Last Updated: April 24, 2026
Audience: Insurers, MGAs, Program Administrators
Cyber Insurance / Attested Risk Addendum
Last Updated: April 24, 2026
This Cyber Insurance / Attested Risk Addendum (this “Addendum”) supplements the H33.ai Platform Terms of Service (the “Terms”) and applies only if the Cyber Insurance Services, Attested Risk Services, HATS cyber-insurance workflows, proof-bundle features, or related insurance-facing verification services are activated for Customer under an Order Form, master services agreement, program agreement, written statement of work, or other H33-approved enablement flow.
This Addendum is intended for insurer-facing deployments in which Customer is an insurer, managing general agent, program administrator, or other insurance-side contracting party that uses H33 outputs as technical inputs to Customer’s independent underwriting, renewal, portfolio review, risk-engineering, claims review, or related cyber-insurance workflows.
Capitalized terms not defined in this Addendum have the meanings given in the Terms.
The Cyber Insurance Services are optional and are not included in the Services unless activated for Customer through an Order Form, written agreement, approved program documentation, or other H33-approved enablement flow.
If activated, this Addendum forms part of the Contract Documents and governs Customer’s access to and use of the Cyber Insurance Services.
This Addendum is intended to govern H33’s relationship with the Cyber Insurance Customer. Brokers, Policyholders, insureds, applicants, administrators, and other participants may be subject to separate H33-approved terms, click-through terms, authorization notices, privacy notices, data authorizations, or program materials.
If there is a conflict between this Addendum and the Terms, this Addendum controls solely with respect to the Cyber Insurance Services. The Terms otherwise remain in full force and effect.
This Addendum does not expand H33’s liability, warranties, service levels, indemnities, or obligations except to the extent expressly stated in an Order Form signed by H33.
“Attested Control State” means a cryptographically signed, timestamped, logged, hashed, or otherwise technically recorded representation of observed Control Signals from one or more Integration Sources during a Verification Window. Attested Control State reflects the information made available to H33 through authorized integrations, telemetry, configuration, and system permissions at the time of observation. It does not represent complete enterprise security status, legal compliance, insurance eligibility, coverage entitlement, or any determination that a Policyholder is secure, compliant, insurable, or entitled to any insurance outcome.
“Cyber Insurance Customer” means Customer when Customer is an insurer, managing general agent, program administrator, reinsurer, or other insurance-side contracting party approved by H33 that activates or uses the Cyber Insurance Services for underwriting, renewal, portfolio review, broker distribution, policyholder engagement, risk engineering, claims review, or related cyber-insurance workflows.
“Policyholder” means an insured, prospective insured, applicant, policyholder, customer, member, account, or other entity whose systems, tools, control posture, or security environment may be connected to, observed by, or evaluated through the Cyber Insurance Services.
“Broker” means an insurance broker, producer, agent, intermediary, channel partner, or other authorized party involved in presenting, placing, renewing, servicing, facilitating, or supporting a cyber-insurance policy, application, quote, renewal, claim, or related workflow.
“Proof Bundle” means a package, file, report, attestation, log extract, verification summary, timestamped record, cryptographic proof, dashboard output, API response, or related technical output generated by or through the Cyber Insurance Services. A Proof Bundle may include observed Control Signals, Integration Source information, timestamps, system identifiers, verification status, configuration evidence, change history, audit logs, hash values, or related metadata, depending on the enabled features, available telemetry, and applicable Verification Window.
“Control Signal” means a data point, system state, configuration status, security-control indicator, telemetry element, log event, hash, metadata element, or other signal observed through an authorized Integration Source, including whether a control appears to be enabled, disabled, present, absent, current, expired, changed, misconfigured, unavailable, or otherwise reflected in available telemetry.
“Verification Window” means the time period, point-in-time snapshot, recurring interval, event-triggered period, or other defined timeframe during which H33 observes or processes Control Signals for purposes of generating an Attested Control State, Proof Bundle, Claims Event Query result, or related output.
“Integration Source” means a third-party system, account, platform, API, cloud environment, endpoint tool, identity provider, backup platform, productivity suite, security tool, log source, security information and event management tool, or other technology source connected to the Cyber Insurance Services by or on behalf of Customer or a Policyholder. Integration Sources may include, as applicable, Microsoft, Google, endpoint detection and response tools, backup platforms, cloud providers, identity systems, ticketing systems, security tools, or other systems identified in an Order Form, Documentation, or H33-approved integration workflow.
“Claims Event Query” means a request, search, review, report, investigation-support query, or analysis conducted through the Cyber Insurance Services in connection with an actual, suspected, alleged, or reported cyber event, claim, loss, notice of circumstance, coverage inquiry, incident review, ransomware event, business interruption event, or other insurance-related cyber incident workflow.
“Cyber Insurance Services” means the H33 features, HATS workflows, APIs, dashboards, integrations, Proof Bundles, Attested Control State outputs, Claims Event Query tools, control-state verification features, policyholder authorization flows, broker-facilitated initiation tools, and related technology services made available for cyber-insurance use cases.
“Terminal” means an H33-controlled or H33-approved interface, workflow, link, portal, or authorization environment through which a Policyholder, administrator, Broker, or other authorized participant may initiate, authorize, connect, review, or manage an Integration Source or related verification workflow.
H33 is a technology provider. H33 provides tools that may generate Attested Control State outputs, Control Signal summaries, Proof Bundles, Claims Event Query results, and related technical evidence.
Customer, and not H33, is solely responsible for all underwriting, pricing, renewal, nonrenewal, cancellation, coverage, claims, regulatory, policyholder, broker, actuarial, portfolio, and insurance decisions.
Unless otherwise stated in an Order Form, the Policyholder or its authorized administrator is responsible for authorizing access to the relevant Integration Sources, systems, accounts, environments, tools, data, telemetry, and permissions.
Where a Broker participates in a workflow, the Broker acts as a facilitator of the applicable insurance placement, renewal, policyholder engagement, verification initiation, or related workflow. Brokers do not receive underwriting, pricing, claims, coverage, or decision-making authority from H33.
H33 does not act as agent, broker, producer, fiduciary, representative, claims handler, claims administrator, adjuster, actuary, attorney, cybersecurity advisor, compliance advisor, or administrator for Customer, any Broker, any Policyholder, any insured, or any claimant.
Subject to the Terms, this Addendum, the applicable Order Form, Documentation, and stated output limitations, H33 grants Customer the right to use Proof Bundles, Attested Control State outputs, Control Signals, Claims Event Query results, and related Cyber Insurance Services outputs as technical inputs to Customer’s independent underwriting, renewal, portfolio review, risk-engineering, broker-support, claims review, and related cyber-insurance workflows.
Customer may rely on H33 outputs only within the scope of the enabled integrations, available telemetry, configured permissions, applicable Verification Window, and stated limitations of the applicable Proof Bundle, dashboard output, API response, or other output.
H33 outputs may support Customer’s internal analysis, evidentiary record, risk-engineering review, underwriting file, renewal file, claims file, or portfolio review. H33 outputs do not determine eligibility, premium, rating classification, policy terms, coverage, claim payment, claim denial, regulatory compliance, legal compliance, or any other insurance decision.
Customer remains solely responsible for all insurance, underwriting, pricing, renewal, nonrenewal, cancellation, coverage, claims, actuarial, regulatory, compliance, and customer-communication decisions.
Customer will not use any Proof Bundle, Attested Control State output, Control Signal, Claims Event Query result, dashboard output, API response, or other H33 output as the sole basis for any underwriting, pricing, renewal, nonrenewal, cancellation, coverage, claim, regulatory, legal, or similarly significant decision.
Unless expressly stated in an Order Form signed by H33, no Broker, Policyholder, insured, applicant, claimant, reinsurer, regulator, auditor, investor, lender, counterparty, or other third party receives any contractual reliance right, warranty, representation, certification, or assurance from H33 with respect to any Proof Bundle, Attested Control State output, Control Signal, Claims Event Query result, dashboard, API response, or related output. Customer is solely responsible for any disclosure, characterization, submission, or use of H33 outputs with such third parties.
Where supported by the applicable feature and during the applicable retention period, if any, H33 may maintain technical records associated with Proof Bundle generation, including timestamps, hash values, system identifiers, verification status, and audit logs. These records are intended to support technical integrity review only. H33 does not warrant legal chain of custody, evidentiary admissibility, authentication, sufficiency, or acceptance in any claim, litigation, arbitration, regulatory review, audit, or dispute.
As between the parties, H33 retains all right, title, and interest in and to the Cyber Insurance Services, HATS workflows, Terminal, APIs, dashboards, verification logic, scoring logic, schemas, Proof Bundle formats, attestation methods, cryptographic workflows, technical labels, control-signal mappings, system designs, Documentation, and related technology. Customer receives only the limited use and reliance rights expressly stated in this Addendum, the Terms, and the applicable Order Form.
A Proof Bundle reflects the Control Signals, Integration Sources, permissions, API responses, and Verification Window available when the Proof Bundle was generated. H33 has no obligation to recreate, supplement, update, re-run, or validate a historical Proof Bundle after generation unless expressly stated in an Order Form. If underlying Integration Sources, permissions, logs, APIs, telemetry, or configurations change after generation, the prior Proof Bundle will not necessarily reflect those later changes.
Unless expressly stated in an Order Form, H33 has no obligation to retain, preserve, reproduce, regenerate, or maintain availability of any Proof Bundle, Claims Event Query result, log, timestamp, dashboard output, API response, or underlying Control Signal beyond H33’s standard retention practices. Customer is responsible for preserving any H33 output Customer intends to use for underwriting, claims, regulatory, audit, reinsurance, or evidentiary purposes.
H33 does not underwrite, rate, bind, issue, quote, sell, solicit, negotiate, place, market, recommend, adjust, adjudicate, approve, deny, administer, or service insurance products, policies, applications, endorsements, renewals, cancellations, claims, or coverage determinations.
H33 does not determine insurance eligibility, premiums, rating classifications, policy terms, deductibles, exclusions, endorsements, coverage availability, claim payment, claim denial, claim valuation, reservation of rights, loss causation, compliance with policy conditions, or regulatory compliance.
The Cyber Insurance Services, Proof Bundles, Attested Control State outputs, Control Signals, Claims Event Query results, dashboards, APIs, Documentation, and related materials do not constitute insurance, legal, actuarial, underwriting, claims, compliance, cybersecurity, risk-management, or professional advice.
H33 is not an insurer, reinsurer, insurance producer, broker, agent, managing general agent, program administrator, third-party administrator, claims administrator, loss adjuster, actuarial advisor, risk-bearing entity, or coverage decision-maker.
Or accept via terminal:
h33 hats accept attested-risk-addendum --signer "Your Name" --email you@company.com
Digital signature recorded with timestamp, document hash, and H33 Substrate attestation.