Keepnet SaaS Product: Terms & Conditions

THE KEEPNET LABS LTD TERMS OF SERVICE (HEREAFTER REFERRED TO AS THE "AGREEMENT") REGULATE CUSTOMER’S ACCESS AND UTILIZATION OF KEEPNET LABS LTD SUBSCRIPTION SERVICES. “KEEPNET LABS LTD” REFERS TO KEEPNET LABS LTD, KEEPNET LABS OR KEEPNET, A UK COMPANY WITH REGISTERED OFFICE AT UNIT 6 QUEENS YARD, WHITE POST LANE, LONDON, ENGLAND, E9 5EN, AND ITS ASSOCIATED ENTITIES. YOU CAN CONTACT KEEPNET LABS LTD AT INFO@KEEPNETLABS.COM. IN THE EVENT OF THE CUSTOMER FULLY SIGNING A MASTER AGREEMENT WITH KEEPNET LABS LTD, SUCH MASTER AGREEMENT WILL OVERSEE THE ACCESS AND USE OF THE SUBSCRIPTION SERVICES. CAPITALIZED TERMS HOLD THE DEFINITIONS AS STATED HEREIN. UPON ACCEPTANCE OF THIS AGREEMENT, BY: (1) MARKING A BOX THAT INDICATES ACCEPTANCE DURING THE SUBSCRIPTION SERVICES; (2) SIGNING A QUOTATION THAT CITES THIS AGREEMENT; OR (3) UTILIZING KEEPNET LABS LTD SUBSCRIPTION SERVICES, THE CUSTOMER CONSENTS TO THE TERMS OF THIS AGREEMENT. IF AN INDIVIDUAL IS ACCEPTING THIS AGREEMENT ON BEHALF OF A LEGAL ENTITY OR ORGANIZATION, THEY GUARANTEE THAT THEY HAVE COMPLETE POWER AND AUTHORITY TO BIND THE ORGANIZATION AND ITS AFFILIATES TO THESE TERMS, IN WHICH CASE THE TERM “CUSTOMER” SHALL ALLUDE TO SUCH ORGANIZATION AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT POSSESS SUCH AUTHORITY OR DISAGREES WITH THESE TERMS, THEY SHOULD NOT ACCEPT THIS AGREEMENT NOR USE THE SUBSCRIPTION SERVICES. The Customer and Keepnet Labs LTD may be referred to individually as a “party” or collectively as the “parties” within this Agreement. The Agreement governs all access and use of Keepnet Labs LTD’s Subscription Services, as defined below, provided by Keepnet Labs LTD to the Customer. Keepnet Labs LTD reserves the right to revise or update this Agreement from time to time. We recommend the Customer to review this Agreement periodically to stay updated on the terms governing their use of the Subscription Services. The Customer's continued use of the Subscription Services following any changes made by Keepnet Labs LTD implies acceptance of those changes. The Subscription Services cannot be accessed for purposes of monitoring their availability, performance, or functionality, or for any other benchmarking or competitive purposes, or as otherwise restricted by this Agreement. Direct competitors of Keepnet Labs LTD (or third party agents acting on behalf of such direct competitors) are prohibited from accessing the Subscription Services.

1. Definitions

For the purpose of this Agreement:

"Active User(s)" signifies Customer’s Users with active assigned Seats.

"Affiliate" implies an entity that, either directly or indirectly, through one or more entities, controls, is controlled by, or is under common control with, the specified entity.

"Beta Services" denotes the second phase of software testing where a subset of the intended audience tests a service prior to its public release, in which Customer, in turn, provides Keepnet Labs LTD feedback about the tested software.

"Channel Partner" refers to an authorized Keepnet Labs LTD reseller, distributor, or managed service provider through which Customer may acquire the Subscription Services and/or Professional Services.

"Confidential Information" pertains to all information or material disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”), either orally or in writing, that: (a) either party gains some competitive business advantage, provides either party an opportunity of obtaining some competitive business advantage, or the disclosure of which could be detrimental to the interests of the Disclosing Party; and (b) is either: (i) labeled “Confidential,” “Restricted,” “Proprietary,” or includes similar markings; (ii) known by the parties to be confidential and proprietary; or (iii) reasonably assumed to be confidential and proprietary under all relevant circumstances. The Subscription Services are considered Confidential Information of Keepnet Labs LTD.

"Customer Privacy Notice" refers to Keepnet Labs LTD’s Customer Privacy Notice found at https://keepnetlabs.com/privacy-policy or any other URL locations on Keepnet Labs LTD’s website as Keepnet Labs LTD may provide from time to time.

"Documentation" pertains to Keepnet Labs LTD’s current generally accessible documentation, specifications, user manuals, etc., for the Subscription Services, located at https://doc.keepnetlabs.com/Next-Generation-Product/master or other URL locations on Keepnet Labs LTD’s website as Keepnet Labs LTD may provide from time to time.

"LMS" signifies a learning management system or learning management software for managing, documenting, tracking, reporting, and delivering any tutorial and/or Training Content, that includes any e-learning education courses or training programs or any in application tutorial. Keepnet Labs LTD offers a cloud-based LMS through its Web Hosted Services. Upon approval by Keepnet Labs LTD, Customers may also choose to use its own, or a third party’s, LMS in accordance with the terms of this Agreement.

"Professional Services" refers to any professional services, including implementation and installation services, managed services, consultancy services, or services for the customization or branding of Training Content, agreed upon by the parties and set forth in a Quote. Keepnet Labs LTD may require Customer to enter into a statement of work (“SOW”) outlining the Services to be executed.

"Quote" is a purchasing document or other similar document, such as a purchase order or SOW, in relation to a purchase under this Agreement.

"Seat(s)" pertains to the number of Users permitted access to the Subscription Services according to the user count purchased via a Quote.

"Security Page" denotes Keepnet Labs LTD’s security page that provides details about Keepnet Labs LTD’s security practices, located at https://doc.keepnetlabs.com/resources/compliance or any other URL locations on Keepnet Labs LTD’s website as Keepnet Labs LTD may provide from time to time.

"Software" is the object code version of any software that may be licensed by Customer under this Agreement for installation on Customer’s systems. To the extent Keepnet Labs LTD delivers any updates or enhancements to Customer as part of the Support Services, such updates and enhancements will be considered included in the definition of Software.

"Subscription Services" entails any Web Hosted Services, Software, Support Services, Professional Services, Training Content, and/or other services that Keepnet Labs LTD offers to Customer, including any relevant Documentation.

"Support Services" represents maintenance and support of any Subscription Services provided by Keepnet Labs LTD, as outlined in Exhibit A.

"Subscription Term" is the term stated in the respective Quote during which the Customer is granted access to the Subscription Services in accordance with this Agreement.

"Training Content" represents digital courseware, training modules, testing and training templates, games, posters, artwork, videos, newsletters, security documents, or other content and materials provided by Keepnet Labs LTD and/or its third-party licensors.

"User(s)" signifies Customer’s authorized employees or independent contractors, with an assigned unique business email address (i.e., an email address using a business email domain name that Customer owns or is authorized by the domain name owner to use for the purposes contemplated herein), who may access the applicable Subscription Services.

"Web Hosted Services" denotes an application and/or database services hosted by Keepnet Labs LTD or its agents, made available for remote access and use by Customer and its Users, under this Agreement.

2. Payment Terms

2.1. Purchase of Subscription Services

The Customer is deemed to have completed a full purchase of the Subscription Services (irrespective of any divided payment conditions) upon the earliest occurrence of: (a) a Quote that the Customer has signed and submitted to Keepnet Labs LTD or the respective Keepnet Labs LTD Channel Partner for processing; or (b) initiation of payment by the Customer through methods including check, credit card, or other payment modes. This includes customers who make direct purchases from our website using their credit cards. Payment via any of these methods indicates acceptance of the corresponding Quote or invoice issued to the Customer by Keepnet Labs LTD. If the Customer is an organization subject to fiscal period limitations or appropriations, the Customer affirms and ensures that it has the capability to pay all fees in full, regardless of any divided payment conditions, from the allocated budget of the Customer’s current fiscal period. Alternatively, the Customer confirms that it has the authority to legally commit to a purchase outside of the current fiscal period. Unless stated otherwise herein, all sales are conclusive, non-refundable, and non-returnable, except in relation to Subscription Services that do not meet the applicable specifications in the relevant Documentation or those not identified in the applicable Quote or SOW.

2.2. Charges for Subscription Services

The charges for Subscription Services will be outlined by Keepnet Labs LTD and will be valid for the duration stipulated in the Keepnet Labs LTD Quote (if applicable). If no duration is stipulated, the pricing will be effective for thirty (30) calendar days. Notwithstanding the above, charges may be subject to escalation upon the renewal of a Quote, or if the Customer decides to supplement or upgrade the Subscription Services during the Subscription Term specified in the Quote. Charges do not encompass any taxes, levies, duties, or similar governmental assessments of any nature, including, for instance, value-added; sales; use; or withholding taxes, liable by any jurisdiction whatsoever (collectively, “Taxes”). The Customer is accountable for remitting all Taxes linked with its purchases under this agreement. If Keepnet Labs LTD has the legal obligation to pay or collect Taxes for which the Customer is liable under this Section, Keepnet Labs LTD will invoice the Customer and the Customer will pay that sum unless the Customer provides Keepnet Labs LTD with a legitimate tax exemption certificate authorized by the relevant taxing authority. For clarity, Keepnet Labs LTD is solely responsible for taxes assessable against it grounded on its income, property, and employees. Except as otherwise specified herein or in a Quote: (a) charges are premised on the Subscription Services purchased and not actual usage; (b) payment obligations are non-cancelable and charges paid are non-refundable, except where expressly permitted herein; and (c) the Subscription Term and quantities purchased cannot be decreased during the applicable Subscription Term. For clarity, the Customer is accountable for any payments owed but not paid by any Affiliates ordering Subscription Services under this agreement.

2.3. Payment Timeline and Late Fees

The payment for Subscription Services may be invoiced in total by Keepnet Labs LTD at the beginning of the Subscription Term or as distinctly stated in the Quote. The Customer commits to pay the full amount of each invoice devoid of offset or deduction within thirty (30) days following the date of Keepnet Labs LTD's invoice (unless otherwise specified on the invoice). If the Customer does not remit any uncontested amount within fifteen (15) days' notification of late payment, Keepnet Labs LTD reserves the right to collect the amount due plus an interest rate of 1.5% per month (or the maximum rate allowed by applicable law) on all undisputed amounts that are unpaid by the due date. The Customer will also cover all of Keepnet Labs LTD's reasonable collection costs including, but not limited to, reasonable attorneys' fees.

2.4. Contested Payments

The Customer reserves the right, in good faith, to contest the whole or a segment of an invoice before its due date. Keepnet Labs LTD will not impose interest on contested amounts given that the Customer provides written notice, prior to the due date, explaining the specific nature of the dispute and remits any uncontested amount by the due date. If the Customer fails to provide such notice, Keepnet Labs LTD has the right to impose interest as described above. If Keepnet Labs LTD and the Customer cannot resolve the dispute, the parties agree to submit the dispute to arbitration, and the prevailing party will be eligible to recover its reasonable costs and expenses, including reasonable attorney's fees.

2.5. Subscription Upgrades and Additional Features

The Customer reserves the right, in good faith, to contest the whole or a segment of an invoice before its due date. Keepnet Labs LTD will not impose interest on contested amounts given that the Customer provides written notice, prior to the due date, explaining the specific nature of the dispute and remits any uncontested amount by the due date. If the Customer fails to provide such notice, Keepnet Labs LTD has the right to impose interest as described above. If Keepnet Labs LTD and the Customer cannot resolve the dispute, the parties agree to submit the dispute to arbitration, and the prevailing party will be eligible to recover its reasonable costs and expenses, including reasonable attorney's fees.

2.6. Outstanding Charges

If Keepnet Labs LTD does not receive any invoiced amount by the due date, then without limiting its rights or remedies, (a) those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid, and/or (b) Keepnet Labs LTD may condition future subscription renewals and Orders on payment terms shorter than those specified in this Section.

2.7. Service Suspension

If any charge owing by the Customer under this or any other agreement for Keepnet Labs LTD's services is 30 days or more overdue, Keepnet Labs LTD may, without limiting its other rights and remedies, suspend Subscription Services until such amounts are paid in full. Keepnet Labs LTD will provide the Customer with at least a 10-day notice that its account is overdue before suspending services.

3. Product Usage and Rights

3.1. Keepnet System Requirements

Before using the Keepnet platform, it is strongly recommended that you review some elements to ensure that you meet the necessary requirements. The platform has specific minimum requirements that must be met for optimal performance and functionality. Please note that the requirements extend to various aspects of the platform, including the Portal UI, Phishing Reporter, and Diagnostic Tool. Each of these components has its own set of requirements that need to be satisfied. For more detailed information on the specific requirements for each component, please refer to the following sections:

1. Portal UI Requirements
2. Phishing Reporter Requirements
3. Diagnostic Tool Requirements

By ensuring that your system meets these requirements, you can make the most of the Keepnet platform's capabilities.Please note that all information is subject to change and it is recommended to check the official Keepnet Labs documentation for the most up-to-date system requirements. https://doc.keepnetlabs.com/Next-Generation-Product/master

3.2. Access to Subscription Services

Keepnet Labs LTD provides Customer with a non-exclusive, non-transferable, non-sublicensable right to use the relevant Subscription Services detailed in the Quote during the Subscription Term, strictly for Customer's internal operations and not for resale or external distribution. If the Subscription Services include the possibility to download Software and/or Training Content, Customer is permitted to download, install, utilize, execute, display, and access the Software and Training Content following this Agreement and the Documentation. Certain Software or other components incorporated in Keepnet Labs LTD’s Subscription Services may be made available under an open-source license, which can be found at a URL to be provided by Keepnet Labs LTD from time to time.

3.3. Functioning of the Subscription Services

The application and functioning of Keepnet Labs LTD’s Subscription Services, as well as any deliverables resulting from the Subscription Services, are facilitated by designated administrator(s) employed or engaged by the Customer. Any Managed Services may be subject to supplementary fees.

3.4. User Management

The Subscription Services can only be accessed by the approved number of Users for whom the Customer has paid the applicable Subscription Services charges. The Subscription Services are granted on a per-Seat, subscription basis. Customer bears exclusive responsibility for managing access to the Subscription Services for its Users. The simultaneous number of Active Users granted access cannot surpass the number of Seats purchased. If the number of Active Users outnumbers the number of Seats purchased, the Customer is required to either compensate for any Seats exceeding the purchased quantity or promptly reduce its Active Users count. Customer is not authorized to freely re-allocate Seats to Users. Cycling of Seats among Customer's staff is prohibited by Keepnet Labs LTD. If an Active User's account is canceled or removed, that User's Seat license is no longer considered active and may be assigned to another User subject to Keepnet Labs LTD's written approval. However, Keepnet Labs LTD's approval is not necessary in the event an Active User’s account is terminated due to the termination of that Active User’s employment, or otherwise due to the end of a contract with that Active User, to accommodate normal employee attrition at the Customer's organization. Keepnet Labs LTD reserves the right to monitor the Customer's adherence to this Section and, upon request by Keepnet Labs LTD, Customer agrees to confirm its compliance with this Section. Additional Seats can be added during the Subscription Term, and these additional Seats will coincide with the existing Subscription Term, ending on the same date. Adding more Seats during the Subscription Term will be priced at the same volume, level, and term discount purchased under the existing Subscription Term and will be valid only until the end of the current Subscription Term. New rates may be applicable upon renewal.

3.5. Professional Services

If the Customer procures Professional Services to be provided by Keepnet Labs LTD, the Customer might be required to sign a Statement of Work (SOW) outlining the project details. Professional Services can comprise, but are not limited to, the request for Keepnet Labs LTD to apply and operate the Subscription Services on behalf of the Customer (“Managed Services”), additional maintenance and support (beyond the standard Support Services already included), personalization and branding of any Training Content, and any additional consultancy or professional services. The completion timeline for any Professional Services under an SOW, and any milestones, will rely on Keepnet Labs LTD’s receipt of all required Customer assets and specifications for the project, as well as a validly signed SOW for processing, as requested by Keepnet Labs LTD. The completion deadline will commence from the delivery date of all such assets and specifications, not the date of Keepnet Labs LTD’s receipt of the signed SOW. Customer acknowledges that delays in providing assets or specifications at the request of Keepnet Labs LTD for such Professional Services may result in a delay in the completion of the Professional Services. Keepnet Labs LTD will not be held responsible for delays caused by the Customer's failure to cooperate reasonably. Service hours purchased in accordance with an SOW or a Quote will expire upon the end or termination of the Customer's Subscription Term and will not extend into any subsequent Subscription Term renewal.

3.6. Support Services

Subscription Services are accompanied by standard Support Services at no extra charge. Support Services are provided in line with the terms and conditions detailed in Annex A. However, Keepnet Labs LTD will have no obligation to support: (a) services, hardware, or software supplied by anyone other than Keepnet Labs LTD; (b) Subscription Services issues resulting from Customer's negligence, misuse, or incorrect application; or (c) Customer's usage of Subscription Services in a manner other than specified in the Documentation.

3.7. Limited Access Account

If the Customer is provided with access to or use of any Subscription Services for evaluation or on a trial basis, including any limited access accounts established by the Customer, then, subject to the terms and conditions of this Agreement, Keepnet Labs LTD hereby offers Customer, strictly for its internal evaluation purposes, a revocable, limited, non-exclusive, non-transferable, non-sublicensable right to access the relevant Subscription Services for the Limited Access Period, subject to any terms or limitations explicitly set forth in any activation email or Quote. Customer may only use such Subscription Services from the earlier of: (1) the date this Agreement is accepted by Customer; or (2) the date on which Customer was permitted access to the Subscription Services by way of an activation email or Quote, until the expiration date stated in the applicable activation email, or, if no expiration date is specified in the relevant activation email, thirty (30) days after the earlier of either (a) or (b) herein (the “Limited Access Period”). Customer and Keepnet Labs LTD may extend the Limited Access Period upon mutual written agreement (including via email). This evaluation license and access grant will terminate automatically upon the expiry of the Limited Access Period. At any time prior to the end of the Limited Access Period, Keepnet Labs LTD may terminate the Limited Access Period for the Subscription Services without notice. Upon any termination, the Customer shall cease use and/or access to the Subscription Services unless and until the Customer has agreed to purchase a license or access grant to use and/or access such Subscription Services. During the Limited Access Period, all terms and conditions of this Agreement will apply, except that (i) no fees will be due from Customer, unless otherwise specified; (ii) the Subscription Services will be provided without warranties or indemnities of any kind and entirely on an “as-is” basis (e.g., Sections including Support Services, warranties and Keepnet Labs LTD indemnity obligations will not apply); and (iii) additional evaluation terms and conditions may appear on the trial registration web page or activation email sent by Keepnet Labs LTD, on the applicable Quote provided by Keepnet Labs LTD, or by way of a proof of concept agreement executed between the parties. Any such additional terms and conditions shall be incorporated into this Agreement by reference and are legally binding. Apart from the foregoing limited license and access grant, Customer is not being granted any right, title, or interest in or to the Subscription Services. All such rights are expressly reserved by Keepnet Labs LTD. CUSTOMER DATA, INFORMATION, REPORTS, MATERIALS AND/OR CONFIGURATIONS TO THE SUBSCRIPTION SERVICES MAY BE PERMANENTLY LOST OR DELETED.

3.8. Beta Services

Keepnet Labs LTD may offer Beta Services to the Customer free of charge. Use of the Beta Services is at the discretion of the Customer and is intended only for evaluation purposes. Beta Services are not deemed as "Subscription Services" and do not include Support Services. Beta Services may be subject to additional terms. Keepnet Labs LTD reserves the right to discontinue the Beta Services at any given time. The use of the Beta Services will automatically terminate when Keepnet Labs LTD makes such Beta Services widely available. Beta Services might be unpredictable and could lead to unexpected results. Customer acknowledges and agrees that: (a) Beta Services are experimental and have not undergone complete testing; (b) Beta Services may not meet the Customer's requirements; (c) the use or operation of any Beta Services may not be uninterrupted or error-free; (d) Customer's use of any Beta Services is for the purpose of evaluating and testing the Beta Services and providing feedback to Keepnet Labs LTD; (e) Customer will inform its Users regarding the nature of Beta Services; and (f) Beta Services are considered Confidential Information. Customer will promptly report any errors, defects, or other deficiencies in any Beta Services to Keepnet Labs LTD. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, ALL BETA SERVICES ARE PROVIDED "AS-IS" AND "AS-AVAILABLE," WITHOUT WARRANTIES OF ANY KIND. Customer hereby waives any and all claims, now known or later discovered, that Customer may have against Keepnet Labs LTD and its third-party providers and licensors arising out of Customer's use of Beta Services.

3.9. Intellectual Property

Keepnet Labs LTD and its licensors retain and reserve all rights, title, and interest, including intellectual property rights, in the Subscription Services and all enhancements, modifications, and updates thereto. Except for the licenses expressly granted in this Agreement, Keepnet Labs LTD is not granting any rights, express or implied, in or to Keepnet Labs LTD’s intellectual property. All such rights in such property are expressly reserved by Keepnet Labs LTD.

3.10. Feedback

Customers may provide Keepnet Labs LTD with suggestions, comments, or other feedback (collectively, "Feedback") concerning the Subscription Services. Feedback is voluntary. Keepnet Labs LTD is not obligated to keep any Feedback confidential. Keepnet Labs LTD may utilize Feedback for any purpose without any obligations of any kind. To the extent a license is required to use any intellectual property in any Feedback, Customer grants Keepnet Labs LTD an irrevocable, non-exclusive, perpetual, royalty-free license to use such Feedback in connection with Keepnet Labs LTD's business, including improving the Subscription Services.

3.11. Subscription Services Analytics

Keepnet Labs LTD may use and reproduce data in an aggregated, de-identified, and general format ("Anonymized Data") for the development, maintenance, support, and improvement of current and future Subscription Services; for tracking Subscription Services usage metrics and statistics; for analyzing and reporting on threat intelligence; and for other similar purposes. In the event such de-identified or Anonymized Data is disclosed, it will only be disclosed in a general or aggregated manner that does not identify the Customer or any individual and will exclude Customer Confidential Information and Personal Data (as defined below). Keepnet Labs LTD will implement reasonable technical safeguards that prevent the reversal of De-Identified Data and implement reasonable business processes to prevent inadvertent release of Customer Data (as defined below).

4. Customer Duties and Limitations

4.1. Network Connection

The Customer is solely accountable for all Internet or telecommunications connections, along with any related charges, necessary for accessing and utilizing the Subscription Services, as well as all relevant hardware and software. Keepnet Labs LTD is not accountable for: (a) the Customer’s Internet connectivity; (b) interference or interruptions in Internet communications; or (c) modifications or data loss via the Internet.

4.2. User Identifiers

The Customer must safeguard User credentials (such as usernames and passwords), maintaining their confidentiality, and neither the Customer nor its Users shall disclose such credentials to any third party. Moreover, the Customer shall promptly notify Keepnet Labs LTD upon becoming aware of an unauthorized disclosure of any such credentials or any unauthorized access. In case of termination of the engagement or deactivation of any User aware of such credentials, the Customer must promptly alter such credentials and revoke that User's access. Seats can only be assigned to Users with unique email addresses with business domain names that the Customer either possesses or is permitted to use by the domain name owner in accordance with this Agreement and the corresponding Documentation.

4.3. Customer's or Third Party's LMS Usage

If the Customer opts to use its own or a third party’s Learning Management System (LMS), or other mechanisms for hosting Training Content or similar content supplied by Keepnet Labs LTD or its third-party licensors, the Customer must ensure strict compliance with this Agreement and make certain an agreement with any such third party is in place, providing the same level of protection for the Training Content and similar content as stated herein. Following the expiration or termination of the relevant Term (as defined below), the Customer shall ensure all Training Content and similar content is removed from its own, or the third party’s, possession.

4.4. Subsidiaries

If the Customer is purchasing Seats on behalf of a Subsidiary, the Customer must make sure its Subsidiaries adhere to the terms of this Agreement. Any usage of the Subscription Services by the Subsidiary and its Users signifies acceptance of this Agreement's terms by the Subsidiary and its Users, for which the Customer will be jointly and severally responsible with its Subsidiary for any breach of this Agreement by the Subsidiary or its Users. No Subsidiary can enforce any provision of this Agreement directly. All actions to enforce this Agreement must be brought by the Customer.

4.5. Prohibitions

The Customer commits not to: (a) duplicate, reproduce, reverse engineer, disassemble, generate derivative works from, decompile, or otherwise try to expose the trade secrets or expertise underlying the Subscription Services; (b) utilize Keepnet Labs LTD’s intellectual property or Confidential Information to develop a competing service or otherwise replicate Keepnet Labs LTD’s content, materials, and/or user interface for the development of similar services; (c) eliminate or obliterate any copyright notices, other proprietary indicators, or confidentiality legends positioned on or made accessible via the Subscription Services; (d) try to gain unauthorized entry to, or disrupt the integrity or performance of, the Subscription Services or the data contained therein (including without limitation penetration or other such security testing); (e) use the Subscription Services for competitive analysis, benchmarking, or market research objectives; or (f) use the Subscription Services in any way or for any purpose inconsistent with the terms of this Agreement or the Documentation.

4.6. Accountability

The Customer acknowledges that some of Keepnet Labs LTD’s Subscription Services are designed to aid the Customer in training Users and might include the creation, customization, and dissemination of simulated cyber security attack campaigns for employee training purposes. However, the Customer, not Keepnet Labs LTD or any Channel Partners, will be held accountable for compliance with all legal and governmental regulations, as well as any outcomes associated with the Customer’s use of the Subscription Services (including any reports or information generated in relation thereto).

4.7. Customer Materials

Depending on the Subscription Services purchased via a Quote, the Customer may utilize Keepnet Labs LTD’s Subscription Services to host its assets, content, and other resources, such as certain reports; documents; guides; audiovisual materials; photographs; videos; and audio files, to make available to Active Users through Keepnet Labs LTD’s LMS or Web Hosted Services (“Customer Materials”). The Customer shall retain ownership of the Customer Materials. Provided the Customer and its Users adhere to this Agreement’s terms and conditions, during the applicable Subscription Term, Keepnet Labs LTD will grant the Customer and Active Users remote electronic access to the Customer Materials through the Subscription Services. Keepnet Labs LTD reserves the right to: (a) undertake any action with respect to Customer Materials that it deems necessary or appropriate, if Keepnet Labs LTD reasonably suspects such Customer Materials violate this Agreement, infringe any intellectual property right or other rights of any person or entity, endanger any person's personal safety, or create potential liability for Keepnet Labs LTD; (b) take appropriate legal action, including, without limitation, referral to law enforcement, for any illegal or unauthorized Customer Materials provided by the Customer; or (c) suspend or terminate the Customer’s access to the Subscription Services for violation of this Agreement. The Customer grants Keepnet Labs LTD, its third-party providers, and each of their respective licensees, successors, and assigns the right to use, reproduce, modify, perform, display, distribute, and otherwise disclose the Customer Materials as necessary to make the Customer Materials available to the Customer and its Active Users through the Subscription Services. The Customer declares and guarantees that: (a) the Customer owns all rights in and to the Customer Materials and/or has the authority to grant the licenses granted herein to Keepnet Labs LTD, its third-party providers, and each of their respective licensees, successors, and assigns; and (b) all Customer Materials comply and will continue to comply with this Agreement; (c) all Customer Materials comply and will continue to comply with all applicable laws and regulations; and (d) the Customer Materials do not and will not: (i) contain any material which is defamatory, obscene, indecent, abusive, offensive, violent, hateful, inflammatory, or otherwise objectionable; (ii) promote sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age; (iii) infringe any patent, trademark, trade secret, copyright, or other intellectual property or other rights of any person; (iv) violate the legal rights (including the rights of publicity and privacy) of others or contain any material that could lead to any civil or criminal liability under applicable laws or regulations or that otherwise may conflict with this Agreement; (v) promote any illegal activity or advocate, promote, or assist in any unlawful act; (vi) deliberately cause unreasonable disturbances to any other person or organization; or (vii) contain any: (A) viruses, trojan horses, worms, backdoors, or other software or hardware devices, the effect of which would allow unauthorized access to, or disable, erase, or otherwise harm any computer, systems, software, or content; or (B) time bombs, drop dead devices, or other software or hardware devices designed to disable a computer program automatically with the passage of time or under the positive control of any person, or otherwise deprive Keepnet Labs LTD, or its customers/users, of its lawful rights. In addition to the Customer’s indemnification obligations contained in this Agreement, the Customer will defend and indemnify Keepnet Labs LTD and hold it harmless from any and all claims, losses, deficiencies, damages, liabilities, costs, and expenses (including, but not limited to, reasonable attorneys’ fees) incurred by Keepnet Labs LTD as a result of any claim by a third party arising from Keepnet Labs LTD’s hosting or distribution of the Customer Materials as authorized under this Agreement. The procedure for indemnification will be as set forth in the Section covering the Customer’s indemnification obligations.

4.8 Overage charges

In the event that the Customer's actual usage exceeds the quantity of services purchased under the Agreement (e.g., exceeding the number of purchased seats), Keepnet hereby agrees not to interrupt or limit the Services for the additional usage. Instead, Keepnet will continue to provide the Services to all users, including those exceeding the originally purchased quantity, and will adjust the Customer's billing to reflect the total number of seats used during the billing period.

Should the Customer's usage exceed the number of seats initially purchased (for example, if the Customer has purchased 100 seats but expands usage to 120 seats), Keepnet will automatically revise the billing to accommodate the total active seats (in this case, 120 seats). The overage will be charged based on the rate applicable to the Customer's current plan for the additional seats utilized beyond the agreement's original scope.

This overage charge policy is designed to ensure that the Customer's service remains uninterrupted and all users retain access to Keepnet's Services, even as the Customer's needs evolve beyond the initially purchased capacity. The overage charges will be clearly detailed in the Customer's billing statement for transparency.

It is the Customer's responsibility to monitor their usage levels through Keepnet's customer portal and manage their service plan accordingly to anticipate and adjust for any overages. This provision is intended to offer flexibility and scalability to the Customer, supporting their operational continuity and growth without service interruption due to exceeding the agreed-upon quantity of services.

4.9 Use of customer logo

The Customer grants consent to Keepnet Labs LTD to display the Customer's company logo within the Keepnet Labs LTD interface and associated promotional materials. This includes, but is not limited to, website content, social media posts, and marketing materials. The Customer's company logo will be used solely for showcasing Keepnet Labs LTD's valued clientele and their association with our platform.

5. Duration and Cessation of the Agreement

5.1. Duration

This Agreement comes into effect on the Effective Date and will persist until all terms quoted have either expired or been otherwise terminated (an individual quoted term being a "Subscription Period" and all collectively quoted Subscription Periods known as the "Duration").

5.2. Suspension

Keepnet Labs LTD reserves the right to suspend the Customer's (or a User's) usage or access to the Subscription Services in cases where: (a) the Customer violates the Agreement (including failing to make timely payment); (b) Keepnet Labs LTD determines that such usage or access presents a security threat to the Subscription Services or to other Customers or users of the Subscription Services; (c) it is necessary to prevent harm to, or degradation of, the Subscription Services or Keepnet Labs LTD’s systems; (d) such use or access infringes any law, regulation, court order, or other governmental request; or (e) Keepnet Labs LTD suspects fraudulent or abusive behaviour. Keepnet Labs LTD will make commercially reasonable efforts to: (i) restrict the suspension to the problematic segment of the Subscription Services; and (ii) promptly rectify the issues causing the suspension of the Subscription Services. Nothing in this clause undermines Keepnet Labs LTD’s right to terminate for cause as outlined in this Agreement, or ability to terminate this Agreement in the instance Customer is acting, or has acted, in a manner that breaches applicable law.

5.3. Termination

5.3.1. If the Customer fails to settle any invoice when due and does not make such payment within fifteen (15) days after receiving notice from Keepnet Labs LTD of such failure, Keepnet Labs LTD may, at its sole discretion, either: (a) suspend execution or performance of any Quote, or any remaining balance thereof, until such payment is made; or (b) terminate any Quote. In either scenario, the Customer will remain accountable for payment for the Subscription Services.

5.3.2. Either party may cease the Agreement or a Quote following a significant breach of the Agreement or Quote by the other, if the breaching party fails to rectify the breach within thirty (30) days after receiving written notice from the other party detailing the breach.

5.3.3. The Customer may cease this Agreement or any applicable Quote at any moment and for any reason upon providing thirty (30) days' written notice to Keepnet Labs LTD, however, the Customer will not be entitled to refund or relief of its future payment obligations.

5.3.4. Keepnet Labs LTD may cease this Agreement or any applicable Quote at any moment and for any reason upon providing thirty (30) days' written notice to the Customer, however, the Customer will be entitled to a prorated refund and relief of its future payment obligations for the unused portion of the Subscription Services.

5.4. Consequences of Termination

5.4.1. In the event the Agreement or Quote is ceased by the Customer without cause, or by Keepnet Labs LTD for cause, the Customer will pay for all Subscription Services ordered as of the effective date of termination of the particular Quote. Moreover, if a Quote specifies a Subscription Period for which Keepnet Labs LTD will provide Subscription Services or Professional Services to the Customer (e.g., thirty-six (36) months), and that Quote is ceased by Keepnet Labs LTD for cause (including nonpayment) or by the Customer without cause, then all future, recurring fees associated with the remaining Subscription Period of such Quote will become immediately due and payable, and will be paid by the Customer to Keepnet Labs LTD upon the effective date of such cessation.

5.4.2. In the event the Customer ceases the Agreement or Quote due to material breach in accordance with this Agreement, the Customer will be eligible for a refund for any unusable, pre-paid Subscription Services fees for the remaining duration of the Subscription Period, as applicable, of the affected Subscription Services.

5.4.3. Upon any cessation, the Customer's privilege to use and access the Subscription Services (including any Training Content and other materials provided by Keepnet Labs LTD) will immediately halt. The Customer must return or destroy all copies (original and reproductions) of such Subscription Services, in alignment with this Agreement. Upon Keepnet Labs LTD’s request, the Customer must provide a certification of destruction.

5.4.4. During an active Subscription Period, the Customer will have the option to download a copy of its Customer Data stored in the Subscription Services in the form and format as such Customer Data is displayed in the Subscription Services. Upon termination or expiration of this Agreement or the Duration, Keepnet Labs LTD will be entitled to delete or destroy Customer Data in Keepnet Labs LTD’s, or in Keepnet Labs LTD’s third party provider’s, possession. Notwithstanding the foregoing, Keepnet Labs LTD will be allowed to retain copies of data contained in an archive that: (a) are created in line with its security retention (including email retention) policy, a database backup, and/or disaster recovery procedures; or (b) are kept by Keepnet Labs LTD for record-keeping, archival, or governance purposes in compliance with Keepnet Labs LTD’s document retention policies. To the extent that it is not commercially viable or technically feasible for Keepnet Labs LTD to remove Customer Data from archive or other backup media, Keepnet Labs LTD may retain Customer Data on such media in accordance with its retention, backup, or other disaster recovery procedures. Any such retained data will continue to be subject to the provisions of this Agreement for as long as it is retained.

5.4.5. The implementation of the right to cease this Agreement and any Quote will be supplementary to any other rights or remedies provided in this Agreement, or existing at law or equity, that are not otherwise excluded or limited under this Agreement.

6. Confidentiality

6.1. Confidential Information

Throughout the Agreement's duration, both parties may disclose certain confidential information to each other. However, it should be noted that Confidential Information does not include information that: (a) becomes publicly available without any breach by the Receiving Party under this Agreement; (b) was already known to the Receiving Party prior to disclosure, as evidenced by contemporaneous written records; (c) was acquired from a third party without breaching any confidentiality obligations; or (d) was independently developed by a party without reference to the other party's Confidential Information.

6.2. Protection of Confidential Information

Unless expressly stated in this Agreement, the Receiving Party must not use or disclose the Disclosing Party's Confidential Information without obtaining the Disclosing Party's prior written consent. However, the Receiving Party may disclose and use the Confidential Information: (a) to its employees or consultants on a need-to-know basis, provided that they have signed written agreements that impose restrictions on the use and disclosure of such Confidential Information at least as stringent as those stated in this section; and/or (b) when required by a subpoena or similar order from a court or government agency. In such cases, the Receiving Party must promptly inform the Disclosing Party in writing and provide a copy of the subpoena or order (unless notice is prohibited by the applicable process). The Receiving Party must only disclose the Confidential Information as necessary to comply with the subpoena or order. The Receiving Party must exercise the same degree of care and precaution in protecting the Disclosing Party's Confidential Information as it does for its own Confidential Information and trade secrets of a similar nature, but in no event less than reasonable care. Each party acknowledges that the unauthorized use or disclosure of the other party's Confidential Information may cause irreparable harm for which monetary damages are not sufficient. Therefore, in addition to other available remedies in law, equity, or otherwise, the Disclosing Party is entitled to seek injunctive relief to prevent such unauthorized use or disclosure.

6.3. Return and Destruction of Materials

Any documents or tangible objects containing or representing the Confidential Information that one party discloses to the other, as well as any summaries, copies, descriptions, excerpts, or extracts thereof in the possession of the other party, will remain the property of the Disclosing Party and must be promptly returned. The Receiving Party will make reasonable efforts to delete or destroy any summaries, copies, descriptions, excerpts, or extracts thereof in its possession upon the written request of the Disclosing Party. The Receiving Party is not obligated to delete or destroy copies that: (a) are part of an archived computer system backup made in accordance with its security, retention, and disaster recovery procedures; or (b) are kept by a party for record-keeping, archival, or governance purposes in compliance with its document retention policies. Any retained Confidential Information remains subject to the terms and conditions of this Agreement for as long as it is retained. Notwithstanding the return or destruction of Confidential Information, the Receiving Party remains bound by its confidentiality and other obligations in accordance with the terms of this Agreement. Upon request, the Receiving Party will provide written certification of its compliance with this section.

7. Data Rights and Protection

7.1. Customer Information

Customer provides Keepnet Labs LTD with a non-exclusive, free-of-charge license to utilize data and other relevant details, inclusive of Personal Data that is processed or stored via the Subscription Services by the Customer or on behalf of the Customer ("Customer Information"): (a) in agreement with this Contract; (b) in harmony with the Customer Privacy Notice; (c) for the provision of the Subscription Services, including any supplementary Professional Services and Support Services; and/or (d) as mandated by legal requirements. "Personal Data" pertains to personally identifiable information as characterized by applicable laws.

7.2. Data Protection

Customer Information is protected following industry-standard managerial, physical, and technological protocols as highlighted in Exhibit B. These protocols are formulated to safeguard the security, confidentiality, and integrity of Customer Information. Keepnet Labs LTD employs protective measures to avert unauthorized access, utilization, alteration, and disclosure of Customer Information. However, Customer Information may be accessible: (a) to Keepnet Labs LTD's staff and other authorized individuals as required for the delivery of the Subscription Services, Professional Services, and Support Services; (b) when enforced by pertinent laws; (c) as articulated in the Customer Privacy Notice; or (d) as explicitly permitted by the Customer. Keepnet Labs LTD's Subscription Services operate in data centers owned by third parties that are designed with elevated availability, business continuity, and disaster recovery capabilities. The cloud architecture of Keepnet Labs LTD complies with industry-standard security practices and undergoes frequent evaluations to identify and manage vulnerabilities and risks. For comprehensive information regarding Keepnet Labs LTD's information security practices, kindly refer to the Security Page on Keepnet Labs LTD's website.

7.3. Data Privacy

The acquisition, application, and sharing of Customer Information associated with the customer's use of the Subscription Services are governed by the Customer Privacy Notice. By employing the Subscription Services, both the Customer and each User acknowledge that the processing of Customer Information will be in accordance with the Customer Privacy Notice and this Agreement. The handling of Customer Information might occur in the country of its origin and in other nations where privacy laws may be less stringent or vary. However, Keepnet Labs LTD ensures adherence to all relevant data protection regulations concerning the processing of Customer Information. By using the Subscription Services or submitting Customer Information via the Subscription Services, the Customer explicitly consents to such processing. If the Customer or User provides Personal Information or other data belonging to a third party, the Customer assures and confirms that they have procured appropriate consent or authorization from the respective individual, organization, or third party for doing so. If the Customer enters into a Data Processing Agreement with Keepnet Labs LTD, the terms of the Data Processing Agreement will regulate the management of data between the parties and will take precedence over the provisions outlined in this section in case of any conflict. Please see our privacy policy, https://keepnetlabs.com/privacy-policy

7.4. Other Sensitive Data

In accordance with the UK's Data Protection Act 2018 and the European Union's General Data Protection Regulation (GDPR), Keepnet Labs LTD neither solicits nor requires any data classed as protected health information ("PHI") as per the Health Insurance Portability and Accountability Act ("HIPAA"), any non-public personally identifiable or financial information governed by the Gramm-Leach-Bliley Act ("GLBA"), or payment card details protected by the Payment Card Industry Data Security Standards ("PCI DSS") for the provision of its Subscription Services. Under the EU's GDPR, "The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited." (Article 9.1). Similar protections are echoed in the UK's Data Protection Act 2018 which states, "Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation for one or more specified purposes, is prohibited unless..." (Schedule 1, Part 1). It's strongly advised that Customers do not disclose any PHI, GLBA-regulated, PCI DSS-protected, or other sensitive data to Keepnet Labs LTD. Please note that Keepnet Labs LTD does not enforce specific measures to ensure compliance with HIPAA, GLBA, PCI DSS, UK Data Protection Act 2018, or EU GDPR regulations within its Subscription Services. Consequently, all responsibility relating to these regulations remains with the Customer. Keepnet Labs LTD's Subscription Services are not intended for use by minors, as stipulated by law. Customers are explicitly prohibited from permitting minors to access or use the Subscription Services unless expressly granted in a written agreement by an authorized representative of Keepnet Labs LTD.

8. Compliance

8.1. Anti-Bribery & Corruption

Customer undertakes not to engage in any unlawful activities, including but not limited to: (a) making illegal payments to government officials or employees; (b) providing any form of value, whether as property, services, or otherwise, to any person with the intention of gaining an improper business advantage; or (c) agreeing, committing, or offering to undertake any of the aforementioned actions in connection with this Agreement or any related activities.

8.2. International Trade Compliance

The sale, resale, or other disposition of Subscription Services and associated technology or documentation is subject to various economic sanctions, export control laws, and other trade restrictions imposed by applicable governments, including the U.S. and other relevant jurisdictions. As these laws may have extraterritorial reach, Customer agrees to comply with all applicable measures, including but not limited to: (a) the Export Administration Act of 1979, as amended (50 U.S.C. §§ 2401–2420) and the Export Administration Regulations, 15 C.F.R. §§ 730–774 ("EAR"); (b) the Arms Export Control Act, 22 U.S.C. § 2778, and the corresponding International Traffic in Arms Regulations ("ITAR"); (c) economic sanctions laws and regulations enforced by the U.S. Department of the Treasury's Office of Foreign Assets Control ("OFAC"), 31 C.F.R. §§ 500, et seq., and the U.S. Department of State; and (d) anti-boycott regulations, guidelines, and reporting requirements under the Export Administration Regulations and Section 999 of the Internal Revenue Service Code. Customer acknowledges its sole responsibility for compliance with these laws when applicable. Furthermore, Customer acknowledges and agrees not to directly or indirectly export, import, sell, disclose, or transfer any Subscription Services to any country or party subject to such restrictions. Customer is solely responsible for obtaining any necessary license(s) for the export, re-export, or import of the Subscription Services.

8.3. Anti-Money Laundering Compliance

The customer affirms and guarantees that all financial transactions will be conducted through its legally registered entity, as indicated in the Quote or this Agreement (or through its Affiliates) that is party to this Agreement. Furthermore, the customer asserts and assures that it will not falsify or endeavor to obscure the identity of the entity making the payment or any recipient(s) of the Subscription Services.

8.4. Employee Vetting Procedure

Keepnet Labs LTD upholds a rigorous hiring protocol, inclusive of background checks, which aligns with all pertinent laws and regulations. As far as Keepnet Labs LTD is aware, and consistent with its comprehensive background verification policy, it has not, within the previous seven (7) years, knowingly engaged individuals who have been found guilty of crimes encompassing violence, theft, fraud, money laundering, sexual offenses, or any other transgressions that would present an unacceptable risk when considering the responsibilities associated with the employment role and the operational necessities of Keepnet Labs LTD.

9. Guarantees and Disclaimers

9.1. Assurances for Subscription Services

The Subscription Services delivered by Keepnet Labs LTD will substantially comply with the relevant Documentation. Keepnet Labs LTD guarantees that the fundamental features of the Subscription Services won't be materially diminished throughout the Subscription Term. In the event of a violation of this assurance, the Customer must immediately alert Keepnet Labs LTD. The exclusive obligation of Keepnet Labs LTD and the sole recourse of the Customer for such violation will be for Keepnet Labs LTD to provide Support Services to repair or replace the implicated Subscription Service within a thirty (30) day period upon receiving notification. If Keepnet Labs LTD is unable to correct the discrepancy within this timeframe, the Customer may terminate the applicable Quote and be reimbursed for any pre-paid Subscription Services fees for the section of the Subscription Services that were unusable. However, if the violation is a consequence of the Customer's improper handling, misuse, or failure to utilize the Subscription Services as stated in this Agreement, the Customer will not be eligible for a refund or absolution of payment duties. The Customer is responsible for thoroughly describing any discrepancies to enable Keepnet Labs LTD to facilitate remediation. Keepnet Labs LTD will not be accountable for any delays caused by the Customer's failure to respond to requests.

9.2. Assurances for Professional Services

Keepnet Labs LTD assures that it will deliver Professional Services professionally, and in a manner adhering to this Agreement. The Customer must alert Keepnet Labs LTD of any violations of this assurance within thirty (30) days of identifying the violation. The sole obligation of Keepnet Labs LTD and the only recourse of the Customer for such violation will be for Keepnet Labs LTD to either redo the Professional Services or terminate the relevant Quote or SOW and issue a refund for the portion of the pre-paid Professional Services fees that were non-compliant.

9.3. Adherence to Regulations

Both parties guarantee their compliance with all laws and regulations pertinent to the provision or use of the Subscription Services.

9.4. Disclaimer of Warranties

Both parties guarantee their compliance with all laws and regulations pertinent to WITH THE EXCEPTION OF THE LIMITED WARRANTIES STATED ABOVE: (A) THE SUBSCRIPTION SERVICES ARE PROVIDED "AS IS," WITH ALL DEFECTS, AND WITHOUT ANY WARRANTIES OF ANY KIND; AND (B) KEEPNET LABS LTD EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, QUIET ENJOYMENT, INFORMATION ACCURACY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. KEEPNET LABS LTD DOES NOT WARRANT THAT THE OPERATION OF THE SUBSCRIPTION SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE SUBSCRIPTION SERVICES WILL BE RECTIFIED. NO ORAL OR WRITTEN INFORMATION, MARKETING, PROMOTIONAL MATERIALS, OR ADVICE PROVIDED BY KEEPNET LABS LTD OR ITS AUTHORIZED REPRESENTATIVES WILL CREATE A WARRANTY OR EXPAND THE SCOPE OF THE EXPRESS WARRANTIES PROVIDED HEREIN. CUSTOMER ACKNOWLEDGES THAT THE TRAINING CONTENT IS FOR GENERAL INFORMATION PURPOSES ONLY AND THAT KEEPNET LABS LTD IS NEITHER A LAW FIRM NOR PROVIDES ANY PROFESSIONAL OR ADVISORY SERVICES. THE INFORMATION PRESENTED DOES NOT CONSTITUTE LEGAL ADVICE AND SHOULD NOT BE RELIED UPON AS SUCH. THE SUBSCRIPTION SERVICES MAY INCLUDE THE TRADE NAMES OR TRADEMARKS OF VARIOUS THIRD PARTIES, AND IF SO, SUCH USAGE IS SOLELY FOR ILLUSTRATIVE AND EDUCATIONAL PURPOSES. ALL SUBSCRIPTION SERVICES AND COMPANY NAMES ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS. THE USE OR DISPLAY OF TRADEMARKS DOES NOT IMPLY ANY AFFILIATION WITH, ENDORSEMENT BY, OR ASSOCIATION OF ANY KIND BETWEEN SUCH THIRD PARTIES AND KEEPNET LABS LTD.

9.5. THE SUBSCRIPTION SERVICES MAY BE USED TO ACCESS AND TRANSFER INFORMATION OVER THE INTERNET. CUSTOMER ACKNOWLEDGES AND AGREES THAT KEEPNET LABS LTD AND ITS THIRD-PARTY PROVIDERS AND LICENSORS DO NOT OPERATE OR CONTROL THE INTERNET AND THAT: (A) VIRUSES, WORMS, TROJAN HORSES, OR OTHER MALICIOUS DATA OR SOFTWARE; OR (B) UNAUTHORIZED USERS (E.G., HACKERS) MAY ATTEMPT TO ACCESS AND DAMAGE CUSTOMER DATA, WEBSITES, COMPUTERS, OR NETWORKS. KEEPNET LABS LTD WILL NOT BE RESPONSIBLE FOR SUCH ACTIVITIES. FURTHERMORE, EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD-PARTY HOSTING PROVIDERS. CUSTOMER IS SOLELY RESPONSIBLE FOR ITS ACTIONS USING FEATURES OR COMPONENTS OF THE SUBSCRIPTION SERVICES THAT INTEGRATE WITH CUSTOMER'S INFORMATION TECHNOLOGY SYSTEMS. CUSTOMER ACKNOWLEDGES THAT KEEPNET LABS LTD IS NOT RESPONSIBLE FOR: (I) CUSTOMER'S ACTIONS WITHIN ITS SYSTEMS USING SUCH FEATURES OR COMPONENTS; (II) CUSTOMER'S BACKUPS OF ITS INFORMATION TECHNOLOGY SYSTEMS; AND/OR (III) CUSTOMER'S COMPLIANCE WITH APPLICABLE LAW.

10. Liability Coverage

10.1. Keepnet Labs LTD's Liability Coverage

Keepnet Labs LTD shall provide defense and cover Customer against any and all claims made against Customer by a third party that purports that the authorized usage of the Subscription Services by the Customer directly infringes upon the valid U.S. patent, copyright, or trade secret rights of that third party. Keepnet labs respects patents, trademarks, copyrights and other forms of intellectual property or other rights of any person.

10.1.1. General Exceptions

Despite the aforementioned, Keepnet Labs LTD holds no obligation in regard to any infringement claim insofar as it is founded upon or emerges from the Customer’s (including its representatives): (a) use or incorporation of the Subscription Services with any third-party intellectual property not approved by Keepnet Labs LTD; (b) alteration or modification of the Subscription Services by Customer, or Customer’s representatives, not sanctioned by Keepnet Labs LTD or the Documentation; (c) use of the Subscription Services beyond the allowable uses in the Agreement or the Documentation; (d) specifics or other intellectual property offered by Customer; or (e) failure to implement updates, modifications, or replacements issued by Keepnet Labs LTD to the Subscription Services (collectively, the “Exempted Claims”).

10.1.2. Procedure

The aforementioned liability coverage of Keepnet Labs LTD is contingent upon Customer promptly notifying Keepnet Labs LTD in writing of such claim (the delay or failure in doing so will not relieve Keepnet Labs LTD from any obligations to cover Customer except to the degree that such delay or failure substantially prejudices the defense of such claim), allowing Keepnet Labs LTD sole control to manage the defense or settlement of such claim and providing Keepnet Labs LTD reasonable support (at Keepnet Labs LTD’s sole expense) in connection therewith.

10.1.3. Solutions

If an infringement claim under this Section transpires, or if Keepnet Labs LTD discerns a claim is likely to happen, Keepnet Labs LTD will have the option, in its sole discretion, to either: (a) secure for Customer the right or license to persist using the Subscription Services free of the infringement claim; or (b) adjust the Subscription Services to render them non-infringing, without loss of substantial functionality. If neither of these solutions is feasibly accessible to Keepnet Labs LTD, Keepnet Labs LTD may, at its sole discretion, immediately terminate this Agreement and related Quote and offer a prorated refund for any prepaid Subscription Services fees for the unusable portion of the Subscription Services for the remainder of the applicable Subscription Term. The terms of this Section constitute the sole and exclusive commitments and liability of Keepnet Labs LTD and its licensors and suppliers for any claim of intellectual property infringement related to the Subscription Services or this Agreement, and replace any implied warranties of non-infringement, all of which are explicitly disclaimed.

10.2. Customer's Liability Coverage

The Customer will defend and cover Keepnet Labs LTD against any third-party claims resulting from any claim by a third party stemming from: (a) Customer’s use of the Subscription Services in violation of this Agreement; (b) Keepnet Labs LTD’s authorized use of the Customer Data; or (c) the Exempted Claims. The Customer consents to pay any amounts conclusively decreed by a court of law or due to a settlement in relation to such third-party claim (inclusive of, but not restricted to, reasonable attorneys’ fees). The aforementioned liability coverage of the Customer is contingent upon Keepnet Labs LTD promptly notifying the Customer in writing of such claim (the delay or failure in doing so will not relieve Customer from any obligations to cover Keepnet Labs LTD except to the degree that such delay or failure substantially prejudices the defense of such claim), allowing the Customer sole control to manage the defense or settlement of such claim, provided that the Customer may not settle any such claim unless it unconditionally absolves Keepnet Labs LTD of all liability, and providing the Customer reasonable support (at the Customer's sole expense) in connection therewith.

11. Limitations on Liability

11.1. NEITHER KEEPNET LABS LTD NOR ITS THIRD-PARTY PROVIDERS OR LICENSORS SHALL HOLD ANY LIABILITY TO CUSTOMER OR ANY THIRD PARTY FOR ANY LOSS OF PROFITS, SALES, BUSINESS, DATA, OR OTHER INCIDENTAL, CONSEQUENTIAL, OR SPECIAL LOSS OR DAMAGE, INCLUDING EXEMPLARY AND PUNITIVE DAMAGES, OF ANY KIND OR NATURE RESULTING FROM, OR ARISING OUT OF, THIS AGREEMENT, THE SUBSCRIPTION SERVICES, ANY PROFESSIONAL SERVICES, OR ANY SUPPORT SERVICES RENDERED HEREUNDER. THE TOTAL LIABILITY OF KEEPNET LABS LTD AND ITS THIRD PARTY PROVIDERS AND LICENSORS TO CUSTOMER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT, THE SUBSCRIPTION SERVICES, ANY PROFESSIONAL SERVICES, AND ANY SUPPORT SERVICES RENDERED HEREUNDER FOR ANY AND ALL CLAIMS OR TYPES OF DAMAGES SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE HEREUNDER BY CUSTOMER FOR THE SUBSCRIPTION SERVICES, ANY PROFESSIONAL SERVICES, AND ANY SUPPORT SERVICES AS TO WHICH THE LIABILITY RELATES, IN THE TWELVE (12) MONTHS PRIOR TO THE FIRST EVENT GIVING RISE TO LIABILITY. Both parties specifically acknowledge that the limitations on liability and the exclusion of certain losses or damages stated in this Section represent the agreed, negotiated understanding of the parties and are reflected in the applicable Subscription Services fees. The limitation on liability and types of losses or damages stated in this Agreement are intended by the parties to apply, regardless of the form of lawsuit or claim a party may bring, whether in tort, contract, or otherwise, and regardless of whether any limited remedy provided for in this Agreement fails of its essential purpose.

12. Miscellaneous Regulations

12.1. Public Information Disclosure; Governmental Transparency Requests

The relationship between Keepnet Labs LTD and the Customer is intended for the Customer to acquire a subscription to the Subscription Services, which encompasses software, content, and information pertinent to internet security awareness training, IT risk management, regulatory compliance, simulation of security attacks, vulnerability assessments, and other subscription services and service offerings. The Subscription Services, and any Confidential Information revealed, are exclusive to Keepnet Labs LTD and are a vital commercial asset of Keepnet Labs LTD (the “Exclusive Information”). The Exclusive Information comprises protected financial data, trade secrets, and commercially valuable details that, if revealed, would impair the competitive standing of Keepnet Labs LTD. In the event of a statutory public disclosure request for the release of Keepnet Labs LTD’s Exclusive Information, Customer will ensure that its response to such a request will be limited to the minimum necessary, based on the counsel's opinion. Customer will swiftly, but no later than five (5) business days after receiving such request, forward the request to Keepnet Labs LTD. Customer will not disclose any Exclusive Information except pursuant to written instructions by Keepnet Labs LTD or a conclusive, non-appealable court order.

12.2. U.S. Government Acquisition

This Section is applicable only to U.S. government customers. The Subscription Services are deemed to be commercial items, commercial computer software, commercial computer software documentation, and/or commercially available technical data pursuant to the relevant sections of the DFAR and the FAR. If procured by, or on behalf of, the Department of Defense or any of its components, the U.S. Government obtains the Subscription Services in compliance with DFAR 227.7202-3, Rights in Commercial Computer Software or Commercial Computer Software Documentation and DFAR 252.227-7015, Technical Data – Commercial Items, subject to the terms of this Agreement. If procured by or on behalf of any civilian agency, the U.S. Government obtains the Subscription Services in accordance with FAR 12.212, Software and/or commercially available technical data as defined in FAR 12.211, Technical Data, and such acquisition is subject to this Agreement, as required by FAR 52.227-19, Commercial Computer Licensed Software - Restricted Rights. Customer acknowledges that Keepnet Labs LTD’s Subscription Services and intellectual property are solely developed by Keepnet Labs LTD and its third-party providers, and each of their respective licensees, successors, and assigns, at Keepnet Labs LTD’s expense for Keepnet Labs LTD’s commercial use. The use of Keepnet Labs LTD’s Subscription Services and intellectual property by the U.S. government is governed solely by, and in accordance with, this Agreement.

12.3. Insurance Coverage

Keepnet Labs LTD maintains appropriate insurance coverages as mandated by applicable laws and regulations as specified in the contract or quote. The insurance policies are provided by carriers with an A.M. Best rating of A- or better, or an equivalent rating from another reputable rating agency. The minimum coverage amounts are as follows: (a) Comprehensive General Liability - not less than $1,000,000 per occurrence and $2,000,000 general aggregate; (b) Professional Indemnity, including Cyber & Privacy - not less than $5,000,000 in the aggregate; and (c) Workers Compensation Coverage - in compliance with relevant laws. Upon written request by the Customer, Keepnet Labs LTD will furnish a Certificate of Insurance as proof of its insurance coverage.

12.4. Independent Contractor

Keepnet Labs LTD, its staff, agents, subcontractors, and independent contractors are not employees or representatives of Customer and are acting as independent contractors in relation to Customer. Neither party is, nor will be considered to be, an agent; distributor; partner; joint venture; or representative of the other party for any purpose, and neither party will possess the authority to act for, or in the name of, or to commit, the other party in any manner whatsoever.

12.5. Force Majeure

Neither party to this Agreement will bear liability for delays or failures in performance under this Agreement (excluding payment obligations or violation of confidentiality requirements) resulting from circumstances or incidents beyond the reasonable control of such party, including acts of war, terrorism, acts of God, natural calamities (fires, explosions, earthquakes, hurricanes, flooding, storms, explosions, infestations), embargoes, civil unrest, sabotage, governmental acts, failure of the Internet, power failures, energy disruptions or shortages, other utility interruptions, or telecommunication disruptions, provided that the party facing delay: (a) informs the other party of such cause without unnecessary delay; and (b) uses its reasonable commercial efforts to promptly rectify such failure or delay in performance.

12.6. Governing Law; Jurisdiction, Mediation

Unless it is specified in the contract or quote with the customer or partner in a different way, the following provisions determine the law that will apply in the event of any disagreement or legal action arising out of or in relation to this Agreement and the courts that have jurisdiction over any such dispute or lawsuit. The accompanying stipulations depend on where the Customer is domiciled according to the following table. All proceedings are to be conducted in English.

12.7. Complete Agreement; Interpretation; Amendments; Severability; Endurance

This agreement, unless specified in the contract or quote with the customer or partner in a different way, inclusive of any and all exhibits annexed to it, embodies the entire understanding between the parties in relation to this Agreement. This understanding supersedes and integrates all previous understandings and all other proposals, letters, agreements, whether oral or written. The parties further acknowledge that there are no other incentives, warranties, representations, or agreements concerning the matters herein between the parties except as explicitly outlined in this Agreement. In the event of any contradiction between the core of this Agreement and any Quotation, or additional agreements entered into by the parties, the core of this Agreement will preside, unless otherwise expressly stated in a signed document by authorized representatives of the parties. In the event that the Customer or Users are presented with Keepnet Labs click-wrap, the contents of this Agreement will take precedence over any conflicting terms. As used herein, the term “including” will mean “including, but not limited to”; the term “includes” as used herein will mean “includes, but not limited to”; and terms appearing in the singular will embrace the plural, and terms appearing in the plural will embrace the singular. This Agreement cannot be modified, amended, or altered in any way except by a written agreement signed by authorized representatives of the parties, and any attempt at oral modification will be void and of no effect. If any provision of this Agreement is deemed by a court of competent jurisdiction to be contrary to law, the provision will be considered null and void, and the remaining provisions of this Agreement will remain in full force and effect. All provisions of this Agreement pertaining to confidentiality, non-disclosure, intellectual property, disclaimers, limitation of liability, indemnification, payment, and any other provisions which must endure in order to give effect to their meaning will survive the termination of this Agreement. KEEPNET LABS SPECIFICALLY OBJECTS TO ANY ADDITIONAL TERMS BEING ADDED THROUGH A CUSTOMER-PROVIDED PURCHASE ORDER OR SIMILAR DOCUMENT. IF A PURCHASE ORDER IS REQUIRED BY CUSTOMER, THE PARTIES AGREE THAT ANY ADDITIONAL TERMS CONTAINED THEREIN WILL NOT BECOME PART OF THE AGREEMENT BETWEEN THE PARTIES AND, SPECIFICALLY, THAT THE TERMS OF THIS AGREEMENT WILL SUPERSEDE AND REPLACE ANY AND ALL TERMS IN ANY PURCHASE ORDER.

12.8. Titles; Counterparts; Electronic Signatures

The titles included in this Agreement are for convenience purposes, only, and will not influence the meaning or interpretation of this Agreement. This Agreement can be executed in two or more original or facsimile counterparts, each of which will be regarded as an original, but all of which together will represent one and the same instrument. The parties agree that the electronic signature of a party to this Agreement will be as valid as an original signature of such party and will be effective to bind such party to this Agreement. The parties agree that any electronically signed document (including this Agreement) will be deemed: (a) to be “written” or “in writing”; (b) to have been signed; and (c) to constitute a record established and maintained in the ordinary course of business and an original written record when printed from electronic files. Such paper copies or “printouts,” if introduced as evidence in any judicial, arbitral, mediation, or administrative proceeding, will be admissible as between the parties to the same extent and under the same conditions as other original business records created and maintained in documentary form. For purposes hereof, “electronic signature” means a manually-signed original signature that is then transmitted by electronic means; “transmitted by electronic means” means sent via the internet as a “.pdf” (portable document format) or other replicating image attached to an email message; and, “electronically signed document” means a document transmitted by electronic means and containing, or to which there is affixed, an electronic signature.

12.9. Relationship of the Parties

Keepnet Labs, along with its personnel, agents, subcontractors, and independent contractors are not employees or agents of the Customer and are functioning as independent contractors in relation to the Customer. Neither party is, nor will be regarded as, an agent, distributor, partner, joint venturer, or representative of the other party for any purpose, and neither party will possess the authority to act on behalf of, or in the name of, or to bind the other party in any manner whatsoever.

12.10. Unforeseeable Circumstances

Neither party to this Agreement will be liable for delays or failures in performance under this Agreement (other than for payment obligations or breach of confidentiality requirements) resulting from circumstances or events beyond the reasonable control of such party, including acts of war, terrorism, acts of nature, natural disasters (fires, explosions, earthquakes, hurricanes, flooding, storms, explosions, infestations), embargos, riots, sabotage, governmental acts, failure of the Internet, power failures, energy interruptions or shortages, other utility interruptions, or telecommunications interruptions, provided that the delayed party: (a) informs the other party of such cause without undue delay; and (b) uses its reasonable commercial efforts to promptly correct such failure or delay in performance.

12.11. Governing Law; Jurisdiction

This Agreement shall be governed by and construed in accordance with English law. Unless it is specified in the contract or quote with the customer or partner in a different way, except in respect of enforcement where jurisdiction shall be non-exclusive, the parties irrevocably agree that the courts as shown in 12.6 shall have jurisdiction to hear, settle and/or determine any dispute, controversy or claim that arises out of or in connection with the Agreement or its subject matter or formation (including any non-contractual dispute, controversy, or claim). The subsequent provisions detail the law that will apply in the occurrence of any dispute or lawsuit arising out of or in connection with this Agreement and the courts that have jurisdiction over any such dispute or lawsuit. The accompanying terms depend on where the Customer is domiciled in accordance with the following table. All proceedings are to be conducted in English.

12.12. Delegation

Without the prior written agreement from the other party, which should not be unreasonably withheld or postponed, neither party may delegate or transfer this Agreement. Regardless, without the need for the other party's consent, either party can assign their obligations and rights under this Agreement, entirely but not partially, to an Affiliate (subject to the condition that any previously procured licenses, access rights, and Seats for the Subscription Services may not be transferable or assignable without written consent from Keepnet Labs) or in connection with any consolidation, merger, sale of all or almost all of such delegating party’s assets, or any other similar transaction. Provided that the assignee: (a) does not directly compete with the non-delegating party; (b) is capable of fulfilling the obligations under this Agreement; and (c) accepts the terms of this Agreement.

12.13. Absence of Forbearance

The failure or delay in exercising any right under this Agreement shall not constitute a waiver of that right. Unless stated otherwise, the remedies provided here are supplementary to, and not exclusive of, any other remedies of a party under law or equity. If any provision of this Agreement is deemed contrary to law by a court of competent jurisdiction, such provision shall be modified by the court and interpreted to best accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions shall remain effective.

12.14. Communications

Except as otherwise mentioned in this Agreement, all notices related to this Agreement must be in writing and will be deemed effective upon (a) personal delivery, (b) the third business day after mailing, or (c) the day of sending by email. All notices from Customer pertaining to contractual or legal matters (i.e. breach of contract, termination, indemnifiable claims, etc.) must be clearly identified and marked as Legal Notices to the address listed below. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer. All other notices to Customer will be addressed to the relevant account administrator designated by Customer.

Notice address for Keepnet Labs LTD:

Keepnet Labs LTD.

Attn: Legal Address

Unit 6 Queens Yard, White Post Lane, London, England, E9 5EN

support@keepnetlabs.com

13. Country-Specific Provisions

The subsequent provisions are specific to the local law requirements for the indicated country:

13.1 Compliance with Local Laws in Japan

If the Customer is domiciled in Japan, the Customer represents and warrants that it, as well as its officers, directors, and significant shareholders, are not: (a) Anti-Social Forces (as defined below), and have not been involved with Anti-Social Forces for at least the past five years; and (b) engaged in any activities related to Anti-Social Forces, including, but not limited to, management involvement, use of services, provision of funding or benefits. Keepnet Labs LTD reserves the right to terminate this Agreement immediately for cause in the event of a breach of any of these representations and warranties. For the purposes of this section, "Anti-Social Forces" collectively refers to organized crime groups (bouryokudan) or their members or affiliates, corporate extortionists (soukaiya), individuals or groups promoting social or political movements in a disruptive manner, or any other entities engaged in anti-social behavior.

13.2 Compliance with Local Laws in Germany

For Customers to whom German law applies, Section 11 "Limitations of Liability" of this Agreement is replaced by the following:

14. Limitations of Liability for Customers Domiciled in Germany

For Customers to whom German law applies, Section 11 "Limitations of Liability" of this Agreement is replaced by the following:

14.1. Unlimited Liability

The parties shall be jointly and severally liable without limitation: (a) in the event of willful misconduct or gross negligence; (b) within the scope of a guarantee assumed by the respective party; (c) if a defect is intentionally concealed; (d) in case of injury to life, body, or health; or (e) in accordance with the German Product Liability Law.

14.2. Material Obligations

In the event of a slightly negligent breach of such essential contractual obligations, the fulfillment of which is crucial for the proper performance of the Agreement, and the breach of which jeopardizes the achievement of the purpose of the Agreement and upon which the recipient of the service regularly relies (so-called material obligations/Kardinalspflichten), the liability of either party shall be limited to the foreseeable and typical damages according to the nature of the relevant transaction. No further liability of either party shall exist.

14.3. Limitation of Aggregate Liability

Unless the parties are liable in accordance with either section 11.1 or 11.2, the aggregate liability of each party together with all of its Affiliates arising out of or in connection with this Agreement shall not exceed the total amount paid by the Customer and its Affiliates hereunder for the Services giving rise to the liability in the twelve (12) months preceding the first incident giving rise to such liability. Payment obligations of the Customer and its Affiliates are not restricted by this limitation.

14.4. Limitations of Liability for Damages

Unless the parties are liable in accordance with section 11.1, the above limitations of liability shall apply to all claims for damages, regardless of the legal basis, including claims for tortious damages. These limitations of liability also extend to claims for damages against the employees, agents, or bodies of the respective other party.

14.5. Expiry of Rights

Any rights arising out of or in connection with this Agreement shall expire twenty-four (24) months after the commencement of the statutory limitation period. The statutory limitation rules for intentional and grossly negligent acts, claims arising from intentional or negligent injury to life, body, or health, fraudulent misrepresentation, and claims under the Product Liability Act as well as Section 548 of the German Civil Code shall remain unaffected.

15. Data Use and Privacy

The Customer grants Keepnet permission to utilize their data anonymously to compile reports on the susceptibility of various industries and departments to social engineering attacks. This provision is subject to the following conditions:

1. Anonymization will ensure no employee identification numbers or personally identifiable information (PII) are used.
2. The derived reports may be published to contribute to the broader understanding and awareness of phishing vulnerabilities.
3. Keepnet guarantees that this anonymized data will not compromise the Customer's privacy or security.

Annex A - SERVICE LEVEL AGREEMENT

This Service Level Agreement (“SLA”) stipulates the provision of Support Services needed to support and maintain the Subscription Services under the Agreement to which this SLA is attached. This SLA is valid for the Subscription Term specified in the applicable Quote. Termination of the Agreement and/or a Quote will result in termination of this SLA.

Support Parameters

Keepnet Labs's support parameters, including its support hours, can be found at https://doc.keepnetlabs.com/resources/keepnet-support-help-desk , or any other URL that Keepnet Labs may provide from time to time. To request Support Services, Customers can submit a ticket at https://support.keepnetlabs.com/portal/en/home or any other URL that Keepnet Labs may provide from time to time.

Service Availability & Uptime

Under the terms and conditions set forth in this Agreement, Keepnet Labs commits to the following:

1. Keepnet Solution Access: Keepnet Labs pledges to provide the Partner with reliable access to the Keepnet Solution, maintaining the high standards set forth in this Agreement.
2. Support Provision: In alignment with our Support provisions, Keepnet Labs will furnish assistance for the Keepnet Solution through the Advanced Support option as outlined in the Contract or Quote. The associated annual pricing for this support is clearly specified in the Contract or Quote.
3. Uptime Commitment: Utilizing commercially reasonable efforts, Keepnet Labs aims to ensure that Cloud-based Products and Services are available 99.9% of the time on a monthly basis. This uptime excludes any planned downtime for system maintenance, software updates, or any other unavailability caused by circumstances beyond Keepnet Labs' reasonable control. Such circumstances may include, but are not limited to, force majeure events under this agreement, or any other conditions stated under the “Tolerances” section in this Service Level Agreement (SLA).

For status updates regarding the availability of the Keepnet Solution, the Partner can subscribe to receive updates at https://keepnetlabs.statuspage.io , or at any other URLs that Keepnet may provide in the future.

Customer Help Desk - Support

Partner will be enrolled in the Customer Help Desk (“CHD”) support platform and together with the “Dedicated Contact(s)”, Keepnet will support Partner’s System Administrators with onboarding and training on how to use the Keepnet Solution, as appropriate so that Partner has the skills to exercise their Administrative Rights and perform support in compliance with Support specified in contract or quote. Keepnet will provide Partner with Second Level Support, as defined in Support specified in contract or quote. If Partner’s Customer utilizes either (a.) The Keepnet Solution “Phishing Reporter” button and/or (b.) an on-premise version of the Keepnet Solution, Keepnet may request Partner to download and install the Maintenance Tool for support activities. See the latest documentation about CHD at https://doc.keepnetlabs.com/keepnet-support

Keepnet will act diligently to respond to requests as soon as reasonably possible and in adherence with the CHD services framework. Support, support chart parameters, as well as support hours, are available at https://doc.keepnetlabs.com/technical-guide/keepnet-support or such other URLs as Keepnet may provide. Partner is able to submit a ticket here https://support.keepnetlabs.com/portal/en/newticket or such other URL as Keepnet may provide.

Keepnet will accept support tickets raised by any Partner employee, as per the CHD services framework. However, Partner will provide Keepnet with a list of “Authorized Partner Decision Makers” who can request non-support related items or higher-level requests. Higher level requests, made by Authorized Partner Decision Makers include requests for new development on features, backups of data and any request for data deletion, unless the data relates to personal data and the data subject makes a personal request. It also includes any requests for Keepnet services that require additional fees.

Partner will also be assigned a named Senior Support Contact(s) known as a Designated Contact(s) for assistance and second Designated Contact for escalation, where required. All designated contact(s) will be available out-of-hours for issues that are highly urgent and have high impact.

Keepnet will provide 08:30 – 17:30 GMT and 8.30-17.30 Pacific Daylight Time in US technical support (“Technical Support”) related to the Keepnet Solution. Partner can agree to purchase Advanced Support on an annual basis as per contract or quote which grants Partner faster response times and additional support hour(s), conditions apply.

Maintenance Windows and Updates

Keepnet will maintain, upgrade and/or enhance the Keepnet Solution, which may require the cessation or interruption of the Cloud-based Products and Services. To keep the platform up-to-date and secure, Keepnet will maintain the platform with scheduled updates during predefined maintenance windows, wherever possible (each a “Scheduled Outage”), to avoid unscheduled outages. The timing of these windows is carefully considered to minimize impact to all customers, but regrettably, with customers located in multiple time zones, maintenance may encroach on business hours for some customers. In order to plan your usage accordingly, please refer to Keepnet’s maintenance schedule here https://doc.keepnetlabs.com/product-update-maintenance Finally, whilst these are routinely regular maintenance windows, these windows are not always required and actual service outages are very rare.

In the event that a scheduled outage, that is not deemed an emergency outage, is required outside of the regular maintenance windows, Keepnet Labs will provide Partner's administrators with two (2) days' notice for any outage scheduled to last longer than thirty (30) minutes (each a "Scheduled Outage").

For any non-scheduled outage resulting in Unavailability that is immediately or close to immediately necessary to keep the Keepnet Solution running within the limits set by this SLA, Keepnet Labs will notify Partner's administrators as soon as possible after discovering that the non-scheduled outage is necessary and will take every reasonable measure to keep the Unavailability of the Keepnet Solution to a minimum.

Partner Responsibilities

Partner responsibilities in support of this SLA are:

1. Full compliance with the Agreement.
2. Providing reasonable availability of Partner’s administrators or technical representative(s) when resolving a service-related incident or request.
3. In the event that (a.) Partner has provided its Customer with the Keepnet Solution “Phishing Reporter” button and/or (b.) licensed the “On Premise” version of the Keepnet Solution, Keepnet may require Partner or Partner’s Customer to download and run the “Maintenance Tool” for Keepnet to analyze problems and resolve them in compliance with the SLA.
4. Providing proper notice of Keepnet's non-compliance with any part of the Keepnet Solution warranty set forth in the Agreement. Partner must adequately detail the non-compliance in a manner that allows Keepnet to assist with the remediation correctly and in accordance with the Agreement.
5. It is Partner’s responsibility that Partner’s Customers’ technology and business environment will support the Keepnet Solution and by deploying the Keepnet Solution in accordance with this Agreement, Keepnet Labs assumes no responsibility for any damages caused by way of Partner or Partner’s Customer using the Keepnet Solution in such a manner that is outside of the Terms and Conditions of this Agreement. Furthermore, Keepnet Labs assumes no responsibility for any simulated phishing campaigns whereby Partner or Partner’s Customer has (a.) used unauthorized 3rd party logos, trademarks, etc. and/or (b.) launched simulated phishing campaigns that has interrupted Partner’s Customers’ normal course of business, and/or (c.) whereby Partner or Partner’s Customer has inserted any sort of malware into any simulated phishing campaign either by accident or by willful intent.
6. Keepnet will not be liable for delays in remediation created by Partner’s failure to reply to requests by Keepnet. In the event that Partner has licensed the “On Premise” version of the Keepnet Solution, any refusal to cooperate with a request to download and run the Maintenance Tool could impact Keepnet’s ability to perform in compliance with the SLA. Partner agrees that the Keepnet Solution will only operate in accordance with Keepnet’s documentation (found at https://doc.keepnetlabs.com ) and as defined in the Agreement.

Support Prioritization

Within the scope of the SLA, Keepnet will respond to service-related incidents or requests submitted by Partner according to the Support Prioritization document which can be found here, https://doc.keepnetlabs.com/keepnet-support-help-desk#support-prioritisation

Designated Contacts

On the Effective Date, Keepnet will specify named individual(s) as support contact(s) ("Designated Contact(s)"), which may be updated from time-to-time. Keepnet will ensure that the Designated Contact(s) is/are fully trained on all Keepnet's products and services and will have been given context and background information as to Partner’s business requirements as they related to usage of the Keepnet Solution. In accordance with Support, Partner will have access to their Designated Contact(s) to assist with support requests and provide a human interface when necessary. This includes providing updates to any ongoing Second Level Support issues that are being handled by the technical product team. An additional Designated Contact with executive level authority will be assigned to offer Partner escalation in the event of an unsatisfactory support resolution or dispute. Last, as specified in contract or quote. Partner will have telephone access to a Designated Contact(s) for emergency situations that occur outside of the Support Hours also defined in the contract or quote.

Security Breach

In the event of a security incident, event, or breach ("Security Breach") of the Keepnet Solution that involves Partner’s or Partner’s Customer’s data, Keepnet Labs will notify Partner of the Security Breach within one hour, as allowed by applicable law. However, to mitigate or eliminate the risk quickly, or to respond in a timely manner, Keepnet may take action before informing the Customer during or after an incident. Keepnet will immediately conduct its own investigation and forensic analysis, and at the request and cost of Partner, a qualified third-party investigation, providing Partner with all applicable information about the Security Breach. Any third-party investigation request by Partner shall be at Partner’s expense. Partner and Keepnet will make the determination, as guided by their respective counsels, as to whether the Security Breach (based on the information provided by Keepnet Labs or a qualified third-party), requires disclosure to Partner's Customers. In the event that it has been determined by Keepnet Labs or a qualified third party investigator that the Security Breach was made due to a Keepnet Labs error, omission, or by Keepnet Labs internal misconduct, Partner will, with financial support (if applicable) from Keepnet Labs, notify each of Partner's Customer's points of contact impacted by the Security Breach of Keepnet Labs' admission of culpability of the Security Breach with a “Mutually Agreeable Statement” which must be agreed in writing between the Parties prior to distribution. Both parties will use good faith efforts to finalize the Mutually Agreeable Statement within 24 hours of the beginning of the drafting of said document. If extenuating circumstances around the Security Breach are prevalent, then both parties will act in good faith in determining the best course of action regarding Notification, in accordance with any applicable law, in notifying those affected by the breach in the most reasonable timely manner possible. In addition, if Keepnet Labs is directly culpable and in the event a Security Breach results in a threatened claim or actual claim against Partner, then Keepnet Labs shall indemnify Partner pursuant to this Agreement.

Recovery Point Objective

Keepnet Labs shall keep a solution in place such that in the event of any data loss, Keepnet Labs is able to recover all lost data except that which was lost in the preceding sixty (60) minutes of the data loss event.

Unavailability Event

The Keepnet Solution being Unavailable is defined as:

1. The Keepnet Solution becoming completely offline and not accessible to Partner, Partner's End Users, Partner's Customer's administrators, and/or all of the above.
2. The Keepnet Solution losing its core Platform functionality.
3. The Keepnet Solution malfunctioning in such a way that it is interfering with Partner's Customer's or its End User's regular course of business. Partner must provide evidence to prove that Keepnet Labs is responsible and that the alleged malfunction is not isolated to a single customer or group of customers who may be affected by another third-party factor. For the avoidance of doubt, a third-party factor could be something such as an emergency browser or operating system update, or a change in the ruleset of a third-party secure email gateway. Partner must also provide Keepnet with evidence that the Customer’s regular course of business was affected by the malfunction.

Tolerances

The Keepnet Solution becoming Unavailable arising directly or indirectly from:

1. Interruptions to the flow of data to or from the Keepnet Solution and other portions of the Internet that are outside of Keepnet Lab's control. This includes internet outages or degradations in service at Partner's Customer's location or Partner's Customer's End User's location or infrastructure.
2. Scheduled and non-scheduled maintenance windows to perform changes to the Keepnet Solution (including the implementation of any necessary updates and operating system patches) and other Keepnet Solution application updates which need to be made subject to Keepnet Labs striving to minimize the Unavailability that may be caused by not implementing such changes.
3. A “Security Breach” that is caused by malicious activity perpetrated by a known or unknown third party provided that Keepnet Labs have complied with their Security Policy which includes taking industry standard precautions and implementing best of breed third party solutions, commensurate with similarly situated SaaS platforms to protect its data and systems from known attack vectors. For the removal of doubt, a Security Breach that is deemed to be because of Keepnet Labs’ error, omission or willful misconduct will not qualify as a Tolerance and is subject to any applicable Service Credits due, in addition to the provisions set out under “Security Breach”.
4. The interruption or degradation of an integral third-party provider (e.g. AWS, Cloudflare) whereby Keepnet has opened a Service or Support Ticket ("Ticket") with the third party and the third party acknowledges the outage in response to the opening of that Ticket, or where the outage is published officially by the provider online. An error in the compiling of the Partner Content (of which Partner Content has not been compiled by Keepnet Labs), for example, a SCORM file that makes it such that the SCORM file does not operate properly on Keepnet Lab's approved web browsers. Partner requested interruptions made by Authorized Partner Decision Makers to the Keepnet Solution that are not requested due to the Keepnet Solution not operating in accordance with this SLA. Partner not complying with “Partner’s Responsibilities” and this action or inaction reasonably results in an impact on Keepnet’s ability to comply with the performance required under this SLA.

Forgiveness Policy

At Keepnet Labs, we understand that business needs and usage requirements can fluctuate. To cater to these dynamic needs and to ensure our clients have the best possible experience with our solutions, we have implemented a Forgiveness Policy with respect to certain usage limits. Our Forgiveness Policy is designed to be flexible and understanding of incidental or one-time occurrences where a customer might exceed their designated usage limit. This policy recognizes that exceeding limits can sometimes be unavoidable due to unforeseen circumstances or spikes in demand. Under this policy, if a customer exceeds their usage limit for the first time or on a rare occasion, Keepnet Labs may, at its sole discretion, not enforce the additional usage fees that would otherwise be applicable. This is intended to allow customers to adjust their usage behavior without immediately incurring additional costs. Please note that the application of the Forgiveness Policy is at the sole discretion of Keepnet Labs and will depend on factors such as the degree to which the limit was exceeded and the customer's history with respect to limit adherence. This policy is not intended to allow continued or repeated exceeding of usage limits, and Keepnet Labs reserves the right to impose additional fees if usage limits are repeatedly or significantly exceeded. We recommend that customers regularly review their usage metrics and adjust their plan accordingly to ensure they have adequate service provisions for their needs. Our team is always available to discuss your usage and assist you in finding the most suitable plan.

ANNEX B - DATA SECURITY OBLIGATIONS

Safeguarding Measures

Keepnet Labs will preserve the integrity of its IT environment and the Customer's Confidential Information from unauthorised access by utilising commercially acceptable measures and industry standard organisational, physical, and technical precautions, and abstain from enacting changes that substantially reduce the security level provided as of the Effective Date of the Agreement. Keepnet Labs will adhere to the baseline security standards specified in this Annex and inform the Customer in advance of any substantial modifications to Keepnet Labs’ information security policy that would significantly decrease the security of its IT environment. Keepnet Labs will undertake an ISO 27001, ISO 27017 and ISO 27018 or similar or successor audit annually. Upon request, Keepnet Labs will furnish the Customer with a copy of this audit report and quickly rectify and/or mitigate any non-conformance findings in accordance with Keepnet Labs' existing vulnerability remediation process. This audit report will be deemed Keepnet Labs' Confidential Information.

Storage of Personal Data

At Keepnet Labs, we take the security and privacy of personal data very seriously. We primarily store personal data within the European Economic Area (EEA). However, it is important to note that the personal data we manage may be transferred to service providers or other relevant parties that are based outside the EEA.

In the event of such a transfer of personal data outside the EEA, we ensure stringent measures are put in place to maintain data security and compliance with applicable laws. This includes implementing safeguards such as standard contractual clauses approved by the European Commission or adhering to the regulations of the EU-US Privacy Shield.

Rights of Individuals

As an individual, you have certain rights pertaining to your personal data. These rights include:

1. Access to Information: You have the right to obtain information about how we use your personal data. This policy is specifically designed to fulfil that purpose.
2. Access to Personal Data: You can request access to the personal data we hold about you.
3. Objection: You have the right to object to direct marketing and the use of your personal data on the grounds of legitimate interest.
4. Erasure: Under certain circumstances, you can request the deletion of your personal data.
5. Data Portability: You have the right to request a copy of the personal data we hold about you in a format that allows it to be transferred to another service provider.
6. Consent Withdrawal: If our use of your personal data is based on consent, you can withdraw that consent at any time.
7. Rectification: If the personal data we hold about you is incorrect or incomplete, you can request that we correct or complete it.
8. Restriction: Under certain circumstances, you can request that we restrict our use of your personal data.
9. Complaints: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Please be aware that these rights are not absolute and there may be circumstances in which they cannot be exercised or they are not relevant. Detailed information about these rights can be found on the website of the Information Commissioner’s Office – www.ico.org.uk .

Unsubscribe and Contact Information

If at any point you no longer wish to receive information from us, you can unsubscribe or contact us via email at support@keepnetlabs.com. Your request will be processed within 28 days. If you are a customer, you also have the ability to manage your preferences directly via your account. For more information, please visit our website at https://keepnetlabs.com/privacy-policy

Audit Rights

No more than once per calendar year during the Term of the Agreement and with a minimum of thirty (30) days’ prior written notice from the Customer to Keepnet Labs, the Customer may, at its own expense, audit Keepnet Labs to confirm compliance with the terms of this Annex. Such audit will: (i) Be concluded within two (2) weeks; (ii) Take place during Keepnet Labs' regular business hours in a way that, according to Keepnet Labs’ reasonable judgment, neither disrupts nor degrades Keepnet Labs’ regular business operations and is in line with Keepnet Labs' security and data protection policies; (iii) Be confined to Keepnet Labs’ facilities and personnel in the context of this Agreement; and (iv) Be conducted either by the Customer's personnel or, with Keepnet Labs' consent, by an independent third party mutually agreed upon by the parties. The Customer can prepare an audit report summarising the audit's findings and observations ("Audit Report"). Audit Reports will be treated as Confidential Information of both Keepnet Labs and the Customer, and the Customer will not disclose the Audit Reports to third parties except to the Customer’s legal advisors and consultants bound by confidentiality obligations using at least the same level of care the Customer uses to maintain the confidentiality of its own Confidential Information of a similar nature, but in no case less than a reasonable degree of care. The Customer will disclose the audit's results to Keepnet Labs within a week of its completion. Keepnet Labs will promptly respond to audit findings, discuss the findings with the Customer at Keepnet Labs' expense, and if applicable, rectify and/or mitigate any critical or high-risk findings.

Technical Security Measures

In relation to Keepnet Labs infrastructure that processes, stores, or transmits Customer Confidential Information, Keepnet Labs will utilise the following technical security measures where applicable (and keep them up-to-date by incorporating and using all commercially available updates):

Protection of Networks

1. Network-based firewalls or equivalent
2. Network intrusion detection/protection systems

Protection for Clients

1. Malware and malicious code protection are applied to all relevant workstations. No workstations are permitted to store or process customer data
2. Host-based firewall/intrusion prevention software that blocks activity not directly related to or useful for business purposes

Protection for System and Software

1. All systems and applications must utilise secure authentication and authorisation mechanisms
2. All applications developed by Keepnet Labs must be designed and implemented using secure coding standards and design principles (e.g., OWASP)
3. Operating systems must be hardened appropriately according to industry standard practices
4. Systems must be checked for known vulnerabilities and all identified known vulnerabilities must be patched as soon as reasonably feasible

Encryption and Security Measures

Keepnet Labs prioritizes the protection of data through robust encryption practices. As part of our commitment to maintaining a secure environment, we regularly review and update encryption configurations across all systems that utilize encryption. Our focus is on implementing modern industry-accepted encryption algorithms, ciphers, modes, and key lengths that meet rigorous security standards. By employing these encryption measures, Keepnet Labs ensures the confidentiality and integrity of sensitive information, providing our customers with enhanced data security and peace of mind.

Protection of Customer Confidential Information

1. Access to Customer Confidential Information: Keepnet Labs will ensure that only authorized individuals (based on their roles) will have access to Customer Confidential Information on behalf of Keepnet Labs
2. Storage of Customer Confidential Information: Keepnet Labs will not process or transfer Confidential Information to any portable storage medium, unless the storage medium is fully encrypted in accordance with the encryption requirements stated in this Annex
3. Transmission of Customer Confidential Information: All transmission or exchange of Customer Confidential Information by Keepnet Labs will use secure protocol standards in line with the encryption requirements specified in this Annex

Incidents

In the event of an incident involving unauthorized access to Customer Confidential Information on systems owned, managed, or subcontracted by Keepnet Labs, Keepnet Labs prioritizes immediate and decisive action, even sometimes before informing the affected party. Upon detecting such an incident, Keepnet Labs will first initiate its robust incident response procedures designed to eliminate the risks and contain the incident. This immediate action is a crucial aspect of our response strategy, designed to mitigate the impact, preserve system integrity, and prepare for a thorough analysis of the breach. This initial response, however, does not preclude or delay the crucial communication process with the affected Customer. Upon securing the immediate threat, and without undue delay, Keepnet Labs will promptly notify the Customer of the incident. This communication ensures transparency and enables the Customer to take any necessary steps on their end.

Keepnet Labs is committed to providing full cooperation during any subsequent investigations. This includes assisting with necessary notifications, providing any requested information, and offering insights from our own internal review of the incident. In the event of a breach or any unauthorized disclosure of Customer Confidential Information, Keepnet Labs will, at no additional cost to the Customer, provide comprehensive support in investigating the incident. This may involve providing system, application, and access logs, conducting forensic reviews of relevant systems, imaging relevant media, and making personnel available for interview.Upon notification of any actual breach, Keepnet Labs will immediately implement appropriate controls to maintain and preserve all electronic evidence relating to the breach in accordance with industry-standard practices. This evidence preservation is crucial for a comprehensive understanding of the breach, as well as for potential legal or regulatory proceedings. Through this approach, Keepnet Labs strives to ensure that every incident is handled with maximum efficiency, transparency, and cooperation, always prioritizing the best interests of the Customer.

Education and Training

Keepnet Labs is committed to maintaining the highest standards of privacy and security for Customer Confidential Information, including Personal Data. To ensure ongoing compliance and awareness, Keepnet Labs will provide regular privacy and security awareness training to its representatives who manage or have access to such information. This training program is designed to equip them with the necessary knowledge and skills to safeguard Customer Confidential Information effectively. By investing in education and training, Keepnet Labs aims to uphold the privacy and security of Customer data and maintain a culture of continuous improvement in this critical area.

SMS Sending Consent Policy

By utilizing our services, you grant consent to receive SMS communications from Keepnet Labs Ltd. These communications may encompass a range of purposes including, but not limited to, important updates, promotional offers, service-related announcements, transactional notifications, account-related alerts, SMS phishing simulations, and Multi-Factor Authentication (MFA) codes. Please be aware that standard messaging rates established by your mobile carrier plan may apply.

Your agreement to receive SMS communications is voluntary. You retain the right to opt out at any point by following the guidelines outlined below or by getting in touch with our customer support. However, please keep in mind that opting out might result in limited access to specific features or information offered by our services.

To Revoke SMS Consent

Should you wish to withdraw your consent for receiving SMS communications from Keepnet Labs Ltd, you can do so using either of the following methods:

Text STOP: Respond with "STOP" to any SMS received from us. This action will promptly exclude you from further SMS communications.

Customer Support: Reach out to our customer support team at support@keepnetlabs.com to indicate your preference for opting out of SMS communications. Our dedicated team will guide you through the process and address any queries you may have.

Kindly allow up to 48 hours for the processing of your opt-out request. It's important to note that even if you opt out of promotional SMS communications, you may continue to receive non-promotional messages such as transaction confirmations, account-related alerts, SMS phishing simulations, and MFA codes when applicable.

Respecting your privacy is of utmost importance to us, and we strive to provide clear avenues for you to manage your communication preferences. If you require any clarification or have concerns pertaining to our SMS sending consent policy or the opt-out procedure, please don't hesitate to get in touch with us. Your peace of mind is our priority.