Terms of Sale

Last updated [April 7, 2021]

AGREEMENT TO TERMS

The following Terms of Sale govern any services agreed between Vonahi Security and Customer. You agree that by accessing the vPenTest portal, you have read, understood, and agreed to be bound by all of these Terms of Sale. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF SALE, THEN YOU MUST DISCONTINUE USE IMMEDIATELY.

Services and Deliverables

The services to be performed by Vonahi Security or vPenTest (the "Services") and any deliverables to be provided by Vonahi Security (the "Deliverables") are those set forth in the DESCRIPTION OF SERVICES as described below. 

Fees/Expenses/Taxes

Client agrees to pay Vonahi Security for Services pursuant to the Service Order at Vonahi Security's hourly billing rates or fee stated in this Service Order, plus materials stated on any bill of materials that is part of the Service Order. If any rates, fees or materials prices are not expressly stated, then Vonahi Security’s general hourly billing rates in effect at the time plus list price for materials will apply. Client further agrees to reimburse Vonahi Security for reasonable travel and living expenses incurred by Vonahi Security in connection with the performance of Services. Expenses are subject to Vonahi Security Travel Policy, available upon request. Client will pay or reimburse to Vonahi Security if invoiced by Vonahi Security all sales, service and value added taxes, and any other tax of any kind whatsoever (other than tax imposed upon the income or profits of Vonahi Security or any franchise tax imposed on Vonahi Security).

Travel and expenses are not included in the estimate and will be billed as incurred. Vonahi Security will make every attempt to incur reasonable expenses associated with the implementation of the project. Valid expenses typically include parking, meals, lodging, photocopying, and communication costs. Travel costs include airfare, mileage (if a personal car is used), and automobile rental. In addition to fees, Vonahi Security will invoice for, and your organization agrees to pay, all reasonable travel and living expenses incurred by Vonahi Security personnel during the delivery of these services

Special Considerations

It is Vonahi Security’s assumption that there are no requirements for a security clearance for the tasks contained in our quotes to customers. If a security clearance or other special staffing consideration is necessary, please notify Vonahi Security as quickly as possible.

Payment

Vonahi Security’s invoices for vPenTest are due and payable by Client in full immediately. If the invoice is not paid immediately, access to the vPenTest platform may not be granted or limited.

Unless otherwise expressly stated in the Customer's Service Order or Quote, invoices for all other Cybersecurity engagements are due within thirty (30) days from the invoice date. Invoices not paid within thirty (30) days from the invoice date will bear interest from the due date until paid at a rate of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law, whichever is less.

Warranties and Covenants

  1. Non-Infringement. Vonahi Security covenants that it will, and it will cause its employees, consultants and subcontractors ("Vonahi Security Personnel") to perform their responsibilities and provide Services and Deliverables in a manner that does not infringe or misappropriate any patent, trademark, copyright or trade secret right of any third party. Vonahi Security covenants that it will either own or otherwise have sufficient rights to license to Client all of the Deliverables furnished by Vonahi Security in connection with the Services. If any Service or Deliverable does not conform to the covenant set forth in this Section 4(a), Vonahi Security may procure the right for Client to continue to use the results of the Service or Deliverable, or may re-perform the Service or replace the Deliverable so that it is non-infringing and meets the original specifications. If the preceding remedies are not reasonably available, upon request by Client, Vonahi Security will refund the price paid for the infringing portion of the Services and refund the price paid for infringing Deliverables that are returned to Vonahi Security. Client covenants that it owns or otherwise has sufficient rights to furnish Vonahi Security all data and other information and materials furnished by Client to Vonahi Security in connection with the Services or Deliverables.
  2. Work Standards. Vonahi Security covenants that (i) it and the Vonahi Security Personnel performing Services have the necessary knowledge, skills, experience, qualifications, and resources to perform the Services in accordance with this Service Order, and (ii) the Services will be performed for and Deliverables provided to Client in a good, diligent and workmanlike manner in accordance with industry standards and applicable laws and governmental regulations. If any material portion of the Services or Deliverables do not conform to the forgoing covenants, and Client notifies Vonahi Security within thirty (30) days of completion of the Services and delivery of Deliverables, then Vonahi Security will work diligently to re-perform the nonconforming portion of the Services so that they conform and redeliver the nonconforming portion of the Deliverables so that they conform. If the preceding remedies are not fulfilled within a reasonable time, upon request by Client, Vonahi Security will refund the price paid for the nonconforming portion of the Services and refund the price paid for nonconforming Deliverables that are returned to Vonahi Security. Vonahi Security will not be responsible for nonconformities arising from inaccurate or incomplete data or information provided by Client, or for failures or delays caused by Client’s failure to perform its obligations under this Agreement.
  3. Client Cooperation. Client agrees to reasonably cooperate with Vonahi Security’s performance of Services. Client further agrees to take any and all actions reasonably necessary to enable Vonahi Security to perform the Services contemplated herein in an effective and efficient manner.
  4. Security and Safety. Vonahi Security covenants that it and Vonahi Security Personnel performing the Services, while present at the facilities of Client, will comply with the security and safety policies of Client that are provided to Vonahi Security.

Limitation of Liability

In no event will either party, or its suppliers, be liable to the other, whether in contract or in tort or under any other legal theory (including, without limitation, strict liability and negligence), for lost profits or revenues, loss of use or loss of data, or for any indirect, special, exemplary, punitive, multiple, incidental, consequential or similar damages, arising out of or in connection with the performance or non-performance of this Service Order, even if advised of the possibility of such damages. In no event will Vonahi Security’s liability under any claim made by Client exceed an amount equal to the total amount of fees actually paid by Client to Vonahi Security under this Service Order. Notwithstanding the above, however, in no event shall a party's liability be limited in amount of damages arising from (a) gross negligence or willful misconduct, or (b) breach of its confidentiality obligations under this Service Order. No action regarding the Services or Deliverables, regardless of form, may be brought more than one (1) year after the first to occur of either (a) the conclusion of Services and delivery of any Deliverables under this Service Order, or (b) such party's knowledge of the event giving rise to such cause of action. This limitation on actions does not apply to confidentiality obligations or the limited license of Section 7 regarding Deliverables.

Place of Performance

The Services to be performed pursuant to this Service Order may be rendered at Client's, Vonahi Security's, or subcontractor's facilities or at other suitable locations mutually agreed by Vonahi Security and Client.

Scanning Duration Disclaimer

The amount of time it takes to perform, and complete scanning depends on the number of systems provided for targeting, bandwidth, available services, and the responsiveness of those services. If Vonahi Security's assumptions listed above cannot be met, there may be a negative impact on project duration or cost.

If there are deviations in scope, effort, or duration, a change order will be necessary and an addendum for additional effort will be created. All changes in scope or duration will be negotiated between Vonahi Security and Customer.

Ownership of Deliverables

The parties agree that all Deliverables are the property of Vonahi Security. Vonahi Security grants an unlimited, perpetual license to Client to use, copy or modify Deliverables for any internal purpose. Vonahi Security may freely use its ideas, concepts, know-how, and techniques that it develops during the course of providing Services and Deliverables under this Service Order, subject to Vonahi Security’s confidentiality obligations set forth in this Service Order and provided that such ideas, concepts, know-how, or techniques do not violate any patent, trademark, copyright or trade secret right of Client.

Assumptions and Exclusions

General Assumptions
Vonahi Security assumes that the scope of work presented in our Quotes to your organization will be conducted with the assistance and cooperation of your organization and its associated partners or providers to complete the assessment within the discussed time period.

Vonahi Security
  • The work is to be performed consecutively until project completion. There will be no break in services other than weekends and/or Vonahi Security recognized holidays.
  • Consultants consider all of your organization’s information and documentation as sensitive and confidential. As such, consultants will securely handle all data received by your organization in accordance with Vonahi Security’s Data Destruction Policy.
  • Consultants will notify the point of contact at your organization of any delays in services as soon as possible in order to determine ways to manage any impact (e.g. cost, modifications, etc.).
  • Deliverables will be presented to your organization for review and comments within two weeks or ten (10) business days within the completion of the project.
  • Vonahi Security is not responsible for providing services or performing tasks not specifically set forth in the Quote or Statement of Work.
  • Vonahi Security shall have no responsibility for other contractors or third parties engaged on the project unless expressly agreed to in writing.
Your Organization
  • Your organization will provide a single point of contact within the organization to help Vonahi Security consultants coordinate access to the required project materials and personnel.
  • Your organization will provide the necessary information to perform the requested services within a timely manner.
  • Your organization will provide a safe working environment, including a workspace, telephone, and network (and Internet) access for the purpose of time entry, email, and project-related efforts.
  • Your organization will provide any necessary building, parking, and/or machine room badges/passes for Vonahi Security consultants.
  • Vonahi Security consultants will be reliant on your organization’s staff to complete identified tasks and participate in interviews where necessary. Your organization's inability to provide this staff may affect the completion of tasks and/or deliverables.

Data Retention & Destruction Policy

  1. Overview: Vonahi Security leverages the vPenTest platform to conduct security assessments on clients’ internal and external network environments. As a result, some data that we obtain may be deemed valuable or sensitive, although all collected data of such is obfuscated during transmission and storage. Vonahi Security has many security controls in place to protect Confidential Information or Personally Identifiable Information (PII).
  2. Scope: This policy applies to all Vonahi Security staff and the vPenTest platform.
  3. Policy: 
    • a) General: The storage, transmission, and processing of sensitive, valuable, or confidential data shall be controlled and managed according to security best practices. Data is collected by vPenTest during security assessments and transmitted back for reporting and evidence purposes. However, this data is parsed for sensitive/valuable data and is obfuscated so that the storage is obfuscated and encrypted.
    • b) Data Destruction Procedures: All data in vPenTest is automatically purged from the system on a 60-day period, unless specifically requested or configured otherwise. After delivering security assessment deliverables, this data is automatically updated to extend for 60 days. Customers of the vPenTest platform have complete control to modify this automated process to purge data on a longer or shorter period.

      Prior to the data being purged, customers of vPenTest receive an email notification indicating that the data will be purged within 24 hours, with a link also provided so that the customer can modify this date.
  4. Enforcement: Staff members found in policy violation may be subject to disciplinary action, up to and including termination.

Cancellation Policy

Except as otherwise expressly provided in this Service Order, Client agrees to provide Vonahi Security with ten (10) business days' prior notice of its intention to delay, extend or release a scheduled Vonahi Security staffing assignment. If Client provides less than ten (10) business days' notice for delaying, extending or releasing assigned consultants, Vonahi Security may invoice and Client will pay for up to forty (40) hours of consulting services for each consultant delayed, extended or released.

Use of Name and Publicity

Each party agrees that it will not, without prior written consent of the other party in each instance, use in advertising, publicity or otherwise the name of such party or any of its affiliates, or any partner or employee of such party or its affiliates, nor any trade name, trademark, service mark, logo or slogan of such party or its affiliates.

Confidential Information

  1. Defined. "Confidential Information", as used in this Service Order, means all information proprietary to a party or any of its customers or suppliers that is marked as confidential or that due to its nature is known or in good faith should be known to be confidential. Confidential Information of Client will be deemed to include, without limitation, all data to which Vonahi Security obtains access by performing the Services and any Deliverable containing such data. Confidential Information of Vonahi Security will be deemed to include, without limitation, its methodologies, templates, report, policy and plan formats, Deliverables (except Client data), scripts and tools. The obligations of the party ("Receiving Party") which receives Confidential Information of the other party ("Disclosing Party") with respect to any particular portion of the Disclosing Party's Confidential Information shall not attach or shall terminate, as the case may be, when any of the following occurs (i) it was generally available to the public at the time of disclosure to the Receiving Party, (ii) it entered the public domain or became generally available to the public through no fault of the Receiving Party subsequent to the time of disclosure to the Receiving Party, (iii) it was or is furnished to the Receiving Party by a third parting having the right to furnish it with no obligation of confidentiality to the Disclosing Party, or (iv) it was independently developed by the Receiving Party by individuals not having access to the Confidential Information of the Disclosing Party.
  2. Obligations. The Receiving Party agrees not to disclose or use any Confidential Information of the Disclosing Party in violation of this Service Order and to use Confidential Information of the Disclosing Party solely for the purposes of this Service Order. Upon demand by the Disclosing Party, the Receiving Party shall return to the Disclosing Party all copies of the Disclosing Party's Confidential Information in the Receiving Party's possession or control and destroy all derivatives and other vestiges of the Disclosing Party's Confidential Information; provided that the Receiving Party may retain one archival copy solely for the purpose of administering its obligations under this Service Order; and provided further that Client may retain any Deliverables subject to the license of Section 7 and this Section 10. 
  3. Need to Know. The Receiving Party may disclose Confidential Information of the Disclosing Party to its employees, officers, directors and representatives who have a reasonable need to know such Confidential Information for purposes of this Service Order. Disclosure of Confidential Information required by court or government order shall not constitute a violation of this provision provided the Disclosing Party has been given notice, if legally permitted, of such order by the Receiving Party.
  4. Systems. If a party is given access, whether on-site or through remote facilities, to any computer or electronic data storage system of the other, such access and use shall be limited solely to performance within the scope of this Service Order and the party provided access shall not knowingly access or attempt to access any computer system, electronic file, software or other electronic services other than those specifically required to fulfill its obligations under this Service Order. All user identification numbers and passwords shall be deemed to be Confidential Information. 
  5. Ownership. All Confidential Information of the Disclosing Party shall remain the exclusive property of the Disclosing Party.
  6. Injunction. Both parties agree that violation of any provision of this Section would cause the Disclosing Party irreparable injury for which it would have no adequate remedy at law, and that the Disclosing Party will be entitled to immediate injunctive relief prohibiting such violation, in addition to any other rights and remedies available to it.

Non-solicitation and Contracting

Client agrees that it and its employees will not, either during or for a period of 12 months after conclusion of the Services, solicit to hire as an employee or contractor any Vonahi Security Personnel involved in the sale or delivery of this project. Publication of open positions in media of general circulation will not constitute solicitation of Vonahi Security Personnel. If Client hires Vonahi Security Personnel prior to expiration of the 12-month period, Client agrees to pay to Vonahi Security, within 30 days of the hiring date, an amount equal to one half of the person's annual compensation at Vonahi Security at the time of their departure.

NOTICES

All notices and other communications under this Service Order will be in writing and deemed delivered one (1) day after being sent by a nationally recognized overnight courier service or three (3) days after being sent certified U.S. mail, return receipt requested, postage prepaid. All notices and other communications under this Service Order will be given to the party at the address indicated in this Service Order.

GOVERNING LAW

These Terms of Sale and your use of the Vonahi Security servides or platform, vPenTest are governed by and construed in accordance with the laws of the State of Georgia applicable to agreements made and to be entirely performed within the State of Georgia, without regard to its conflict of law principles.

WAIVER

No forbearance, failure or delay in exercising any right, power or privilege is waiver thereof, nor does any single or partial exercise preclude any other or future exercise, or the exercise of any other right, power or privilege. No waiver of any provision shall be effective unless made in a writing signed by both Vonahi Security and Client.

Severability

In the event that a court of competent jurisdiction holds any provision of this Service Order invalid or unenforceable in any circumstances, the remainder of this Service Order, and the application of such provision in any other circumstances, will not be affected thereby. The parties authorize the court to modify any invalid or unenforceable provision to the extent necessary to make it enforceable under the circumstances.

Entire Agreement

This Terms of Sale constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior proposals, agreements, negotiations, correspondence and other communications, whether written or oral, between Vonahi Security and Client.

Force Majeure

Neither party is liable for non-performance under this Service Order to the extent to which the non-performance is caused by events or conditions beyond that party's control, and the party makes all reasonable efforts to perform; provided, however, this paragraph shall not apply to either party's obligations with respect to payments of money pursuant to the terms of this Service Order.

Execution in Counterparts

This Terms of Sale may be executed in any number of counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same agreement. Delivery of an executed counterpart of this Term of Sale by facsimile or any other reliable means shall be effective for all purposes as delivery of a manually executed original counterpart. Either party may maintain a copy of this Term of Sale in electronic form. The parties further agree that a copy produced from the delivered counterpart or electronic form by any reliable means (for example, photocopy, facsimile or printed image) shall in all respects be considered an original.

CONTACT US

In order to resolve a complaint regarding the Terms of Sale or to receive further information regarding use of the Vonahi Security's services, please contact us at: 

Vonahi Security
260 Peachtree
 St NW
Ste 2200
Atlanta, GA 30303
United States
Phone: 844-866-2732
info@vonahi.io