Hardware Lease Terms
Last Updated: February 23, 2026 Effective Date: Upon execution of the Cortex Order Form
1. Scope
These Hardware Lease Terms apply exclusively to Customers who lease a physical Cortex appliance from Tacitus Systems. These terms supplement the Master Service Agreement and are incorporated by reference.
For definitions of capitalized terms, refer to the Master Service Agreement, Section 2.
2. Ownership & Title
The Cortex appliance is provided under an Operational Lease. Tacitus Systems retains full legal title and ownership of the hardware, including the chassis, motherboard, GPU(s), TPM 2.0 module, and all factory-installed components.
Customer is granted a limited, non-exclusive, non-transferable right to possess and operate the unit at Customer’s registered business location as specified in the Order Form.
Customer shall not: (a) sell, sublease, pledge, or encumber the hardware, (b) relocate the unit without prior written notice to Tacitus Systems, or (c) modify the hardware (including firmware or BIOS) without written authorization.
3. Lease Term & Renewal
3.1 Minimum Term
The minimum lease term is twelve (12) months, commencing on the date of hardware delivery and successful provisioning.
3.2 Month-to-Month Continuation
Upon expiration of the minimum twelve (12) month term, the lease automatically converts to a month-to-month arrangement at the applicable Loyalty Rate specified in the Order Form. Either party may terminate the month-to-month arrangement by providing at least thirty (30) days’ written notice.
3.3 Upgrade Path
Customer may upgrade to a higher hardware tier during the lease term. The remaining value of the current lease period will be credited toward the upgraded tier, as specified in the applicable Order Form.
4. Pricing & Payment
4.1 Lease Fee
Customer shall pay a fixed monthly lease fee as specified in the Order Form. The fee covers: hardware use, software licensing, and standard support (as defined in the Support & SLA Terms).
4.2 Fee Adjustments
Tacitus Systems may adjust the monthly lease fee no more than once per twelve (12) month period. Any adjustment will be communicated at least sixty (60) days before taking effect. Fee increases are capped at the greater of: (a) 10% of the current fee, or (b) the annual EU Harmonized Index of Consumer Prices (HICP) inflation rate for the preceding year. If Customer does not agree to the fee adjustment, Customer may terminate the lease by providing thirty (30) days’ written notice before the adjustment takes effect, without incurring early termination fees.
4.3 Payment Terms
Invoices are issued monthly in advance and are due within fourteen (14) calendar days of the invoice date. Late payments accrue interest at the rate prescribed by Polish law for commercial transactions (Ustawa o przeciwdzialaniu nadmiernym opoznieniom w transakcjach handlowych).
5. Security Deposit
5.1 Amount
Customer shall pay a Security Deposit in the amount specified in the Order Form prior to hardware delivery. The deposit is held by Tacitus Systems in a standard business account.
5.2 Return
The Security Deposit (or remaining balance) is returned within thirty (30) days of successful completion of the Secure Return Protocol (Section 9), less any authorized deductions.
5.3 Forfeiture Conditions
Tacitus Systems may deduct from the Security Deposit for:
| Condition | Deduction |
|---|---|
| Hardware damage beyond normal wear and tear | Repair or replacement cost |
| NVMe drives retained by Customer upon return | Drive replacement fee as specified in the Order Form |
| Unreturned hardware within 30 days of lease termination | Full deposit forfeited; additional fees may apply |
| Unauthorized chassis opening (confirmed tamper event) | Graduated response (see Section 7) |
5.4 Deposit Statement
Upon return of the hardware, Tacitus Systems will provide an itemized statement of any deductions within fifteen (15) days.
6. Maintenance & Supply Drops
6.1 Customer Responsibility
As an air-gapped unit, the Cortex appliance does not receive automatic updates. Customer is responsible for:
- Periodically checking for available Supply Drops via the Tacitus Systems portal.
- Downloading, verifying, and applying Supply Drops in a timely manner.
6.2 Security-Critical Updates
When Tacitus Systems releases a Supply Drop containing a security-critical fix, Customer will be notified via email with a clear urgency classification:
| Urgency | Description | Recommended Action |
|---|---|---|
| Critical | Active exploitation risk or severe vulnerability | Apply within 48 hours |
| High | Significant vulnerability, no known exploitation | Apply within 7 days |
| Medium | Moderate risk, defense-in-depth improvement | Apply within 30 days |
| Low | Minor improvement, no security impact | Apply at next maintenance window |
6.3 Signature Verification
Every Supply Drop is cryptographically signed with Tacitus Systems’ Ed25519 signing key. The API Gateway verifies the signature before applying the update. Packages with invalid or missing signatures are rejected automatically.
7. Physical Security & Shield Protocol
7.1 Maintenance Mode
Before any authorized physical access to the Cortex chassis (e.g., drive replacement, visual inspection), Customer must enable Maintenance Mode through the Admin UI. Maintenance Mode temporarily suspends the applicable physical security monitoring for a defined time window.
Forthcoming feature — chassis intrusion detection. Future software releases may include hardware-level chassis intrusion detection. If this feature is deployed via Supply Drop to Customer’s unit:
- Maintenance Mode (enabled through the Admin UI) will be required before any authorized physical access to the chassis.
- Only Tacitus Systems-authorized personnel and Customer (with Maintenance Mode enabled) may open the chassis.
- Opening the chassis without Maintenance Mode enabled will trigger the Shield Protocol (Section 7.2).
Current units do not have active hardware intrusion sensors. The Shield Protocol described in Section 7.2 will become enforceable upon deployment of the intrusion detection feature.
7.2 Unauthorized Access: Graduated Response (Shield Protocol)
Note: Chassis intrusion detection is a forthcoming feature, not yet active in the current software release. The Shield Protocol described below will be enforced once the hardware intrusion detection feature is deployed to Customer’s unit via Supply Drop. Current units do not have active hardware intrusion sensors. The contractual framework governing unauthorized access is established here in anticipation of that deployment.
If the chassis is opened without Maintenance Mode enabled (once intrusion detection is active), the system responds with a graduated enforcement protocol:
| Stage | Trigger | Response | Recovery |
|---|---|---|---|
| 1. Security Lockout | Chassis sensor triggered without Maintenance Mode | Data becomes logically inaccessible | Master admin recovery phrase required |
| 2. Tamper Investigation | Security Lockout persists; Customer contacts support | Tacitus Systems investigates the circumstances | Joint determination within 14 days |
| 3. Confirmed Tampering | Investigation confirms unauthorized, intentional access | System enters Bricked State; Security Deposit subject to graduated deduction | Hardware return and refurbishment required |
7.3 Dispute Resolution
Customer may dispute a tamper determination within fourteen (14) days of notification. Disputes are resolved through the process described in the Master Service Agreement, Section 13.
7.4 Accidental Triggers
Tacitus Systems recognizes that accidental chassis sensor triggers may occur (e.g., during office relocation, cleaning). Stage 1 (Security Lockout) is designed to be recoverable without penalty. Only confirmed intentional unauthorized access results in deposit deductions or Bricked State.
8. Hardware Specifications & Warranty
8.1 Specifications
The hardware tier, GPU configuration, VRAM allocation, storage capacity, CPU, and RAM for the leased unit are specified in the Order Form.
8.2 Warranty
Tacitus Systems warrants that the Cortex hardware will be free from manufacturing defects and will function in accordance with its published specifications for the duration of the lease term.
If a hardware defect is confirmed:
- Tacitus Systems will ship a replacement unit or replacement component within the timeframe specified in the Support & SLA Terms.
- If the unit must be replaced entirely, Tacitus Systems will assist with data migration via the Graduation protocol (Cortex-to-Cortex transfer) using the Customer’s Master Mnemonic and RAID 1 redundancy.
- Tacitus Systems bears the cost of replacement hardware and shipping for warranty-covered defects.
8.3 Warranty Exclusions
The warranty does not cover damage caused by: (a) unauthorized modification or tampering, (b) misuse, negligence, or accident, (c) power surges or environmental conditions outside published operating specifications, or (d) normal wear and tear of consumable components.
8.4 Data Recovery Limitations
Data recovery is limited to the capabilities of the RAID 1 mirrored storage configuration. If both NVMe drives fail simultaneously and the Customer has lost the Master Mnemonic, data is permanently unrecoverable. Tacitus Systems does not store backup copies of Customer Data.
In the event of a verified hardware defect (confirmed by device serial number and account ownership), Tacitus Systems will provide reasonable technical assistance to facilitate data recovery through RAID 1 redundancy or replacement hardware provisioning.
9. The Secure Return Protocol
9.1 Initiation
Upon termination or non-renewal of the lease, Customer must return the Cortex appliance within thirty (30) days of the effective termination date.
9.2 Data Handling Options
Before returning the hardware, Customer may choose one of the following:
| Option | Description | Fee |
|---|---|---|
| A. Retain NVMe Drives | Customer physically removes the NVMe storage drives at Customer’s premises before shipment and retains them. Customer’s data never leaves Customer’s possession. The unit is returned to Tacitus Systems without the drives. | Drive replacement fee as specified in the Order Form |
| B. Witness Destruction | Customer witnesses the physical destruction or certified secure erasure of the NVMe drives at Tacitus Systems’ facility. | No additional fee |
| C. Certified Remote Erasure | Customer ships the unit to Tacitus Systems with drives intact. Tacitus Systems performs certified secure erasure at Tacitus Systems’ facility and provides a written certificate of destruction. | No additional fee |
9.3 Shipping
Tacitus Systems provides a pre-paid, insured return shipping label. The shipment is insured for the full replacement value of the hardware. Customer is responsible for packaging the unit in accordance with Tacitus Systems’ provided packaging instructions. Risk of loss or damage during transit is covered by the shipping insurance; in the event of a transit loss or damage claim, Tacitus Systems will manage the insurance claim process.
9.4 Inspection
Upon receipt, Tacitus Systems inspects the hardware for damage and completeness. The inspection report and any Security Deposit deductions are communicated to Customer within fifteen (15) days.
9.5 Late Return
If the hardware is not returned within thirty (30) days of the termination date, the following graduated penalties apply:
| Timeframe | Consequence |
|---|---|
| 31-60 days | Ongoing lease fee charged monthly (pro-rated) |
| 61-90 days | Security Deposit forfeited |
| Beyond 90 days | Full Replacement Value as specified in the Order Form is charged to Customer |
10. Insurance & Risk
10.1 Customer Risk
Customer bears the risk of loss, damage, or theft of the Cortex appliance from the date of delivery until the date of return to Tacitus Systems.
10.2 Insurance Requirement
Customer shall maintain property insurance covering the full replacement value of the Cortex hardware (as specified in the Order Form) for the duration of the lease. The insurance policy must cover, at minimum: fire, flood, theft, and accidental damage.
Customer shall provide proof of coverage to Tacitus Systems within fourteen (14) days of hardware delivery and upon each policy renewal. If Customer fails to provide proof of coverage within thirty (30) days of a written request, Tacitus Systems may, at its discretion: (a) procure equivalent coverage on Customer’s behalf and invoice Customer for the premium, or (b) require an additional security deposit equal to 100% of the hardware replacement value.
11. Contact
For lease-related inquiries, Secure Return scheduling, or hardware support:
Tacitus Systems Ul. KrĂłtka 7 97-200 TomaszĂłw Mazowiecki Poland Email: contact@tacitussystems.com