Last updated: Dec 2022
The following service terms and conditions (“Agreement”) are hereby incorporated by reference into the Proposal (as defined below) entered into between you (“you” or “Customer”) and Axiom Security Ltd. (“Axiom Security”, “we”, “our” or “us”) and govern your access to, and use of, (i) the Axiom Security software-as-a-service platform and related documentation, and features, as well as any fixes, updates or upgrades thereto (“Software”), (ii) related security information, security scoring and penetration rating services (“Security Rating Services”) and (iii) Reports (as defined below), ((i) – (iii) which shall hereinafter be referred to as the “Services”).
By accepting this Agreement, accessing and/or using Axiom Security’ Services or any part thereof, you expressly acknowledge and agree that you have understood and agree to comply with, and be legally bound by, this Agreement. You hereby waive any applicable rights to require an original (non-electronic) signature or delivery or retention of non-electronic records, to the extent not prohibited under applicable law. If you do not agree to be bound by this Agreement please do not accept this Agreement, sign in, access or use the Services or any part thereof.
1. Ability to Accept.
By accessing and/or using the Software, you affirm that you are over 18 years of age.
2.1. You may order Services by completing, executing and submitting to Axiom Security an ordering document, executed by you in the form provided to you by Axiom Security (“Proposal”). Each Proposal will set forth the type and description of the Services being ordered and the applicable fees payable for such Services. Proposals shall become binding upon their written acceptance by Axiom Security. In the event of a conflict between the terms of this Agreement and a Proposal, the terms of this Agreement shall prevail unless explicitly stated otherwise in a Proposal. Axiom Security shall not be responsible for providing any service or product not described in the applicable Proposal. For clarity, if you are using the Services to perform a limited self-assessment only, this Agreement shall still apply notwithstanding any lack of Proposal.
2.2. You may order Services by registering on the Axiom Security website for a free trial (“Demo”). After ordering a Demo, the Services, in whole or in part, will be available to you, free of charge, until the earlier of: (a) the end of the Demo period for which you were registered to use the applicable Services; or (b) the start date of any Proposal ordered by you (in each case, unless earlier terminated in accordance with this Agreement). The Services provided by Axiom Security as part of the Demo may be permanently lost or deleted at the end of the Demo period, unless you order the same services as those covered by the Demo or upgraded Services, before the end of the Demo period. Axiom Security WILL HAVE NO LIABILITY FOR ANY HARM OR DAMAGE ARISING OUT OF OR IN CONNECTION WITH A DEMO.
3. Security Rating Services.
Axiom Security shall provide the Security Rating Services, subject to the terms set forth in your Proposal (if applicable) and this Agreement.
The Software allows you to access results, information and reports obtained from and created in connection with the Security Rating Services (“Reports”). Subject to the terms set forth in your Proposal (if applicable), the Reports may include Reports pertaining to you, your employees and contractors, or to specific third parties.
5. Right to Use the Software.
Subject to the terms and conditions of this Agreement and payment of any applicable fees, Axiom Security grants you a limited, personal, revocable, non-exclusive, non-sublicensable, non-assignable and nontransferable right to access and use the Software on a device which you own or control for internal business purposes, in accordance with any applicable use restriction set forth herein or in the Proposal (if any). The license shall continue until terminated in accordance with Section 19 (Term and Termination).
If you create an Account in connection with your use of the Software (“Account”), you must provide accurate and complete information about yourself. You hereby agree: (a) not to allow anyone other than yourself to access or use your Account, not to create an Account for any third party and not to use the account of any third party without their permission; (b) to provide accurate and complete Account and login information; (c) to remain solely responsible and liable for the activity that occurs in connection with your Account; (d) to keep your Account password secure; and (e) to notify Axiom Security immediately of any breach of security or unauthorized use of your Account.
7. Restricted Use.
You shall not, and shall not allow any third party to: (a) copy, distribute, broadcast, rent, lease, lend, use for timesharing or service-bureau services, export, modify, adapt, translate, enhance, customize, or otherwise create derivative works of, the Software or any part thereof; (b) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of, the Software or any part thereof; (c) remove or distort any proprietary notices, labels or legends on or in the Services; (d) use any automated means to access or use the Services, nor circumvent or disable any security or technological features of the Services; (e) use, send, upload, post, transmit or introduce any device, code, routine or other item (including without limitation bots, viruses, worms, and Trojan horses) that interferes (or attempts to interfere) with the operation or integrity of the Software, nor any content that is unlawful, infringing, defamatory, deceptive, obscene fraudulent, harassing, pornographic, or abusive; (f) use the Services to design or develop any competing product or service that competes with the Services; (g) use the Services for any unlawful or fraudulent purpose, to breach this Agreement, or infringe or misappropriate any third party intellectual property, privacy, or publicity right; (h) take any action that imposes or may impose, as determined in Axiom Security’ sole discretion, a disproportionately large load of incoming requests on the Software infrastructure; (i) violate or abuse password protections governing access to the Software; (j) use or direct the Services to interact with IPs or devices for which you are not expressly authorized to do so; or (k) use the Service directly or indirectly to initiate, propagate, participate, direct or attempt any attack, hack, or send bandwidth saturation, malicious or potentially damaging network messages to any device.
8. Assessment Data.
8.1. “Assessment Data” shall be defined as electronic data and information submitted by or for you to the Services or collected and processed by or for you as a result of your use of the Services (including but not limited to username, vendor information, support requests, issue remediation). For clarity, Assessment Data may include data provided by you and/or your vendors in the context of the Software (which shall, as between the parties, remain owned by you and/or your vendors and shall only be used by Axiom Security to provide the Services or in accordance with this Agreement).
8.2. You hereby grant to Axiom Security a non-exclusive, perpetual right to collect, use, process, display, analyze, copy and store the Assessment Data in order to: (i) create Reports and provide the Services; (ii) administer and make improvements to the Services and (iii) collect and analyze anonymous information. You are solely responsible for the backup of Assessment Data and you alone can implement backup plans and safeguards appropriate for your requirements.
8.3. The Assessment Data is made available as-is. Axiom Security is not responsible for the Assessment Data including for any errors or omissions by you in respect thereto or for any decision, act or omission made by you in respect of or as a result of the Assessment Data. You represent, warrant and covenant that you shall only provide Assessment Data that does not violate or infringe any applicable law or rights of any third parties. You represent and warrant that you own or have obtained the rights to or in the Assessment Data, and you have the right to provide Axiom Security the license granted in Section 8.2 in accordance with this Agreement.
9.1. You hereby warrant and represent that you will provide all appropriate notices, obtain all required informed consents, comply at all times with all applicable privacy and data protection laws and regulations (including the EU General Data Protection Regulation (“GDPR”) for allowing Axiom Security to use the Assessment Data in accordance with this Agreement (including, without limitation, the provision of such data to Axiom Security, the transfer of such data by Axiom Security to its affiliates and subcontractors, including transfers outside of the European Economic Area).
9.2. To the extent that Customer needs a data processing agreement or CCPA Addendum, Customer shall send an email to privacy@Axiom Security.com and request the Axiom Security’ Data Processing Agreement and/or CCPA Addendum, as applicable (such applicable document(s), the “DPA”) and return it signed to Axiom Security as described therein.
9.3. In the event you fail to comply with any data protection or privacy law or regulation, the GDPR and/or any provision of the DPA and/or fail to return an executed version of the DPA to Axiom Security, then: (a) to the maximum extent permitted by law, you shall be solely and fully liable for any such breach, violation and/or infringement and/or processing of personal data without a DPA by Axiom Security and Axiom Security’ affiliates and subsidiaries (including, without limitation, their employees, officers, directors, subcontractors and agents); and (b) in the event of any claim of any kind related to any such breach, violation or infringement, and/or any claim related to processing of personal data without a DPA, you shall defend, hold harmless and indemnify Axiom Security and Axiom Security’ affiliates and subsidiaries (including, without limitation, their employees, officers, directors, subcontractors and agents) from and against any and all losses, penalties, fines, damages, liabilities, settlements, costs and expenses, including reasonable attorneys’ fees.
9.4. Notwithstanding anything to the contrary, you acknowledge that certain information, including without limitation, personal data and/or Assessment Data provided to Axiom Security by you under this Agreement and/or the DPA: (i) may have already been provided, or will be provided, by other customers to Axiom Security, (ii) may have already been collected, or will be collected by Axiom Security independently, or from other customers regardless of this Agreement, and/or (iii) may be available on public sources or publicly available data sources. For the avoidance of doubt, processing of such information shall not be considered a breach of this Agreement and/or the DPA, and such information may be collected, used, transferred and processed by Axiom Security without any obligations or liability to you.
10. Proprietary Rights.
10.1. Ownership. The Software is licensed and not sold to you under this Agreement. You expressly acknowledge that as between you and Axiom Security, Axiom Security solely and exclusively owns any and all worldwide right, title and interest in and to the Software and Security Rating Services, including all worldwide intellectual property rights therein, and including any modifications thereto and any reports and data derived thereunder, regardless of whether they are developed by either party. Nothing in this Agreement constitutes a waiver of Axiom Security’ intellectual property rights under any law.
10.2. Feedback. If you contact Axiom Security with any suggestions or feedback data regarding the Services, which may include suggestions for, or feedback concerning, customizations, features, improvements, modifications, corrections, enhancements, derivatives or extensions (collectively, “Feedback”), such feedback shall be deemed to be the sole property of Axiom Security and Axiom Security will be free to adopt such Feedback for any of its products or services, use it in any other manner, disclose, reproduce, license or otherwise distribute and exploit the Feedback as it sees fit, entirely without obligation or restriction of any kind on account of intellectual property rights or otherwise. You hereby waive any right to the Feedback, including but not limited to, any right for royalties or any other consideration, and undertake to treat the Feedback as Confidential Information (as defined below) of Axiom Security.
10.3. Trademarks. Subject to the terms and conditions of this Agreement, you hereby grant to Axiom Security a limited, non-exclusive, non-transferable, non-assignable, non-sub-licensable, and revocable license to use, reproduce, distribute, and display in promotional materials the names, marks, and logos provided by you for purposes of publicity and marketing only, including referencing you as Axiom Security’ customer.
11. Third Party Software.
You expressly acknowledge that the Software (which is a software-as-a-service platform provided online) may include third party components (“Third Party Software”), which shall be used by you solely in conjunction with the Software, and shall not be used for any other purpose without the prior written consent of Axiom Security. Such Third Party Software is provided “As-Is” without any warranty of any kind. In the event of any inconsistencies or conflicting provisions between the Third Party Software licenses and the provisions of this Agreement, the provisions of the Third Party Software licenses shall prevail. Axiom Security represents and warrants that the Software shall not include any Third Party Software that is subject to a license that requires that the Third Party Software, or other software distributed and/or combined with the Third Party Software, be: (a) disclosed or distributed in source code form, (b) licensed for the purpose of making derivative works, or (c) redistributable at no charge.
12. Third Party Platform.
13. No Advice.
Some of the Services may include assessments relating to recent data and privacy regulations. For the avoidance of doubt, the Services do not constitute legal advice, nor a certification or guarantee with respect to present or future compliance with any data protection or privacy laws and/or regulations. The questions included in any questionnaire are selected by Customer and not by Axiom Security. Specific outcomes, results and evaluations which may be provided as part of the Services should not be relied upon by you or third parties as proof of compliance with data protection and privacy laws and/or regulations. Axiom Security, ITS AFFILIATES AND/OR SUBCONTRACTORS MAKE NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION PROVIDED BY IT OR BY THIRD PARTIES IN CONNECTION WITH THE SERVICES (INCLUDING ANY DATA PROTECTION AND PRIVACY COMPLIANCE WORK) PERFORMED BY Axiom Security HEREUNDER. AXIOM SECURITY, ITS AFFILIATES AND/OR SUBCONTRACTORS ALSO DISCLAIM ANY RESPONSIBILITY FOR ANY INFORMATION OR REPRESENTATIONS, MADE OR PROVIDED BY YOU. Axiom Security, ITS AFFILIATES AND SUBCONTRACTORS DO NOT INTEND NOR REPRESENT THE PROVISION OF LEGAL ADVICE THROUGH ANY OF ITS SERVICES, WORK OR DOCUMENTATION. YOU ARE ADVISED TO CONSULT SEPARATELY WITH LEGAL ADVISORS, AS YOU SEE FIT.
Each party agrees to keep confidential and to use only for purposes of performing its obligations under this Agreement, any proprietary or confidential information of the other party disclosed pursuant to this Agreement (“Confidential Information”). The obligation of confidentiality shall not apply to information which is publicly available through authorized disclosure or which is required by law, government order or request to be disclosed (provided that the receiving party shall give written notice to the other party prior to such disclosure and reasonably cooperate, at the objecting party’s expense, to take legal steps to resist or narrow such request). You acknowledge that the Services and any information in connection therewith shall be deemed as Axiom Security’ Confidential Information. Upon any termination of this Agreement, each party shall return to the other party all Confidential Information of the other party, and all copies thereof, in the possession, custody or control of the party unless otherwise expressly provided in this agreement.
In consideration for the Service rendered by Axiom Security to you, you shall pay the applicable, non-refundable subscription fees specified in the Proposal (if any), at such times and for such periods as set forth therein. If not otherwise specified in the Proposal, all fees shall be paid annually and shall be due and payable within thirty (30) days of the date of invoice. Late payment shall be subject to a late fee equal to 1.5% per month or, if less, the maximum amount allowed by applicable law. All amounts payable hereunder shall not be subject to any set-off or deduction. All fees are exclusive of any applicable taxes, duties and similar governmental charges, and you are responsible for payment of all such amounts, including sales tax, value added tax (VAT), withholding taxes, export, import and other duties imposed by any governmental agency in connection with this Agreement. If any withholding tax is required by applicable law to be paid to the local tax authorities in relation to payments due to the Axiom Security under this Agreement, you shall gross-up the payments to ensure remittance of the full amounts owed without any deduction. Upon remittance of the required withholding taxes to the appropriate tax authorities, you will provide Axiom Security with official receipts from the appropriate taxing authorities to establish that any applicable taxes have been paid.
16. Warranty Disclaimer.
THE SERVICES ARE PROVIDED “AS IS”, AND Axiom Security DISCLAIMS, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ANY AND ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT OF THIRD PARTY RIGHTS, INCLUDING INTELLECTUAL PROPERTY RIGHTS. Axiom Security OR ANY OF ITS AFFILIATES, SUBCONTRACTORS AND AGENTS WILL NOT BE LIABLE OR RESPONSIBLE FOR: (a) ANY TECHNICAL PROBLEMS OF THE INTERNET (INCLUDING WITHOUT LIMITATION SLOW INTERNET CONNECTIONS OR OUTAGES); AND/OR (b) ANY ISSUE THAT IS ATTRIBUTABLE TO YOUR HARDWARE OR SOFTWARE OR YOUR INTERNET OR DATA SERVICES. AXIOM SECURITY DOES NOT OFFER A WARRANTY OR MAKE ANY REPRESENTATION REGARDING ANY CONTENT OR INFORMATION AVAILABLE THROUGH THE SERVICES, INCLUDING WITHOUT LIMITATION THE REPORTS. YOUR USE OF AND RELIANCE UPON THE SERVICES IS ENTIRELY AT YOUR SOLE DISCRETION AND RISK, AND AXIOM SECURITY, ITS AFFILIATES, SUBCONTRACTORS AND/OR AGENTS SHALL HAVE NO RESPONSIBILITY OR LIABILITY WHATSOEVER TO YOU OR TO ANY THIRD PARTY IN CONNECTION WITH ANY OF THE FOREGOING.
17. Limitation of Liability.
IN NO EVENT WILL AXIOM SECURITY, ITS AFFILIATES, SUBCONTRACTORS AND/ORAGENTS BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR FOR ANY LOSS OF USE, DATA, GOODWILL, BUSINESS, PROFITS, USE OF MONEY, INTERRUPTION IN USE OR AVAILABILITY OF DATA, STOPPAGE OF OTHER WORK OR IMPAIRMENT OF OTHER ASSETS, FINES OR OTHER PENALTIES FOR NONCOMPLIANCE ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OF THE SERVICES, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, CONFIDENTIAL INFORMATION, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT Axiom Security (AND ITS LICENSORS) HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. IN ADDITION, Axiom Security’ TOTAL CUMULATIVE AND AGGREGATED LIABILITY FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY IN CONNECTION WITH OR ARISING OUT OF THIS AGREEMENT WILL BE LIMITED TO AND WILL NOT EXCEED THE FEES PAID TO US BY YOU DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR FIFTY ($50) US DOLLARS, WHICHEVER IS GREATER.
18.1. You agree to defend, indemnify and hold harmless Axiom Security, its affiliates, and its respective officers, directors, employees and agents, and subcontractors from and against any and all claims, damages, obligations, losses, liabilities, costs and expenses (including but not limited to attorney’s fees) arising from: (i) your use of, or inability to use, the Services; (ii) your violation of this Agreement; and (iii) your violation of any third party right, including without limitation any copyright, property, or privacy right (for example, any claim that Assessment Data and/or personal data infringes or violates the rights of any third party). Without derogating from or excusing your obligations under this Section, Axiom Security reserves the right (at your expense), but is not under any obligation, to assume the exclusive defense and control of any matter which is subject to an indemnification by you if you choose not to defend or settle it. You agree not to settle any matter subject to an indemnification by you without first obtaining Axiom Security’ express written approval.
18.2. Axiom Security agrees to defend, indemnify and hold harmless Customer from and against any and all third party claims, damages, obligations, losses, liabilities, costs and expenses (including but not limited to attorney’s fees) arising from any suit or claim that the Software, Services and/or Axiom Security intellectual property infringes or misappropriates the intellectual property of any entity or person. This indemnity is subject to Customer providing Axiom Security with written notice of the claim and allowing Axiom Security sole control of the defense and/or settlement thereof.
19. Modification to Software.
Axiom Security reserves the right, at any time, to: (i) discontinue, change, update or modify the Software or any aspect or feature thereof; (ii) reduce or otherwise modify the storage capacity of the Software; and (iii) remove or limit your access to any aspect or feature of the Software, provided that Axiom Security shall use reasonable efforts to ensure such discontinuance, change, update, or modification does not materially affect the quality or performance of the Software licensed to customer.
20. Term and Termination
20.1. This Agreement is effective until terminated in accordance with this Section or until the end of the subscription term as set out in the applicable Proposal.
20.2. The license granted hereunder shall terminate immediately upon: (i) termination of this Agreement in accordance with Section 19.1; or (ii) written notice from Axiom Security to you in the event of your use of the Services for purposes other than the purposes permitted under this Agreement by you and/or any other failure by you to comply with any provision of this Agreement.
20.3. Upon termination of this Agreement, you shall cease all access to and use of the Software and the Security Rating Services. This Section 20.3 and Sections 7 (“Restricted Use”), 8.3, 10 (“Proprietary Rights”), 13 (“No Advice”), 14 (“Confidentiality”), 16 (“Warranty Disclaimer”), 17 (“Limitation of Liability”), 18 (“Indemnification”), and 21 (“Assignment”) to 25 (“General”) shall survive termination of this agreement.
This Agreement, and any rights and licenses granted hereunder, may not be transferred or assigned by you but may be assigned by Axiom Security without restriction or notification.
22. Modification of Agreement.
Axiom Security reserves the right to modify this Agreement at any time by publishing the revised Agreement in the Software. Such change will be effective ten (10) days following the foregoing notification thereof, and your continued use of the Services or any part thereof thereafter means that you accept those changes. No amendment of or waiver of this Agreement, or modification thereof that materially impacts your access to or use of the Services will be enforceable unless agreed in writing by the parties hereto.
23. Governing Law.
This Agreement shall be governed by and construed in accordance with the laws of the State of Israel and only the competent courts located in Tel Aviv-Jaffa, Israel, shall have jurisdiction over any dispute arising from this agreement.
24. Force Majeure.
No party shall be liable or responsible to the other party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations to make payments to the other party hereunder), when and to the extent such failure or delay is caused by or results from the following force majeure events (“FME”): (a) acts of God; (b) flood, fire, earthquake or explosion; (c) war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot or other civil unrest; (d) government order or law; (e) actions, embargoes or blockades in effect on or after the date of this Agreement; (f) action by any governmental authority; (g) national or regional emergency; (h) strikes, labor stoppages or slowdowns or other industrial disturbances; (i) failure of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, shortage of adequate power or transportation facilities; and (j) other events beyond the reasonable control of the party impacted by the FME.
If any provision, or part thereof, of this Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable and such reform shall not affect the enforceability of such provision under other circumstances, or of the remaining provisions hereof under all circumstances. This Agreement, and any other legal notices published by us in connection with the Services, shall constitute the entire agreement between you and Axiom Security concerning the Services. No waiver of any term of this Agreement shall be deemed a further or continuing waiver of such term or any other term, and a party’s failure to assert any right or provision under this Agreement shall not constitute a waiver of such right or provision. YOU AGREE THAT ANY CAUSE OF ACTION THAT YOU MAY HAVE ARISING OUT OF OR RELATED TO THE SERVICES MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.