BY TICKING THE ‘I ACCEPT THE TERMS OF SERVICE’ CHECKBOX IN THE REGISTRATION PAGES OF THE SERVICE, THE ENTITY YOU REPRESENT (THE ‘CUSTOMER’) IS HEREBY AGREEING WITH PHISHDECK TO THE FOLLOWING TERMS OF SERVICE AND ANY TERMS INCORPORATED HEREIN BY SPECIFIC REFERENCE (COLLECTIVELY, REFERRED TO AS THE ‘TERMS’).
- ‘Beta Testing’ means a stage within a product release wherein software is not considered to be stable, but is in a state where it may be pilot-tested before it is officially released.
- ‘Confidential Information’ means any information disclosed by one party to another which is defined as confidential and proprietary as per the Terms of this Service Agreement;
- ‘Customer’, ‘Subscriber’, ‘End-user’ and/or ‘You’ means any natural person or a single entity, corporate or other statutory body with legal personality that is subscribing to the services provided by PhishDeck, and being granted an Account by PhishDeck to make use of the Service;
- ‘Device’ or ‘Devices’ means computer hardware, network, storage, input/output or electronic control devices, or software installed on such devices;
- ‘Hostnames’ means the name used to identify each individual Device;
- ‘Intellectual Property Rights’ means all intellectual property rights including patents, trademarks, design rights, copyrights, database rights, trade secrets and all rights of an equivalent nature anywhere in the world;
- ‘IPs’ or ‘IP Addresses’ refers to the address of each individual Device;
- ‘PhishDeck Parties’ means PhishDeck and its parents, subsidiaries, shareholders, directors, officers, employees, licensors, suppliers and agents;
- ‘Phishing Simulation’ means the sending of one or more messages, primarily, but not limited to email, to a recipient containing content, links and/or attachments designed to mimic a real phishing attack, including but not limited to simulated malicious links and simulated malware;
- ‘Service’ means the Service offered by PhishDeck and branded by PhishDeck as ‘PhishDeck’ that has been purchased by the Customer and is provided for the purposes of conducting Phishing Simulation;
- ‘Service Infrastructure’ means all the PhishDeck systems that facilitate, provide or describe the ‘Service’;
- ‘Subscription’ – define with particular emphasis as to the duration, fee and by whom it is granted.
- ‘Support’ means the furnishing of technical assistance and remedies, provided on a best effort basis, via any telematic means chosen by PhishDeck;
- ‘Terms of Service’ or ‘Terms’ mean the terms as per this Service Agreement;
- ‘URL’ or ‘URLs’ means the address of a web site;
2. Ineligible Parties
2.1 To the extent permissible by law, you are ineligible to subscribe to or to retain your Subscription of the Service in any of the following cases.
- if you or your employees have been convicted for any computer and/or internet related crimes, and/or if you are currently undergoing court proceedings which seek to determine accusations for such crimes; and/or
- if you are more than sixty (60) days overdue in your payment of any monies or amounts owed to PhishDeck; and/or
- if you are a competitor of PhishDeck; and/or
- if you are located in a region, in which the use of the Service is prohibited by law; and/or
- if you have previously been refused the Service by PhishDeck in the past; and/or
- if you attempt or actually reverse engineer any software/intellectual property owned by PhishDeck.
Provided that in any case, PhishDeck reserves the right to refuse access to any potential subscriber to the Service should PhishDeck, in its absolute discretion, deem such refusal necessary.
3. Your Identity and Authority
3.1 You agree to provide current, accurate information in all electronic or hardcopy registration forms submitted in connection with the Service;
3.2 You agree not to impersonate or in any way misrepresent your affiliation or authority to act on behalf of any person, company or other entity;
3.3 By subscribing to the Service or accepting these Terms, you certify that all your personnel using the Service are authorized to act on your behalf and are authorized by you as a representative of an individual, business or other legal entity having contractual usage rights granted by an ISP or email provider, owning or licensed to use any and all IPs and the associated Domains to which you direct the Service to be performed;
3.4 You agree to cooperate with PhishDeck within reasonable measures to verify the identity and authority of persons using the Service.
4. Phishing Simulation
4.1 You hereby authorize PhishDeck to perform phishing simulations tests on any Devices, IPs, Hostnames and URLs specified by you;
4.2 Phishing simulation tests may be manual or automated, which do not require the assistance of PhishDeck’s employees or its appointed contractors. In certain cases, the exploitation of a vulnerability and/or minimal extraction of data from the target may be conducted to support PhishDeck’s security audit findings or to illustrate a vulnerability to the Customer.
5. Beta Testing
5.1 You acknowledge that when you receive the Service for a limited time-period for the purpose of Beta Testing, such Service will be provided to you, at your own risk, in its current particular state, without warranty of any kind, and without any guarantees on the storage period of the simulation data. This Service shall be provided to you subject to confidentiality as outlined in Clause 15 of this Service Agreement;
5.2 The Service for the purpose of Beta Testing is also provided to you under the clear understanding that you are obliged to provide truthful, accurate and complete feedback on the Beta version of the Service, with no expectation of remuneration. You agree to waive any claims for royalties or any other forms of remuneration against PhishDeck, should the latter make any use of the feedback provided by you, in whatever form, in relation to the Beta Version of the Service.
6.1 Support shall be conveyed to you by PhishDeck in virtue of telematic means in order to assist you with your ongoing use of the Service. Support shall be available during PhishDeck’s normal business hours (CET);
6.2 PhishDeck may, at its own discretion, extend its Support availability to other time zones, when it is feasible to do so.
7. Prohibited Uses
- Phishing Simulation of Third Party Domains
- You shall never use and/or direct the Service to interact with IPs or Domains in respect of which you do not have the express authorization to so act;
- You shall never use the Service in such a way as to create unreasonable load on IPs, Domains or Devices in relation to which the Service is directed to interact;
- You shall never use any Service Infrastructure, directly or indirectly, to initiate, propagate, participate, direct or attempt any attack, hack or potentially damaging messages to any Device, whether owned by PhishDeck or otherwise.
- Reasonable Usage of PhishDeck Service
- You shall not, through the use of the Service or by any other means, create unreasonable load on the Service Infrastructure.
- Unlawful Activities
- You shall not use the Service to perform any unlawful activity, including but not limited to computer crime, transmission and/or storage of illegal content, or content or software in violation of intellectual property and copyright laws.
- Reverse Engineering
- You shall not attempt or actually reverse engineer any software/intellectual property owned by PhishDeck.
- Unauthorised Access
Furthermore, you agree not to abuse of your access to the Service and not to provide access to third parties to the Service by:
- allowing others to use your account; and/or
- creating an account for someone who is not authorized to perform the role or view the information in respect of which you have been granted access; and/or
- creating an account for an ineligible party as defined in clause 2 above; and/or
- failing to revoke access in respect of those persons who are no longer authorized to access the Service for any reason.
You agree that you shall immediately notify PhishDeck of any unauthorised access from your account or the accounts of others in respect of which you have administrative authority, including but not limited to the use of accounts, passwords, and/or any other breach of security.
You agree that you shall not solicit another person’s password, for any reason whatsoever. You shall not access any account/s belonging to a third party, nor disrupt, interfere, and/or limit the functioning or the enjoyment of the Service for any third party;
Any breach of the above covenants will result in the immediate termination of the Service and, if appropriate, referral to the appropriate authorities.
8. Suspension of Accounts or Audits
8.1 PhishDeck reserves the right to suspend the Service being given to you, at any stage, should it in its sole discretion, deem such suspension necessary;
8.2 PhishDeck reserves the right not to commence or to suspend an audit at any stage, should it deem it necessary, in its sole discretion, to do so.
9. Storage of Data
9.1 PhishDeck is only bound to retain all stored data originating from audits for a limited period of six (6) months, or for any other longer period as required by law.
10. Disclaimer of Warranties
10.1 PhishDeck’s Service is provided “as is”, in the latest form it would currently be in during the provision of the Service;
10.2 PhishDeck warrants to provide the Services identified in the Agreement in a professional and workmanlike manner and in accordance with all reasonable professional standards for such services;
10.3 PhishDeck does not warrant that the Service will meet any special requirements of condition, quality, or performance for the purpose of the Customer, and/or that the operation of the Service will be uninterrupted or error-free, and/or that defects in the service will be corrected;
10.4 PhishDeck does not warrant or make any representations regarding the use or the results of the use of the Service or any documentation provided therewith in terms of their correctness, accuracy, reliability, or otherwise;
10.5 PhishDeck does not provide a warranty or condition of title, quiet enjoyment, quiet possession, correspondence to description or noninfringement (of intellectual property rights or otherwise) with regard to the service;
10.6 No oral or written information and/or advice given by PhishDeck Parties shall constitute a warranty or in any way increase the scope of this warranty. PhishDeck Parties do not make any, and hereby specifically disclaim any other representations, endorsements, guaranties, or warranties, expressed, implied or statutory, related to the service including, but not limited to, the implied warranty of merchantability, title, fitness for a particular purpose, accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence, and the provision of or failure to provide support;
10.7 Subscriber represents, warrants and covenants to PhishDeck that:
- the Subscriber owns all right, title, and interest in, or otherwise has full right and authority to permit the use of the Subscriber Content;
- the Subscriber shall comply with the terms and conditions of any licensing agreements concluded between the Subscriber and Third Parties, and which govern the use of any content obtained by the Subscriber from the Third Parties and included in the Subscriber Content (hereinafter referred to as “Third Party Materials”);
- to the best of Subscriber’s knowledge, the Subscriber Content does not infringe the rights of any third party, and that the use of the Subscriber Content, including the use of any Trademarks provided to PhishDeck by the Subscriber, in connection with the Service does not and will not violate the rights of any third parties.
11. Limitation of Liability
11.1 Nothing in this Agreement shall exclude or restrict liability for fraud of either party or their agents or employees;
11.2 To the maximum extent permitted by applicable law, PhishDeck Parties shall in no event be liable for any loss of profits or any other pure economic loss arising out of or in connection with this Agreement, loss of privacy, loss of confidential or other information, business interruption, personal injury, or for any indirect, incidental, consequential, punitive or special damages arising out of or in any way related to the use of or inability to use the Service, the provision of or failure to provide support, or otherwise under or in connection with any provision of this Service Agreement, even in the event of the fault, tort (including negligence), strict liability, breach of contract or breach of warranty of PhishDeck Parties, and even if PhishDeck Parties have been advised of the possibility of such damages;
11.3 Notwithstanding any damages that you might incur for any reason whatsoever (including, without limitation, all damages referred to above and all direct or general damages), the entire liability of PhishDeck Parties under any provision of this Service Agreement and your exclusive remedy for all of the foregoing, shall be limited to the greater of the amount actually paid by you for the Service, during the preceding twelve (12) months. The foregoing limitations, exclusions and disclaimers shall apply to the maximum extent permitted by applicable law, even if any remedy fails its essential purpose.
12.1 You agree to indemnify, defend, and hold PhishDeck Parties harmless from any claim, loss, demand, or damage, including reasonable attorneys’ fees, asserted by any third party due to or arising out of your breach of any provision of this Service Agreement, your negligent or wrongful acts, and/or your violation of any applicable laws.
13. Force Majeure
13.1 PhishDeck shall not be liable and shall not be deemed to be in breach of this Agreement if it is unable to complete the Services or any portion thereof by reason of force majeure or any other event beyond PhishDeck’s control. Upon occurrence of any Force Majeure Event, PhishDeck shall give notice to the Subscriber of its inability to perform or of delay in the provision the Services;
13.2 This provision does not relieve the Subscriber of the Subscriber’s obligation to make all payments due for services provided by PhishDeck prior to the force majeure event or any other event beyond PhishDeck’s reasonable control, which affects the Subscriber.
13.3 The Subscriber shall not be liable and shall not be deemed to be in breach of this Agreement if it is unable to fulfil its obligations herein by reason of force majeure or any other event beyond the Subscriber’s reasonable control.
14. Copyright and Intellectual Property
14.1 PhishDeck Parties declare that they own all rights, title, interest, Copyright rights, and other Intellectual Property Rights in the Service. All Intellectual Property Rights in PhishDeck Service, and in all additions, corrections, and improvements thereto, produced by PhishDeck and provided to the Subscriber shall at all times remain the property of PhishDeck. This shall also apply to intellectual property rights in all work done by PhishDeck for the Customer, even after any results, findings, suggestions and/or calculations carried out by PhishDeck are forwarded to the Customer;
14.2 The Service is protected by copyright and all other applicable intellectual property laws, particularly by the Copyright Act, Chapter 415 of the Laws of Malta and the Intellectual Property Rights Act, Chapter 414 of the Laws of Malta, as well as by international conventions, agreements and treaties, unless specifically excluded herein;
14.3 This Service Agreement does not convey to the Subscriber an interest in or to the Service, but only a limited right of use revocable in accordance with the Terms of this Service Agreement. No license or other right to the Service is being granted to the Subscriber except for the rights specifically set forth in this Service Agreement;
14.4 The Subscriber hereby agrees to abide by all applicable laws and international treaties, and undertakes to inform PhishDeck of any suspected breach of Intellectual Property Rights belonging to PhishDeck Parties;
14.5 The Subscriber also covenants with PhishDeck that at any time after termination of this Agreement, the Subscriber shall not disclose to any other person, firm or company, particulars of any Intellectual Property Rights of PhishDeck Service or infringe any of the Intellectual Property Rights of PhishDeck.
15.1 Each party acknowledges that in connection with this Agreement it may receive certain confidential or proprietary, technical and business information and materials of the other party (the “Confidential Information”). This includes but is not limited to:
- PhishDeck’s Services and any other related materials/information;
- PhishDeck’s trade secrets;
- any and all other information which is disclosed to you by PhishDeck, orally, electronically, visually, or in a document or other tangible form which is either identified as or should be reasonably understood to be confidential and/or proprietary; and,
- any notes, extracts, analysis, or materials prepared by you and which consist of copies of or derivative works of PhishDeck Parties’ confidential information from which the substance of said information can be inferred or otherwise understood.
15.2 During the course of delivery of Support it will be necessary for confidential information to be exchanged between You and PhishDeck. The Recipient may use such confidential information only for the purposes for which it is provided, and may disclose it solely to employees, or contractors or partners, obligated to the Recipient under similar confidentiality restrictions and only for the purpose it was provided;
15.3 Confidential information shall not include information which the Recipient can clearly establish by written evidence that it is:
- already lawfully known to or independently developed by the Recipient without access to the confidential information;
- disclosed in non-confidential published materials;
- generally known to the public; or
- rightfully obtained from any third party without any obligation of confidentiality.
15.4 The Recipient agrees not to disclose confidential information to any third party and will protect and treat all confidential information with the highest degree of care. Except as otherwise expressly provided in this Service Agreement, the Recipient will not use or make any copies of confidential information, in whole or in part, without the prior written authorization of the other party;
15.5 Each party agrees and undertakes to either return to the other party the Confidential Information disclosed by, belonging to or about the other party (and any copies) or to confirm to the other party in writing that it has been destroyed, upon written demand from the other party;
15.6 The Recipient may disclose confidential information if required by statute, regulation, or order of a court of competent jurisdiction, provided that the Recipient provides the other party with prior notice, discloses only the minimum confidential information required to be disclosed, and cooperates with the other party in taking appropriate protective measures. These obligations shall continue to survive indefinitely following the termination of this Service Agreement with respect to confidential information. This shall in no event preclude either Party to continue conforming with applicable data protection legislation, applicable legislation regarding customer trade secrets and any legislation regarding national security;
15.7 Each party will procure that all persons associated with it, whether as directors, employees or advisers, comply with the provisions of this clause 15;
15.8 This clause constitutes an ongoing, continuing condition of this Agreement and shall endure beyond the termination of this Agreement (howsoever caused).
16.1 You agree that PhishDeck and its affiliates may collect and use any technical information which you provide or which is acquired by PhishDeck as part of your use of the Service;
16.2 The use of technical information by PhishDeck will be limited to generating statistics of the use of the Service for market research and to drive improvements in Service Infrastructure;
16.3 PhishDeck agrees not to publish any of this information in a form that personally identifies you and furthermore explicitly declares that all information acquired by PhishDeck as a result of your use of the Service will be kept confidential;
16.4 Each party shall comply with its respective obligations under applicable data protection laws, particularly the General Data Protection Regulation, as well as its respective obligations under local applicable legislation regarding customer trade secrets and any legislation regarding national security measures, if contractually applicable;
16.5 You agree that PhishDeck may refer to the name of your corporation as one of its customers, both internally and in externally published media, unless you expressly, and in writing, restrict PhishDeck from mentioning you. Any additional disclosure by PhishDeck with respect to you or your company shall be subject to your prior written consent.
17. Changes in Service
17.1 You acknowledge and agree that PhishDeck may, in its sole and absolute discretion, modify or remove the Service as necessary. Simulation, verification and authentications performed by the Service may also be modified, removed or updated by PhishDeck at its sole discretion and at any time without notice.
18. Term and Termination
18.1 A Subscription that has reached its expiry date is to be considered as terminated or revoked;
18.2 Without prejudice to any other rights, PhishDeck may terminate or revoke this Service Agreement if the Subscriber does not abide by the terms and conditions of this Service Agreement;
18.3 PhishDeck may terminate or revoke this Agreement forthwith on giving written notice to the Subscriber in the event that the Subscriber uses, or attempts to use, PhishDeck’s Service or its results, in any manner or form that is illegal, or that is reasonably likely, to bring the Service and/PhishDeck, into disrepute, or have a material adverse effect on the goodwill of PhishDeck (including any Trade Mark) or the Service;
18.4 PhishDeck may terminate or revoke this Agreement forthwith in the event that the Subscriber attempts or actually reverse engineers any software/intellectual property owned by PhishDeck;
18.5 Any termination of this Agreement (howsoever occasioned) shall not affect any accrued rights or liabilities of either party nor shall it affect the coming into force or the continuance in force of any provision hereof which is expressly or by implication intended to come into force or continue in force on or after such termination;
18.6 Upon termination of the Subscription, the Subscriber must immediately cease and desist from making further use of the Service;
18.7 Without prejudice to any other rights, the Subscriber may immediately terminate this Service Agreement if PhishDeck does not abide by or is otherwise in breach of this Agreement or any other agreement entered into between the Parties which is related to this Service Agreement.
19. Entire Agreement
19.1 This Service Agreement supersedes all prior agreements, arrangements and undertakings, or contemporaneous oral or written communications, proposals and representations between the parties and constitutes the entire agreement between the parties relating to the subject matter hereof;
19.2 In the event that any one or more of the phrases, sentences, clauses or sub-clauses contained in this Agreement shall be declared invalid or unenforceable by an arbitrator or by order, decree or judgment of any court having jurisdiction, or shall be or become invalid or unenforceable by virtue of any duly promulgated law, rule or regulation, the remainder of this Agreement shall be construed as if such phrases, sentences, clauses or sub-clauses had not been inserted;
19.3 This Agreement may be executed in any number of identical counterparts with the same effect as if all parties hereto had all signed the same document;
19.4 To the extent that the terms of this Service Agreement conflict with any other terms and conditions, policies or programs for Support issued by PhishDeck, the terms of this Service Agreement shall prevail;
19.5 In addition, the terms set out in this Service Agreement shall prevail and control over any and all additional or conflicting terms or provisions contained in any other document concluded with the Subscriber, whether such document constitutes a purchase order or alternative agreement, and any and all such additional or conflicting terms shall be void and shall have no effect;
19.6 If this Service Agreement is translated into a language other than English and there are conflicts between the translations, the English language version shall prevail and control;
19.7 This Service Agreement:
- may not be assigned by the Subscriber. Any purported assignment will be null and void;
- may not be amended by Subscriber;
- may be amended by PhishDeck from time to time and PhishDeck shall incorporate any amended Service Agreement in the latest version of the Service;
- the Subscriber shall be immediately notified by PhishDeck of any amendments made to the Service Agreement;
- In the event that the Subscriber is not in agreement with any amendment made to the Service Agreement, then the Subscriber may immediately terminate its Agreement with PhishDeck – this termination of service shall be done in writing by means of an email with return receipt to firstname.lastname@example.org;
- termination of service due to any amendments made to the Service Agreement, shall not entitle the Subscriber to any refunds for services already rendered by PhishDeck.
- the Subscriber shall remain liable to make payments for services rendered by PhishDeck prior to the termination of service.
- is for the sole benefit of PhishDeck and the Subscriber and nothing herein, express or implied, is intended to or shall confer upon any other person or entity any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Service Agreement.
20. Governing Law
20.1 This Agreement shall be governed by and construed in accordance with the laws of Malta. Any dispute arising out of this agreement or in connection with the interpretation and fulfilment of this agreement shall be submitted to the jurisdiction of the courts of Malta.
21. No Waiver or Delay
21.1 The delay or failure of PhishDeck to exercise any right provided in this agreement shall not be deemed to be a waiver of such right. Any express waiver, delay or failure by PhishDeck to exercise promptly any right under this agreement due to it will not create a continuing waiver or any expectation of nonenforcement.
Updated 27th January 2020