Software as a Service (SaaS) Agreement
IMPORTANT – BY ACCESSING AND USING THE PHISHLINE SOLUTION, YOU HEREBY AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT WITHOUT MODIFICATION OR RESERVATION.
THIS AGREEMENT EXPRESSLY INCLUDED THE ADDITIONAL TERMS CONTAINED IN A QUOTATION AND SUCH OTHER DOCUMENTS EXPRESSLY REFERENCED IN THIS AGREEMENT, AND COLLECTIVELY, SHALL FORM A LEGAL BINDING AGREEMENT BETWEEN PHISHLINE, LLC (“PHISHLINE”) AND THE BUSINESS ENTITY IDENTIFIED ON THE ORDER FORM ON WHOSE BEHALF YOU ARE ACTING (“CUSTOMER”) AND SETS FORTH THE TERMS AND CONDITIONS BY WHICH CUSTOMER AND ITS AUTHORIZED USERS MAY USE THE PHISHLINE SOLUTION. (PHISHLINE AND CUSTOMER MAY EACH BE REFERRED TO AS A “PARTY” OR COLLECTIVELY AS THE “PARTIES).
YOU AGREE THAT YOU ARE AN EMPLOYEE OR AGENT OF CUSTOMER AND ARE ENTERING INTO THIS AGREEMENT TO USE THE PHISHLINE SOLUTION FOR CUSTOMER’S OWN BUSINESS PURPOSES. YOU HEREBY AGREE THAT YOU ENTER INTO THIS AGREEMENT ON BEHALF OF CUSTOMER AND THAT YOU HAVE THE AUTHORITY TO BIND CUSTOMER TO THE TERMS AND CONDITIONS OF THIS AGREEMENT.
PhishLine is a security awareness software platform hosted by PhishLine. Customers provide PhishLine with employee email addresses and/or phone numbers that it owns. No further information is necessary. Using the PhishLine Software and wide range of templates offered by PhishLine, the Customer (or PhishLine on Customer’s behalf) may then conduct simulated security attacks against the Customer’s selected email and/or phone recipients. These “security campaigns” typically consist of emails, but may also consist of text messages and pre-recorded voice messages. These messages will either simulate social engineering attacks, direct employees to security awareness training resources, or both. The Customer can then review reports that contain information that allow the Customer to take steps to better improve its overall security posture with respect to these types of attacks.
The parties hereby agree as follows:
(a) “Affiliate” as it relates to a party shall mean any other entity that directly or indirectly controls, or is controlled by, or is under common control with that party, where “control” means the direct or indirect ownership of more than 50% of the voting securities of such entity or party.
(b) “Analytical Data” shall mean the analytical data collected by PhishLine in relation to Customer’s use of the Services that, in the form and manner collected, does not contain personally identifiable information and does not identify or permit identification, association, or correlation of or with Customer or its Affiliates or its or their Confidential Information. For clarification, such data shall not contain any Customer Data that has been subsequently scrubbed or de-identified, but rather consists of inherently anonymous data that cannot be identified to Customer Data.
(c) “Confidential Information” shall have the meaning set forth in Section 7.
(d) “Customer Data” shall mean information generated or created by Customer, its Affiliates, or their respective customers or clients (or prepared on any of their behalves) as well as any reports generated by PhishLine for Customer, its Affiliates, or any of their respective customers or clients through the Services, except that Customer Data shall not include Analytical Data. All Customer Data is Customer’s Confidential Information and the Customer retains all ownership rights to the Customer Data.
(e) “Documentation” shall mean the documents that describe the functionality and features of the Software and Services, any user instructions or specifications related to the Software and Services as may be updated and revised from time to time by PhishLine, including without limitation the specifications set forth in a Quotation.
(f) “Fees” shall mean the then current annual subscription and services fees set forth in a Quotation.
(g) “PhishLine Solution” shall mean the Software, the Services and all security awareness training materials, messages, landing pages, surveys, templates, URL’s and Documentation developed or created by PhishLine or transmitted to Customer in order to provide any of the Services under this Agreement.
(h) “Quotation” shall mean the description of Fees, scope of Services and number of Recipients licensed to Customer provided to a Customer by PhishLine or an authorized distributor or reseller of the PhishLine Solution. Customer may obtain additional Services upon the execution of an additional Quotation for such additional services. Each Quotation shall be made part of and shall be governed by the terms and conditions of this Agreement and shall be binding upon execution by Customer. Once Customer accepts a Quotation, PhishLine, or its authorized distributor or reseller shall activate the PhishLine Solution and provide Customer with passcode and login information to access and use the PhishLine Solution.
(i) “Security Campaign” shall mean a set of electronic messages that may involve sending training, surveys, announcements, or phishing-style messages to Customer designated recipients. Unless otherwise stated in a Quotation, all recipients shall be Customer employees.
(j) “Services” shall mean the services, functions, and responsibilities, as described in a Quotation to be provided by PhishLine to Customer.
(k) “Software” shall mean the PhishLine software accessible through the password protected PhishLine Solution portal.
(a) Scope of Services. Subject to Customer’s payment of Fees and Customer’s compliance with the terms and conditions contained in this Agreement, PhishLine agrees to provide Customer with the Services as set forth in a Quotation in accordance with this Agreement. Customer may purchase additional Services from PhishLine by entering into a separate written and mutually approved Quotation for such Services. If a Quotation includes managed services, PhishLine shall conduct Security Campaigns on Customer’s behalf for the number of Recipients set forth in the applicable Quotation.
(b) Service Availability. Customer acknowledges and agrees that the Services or Customer’s access to the PhishLine Solution to obtain data and reports may not be available at certain times as a result of routine maintenance, technical difficulties, equipment malfunctions or due to circumstances beyond PhishLine’s reasonable control. Notwithstanding, PhishLine agrees to meet the service levels set forth in the Service Level Agreement described at the end of this document (the “Service Levels“). Should PhishLine fail to meet the Service Levels, the Term of this Agreement shall be extended to make up for the period of time Customer was unable to access or utilize the Services or PhishLine Solution. Except as otherwise set forth in this Agreement, under no circumstances shall Customer be entitled to any refund or credit for such failures.
(a) PhishLine Solution License Grant. Upon acceptance of a Quotation and subject to Customer’s payment of Fees, and Customer’s continued compliance with the terms and conditions contained in this Agreement, PhishLine hereby grants to Customer and its Affiliates a non-exclusive, royalty-free license, during the Term, to access and use the Software and Documentation to conduct Security Campaigns for up to the number of Recipients set forth in the applicable Quotation solely for Customer’s internal business purposes and in accordance with the Documentation. Additionally, Customer shall have a non-exclusive, royalty-free license to use, copy and distribute internally reports containing Analytical Data made available to Customer through the PhishLine Solution solely for Customer’s internal business purposes and in accordance with the Documentation.
(b) Analytical Data. PhishLine shall have the right to collect and aggregate metadata derived from Customer’s use of the PhishLine Solution. This metadata is limited to Analytical Data that assists PhishLine to determine and recommend ways for Customer to improve its organization’s overall security awareness and does not contain any Customer confidential information. PhishLine shall own the Analytical Data, which PhishLine uses to provide analytical and security awareness data (such as benchmarking) and reports to Customer and PhishLine’s other customers; and to improve the functions and features of the PhishLine Solution. During the Term of this Agreement, Customer may access the PhishLine Solution and obtain reports comprised of Analytical Data. However, Customer acknowledges that it shall only use such reports the Analytical Data contained therein for Customer’s own internal business purposes.
(c) Restrictions. Unless otherwise stated in a Quotation, Customer shall have no right to license, re-license, lease or sell the Software or Services to any individual or entity that is not an Affiliate, agent, officer, director or employee of Customer. Customer shall have no right to share, license, lease sell, publish, distribute or otherwise provide security awareness services to any third party using the PhishLine Solution or Analytical Data. Customer and its Affiliates shall not: (i) modify, disassemble, decompile or reverse engineer the Services or PhishLine Solution; and Customer shall take commercially reasonable care not to permit any third party to do so; or (ii) copy the Software or Documentation. Customer shall require that its contractors, consultants and Affiliates accessing the PhishLine Solution on Customer’s behalf comply with the terms of this Agreement, expressly including this Section 3 and Section 7 (Confidentiality), and Customer shall ensure that any login and password information provided to Customer by PhishLine shall not be disclosed or used by any third party other than Customer’s Affiliates or designated consultants or contractors performing services on Customer’ behalf.
(d) Conduct. Customer and its Affiliates, contractors and consultants shall not use the Services for any unlawful purpose or any purpose not directly related to Customer’s own internal business security analysis, including but not limited to (i) conducting unauthorized phishing schemes or attacks using the Software or Services, (ii) redirecting recipients to connect to non-PhishLine resources; (iii) data mining of personal or proprietary information or otherwise; (iv) harassing or attempting to cause distress or inconvenience to any third party; or (v) sending messages that contain content that may be deemed obscene, offensive, lewd, defamatory or discriminatory. Customer shall comply with all applicable laws and regulations for the jurisdiction(s) in which the Services are provided (including without limitation to all federal, state, and international laws pertaining to the Customer use of electronic communications such as the CAN-SPAM Act, Lanham Act, Telephone Consumer Protection Act (TCPA), FTC regulations and similar laws or agencies). Subject to the availability of lawful appropriations and consistent with Section 8 of the State Court of Claims Act.
(e) Simple Message Services (SMS) texting and telephone restrictions. If Customer contracts with PhishLine to provide Services that utilize SMS/texting, automated or manual telephone calls, or similar telecommunications technology, Customer shall be solely responsible for obtaining prior approval from the owner of any device that may receive such messages from PhishLine in strict compliance with the Telephone Consumer Protection Act of 1991 (TCPA) or any similar law or regulation in any country; and Customer shall be solely responsible for, and shall indemnify PhishLine, for any charges or fees charged by any carrier to Customer or the device owner.
(f) Updates. If PhishLine releases new versions, patches, updates, revisions, or changes of any kind (collectively, “Updates”) to any of its customers generally, such Updates and the associated costs of installation and testing shall be provided at no additional cost to Customer.
(g) Self-help Remedy. Customer acknowledges and agrees that PhishLine may suspend Customer’s access to the PhishLine Solution, or portions thereof, (i) upon termination or expiration of this Agreement or all Quotations pertaining to the Customer; (ii) if PhishLine reasonably determines that the Customer’s use of the PhishLine Solution does, or is likely to, violate any subsection of this Section 3 of this Agreement. If PhishLine suspends Customer’s access to the PhishLine Solution, PhishLine shall promptly provide Customer with written notice and PhishLine agrees to re-enable access to the PhishLine Solution upon Customer’s confirmation that it will cease and further improper use of the PhishLine Solution. Notwithstanding the above, Customer expressly acknowledges and agrees that PhishLine does not have a duty to monitor Customer’s use of the PhishLine Solution and PhishLine’s failure to discover Customer’s violation of the above-referenced sections, or failure to suspend Customer’s access to the PhishLine Solution, shall not absolve Customer from any liability, responsibilities or duty to indemnify PhishLine under this Agreement. This remedy is in addition to any other remedies PhishLine may have including PhishLine’s right to terminate this Agreement due to Customer’s material breach of this Agreement.
4. Pricing and Payment Terms.
(a) Fees. Upon acceptance of a Quotation, PhishLine, or its authorized distributor or reseller shall invoice Customer for the Fees set forth in the Quotation and Customer agrees to pay PhishLine the Fees within thirty (30) days of Customer’s receipt of such invoice.
(b) Payment Terms. Customer shall pay PhishLine interest of 1% per month on past due amounts owed to PhishLine. Customer shall be liable to PhishLine for PhishLine’s reasonable and documented attorney and/or collection fees incurred to collect any unpaid amounts due to PhishLine. Customer is responsible for any legally required sales and use tax on the Services covered in this Agreement.
Unless stated otherwise in a Quotation, this Agreement shall remain in effect for an initial term of twelve (12) months (the “Initial Term”). Thereafter, this Agreement shall automatically renew for subsequent twelve (12) month terms (each a “Renewal Term”) unless canceled in writing by Customer, with or without cause, at least sixty (60) days prior to the next annual renewal date. The Initial Term, together with any Renewal Term(s), shall constitute the “Term.” If the parties renew this Agreement, such renewal shall be governed by the terms and conditions set forth in this Agreement but subject to PhishLine’s then current Fees.
(a) Termination for Breach. Either party may terminate this Agreement immediately upon written notice to the other party if the other party fails to cure a material breach within thirty (30) days after receiving written notice thereof from such party. PhishLine acknowledges and agrees that its failure to meet the Service Levels set forth in Schedule B shall constitute a material breach of this Agreement.
(b) Termination for Bankruptcy and Related Events. Subject to Title 11, United States Code, if either party becomes or is declared insolvent or bankrupt, is the subject of any proceedings relating to its liquidation, insolvency, or for the appointment of a receiver or similar officer for it, makes an assignment for the benefit of all or substantially all of its creditors or enters into an agreement for the composition, extension or readjustment of all or substantially all of its obligations, then the other party may, by giving written notice thereof to such party, terminate this Agreement as of the date specified in such notice of termination.
(c) Termination by Mutual Agreement. This Agreement may be terminated upon mutual written agreement between PhishLine and Customer.
(d) Return of Customer Data and Transition Assistance. Upon Customer’s request at any time during the Term and within 30 days after the termination or expiration of this Agreement, PhishLine shall make available to Customer (or Customer’s designee) any or all Customer Data in PhishLine’s possession for export.
(e) Survival. The provisions of this Agreement which by their nature are intended to survive the termination, cancellation, completion or expiration of the Agreement shall continue as valid and enforceable obligations of the parties notwithstanding any such termination, cancellation, completion or expiration. Without limiting the foregoing, the provisions regarding confidentiality, indemnity, and limitations of liability shall survive the expiration or termination of this Agreement.
7. Confidential Information.
Upon execution of this Agreement, the following terms and conditions as they relate to confidentiality shall supersede and replace any previously executed non-disclosure agreement or confidentiality agreement.
(a) Definition. The parties agree that all information and know‑how, whether or not in writing, relating to the business, technical or financial affairs of either party that is generally understood in the industry as being a trade secret, confidential and/or proprietary, whether or not designated as being confidential and/or proprietary information by the party disclosing such information (“Disclosing Party”), or as representing trade secrets of the Disclosing Party (collectively, “Confidential Information”), is and shall be the exclusive property of the Disclosing Party. The party to which the Disclosing Party provides or grants access to shall be referred to hereafter as the “Receiving Party.” For purposes of this Agreement, Confidential Information includes, but is not limited to, the following types of information and other information of a similar nature whether or not reduced to writing: (i) discoveries, ideas, concepts, research, development, processes, operating procedures, “know-how” (whether or not patentable and whether or not copyrightable), trade secret, software, technology, personnel information, marketing techniques, procedures and materials, marketing and development plans, client names and other information related to clients, employee information, vendor information, account fees, pricing and policies, and financial information; (ii) any personally identifiable information, defined as information that can be identified to a particular person without unreasonable effort, such as names and social security numbers (“PII”); and (iii) any other information received from or on behalf of the Disclosing Party that the Receiving Party could reasonably be expected to know is confidential. Confidential Information also includes any information described above obtained from a third party, which either party treats as proprietary or designates as Confidential Information.
(b) Obligations. The Receiving Party will use the same care and discretion to avoid disclosure of Confidential Information as it uses with its own similar information that it does not wish disclosed, but in no event less than a reasonable standard of care and no less than is required by law. The Receiving Party may only use and disclose Confidential Information of the Disclosing Party as necessary for the following “Permitted Purposes”: (i) performing its obligations under this Agreement; (ii) in the case of Customer, deriving the reasonable and intended benefit from the Services provided under this Agreement; and (iii) as otherwise specifically permitted in writing by the Disclosing Party in this Agreement or elsewhere. The Receiving Party may disclose Confidential Information to its employees and employees of permitted subcontractors and Affiliates who have a need to know, but only to the extent required to perform any obligations under this Agreement; and any other party with the Disclosing Party’s prior written consent. Before disclosure to any such individuals, the Receiving Party will have a written agreement with such individual sufficient to require that person to treat Confidential Information in accordance with the requirements of this Agreement, and the Receiving Party will remain responsible for any breach of this Section 7 by any individuals or entities to which it discloses the other party’s Confidential Information. No obligation of confidentiality applies to any Confidential Information that: (A) the Receiving Party already possesses without obligation of confidentiality, develops independently without reference to Confidential Information of the Disclosing Party, or rightfully receives without obligation of confidentiality from a third party; or (B) is or becomes publicly available without the Receiving Party’s breach of this Agreement. However, the foregoing exceptions shall not excuse either party from its obligations to comply with applicable law. The obligations of these confidentiality provisions shall survive termination or expiration of this Agreement.
(c) Each party agrees that its obligation not to disclose or to use Confidential Information also extends to such types of information, know‑how, records and tangible property of employees, customers or potential customers of either party, suppliers or potential suppliers to either party, or other third parties who may have disclosed or entrusted the same to a party.
(d) The Receiving Party may disclose Confidential Information to the extent required by law or legal process, provided that (i) the Receiving Party gives the Disclosing Party prompt notice, if legally permissible, so that the Disclosing Party may seek a protective order, (ii) the Receiving Party reasonably cooperates with the Disclosing Party (at Disclosing Party’s expense) in seeking such protective order, and (iii) all Confidential Information shall remain subject to the terms of this Agreement in the event of such disclosure. At the Receiving Party’s option, Confidential Information will be returned to the Disclosing Party or destroyed (except as may be contained in back-up files created in the ordinary course of business that are recycled in the ordinary course of business over an approximate 30- to 90-day period or such longer period as required by applicable law) promptly upon the Disclosing Party’s request and at the termination or expiration of this Agreement and the Receiving Party will certify to the Disclosing Party in writing that it has complied with the requirements of this sentence.
(a) Ownership of Customer Data. PhishLine acknowledges and agrees that Customer is the sole and exclusive owner of all rights, title and interest in and to the Customer Data.
(b) Ownership of PhishLine Solution and Analytical Data. Customer acknowledges and agrees that PhishLine is the sole and exclusive owner of all rights, title and interest in and to the Software, PhishLine Solution and, subject to Section 8 above, Analytical Data. Nothing contained in this Agreement shall grant Customer title to or ownership of any of the Software, PhishLine Solution or Analytical Data.
9. Security of Customer Data.
(a) PhishLine shall have the right to (i) access Customer Data for the purpose of aggregating such Customer Data and (ii) store the Aggregated Customer Data for use by PhishLine in accordance with this Agreement. PhishLine will use the Customer Data only as necessary to perform the Services, and not for any other purpose whatsoever, and, at all times, in accordance with this Agreement. PhishLine covenants that it shall not collect, access, or store any Customer Data other than as necessary for the performance of the Services.
(b) Access Controls. Because the Customer Data constitutes Customer’s Confidential Information, PhishLine acknowledges and agrees that all obligations imposed on it by this Agreement with respect to Confidential Information apply with equal force to the Customer Data. In addition to the provisions regarding Confidential Information in this Agreement, PhishLine will take commercially reasonable steps to protect the Customer Data in PhishLine’s possession from unauthorized use, access, disclosure, alteration or destruction. Security measures shall include reasonable access controls, including passwords and other measures to authenticate and permit access only to authorized individuals, as well as encryption or other means, where appropriate.
(c) Security Monitoring. PhishLine shall (i) maintain an intrusion detection system to monitor the Data Center which is consistent with industry standards, (ii) use commercially reasonable efforts to detect the occurrence of attacks against the Data Center, the network of which the Data Center is a part (the “Network”), or the Software; (iii) implement and follow a procedure to ensure all Security Incidents are appropriately reported and escalated once detected; (iv) immediately report to Customer any confirmed unauthorized access to Customer Data (a “Security Incident”), and (v) cooperate with Customer to immediately alleviate any continued threat to the privacy or security of the Customer Data, respond to and mitigate the harm arising from a Security Incident, and prevent foreseeable future threats to the security or privacy of the Customer Data.
(d) Personal Information. With the exception of employee email addresses and/or phone numbers, the PhishLine Solution does not require any personal data or information to perform the Services, including without limitation, information (i) that identifies or can be used to identify, contact, or locate the person to whom such information pertains, such as name, address, phone number, fax number, social security number or other government-issued identifier, and credit card information, (ii) from which identification or contact information of an individual person can be derived, or (iii) which constitutes “non-public personal information,” as defined by Title V of the Gramm-Leach-Bliley Act and the regulations issued thereunder (“Personal Information”). PhishLine covenants that it shall not access or attempt to access Personal Information of Customer or its Affiliates or of their respective employees, customers, agents or contractors, and if PhishLine inadvertently receives such information, it shall treat all such information as Confidential Information under the Agreement and in accordance with all applicable laws and regulations.
(e) Customer acknowledges that PhishLine will exercise no control whatsoever over the content of the Customer Data passing through the PhishLine Solution (e.g. network, email, messaging systems, or website). Customer acknowledges and agrees that PhishLine shall not be liable to Customer or any other third party the disclosure of Confidential Information or Customer Data by Customer, its Affiliate or its employees, officers, directors.
10. Warranties; Disclaimer of Warranties and Liabilities; Exclusive Remedy.
(a) Customer Warranties. Customer represents that the Customer Data does not, to the best of Customer’s knowledge, infringe upon the rights of any third party and, to the best of Customer’s knowledge, is not intended to violate, or to be used to violate, any laws or regulations.
(b) General Warranties. PhishLine represents and warrants that: (i) it is compliant and shall comply with all US federal, state, and local laws, statutes, ordinances, rules and regulations applicable to its obligations hereunder; and (ii) its performance of its obligations under this Agreement shall not violate any obligations owed by it to any third party.
(c) Software and Services Warranties. PhishLine represents and warrants that during the Term (i) it is compliant and shall comply with all federal, state and local laws, statutes, ordinances, rules and regulations applicable to its obligations hereunder; (ii) the Software will materially perform in accordance with the Documentation; and (iii) PhishLine shall perform the Services in a professional and workmanlike manner using due care and consistent with the standards of the PhishLine’s industry using appropriately trained and qualified personnel; and (iv) to PhishLine’s knowledge, no portion of the Services, including without limitation the Software, infringes upon any U.S. patent, trademark or copyright.
(d) Warranty Disclaimer. Customer EXPRESSLY ACKNOWLEDGES AND AGREES THAT THE FOREGOING WARRANTIES ARE IN LIEU OF ANY AND ALL OTHER IMPLIED WARRANTIES. EXCEPT AS OTHERWISE SET FORTH ABOVE, PHISHLINE DISCLAIMS ANY AND ALL OTHER REPRESENTATIONS AND IMPLIED WARRANTIES OF ANY KIND WHATSOEVER, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. PHISHLINE DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE.
(e) Limitation of Liability. In no event will either party be liable to the other for any indirect, incidental, or punitive damages (including loss of use, data, business or profits) arising out of or in connection with this agreement or the use or performance of the SOFTWARE or the services, whether such liability arises from any claim based upon contract, warranty, tort (including negligence), product liability or otherwise, and whether or not either party has been advised of the possibility of such loss or damage EXCEPT THAT THE FOREGOING LIMITATION SHALL NOT APPLY TO PHISHLINE’S INDEMNIFICATION OBLIGATIONS. Notwithstanding the foregoing, in no event shall PhishLine be liable to Customer UNDER SECTION 12 OR OTHERWISE in an amount beyond the limits on its insurance (plus any deductible or retention payable by PhishLine) as set forth in section 12(d). CUSTOMER ACKNOWLEDGES AND AGREES THAT BECAUSE the PHISHLINE SOLUTION IS A TOOL TO TEST SECURITY AWARENESS AMONG EMPLOYEES AND A SECURITY AWARENESS EDUCATIONAL TOOL, RATHER THAN A MISSION CRITICAL NETWORK SECURITY APPLICATION, THE LIMITATION OF LIABILITY SET FORTH IN THIS SECTION IS REASONABLE.
(f) Remedy for Intellectual Property Infringement. For any claim of infringement of third party intellectual property that is subject to indemnification by PhishLine under Section 12 below, that would prohibit Customer from using the Software, Services or PhishLine Solution, by reason of an actual or anticipated claim of infringement, PhishLine shall, at PhishLine’s option and expense: (i) obtain for Customer the right to continue using the Software, Services and PhishLine Solution, or (ii) replace or modify the Software, Services or PhishLine Solution so that they are no longer subject to such claim, but perform substantially in accordance with the Documentation. If neither of the foregoing options is commercially practicable, Customer shall be entitled to terminate this Agreement and receive a refund of fees paid to PhishLine for the preceding twelve (12) month period of the Term.
11. Use of Trade Names. PhishLine shall not be permitted to use Customer’s name or image or refer to Customer in any marketing or similar materials without the prior written consent of Customer to such use.
(a) By Customer. Customer shall indemnify, defend, and hold harmless PhishLine, its Affiliates, and their respective directors, officers, members, employees, customers, agents, successors and assigns (each, a “PhishLine Indemnitee”) from and against, any and all third party claims and the judgments, awards, losses, costs, expenses, liabilities, and damages of every kind and nature (including, without limitation, reasonable attorney fees) resulting therefrom, incurred by a PhishLine Indemnitee to the extent arising from or in connection with: (i) Customer’s breach of Sections 3(c) (Restrictions), 3(d) (Conduct), 3(e) (SMS Restrictions), 7 (Confidentiality) or Section 10(a) (Warranty); or (ii) Customer’s intentional or negligent misuse of the PhishLine Solution in violation of any law or regulation.
(b) By PhishLine. PhishLine shall indemnify, defend, and hold harmless each of Customer, its Affiliates, and their respective directors, officers, members, employees, customers, agents, successors and assigns (each, a “Customer Indemnitee”) from and against, any and all third party claims and the judgments, awards, losses, costs, expenses, liabilities, and damages of every kind and nature (including, without limitation, reasonable attorney fees) resulting therefrom, incurred by any Customer Indemnitee to the extent arising from or in connection with: (i) PhishLine’s breach of Sections 7 (Confidentiality), 9 (Security and Customer Data); (ii) subject to the exclusive remedy set forth in Section 10(f), infringement or alleged infringement of a U.S. patent, trademark or copyright brought by any individual or entity relating to the Software, Services or PhishLine Solution, or (iii) PhishLine’s intentional or negligent misuse of the PhishLine Solution in violation of any law or regulation. Notwithstanding the above, PhishLine shall not have any duty to indemnify Customer against a third party claim of intellectual property infringement, or alleged infringement if and to the extent such claim is based on Customer’s use of the Software, Services or PhishLine Solution in a manner that is in violation of this Agreement or inconsistent with the Documentation, as may be amended from time to time by PhishLine.
(c) Indemnification Procedures. In the event a claim for which indemnification is available under this section (a “Claim”) is filed against a PhishLine Indemnitee or Customer Indemnitee (collectively, an “Indemnitee“), the Indemnitee shall promptly notify the indemnifying party in writing of the Claim. No delay on the part of the Indemnitee in notifying the indemnifying party shall relieve the indemnifying party from any obligations hereunder unless, and then solely to the extent that, the indemnifying party is materially prejudiced thereby. The indemnifying party shall assume the defense of, compromise or settle the Claim at its expense, provided, however, that the indemnifying party shall have no right to settle any Claim that in any way assesses blame against any Indemnitee or that provides a remedy other than the payment of money without the Indemnitee’s prior written consent. After the indemnifying party assumes the defense of the Claim, the Indemnitee shall have the right to retain separate counsel, at its own expense, for the purpose of participating in the defense and/or settlement of the Claim. The Indemnitee shall provide to the indemnifying party all information, assistance and authority reasonably requested in order to evaluate any Claim and effect any defense, compromise or settlement thereof at the expense of the indemnifying party.
(d) Insurance. During the term of this Agreement, PhishLine shall maintain, at its sole cost and expense: (i) commercial general liability insurance with limits of $1,000,000 per occurrence; (ii) Claims-made and reported Cyber / Technology E&O policy with a limit of liability of $2,000,000; and (iii) worker’s compensation insurance to the extent required by law. PhishLine agrees that it shall provide Customer with a certificate of insurance upon request.
(a) Severability; Governing Law; Waiver. If any provision of this Agreement is held to be unenforceable, the provision shall be deemed stricken herefrom ab initio, and the enforceability of the remaining provisions shall in no way be affected or impaired thereby. This Agreement and any disputes arising hereunder shall be governed by the laws of the State of Wisconsin without regard to its conflicts of laws principles. The parties hereby consent to the exclusive jurisdiction and venue within Milwaukee County of the State of Wisconsin. A failure by any party to exercise or any delay in exercising a right or power conferred upon it in this Agreement shall not operate as a waiver of any such right or power.
(b) Merger. This Agreement, the Schedules and each Quotation constitute the entire agreement between Customer and PhishLine regarding the subject matter hereof and supersede all prior writings, discussions and negotiations, including any Customer standard terms and conditions. No discussions, writings, communications or parole evidence indicating the parties’ intent with respect to any provision of any of such documents shall be admissible evidence for purposes of interpreting such provisions.
(c) Assignment; Successors and Assigns. Notwithstanding anything in this Agreement to the contrary, during the Term and any Renewal Term of this Agreement, (i) PhishLine shall not assign this Agreement to any other party without prior written consent of Customers except that PhishLine may assign this Agreement to an Affiliate or to a successor or entity that acquires all or substantially all of PhishLine’s assets without Customer’s consent, and (ii) Customer shall not assign this Agreement to any other party without the prior written consent of PhishLine except that Customer may assign this Agreement to an Affiliate or to successor or entity that acquires all or substantially all of Customer’s assets without PhishLine’s consent. Subject to the foregoing, the provisions of this Agreement shall be binding on the successors and permitted assigns of each of the respective parties to this Agreement.
(d) Relationship of the Parties. PhishLine and Customer are independent of one another and neither party’s employees will be considered employees, agents or contractors of the other party for any purpose. Nothing contained in this Agreement shall be deemed to create the relationships of employer and employee, master and servant, franchisor and franchisee, partnership or joint venture between the parties. Neither party has the authority to bind the other to any third party. Customer shall have no right to direct or control PhishLine with respect to PhishLine activities hereunder. PhishLine shall have no right to direct or control Customer with respect to Customer activities hereunder.
(e) Notices. All notices required or permitted under this Agreement shall be in writing and shall be given by (i) registered or certified mail, return receipt requested, postage prepaid, or (ii) nationally recognized overnight courier service to the other party at the addresses listed below or to such other address or person as a party may designate in writing, or (iii) electronic mail.
(f) Force Majeure. In no event shall either party be liable for any delay or failure to perform its obligations hereunder where such delay or failure is caused by act of God, disease, terrorist act, natural calamity, war, act or order of government specifically targeting the affected party (a “Force Majeure Event”), provided that the party whose performance is affected by such Force Majeure Event gives as much notice as reasonably possible to other party regarding the non-performance, uses reasonable efforts to resume performance as soon as possible following the commencement of such events or conditions and, provided further, that such affected party was not responsible for the event or condition giving rise to such non-performance.
(g) Other Terms & Conditions. Any conflict between the terms of this Agreement and any other terms and conditions, including those on purchase orders created by Customer, shall be resolved in favor of the terms of this Agreement unless a) explicitly written to replace a specifically numbered section of this Agreement, and b) fully executed by both parties.
(h) Governing Language. Any translation of this Agreement is done for convenience or local requirements; and in the event of a dispute between the English and any non-English versions, the English version of this Agreement shall govern.
Service Level Agreement
PhishLine’s business hours are 7:00 a.m. – 6:00 p.m. Central Time weekdays, except for holidays as defined by the Office of Personnel Management of the United States Federal Government (https://www.opm.gov).
PhishLine’s customer service line is open during business hours and outside of business hours for Priority 1 problems. PhishLine allows you to use the ticketing system built into our solution to contact us any time, 24/7.
1. NETWORK PERFORMANCE SERVICE LEVELS
System Availability Target Percentage: 99.5% over a given calendar quarter
System Availability Percentage is defined by the following formula:
- (Hours Service was Available during given period excluding scheduled maintenance) ÷ (Total Hours in the Period)
- Hours that service was available will be determined by the following independent third party: ServiceUptime (serviceuptime.com).
2. APPLICATION PERFORMANCE SERVICE LEVELS
Application Performance Target Percentage: 99.5% over a given calendar quarter
Application Performance Percentage is defined by the following formula:
- (the number of logins that took time less than 5 seconds during the given period) ÷ (the total number of logins during the given period) Note: this service level is not available when multi-factor authentication is required.
- (the number of Interactive Pages loading in less than 5 seconds during the given period) ÷ (the total number of Interactive Pages that loaded during the given period) Note: this service level is not available for advanced analytical pages or pages with multi-media content or other content where delivery is outside of PhishLine’s reasonable control (e.g. training content sourced from a third party).
Automatic Data Center/Server Rollover: 5 minutes after emergency is declared
3. SUPPORT RESPONSE TIME
PhishLine shall exercise commercially reasonable efforts to correct any Problem reported by Customer in accordance with the priority level reasonably assigned to such Problem by PhishLine. The following definitions will apply to such prioritization:
- “Priority 1 Problem” means a Problem which (i) renders the Service inoperative or intermittently operative; or (ii) degrades performance to the point where the Service is effectively unusable; or (iii) causes any essential feature to be unavailable or substantially impaired; or (iv) causes a complete failure of the Service.
- “Priority 2 Problem” means a Problem which degrades the performance of Service or restricts Customer’s use of the Service.
- “Priority 3 Problem” means a Problem which causes only a minor impact on the Customer’s use of Service.
|RESPONSE TIME COMMITMENTS|
BASED ON PROBLEM PRIORITY
Mean Response Time
Mean Escalation Time (to Chief Operating Officer or President of PhishLine)
|Priority 1 Problems||2 business hours|
Best effort during non-business hours.
|4 business hours|
|Customer will notify PhishLine via telephone / voicemail to all available emergency support phone #s from the most recent list provided to Customer.|
|Priority 2 Problems||1 business day||2 business days||Customer will notify PhishLine using the “Suggestion Box” feature built into the tool.|
|Priority 3 Problems||2 business days||5 business days||Customer will notify PhishLine using the “Suggestion Box” feature built into the tool.|
PhishLine Outlook Plugin License Agreement
ATTENTION: This license applies to the PhishLine Outlook Plugin SOFTWARE (the “PhishLine Plugin”) and is licensed to existing customers as an additional feature of the PhishLine SOFTWARE. USE OF THE PHISHLINE PLUGIN IS SUBJECT TO THE TERMS SET FORTH BELOW. USING THE PHISHLINE PLUGIN INDICATES CUSTOMER’S ACCEPTANCE OF THESE TERMS without modification
- License Grant. PhishLine grants to the undersigned Customer a non-exclusive, perpetual, limited license to “Use” the PhishLine Plugin. For the purposes of this Addendum “Use” means storing, copying, loading, installing, executing, modifying or displaying the PhishLine Plugin on an unlimited number of computers solely for Customer’s own internal business purposes. Customer acknowledges and agrees that PhishLine shall not have any duty or obligation to provide Customer with any updates, modifications, bug fixes or support with respect to the PhishLine Plugin.
- Restrictions. Customer may not disable any licensing or control features of the PhishLine Plugin. Customer shall only access the source code for the PhishLine Plugin for the limited purpose of testing and inspecting the operation of the Plugin. Except for open source code used in connection with the installation kit for the PhishLine Plugin, Customer acknowledges that the source code for the PhishLine Plugin, and any modifications made to the PhishLine Plugin source code by Customer, shall be and remain proprietary and confidential to PhishLine and Customer shall not transfer, disclose or otherwise provide any third party with copies of the PhishLine Plugin or any modifications to the PhishLine Plugin source code.
- Ownership. Apart from open source code used in connection with the installation kit, the PhishLine Plugin is owned and copyrighted by PhishLine. The license set forth in this Addendum does not grant Customer any rights, title or ownership in or to the PhishLine Plugin. This Addendum shall not constitute a sale of any rights in the PhishLine Plugin.
- Termination. The license contained in this Addendum shall survive termination of the PhishLine Master Services Agreement, or such other agreement for services related to the PhishLine Services provided under separate agreement. Notwithstanding, PhishLine may terminate this Addendum and the license upon notice if Customer fails to comply with any of the terms contained in this Addendum. Upon termination due to Customer’s non-compliance with this Addendum, the Customer must immediately uninstall and delete any and all copies of the PhishLine Plugin, together with all copies or modified versions of the PhishLine Plugin in any form.
- Limited Warranty. PhishLine represents and warrants that it has the right to grant the license contained herein and that the PhishLine Plugin shall be delivered to Customer free from material defects or errors.
- DISCLAIMER OF WARRANTIES. EXCEPT FOR THE LIMITED WARRANTY SET FORTH ABOVE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE PhishLine Plugin IS PROVIDED “AS IS” AND PHISHLINE AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE AND FITNESS FOR A PARTICULAR PURPOSE.
- LIMITATION ON LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL PHISHLINE OR ITS SUPPLIERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE THE PhishLine Plugin, EVEN IF PHISHLINE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- Miscellaneous. If any provision of this Addendum is inconsistent with, or cannot be fully enforced under, the law, such provision will be construed as limited to the extent necessary to be consistent with and fully enforceable under the law. This Addendum is the final, complete and exclusive agreement between the parties relating to the PhishLine Plugin, and supersedes all prior or contemporaneous understandings and agreements relating to such subject matter, whether oral or written. This Addendum may only be modified in writing signed by an authorized officer of PhishLine.