BINARY DEFENSE DATA SECURITY AND PRIVACY THREAT ASSESSMENT SERVICES AGREEMENT
This is a legal agreement between each user that accepts this Services Agreement (each, a “Customer” or “You”)) and Binary Defense Systems, LLC, an Ohio limited liability company, with its principal place of business at 600 Alpha Parkway, Stow, Ohio (“Binary Defense”). Binary Defense is a provider of data security and privacy threat assessment services including identifying, assessing and helping customers to understand the risks to its organization that arise from the data it uses and generates (the “Assessment Services”). For purposes of this Services Agreement, the term “Affiliate” means a person or entity controlling, controlled by, or under common control with a stated party.
BY USING THE ASSESSMENT SERVICES, CUSTOMER AGREES TO BE BOUND BY THE TERMS OF THIS SERVICES AGREEMENT, AS THE SAME MAY BE AMENDED BY BINARY DEFENSE IN ITS DISCRETION FROM TIME TO TIME. IF YOU DO NOT AGREE TO THE TERMS OF THIS SERVICES AGREEMENT, DO NOT ACCESS OR USE THE ASSESSMENT SERVICES.
- The Assessment Services are available through Binary Defense directly. The right to receive Assessment Services is subject to acceptance of this Services Agreement by a Customer.
- The Assessment Services are protected by applicable federal, state, local and foreign laws, rules, regulations and treaties, including, without limitation, United States and foreign copyright laws and international copyright treaties.
NOW, THEREFORE, in exchange for the mutual promises set forth in this Services Agreement, and for other good and valuable consideration, the receipt, adequacy and sufficiency of which are hereby acknowledged, the parties hereby agree as follows:
1. Assessment Services.
- External Vulnerability Scan. Binary Defense utilizes the Nessus system to perform external vulnerability scans for clients to uncover potential risks as well as publically-accessible system misconfigurations which could be used by individuals to maliciously gain entry as well as provide leverage to perform exploitation. Binary Defense will not be performing exploitation of vulnerabilities, penetration testing, vulnerability scanning or security assessments on websites nor will we attempt brute force techniques. Nessus automates point-in-time assessments to help quickly identify and fix vulnerabilities (i.e., software flaws, missing patches, malware, and misconfigurations) across a variety of operating systems, devices and applications.
- Compromised Account Report. Binary Defense uses several tools to discover leaked emails on the Clearnet as well as the Darknet. We will be providing you with a summary of our findings along with what was compromised in the leaked information. A full description of the breaches, along with their attributes, will also be included. All of the information that we will be sending over is available on the Darknet and Clearnet, meaning that it is publicly available for threat actors to utilize in an attack. Binary Defense will not be testing any passwords found to determine if the passwords are still being used today. We will also not send full plain text passwords in the report for security reasons.
2. Term and Termination.
- Term. This Services Agreement shall remain in effect until the completion of the Assessment Services, unless the Services Agreement is earlier terminated as permitted hereunder (the “Term”).
- Termination. Without prejudice to any other rights, Binary Defense may terminate this Services Agreement, in whole or in part immediately upon delivery of written notice of termination to Customer if Customer fails to comply with any of the terms and conditions of this this Services Agreement. Additionally, Binary Defense may terminate this Services Agreement immediately upon delivery of written notice of termination to Customer after a receiver has been appointed in respect of the whole or a substantial part of Customer’s assets or a petition in bankruptcy or for liquidation filed by or against Customer which petition is not dismissed within sixty (60) days following its initiation. Additionally, either party may terminate this Services Agreement, in whole or in part, for convenience during the Term by providing to the other party with notice of termination not less than thirty (30) days prior to the effective date of termination.
- Effect of Termination or Expiration. In the event of the termination or expiration of this Services Agreement, Customer shall immediately cease using the Assessment Services. Termination or expiration of this Services Agreement shall be without prejudice to any other right or remedy to which Binary Defense may be entitled under this Services Agreement or applicable law. Termination or expiration of this Services Agreement shall not relieve Customer from its obligations arising hereunder before termination or expiration of this Services Agreement or which survive termination or expiration of this Services Agreement.
4. Description of Other Rights and Limitations.
- In connection with the provision of Assessment Services by Binary Defense to Customer hereunder, the parties acknowledge and agree that Binary Defense is expressly not selling to Customer, and Customer is not acquiring any right, title or interest in or to, Binary Defense intellectual property or rights, (“Binary Defense Intellectual Property”).
- All rights in and to the Binary Defense Intellectual Property (including, without limitation, all software code incorporated therein) not expressly granted hereunder are reserved to and retained by Binary Defense. The parties expressly acknowledge and agree that all right, title and interest in and to the Binary Defense Intellectual Property and all patent, trademark, copyright, trade secret and other intellectual property and proprietary rights in and to the Binary Defense Intellectual Property are and will be owned by Binary Defense.
- Customer acknowledges and agrees to the following:
- Customer shall comply in full, and shall cause its Authorized Users to comply in full, with all federal, state, local and foreign laws, rules and regulations in connection with its access to, and use of, the Assessment Services, or the use thereof, by any employee or agent of Customer.
- Customer shall not remove, and shall cause its Authorized Users to not remove, Binary Defense’s copyright notices and other proprietary notices on the Assessment Services, and all copies thereof shall be subject to all terms, conditions, and obligations of this Services Agreement.
- To the extent permissible by law, You are ineligible to subscribe to the Assessment Services if (a) You or Your employees have been convicted for any computer or Internet related crimes; or (b) if You are more than sixty (60) days overdue on any monies or amounts owed to Binary Defense; or (c) if You are a competitor of Binary Defense; or (d) if You are located in a region that is prohibited from using the Assessment Services by law; or (e) if You have already previously been refused the Assessment Services by Binary Defense in the past.
- Binary Defense reserves the right to refuse access to any potential subscriber to the Assessment Services should Binary Defense, in its absolute discretion, deem such refusal necessary.
- You agree to provide current, accurate information in all electronic or hardcopy registration forms submitted in connection with the Assessment Services. You agree not to impersonate or in any way misrepresent Your affiliation or authority to act on behalf of any person, company or other entity. By accepting these Terms, all Your personnel using the Assessment Services (“Authorized Users”) or accepting these Terms, certify that they are authorized to act on Your behalf and are authorized by to use any and all devices or systems with respect to which You direct the Assessment Services to be performed. You agree reasonably to cooperate with Binary Defense res to verify the identity and authority of persons using the Assessment Services.
- You must never use or direct the Assessment Services to interact with devices or systems for which You are not expressly authorized to do so. You must not use the Assessment Services in such a way as to create unreasonable load on devices or systems to which You have directed the Assessment Services to interact. You may not use any Assessment Services infrastructure, directly or indirectly to initiate, propagate, participate, direct or attempt any attack, hack, or send bandwidth saturation, malicious or potentially damaging network messages to any device or system, whether owned by Binary Defense or not.
- You must not, through the use of the Assessment Services or by any other means, create unreasonable load on the Assessment Services infrastructure.
- You must not use the Assessment Services to perform any unlawful activity including but not limited to computer crime, transmission or storage of illegal content, or content or software in violation of applicable law.
- You must not access information on the Assessment Services infrastructure for which You are not authorized, or which is not made available intentionally, publicly and in accordance with Binary Defense policies. If You gain access to any information for which You are not authorized, by any means or method, or for any reason, You must report such access to Binary Defense immediately and destroy all electronic or hard copies of such information unless otherwise required by applicable law. You must report incidents by email with return receipt requested to firstname.lastname@example.org.
- You agree not to provide access to the Assessment Services by: (i) allowing others who are not Authorized Users to use Your account; (ii) creating an account for someone who is not authorized to perform the role or view the information for which You have granted access; (iii) creating an account for an unauthorized; or (iv) failing to revoke access for those persons who are no longer Authorized Users to access the Assessment Services for any reason. You will immediately notify Binary Defense of any unauthorized access from Your account or the accounts of others for which You have administrative authority, including the use of accounts, passwords, or any other breach of security. You will not solicit another party’s password for any reason. You will not access someone else’s account, nor disrupt, interfere, or limit the functioning of the Assessment Services or other’s enjoyment of the Assessment Services.
- Notwithstanding anything to the contrary contained in this Services Agreement, any breach of the above covenants may, in the discretion of Binary Defense, result in immediate termination of the Assessment Services.
5. DISCLAIMER. EXCEPT AS OTHERWISE EXPRESSLY SET FORTH IN THIS SERVICES AGREEMENT, ACCESS TO AND USE OF THE ASSESSMENT SERVICES ARE PROVIDED “AS IS”, “WITH ALL FAULTS”. BINARY DEFENSE DOES NOT GUARANTEE CONTINUOUS, UNINTERRUPTED OR SECURE ACCESS TO OR USE OF THE ASSESSMENT SERVICES. EXCEPT AS OTHERWISE EXPRESSLY SET FORTH IN THIS SERVICES AGREEMENT, NO WARRANTY OR CONDITION, EXPRESS OR IMPLIED, IS MADE WITH RESPECT TO THE ASSESSMENT SERVICES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION, OR NON-INFRINGEMENT. Please note that some jurisdictions may not allow the above exclusion of implied warranties, so some of the above exclusions may not apply to Customer.
6. LIABILITY CAP AND LIMITATION OF LIABILITY.
- LIABILITY CAP. IN THE EVENT OF A BREACH OF THIS SERVICES AGREEMENT BY BINARY DEFENSE, BINARY DEFENSE’S AND ITS SUPPLIERS’ ENTIRE LIABILITY AND A CUSTOMER’S SOLE AND EXCLUSIVE REMEDY SHALL BE FOR BINARY DEFENSE TO RE-PERFORM THE ASSESSMENT SERVICES; PROVIDED, HOWEVER, THAT A CUSTOMER SHALL NOT BE ENTITLED TO THE FOREGOING REMEDY IF ANY ERROR OR PROBLEM WITH THE ASSESSMENT SERVICES ARISES FROM THE ACTIONS OR OMISSIONS OF CUSTOMER. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS SERVICES AGREEMENT, IN NO EVENT SHALL BINARY DEFENSE’S TOTAL LIABILITY ARISING IN CONNECTION WITH OR UNDER THIS AGREEMENT (WHETHER UNDER THE THEORIES OF BREACH OF CONTRACT, TORT, MISREPRESENTATION, FRAUD, WARRANTY, NEGLIGENCE, STRICT LIABILITY OR ANY OTHER THEORY OF LAW) EXCEED $1,500. THE FOREGOING LIMITATIONS, EXCLUSIONS AND DISCLAIMERS SHALL APPLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
- LIMITATION OF LIABILITY. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS SERVICES AGREEMENT, NEITHER BINARY DEFENSE NOR ANY OF ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS OR REPRESENTATIVES SHALL BE, UNDER ANY CIRCUMSTANCES, LIABLE TO CUSTOMER OR ANY OTHER PERSON, FIRM OR ENTITY (WHETHER IN AN ACTION ARISING FROM CONTRACT, TORT OR OTHER LEGAL THEORY) FOR SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR OTHER DAMAGES RESULTING FROM THE ACCESS OR USE OF THE ASSESSMENT SERVICES, OR OTHERWISE, HOWEVER CAUSED, INCLUDING, WITHOUT LIMITATION, SUCH DAMAGES ARISING FROM (I) INFORMATION OR DATA OBTAINED FROM OR THROUGH THE ASSESSMENT SERVICES, (II) RELIANCE BY ANY PERSON ON INFORMATION OR DATA OBTAINED FROM OR THROUGH THE ASSESSMENT SERVICES, (III) VIRUS TRANSMISSION OR DELETION OR LOSS OF FILES OR E-MAIL, (IV) LOSS OF DATA OR INFORMATION OF ANY KIND, (V) LOSS OF PROFIT, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF BINARY DEFENSE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), (VI) LIABILITY FOR PERSONAL INJURY, OR (VII) LIABILITY TO THIRD PARTIES
- Customer shall indemnify, defend and hold harmless Binary Defense and its Affiliates, employees, agents, officers, directors, shareholders, representatives, successors and assigns from and against any loss, liability, cause of action, cost or expense (including reasonable attorneys’ fees) arising from, arising in connection with or related to: (i) the material breach of this Services Agreement by Customer; (ii) the acts and omissions of Customer and its Affiliates, Authorized Users, employees, agents and representatives (individually, a “Customer Affiliated Party” and collectively, the “Customer Affiliated Parties”) in connection with access to and use of the Assessment Services; (iii) the violation, infringement or misappropriation by Customer or any Customer Affiliated Party, of the intellectual property, proprietary or other rights of any third party.
- If any claim is commenced against a party entitled to indemnification under this paragraph (“Indemnified Party”), the Indemnified Party will provide notice of the claim and copies of all related documentation to the party obligated to provide indemnification (“Indemnifying Party”) and the Indemnifying Party will assume control of the defense of such claim at its cost and expense. Such notice and documentation will be provided as promptly as possible; provided, that in no event shall the Indemnifying Party be relieved of its indemnification obligations hereunder unless the failure to provide notice promptly hereunder results in, and then only to the extent of, actual prejudice to the rights of the Indemnifying Party. The Indemnified Party may, at its own cost and expense, participate, through its attorneys or otherwise, in the investigation, trial and defense of such claim and any appeal. In such case, the Indemnifying Party will reasonably cooperate with the Indemnified Party’s attorneys.
8. Applicable Law. This Services Agreement is governed, construed and enforced in accordance with the laws of the State of Ohio, without giving effect to any principles of conflicts of laws. Jurisdiction and venue for all actions arising under this Services Agreement shall be in the federal and state courts located in Cuyahoga County, Ohio. The United Nations Convention on Contracts for the International Sale of Goods shall not be applicable to this Services Agreement.
9. Entire Agreement. This Services Agreement and any documentation related to Support Services is the entire agreement between a Customer and Binary Defense relating to the subject matter of this Services Agreement and supersedes all prior or contemporaneous oral or written communications, proposals and representations with respect to the subject matter of this Services Agreement.
10. Notices and Questions. All notices and demands hereunder shall be in writing and shall be served by personal service, electronic mail, or by mail at the address of the receiving party set forth in this Services Agreement (or at such different address as may be designated by such party by written notice to the other party). All notices or demands by mail shall be by certified or registered mail, return receipt requested, or by nationally-recognized private express courier and shall be deemed complete upon receipt. Should a Customer have any questions concerning this Services Agreement, or if Customer desires to contact Binary Defense for any reason, please contact Binary Defense by email at email@example.com.
11. Confidentiality. Customer acknowledges that Customer or a Customer Affiliated Party may receive or become aware of confidential information and trade secrets of Binary Defense (“Confidential Information”). Customer agrees to maintain and protect, and cause all Customer Affiliated Parties to maintain and protect, the confidentiality of all Confidential Information of which it becomes aware (whether or not identified or marked as confidential at the time of its disclosure) and not disclose any Confidential Information, except as required by law (for example, under a court order or subpoena), to any person, firm, or entity other than the Customer Affiliated Parties who have a need to know such Confidential Information for purposes of the license granted to Customer hereunder, and Customer shall preserve and protect, and cause all Customer Affiliated Parties to preserve and protect, the confidentiality of all Confidential Information of which it becomes aware using the same degree of care that it uses to protect its own trade secrets, but never less than reasonable care. Further, Customer shall not use or disclose, and shall cause all Customer Affiliated Parties not to use or disclose, any Confidential Information for any purpose not permitted by this Services Agreement. Customer agrees to formulate and adopt appropriate safeguards in light of its own operating activities to ensure protection of the confidentiality of all Confidential Information of which it becomes aware. The restrictions on disclosure set forth above shall not apply when, and to the extent that, Confidential Information: (a) is part of the public domain through no action or failure to act by Customer; (b) is made available to the general public by Binary Defense or a third party who is lawfully in possession of such information, not as a result of any action or failure to act on the part of Customer; (c) was previously known to Customer free of any obligation to keep it confidential; (d) is subsequently disclosed to Customer free of any obligation to keep it confidential; or (e) is independently developed by Customer or a third party other than in breach of this Services Agreement. In addition, Customer will not be considered to have breached its obligations under this Services Agreement to the extent Confidential Information is required to be disclosed by court order or order of a governmental authority or by applicable law, provided Customer, to the extent practicable, advises Binary Defense in writing prior to making such disclosure so that the Binary Defense may object to such disclosure, take action to ensure confidential treatment of the Confidential Information, or take such other action as it considers appropriate to protect the Confidential Information. Violations of this Section 11 are likely to cause irreparable harm and therefore Binary Defense may seek immediate injunctive relief without the need of posting bond in the event of a violation of this Section 11.
12. Dispute Resolution. The parties will attempt to settle any claim or controversy arising out of this Services Agreement through consultation and negotiation in good faith in a spirit of mutual cooperation. If those attempts fail, then the dispute will be mediated by a mutually accepted mediator to be chosen by the parties within forty-five (45) days after written notice by either party to the other demanding mediation. No party may unreasonably withhold consent to the selection of a mediator. The parties will share the cost of the mediation equally. By mutual agreement, the parties may postpone mediation until some specified but limited discovery about the dispute has been completed. The parties may also agree to replace mediation with some other form of alternative dispute resolution. Any dispute which cannot be resolved by the parties through negotiation, mediation or other form of agreed alternative dispute resolution within one hundred twenty (120) days following the date of the initial demand for it by one of the parties may then be submitted to the courts for resolution. Nothing in this section will prevent a party from resorting to judicial proceedings if: (a) good faith efforts to resolve the dispute under these procedures have been unsuccessful; (b) interim, injunctive or other equitable relief from a court is necessary to prevent serious and irreparable injury to one party or to others; or (c) litigation is required to be filed prior to the running of the applicable statute of limitations. The use of any alternative dispute resolution procedure will not be construed under the doctrine of latches, waiver or estoppel to affect adversely the rights of either party. All of the above alternative dispute resolution procedures shall be confidential.
13. Force Majeure. Binary Defense shall not be responsible for delays or failure of performance resulting from acts beyond the reasonable control of Binary Defense. Such acts shall include, but not be limited to, acts of God, strikes, walkouts, riots, acts of war, epidemics, failure of suppliers to perform, governmental regulations, power failures, Internet or telecommunications failures, earthquakes, or other disasters.
14. Compliance with License and Laws/Audit Rights. Customer shall comply with, and all cause all Customer Affiliated Parties to comply with, all federal, state, local and foreign laws, regulations, rules and ordinances pertaining to the operations and conduct of its business and the license granted to Customer under this Services Agreement. In the event that any part of this Services Agreement is determined to violate any applicable federal, state, local or foreign laws, rules or regulations, then the remaining provisions of this license shall remain in full force and effect and shall be enforced to fullest extent permitted by law and the parties agree to negotiate in good faith revisions to the provision or provisions that are in violation. In the event the parties are unable to agree to modified terms as required to bring the entire Services Agreement into compliance, either party may terminate this Services Agreement by not less than ten (10) days prior written notice to the other party.
15. Headings. The titles and headings of the various sections and paragraphs in this Services Agreement are intended solely for reference and are not intended for any other purpose whatsoever or to explain, modify, or place any construction on any of the provisions of this Services Agreement. The opening two paragraphs and the Recitals to this Services Agreement are incorporated herein. Sections 1b, 1c, and 2 – 16 shall survive the termination or expiration of the Services Agreement for any reason.
16. Waiver/Assignment. A waiver of any provision of this Services Agreement shall only be effective if in a writing signed by the party against which the waiver is claimed. This Services Agreement may not be assigned by Customer without the prior written consent of Binary Defense. This Services Agreement may be assigned by Binary Defense, by operation of law or otherwise, without the consent or approval of Customer or any other person, firm or entity.
17. Authorized Signer. The person accepting this Services Agreement by clicking on the acceptance button below hereby acknowledges and agrees, that they are an authorized signatory of Customer with full authority to execute and deliver this Services Agreement on behalf of Customer.
- BY CLICKING “ACCEPT” ON FORM, CUSTOMER INDICATES CUSTOMER’S ACCEPTANCE OF THIS SERVICES AGREEMENT.