Terms of Sale

Last updated [July 15, 2021]

AGREEMENT TO TERMS

The following Terms of Sale govern any cyber security services agreed between Vonahi Security and Customer. You agree that by accessing the vPenTest portal, you have read, understood, and agreed to be bound by all of these Terms of Sale. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF SALE, THEN YOU MUST DISCONTINUE USE IMMEDIATELY.

Please note that we may modify these Terms as further described in the amendments section below, so you should make sure to check this page from time to time. Our Privacy Policy explains how we collect and use your information and our General Terms of Use outlines your responsibilities when using our Services. By using our Services, you’re agreeing to be bound by these Terms, our Privacy Policy, our General Terms of Use, and Terms of Sale.

If you are agreeing to these Terms for use of the Services by an organization, you are agreeing on behalf of that organization. You must have the authority to bind that organization to these terms, otherwise you must not sign up for the Services.

1. Overview of Services and Deliverables

The services to be performed by Vonahi Security or vPenTest (the "Services") and any deliverables to be provided by Vonahi Security (the "Deliverables") are those set forth in the DESCRIPTION OF SERVICES as described below. 

vPenTest. Vonahi Security provides a platform that automates network penetration testing services that allow Customers to easily schedule an internal and external vulnerability scan and/or network penetration test through the vPenTest platform.

External Asset Testing. Vonahi Security will perform security testing against Customer's public IP addresses to identify any systems with security issues. These security issues can stem from configuration, authentication, as well as patching vulnerabilities. Activities include the following:

  • User Profiling and Reputational Threats
  • Informational Gathering
  • Vulnerability Discovery and Validation
  • Manual Penetration Testing
Internal Asset Testing. Vonahi Security will perform security testing against Customer's internal IP addresses to identify any systems with security issues. These security issues can stem from configuration, authentication, as well as patching vulnerabilities. Activities include the following:

  • Information Gathering
  • Vulnerability Discovery and Validation
  • Controlled Penetration Testing
Vulnerability Scanning. The vulnerability scanning process consists of an automated vulnerability scanner testing the organization’s network environment for security threats that are present and immediately visible from a network perspective. A vulnerability scan does not attempt to simulate the actions of a malicious attacker (e.g. penetration test) and only identifies security weaknesses that are directly visible. The following components are included as part of a vulnerability assessment.

  • Vulnerability Analysis – Vulnerabilities are identified through automated testing and scanning. The vulnerability scan process will identify security weaknesses that are present on the surface of the external network environment. The vulnerabilities identified could pertain to many potential security weaknesses, including, but not limited to authentication, patching, and configuration weaknesses, as well as issues that could lead unauthorized access of sensitive data and/or systems.

2. SOFTWARE LICENSES

2.1 License to Products. Vonahi hereby grants to Customer, during the applicable Subscription Term only, a non-exclusive, non-transferable license to use the Software (in object code only) listed on the Order Form within the Volume Limitations, for Customer’s internal business purposes only, and solely in accordance with the applicable Documentation. The Software shall not be used on or for any third party unless otherwise stated below. The following license provisions shall also apply if Customer is purchasing Vonahi MSSP solution: The Vonahi MSSP license allows Customer to scan assets of third parties, provided that such third party has authorized Customer to perform such scan.

2.2 Evaluation Licenses. If Customer’s license is for a trial or evaluation only, then the Subscription Term shall be thirty days, or the trial or evaluation term specified on the Order Form. Customer may not utilize the same software for more than one trial or evaluation term in any twelve- month period, unless otherwise agreed to by Vonahi. Vonahi may revoke Customer’s evaluation or trial license at any time and for any reason. Sections 4 (Limited Warranty) and 9.1 (Indemnification) shall not be applicable to any evaluation or trial license.

2.3 Use by Affiliates. Subject to the Volume Limitations, Customer may make the Software available to its Affiliates under these terms, provided that Customer is liable for any breach of this Agreement by any of its Affiliates. “Affiliate(s)” means any entity now existing that is directly or indirectly controlled by Customer. For purposes of this definition “control” means the direct possession of a majority of the outstanding voting securities of an entity.

2.4 Delivery and Copies.
Delivery shall be deemed to have been made upon Vonahi providing instructions to download or activate the Software, as applicable. Notwithstanding anything to the contrary herein, Customer may make a reasonable number of copies of the Software for the sole purpose of backing-up and archiving the Software. Each copy of the Software is subject to this Agreement and must contain the same titles, trademarks, and copyright notices as the original.

2.5 Restrictions. The Software may only be used for the purposes of good-faith testing, investigation, and/or correction of security flaws, exposures, or vulnerabilities in order to advance the security or safety of devices, machines, or networks of those who use such devices, machines, or networks. Except as may be expressly permitted by applicable law, Customer will not, and will not permit or authorize third parties to: (i) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, create derivative works of the Software, or merge the Software into another program; (ii) resell, rent, lease, or sublicense the Software or access to it, including use of the Software for timesharing or service bureau purposes; (iii) circumvent or disable any security or technological features or measures in the Software; nor (iv) use the Software in order to build a competitive product or service, for competitive analysis, or to copy any ideas, features, functions, or graphics of the Software. If Customer identifies a vulnerability in the Software, all information and analysis regarding the vulnerability must be disclosed to Vonahi.

2.6 Ownership of Software. Vonahi retains all right, title, and interest in and to the Documentation, Software, Content Updates and in all copies, modifications and derivative works thereto including, without limitation, all rights to patent, copyright, trade secret, trademark, and other proprietary or intellectual property rights.

2.7 Customer Systems. Customer represents and warrants that it has the appropriate authorizations from the owner of the networks, systems, IP addresses, assets, and/or hardware on which it deploys the Software, or which it targets, scans, monitors, or tests with the Software.

2.8 Customer Data. Customer retains ownership of all right, title, and interest in and to all Customer Data, and Customer is solely responsible for all Customer Data. Vonahi does not guarantee the accuracy, integrity, or quality of such Customer Data. Except as provided in this Agreement, Customer shall be solely responsible for providing, updating, uploading, and maintaining all Customer Data. Vonahi may use Customer Data solely as necessary to: (i) provide the Service to Customer; (ii) in anonymized and aggregated form, generate statistics and produce reports; and (iii) collect metadata about feature usage in order to continue to improve the development and delivery of the Service.

2.9 Customer Obligations. Customer shall not: (i) upload or otherwise transmit, display, or distribute any Customer Data to the Service that infringes any trademark, trade secret, copyright or other proprietary or intellectual property rights of any person; (ii) upload or otherwise transmit to the Service any material that contains software viruses or any other computer code, files, or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; or (iii) interfere with or disrupt the Service.

3. Fees/Expenses/Taxes

Client agrees to pay Vonahi Security for Services pursuant to the Service Order at Vonahi Security's hourly billing rates or fee stated in this Service Order, plus materials stated on any bill of materials that is part of the Service Order. If any rates, fees or materials prices are not expressly stated, then Vonahi Security’s general hourly billing rates in effect at the time plus list price for materials will apply. Client further agrees to reimburse Vonahi Security for reasonable travel and living expenses incurred by Vonahi Security in connection with the performance of Services. Expenses are subject to Vonahi Security Travel Policy, available upon request. Client will pay or reimburse to Vonahi Security if invoiced by Vonahi Security all sales, service and value added taxes, and any other tax of any kind whatsoever (other than tax imposed upon the income or profits of Vonahi Security or any franchise tax imposed on Vonahi Security).

Travel and expenses are not included in the estimate and will be billed as incurred. Vonahi Security will make every attempt to incur reasonable expenses associated with the implementation of the project. Valid expenses typically include parking, meals, lodging, photocopying, and communication costs. Travel costs include airfare, mileage (if a personal car is used), and automobile rental. In addition to fees, Vonahi Security will invoice for, and your organization agrees to pay, all reasonable travel and living expenses incurred by Vonahi Security personnel during the delivery of these services

4. Special Considerations

It is Vonahi Security’s assumption that there are no requirements for a security clearance for the tasks contained in our quotes to customers. If a security clearance or other special staffing consideration is necessary, please notify Vonahi Security as quickly as possible.

5. Payment

5.1 Subscription Plan. The prices, features, and options of the vPenTest platform depend on the Subscription Plan selected by Customer (including any usage or overage fees). Vonahi Security does not guarantee that your particular Subscription Plan will be offered indefinitely. We reserve the right to change the prices, features, or options included in a particular Subscription Plan without notice, provided that such changes shall not take effect until your next applicable subscription term. vPenTest subsscriptions must be paid by Customer before full access to the vPenTest platform is granted.

5.2 Recurring Charges and Upgrades. By signing up for a Subscription Plan, Customer authorizes Vonahi Security to charge Customer’s payment method on a recurring basis (e.g. monthly, quarterly, or yearly depending on Customer’s Subscription Plan) without an invoice. Customer expressly authorizes Vonahi Security to charge its payment method (such as a credit card) for the applicable subscription charges, any usage or overage charges, and any and all applicable taxes and fees. Such authorization is effective until the end of the Subscription Term and any applicable Renewal Term, or until Customer cancels all of its subscriptions.

5.3 Subscription Term. Customer agrees to pay applicable fees for the entire Subscription Term and cannot cancel or terminate a Subscription Term. The subscription starts when Customer first obtains access and sign up for a subscription in the vPenTest portal. Each Subscription Term will automatically renew for additional successive periods equal to the initial subscription (e.g. if Customer has an annual plan then the subscription will renewal for an additional 12 month term) unless either party gives written notice of non-renewal at least thirty (30) days before the end of the then-current Subscription Term. Pricing for any Subscription Term renewal, new order form, or order form changes will be at Vonahi Security’s then-applicable rates.

5.4 Auto-renewals. BY DEFAULT, YOUR ACCOUNT IS SET TO AUTO-RENEW AND IF YOU HAVE PROVIDED A METHOD OF PAYMENT TO VONAHI SECURITY FOR VPENTEST, VONAHI SECURITY MAY CHARGE YOU AUTOMATICALLY AT THE END OF YOUR SUBSCRIPTION FOR THE RENEWAL, UNLESS YOU NOTIFY VONAHI SECURITY WITHIN 30 DAYS THAT YOU WANT TO CANCEL YOUR SUBSCRIPTION.


5.5 No Refunds. Subscription and usage or overage fees (and any other fees associated with the services, including higher subscription fees for upgrades) are non-refundable and non-creditable, except where required by law. vPenTest subscriptions may be cancelled, and such cancellations take effect at the end of your then-current subscription term (for example, whether you are paying monthly or annually, your cancellation will take effect when your annual subscription expires). Once your cancellation is effective, you will lose subscription features and functionality. If you don’t pay for your subscription(s) on time, we reserve the right to suspend you or remove subscription features.

5.6 Taxes. Vonahi Security’s fees are exclusive of all taxes, and Customer must pay any applicable sales, use, VAT, GST, excise, withholding, or similar taxes or levies, whether domestic or foreign, other than taxes based on the income of Vonahi Security. Customer will not deduct any applicable taxes from the payments to Vonahi Security, except as required by law. If such deduction is required by law, Customer will increase the amount payable as necessary so that after making all required deductions and withholdings, Vonahi Security receives and retains (free from any such liabilities) an amount equal to the amount it would have received had no such deductions or withholdings been made.

5.7 Other Cyber Security Services. Unless otherwise expressly stated in the Customer's Service Order or Quote, invoices for all other Cybersecurity engagements are due within thirty (30) days from the invoice date. Invoices not paid within thirty (30) days from the invoice date will bear interest from the due date until paid at a rate of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law, whichever is less.

6. LIMITED WARRANTY

6.1 Software Warranty. Vonahi warrants that for a period of ninety days following the initial delivery of any Software to Customer the Software will conform, in all material respects, with the applicable Documentation. Vonahi makes no warranty regarding third party features or services. For a breach of the above warranty, Vonahi will, at no additional cost to Customer, use commercially reasonable efforts to provide remedial services necessary to enable the Software to conform to the warranty. If Vonahi is unable to restore such functionality, Customer shall be entitled to terminate the applicable Order Form and receive a pro rata refund of the fees paid. Customer will provide Vonahi with a reasonable opportunity to remedy any breach and reasonable assistance in remedying any defects. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranty.

6.2 Disclaimer. VONAHI DOES NOT REPRESENT THAT THE SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE, OR WILL MEET CUSTOMER’S REQUIREMENTS. EXCEPT FOR THE WARRANTY ABOVE, VONAHI MAKES NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS. VONAHI MAKES NO WARRANTY THAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED BY USE OF THE SOFTWARE OR THAT FALSE POSITIVES WILL NOT BE FOUND.

7. LIMITATION OF LIABILITY

7.1 Limitation on Indirect Liability. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE.

7.2 Limitation on Amount of Liability. NEITHER PARTY MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE AMOUNT PAID OR PAYABLE BY CUSTOMER TO VONAHI HEREUNDER DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY.

7.3 Exceptions to Limitations. The limitations of liability in Section 7.2 apply to the fullest extent permitted by applicable law, except that there is no limitation on loss, claims, or damages directly arising out of violations of: (i) a party's intellectual property rights by the other party; (ii) use of the Software in excess of the Volume Limitations; or (iii) a party’s indemnification obligations.

8. AVAILABILITY; DOWNTIME; SUPPORT

8.1 Downtime. Subject to this Agreement, Vonahi shall use commercially reasonable efforts to provide the Service twenty-four hours a day, seven days a week throughout the Subscription Term. Customer agrees that from time to time the Service may be inaccessible or inoperable for various reasons, including: (i) equipment malfunctions; (ii) periodic maintenance procedures or repairs which Vonahi may undertake from time to time; or (iii) causes beyond the control of Vonahi or which are not reasonably foreseeable by Vonahi, including interruption or failure of telecommunication or digital transmission links, hostile network attacks or network congestion, or other failures (collectively “Downtime”). Vonahi shall use commercially reasonable efforts to provide twenty-four hour advance notice to Customer in the event of any scheduled Downtime. Vonahi shall have no obligation during performance of such operations to mirror Customer Data or to transfer Customer Data. Vonahi shall use commercially reasonable efforts to minimize any disruption, inaccessibility, and/or inoperability of the Service in connection with Downtime, whether scheduled or not.

9. VOLUME LIMITATIONS

9.1 Usage Verification. Customer understands and acknowledges that the Software may track and/or enforce its Volume Limitations. Additionally, upon Vonahi’s written request, such request not to exceed once every six months, Customer shall provide Vonahi with a signed certification verifying that the Software is being used in accordance with this Agreement. In addition to the foregoing, at Vonahi’s written request, Customer will permit Vonahi to review and verify Customer’s records, deployment, and use of the Software for compliance with the terms and conditions of this Agreement, at Vonahi’s expense. Any such review shall be scheduled at least ten days in advance, shall be conducted during normal business hours at Customer’s facilities, and shall not unreasonably interfere with Customer’s business activities.

9.2 Overscanning. In the event that usage verification reveals the Software is being used in excess of the Volume Limitations, following a reasonable notification period Customer shall be liable for, and Vonahi reserves the right to invoice Customer for, the fees for such excess usage at Vonahi’s then current list rates, or as otherwise set forth on the Order Form, notwithstanding the limitation on liability in Section 7.2 of this Agreement.

10. TERM & TERMINATION

10.1 Term. This Agreement will continue in effect until otherwise terminated in accordance with Section 10.3 below. The Subscription Term will automatically renew for an additional one-year term at the rate listed on the applicable Order Form unless (i) otherwise indicated on the Order Form or (ii) either party provides the other with written notice of its election not to renew at least 30 days prior to the anniversary date. Vonahi reserves the right to change the rates, applicable charges, and usage policies and to introduce new charges, listed on such Order Form upon providing Customer written notice thereof (which may be provided by e-mail) at least 60 days prior to the end of the then current Subscription Term.

10.2 Suspension of Service.

  • (a) Customer agrees that Vonahi may suspend Customer’s access to the Service upon notice (which may be made by email or telephone) if Vonahi reasonably concludes that Customer is using the Service to engage in illegal activity, and/or Customer’s use of the Service is causing immediate, material and ongoing harm to others. In the event that Vonahi suspends Customer’s access to the Service, Vonahi will use commercially reasonable efforts to limit the suspension to the offending portion of the Service and work with Customer to resolve the issues requiring the suspension of Service. Customer agrees that Vonahi shall not be liable to Customer nor to any third party for any suspension of the Service under this Section 10.2.
  • (b) In addition to the foregoing, Vonahi also reserves the right to suspend Customer’s access to the Service upon notification, without having to terminate this Agreement or any Order Form, if Customer is more than thirty days late with respect to any payments due hereunder. Upon such suspension, Customer shall still be liable for all payments that have accrued prior to the date of suspension and that will accrue throughout the remainder of the Subscription Term. Vonahi will not be obligated to restore access to the Service until Customer has paid all fees owed to Vonahi.
10.3 Termination. Notwithstanding the foregoing, either party may terminate this Agreement or any Order Form: (i) immediately in the event of a material breach of this Agreement or any such Order Form by the other party that is not cured within thirty days of written notice thereof from the other party or, if such breach is incapable of cure, immediately upon written notice; or (ii) immediately if the other party ceases doing business or is the subject of a voluntary or involuntary bankruptcy, insolvency or similar proceeding, that is not dismissed within sixty days of filing. Either party may also terminate this Agreement upon no less than thirty days’ prior written notice to the other party for any reason if at such time there are no outstanding Subscription Terms then currently in effect. All rights and obligations of the parties which by their nature are reasonably intended to survive such termination or expiration will survive termination or expiration of this Agreement and each Order Form. Except as expressly provided herein, termination of this Agreement by either party will be a nonexclusive remedy for breach and will be without prejudice to any other right or remedy of such party.

10.4 Effect of Termination. Effect of Termination. Upon any termination or expiration of this Agreement or any applicable Order Form, Vonahi shall no longer provide the applicable Service to Customer and Customer must cease using the Service and send no further Customer Data to Vonahi. Termination of this Agreement or an Order Form shall not relieve Customer of its obligation to pay all fees that have accrued or have become payable by Customer hereunder. Customer agrees that following termination of Customer’s account and/or use of the Service, Vonahi may immediately deactivate Customer’s account and that following a reasonable period not to exceed 90 days, shall be entitled to delete Customer’s account and all Customer Data from the Service.

11. Warranties and Covenants

11. 1 Non-Infringement. Vonahi Security covenants that it will, and it will cause its employees, consultants and subcontractors ("Vonahi Security Personnel") to perform their responsibilities and provide Services and Deliverables in a manner that does not infringe or misappropriate any patent, trademark, copyright or trade secret right of any third party. Vonahi Security covenants that it will either own or otherwise have sufficient rights to license to Client all of the Deliverables furnished by Vonahi Security in connection with the Services. If any Service or Deliverable does not conform to the covenant set forth in this Section 4(a), Vonahi Security may procure the right for Client to continue to use the results of the Service or Deliverable, or may re-perform the Service or replace the Deliverable so that it is non-infringing and meets the original specifications. If the preceding remedies are not reasonably available, upon request by Client, Vonahi Security will refund the price paid for the infringing portion of the Services and refund the price paid for infringing Deliverables that are returned to Vonahi Security. Client covenants that it owns or otherwise has sufficient rights to furnish Vonahi Security all data and other information and materials furnished by Client to Vonahi Security in connection with the Services or Deliverables.

11.2 Work Standards. Vonahi Security covenants that (i) it and the Vonahi Security Personnel performing Services have the necessary knowledge, skills, experience, qualifications, and resources to perform the Services in accordance with this Service Order, and (ii) the Services will be performed for and Deliverables provided to Client in a good, diligent and workmanlike manner in accordance with industry standards and applicable laws and governmental regulations. If any material portion of the Services or Deliverables do not conform to the forgoing covenants, and Client notifies Vonahi Security within thirty (30) days of completion of the Services and delivery of Deliverables, then Vonahi Security will work diligently to re-perform the nonconforming portion of the Services so that they conform and redeliver the nonconforming portion of the Deliverables so that they conform. If the preceding remedies are not fulfilled within a reasonable time, upon request by Client, Vonahi Security will refund the price paid for the nonconforming portion of the Services and refund the price paid for nonconforming Deliverables that are returned to Vonahi Security. Vonahi Security will not be responsible for nonconformities arising from inaccurate or incomplete data or information provided by Client, or for failures or delays caused by Client’s failure to perform its obligations under this Agreement.

11.3 Client Cooperation. Client agrees to reasonably cooperate with Vonahi Security’s performance of Services. Client further agrees to take any and all actions reasonably necessary to enable Vonahi Security to perform the Services contemplated herein in an effective and efficient manner.

11.4 Security and Safety. Vonahi Security covenants that it and Vonahi Security Personnel performing the Services, while present at the facilities of Client, will comply with the security and safety policies of Client that are provided to Vonahi Security.

11.5 Place of Performance. The Services to be performed pursuant to this Service Order may be rendered at Client's, Vonahi Security's, or subcontractor's facilities or at other suitable locations mutually agreed by Vonahi Security and Client.

12. Scanning Duration Disclaimer

The amount of time it takes to perform, and complete scanning depends on the number of systems provided for targeting, bandwidth, available services, and the responsiveness of those services. If Vonahi Security's assumptions listed above cannot be met, there may be a negative impact on project duration or cost.

If there are deviations in scope, effort, or duration, a change order will be necessary and an addendum for additional effort will be created. All changes in scope or duration will be negotiated between Vonahi Security and Customer.

13. Ownership of Deliverables

The parties agree that all Deliverables are the property of Vonahi Security. Vonahi Security grants an unlimited, perpetual license to Client to use, copy or modify Deliverables for any internal purpose. Vonahi Security may freely use its ideas, concepts, know-how, and techniques that it develops during the course of providing Services and Deliverables under this Service Order, subject to Vonahi Security’s confidentiality obligations set forth in this Service Order and provided that such ideas, concepts, know-how, or techniques do not violate any patent, trademark, copyright or trade secret right of Client.

14. Assumptions and Exclusions

General Assumptions
Vonahi Security assumes that the scope of work presented in our Quotes to your organization will be conducted with the assistance and cooperation of your organization and its associated partners or providers to complete the assessment within the discussed time period.

Vonahi Security
  • The work is to be performed consecutively until project completion. There will be no break in services other than weekends and/or Vonahi Security recognized holidays.
  • Consultants consider all of your organization’s information and documentation as sensitive and confidential. As such, consultants will securely handle all data received by your organization in accordance with Vonahi Security’s Data Destruction Policy.
  • Consultants will notify the point of contact at your organization of any delays in services as soon as possible in order to determine ways to manage any impact (e.g. cost, modifications, etc.).
  • Deliverables will be presented to your organization for review and comments within two weeks or ten (10) business days within the completion of the project.
  • Vonahi Security is not responsible for providing services or performing tasks not specifically set forth in the Quote or Statement of Work.
  • Vonahi Security shall have no responsibility for other contractors or third parties engaged on the project unless expressly agreed to in writing.
Your Organization
  • Your organization will provide a single point of contact within the organization to help Vonahi Security consultants coordinate access to the required project materials and personnel.
  • Your organization will provide the necessary information to perform the requested services within a timely manner.
  • Your organization will provide a safe working environment, including a workspace, telephone, and network (and Internet) access for the purpose of time entry, email, and project-related efforts.
  • Your organization will provide any necessary building, parking, and/or machine room badges/passes for Vonahi Security consultants.
  • Vonahi Security consultants will be reliant on your organization’s staff to complete identified tasks and participate in interviews where necessary. Your organization's inability to provide this staff may affect the completion of tasks and/or deliverables.

15. Data Retention & Destruction Policy

15.1 Overview: Vonahi Security leverages the vPenTest platform to conduct security assessments on clients’ internal and external network environments. As a result, some data that we obtain may be deemed valuable or sensitive, although all collected data of such is obfuscated during transmission and storage. Vonahi Security has many security controls in place to protect Confidential Information or Personally Identifiable Information (PII).

15.2 Scope: This policy applies to all Vonahi Security staff and the vPenTest platform.
  1. Policy: 
    • a) General: The storage, transmission, and processing of sensitive, valuable, or confidential data shall be controlled and managed according to security best practices. Data is collected by vPenTest during security assessments and transmitted back for reporting and evidence purposes. However, this data is parsed for sensitive/valuable data and is obfuscated so that the storage is obfuscated and encrypted.
    • b) Data Destruction Procedures: All data in vPenTest is automatically purged from the system on a 60-day period, unless specifically requested or configured otherwise. After delivering security assessment deliverables, this data is automatically updated to extend for 60 days. Customers of the vPenTest platform have complete control to modify this automated process to purge data on a longer or shorter period.

      Prior to the data being purged, customers of vPenTest receive an email notification indicating that the data will be purged within 24 hours, with a link also provided so that the customer can modify this date.
15.2 Enforcement: Staff members found in policy violation may be subject to disciplinary action, up to and including termination.

16. Cancellation Policy

Except as otherwise expressly provided in your Service Quote, Client agrees to provide Vonahi Security with ten (10) business days' prior notice of its intention to delay, extend or release a scheduled Vonahi Security staffing assignment. If Client provides less than ten (10) business days' notice for delaying, extending or releasing assigned consultants, Vonahi Security may invoice and Client will pay for up to forty (40) hours of consulting services for each consultant delayed, extended or released.

17. Confidential Information

17.1 Defined. "Confidential Information", as used in this Service Order, means all information proprietary to a party or any of its customers or suppliers that is marked as confidential or that due to its nature is known or in good faith should be known to be confidential. Confidential Information of Client will be deemed to include, without limitation, all data to which Vonahi Security obtains access by performing the Services and any Deliverable containing such data. Confidential Information of Vonahi Security will be deemed to include, without limitation, its methodologies, templates, report, policy and plan formats, Deliverables (except Client data), scripts and tools. The obligations of the party ("Receiving Party") which receives Confidential Information of the other party ("Disclosing Party") with respect to any particular portion of the Disclosing Party's Confidential Information shall not attach or shall terminate, as the case may be, when any of the following occurs (i) it was generally available to the public at the time of disclosure to the Receiving Party, (ii) it entered the public domain or became generally available to the public through no fault of the Receiving Party subsequent to the time of disclosure to the Receiving Party, (iii) it was or is furnished to the Receiving Party by a third parting having the right to furnish it with no obligation of confidentiality to the Disclosing Party, or (iv) it was independently developed by the Receiving Party by individuals not having access to the Confidential Information of the Disclosing Party.

17.2 Obligations. The Receiving Party agrees not to disclose or use any Confidential Information of the Disclosing Party in violation of this Service Order and to use Confidential Information of the Disclosing Party solely for the purposes of this Service Order. Upon demand by the Disclosing Party, the Receiving Party shall return to the Disclosing Party all copies of the Disclosing Party's Confidential Information in the Receiving Party's possession or control and destroy all derivatives and other vestiges of the Disclosing Party's Confidential Information; provided that the Receiving Party may retain one archival copy solely for the purpose of administering its obligations under this Service Order; and provided further that Client may retain any Deliverables subject to the license of Section 7 and this Section 10. 

17.3 Need to Know. The Receiving Party may disclose Confidential Information of the Disclosing Party to its employees, officers, directors and representatives who have a reasonable need to know such Confidential Information for purposes of this Service Order. Disclosure of Confidential Information required by court or government order shall not constitute a violation of this provision provided the Disclosing Party has been given notice, if legally permitted, of such order by the Receiving Party.

17.4 Systems. If a party is given access, whether on-site or through remote facilities, to any computer or electronic data storage system of the other, such access and use shall be limited solely to performance within the scope of this Service Order and the party provided access shall not knowingly access or attempt to access any computer system, electronic file, software or other electronic services other than those specifically required to fulfill its obligations under this Service Order. All user identification numbers and passwords shall be deemed to be Confidential Information. 
  1. Ownership. All Confidential Information of the Disclosing Party shall remain the exclusive property of the Disclosing Party.
  2. Injunction. Both parties agree that violation of any provision of this Section would cause the Disclosing Party irreparable injury for which it would have no adequate remedy at law, and that the Disclosing Party will be entitled to immediate injunctive relief prohibiting such violation, in addition to any other rights and remedies available to it.

18. Non-solicitation and Contracting

Client agrees that it and its employees will not, either during or for a period of 12 months after conclusion of the Services, solicit to hire as an employee or contractor any Vonahi Security Personnel involved in the sale or delivery of this project. Publication of open positions in media of general circulation will not constitute solicitation of Vonahi Security Personnel. If Client hires Vonahi Security Personnel prior to expiration of the 12-month period, Client agrees to pay to Vonahi Security, within 30 days of the hiring date, an amount equal to one half of the person's annual compensation at Vonahi Security at the time of their departure.

19. AMENDMENTS

Any modification or amendment to these Terms must be made in writing and executed by an authorized representative of each party. However, if Vonahi Security modifies these Terms or any applicable Service Specific Terms during Customer’s Subscription Term, the modified version will take effect upon Customer’s next Subscription Term renewal. In addition: (a) If Vonahi Security launches new products or optional features that require opt-in acceptance of new terms, those terms will apply upon Customer’s acceptance or use; (b) changes to any terms will take effect immediately for all vPenTest Subscriptions; and (c) during a Subscription Term, Vonahi Security may update Vonahi Security’s Privacy Policy, General Terms of Use, and Terms of Sale from time-to-time to reflect process improvements or changing practices, and these changes will take effect thirty (30) days from the date of posting so long as they do not substantially diminish Customer’s rights or create substantial additional Customer obligations during a Subscription Term. Vonahi Security’s documentation is available online and constantly being developed and improved, and as a result, during a Subscription Term Vonahi Secyurity may update the documentation to reflect best practice with the relevant Vonahi Security Services, provided that these changes do not substantially diminish Customer’s rights or create substantial Customer obligations. In the event of any conflict between these Terms and any order form, these Terms will take precedence unless otherwise expressly provided. No waiver will be implied from conduct or failure to enforce or exercise rights under these Terms.

20. Execution in Counterparts

This Terms of Sale may be executed in any number of counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same agreement. Delivery of an executed counterpart of this Term of Sale by facsimile or any other reliable means shall be effective for all purposes as delivery of a manually executed original counterpart. Either party may maintain a copy of this Term of Sale in electronic form. The parties further agree that a copy produced from the delivered counterpart or electronic form by any reliable means (for example, photocopy, facsimile or printed image) shall in all respects be considered an original.

21. GENERAL PROVISIONS

21.1 Miscellaneous. (a) This Agreement shall be construed in accordance with and governed for all purposes by the laws of the State of Delaware (for customers located in the United States) each excluding its respective choice of law provisions and each party consents and submits to the jurisdiction and forum of the state and federal courts in the State of Georgia for all questions and controversies arising out of this Agreement and waives all objections to venue and personal jurisdiction in these forums for such disputes; (b) this Agreement, along with the accompanying Order Form(s) constitute the entire agreement and understanding of the parties hereto with respect to the subject matter hereof and supersedes all prior agreements and undertakings, both written and oral; (c) this Agreement and each Order Form may not be modified except by a writing signed by each of the parties; (d) in case any one or more of the provisions contained in this Agreement shall for any reason be held to be invalid, illegal, or unenforceable in any respect, such invalidity, illegality, or unenforceability shall not affect any other provisions of this Agreement, but rather this Agreement shall be construed as if such invalid, illegal, or other unenforceable provision had never been contained herein; (e) Customer shall not assign its rights or obligations hereunder without Vonahi's advance written consent; (f) subject to the foregoing subsection (e), this Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their successors and permitted assigns; (g) no waiver of any right or remedy hereunder with respect to any occurrence or event on one occasion shall be deemed a waiver of such right or remedy with respect to such occurrence or event on any other occasion; (h) nothing in this Agreement, express or implied, is intended to or shall confer upon any other person any right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement, including but not limited to any of Customer’s own clients, customers, or employees; (i) the headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement; and (j) in the event of a conflict between the terms of this Agreement and the terms of an Order Form, the terms in the Order Form shall take precedence.

21.2 Export. Each party acknowledges that the export, re-export, deemed export, and import of the Software and Documentation by Customer and Vonahi is subject to certain laws, rules, executive orders, directives, arrangements, and regulations of the United States and of other countries. Each party agrees to comply with all applicable laws with respect to the exportation, importation, and use of the Software and Documentation.

21.3 Data Privacy. Customer represents and warrants that Customer has obtained all necessary rights to permit Vonahi to process Customer Data from and about Customer, including, without limitation, data from endpoints, servers, cloud applications, and logs.

21.4 Data Security. Vonahi shall implement appropriate technical and organizational measures to protect Customer Data from accidental or unlawful destruction, loss, or alteration, unauthorized disclosure of or access to Customer Data. Such measures may include, as appropriate (a) the encryption of Customer Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services; (c) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of Customer Data.

21.6 Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the parties agree that, in addition to any other remedy to which the non-breaching party may be entitled hereunder, at law or equity, the disclosing party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.

21.7 Relationship of the Parties. Vonahi and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties or representations or assume or create any obligations, express or implied, in the other party’s name or on its behalf.

21.8 US Government Restricted Rights. This Section applies to all acquisitions of the Software or Services by or for the US federal government, or by any prime contractor or subcontractor (at any tier) under any contract, grant, cooperative agreement, or other activity with the federal government for the Government’s end use. The Software and Services are “commercial items” as that term is defined at FAR 2.101. If Customer is an Executive Agency (as defined in FAR 2.101) of the U.S. Federal Government (“Government”), Vonahi provides the Software and Services, including any related technical data and/or professional services in accordance with the following: If a right to access the Software and Services is procured by or on behalf of any Executive Agency (other than an Executive Agency within the Department of Defense (DoD)), the Government is granted, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to Vonahi’s customers as such rights are described in this Agreement. If a right to access the Software and Services is procured by or on behalf of any Executive Agency within the DoD, the Government is granted, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software that are customarily provided to Vonahi’s customers as such rights are described in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data provided by Vonahi to an Executive Agency within the DoD. Note, however, that Subpart 227.72 does not apply to computer software or computer Service documentation acquired under GSA schedule contracts. Except as expressly permitted under this Agreement, no other rights or licenses are granted to the Government. Any rights requested by the Government and not granted under this Agreement must be separately agreed in writing with Vonahi. This Section 21.6 of the Agreement is in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in the Software and Services.

21.9 Force Majeure. Other than payment obligations hereunder, neither party will be liable for any inadequate performance to the extent caused by a condition that was beyond the party's reasonable control (including, but not limited to, natural disaster, act of war or terrorism, riot, global health crisis, acts of God, or government intervention), except for mere economic hardship, so long as the party continues to use commercially reasonable efforts to resume performance.

21.10 No Reliance. Customer represents that it has not relied on the availability of any future version of the Software or any future product or service in executing this Agreement or purchasing any Software hereunder.

21.11 Notices. Unless specified otherwise herein, (i) all notices must be in writing and addressed to the attention of the other party's legal department and primary point of contact, and (ii) notice will be deemed given: (a) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (b) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices must be sent to Vonahi at info@vonahi.com.

21.12 Publicity. Customer acknowledges that Vonahi may use Customer’s name and logo for the purpose of identifying Customer as a customer of Vonahi products and/or services. Vonahi will cease using the customer’s name and logo upon written request.

21.13 Compliance with Law. Each party agrees to comply with all federal, state and local laws and regulations including but not limited to export law, and those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.

The General Terms and Conditions govern this Agreement between Vonahi Security and Customer. Express provisions of the variable portions (above) of this Agreement control any conflicting standard provisions of these General Terms and Conditions, and any conflicting provisions of any Proposal. By Signing below, you represent and warrant that you are a duly authorized representative of Customer, and that you are authorized to and hereby do sign below, on its behalf, to indicate its agreement with and bind it to the terms of this contract.

CONTACT US

In order to resolve a complaint regarding the Terms of Sale or to receive further information regarding use of the Vonahi Security's services, please contact us at: 

Vonahi Security
260 Peachtree
 St NW
Ste 2200
Atlanta, GA 30303
United States
Phone: 844-866-2732
info@vonahi.io