Terms of Sale
Last updated [July 15, 2021]
AGREEMENT TO TERMS
The following Terms of Sale govern any cyber security services agreed between Vonahi Security and Customer. You agree that by accessing the vPenTest portal, you have read, understood, and agreed to be bound by all of these Terms of Sale. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF SALE, THEN YOU MUST DISCONTINUE USE IMMEDIATELY.
If you are agreeing to these Terms for use of the Services by an organization, you are agreeing on behalf of that organization. You must have the authority to bind that organization to these terms, otherwise you must not sign up for the Services.
1. Overview of Services and Deliverables
vPenTest. Vonahi Security provides a platform that automates network penetration testing services that allow Customers to easily schedule an internal and external vulnerability scan and/or network penetration test through the vPenTest platform.
External Asset Testing. Vonahi Security will perform security testing against Customer's public IP addresses to identify any systems with security issues. These security issues can stem from configuration, authentication, as well as patching vulnerabilities. Activities include the following:
- User Profiling and Reputational Threats
- Informational Gathering
- Vulnerability Discovery and Validation
- Penetration Testing
- Information Gathering
- Vulnerability Discovery and Validation
- Controlled Penetration Testing
- Vulnerability Analysis – Vulnerabilities are identified through automated testing and scanning. The vulnerability scan process will identify security weaknesses that are present on the surface of the external network environment. The vulnerabilities identified could pertain to many potential security weaknesses, including, but not limited to authentication, patching, and configuration weaknesses, as well as issues that could lead unauthorized access of sensitive data and/or systems.
2. SOFTWARE LICENSES
2.2 Evaluation Licenses. If Customer’s license is for a trial or evaluation only, then the Subscription Term shall be thirty days, or the trial or evaluation term specified on the Order Form. Customer may not utilize the same software for more than one trial or evaluation term in any twelve- month period, unless otherwise agreed to by Vonahi. Vonahi may revoke Customer’s evaluation or trial license at any time and for any reason. Sections 4 (Limited Warranty) and 9.1 (Indemnification) shall not be applicable to any evaluation or trial license.
2.3 Use by Affiliates. Subject to the Volume Limitations, Customer may make the Software available to its Affiliates under these terms, provided that Customer is liable for any breach of this Agreement by any of its Affiliates. “Affiliate(s)” means any entity now existing that is directly or indirectly controlled by Customer. For purposes of this definition “control” means the direct possession of a majority of the outstanding voting securities of an entity.
2.4 Delivery and Copies. Delivery shall be deemed to have been made upon Vonahi providing instructions to download or activate the Software, as applicable. Notwithstanding anything to the contrary herein, Customer may make a reasonable number of copies of the Software for the sole purpose of backing-up and archiving the Software. Each copy of the Software is subject to this Agreement and must contain the same titles, trademarks, and copyright notices as the original.
2.5 Restrictions. The Software may only be used for the purposes of good-faith testing, investigation, and/or correction of security flaws, exposures, or vulnerabilities in order to advance the security or safety of devices, machines, or networks of those who use such devices, machines, or networks. Except as may be expressly permitted by applicable law, Customer will not, and will not permit or authorize third parties to: (i) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, create derivative works of the Software, or merge the Software into another program; (ii) resell, rent, lease, or sublicense the Software or access to it, including use of the Software for timesharing or service bureau purposes; (iii) circumvent or disable any security or technological features or measures in the Software; nor (iv) use the Software in order to build a competitive product or service, for competitive analysis, or to copy any ideas, features, functions, or graphics of the Software. If Customer identifies a vulnerability in the Software, all information and analysis regarding the vulnerability must be disclosed to Vonahi.
2.6 Ownership of Software. Vonahi retains all right, title, and interest in and to the Documentation, Software, Content Updates and in all copies, modifications and derivative works thereto including, without limitation, all rights to patent, copyright, trade secret, trademark, and other proprietary or intellectual property rights.
2.7 Customer Systems. Customer represents and warrants that it has the appropriate authorizations from the owner of the networks, systems, IP addresses, assets, and/or hardware on which it deploys the Software, or which it targets, scans, monitors, or tests with the Software.
2.8 Customer Data. Customer retains ownership of all right, title, and interest in and to all Customer Data, and Customer is solely responsible for all Customer Data. Vonahi does not guarantee the accuracy, integrity, or quality of such Customer Data. Except as provided in this Agreement, Customer shall be solely responsible for providing, updating, uploading, and maintaining all Customer Data. Vonahi may use Customer Data solely as necessary to: (i) provide the Service to Customer; (ii) in anonymized and aggregated form, generate statistics and produce reports; and (iii) collect metadata about feature usage in order to continue to improve the development and delivery of the Service.
2.9 Customer Obligations. Customer shall not: (i) upload or otherwise transmit, display, or distribute any Customer Data to the Service that infringes any trademark, trade secret, copyright or other proprietary or intellectual property rights of any person; (ii) upload or otherwise transmit to the Service any material that contains software viruses or any other computer code, files, or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; or (iii) interfere with or disrupt the Service.
Travel and expenses are not included in the estimate and will be billed as incurred. Vonahi Security will make every attempt to incur reasonable expenses associated with the implementation of the project. Valid expenses typically include parking, meals, lodging, photocopying, and communication costs. Travel costs include airfare, mileage (if a personal car is used), and automobile rental. In addition to fees, Vonahi Security will invoice for, and your organization agrees to pay, all reasonable travel and living expenses incurred by Vonahi Security personnel during the delivery of these services
4. Special Considerations
5.1 Subscription Plan. The prices, features, and options of the vPenTest platform depend on the Subscription Plan selected by Customer (including any usage or overage fees). Vonahi Security does not guarantee that your particular Subscription Plan will be offered indefinitely. We reserve the right to change the prices, features, or options included in a particular Subscription Plan without notice, provided that such changes shall not take effect until your next applicable subscription term. vPenTest subsscriptions must be paid by Customer before full access to the vPenTest platform is granted.
5.2 Recurring Charges and Upgrades. By signing up for a Subscription Plan, Customer authorizes Vonahi Security to charge Customer’s payment method on a recurring basis (e.g. monthly, quarterly, or yearly depending on Customer’s Subscription Plan) without an invoice. Customer expressly authorizes Vonahi Security to charge its payment method (such as a credit card) for the applicable subscription charges, any usage or overage charges, and any and all applicable taxes and fees. Such authorization is effective until the end of the Subscription Term and any applicable Renewal Term, or until Customer cancels all of its subscriptions.
5.3 Subscription Term. Customer agrees to pay applicable fees for the entire Subscription Term and cannot cancel or terminate a Subscription Term. The subscription starts when Customer first obtains access and sign up for a subscription in the vPenTest portal. Each Subscription Term will automatically renew for additional successive periods equal to the initial subscription (e.g. if Customer has an annual plan then the subscription will renewal for an additional 12 month term) unless either party gives written notice of non-renewal at least thirty (30) days before the end of the then-current Subscription Term. Pricing for any Subscription Term renewal, new order form, or order form changes will be at Vonahi Security’s then-applicable rates.
5.4 Auto-renewals. BY DEFAULT, YOUR ACCOUNT IS SET TO AUTO-RENEW AND IF YOU HAVE PROVIDED A METHOD OF PAYMENT TO VONAHI SECURITY FOR VPENTEST, VONAHI SECURITY MAY CHARGE YOU AUTOMATICALLY AT THE END OF YOUR SUBSCRIPTION FOR THE RENEWAL, UNLESS YOU NOTIFY VONAHI SECURITY WITHIN 30 DAYS THAT YOU WANT TO CANCEL YOUR SUBSCRIPTION.
5.5 No Refunds. Subscription and usage or overage fees (and any other fees associated with the services, including higher subscription fees for upgrades) are non-refundable and non-creditable, except where required by law. vPenTest subscriptions may be cancelled, and such cancellations take effect at the end of your then-current subscription term (for example, whether you are paying monthly or annually, your cancellation will take effect when your annual subscription expires). Once your cancellation is effective, you will lose subscription features and functionality. If you don’t pay for your subscription(s) on time, we reserve the right to suspend you or remove subscription features.
5.6 Taxes. Vonahi Security’s fees are exclusive of all taxes, and Customer must pay any applicable sales, use, VAT, GST, excise, withholding, or similar taxes or levies, whether domestic or foreign, other than taxes based on the income of Vonahi Security. Customer will not deduct any applicable taxes from the payments to Vonahi Security, except as required by law. If such deduction is required by law, Customer will increase the amount payable as necessary so that after making all required deductions and withholdings, Vonahi Security receives and retains (free from any such liabilities) an amount equal to the amount it would have received had no such deductions or withholdings been made.
5.7 Other Cyber Security Services. Unless otherwise expressly stated in the Customer's Service Order or Quote, invoices for all other Cybersecurity engagements are due within thirty (30) days from the invoice date. Invoices not paid within thirty (30) days from the invoice date will bear interest from the due date until paid at a rate of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law, whichever is less.
6. LIMITED WARRANTY
6.2 Disclaimer. VONAHI DOES NOT REPRESENT THAT THE SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE, OR WILL MEET CUSTOMER’S REQUIREMENTS. EXCEPT FOR THE WARRANTY ABOVE, VONAHI MAKES NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. VONAHI MAKES NO WARRANTY THAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED BY USE OF THE SOFTWARE OR THAT FALSE POSITIVES WILL NOT BE FOUND.
7. LIMITATION OF LIABILITY
7.2 Limitation on Amount of Liability. NEITHER PARTY MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE AMOUNT PAID OR PAYABLE BY CUSTOMER TO VONAHI HEREUNDER DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY.
7.3 Exceptions to Limitations. The limitations of liability in Section 7.2 apply to the fullest extent permitted by applicable law, except that there is no limitation on loss, claims, or damages directly arising out of violations of: (i) a party's intellectual property rights by the other party; (ii) use of the Software in excess of the Volume Limitations; or (iii) a party’s indemnification obligations.
8. AVAILABILITY; DOWNTIME; SUPPORT
9. VOLUME LIMITATIONS
9.2 Overscanning. In the event that usage verification reveals the Software is being used in excess of the Volume Limitations, following a reasonable notification period Customer shall be liable for, and Vonahi reserves the right to invoice Customer for, the fees for such excess usage at Vonahi’s then current list rates, or as otherwise set forth on the Order Form, notwithstanding the limitation on liability in Section 7.2 of this Agreement.
10. TERM & TERMINATION
10.2 Suspension of Service.
- (a) Customer agrees that Vonahi may suspend Customer’s access to the Service upon notice (which may be made by email or telephone) if Vonahi reasonably concludes that Customer is using the Service to engage in illegal activity, and/or Customer’s use of the Service is causing immediate, material and ongoing harm to others. In the event that Vonahi suspends Customer’s access to the Service, Vonahi will use commercially reasonable efforts to limit the suspension to the offending portion of the Service and work with Customer to resolve the issues requiring the suspension of Service. Customer agrees that Vonahi shall not be liable to Customer nor to any third party for any suspension of the Service under this Section 10.2.
- (b) In addition to the foregoing, Vonahi also reserves the right to suspend Customer’s access to the Service upon notification, without having to terminate this Agreement or any Order Form, if Customer is more than thirty days late with respect to any payments due hereunder. Upon such suspension, Customer shall still be liable for all payments that have accrued prior to the date of suspension and that will accrue throughout the remainder of the Subscription Term. Vonahi will not be obligated to restore access to the Service until Customer has paid all fees owed to Vonahi.
10.4 Effect of Termination. Effect of Termination. Upon any termination or expiration of this Agreement or any applicable Order Form, Vonahi shall no longer provide the applicable Service to Customer and Customer must cease using the Service and send no further Customer Data to Vonahi. Termination of this Agreement or an Order Form shall not relieve Customer of its obligation to pay all fees that have accrued or have become payable by Customer hereunder. Customer agrees that following termination of Customer’s account and/or use of the Service, Vonahi may immediately deactivate Customer’s account and that following a reasonable period not to exceed 90 days, shall be entitled to delete Customer’s account and all Customer Data from the Service.
11. Warranties and Covenants
11.2 Work Standards. Vonahi Security covenants that (i) it and the Vonahi Security Personnel performing Services have the necessary knowledge, skills, experience, qualifications, and resources to perform the Services in accordance with this Service Order, and (ii) the Services will be performed for and Deliverables provided to Client in a good, diligent and workmanlike manner in accordance with industry standards and applicable laws and governmental regulations. If any material portion of the Services or Deliverables do not conform to the forgoing covenants, and Client notifies Vonahi Security within thirty (30) days of completion of the Services and delivery of Deliverables, then Vonahi Security will work diligently to re-perform the nonconforming portion of the Services so that they conform and redeliver the nonconforming portion of the Deliverables so that they conform. If the preceding remedies are not fulfilled within a reasonable time, upon request by Client, Vonahi Security will refund the price paid for the nonconforming portion of the Services and refund the price paid for nonconforming Deliverables that are returned to Vonahi Security. Vonahi Security will not be responsible for nonconformities arising from inaccurate or incomplete data or information provided by Client, or for failures or delays caused by Client’s failure to perform its obligations under this Agreement.
11.3 Client Cooperation. Client agrees to reasonably cooperate with Vonahi Security’s performance of Services. Client further agrees to take any and all actions reasonably necessary to enable Vonahi Security to perform the Services contemplated herein in an effective and efficient manner.
11.4 Security and Safety. Vonahi Security covenants that it and Vonahi Security Personnel performing the Services, while present at the facilities of Client, will comply with the security and safety policies of Client that are provided to Vonahi Security.
11.5 Place of Performance. The Services to be performed pursuant to this Service Order may be rendered at Client's, Vonahi Security's, or subcontractor's facilities or at other suitable locations mutually agreed by Vonahi Security and Client.
12. Scanning Duration Disclaimer
The amount of time it takes to perform, and complete scanning depends on the number of systems provided for targeting, bandwidth, available services, and the responsiveness of those services. If Vonahi Security's assumptions listed above cannot be met, there may be a negative impact on project duration or cost.
If there are deviations in scope, effort, or duration, a change order will be necessary and an addendum for additional effort will be created. All changes in scope or duration will be negotiated between Vonahi Security and Customer.
13. Ownership of Deliverables
14. Assumptions and Exclusions
Vonahi Security assumes that the scope of work presented in our Quotes to your organization will be conducted with the assistance and cooperation of your organization and its associated partners or providers to complete the assessment within the discussed time period.
- The work is to be performed consecutively until project completion. There will be no break in services other than weekends and/or Vonahi Security recognized holidays.
- Consultants consider all of your organization’s information and documentation as sensitive and confidential. As such, consultants will securely handle all data received by your organization in accordance with Vonahi Security’s Data Destruction Policy.
- Consultants will notify the point of contact at your organization of any delays in services as soon as possible in order to determine ways to manage any impact (e.g. cost, modifications, etc.).
- Deliverables will be presented to your organization for review and comments within two weeks or ten (10) business days within the completion of the project.
- Vonahi Security is not responsible for providing services or performing tasks not specifically set forth in the Quote or Statement of Work.
- Vonahi Security shall have no responsibility for other contractors or third parties engaged on the project unless expressly agreed to in writing.
- Your organization will provide a single point of contact within the organization to help Vonahi Security consultants coordinate access to the required project materials and personnel.
- Your organization will provide the necessary information to perform the requested services within a timely manner.
- Your organization will provide a safe working environment, including a workspace, telephone, and network (and Internet) access for the purpose of time entry, email, and project-related efforts.
- Your organization will provide any necessary building, parking, and/or machine room badges/passes for Vonahi Security consultants.
- Vonahi Security consultants will be reliant on your organization’s staff to complete identified tasks and participate in interviews where necessary. Your organization's inability to provide this staff may affect the completion of tasks and/or deliverables.
15. Data Retention & Destruction Policy
15.2 Scope: This policy applies to all Vonahi Security staff and the vPenTest platform.
- a) General: The storage, transmission, and processing of sensitive, valuable, or confidential data shall be controlled and managed according to security best practices. Data is collected by vPenTest during security assessments and transmitted back for reporting and evidence purposes. However, this data is parsed for sensitive/valuable data and is obfuscated so that the storage is obfuscated and encrypted.
- b) Data Destruction Procedures: All data in vPenTest is automatically purged from the system on a 60-day period, unless specifically requested or configured otherwise. After delivering security assessment deliverables, this data is automatically updated to extend for 60 days. Customers of the vPenTest platform have complete control to modify this automated process to purge data on a longer or shorter period.
Prior to the data being purged, customers of vPenTest receive an email notification indicating that the data will be purged within 24 hours, with a link also provided so that the customer can modify this date.
16. Cancellation Policy
17. Confidential Information
17.2 Obligations. The Receiving Party agrees not to disclose or use any Confidential Information of the Disclosing Party in violation of this Service Order and to use Confidential Information of the Disclosing Party solely for the purposes of this Service Order. Upon demand by the Disclosing Party, the Receiving Party shall return to the Disclosing Party all copies of the Disclosing Party's Confidential Information in the Receiving Party's possession or control and destroy all derivatives and other vestiges of the Disclosing Party's Confidential Information; provided that the Receiving Party may retain one archival copy solely for the purpose of administering its obligations under this Service Order; and provided further that Client may retain any Deliverables subject to the license of Section 7 and this Section 10.
17.3 Need to Know. The Receiving Party may disclose Confidential Information of the Disclosing Party to its employees, officers, directors and representatives who have a reasonable need to know such Confidential Information for purposes of this Service Order. Disclosure of Confidential Information required by court or government order shall not constitute a violation of this provision provided the Disclosing Party has been given notice, if legally permitted, of such order by the Receiving Party.
17.4 Systems. If a party is given access, whether on-site or through remote facilities, to any computer or electronic data storage system of the other, such access and use shall be limited solely to performance within the scope of this Service Order and the party provided access shall not knowingly access or attempt to access any computer system, electronic file, software or other electronic services other than those specifically required to fulfill its obligations under this Service Order. All user identification numbers and passwords shall be deemed to be Confidential Information.
- Ownership. All Confidential Information of the Disclosing Party shall remain the exclusive property of the Disclosing Party.
- Injunction. Both parties agree that violation of any provision of this Section would cause the Disclosing Party irreparable injury for which it would have no adequate remedy at law, and that the Disclosing Party will be entitled to immediate injunctive relief prohibiting such violation, in addition to any other rights and remedies available to it.
18. Non-solicitation and Contracting
20. Execution in Counterparts
21. GENERAL PROVISIONS
21.2 Export. Each party acknowledges that the export, re-export, deemed export, and import of the Software and Documentation by Customer and Vonahi is subject to certain laws, rules, executive orders, directives, arrangements, and regulations of the United States and of other countries. Each party agrees to comply with all applicable laws with respect to the exportation, importation, and use of the Software and Documentation.
21.3 Data Privacy. Customer represents and warrants that Customer has obtained all necessary rights to permit Vonahi to process Customer Data from and about Customer, including, without limitation, data from endpoints, servers, cloud applications, and logs.
21.4 Data Security. Vonahi shall implement appropriate technical and organizational measures to protect Customer Data from accidental or unlawful destruction, loss, or alteration, unauthorized disclosure of or access to Customer Data. Such measures may include, as appropriate (a) the encryption of Customer Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services; (c) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of Customer Data.
21.6 Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the parties agree that, in addition to any other remedy to which the non-breaching party may be entitled hereunder, at law or equity, the disclosing party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.
21.7 Relationship of the Parties. Vonahi and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties or representations or assume or create any obligations, express or implied, in the other party’s name or on its behalf.
21.8 US Government Restricted Rights. This Section applies to all acquisitions of the Software or Services by or for the US federal government, or by any prime contractor or subcontractor (at any tier) under any contract, grant, cooperative agreement, or other activity with the federal government for the Government’s end use. The Software and Services are “commercial items” as that term is defined at FAR 2.101. If Customer is an Executive Agency (as defined in FAR 2.101) of the U.S. Federal Government (“Government”), Vonahi provides the Software and Services, including any related technical data and/or professional services in accordance with the following: If a right to access the Software and Services is procured by or on behalf of any Executive Agency (other than an Executive Agency within the Department of Defense (DoD)), the Government is granted, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to Vonahi’s customers as such rights are described in this Agreement. If a right to access the Software and Services is procured by or on behalf of any Executive Agency within the DoD, the Government is granted, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software that are customarily provided to Vonahi’s customers as such rights are described in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data provided by Vonahi to an Executive Agency within the DoD. Note, however, that Subpart 227.72 does not apply to computer software or computer Service documentation acquired under GSA schedule contracts. Except as expressly permitted under this Agreement, no other rights or licenses are granted to the Government. Any rights requested by the Government and not granted under this Agreement must be separately agreed in writing with Vonahi. This Section 21.6 of the Agreement is in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in the Software and Services.
21.9 Force Majeure. Other than payment obligations hereunder, neither party will be liable for any inadequate performance to the extent caused by a condition that was beyond the party's reasonable control (including, but not limited to, natural disaster, act of war or terrorism, riot, global health crisis, acts of God, or government intervention), except for mere economic hardship, so long as the party continues to use commercially reasonable efforts to resume performance.
21.10 No Reliance. Customer represents that it has not relied on the availability of any future version of the Software or any future product or service in executing this Agreement or purchasing any Software hereunder.
21.11 Notices. Unless specified otherwise herein, (i) all notices must be in writing and addressed to the attention of the other party's legal department and primary point of contact, and (ii) notice will be deemed given: (a) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (b) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices must be sent to Vonahi at firstname.lastname@example.org.
21.12 Publicity. Customer acknowledges that Vonahi may use Customer’s name and logo for the purpose of identifying Customer as a customer of Vonahi products and/or services. Vonahi will cease using the customer’s name and logo upon written request.
21.13 Compliance with Law. Each party agrees to comply with all federal, state and local laws and regulations including but not limited to export law, and those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.
The General Terms and Conditions govern this Agreement between Vonahi Security and Customer. Express provisions of the variable portions (above) of this Agreement control any conflicting standard provisions of these General Terms and Conditions, and any conflicting provisions of any Proposal. By Signing below, you represent and warrant that you are a duly authorized representative of Customer, and that you are authorized to and hereby do sign below, on its behalf, to indicate its agreement with and bind it to the terms of this contract.
In order to resolve a complaint regarding the Terms of Sale or to receive further information regarding use of the Vonahi Security's services, please contact us at:
260 Peachtree St NW
Atlanta, GA 30303