Terms of Sale
Last updated [April 7, 2021]
AGREEMENT TO TERMS
The following Terms of Sale govern any services agreed between Vonahi Security and Customer. You agree that by accessing the vPenTest portal, you have read, understood, and agreed to be bound by all of these Terms of Sale. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF SALE, THEN YOU MUST DISCONTINUE USE IMMEDIATELY.
Services and Deliverables
The services to be performed by Vonahi Security or vPenTest (the "Services") and any deliverables to be provided by Vonahi Security (the "Deliverables") are those set forth in the DESCRIPTION OF SERVICES as described below.
Travel and expenses are not included in the estimate and will be billed as incurred. Vonahi Security will make every attempt to incur reasonable expenses associated with the implementation of the project. Valid expenses typically include parking, meals, lodging, photocopying, and communication costs. Travel costs include airfare, mileage (if a personal car is used), and automobile rental. In addition to fees, Vonahi Security will invoice for, and your organization agrees to pay, all reasonable travel and living expenses incurred by Vonahi Security personnel during the delivery of these services
Vonahi Security’s invoices for vPenTest are due and payable by Client in full immediately. If the invoice is not paid immediately, access to the vPenTest platform may not be granted or limited.
Unless otherwise expressly stated in the Customer's Service Order or Quote, invoices for all other Cybersecurity engagements are due within thirty (30) days from the invoice date. Invoices not paid within thirty (30) days from the invoice date will bear interest from the due date until paid at a rate of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law, whichever is less.
Warranties and Covenants
- Non-Infringement. Vonahi Security covenants that it will, and it will cause its employees, consultants and subcontractors ("Vonahi Security Personnel") to perform their responsibilities and provide Services and Deliverables in a manner that does not infringe or misappropriate any patent, trademark, copyright or trade secret right of any third party. Vonahi Security covenants that it will either own or otherwise have sufficient rights to license to Client all of the Deliverables furnished by Vonahi Security in connection with the Services. If any Service or Deliverable does not conform to the covenant set forth in this Section 4(a), Vonahi Security may procure the right for Client to continue to use the results of the Service or Deliverable, or may re-perform the Service or replace the Deliverable so that it is non-infringing and meets the original specifications. If the preceding remedies are not reasonably available, upon request by Client, Vonahi Security will refund the price paid for the infringing portion of the Services and refund the price paid for infringing Deliverables that are returned to Vonahi Security. Client covenants that it owns or otherwise has sufficient rights to furnish Vonahi Security all data and other information and materials furnished by Client to Vonahi Security in connection with the Services or Deliverables.
- Work Standards. Vonahi Security covenants that (i) it and the Vonahi Security Personnel performing Services have the necessary knowledge, skills, experience, qualifications, and resources to perform the Services in accordance with this Service Order, and (ii) the Services will be performed for and Deliverables provided to Client in a good, diligent and workmanlike manner in accordance with industry standards and applicable laws and governmental regulations. If any material portion of the Services or Deliverables do not conform to the forgoing covenants, and Client notifies Vonahi Security within thirty (30) days of completion of the Services and delivery of Deliverables, then Vonahi Security will work diligently to re-perform the nonconforming portion of the Services so that they conform and redeliver the nonconforming portion of the Deliverables so that they conform. If the preceding remedies are not fulfilled within a reasonable time, upon request by Client, Vonahi Security will refund the price paid for the nonconforming portion of the Services and refund the price paid for nonconforming Deliverables that are returned to Vonahi Security. Vonahi Security will not be responsible for nonconformities arising from inaccurate or incomplete data or information provided by Client, or for failures or delays caused by Client’s failure to perform its obligations under this Agreement.
- Client Cooperation. Client agrees to reasonably cooperate with Vonahi Security’s performance of Services. Client further agrees to take any and all actions reasonably necessary to enable Vonahi Security to perform the Services contemplated herein in an effective and efficient manner.
- Security and Safety. Vonahi Security covenants that it and Vonahi Security Personnel performing the Services, while present at the facilities of Client, will comply with the security and safety policies of Client that are provided to Vonahi Security.
Limitation of Liability
In no event will either party, or its suppliers, be liable to the other, whether in contract or in tort or under any other legal theory (including, without limitation, strict liability and negligence), for lost profits or revenues, loss of use or loss of data, or for any indirect, special, exemplary, punitive, multiple, incidental, consequential or similar damages, arising out of or in connection with the performance or non-performance of this Service Order, even if advised of the possibility of such damages. In no event will Vonahi Security’s liability under any claim made by Client exceed an amount equal to the total amount of fees actually paid by Client to Vonahi Security under this Service Order. Notwithstanding the above, however, in no event shall a party's liability be limited in amount of damages arising from (a) gross negligence or willful misconduct, or (b) breach of its confidentiality obligations under this Service Order. No action regarding the Services or Deliverables, regardless of form, may be brought more than one (1) year after the first to occur of either (a) the conclusion of Services and delivery of any Deliverables under this Service Order, or (b) such party's knowledge of the event giving rise to such cause of action. This limitation on actions does not apply to confidentiality obligations or the limited license of Section 7 regarding Deliverables.
Place of Performance
Scanning Duration Disclaimer
The amount of time it takes to perform, and complete scanning depends on the number of systems provided for targeting, bandwidth, available services, and the responsiveness of those services. If Vonahi Security's assumptions listed above cannot be met, there may be a negative impact on project duration or cost.
If there are deviations in scope, effort, or duration, a change order will be necessary and an addendum for additional effort will be created. All changes in scope or duration will be negotiated between Vonahi Security and Customer.
Ownership of Deliverables
Assumptions and Exclusions
Vonahi Security assumes that the scope of work presented in our Quotes to your organization will be conducted with the assistance and cooperation of your organization and its associated partners or providers to complete the assessment within the discussed time period.
- The work is to be performed consecutively until project completion. There will be no break in services other than weekends and/or Vonahi Security recognized holidays.
- Consultants consider all of your organization’s information and documentation as sensitive and confidential. As such, consultants will securely handle all data received by your organization in accordance with Vonahi Security’s Data Destruction Policy.
- Consultants will notify the point of contact at your organization of any delays in services as soon as possible in order to determine ways to manage any impact (e.g. cost, modifications, etc.).
- Deliverables will be presented to your organization for review and comments within two weeks or ten (10) business days within the completion of the project.
- Vonahi Security is not responsible for providing services or performing tasks not specifically set forth in the Quote or Statement of Work.
- Vonahi Security shall have no responsibility for other contractors or third parties engaged on the project unless expressly agreed to in writing.
- Your organization will provide a single point of contact within the organization to help Vonahi Security consultants coordinate access to the required project materials and personnel.
- Your organization will provide the necessary information to perform the requested services within a timely manner.
- Your organization will provide a safe working environment, including a workspace, telephone, and network (and Internet) access for the purpose of time entry, email, and project-related efforts.
- Your organization will provide any necessary building, parking, and/or machine room badges/passes for Vonahi Security consultants.
- Vonahi Security consultants will be reliant on your organization’s staff to complete identified tasks and participate in interviews where necessary. Your organization's inability to provide this staff may affect the completion of tasks and/or deliverables.
Data Retention & Destruction Policy
- Overview: Vonahi Security leverages the vPenTest platform to conduct security assessments on clients’ internal and external network environments. As a result, some data that we obtain may be deemed valuable or sensitive, although all collected data of such is obfuscated during transmission and storage. Vonahi Security has many security controls in place to protect Confidential Information or Personally Identifiable Information (PII).
- Scope: This policy applies to all Vonahi Security staff and the vPenTest platform.
- a) General: The storage, transmission, and processing of sensitive, valuable, or confidential data shall be controlled and managed according to security best practices. Data is collected by vPenTest during security assessments and transmitted back for reporting and evidence purposes. However, this data is parsed for sensitive/valuable data and is obfuscated so that the storage is obfuscated and encrypted.
- b) Data Destruction Procedures: All data in vPenTest is automatically purged from the system on a 60-day period, unless specifically requested or configured otherwise. After delivering security assessment deliverables, this data is automatically updated to extend for 60 days. Customers of the vPenTest platform have complete control to modify this automated process to purge data on a longer or shorter period.
Prior to the data being purged, customers of vPenTest receive an email notification indicating that the data will be purged within 24 hours, with a link also provided so that the customer can modify this date.
- Enforcement: Staff members found in policy violation may be subject to disciplinary action, up to and including termination.
Use of Name and Publicity
- Defined. "Confidential Information", as used in this Service Order, means all information proprietary to a party or any of its customers or suppliers that is marked as confidential or that due to its nature is known or in good faith should be known to be confidential. Confidential Information of Client will be deemed to include, without limitation, all data to which Vonahi Security obtains access by performing the Services and any Deliverable containing such data. Confidential Information of Vonahi Security will be deemed to include, without limitation, its methodologies, templates, report, policy and plan formats, Deliverables (except Client data), scripts and tools. The obligations of the party ("Receiving Party") which receives Confidential Information of the other party ("Disclosing Party") with respect to any particular portion of the Disclosing Party's Confidential Information shall not attach or shall terminate, as the case may be, when any of the following occurs (i) it was generally available to the public at the time of disclosure to the Receiving Party, (ii) it entered the public domain or became generally available to the public through no fault of the Receiving Party subsequent to the time of disclosure to the Receiving Party, (iii) it was or is furnished to the Receiving Party by a third parting having the right to furnish it with no obligation of confidentiality to the Disclosing Party, or (iv) it was independently developed by the Receiving Party by individuals not having access to the Confidential Information of the Disclosing Party.
- Obligations. The Receiving Party agrees not to disclose or use any Confidential Information of the Disclosing Party in violation of this Service Order and to use Confidential Information of the Disclosing Party solely for the purposes of this Service Order. Upon demand by the Disclosing Party, the Receiving Party shall return to the Disclosing Party all copies of the Disclosing Party's Confidential Information in the Receiving Party's possession or control and destroy all derivatives and other vestiges of the Disclosing Party's Confidential Information; provided that the Receiving Party may retain one archival copy solely for the purpose of administering its obligations under this Service Order; and provided further that Client may retain any Deliverables subject to the license of Section 7 and this Section 10.
- Need to Know. The Receiving Party may disclose Confidential Information of the Disclosing Party to its employees, officers, directors and representatives who have a reasonable need to know such Confidential Information for purposes of this Service Order. Disclosure of Confidential Information required by court or government order shall not constitute a violation of this provision provided the Disclosing Party has been given notice, if legally permitted, of such order by the Receiving Party.
- Systems. If a party is given access, whether on-site or through remote facilities, to any computer or electronic data storage system of the other, such access and use shall be limited solely to performance within the scope of this Service Order and the party provided access shall not knowingly access or attempt to access any computer system, electronic file, software or other electronic services other than those specifically required to fulfill its obligations under this Service Order. All user identification numbers and passwords shall be deemed to be Confidential Information.
- Ownership. All Confidential Information of the Disclosing Party shall remain the exclusive property of the Disclosing Party.
- Injunction. Both parties agree that violation of any provision of this Section would cause the Disclosing Party irreparable injury for which it would have no adequate remedy at law, and that the Disclosing Party will be entitled to immediate injunctive relief prohibiting such violation, in addition to any other rights and remedies available to it.
Non-solicitation and Contracting
Execution in Counterparts
In order to resolve a complaint regarding the Terms of Sale or to receive further information regarding use of the Vonahi Security's services, please contact us at:
260 Peachtree St NW
Atlanta, GA 30303