Terms of Use

Last Updated Date: 30 August, 2024

"These Terms, as defined herein, govern the relationship between you, either as an individual or a representative of a legal entity, and ZeroThreat, Inc, a corporation registered in USA (108 W. 13th Street, Suite 100 Wilmington, DE 19801-1145, USA) as “ZeroThreat”), as outlined in your subscription or a separate Order Form. These Terms apply to your access and use of the Services provided by ZeroThreat through its websites or other means. If you are accepting these Terms on behalf of another person, a company, or another legal entity, you represent and warrant that you have the full authority to bind that person, company, or legal entity to these Terms. The terms “Customer” and “You” refer to you, either as an individual or the legal entity you represent. Please read these Terms carefully before using the Services. If you do not agree to these Terms, you must immediately cease using the Services offered by ZeroThreat. BY SIGNING UP FOR AND USING THE SERVICES, YOU HEREBY AGREE TO BE BOUND BY THESE TERMS AND ANY ADDITIONAL TERMS INCORPORATED HEREIN BY REFERENCE (EXCEPT INSOFAR AS THESE TERMS ARE EXPLICITLY REFERENCED AND VARIED BY THE ORDER FORM), INCLUDING, BUT NOT LIMITED TO, THE ACCEPTABLE USE POLICY AND THE PRIVACY POLICY.”

Definitions

“Acceptable Use Policy”

refers to the specific guidelines and usage rules for ZeroThreat's services, detailed in a section 19 of this document.

“Affiliate”

signifies any organization that holds, either directly or indirectly, influence or is influenced by, or is under shared influence with a party, where influence pertains to the capacity to steer or determine the strategic direction or policy-making of an organization.

“Agreement”

encompasses these Terms, along with your subscription details or any relevant Order Forms executed accordingly, including any related schedules or supplementary terms mentioned herein.

“Application Scanning”

denotes the SaaS-based service offered by ZeroThreat for external Web Application and API Security Scanning, allowing continuous scanning ( Scan or Test) of your software, which includes bespoke applications and APIs for vulnerabilities.

“Availability”

refers to the extent to which ZeroThreat's services are accessible and operational, as detailed in the Section 10. Service Level Agreement, where applicable.

“Attack Surface”

refers to the comprehensive digital footprint encompassing your primary domains and associated subdomains. This includes, but is not limited to, linked domains and the IP addresses these domains resolve to, along with all pertinent details such as DNS records, open network ports, and the various applications and services operating on these domains. It is important to note that this coverage extends to domains and IP addresses linked to your own, which may be under third-party ownership, and are integral to the monitoring and assessment processes conducted through our Application Scanning services.

“Confidential Information”

encompasses all proprietary, sensitive, or trade-secret information regardless of its form—written, visual, electronic, or verbal—that includes, but is not limited to, results, customer data, technical details of ZeroThreat's services, strategic plans, databases, technical diagrams, formulas, processes, prototypes, software code, business forecasts, and information on prospective or existing projects or customers. Such information is explicitly marked as confidential or should reasonably be recognized as confidential by the circumstances of its disclosure. Exclusions to Confidential Information cover data: (a) already known to the recipient without an obligation of confidentiality; (b) that is public knowledge or becomes so through no fault of the recipient; (c) independently developed by the recipient; or (d) that the recipient is legally compelled to disclose, provided they promptly inform the discloser and limit the disclosure to the necessary extent.

“Customer Data”

signifies any data that you, or an authorized third party on your behalf, upload to ZeroThreat's service platform, encompassing the Results.

“Data Processing Agreement”

refers to ZeroThreat's specific agreement outlining data processing protocols and procedures, which is a separate document uploaded on our website.

“Disclosing Party”

means as defined in Section 13.1.

“Effective Date”

The Agreement between you ("Customer") and ZeroThreat becomes operative and binding immediately upon your signup, access, or use of any part of the ZeroThreat Application, whether as a registered user or otherwise. This includes, but is not limited to, browsing the ZeroThreat website, accessing any of its services, or using the application in any capacity. For users who subscribe to specific services offered by ZeroThreat, the Effective Date additionally corresponds to the commencement date of your subscription as recorded in your subscription account. This includes the date you initiate a paid subscription or any agreement formalized through an Order Form, where the Effective Date is as specified within that document. Furthermore, in instances where ZeroThreat offers a Trial Period, such a period shall commence on the date you register for the trial. The Trial Period is an integral part of the Agreement and is subject to all its terms and conditions. The Trial Period allows you to use the Services without financial commitment for the specified duration, providing an opportunity to evaluate the applicability and utility of the Services to your needs. In all cases, by signing up, accessing, or using the ZeroThreat Application and its associated services, you acknowledge and agree to be bound by the terms of this Agreement, including any and all future amendments, modifications, or changes made thereto.

“Intellectual Property Rights”

encompasses the full spectrum of exclusive legal rights conferred by law to creators and owners of original works and inventions. These rights include, but are not limited to, copyrights and their ancillary rights, industrial design rights, patents, both registered and unregistered trademarks and service marks, trade secrets, rights to databases, proprietary know-how, and all forms of protection for confidential information. This definition extends globally for the duration of such rights and includes any and all derivative creations, innovations, or developments that arise pursuant to, or in the execution of, this Agreement.

“Order Form”

"Order Form" denotes a contractual instrument that formalizes the procurement of Services, as stipulated by these Terms. It delineates the precise scope of services to be rendered, the pricing structure, and the specific terms and conditions under which said services will be provided.

“Party” or “Parties”

"Party," or collectively "Parties," refers to the signatory entities bound by this Agreement, either individually as You, the Customer, or ZeroThreat, or collectively when acting in concert with respect to the obligations and rights herein established.

“Privacy Policy”

means Privacy Policy of ZeroThreat referenced to in these Terms

“Receiving Party”

means as defined in Section 13.1.

“Representative”

pertains to those individuals or entities appointed or authorized by either Party, including its Affiliates, who are privy to Confidential Information by necessity of their role. This encompasses: (i) officers and employees with a requisite need for such information; (ii) professional advisors or consultants retained to provide counsel to the Party or its Affiliates; (iii) contractors and subcontractors engaged in work for the Party or its Affiliates; and (iv) any additional parties to whom disclosure of Confidential Information has been consented to in writing by the disclosing Party, provided such disclosure is pertinent to the execution or fulfillment of this Agreement.

“Result”

refers to the conclusive data and findings produced upon the completion of a Test, as furnished through ZeroThreat's service platform. This encompasses, but is not limited to, comprehensive assessments of vulnerabilities and detailed reports thereof. Accessibility to these Results is facilitated via a designated user interface, application programming interfaces (APIs), or through direct integration with third-party tools as provided by ZeroThreat.

“Service”

constitutes the comprehensive suite of Software as a Service (SaaS)-enabled solutions provided by ZeroThreat, specifically designed for robust external Application Scanning. This suite encompasses Dynamic Application Security Testing (DAST), an advanced methodology employed to actively analyze and diagnose web applications for security vulnerabilities through simulated cyber-attack scenarios. Additionally, the Service includes Monitoring and other related professional services that support and enhance the application scanning process. The Service is engineered to deliver continuous and automated security evaluations, thereby enabling clients to fortify their digital infrastructure against emerging threats effectively.

“Service Level Agreement”

means the Service Level Agreement applicable to customers as defined in this agreement section # 10.

"Application Usage Charges"

refers to the fees incurred by the Customer for the utilization of ZeroThreat's scanning services, which are calculated based on the selected size of the scanning instance and the geographic co-location of the server from which the scan is initiated. ZeroThreat provides a tiered pricing model that allows for precise billing, rounded to the nearest minute, ensuring that Customers only pay for the time utilized during the scanning process. Each scanning session includes a mandatory provisioning cost equivalent to five minutes of service use to facilitate the setup of the scanning instance. Customers are granted the flexibility to select the appropriate instance size and preferred server location through the ZeroThreat application interface, which may also provide an estimated scan completion time. However, this estimate is not a guaranteed timeframe for task completion, as actual scan times may vary based on a multitude of factors inherent to the application being scanned and the network environment.

“Subscription Term”

means the duration of Your subscription of the Service as defined in Your account.

Target Domain Surveillance

"Target Domain Surveillance" is a specialized service provided by ZeroThreat, employing a SaaS-based framework for meticulous management and ongoing scrutiny of an organization's target domain. This service is specifically designed to keep a vigilant eye on and assess the public-facing elements of your digital infrastructure, with an emphasis on key web applications and domains. The cornerstone of this service lies in its ability to detect and report any exposed files, ports, identify vulnerabilities, and pinpoint any configuration irregularities. Scope of "Target Domain Surveillance" purview is confined to domains for which the client has maintained an active subscription with ZeroThreat.

“System”

means an information technology asset of a Customer, such as websites, applications, software and information technology environments.

“Terms”

means these terms of use and all additional terms and schedules referenced to herein, such as the Privacy Policy, Acceptable Use Policy, and, if applicable Data Processing Agreement and Service Level Agreement.

“Test or Scan”

“Test" or “Scan” represents a core component of ZeroThreat's suite of services, encompassing a range of comprehensive security evaluations and vulnerability assessments tailored to customer systems. Each Test is a rigorous process that may involve a variety of methodologies, including but not limited to systematic information gathering, website crawling, system fingerprinting, and fuzz testing. Furthermore, the Test procedure may involve the deployment of specialized scripts and the execution of advanced, non-intrusive penetration testing techniques. This multifaceted approach is designed to provide an in-depth analysis of the security posture, identifying potential vulnerabilities and areas for fortification within the client's digital infrastructure.

“Trial”

"Trial" denotes a preliminary, complimentary subscription period provided by ZeroThreat, designed for potential clients to experience the Service without incurring any costs. During this trial, clients are granted a specific quota of free credits, which can be utilized for a limited number of scanning hours, adhering to ZeroThreat's fair usage policy. This policy is in place to ensure equitable access and maintain service quality across the board. It's crucial to note that the trial includes constraints on the total scanning duration, aligning with our commitment to resource sustainability and service excellence. While the trial offers a valuable opportunity to evaluate the efficacy and range of ZeroThreat's cybersecurity solutions, it is not an all-encompassing, unlimited scanning service. Clients are encouraged to use the trial period to understand the capabilities and potential of ZeroThreat's services within the boundaries of the provided free credits and the stipulated usage terms.

“User”

"User" refers to any individual who is authorized to access and utilize ZeroThreat's services. This authorization is granted by either the Customer directly, or through its Affiliates, under the stipulations and conditions set forth in this Agreement. Users are typically members of the Customer's organization or external collaborators, who require access to ZeroThreat's services for the purpose of conducting security scans, analyzing results, or managing cybersecurity protocols. Each User must adhere to the terms of use, policies, and guidelines specified by ZeroThreat, as well as any additional rules or procedures established by the Customer. It is the responsibility of the Customer to ensure that all Users are aware of and comply with these terms and conditions. Furthermore, the Customer is accountable for managing User access, including the assignment of appropriate access levels, monitoring usage, and revoking access when it is no longer required or if a User violates the terms of the Agreement. Users play a critical role in the effective implementation and utilization of ZeroThreat's services, and their compliance with the Agreement is essential for maintaining security and efficacy.

“Recorder”

"Recorder" refers to a specialized Chrome browser extension developed and provided by ZeroThreat, designed to enhance the efficiency and effectiveness of our cybersecurity services. This tool is engineered to seamlessly capture and record critical data from websites, specifically focusing on website endpoints and the necessary credentials for logging into customer's web platforms. When activated, the Recorder meticulously gathers this information, ensuring that ZeroThreat's services can be tailored and applied with precision to the unique digital landscape of each customer. The information captured by the Recorder is utilized to configure and optimize security scans, making the process more aligned with the specific structure and requirements of the customer's website. This tool operates under strict adherence to data privacy and security protocols, ensuring that all collected information is handled with the utmost confidentiality and is used solely for the purpose of enhancing the service provided to the customer. The use of Recorder is governed by the terms of the Agreement and ZeroThreat's privacy policy, underscoring our commitment to safeguarding customer data while delivering top-tier cybersecurity solutions.

1. Service Objectives

The core aim of ZeroThreat's Service is to proactively monitor and fortify the security of your application's internet-facing components. This includes a comprehensive approach to Application Scanning and Domain Surveillance, ensuring a robust defense of your digital Attack Surface, which covers custom-built web applications and other vital online assets.

To achieve these objectives, ZeroThreat employs advanced techniques such as detailed crawling, fuzz testing, authenticated testing, and the strategic deployment of test scripts. These methods are designed to be non-intrusive, focusing on identifying security vulnerabilities within your Systems efficiently.

It is important to recognize that while ZeroThreat endeavors to mitigate any negative impact on your Systems, the nature of security testing may lead to some unavoidable disruptions or side effects. The initiation of all Tests, management of their outcomes, and any consequent issues, including interruptions or adverse effects, are under your purview. The provision of this Service implies your acknowledgment of its risks and your responsibility for any decisions related to the Tests and for addressing any resulting challenges.

2. Use of Service

Under the terms of this Agreement, and contingent upon your compliance with any applicable subscription or Order Form requirements and the timely payment of all relevant fees, ZeroThreat extends to you a non-exclusive, non-transferable, and limited right to utilize the designated Service(s) throughout the duration of your subscription. This right is granted solely for the pursuit of your internal business objectives.

You are permitted to authorize access to the Service for: a) Your own employees, b) Your Affiliates and their respective employees, and c) Third-party consultants who are engaged as independent contractors or subcontractors on your behalf or on behalf of your Affiliates. Such authorization is specifically for the purpose of enabling these parties to provide relevant services to you and/or your Affiliates. This grant of access is aligned with the overarching objective of facilitating your business operations and must be exercised in accordance with the stipulations of this Agreement.

3. Vulnerability Report

Upon the successful completion of a Test, ZeroThreat compiles a comprehensive Vulnerability Report, which encapsulates the findings and insights derived from the assessment. This report is meticulously crafted to provide a detailed analysis of the security posture of your digital assets, highlighting potential vulnerabilities and areas for improvement.

The data contained within the Vulnerability Report is recognized as your proprietary Customer Data. ZeroThreat ensures that the Application Scanning Reports, as integral components of the Vulnerability Report, are securely stored on the Service platform. You have the flexibility to select the retention period for these reports, with the default period set to twelve (12) months, unless you choose to alter this duration or request the removal of your account.

Notwithstanding the above, ZeroThreat reserves the right to store and utilize anonymized and aggregated data derived from your use of the Service, even after the specified retention period or account removal. This data will be used in a manner that does not identify you or your organization, serving purposes such as enhancing service quality, developing new features, and contributing to research and statistical analysis in the field of cybersecurity.

4. Acceptable Use of Service

As a user of ZeroThreat's services, it is imperative that you strictly adhere to the following guidelines to ensure responsible, secure, and lawful use of the Service:

  • a. Authorization and Compliance: Obtain all necessary authorizations, approvals, and permissions for the lawful use of the Service, especially in relation to the systems to which it is applied.
  • b. Adherence to Agreement: Use the Service exclusively within the bounds of this Agreement.
  • c. User Responsibility: Take full responsibility for any actions or omissions by Users associated with your account.
  • d. Legal and Regulatory Observance: Employ the Service in strict compliance with all applicable laws and government regulations, including those specific to your jurisdiction.
  • e. Policy Conformity: Use the Service in alignment with ZeroThreat's Acceptable Use Policy defined in Section 19 of this agreement.
  • f. Restricted Access and Notification: Prevent unauthorized third-party access to the Service, and promptly inform ZeroThreat of any suspected unauthorized use.
  • g. Prohibition of Reverse Engineering: Refrain from reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code or underlying ideas or algorithms of the Service, in whole or in part.
  • h. No Sublicensing or Redistribution: Do not sublicense, resell, rent, lease, distribute, market, or commercialize the Service without prior written consent from ZeroThreat.
  • i. Non-replication of Services: Avoid creating or attempting to create any substitute or similar service derived from access to or reference to the Service provided by ZeroThreat

5. Service Suspension Protocol

ZeroThreat maintains a policy to temporarily suspend access to the Service, either in part or in entirety, for you, your Affiliates, or any individual User, with prior notification, under specific circumstances:

  • a. Security Concerns: If the use of the Service by you, your Affiliates, or any User compromises the security, availability, or integrity of the Service or poses a risk to other customers' environments.
  • b. Policy and Agreement Violations: In instances of non-compliance with the established use rights as detailed in the Acceptable Use Policy, this Agreement, Order Forms, or any applicable laws governing the Service.
  • c. Legal and Liability Issues: When the usage of the Service poses a potential legal risk or liability concern for ZeroThreat.

ZeroThreat will focus the suspension solely on the specific aspects of the Service being misused or in violation of these stipulations. Once the issue leading to the suspension is resolved, ZeroThreat commits to promptly restoring full access to the Service for the affected Customer, Affiliate, or User.

6. Warranties

6.1. Representations and Warranties by ZeroThreat: ZeroThreat hereby represents and warrants the following:

  • a. Right to Grant Licenses: ZeroThreat has obtained all necessary legal rights and authorities to grant the licenses and confer the rights relating to the Service as stipulated in this Agreement.
  • b. Conformity to Specifications: The Services will conform materially to the functional specifications, features, and requirements as outlined in the official support manual, which may be accessed and reviewed at ZeroThreat’s support website. This manual is subject to updates and modifications from time to time.
  • c. Quality of Professional Services: Any professional services provided by ZeroThreat will be conducted in a manner that is diligent, timely, and professionally competent, adhering to the prevailing industry standards and practices.

6.2. Disclaimer of Additional Warranties: Subject to the affirmative warranties set forth in Section 6.1, ZeroThreat disavows all other warranties and representations to the fullest extent permissible under applicable laws. This disclaimer encompasses, but is not limited to, implied warranties of merchantability, title, non-infringement, and fitness for a particular purpose. The express warranties in this Agreement are provided in lieu of, and displace, all other legal warranties and representations, whether express, implied, or statutory.

7. Service Evolution

ZeroThreat is committed to the ongoing enhancement and refinement of its services. Consequently, the content, functionality, and features of the Service may evolve over time. These adjustments are part of our dedication to maintaining state-of-the-art cybersecurity solutions, ensuring that our services consistently deliver effectiveness, relevance, and alignment with the latest advancements in the field.

In line with our commitment to transparency and client-centric practices, ZeroThreat will provide a minimum of 20 days' prior notice for any major modifications to the Service. This advance notification is intended to offer you sufficient time to review and consider the impact of these changes on your utilization of the Service.

We recognize the importance of these modifications in the context of your business operations. As such, you retain the right to terminate your use of the Service if the upcoming changes do not align with your requirements or expectations. This right to termination is a key aspect of our agreement, ensuring that you have the flexibility to make decisions that best suit your business needs in response to service alterations.

ZeroThreat's objective in updating and enhancing the Service is not only to meet the evolving demands of cybersecurity but also to ensure that these changes are manageable and beneficial for our clients. We strive to balance innovation with the practical needs and preferences of our users.

8. Security Commitments

8.1. Security Standards and Certification: ZeroThreat proudly holds ISO27001 certification, reflecting our commitment to maintaining and implementing rigorous security measures in line with the best industry practices. Our services are designed and operated with a strong emphasis on safeguarding security and preventing breaches.

8.2. Data Protection Measures: ZeroThreat implements appropriate technical and organizational measures to ensure the protection of any data, including personal data and Confidential Information, processed or received within the scope of our services. This commitment involves safeguarding data against unauthorized or unlawful transfer, processing, alteration, access, as well as against accidental loss, damage, or destruction. Our approach to data security is comprehensive, encompassing both the prevention of security incidents and the mitigation of their potential impact.

8.3. Continual Security Enhancement: In adherence to our ISO27001 certification and our dedication to security excellence, ZeroThreat continuously evaluates and enhances its security measures. This ongoing process ensures that our defenses remain robust against evolving threats and align with emerging best practices in cybersecurity.

9. Personal Data Processing

9.1. Data Controller Role: ZeroThreat assumes the role of the data controller for all personal data related to Service User accounts, such as names, email addresses, and phone numbers. ZeroThreat is committed to processing this personal data in strict compliance with applicable data privacy laws, as well as adhering to ZeroThreat's Privacy Policy.

9.2. Data Processing on Behalf of the Client: In instances where ZeroThreat processes personal data on your behalf within the scope of providing the Services, such processing will be governed by a specific Data Processing Agreement. This agreement aligns with the stipulations of applicable data privacy laws, including but not limited to the EU General Data Protection Regulation (GDPR) and its subsequent amendments or variations. ZeroThreat's processing activities under this context will be executed with a high degree of care and security, ensuring the protection and lawful handling of your personal data.

10. Service Level Agreement

ZeroThreat's Service Level Agreement (SLA) outlines our commitment to delivering a high-quality and reliable vulnerability scanning service. The SLA includes the following provisions:

  • a. Service Uptime: We guarantee a service uptime of 99%, measured over a monthly cycle, demonstrating our dedication to maintaining consistent service availability and performance.
  • b. Scheduled Maintenance: ZeroThreat reserves the right to perform scheduled maintenance, which will not be counted towards the uptime guarantee. Scheduled maintenance will be limited to a maximum of 4 hours per month. Importantly, we will provide a minimum of 7 days advance notice for any scheduled maintenance to ensure minimal disruption to your operations.
  • c. Uptime Guarantee and Extensions: Should the service uptime fall below the guaranteed level, we offer compensatory extensions as per the following tiered system:
  • Availability Metrics
    Uptime Percentage Extension Offered
    98% to <99% 1 day
    97% to <98% 3 days
    96% to <97% 5 days
    <96% 7 days
  • d. These extensions, in the form of additional service days, will be added to your current billing cycle at no extra cost.

ZeroThreat's SLA is structured to ensure transparency and confidence in our service delivery, guaranteeing that your needs for reliable and effective vulnerability scanning are met with the highest standards of service and support.

11. Prices and Payment Terms

11.1. Service Fees: You shall pay the fees for the Service as outlined on ZeroThreat's website or in a mutually agreed Order Form. This includes 'Application Usage Charges' which are determined based on the size of the instance and the location of the server instance used for scanning. The fees for the Service may be increased annually by up to a maximum of 8% compared to the previous year for the same quantity of licenses or services. ZeroThreat may modify its fees at its sole discretion, with changes effective once per year.

11.2. Taxes and Governmental Charges: All prices and charges, including 'Application Usage Charges', are exclusive of taxes, levies, or similar governmental charges assessed by any jurisdiction. This includes, but is not limited to, export or local VAT, lease tax, sales, use of goods and service tax, and excise duty.

11.3. Payment by Credit Card: Subscription fees, including 'Application Usage Charges', are payable in advance for the Subscription Term as specified in your subscription or applicable Order Form. License upgrade fees will be charged for the remainder of the Subscription Term upon order. Credit card details are managed by a third-party payment service provider, including a pre-authorization charge for verification.

11.4. Payment by Invoice: If paying by invoice, payment for the Subscription Term, inclusive of 'Application Usage Charges', is due in advance as stated in your subscription or applicable Order Form. All undisputed invoices must be paid within thirty (30) days of the invoice date. ZeroThreat reserves the right to charge interest on late and undisputed payments according to applicable legislation.

11.5. Overuse Charges: ZeroThreat reserves the right to separately charge for overuse of the number of licenses granted in your Subscription or Order Forms, in accordance with the Applicable Use Policy and the 'Application Usage Charges’.

12. Intellectual Property Rights

12.1. Ownership of Service-Related IP: All Intellectual Property Rights inherent in, associated with, or arising from the Service, including but not limited to software, technology, and content, are the exclusive property of ZeroThreat and/or its licensors. This encompasses all developments and enhancements to the Service. You acknowledge that under this Agreement, no ownership, title, or interest in the Service or any related Intellectual Property Rights of ZeroThreat is assigned or transferred to you, except for the limited use rights granted herein.

12.2. Customer Data and Embedded IP Rights: The Results generated under this Agreement will be considered as your Customer Data and owned by you. However, this does not include any Intellectual Property Rights of ZeroThreat embedded within the Results (such as software, copyrighted material, know-how, and trade secrets including attack vectors and payloads). You are permitted to use ZeroThreat's Intellectual Property Rights solely for the purpose of addressing identified security vulnerabilities in your Systems.

12.3. License to Anonymized Data: You grant ZeroThreat a non-exclusive, sub-licensable, royalty-free, worldwide, perpetual, and irrevocable license to use any data generated from your use of the Service, in an anonymized and aggregated form, for commercial purposes. This may include sharing with third parties, provided that your confidentiality is preserved, and the data is presented in a format that cannot be reverse-engineered.

12.4. Feedback Ownership: Any feedback you provide about the Service, including comments and suggestions for improvement, will be considered Confidential Information of ZeroThreat and become its sole and exclusive property. You irrevocably assign and transfer to ZeroThreat all rights, title, and interest in such feedback, including all Intellectual Property Rights therein.

13. Confidentiality

13.1. Obligations of the Receiving Party: When receiving Confidential Information from the Disclosing Party, the Receiving Party is obligated to maintain strict confidentiality. Disclosure of such Confidential Information to third parties is prohibited unless the Disclosing Party gives prior written consent. The Receiving Party must ensure secure and appropriate treatment and storage of the Confidential Information to prevent accidental disclosure or unauthorized access.

13.2. Permitted Use of Confidential Information: The Receiving Party is permitted to use the Confidential Information solely for the purpose of fulfilling obligations under this Agreement. The use of Confidential Information for any other purpose is strictly prohibited.

13.3. Disclosure to Representatives: Disclosure of Confidential Information by the Receiving Party is limited to its Representatives who have a direct need to know the information. The Receiving Party must ensure these Representatives adhere to confidentiality obligations at least as stringent as those in this Agreement. The Receiving Party will be held accountable for any breaches of these terms by its Representatives.

13.4. Restrictions on Reproduction: The Receiving Party is not allowed to copy, transcribe, record, or otherwise reproduce any document or medium containing Confidential Information without the express written consent of the Disclosing Party.

14. Term of Agreement

14.1. Initial Subscription Term and Renewals: The Agreement is effective from the moment you sign up for the Service online or from the Effective Date as specified in the Order Form, continuing for the Subscription Term as outlined in your subscription or applicable Order Form. Unless terminated earlier as stated in this Agreement, the Subscription Term automatically renews for successive periods equal to the initial term, unless ZeroThreat receives a written notification 30 days before the current term's end, indicating a decision not to renew.

14.2. Pilot Program Provisions: Pilot Program refers as “Trial” or “Beta”. For users on a Pilot Program, the term of your Pilot subscription and this Agreement commence upon your signup or as specified in an Order Form. The Pilot Program does not automatically renew after the period ends.

14.3. Pilot / Beta / Trial Version Terms:

  • 14.3.a. Applicability of Terms: From the moment of signing up, regardless of the chosen plan, the terms of this Agreement are binding. This includes all provisions, excluding Payment and specific Beta-related provisions, for users of the Beta Version of the Service.
  • 14.3.b. Temporary Nature of Beta Version: The Beta Version of the Service is temporary and will retire in the future. ZeroThreat does not provide a fixed timeline for the continuity or availability of the Beta Version.
  • 14.3.c. Exclusion of Warranties and SLA: The Beta Version is provided "as is," and excludes any warranties and service level agreements (SLAs) typically applicable to ZeroThreat’s services.
  • 14.3.d. Notice of Termination: Users will be notified at least 30 days in advance of the termination of the Beta Version, providing an opportunity to transition to a commercial plan.

15. Termination for Cause

15.1. Right to Terminate: Either party may terminate this Agreement for cause in the event of a material breach by the other party. This includes, but is not limited to, failure to comply with any significant term or condition of this Agreement, failure to pay fees when due, or violation of ZeroThreat's intellectual property rights. In addition, if the Service Suspension Protocol is invoked more than three times due to breaches by you, ZeroThreat reserves the right to terminate this Agreement. Furthermore, either party may terminate this Agreement without liability if the other party enters into liquidation, becomes insolvent, makes an arrangement with its creditors, or undergoes any similar financial distress.

15.2. Notice and Cure Period: Termination for cause must be preceded by a written notice to the breaching party, specifying the nature of the breach. The breaching party will have a period of [30 days] from the receipt of the notice to remedy the breach. If the breach is not remedied within this period, or if there are repeated breaches leading to multiple suspensions, the non-breaching party may terminate the Agreement.

15.3. Consequences of Termination: Upon termination for cause, all rights and licenses granted under this Agreement will immediately cease, and you must discontinue all use of the Service. Any outstanding fees payable to ZeroThreat will become immediately due and payable.

15.4. Survival of Terms: Termination of this Agreement does not affect any rights or obligations that have accrued prior to the termination date. Clauses that, by their nature, should survive termination, including confidentiality and intellectual property provisions, will remain in effect after termination.

16. Effects of Termination

16.1. Refund Policy: In the event you terminate this Agreement due to a material breach by ZeroThreat, as outlined in Sections 15.1 (or under the Service Level Agreement, if applicable), you will be eligible to receive a pro-rata refund of any prepaid and unused fees from ZeroThreat within 60 days of acknowledgement.

16.2. Immediate Payment on Termination by ZeroThreat: Should ZeroThreat terminate the Agreement pursuant to Sections 15.1, any sums owed to ZeroThreat shall become immediately payable. In such instances, you will not be entitled to any form of remuneration or compensation from ZeroThreat.

16.3. Obligations upon Termination: a) Termination of Rights: Upon the termination of this Agreement for any reason, all your rights under this Agreement shall cease immediately. b) Confidential Information: Both parties are required to, upon request, return or destroy (as per the other party’s preference) all Confidential Information in their possession or control within fourteen (14) days of termination. This excludes confidential information stored in backups or archives that cannot be retrieved without significant effort or which is required to be retained due to legal or regulatory obligations.

17. Indemnification

17.1. Indemnification by ZeroThreat: ZeroThreat agrees to defend, indemnify, and hold you, your representatives, and employees harmless from any and all costs, damages, losses, and expenses, including reasonable attorneys’ fees and other legal costs, arising from any third-party claim alleging that the use of the Service as expressly permitted under this Agreement infringes upon any third-party Intellectual Property Rights.

17.2. Your Indemnification Obligations: You agree to defend, indemnify, and hold harmless ZeroThreat, its representatives, and employees from any costs, damages, losses, and expenses, including reasonable attorneys’ fees and legal expenses, resulting from third-party claims arising out of:

  • 17.2.1. Your use of the Service in a manner that violates the terms of this Agreement and infringes any third-party rights, including but not limited to Intellectual Property Rights or privacy rights;
  • 17.2.2. Your failure to obtain all necessary authorizations, approvals, and permissions for the lawful use of the Service, including conducting Tests; or
  • 17.2.3. Your use of the Service in any manner that breaches the acceptable use as outlined in Section 4 ( Acceptable Use of Service) of this Agreement.

18. Liability

18.1. Scope of Liability: Under no circumstances will ZeroThreat be held responsible for any direct or indirect damages that arise from the use of the Service by you or your Affiliates, on the condition that ZeroThreat has complied with the terms of the Agreement in providing the Service. Moreover, ZeroThreat disclaims any liability concerning the accuracy or the availability of services or products integrated from third-party providers.

18.2. Exceptions to Liability Limitations: Notwithstanding the limitations stated above, the following shall not be excluded or limited under these Terms or the Agreement: a) Liability for damages caused intentionally, through gross negligence, or fraudulent actions; and b) Obligations of indemnification as per the commitments outlined in Section 17 of this Agreement.

18.3. Maximum Liability Cap: In line with Section 18.2, the total liability of ZeroThreat for all claims arising under this Agreement is capped at an amount equal to 100% of the total fees you have paid or are payable under the Agreement for the contract year in which any alleged breaches occurred.

19. Acceptable Use Policy

This Acceptable Use Policy (AUP) outlines the guidelines and limitations pertaining to the use of cybersecurity services provided by ZeroThreat. This AUP applies to all Users of ZeroThreat's services, including any software, tools, applications, information, and other resources provided by ZeroThreat regardless of plan subscribed or not.

19.1. General Use Restrictions

  • Harmful Activities: You must not use ZeroThreat's Service to harm, threaten, harass, or cause distress to individuals, organizations, or ZeroThreat itself.
  • Service Integrity: Do not damage, disable, or impair the Service or its associated networks.
  • Unauthorized Use: Avoid any unauthorized attempts to modify, reroute, or gain access to the Service.

Prohibited Content

Users must not use ZeroThreat's services to create, process, store, or disseminate content that:

  • Violates applicable laws or regulations.
  • Infringes on the intellectual property or privacy rights of others.
  • Contains harmful or objectionable material, including hate speech, harassment, or explicit content.

19.2. Prohibited Modifications and Engineering

  • Derivative Works: Do not modify, alter, tamper with, or repair the Service or any software used in conjunction with it to create derivative works.
  • Reverse Engineering: Refrain from reverse engineering, disassembling, or decompiling the Service's software, except as expressly permitted by law.

19.3. Compliance with Terms and Policies

  • Service Usage: Use the Service only as expressly permitted by ZeroThreat's Terms and Policies.
  • Transfer of Rights: Do not transfer any rights granted to you under the Service to third parties without authorization including but not limited to sell, lend, rent, resell, lease, sublicense or otherwise transfer any of the rights granted to you with respect to the Services to any third party;
  • Proprietary Rights: Maintain the integrity of proprietary rights notices related to the Service.

19.4. Fair Use and Compliance

  • Avoidance of Fees: Do not use the Service in a manner intended to avoid incurring fees or exceeding usage limits.
  • Unlawful Activities: Avoid engaging in unlawful or fraudulent activities, such as phishing schemes or data manipulation.
  • Inappropriate Content: Do not store or transmit content that is inappropriate, harmful, or violates third-party rights.

19.5. Network and Resource Use

  • Interference and Disruption: Avoid actions that interfere with or disrupt ZeroThreat's servers or networks.
  • Access Limitations: Do not attempt unauthorized access to other accounts, systems, or networks associated with ZeroThreat.
  • Resource Burden: Refrain from actions that place an undue burden on ZeroThreat's resources.

Consequences of Violation: Violation of this Acceptable Use Policy may result in suspension or termination of your access to ZeroThreat's Services, legal action, or other measures as deemed necessary by ZeroThreat. Compliance with this policy is mandatory for all users of the Service.

20. Assignment

20.1. Restrictions on Assignment: Neither party is permitted to assign or otherwise transfer this Agreement without securing prior written consent from the other party. Such consent shall not be unreasonably withheld or delayed.

20.2. Exceptions for Corporate Changes: Notwithstanding the above, either party may transfer this Agreement to:

  • An Affiliate, or
  • A third party as part of a corporate transaction such as a merger, acquisition, sale of all or substantially all of its assets, shares, or in the event of a corporate reorganization.

Such transfers are permissible provided that the transferring party gives the other party prior written notice of the intended transfer.

21. Force Majeure

21.1. Non-Liability for Unforeseen Events: Should either Party fail to meet their obligations under this Agreement due to events beyond their reasonable control, and unforeseeable at the time of executing the Agreement, such as natural disasters (earthquakes, floods, fires), social disturbances (riots, strikes, civil disobedience), sabotage, terrorist acts, civil unrest (civil war, revolutions), military actions, or governmental decrees, they shall not be held liable. These events, collectively referred to as "Force Majeure," encompass scenarios that could not have been mitigated or averted through reasonable efforts.

21.2. Duty to Mitigate Damages: Each Party commits to exerting commercially reasonable efforts to minimize the impact and extent of damages resulting from such Force Majeure events. This includes taking all necessary and reasonable steps within their control.

21.3. Notification Obligation: The Party experiencing the Force Majeure event is required to promptly notify the other Party in writing upon the onset and cessation of such an event.

21.4. Right to Terminate for Extended Force Majeure: In the event that a Force Majeure circumstance persists for thirty (30) days or longer, either Party is entitled to terminate this Agreement and/or any relevant Order Form by providing written notice to the other Party. Upon such termination, neither Party will have further liabilities, except for the obligation to settle payments for Services already delivered prior to the Force Majeure event.

22. Modification of Terms

22.1. Changes to Terms and Notification Process: ZeroThreat reserves the right to periodically revise these Terms. The most current version will always be posted on our website (with the effective date indicated at the top). Major changes, especially those significantly impacting your rights and obligations, will be communicated to you via the Service and/or by email to the address associated with your account.

22.2. Effective Date and Acceptance of Revised Terms: Revisions to the Terms become effective as of the date indicated on the updated version. By continuing to access or use the Service after these changes take effect, you agree to be bound by the revised Terms. Should you object to any such changes, it is your responsibility to cancel and cease using the Service by the effective date of the new Terms.

23. Notices

23.1. Method of Sending Notices: Any notice or communication under this Agreement must be in writing and can be sent either by letter or e-mail to the designated contact person. Notices are deemed effectively given in the following manner:

  • For e-mail: Notices sent via e-mail are considered effective at the time of sending, unless there is an automated notification indicating non-delivery.
  • For letters: Notices sent by recommended mail are deemed effective two (2) business days after mailing.

23.2. Notices to You: Notices to you will be sent to the contact person and e-mail address provided in your Order Form, or, if none, to your subscription account details. Alternatively it will be displayed in your Subscription account dashboard to Primary Account Holder ( Admin User)

23.3. Notices to ZeroThreat: Notices to ZeroThreat should be addressed to:

Legal Department
ZeroThreat, Inc
108 W. 13th Street, Suite 100 Wilmington, DE 19801-1145, USA
Email: legal@zerothreat.ai

24. General Terms

24.1. Entire Agreement: This Agreement between you and ZeroThreat represents the complete and exclusive understanding between the Parties regarding its subject matter. It supersedes all prior agreements, proposals, communications, and understandings, whether written or oral, related to this subject matter, as well as any customer purchase orders that conflict with these Terms.

24.2. Conflict Resolution: In the event of a conflict between the provisions of an Order Form and these Terms, including any schedules or additional terms referenced herein, these Terms shall prevail. However, if the conflicting provision in the Order Form explicitly specifies the provision of these Terms it supersedes, then the Order Form will take precedence.

24.3. Nature of Relationship: Nothing within this Agreement is intended to, or shall be construed to, create an employment relationship, partnership, or joint venture between the Parties. Neither Party has the authority to act as an agent for, or to bind, the other Party in any way.

24.4. Waivers and Remedies: A waiver of any right or remedy under this Agreement is only effective if it is in writing. A waiver by either Party does not imply a waiver of subsequent rights or remedies. Failure or delay in exercising any right or remedy does not waive that or any other right or remedy. Partial or single exercise of a right or remedy does not prevent or restrict further exercise of that or any other right or remedy.

24.5. Survival of Provisions: Provisions of this Agreement and these Terms that logically ought to survive the completion, expiration, termination, or voidance of this Agreement shall continue to remain in effect beyond such events.

24.6. Severability: If any provision of this Agreement is or becomes invalid, illegal, or unenforceable, it shall not affect the validity and enforceability of the remaining provisions of the Agreement.

25. Governing Law and Dispute Resolution

25.1. Applicable Law: This Agreement shall be governed by and construed in accordance with the substantive laws of USA, without regard to its choice of law provisions. The UN Convention on the International Sale of Goods (CISG) shall not apply to this Agreement.

25.2. Negotiation of Disputes: Any dispute, controversy, or claim arising out of or in connection with this Agreement, including any questions regarding its existence, validity, or termination, should initially be attempted to be resolved through negotiations between the Parties.

25.3. Arbitration Process: If the Parties are unable to resolve the dispute within thirty (30) days of initiating negotiations, the dispute shall be finally settled by arbitration in Wilmington, Delaware, USA. The arbitration shall be conducted under the rules and auspices of an appropriate arbitration institution as mutually agreed by the Parties. The arbitration panel shall consist of either one or three arbitrators, depending on the complexity and scale of the dispute. The proceedings shall be conducted in the English language. Both Parties, as well as the arbitrators, are bound by the confidentiality obligations outlined in Section 13 with respect to the arbitration proceedings and any resulting decisions or awards.

25.4. Court Proceedings for Unpaid Fees: Notwithstanding the above, ZeroThreat reserves the right to initiate proceedings in a court of general jurisdiction in Wilmington, Delaware, USA, or approach an enforcement authority to demand payment of any unpaid fees that have not been disputed by the Customer within 45 days of the payment due date.