of this Agreement, the answers provided by TermScout may be incomplete or incorrect. TermScout's accuracy commitments only cover documents specifically identified in this section.

No additional notes to customer for this report.

View a full breakdown of our contract certification deal breakers.

Frequently Asked Questions

Find quick answers to the most common questions about our platform, process, and agreements.

Contact Us

Enterprise buyers frequently challenge agreements that broadly exclude audit findings, governance metadata, operational telemetry, or compliance analytics from confidentiality protections. Additional scrutiny is common when vendors reserve expansive rights to internally reuse governance-related information for benchmarking, product optimization, or reporting activities without clearly defined operational safeguards. Buyers generally expect confidentiality frameworks for compliance and GRC platforms to reflect the sensitivity of enterprise risk, audit, and regulatory data processed within the environment.

Compliance and GRC platforms frequently integrate with identity systems, audit workflows, regulatory reporting tools, and enterprise governance infrastructure across multiple operational environments. IT, security, and legal teams therefore evaluate whether confidentiality obligations align with access controls, retention practices, infrastructure segmentation, and third-party oversight requirements. Review complexity increases when contractual handling obligations remain vague or operationally inconsistent with the platform architecture and governance workflows described during procurement.

Buyers increasingly focus on whether confidentiality structures create manageable oversight across audit records, investigation materials, compliance assessments, and regulatory reporting workflows. Concerns often arise when agreements provide limited transparency into subcontractor access, operational support practices, or internal vendor use of governance-related information. Enterprise teams also assess whether confidentiality obligations remain enforceable across integrated systems and evolving compliance-monitoring environments over time.

Market-aligned agreements generally define protected information broadly, preserve clear operational restrictions on reuse and disclosure, and maintain transparent controls over retention and third-party access. Contracts become harder to approve when vendors narrowly define confidential information, broadly exempt operational governance data, or rely heavily on external policies subject to unilateral modification. Buyers often interpret overly permissive confidentiality structures as indicators of elevated governance, regulatory, and operational risk.

Check If Your Contract Qualifies for Certification

See how your terms compare to market standards and uncover opportunities to build buyer trust and close deals faster.

Get your Certification Score Now