CATScan® | PENTESTON

VULNERABILITY SCANNING SUBSCRIBER AGREEMENT IMPORTANT—PLEASE READ THESE TERMS CAREFULLY BEFORE APPLYING FOR, ACCEPTING, OR USING THE PROACTIVE RISK INC., VULNERABILITY SCANNING SERVICES, INCLUDING CATScan® AND PENTESTON. BY USING, APPLYING FOR, OR ACCEPTING THE VULNERABILITY SCANNING SERVICES OR BY CLICKING ON “I ACCEPT” BELOW, YOU (THE “SUBSCRIBER”) ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, THAT YOU UNDERSTAND IT, AND THAT YOU AGREE TO AND ACCEPT THE TERMS AS PRESENTED HEREIN. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, DO NOT APPLY FOR, ACCEPT, OR USE ProactiveRISK’S VULNERABILITY SCANNING SERVICES AND CLICK “DECLINE” BELOW.

 

The terms and conditions set forth below constitute a binding agreement between you (the “Subscriber” or “you”) and Proactive Risk Inc., (“ProactiveRISK”), which has its principal place of business at 759 Bloomfiled Ave., Suite 172, West Caldwell New Jersey 07866, USA (the “Agreement”). Any failure to abide by this Agreement shall void ProactiveRISK’s obligations hereunder.

 

1. Use of the Services

1.1. License. ProactiveRISK grants to you a revocable, non-exclusive, non-transferable license to use the vulnerability scanning services select during the registration process (either CATScan® or Penteston), including the security scans, logos, audits, and reports (the “Services”) to identify areas of insecurity or vulnerability on a scanned network server, personal computer, or other internet-connected device (each a “System”).  You authorize ProactiveRISK to perform the Services on the specified Systems.

 

1.2. Registration. In order to receive the Services, you must register for an account with ProactiveRISK. Subscriber shall provide full and accurate information in all electronic or hardcopy documents submitted to ProactiveRISK. This information must be promptly updated if any information changes or ceases to remain accurate. Failure to promptly update information shall be deemed a material breach of this Agreement.

 

1.3. Account. The account shall be protected by a username and password which are confidential information. You are fully responsible for any activities that occur through your account. You must notify ProactiveRISK immediately if you suspect any unauthorized use of your account.

 

1.4. Scanning. The Services serve only as a passive conduit to provide the scan and recommended fixes and are not intended to fix, remedy, prevent, or eliminate any vulnerabilities or insecurities. You are solely responsible for securing and protecting your system. The Services only scan for major known vulnerabilities. A successful scan does not guarantee or ensure that the System is free of all vulnerabilities or insecurities. The number of scans performed depends on the subscription selected during the registration process.

 

1.5. CATScan® Trustmark. Any IP address failing a scan may not display the logo associated with the Services. CATScan® users who pass the first scan and then later fail a daily scan may continue to display the logo for up to consecutive two scan cycles while attempting to fix the problem. If a scan is not passed within two scan cycles, the logo must be removed from the website failing the scan. Displaying the logo before passing the initial daily scan or after failing to pass a daily scan within two consecutive scan cycles is a material breach of this Agreement, and ProactiveRISK may deactivate the Services automatically without providing further notice to you.

 

1.6. Changes in Services. ProactiveRISK may modify the Service in its sole discretion, including removing, modifying, or updating the specific scans performed. These modifications may be made without notice from ProactiveRISK.

 

1.7. Trial Accounts. Subscribers who register with a free trial account may use the Services during the trial period without payment. Trial accounts will display the logo associated with Vulnerability Scanning Subscriber Agreement. Free trials may be terminated at any time by purchasing a subscription to the Services. Free trials are limited to one per domain name and may not be renewed. Free trials use cookies, ProactiveRISK analytics, and javascript and will only function on browsers and systems allowing such activity. To use a free trial, you are required to allow cookies from your website and must include the use of cookies in your site’s privacy policy. ProactiveRISK does not guarantee that the Free Trial offer will be available at all times and in all locations and such accounts are granted in ProactiveRISK’s sole discretion.

 

2. Subscriber Obligations

2.1. Obligations. Subscriber shall: (i) Be responsible for the compliance with all laws, regulations, and other restrictions on the distribution or use of the software, including the export laws of the United States; (ii) Be responsible of all equipment and services necessary to receive the Services; (iii) Maintain any confidential information disclosed by ProactiveRISK; and (iv) Pay all charges resulting from the use of the Services.

 

2.2. Restrictions. Subscriber shall not (i) Use the Services to engage in any unlawful or prohibited activity; (ii) Use the Services to infringe on the intellectual property rights of a third party; (iii) Interfere or disrupt networks or third parties; (iv) Bypass or violate any policies and procedures of networks connected to the Services; (v) Directly or indirectly, reproduce, sell, lease, rent, transfer, or exploit the Services; (vi) Use the Services to scan domains or attempt to gain access to ProactiveRISK’s or a third party’s System without the express permission of ProactiveRISK or the relevant third party; (vii) Represent that ProactiveRISK guarantees any of your products or services (viii) Use a report generated by the Services for any reason other than obtaining PCI compliance, remedying vulnerabilities on the scanned system, or other internal business purposes; or (ix) Reverse engineer or otherwise derive the processes and source code by which the Services are provided or by which the reports are generated.

 

3. Fees and Payment

3.1. Subscriber shall pay all fees resulting from Services ordered under Subscriber’s account, regardless of any actual use of the Services or if Subscriber’s site passes the vulnerability scans. Prices for the Services are posted on the ProactiveRISK website at www.proactiverisk.com. ProactiveRISK may revise its fees at any time by posting an amended fee schedule on the website. Continued use of the Services after an amendment constitutes Subscriber’s acceptance of the amendment.

 

3.2. Fees must be paid in advance and are non-refundable. Monthly account billing starts at midnight on the first of every month. Payment must be made by the credit or debit card designated by the Vulnerability Scanning Subscriber Agreement. Subscriber during the account registration, and Subscriber authorizes ProactiveRISK to charge all fees to this credit card. Accounts designated as group invoice billing account must be approved by ProactiveRISK and will be invoiced on a monthly basis.

 

3.3. Questions regarding fees and charges must be made to ProactiveRISK within thirty (30) days of such charge. Failure to use the account is not a basis for refusing to pay any charges. Billing corrections shall be made by providing a credit to Subscriber’s account for future monthly fees or for the purchases of service upgrades. ProactiveRISK may deactivate any account that has a disputed charge until ProactiveRISK, in its sole discretion, determines the dispute resolved.

 

3.4. If a fee is rejected by your card issuer (or its agent or affiliate), ProactiveRISK may deactivate your account and prevent access to the Services until the fee has been successfully processed.

 

4. Confidentiality

4.1. “Confidential Information” means all material, data, systems and other information concerning ProactiveRISK’s business operations that is not known to the general public, including (a) information about the software used to perform each parties’ respective obligations hereunder (such as personal identification numbers and passwords); and (b) information about the technical operations of any of the ProactiveRISK services and products offered hereunder. Neither party shall use any Confidential Information other than for the purpose of performing its obligations under the Agreement or as otherwise permitted pursuant to the Agreement. All uses of Confidential Information provided by Subscriber, except as otherwise provided herein, are subject to the ProactiveRISK privacy policy as set forth on the ProactiveRISK Repository. The reports generated by the Services are not Confidential Information.

 

4.2. Each party shall ensure that any person to whom Confidential Information is disclosed by it complies with the restrictions set out in this section as if such person were a party to the Agreement.

 

4.3. Notwithstanding the previous provisions of this section, either party may disclose Confidential Information if and to the extent required by law, for the purpose of any judicial proceedings or any securities exchange or regulatory or governmental body to which that party is subject, wherever situated, whether or not the requirement for information has the force of law, and if and to the extent the information has come into the public domain through no fault of that party. Should a party be required to disclose Confidential Information pursuant to this section, the party shall promptly give notice of such requirement to the other party prior to disclosing the Confidential Information.

 

4.4. The restrictions contained in this section shall continue to apply to each party for the duration of the Agreement and for the period of 5 years following the termination of the Agreement.

 

5. Privacy

5.1. ProactiveRISK’s use of private information is used to determine vulnerability trends and produces an anonymized annual report of the data and submits the data to other projects including and not limited to the Open Web Application Security Project, OWASP Top 10

 

5.2. As a subscriber, you are given the opportunity to ‘opt-out’ of having information used for purposes not directly related to the Services ordered. This application notifies you that you may ‘opt out’ by emailing a clear notice to optout@proactiverisk.com. By clicking on the “I ACCEPT” button below, you affirmatively consent to receiving, and will receive, marketing material.

 

5.3. Although ProactiveRISK has taken steps to reduce risk by building systems with high levels of security to ensure the privacy of all transaction data and the safe transmission of credit card information, risks remain due to factors beyond the reasonable control of ProactiveRISK. Your use of the Services is subject to those risks which you agree to bear.

 

5.4. You expressly agree that ProactiveRISK may transfer reports and other information about use of the Services to the reseller or partner providing or referring the Services to you (if any), any member of the PCI counsel, any law enforcement official, or any affiliate of ProactiveRISK.

 

6. Intellectual

Property Rights 6.1. The Services are being licensed only. Regardless of any use, distribution, or modification by Subscriber. ProactiveRISK shall retain all title, interest, and ownership rights in: (i) the Services, including all techniques and ideas embedded therein, (ii) all copies or derivative works of the Services, regardless of who produced, requested, or suggested the copy or derivative work, (iii) all documentation and materials provided by ProactiveRISK to Subscriber, and (iv) all of ProactiveRISK’s copyrights, patent rights, trade secret rights and other proprietary rights.

 

6.2. The Subscriber may not use the ProactiveRISK name, brand, trademarks, service marks, logos, or any other intellectual property in any way except with ProactiveRISK’s prior written consent.

6.3. The Services may not be used to post or make accessible any material that infringes the copyright of a third party. If ProactiveRISK reasonably believes that the Services are being used in such a manner, ProactiveRISK may terminate this Agreement or restrict access to the services.

 

7. Indemnification.

Subscriber shall defend, indemnify, and hold harmless ProactiveRISK, its officers, directors, employees, and agents from and against any claims, costs, damages, expenses, losses, legal proceedings, or other liabilities (including, without limitation, reasonable attorneys’ fees) which are brought or threatened against ProactiveRISK by any third party as a result of: (i) Subscriber’s negligence or willful misconduct, (ii) false, inaccurate, or deceptive data associated with Subscriber’s account; (iii) Subscriber’s breach of the Agreement, (iv) Subscriber’s use of the Services, or (v) Subscriber’s infringement of the intellectual property rights of a third party When ProactiveRISK is threatened with suit or sued by a third party, ProactiveRISK may seek written assurances from you concerning your promise to indemnify ProactiveRISK. Failure to provide assurance is a material breach of this Agreement. ProactiveRISK shall have the right to participate in any defense by Subscriber of a third-party claim related to the Services, with counsel of ProactiveRISK’s choice at Subscriber’s expense. Subscriber must receive ProactiveRISK's prior written consent regarding any related settlement.

 

8. Exclusion of Warranties.

8.1. The Services are provided over the Internet are subject to the operation of the Internet and telecommunications infrastructures as well as the operation of Subscriber’s Internet connection services, all of which are beyond the control of ProactiveRISK. 8.2. THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE”. ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, ARE HEREBY EXCLUDED TO THE FULLEST EXTENT PERMISSIBLE BY LAW, INCLUDING ALL WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. ProactiveRISK DOES NOT WARRANT THAT ANY PART OF THE SERVICES WILL (I) MEET SUBSCRIBER’S REQUIREMENTS, (II) BE FREE FROM Vulnerability Scanning Subscriber Agreement – click - 060109 5 INACCURACIES, MISTAKES, DELAYS, INTERRUPTIONS OR TYPOGRAPHICAL ERRORS, OR (III) FIND, LOCATE, DISCOVER AND REPORT ALL POSSIBLE COMPUTER INSECURITIES AND VULNERABILITIES. ProactiveRISK DOES NOT WARRANT THAT ANY PROVIDED RECOMMENDATION WILL CORRECT OR CURE A DETECTED VULNERABILITY. SUBSCRIBER SHALL BEAR THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SERVICES. 9. Term and Termination 9.1. Term. The Agreement shall commence upon the activation of your account and shall continue perpetually until terminated by either the Subscriber or ProactiveRISK. Subscriber ‘s credit card shall be charged automatically for all fees owned for the Services using the debit or credit card provided during the registration process. 9.2. Termination by Subscriber. Subscriber may terminate this Agreement at any time by sending notice of the cancellation to canceltrustconnect@ProactiveRISK.com. ProactiveRISK is not responsible for cancellation emails sent to the wrong email address even if ProactiveRISK is aware of the email or cancel request. Your account will be terminated within 24 hours of ProactiveRISK’s receipt of your cancellation notice at the proper email address. If you are part way through a monthly billing cycle, the remaining days in that cycle are forfeited.

 

9.3. Termination by ProactiveRISK.

ProactiveRISK may terminate this Agreement in its sole discretion. Notice of the termination will be sent to the email address listed in the Subscriber’s account. ProactiveRISK is not liable for any damages that may result from termination carried out in accordance with this Agreement.

 

9.4. Events Upon Termination. Subscriber shall immediately cease using the Services upon receiving notice of termination of this Agreement. ProactiveRISK will not reimburse or refund any unused credits, money, or time remaining in your subscription plan. Once canceled, Subscriber’s account will not be charged further fees unless outstanding charges exist on the account. Any outstanding charges will remain due and be charged to the provided credit or debit card automatically by ProactiveRISK. If the account is an approved group invoice billing account, a charge to your credit or debit card will be made for final payment.

 

10. Limitation of Liability

10.1. ProactiveRISK’S MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OR RELATED TO THIS AGREEMENT, UNDER ANY THEORY OR CLAIM, SHALL BE LIMITED TO THE AMOUNT PAID BY SUBSCRIBER FOR THE SERVICES REGARDLESS OF THE TYPE, AMOUNT, OR EXTENT OF ANY ACTUAL DAMAGES SUFFERED. ProactiveRISK SHALL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING DAMAGES FOR LOST PROFITS, OPPORTUNITIES, REVENUE, SAVINGS, GOODWILL, OR USE OR POSSESSION OF DATA, EVEN IF ProactiveRISK WAS AWARE OF THE POSSIBILITY OR THE EXISTENCE OF SUCH DAMAGES. THE LIMITATIONS ON LIABILITY PROVIDED HEREIN SHALL APPLY TO THE MAXIMUM EXTENT ALLOWED BY LAW. ProactiveRISK SHALL NOT BE LIABLE TO THE SUBSCRIBER FOR ANY LOSS SUFFERED BY THE SUBSCRIBER DUE TO USE OF THE SERVICES OUTSIDE THE NORMAL AND INTENDED USE.

 

10.2. Except for indemnification and confidentiality obligations, neither party may bring any action, regardless of form, arising out of or relating to the Agreement more than one (1) year after the cause of action has occurred.

 

11. Miscellaneous

11.1. Force Majeure. Neither party hereto shall be liable for any breach of its obligations hereunder resulting from any event not under the reasonable control of that party. The parties agree that the Vulnerability Scanning Subscriber Agreement availability of the Internet and connections made through the Internet are not within the reasonable control of either party.

 

11.2. Entire Agreement. The Agreement and all other documents referred to herein shall constitute the entire agreement between the parties and shall supersede any other existing agreements between them, whether oral or written, with respect to the subject matter hereof. 11.3. Amendments. Except as otherwise provided herein, ProactiveRISK may revise this Agreement at any time in its sole discretion. Any revisions or change will be effective upon the earlier of the posting of the changes or revisions to the ProactiveRISK website (www.proactiverisk.com) or upon notification to the Subscriber of the change. Subscriber shall periodically review the website in order to be aware of any changes. Subscriber may terminate the Agreement in accordance with Section 9 if Subscriber does not agree to any changes made. By continuing to use the Services, Subscriber accepts any changes made and will be bound by such changes.

 

11.4. Waivers. The waiver by either party of a breach or default of any of the provisions of the Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either party to exercise or avail itself of any right power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other party.

 

11.5. Notices. All notices shall be in writing and in English. Notices shall be made by first class mail, return receipt requested, sent to ProactiveRISK 759 Bloomfield Ave., Suite 172, West Caldwell, NJ 07006 United States. Notices to Subscriber shall be sent to the email address provided during the registration process. Notices may be sent facsimile transmission provided that all facsimile transmissions are confirmed within 12 hours by a first-class mailed copy of the facsimile transmission. Correctly addressed notices sent by first-class mail shall be deemed to have been delivered 48 hours after posting and correctly directed facsimile transmissions shall be deemed to have been received 12 hours after dispatch.

 

11.6. Severability, If any provision of the Agreement is determined to be invalid or unenforceable under any applicable statute or rule of law, then the provision shall be reformed to the minimum extent necessary to cause the provision to be valid and enforceable. If reformation is not possible, then the provision shall be deemed omitted and the balance of the Agreement shall remain valid and enforceable

 

11.7. Survival. All provisions of the Agreement relating to confidentiality, disclaimer of warranties, proprietary rights, indemnification, limitation on remedies, and limitations of liability shall survive the termination of the Agreement.

 

11.8. Assignment. The Subscriber may not assign or transfer any right or obligation under the Agreement without first obtaining ProactiveRISK’s written consent. Any assignment or transfer of rights or obligations shall be voidable in ProactiveRISK’s discretion. ProactiveRISK may assign this Agreement in its sole discretion.

 

11.9. Governing Law and Jurisdiction. The Agreement shall be interpreted and construed under the laws of the United States, State of Delaware without regard to any conflicts of law principles. All claims or legal action must be commenced in the courts of the United States, State of Delaware and both parties agree to the venue of such courts.

11.10. Rights of Third Parties. There are no third party beneficiaries under this Agreement. ACCEPTANCE BY CLICKING “I ACCEPT” BELOW, YOU AGREE THAT YOU HAVE READ AND UNDERSTAND THE TERMS AND CONDITIONS OF THIS AGREEMENT AND THAT YOU WILL COMPLY WITH THEM AS PRESENTED