Platform Disclaimer
IMPORTANT: Please read this disclaimer carefully before using Custodia. This document explains what our platform is and is not, and the limitations of our service.
1. Custodia Is Not a Certifying Body
CUSTODIA, LLC IS NOT A CMMC THIRD-PARTY ASSESSMENT ORGANIZATION (C3PAO). We are not authorized by the Department of Defense (DoD), the Cyber AB (formerly CMMC Accreditation Body), or any government agency to certify organizations for CMMC compliance. The Service is a software tool to help you prepare for compliance; it cannot and does not certify your organization. Only authorized C3PAOs can conduct official CMMC assessments and grant certification.
2. No Guarantee of Certification or Contract Awards
USE OF CUSTODIA DOES NOT GUARANTEE: (a) that you will achieve CMMC certification at any level; (b) that you will pass a C3PAO assessment; (c) that you will be awarded any government contract; (d) that your SPRS score will be accepted by the DoD; or (e) any particular outcome related to your compliance efforts. Certification and contract decisions are made by third parties over which we have no control.
3. AI-Generated Content Requires Human Validation
The Service uses artificial intelligence (Google Gemini and related technologies) to generate policy documents, System Security Plans, evidence analysis, and other content. AI-GENERATED CONTENT MAY CONTAIN ERRORS, OMISSIONS, INACCURACIES, OR CONTENT THAT IS NOT SUITABLE FOR YOUR ORGANIZATION. You must: (a) carefully review all AI-generated content; (b) edit and customize content for your specific environment; (c) have qualified personnel approve content before use; (d) not rely solely on AI output for compliance decisions. Custodia is not responsible for errors in AI-generated content or for your reliance on such content.
4. SPRS Scores Are Estimates
The SPRS (Supplier Performance Risk System) scores calculated by Custodia are ESTIMATES based on information you provide and our interpretation of DoD scoring methodologies. These scores: (a) may not match official DoD calculations; (b) are for internal planning purposes only; (c) should not be submitted to government systems without independent verification; (d) may become outdated if DoD methodologies change. You are solely responsible for the accuracy of any SPRS scores you submit to the DoD.
5. Not Legal, Professional, or Consulting Advice
CUSTODIA DOES NOT PROVIDE LEGAL ADVICE, PROFESSIONAL COMPLIANCE CONSULTING, OR CYBERSECURITY ADVISORY SERVICES. The Service is a software tool only. For authoritative guidance, you should consult: (a) qualified legal counsel familiar with government contracting and cybersecurity law; (b) certified CMMC professionals or Registered Practitioner Organizations (RPOs); (c) official DoD and Cyber AB publications; (d) your contracting officer for contract-specific requirements. Nothing in the Service creates an attorney-client, consultant-client, or professional advisory relationship.
6. Evidence Hashing Limitations
The SHA-256 hashing feature provides a technical mechanism to detect changes to uploaded files. This feature: (a) does not establish legal chain of custody; (b) does not constitute admissible evidence in legal proceedings; (c) does not replace proper evidence handling procedures required by CMMC or your organization; (d) depends on the integrity of your upload process. You remain responsible for implementing proper evidence collection and retention procedures.
7. Regulatory Changes
CMMC requirements, DoD regulations, NIST standards, and related guidance may change at any time without notice to Custodia. The Service may not immediately reflect regulatory changes. You are responsible for: (a) monitoring official sources for regulatory updates; (b) verifying that your compliance approach meets current requirements; (c) not relying solely on Custodia for regulatory awareness. We endeavor to update the Service promptly, but do not guarantee real-time accuracy.
8. Your Responsibility for Accuracy
The quality of Custodia's output depends entirely on the accuracy and completeness of information you provide. You are solely responsible for: (a) truthfully representing your security practices; (b) providing accurate organizational information; (c) uploading authentic evidence; (d) not misrepresenting your compliance status. Providing false or misleading information may violate federal law and your contractual obligations.
9. No Warranty
THE SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTY OF ANY KIND. WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL MEET YOUR REQUIREMENTS OR THAT OPERATION WILL BE UNINTERRUPTED OR ERROR-FREE.
10. Limitation of Liability
TO THE FULLEST EXTENT PERMITTED BY LAW, CUSTODIA SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, CONTRACTS, OR BUSINESS OPPORTUNITIES, ARISING FROM YOUR USE OF THE SERVICE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR TOTAL LIABILITY SHALL NOT EXCEED THE FEES PAID BY YOU IN THE TWELVE MONTHS PRECEDING THE CLAIM.
11. Assumption of Risk
By using Custodia, you acknowledge that: (a) compliance decisions are complex and consequential; (b) software tools have inherent limitations; (c) you bear responsibility for your compliance outcomes; (d) you will not hold Custodia responsible for certification failures, contract losses, or related damages. You assume all risks associated with using the Service for compliance purposes.
Questions about this policy?
Contact us and we'll help clarify.