***IMPORTANT READ CAREFULLY***

TERMS OF SERVICE FOR PHISHME FREE

Updated August 9, 2017

THESE TERMS OF SERVICE (“TERMS”) GOVERN YOUR ACCESS TO PHISHME FREE PROVIDED BY PHISHME INC., AND/OR ITS AFFILIATES (“PHISHME”). PLEASE READ THESE TERMS CAREFULLY. CLICKING ON THE “YES” OR “I ACCEPT” BUTTON (OR OTHER BUTTON OR MECHANISM DESIGNED TO ACKNOWLEDGE AGREEMENT TO THESE TERMS), ACCESSING, OR USING PHISHME FREE CONSTITUTES ACCEPTANCE OF THESE TERMS.

IF YOU AGREE TO THESE TERMS ON BEHALF OF A BUSINESS, GOVERNMENT, OR OTHER ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE POWER AND AUTHORITY TO BIND SUCH BUSINESS, GOVERNMENT, OR OTHER ENTITY TO THESE TERMS, AND YOUR AGREEMENT TO THESE TERMS WILL BE TREATED AS THE AGREEMENT OF SUCH BUSINESS, GOVERNMENT, OR OTHER ENTITY. 

IF YOU ARE UNWILLING TO AGREE TO THESE TERMS, OR YOU DO NOT HAVE THE RIGHT, POWER AND AUTHORITY TO ACT ON BEHALF OF A BUSINESS, GOVERNMENT OR OTHER ENTITY, DO NOT CLICK ON THE BUTTON AND DO NOT ACCESS OR USE PHISHME FREE.

IF YOU RECEIVE PHISHME FREE THROUGH A PHISHME AUTHORIZED RESELLER, PARTNER OR DISTRIBUTOR (COLLECTIVELY, “AUTHORIZED PARTNER”), ALL FEES AND OTHER PROCUREMENT AND DELIVERY TERMS WILL BE AGREED BETWEEN YOU AND THE AUTHORIZED PARTNER; HOWEVER, THE TERMS AND CONDITIONS SET FORTH IN THESE TERMS REGARDING YOUR ACCESS TO PHISHME FREE REMAIN APPLICABLE. FOR CLARIFICATION, YOUR AGREEMENT WITH THE AUTHORIZED PARTNER IS BETWEEN YOU AND THE AUTHORIZED PARTNER, AND IS NOT BINDING ON PHISHME.

1.     Definitions

Authorized Users” means your authorized employees, agents or independent contractors with an assigned unique email address, who (i) may access PhishMe Free; and/or (ii) receive or send email messages with respect to PhishMe Free.
Your Data” means the information submitted or provided by you and your Authorized Users for use with PhishMe Free.
Documentation” means the applicable PhishMe Free user manuals provided by PhishMe to its customers (which may be in electronic format), as amended from time to time by PhishMe.
Intellectual Property Rights” means copyrights (including, without limitation, the exclusive right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work), trademark rights (including, without limitation, trade names, trademarks, service marks, and trade dress), patent rights (including, without limitation, the exclusive right to make, use and sell), trade secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights, goodwill and all other intellectual property rights as may exist now and/or hereafter come into existence and all renewals and extensions thereof, regardless of whether such rights arise under the law of the United States or any other state, country or jurisdiction.
PhishMe IP” means all PhishMe proprietary materials, including without limitation, PhishMe Free, software, subscriptions, materials, PhishMe’s Confidential Information, threat intelligence and threat indicators, intelligence alerts and reports, and/or investigation tools, Aggregate Data, Documentation, proprietary processes and methods, and any PhishMe templates and/or forms.

2.    Grant of Limited License

PhishMe grants you a limited, nontransferable, non-assignable, non-sublicensable right to access PhishMe Free, along with any other related materials, content, Documentation and services provided by PhishMe hereunder (collectively, the “PhishMe Free”) for your own internal business purposes, subject to these Terms. You may only use PhishMe Free from the earlier of (a) the date these Terms are accepted by you, or (b) the date in which you first accessed PhishMe Free, until the expiration date set forth in applicable activation email, or, if no expiration date is set forth in the applicable activation email, five (5) years after the earlier of either (a) or (b) herein (the “License Period”). Any licenses granted herein will terminate automatically on expiration of the License Period or termination of these Terms, and you will receive no further access to PhishMe Free unless you and PhishMe have otherwise agreed in writing to extend the License Period. Notwithstanding anything in the foregoing to the contrary, this license shall terminate immediately upon PhishMe’s provision to you of a PhishMe Simulator subscription. For clarification, PhishMe Free may not be licensed concurrently with PhishMe Simulator. PhishMe may, at its sole discretion, provide maintenance and support for PhishMe Free during the License Period from PhishMe’s Community portal.

3.    Your Responsibilities

a.     You (i) are responsible for the use of PhishMe Free by you and your Authorized Users in compliance with these Terms, including the PhishMe Free Acceptable Use Policy, Documentation and applicable laws and government regulations; (ii) are responsible for the accuracy, quality and legality of Your Data, including the lawful use and transmission of Your Data provided by you and your Authorized Users in connection with PhishMe Free; (iii) will obtain all rights, permissions or consents from Authorized Users and other personnel that are necessary to grant the rights and licenses in these Terms; and (iv) will use commercially reasonable efforts to prevent unauthorized access to or use of PhishMe IP, and will notify PhishMe promptly of such unauthorized use.

b.     You acknowledge and agree that the maximum number of Authorized Users will not exceed the number of Authorized Users set forth in the applicable activation email. At the beginning of the License Period, you will designate and allocate the Authorized Users and will not reassign or replace such Authorized Users prior to the expiration of the License Period (except for administrators).

c.     Only one Authorized User may act as an administrator for your subscription of PhishMe Free.

d.     You may only designate Authorized User’s email addresses with Internet domain names that you own or are authorized by the Internet domain name owner to use for the purposes contemplated herein.

4.    Terms and Termination

Unless otherwise terminated in accordance with this Section, these Terms will remain in effect until the expiration of the License Period. Either party may terminate these Terms (i) for material breach, upon written notice to the other party, subject to a ten (10) day cure period; or (ii) for convenience, for any or no reason at all, upon fifteen (15) days’ prior written notice. Notwithstanding anything in these Terms to the contrary, any breach by you and your Authorized Users of Section 3, Section 6 and Section 7 will result in the immediate suspension of you and your Authorized Users’ access to PhishMe Free and/or the immediate termination of these Terms. Upon expiration or termination of these Terms: (a) all licenses granted herein will automatically terminate and PhishMe will disable your (and your Authorized Users’) access to PhishMe Free; and (b) within ten (10) business days of the termination of these Terms or upon PhishMe’s written request, you will promptly destroy or return all PhishMe IP in your possession. Upon PhishMe’s written request, you will provide a certification, signed by your officer, as to the destruction or return of PhishMe IP.

5.    Disclaimer; Limitation of Liability

a.     PHISHME FREE IS PROVIDED TO YOU “AS IS”, AND ANY USE BY YOU AND YOUR AUTHORIZED USERS OF PHISHME FREE WILL BE AT YOUR SOLE RISK. PHISHME MAKES NO WARRANTIES RELATING TO PHISHME FREE AND EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTIES AGAINST INFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, OR ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. PHISHME ALSO MAKES NO WARRANTY REGARDING NONINTERRUPTION OF USE OR FREEDOM FROM BUGS, AND MAKES NO WARRANTY THAT PHISHME FREE WILL BE ERROR-FREE. PHISHME DOES NOT GUARANTEE ANY SPECIFIC RESULTS FROM USING PHISHME FREE.

b.     LIMITATION OF LIABILITY. IN NO EVENT SHALL PHISHME BE LIABLE FOR ANY INCIDENTAL, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTON OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO THESE TERMS.  THE FOREGOING LIMITATIONS ON PHISHME’S LIABILITY SHALL APPLY WHETHER OR NOT PHISHME WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES. THE TOTAL LIABILITY OF PHISHME ARISING OUT OF OR RELATED TO THESE TERMS WILL NOT EXCEED USD $100.

6.    Confidentiality and Data Privacy.

a.     “Confidential Information” means any non-public, confidential, or proprietary information of a disclosing party (“Discloser”) that should reasonably be understood by the receiving party (“Recipient”) to be confidential because of (i) legends or other markings; (ii) the circumstances of disclosure; or (iii) the nature of the information, which may be disclosed either directly or indirectly, in writing, visual, orally or by inspection of tangible objects (including without limitation documents, prototypes, samples, products, software, product specifications and white papers) or other means. Confidential Information includes but is not limited to technology and technical information, promotional and marketing activities, inventions, finances and financial plans, customers, business and product plans, know-how, source code, data, algorithms, methods and processes, trade secrets, designs, techniques, analyses, models, strategies and objectives, and any third-party information that Discloser is otherwise obligated to keep confidential.

b.     Recipient will: (i) not use any Confidential Information for any purpose except to evaluate and engage in discussions concerning a potential business relationship between the Parties and/or to fulfill its obligations under these Terms; (ii) use at least the same degree of care as Recipient uses to protect its own confidential information from unauthorized use, access or disclosure, but in no event less than a reasonable degree of care; (iii) limit disclosure of Confidential Information to those persons within Recipient’s organization who have a need to know and who have previously agreed in writing, prior to the receipt of Confidential Information, to be bound by confidentiality obligations similar to those set forth in these Terms; (iv) not disclose any Confidential Information to third parties without Discloser’s prior written consent; (v) not copy, reverse engineer, disassemble, create any works from, or decompile any prototypes, software or other tangible objects which embody Discloser’s Confidential Information; and (vi) comply with, and obtain all required authorizations arising from, all U.S. and other applicable export control laws or regulations. Any reproduction of Confidential Information requires Discloser’s prior written consent and will remain the property of Discloser. Any reproductions will contain any and all notices of confidentiality contained on the original Confidential Information.

c.     The foregoing confidentiality obligations will not apply to information that Recipient can demonstrate: (i) is publicly known and made generally available through no improper action or inaction of Recipient; (ii) was already in the possession of, or known by Recipient prior to the time of disclosure by Discloser through no fault or breach of these Terms by Recipient; (iii) was rightfully obtained by, or disclosed to, Recipient from a third party without any obligation to maintain the Confidential Information as proprietary or confidential; or (iv) is independently developed by Recipient without use of or reference to Discloser’s Confidential Information. Recipient may disclose Confidential Information to the extent such disclosure is required to comply with applicable law or a valid order or requirement of a governmental or regulatory agency or court of competent jurisdiction, provided that Recipient (a) restricts such disclosure to the maximum extent legally permissible; (b) notifies Discloser as soon as practicable of any such requirement to the extent such provision of prior notice is permitted by applicable law; and (c) that subject to such disclosure, such disclosed materials will in all respects remain subject to the restrictions set forth in these Terms.

d.     Within ten (10) business days of the termination of these Terms or upon Discloser’s written request, Recipient will promptly, at Recipient’s election, destroy or return all of Discloser’s Confidential Information in Recipient’s possession or in the possession of any representative of Recipient; provided, however, that Recipient will not, in connection with the foregoing obligations, be required to delete Confidential Information held electronically in archive or back-up systems, and such Confidential Information will in all respects remain subject to the restrictions set forth in these Terms. Upon Discloser’s written request, Recipient will provide a certification, signed by an officer of Recipient, as to the destruction or return of Discloser’s Confidential Information.

e.     Discloser retains all right, title and interest to its Confidential Information. Recipient acknowledges that the disclosure of Confidential Information may cause irreparable injury to Discloser. Discloser will, therefore, be entitled to seek injunctive relief upon a disclosure or threatened disclosure of any Confidential Information, without a requirement that Discloser prove irreparable harm and without the posting of a bond. This provision will not in any way limit such other remedies as may be available to Discloser at law or in equity. ALL CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.” DISCLOSER MAKES NO WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, COMPLETENESS OR PERFORMANCE.

f.     You understand and acknowledge that all Authorized User accounts will be provisioned on PhishMe’s U.S. based instance. If use of PhishMe Free includes the processing of personal data (as described in the EU Data Protection Directive 95/46/EC), when performing its obligations under these Terms, the following will apply:

1.     your will ensure that: (i) you are entitled to transfer the relevant personal data to PhishMe so that PhishMe may lawfully use, process and transfer the personal data on your behalf and in accordance with these Terms; and (ii) the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection laws.

2.     PhishMe will: (i) process personal data in compliance with and subject to these Terms and any lawful and reasonable instructions received from you; (ii) not use or process or permit any PhishMe subcontractors to use or process, any personal data except to the extent necessary to perform its obligations under these Terms; (iii) implement and maintain adequate and reasonable technical and organizational safeguards designed to protect against the unauthorized or accidental access, loss, alteration, disclosure or destruction of personal data in PhishMe’s possession or control; (iv) ensure that it has appropriate procedures in place designed to comply with applicable data protection laws and will take all reasonable steps to ensure that persons employed by it, and other persons engaged at its place of work, are aware of and comply with.

3.      PhishMe may process or otherwise transfer personal data in or to any country outside the European Economic Area or any country not deemed adequate by the European Commission pursuant to Article 25(6) of the EU Data Protection Directive 95/46/EC to the extent necessary for the provision of PhishMe Free. If required, PhishMe will enter into the EU Standard Contractual Clauses as approved by the European Commission for ensuring an adequate level of data protection in respect of the personal data that will be processed or transferred.

7.    Intellectual Property.

a.     Intellectual Property of PhishMe; Restrictions. All Intellectual Property Rights in the PhishMe IP belong exclusively to PhishMe or its licensors.  You acknowledge and agree that you will not (and will not allow any third party), in whole or in part, to directly or indirectly: (i) disassemble,  decompile, reverse compile, reverse engineer or attempt to discover any source code or underlying ideas or algorithms of any PhishMe IP (except to the limited extent that applicable law prohibits reverse engineering restrictions solely for interoperability purposes), (ii) sell, resell,  distribute, sublicense or otherwise transfer, the PhishMe IP, or make the functionality of the PhishMe IP available to any other party through any means (unless PhishMe has provided prior written consent), or (iii) reproduce, alter,  modify or create derivatives of the PhishMe IP (unless as expressly permitted in these Terms). You will maintain the copyright notice and any other notices that appear on PhishMe IP, including any interfaces related to PhishMe Free.

b.      Aggregate Data; Feedback. Notwithstanding the foregoing, PhishMe owns all Intellectual Property Rights in and to Aggregate Data, and may use, reproduce, sell, publicize or otherwise exploit Aggregate Data in any way, in its sole discretion. “Aggregate Data” refers to Your Data that is de-identified (stripped of any information used to identify you or your Authorized Users, including personal data). Aggregate Data will also include statistical information related to the use and performance of PhishMe Free, provided that such statistical information is de-identified. You grant to PhishMe a worldwide, perpetual, irrevocable, royalty-free, fully paid-up license to use and exploit any suggestion, enhancement request, recommendation, correction or other feedback (“Feedback”) provided by you or your Authorized users relating to PhishMe Free. Feedback will not include Confidential Information.

c.      PhishMe Templates and Formats. You acknowledge that PhishMe may provide certain PhishMe templates and formats to you with your use of PhishMe Free, and you will have a non-exclusive, nontransferable, non-sublicenseable right to use, modify, display and reproduce such templates and formats for your internal use with PhishMe Free, subject to the restrictions set forth in these Terms. To the extent that any such modified templates and/or formats do not embody or otherwise include your Confidential Information and Your Data, PhishMe owns and holds all right, title and interest in and to such templates and/or formats.

d.      Your Intellectual Property; Restrictions. PhishMe acknowledges that you own all right, title, and interest in and to Your Data (excluding Aggregate Data). You grant to PhishMe the worldwide right to use, access, host, copy, transmit and display Your Data, as reasonably necessary for PhishMe to perform its obligations in accordance with these Terms. PhishMe may disclose Your Data to its third-party contractors and service providers (including cloud service providers) to the extent necessary to provide PhishMe Free in accordance with these Terms; provided that such third-party contractors and service providers are bound by confidentiality obligations similar to the provisions of these Terms. PhishMe expressly disclaims Your Data which you have generated for use with PhishMe Free, and you agree to indemnify, hold harmless and, at PhishMe’s option, to defend PhishMe, its officers, directors, employees, contractors and agents from and against any losses, liabilities, damages, costs and expenses (including reasonable attorneys’ fees) incurred as a result of any alleged or actual violations of any third-party rights arising out of Your Data

e.      U.S. GOVERNMENT RESTRICTED RIGHTS. PhishMe Free and PhishMe IP are “commercial items”, “commercial computer software” and “commercial computer software documentation,” pursuant to DFARS Section 227.7202 and FAR Sections 12.211-12.212, as applicable.  PhishMe Free and PhishMe IP were developed solely at private expense and the use of PhishMe Free and PhishMe IP by the United States Government are governed solely by these Terms and are prohibited except to the extent expressly permitted by these Terms.

8.     Miscellaneous.

You will comply with all applicable laws. You will not assign this Agreement or any right or delegate any performance without PhishMe’s prior written consent. This Agreement is the complete statement of the agreement of the parties with regard to the subject matter hereof and may be modified only by a writing signed by both parties. This Agreement is governed by the laws of the State of Virginia, excluding its conflict of law rules and The U.N. Convention on Contracts for the International Sale of Goods. Section 2 and Sections 4 through 8 will survive any termination or expiration of this Agreement.

ACCEPTABLE USE POLICY ADDENDUM FOR
PHISHME FREE

By using PhishMe Free, you are agreeing to this Acceptable Use Policy Addendum (this “Policy”). Please read this carefully.

You and your Authorized Users may not:

  1. post or transmit unlawful materials, e-mail or information;
  2. post or transmit harassing, threatening or abusive materials, e-mail or information;
  3. post or transmit defamatory, libelous, slanderous or scandalous materials, e-mail or information;
  4. post or transmit obscene, pornographic, profane or otherwise objectionable information of any kind;
  5. post or transmit materials, e-mail or information that would constitute an infringement upon the patents, copyrights, trademarks, trade secrets or other intellectual property rights of others;
  6. post or transmit materials constituting or encouraging conduct that would constitute a criminal offence, give rise to civil liability, or otherwise violate any local, state, national or international law, including without limitation, the U.S. export control laws and regulations;
  7. post or transmit materials that would give rise to liability under the Computer Fraud and Abuse Act;
  8. use PhishMe Free to commit fraud or engage in other misleading or deceptive activities;
  9. upload to, or transmit from PhishMe Free any viruses, worms, defects, Trojan horses, time-bombs, malware, spyware, or any other computer code of a destructive or interruptive nature;
  10. share PhishMe Free, PhishMe IP and PhishMe Confidential Information with any third-parties, except as expressly authorized in advance by PhishMe in writing;
  11. use PhishMe Free and PhishMe IP in any way to provide services to any third-party;
  12. disassemble, decompile, reverse compile, reverse engineer or attempt to discover any source code or underlying ideas or algorithms of PhishMe Free and any PhishMe IP (except to the limited extent that applicable law prohibits reverse engineering restrictions solely for interoperability purposes);
  13. sell, resell, distribute, sublicense or otherwise transfer, PhishMe Free and any PhishMe IP, or make the functionality of PhishMe Free available to any other party through any means (unless PhishMe has provided prior written consent); and
  14. reproduce, alter, modify or create derivatives of the PhishMe IP (unless as expressly permitted in these Terms).

Authorized Users must comply with any Intellectual Property Rights asserted in any PhishMe IP provided to you and your Authorized Users for the purposes of using with PhishMe Free.  Authorized Users will maintain and not remove or obscure any proprietary notices on PhishMe IP.

Remedies. Violation of this Policy may result in civil or criminal liability, and PhishMe may, in addition to any other remedy that PhishMe may have at law or in equity, terminate any permission for you and any Authorized User to access PhishMe Free or immediately remove the offending material. In addition, PhishMe may investigate incidents that are contrary to this Policy.

PhishMe reserves the right to update and modify this Policy at any time from time-to-time. Continued use of PhishMe Free by you and your Authorized Users after such update or modification will indicate your acceptance of the updates and/or modifications to this Policy.