EULA

End User License Agreement

PLEASE READ THIS END USER LICENSE AGREEMENT (“EULA”) CAREFULLY BEFORE

INSTALLING OR ACCESSING/USING THE SOFTWARE. BY INSTALLING, ACCESSING, OR USING

THE SOFTWARE, YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS LICENSE. IF YOU

DO NOT AGREE TO THE TERMS OF THIS LICENSE, DO NOT INSTALL, ACCESS, OR USE THE

SOFTWARE AND (IF APPLICABLE) RETURN THIS SOFTWARE TO THE PLACE WHERE YOU

OBTAINED IT. IN THE EVENT THIS SOFTWARE IS PURCHASED BY LICENSEE ON BEHALF OF ITS

EMPLOYEES, THE LICENSEE REPRESENTS THAT LICENSEE IS LIABLE FOR THE ACTS AND

OMISSIONS UNDER THIS EULA FOR ALL OF ITS EMPLOYEES.

This End-User License Agreement (EULA) is a legal agreement between Shield Alliance registered at 1202

Capital Centre 5-19, Jardine's Bazaar, Causeway Bay, Hong Kong, 987987 (Licensor) and you (Licensee) for

access and use of OhPhish Phishing Simulation OhPhish Reporter, OhPhish Quizzer ‘Mobile Applications and

OhPhish Learning Management software (together referred to as “Software as a Service”) subject to the terms

and conditions of this EULA. Shield Alliance International Limited is the parent entity of OhPhish Private

Limited.

1. Grant of License by Licensor:

(a) Subject to the terms and conditions of this EULA and/or payment of applicable license and/or subscription

fees, Licensor hereby grants to Licensee a revocable, non-exclusive, non-transferable, non-sublicensable

license to access and use Software as a Service only for internal business use and not for resale, unless

Licensee is a legal and authorized reseller of Licensor, pursuant to a contract executed by both parties

stating Licensee is an authorized reseller.

(b) The Software as a Service is licensed to you and not sold. Additional restrictions and/or terms on use of

the Software as a Service may be specified in the applicable Order Form and the Licensee agrees to be

bound by such additional restrictions and/or terms.

employees specified in the applicable Order Form.

(d) Access will be provided only to employees of Licensee and independent contractors acting as authorized

agents of Licensee accessing the Software as a Service from the domains listed in the applicable Order

Form. This EULA does not authorize the Licensee in any way to use and access the Software as a Service

as a platform to launch or use it for the activities including but not limited to, fake cyber security attack

campaigns, attack the system and/or abuse any person or entity and/or commit any fraudulent activities

such as email fraud, spam mail fraud, access device fraud, identify theft, bank fraud, wire fraud, computer

fraud and abuse, privacy protection, email fraud, spam etc. and/or infringe any third-party’s intellectual

property rights and/or launching or otherwise.

(e) Subject to the terms and conditions of this EULA and/or payment of applicable license and/or subscription

fees, Licensor grants a limited, revocable, non-exclusive, non-transferable license to use the Security

Awareness Materials (“Security Awareness Materials”) and Security Awareness Campaigns (“Security

Awareness Campaigns”) for Licensee’s own internal business use provided each user is an authorized

managed end user in the Licensee’s organization. Security Awareness Training Materials will be provided

under license in digital format only. Printing where allowed, and other costs are the responsibility of

Licensee. Any attempt to sell, transfer, create derivative works from, broadcast or post on any external

network or media is prohibited. Licensee is not permitted to broadcast or post the Security Awareness

Materials and/or Security Awareness Campaigns on or through Licensee’s internal communications

channels unless written permission is obtained from the Licensor.

2. Grant of License to Licensee for Trial Purpose:

(a) Subject to the terms and conditions of this EULA and/or payment of applicable license and/or subscription

fees (if applicable), Licensor may grant to Licensee a revocable, non-exclusive, non-transferable license

to access and use Software as a Service only for internal trial purpose for a period not exceeding fifteen

(15) days. The period of fifteen (15) days free trial may be extended only upon special request by

Licensee, in writing, and accepted by Licensor in writing. The Software as a Service during the free trial

period also is only licensed to you and not sold. In addition to any other license restrictions under this

EULA, the Licensee shall not generate more than five (5) active campaigns and each campaign shall be

routed to not more than ten (10) targets. This provision is applicable only if the Licensee expresses desire

to use and access the Software as a Service for trial purpose.

(b) Subject to the terms and conditions of this EULA and/or payment of applicable license and/or subscription

fees (if applicable), Licensor may grant a limited, revocable, non-exclusive, non-transferable license to

use the Security Awareness Materials (“Security Awareness Materials”) and Security Awareness

Campaigns (“Security Awareness Campaigns”) for Licensee’s own internal trial purpose connected with

the foregoing trial method.

entity in violation of applicable data protection laws and/or any applicable laws.

3. Grant of License by Licensee, Licensee’s covenants and responsibilities:

(a) Licensee covenants that it will comply with its use of the Software as a Service, including but not limited

to all applicable laws pertaining to mail fraud, access device fraud, identify theft, bank fraud, wire fraud,

computer fraud and abuse, privacy protection, email fraud, spam, and the protection of trademarks and

copyrights.

(b) “Licensee Content” shall mean information and materials provided by Licensee and/or employees or

agents, regardless of form, including (without limitation) its trademarks, trade names, service marks,

logos and designs, e-mail addresses of Licensee and/or its employees or agents, and images, graphics, and

text, in connection with the use of the Software as a Service.

for obtaining all required rights and licenses to use and display all License Content in connection with

Licensee's use of the Software as a Service. Licensee must include clear verbiage assuming the

responsibility regarding the accuracy of the Licensee Content generated through Software as a Service

which is hosted on the platform.

(d) Licensee grants limited, non-exclusive and non-transferable right to use the Licensee Content solely for

the purpose of providing the Software as a Service. When accessing and using the Software as a Service,

Licensee shall not include Licensee Content that is obscene, offensive, inappropriate, libellous, tortious,

defamatory, threatening, abusive, objectionable, hateful or that violates any applicable law or regulation,

contract, or privacy or other third party right, or that otherwise exposes Licensor to civil or criminal

liability. The Licensee shall be responsible and liable towards the Licensor and defend, hold harmless and

indemnify Licensor against any claims and liabilities brought against the Licensor due to the License

Content hosted on the platform.

(e) Licensee acknowledges that the Software is designed to assist Licensee in developing customized,

controlled cyber security attack campaigns for purposes of training to its employees, but that Licensee,

and not Licensor or any Licensor’s Distributor, shall be solely responsible for compliance with all laws

and governmental regulations, and any results in connection with its use of the Software as a Software

(including any reports or information produced in connection therewith).

(f) Licensee shall keep the credentials (e.g. usernames and passwords) of each user provided by Licensor

and/or its Distributor in connection with the use of the Software as a Service confidential and not disclose

any such credentials to any third party. Each user credential shall be unique and allows only one user to

access the Software as a Service. The Licensee shall not share the user credentials of one user at any cost

with any other user and/or with any third party. In addition, Licensee shall notify Licensor immediately

upon the disclosure of any such credentials, and upon any termination of the engagement of any

employees or agents of Licensee with knowledge of any such credentials, so that such credentials can be

changed. Licensee shall defend, indemnify and hold harmless the Licensor against any claims, damages

and losses incurred by Licensor due to unauthorised use, access and sharing of the credentials by the

Licensee. Licensor is not responsible for (i) Licensee's access to the Internet, (ii) interception or

interruptions of communications through the Internet, or (iii) changes or losses of data through the

Internet.

4. Security Awareness Campaigns: Licensor does not have any responsibility to determine if any suspect email

received by any user is a phishing attack of any form. Licensor's sole and exclusive obligation shall be to

use reasonable commercial efforts to forward any suspect email/SMS/call received by Licensor using

designated Software as a Service to the address / phone number/email ID designated by Licensee.

Licensor shall not be responsible to verify the accuracy of such email Id and phone number disclosed by

the Licensee. Further, Licensor is not responsible for any damage to the Licensee's network or loss of data as

a result of the suspect email. Licensee has the sole and exclusive obligation to evaluate any suspect email and

take any and all actions Licensee determines are appropriate as a result of such suspect email. Licensee shall

indemnify, defend, and hold Licensor harmless in the event of any breach or threatened breach of this

provision.

5. Description of Limitations: Licensee shall not and shall not allow any third party to (i) reverse engineer,

modify, decompile, or disassemble, modify, adapt, translate, copy or otherwise use the Software as a Service

either whole or in part and/or any associated documentation; (ii) remove or modify any proprietary marking

or restrictive legends in the Software as a Service and/or its associated documentation; (iii) access the Software

as a Service or use the documentation to build a competitive service or product, or copy any feature, function

or graphic for competitive purposes; (iv) launch fake cyber security attack campaigns, attack the system and/or

abuse any person or entity and/or commit any fraudulent activities such as email fraud, spam mail fraud, access

device fraud, identify theft, bank fraud, wire fraud, computer fraud and abuse, privacy protection, email fraud,

spam etc. and/or infringe any third-party’s intellectual property rights and/or launching. The Licensor reserves

the right to terminate the use and access of such service without notice in the event of breach or threatened

breach of this provision. The Licensor reserves all right not expressly provided by the Licensor in the

Agreement.

6. Title to Software as a Service: Licensor and/or its licensor owns the Software as a Service and its associated

documentation, including but not limited to Security Awareness Material, website, and its design, text, content,

files, selection and arrangement of elements, organization, graphics, compilation, translations, digital

conversion and other matters related to, and all trademarks, logos, service marks, symbols, trade dress and all

materials provided on or through, this Software as a Service and website are protected by all applicable

contain Open Source Software, the usage of which is governed by the applicable open source license. Anything

not expressly granted herein is reserved by the Licensor and/or its licensor.

Except as expressly provided herein, nothing contained in this EULA shall be construed as conferring by

implication, estoppel or otherwise any license, interest or right in or to the Software as a Service or Security

Awareness Material under any copyright, trademark, or proprietary rights of Licensor or of any third party.

Further, except as otherwise provided herein, the Software as a Service and/or Security Awareness Material

(in whole or portions thereof) may not be used, copied, reproduced, distributed or redistributed, published or

republished, downloaded, modified, displayed, posted, broadcasted, imitated, adapted, translated, or

transmitted in any form or by any means, including, but not limited to, electronic, mechanical, photocopying,

recording, or otherwise, or sold, offered for sale, licensed or sublicensed, reverse engineered, disassembled,

decompiled or incorporated into compilations or used in the creation of derivative works, without Licensor’s

express prior written permission or that of the respective third-party owner.

7. Confidentiality:

(a) Licensee acknowledges that the Software as a Service, related documentation, and other confidential

information that may be provided by Licensor or its authorized representative or Distributor (collectively

"Confidential Information") is confidential information of Licensor. Licensee agrees not to disclose the

Confidential Information to third parties or use the Confidential Information other than in connection with its

License rights under this EULA. Licensee will use at least the same security measures as Licensee uses to

protect its own confidential and trade secret information but no less than reasonable measures to protect the

Confidential Information. Confidential Information shall not include information: (i) already in Licensee's

possession at the time of disclosure, (ii) that is or later becomes part of the public domain through no fault of

Licensee, or (iii) is required to be disclosed pursuant to law or court order provided that Licensee shall notify

Licensor prior to such required disclosure and assist Licensor in preventing or limiting such required

disclosure.

(b) Licensee agrees and acknowledges that any breach of the provisions regarding ownership or confidentiality

contained in this EULA shall cause Licensor irreparable harm and Licensor may obtain injunctive relief as

well as seek all other remedies available to Licensor in law and in equity in the event of breach or threatened

breach of such provisions.

that none of the individual data is able to be identified as received from Licensee or any of its employees or

independent contractors.

8. Support: Subject to payment of license and/or subscription fees and fulfilling terms of this EULA, Support

shall be provided to Licensee in accordance with the description herein:

Support Description: There are three levels of Support: Severity 1, Severity 2 and Severity 3. Every level of

Shield Alliance Support provides telephone support and email. Support cases are handled based on case

priority levels as described below:

Severity

SLA for first response

(working hours)

SLA for complete

resolution (working hours)

Severity 1 - Complete OhPhish Solution

not accessible / working

12 hrs

24 hrs

Severity 2 - Solution accessible, but

certain features not accessible / working

24 hrs

48 hrs

Severity 3 - Minor bugs / issues

48 hrs

120 hrs

Notwithstanding the foregoing, the first line support shall be provided by the authorized distributor and/or

representative of the Licensor.

Support is delivered only in English unless agreed otherwise via writing.

Support in case of on-prem and hybrid provided by Licensor shall be remote – email, telephonic, remote access

to server.

Notwithstanding the foregoing, Licensor will have no obligation of any kind to provide Support for issues caused

by or arising out of any of the following (each, a “End-User Generated Error”): (i) modifications to the Software

as a Service not made by Licensor; (ii) use of the Software as a Service other than as authorized in the EULA or

as provided in the Documentation; (iii) damage to the machine on which the Software as a Service is installed;

(iv) Licensee’s continued failure to use the Software as a Service without reference to the Documentation; (v)

versions of the Software as a Service other than the most recent version; (vi) Third-Party products not expressly

supported by Licensor and described in the Documentation; or (vii) conflicts related to replacing or installing

hardware, drivers, and software that are not expressly supported by Licensor and described in the

Documentation.

9. Duration: This EULA is effective as long as the Licensee have been granted the right to continue to use the

Software as a Service based on the applicable license term specified in the applicable Order Form and/or from

the date of acceptance by the Licensee until:

(a) Automatically terminated or suspended if Licensee fails to comply with any terms of this EULA; or

(b) If we suspect anything untoward, we may terminate or suspend your access with or without cause and not

otherwise.

In the event, the EULA is terminated, the Licensee must cease use of the Software as a Service and destroy all

copies of the Software as a Service.

10. Payment: Licensee must pay all undisputed fees within 30 days of the date of an invoice. Licensee is

responsible for the payment of all applicable sales, use, withholding, VAT and other similar taxes.

11. Warranty:

(a) Licensor warrants to Licensee that the Software as a Service shall be provided in a professional and

workmanlike manner. Notwithstanding the foregoing the warranties provided herein shall not apply for free

trial period or the services provided for free. The Licensee assumes sole risk in accessing and using the software

as a service during the trial period.

(b) EXCEPT THE EXPRESS WARRANTY AS PROVIDED HEREIN, LICENSOR MAKES NO

REPRESENTATIONS OR WARRANTIES OR CONDITIONS OF ANY KIND CONCERNING THE

SOFTWARE AS A SERVICE OR THEIR USE, ACCURACY AND FUNCTION. THE LICENSOR SHALL

NOT BE LIABLE IN ANY MANNER FOR ANY REPRESENTATION OR WARRANTY OR CONDITION

OF ANY KIND WHETHER EXPRESS OR IMPLIED OR COLLATERAL OR WHETHER ARISING BY

OPERATION OF LAW OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY

OR CONDITION OF MERCHANTABLE QUALITY OR FITNESS FOR A PARTICULAR PURPOSE OR

THAT THE SOFTWARE AS A SERVICE WILL BE ERROR-FREE.

Licensor shall, at Licensor’s option either promptly repair or replace the relevant functionality or features of

the Service giving rise to the substantial non-conformity or re-perform the Services at no additional cost to

Licensee. Such repair, replacement or re-performance shall be the sole and exclusive remedy of the Licensee

for any breach of the warranty.

12. Licensor Indemnity: Licensor shall indemnify and hold Licensee harmless against any and all losses,

damages, claims, or liabilities to the extent that they are based upon a third-party claim that Licensee’s use of

the Service in accordance with the terms of this EULA, provided by Licensor hereunder, infringes a valid

with prompt written notice of such claim; (ii) Licensee providing reasonable cooperation to Licensor in

Licensor’s defense of any such claim; and (iii) Licensee granting to Licensor sole authority and control over

the defense and settlement of such claim. If the Software as a Service hereunder becomes, or in Licensor’s

opinion is likely to become, the subject of a claim of infringement, Licensor may, at its option: (i) procure for

Licensee the right to continue to use the Software as a Service; (ii) replace or modify the Software as a Service

to make it non-infringing; or (iii) terminate this EULA and refund the fees paid for such Software as a Service

for the then-current license term. Licensor will have no liability for any claim based on: (w) any modification

of the Software as a Service except with respect to modifications performed by Licensor; (x) any use of the

Software as a Service other than as expressly permitted under this EULA; or (y) any use or combination of the

Software as a Service with any third-party products. This Section sets forth Licensor’s complete liability, and

Licensee’s sole remedy, with respect to claims relating to infringement of intellectual property rights.

13. Licensee Indemnification: Licensee shall indemnify and hold licensor as well as its subsidiaries, officers,

directors, agents, representatives, employees and third-party licensors harmless from any and all claims,

liabilities, losses, expenses or demands, including reasonable legal fees, based on, arising from, or otherwise

related to (a) Licensee’s breach or violation of any of the provisions of this EULA; (b) Licensee’s access or

use of the Software as a Service, including but not limited to the hosted platform, any of the information,

materials, or any other services made available on or through the Software as a Service, in violation of the

EULA; (c) any infringement or misappropriation by Licensee of any intellectual property or other rights of

Licensor or any third party; (d) any threat, attack or abuse of the Software as a Service due to unauthorized use

of the Software as a Service; or (e) any negligence or willful misconduct by Licensee.

14. Limitation of Liability: Licensor shall not be liable to Licensee, or any other person or entity claiming

through Licensee any loss of profit, income, savings, or any other consequential, incidental, special, punitive,

direct and indirect damage, whether arising in contract, tort, warranty, or otherwise. These limitations will

apply regardless of the essential purpose of any limited remedy. Under no circumstances shall Licensor’s

aggregate liability to Licensee, or any person or entity claiming through Licensee, exceed the financial amount

actually paid by Licensee to Licensor for the Software as a Service in a period of three (3) months prior to the

event giving rise to such claim for damage.

15. Export Laws: Licensee shall not use or otherwise export or re-export the Software except as authorized by

United States law and the laws of the jurisdiction in which the Licensor’s Software was obtained. In particular,

but without limitation, the Licensor’s Software shall not be exported or re-exported (a) into (or to a national or

resident of) any U.S. embargoed countries or (b) to anyone on the U.S. Treasury Department's list of Specially

Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List. By using the

Licensor’s Software, you represent and warrant that you are not located in, under control of, or a national or

resident of any such country or on any such list.

16. Data Security by Licensee: The Licensee is solely responsible for ensuring that the Licensee Content

generated via Software as a Service is appropriate for Licensee’s intended use and Licensee is solely

responsible to maintain the security of Licensee Content. Licensee is responsible for taking and maintaining

appropriate steps to maintain the confidentiality, integrity, and security of the Licensee Content. Those steps

include (without limitation) (i) controlling the access that Licensee provides to its users, (ii) configuring the

service appropriately; (iii) ensuring the security of the Licensee Content while transferring the Licensee

Content to any other medium (electronic or manual); (iv) using encryption technology wherever required to

protect the Licensee Content; (v) backing up and/or archiving the Licensee Content in a secured environment

to prevent any possible data loss due to technology failure or inactivation of the user account. The Licensee

shall be solely responsible and liable towards any claims brought against the Licensor for the act or omission

of the Licensee regarding the security of the Licensee Content. The Licensor may retain Licensee Content in

whole or in portion for specific duration in accordance with its internal data retention policy.

17. Data Security by Licensor: If and to the extent the EU Directive 95/46/EC or the EU General Data Protection

Regulation (EU) 2016/679 (together with any transposing, implementing, or supplemental legislation

“GDPR”) and/or any other applicable data protection and privacy laws apply to the processing of Personal

Data (as defined in the GDPR or in the relevant legislation) (a) Licensor will process Personal Data only in

accordance with Licensee’s instructions; (b) Licensor will process Personal Data only on Licensee’s written

documented instructions, including with regard to transfers of Personal Data to any third party or any other

country from the originating country; (c) Licensor will maintain and implement technical and organizational

measures appropriate (having regard to the state of technological development and cost of implementation) to

the risk of, and to seek to protect Licensee’s Personal Data against any Security Incident; (d) Licensor shall

not transfer Licensee’s Personal Data without Licensee’s express written consent. In the event, the Licensor

becomes aware of a confirmed Security Incident, inform Licensee without undue delay, and provide reasonable

information (to the extent such information is known or available to the Licensor) and cooperation to Licensee

so that Licensee can fulfil any data breach reporting obligations it may have under applicable data protection

laws. The Licensor further take such any reasonably necessary measures and actions to remedy or mitigate the

effects of such Security Incident. “Security Incident” means a breach of Licensor’s and/or Licensee’s security

measures leading to (i) accidental or unlawful destruction of personal data or (ii) loss, alteration, unauthorised

disclosure of, or access to personal data.

18. Privacy Policy: Please refer to Licensor’s Privacy Policy located online

at https://aware.eccouncil.org/privacy.html how Licensor uses, transfers and shares information collected by

or provided to it.

19. Permission to use Trademark and/or Logo: Licensee grants permission to Licensor to use Licensee’s

trademark and/or logo on the Licensor’s website, or any other marketing material when referring to Licensee.

Licensee will retain all title and rights to such trademarks and/or logos. Further, Licensor may customize the

phishing simulation by including Licensee’s trademark and/or logo in which case the Licensee agrees not to

bring any trademark infringement and/or trademark dilution claim against the Licensor.

21. Governing Law. This EULA shall be construed and enforced in accordance with, and the validity and

performance hereof shall be governed by the laws of Singapore, without reference to principles of conflict of

laws thereof. Judicial proceedings regarding any matter arising under the terms of this EULA shall be brought

solely in the courts of Singapore.

22. Assignment: The Licensee shall not transfer its right to access and use the Software as a Service to any third

party.

23. Publicity: With Licensee’s prior written consent, Licensor may refer to Licensee as one of its customers on

Licensor's website and in other marketing material, including a possible joint press release.

24. Entire Agreement: This License constitutes the entire agreement between the parties with respect to the use

of the Licensor’s Software licensed hereunder and supersedes all prior or contemporaneous understandings

regarding such subject matter. No amendment to or modification of this License will be binding unless in

writing and signed by Licensor. The parties hereto confirm that they have requested that this License and all

related documents be drafted in English. The Licensee may at any time modify, update the terms and conditions

of this EULA, the most lates version shall be updated on the website https://aware.eccouncil.org/. By

continuing the use of the Software as a Service, the Licensee agrees to the modified term and conditions of

this EULA.

Last updated: 15th December 2023