EULA

End User License Agreement

PLEASE READ THIS END USER LICENSE AGREEMENT (“EULA”) CAREFULLY BEFORE INSTALLING OR ACCESSING/USING THE SOFTWARE.  BY INSTALLING, ACCESSING, OR USING THE SOFTWARE, YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS LICENSE.  IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE, DO NOT INSTALL, ACCESS, OR USE THE SOFTWARE AND (IF APPLICABLE) RETURN THIS SOFTWARE TO THE PLACE WHERE YOU OBTAINED IT. IN THE EVENT THIS SOFTWARE IS PURCHASED BY LICENSEE ON BEHALF OF ITS EMPLOYEES, THE LICENSEE REPRESENTS THAT LICENSEE IS LIABLE FOR THE ACTS AND OMISSIONS UNDER THIS EULA FOR ALL OF ITS EMPLOYEES.  

This End-User License Agreement (EULA) is a legal agreement between Shield Alliance registered at RM 1202 Capital CTR-19 Jardine’s Bazaar Causeway Bay, Hongkong (Licensor) and you (Licensee) for access and use of OhPhish Phishing Simulation OhPhish Reporter,  OhPhish Quizzer ‘Mobile Applications and OhPhish Learning Management software (together referred to as “Software as a Service”) subject to the terms and conditions of this EULA.

1. Grant of License by Licensor:

1. Subject to the terms and conditions of this EULA and/or payment of applicable license and/or subscription fees, Licensor hereby grants to Licensee a revocable, non-exclusive, non-transferable license to access and use Software as a Service only for internal business use and not for resale, unless Licensee is a legal and authorized reseller of Licensor, pursuant to a contract executed by both parties stating Licensee is an authorized reseller. The Software as a Service is licensed to you and not sold. Additional restrictions and/or terms on use of the Software as a Service may be specified in the applicable Order Form and the Licensee agrees to be bound by such additional restrictions and/or terms. Licensee may use the Software as a Service solely to train no more than the number of Licensee’s employees specified in the applicable Order Form. Access will be provided only to employees of Licensee and independent contractors acting as authorized agents of Licensee accessing the Software as a Service from the domains listed in the applicable Order Form. This EULA does not authorize the Licensee in any way to use and access the Software as a Service as a platform to launch fake cyber security attack campaigns, attack the system and/or abuse any person or entity and/or commit any fraudulent activities such as email fraud, spam mail fraud, access device fraud, identify theft, bank fraud, wire fraud, computer fraud and abuse, privacy protection, email fraud, spam etc. and/or infringe any third-party’s intellectual property rights and/or launching.
2. Subject to the terms and conditions of this EULA and/or payment of applicable license and/or subscription fees, Licensor grants a limited, revocable, non-exclusive, non-transferable license to use the Security Awareness Materials (“Security Awareness Materials”) and Security Awareness Campaigns (“Security Awareness Campaigns”) for Licensee’s own internal business use provided each user is an authorized managed end user in the Licensee’s organization. Security Awareness Training Materials will be provided under license in digital format only. Printing where allowed, and other costs are the responsibility of Licensee. Any attempt to sell, transfer, create derivative works from, broadcast or post on any external network or media is prohibited. Licensee is not permitted to broadcast or post the Security Awareness Materials and/or Security Awareness Campaigns on or through Licensee’s internal communications channels unless written permission is obtained from the Licensor.

2. Grant of Licensor to Licensee for Trial Purpose:

1. Subject to the terms and conditions of this EULA and/or payment of applicable license and/or subscription fees (if applicable), Licensor may grant to Licensee a revocable, non-exclusive, non-transferable license to access and use Software as a Service only for internal trial purpose for not exceeding fifteen (15) days which may be extended only by special request made to Licensor via writing. The Software as a Service is licensed to you and not sold. In addition to any other license restrictions under this EULA, the Licensee shall not generate more than five (5) active campaigns and each campaign shall be routed to not more than ten (10) targets. This provision is applicable only if the Licensee expresses desire to use and access the Software as a Service for trial purpose.
2. Subject to the terms and conditions of this EULA and/or payment of applicable license and/or subscription fees (if applicable), Licensor may grant a limited, revocable, non-exclusive, non-transferable license to use the Security Awareness Materials (“Security Awareness Materials”) and Security Awareness Campaigns (“Security Awareness Campaigns”) for Licensee’s own internal trail purpose connected with the foregoing trial method.  
3. Licensee takes sole responsibility for running such trail and shall not run any campaign on any person or entity in violation of applicable data protection laws and/or any applicable laws.

3. Grant of License by Licensee:

1. Licensee covenants that it will comply with its use of the Software as a Service, including but not limited to all applicable laws pertaining to mail fraud, access device fraud, identify theft, bank fraud, wire fraud, computer fraud and abuse, privacy protection, email fraud, spam, and the protection of trademarks and copyrights.
2. “Licensee Content” shall mean information and materials provided by Licensee and/or employees or agents, regardless of form, including (without limitation) its trademarks, trade names, service marks, logos and designs, e-mail addresses of Licensee and/or its employees or agents, and images, graphics, and text, in connection with the use of the Software as a Service. Licensee shall be solely responsible for the accuracy of all Licensee Content hosted on the platform and for obtaining all required rights and licenses to use and display all License Content in connection with Licensee's use of the Software as a Service.  Licensee must include clear guidelines regarding the responsibility of the accuracy of the Licensee Content generated through Software as a Service which is hosted on the platform. Licensee grants limited, non-exclusive and non-transferable right to use the Licensee Content solely for the purpose of providing the Software as a Service. When accessing and using the Software as a Service, Licensee shall not include Licensee Content that is obscene, offensive, inappropriate, libellous, tortious, defamatory, threatening, abusive, objectionable, hateful or that violates any applicable law or regulation, contract, or privacy or other third party right, or that otherwise exposes Licensor to civil or criminal liability. Licensee acknowledges that the Software is designed to assist Licensee in developing customized, controlled cyber security attack campaigns for purposes of training to its employees, but that Licensee, and not Licensor or any Licensor’s Distributor, shall be solely responsible for compliance with all laws and governmental regulations, and any results in connection with its use of the Software as a Software (including any reports or information produced in connection therewith).
3. Licensee shall keep the credentials (e.g. usernames and passwords) of each user provided by Licensor and/or its Distributor in connection with the use of the Software as a Service confidential and not disclose any such credentials to any third party. Each user credential shall be unique and allows only one user to access the Software as a Service. The Licensee shall not share one user credentials at any cost with any other user and/or with any third party.   In addition, Licensee shall notify Licensor immediately upon the disclosure of any such credentials, and upon any termination of the engagement of any employees or agents of Licensee with knowledge of any such credentials, so that such credentials can be changed. Licensor is not responsible for (i) Licensee's access to the Internet, (ii) interception or interruptions of communications through the Internet, or (iii) changes or losses of data through the Internet.

4. Security Awareness Campaigns: Licensor does not have any responsibility to determine if any suspect email received by any user is a phishing attack of any form. Licensor's sole and exclusive obligation shall be to use reasonable commercial efforts to forward any suspect email/SMS/call received by Licensor using designated Software as a Service to the address / phone number/email ID designated by Licensee. Licensor shall not be responsible to verify the accuracy of such email Id and phone number disclosed by the Licensee. Further, Licensor is not responsible for any damage to the Licensee's network as a result of the suspect email. Licensee has the sole and exclusive obligation to evaluate any suspect email and take any and all actions Licensee determines are appropriate as a result of such suspect email. Licensee shall indemnify, defend and hold Licensor harmless in the event of any breach or threatened breach of this provision.

5. Description of Limitations: Licensee shall not and shall not allow any third party to (i) reverse engineer, modify, decompile, or disassemble, modify, adapt, translate, copy the Software as a Service either whole or in part and/or any associated documentation; (ii) remove or modify any proprietary marking or restrictive legends in the Software as a Service and/or its associated documentation; (iii) access the Software as a Service or use the documentation to build a competitive service or product, or copy any feature, function or graphic for competitive purposes; (iv) launch fake cyber security attack campaigns, attack the system and/or abuse any person or entity and/or commit any fraudulent activities such as email fraud, spam mail fraud, access device fraud, identify theft, bank fraud, wire fraud, computer fraud and abuse, privacy protection, email fraud, spam etc. and/or infringe any third-party’s intellectual property rights and/or launching. The Licensor reserves the right to terminate the use and access of such service without notice in the event of breach or threatened breach of this provision.

6. Title to Software as a Service: Licensor and/or its licensor owns the Software as a Service and its associated documentation, including but not limited to Security Awareness Material, website, and its design, text, content, files, selection and arrangement of elements, organization, graphics, compilation, translations, digital conversion and other matters related to, and all trademarks, logos, service marks, symbols, trade dress and all materials provided on or through, this Software as a Service and website are protected by all applicable copyright laws, trademark laws and/or international conventions and treaties. The Software as a Service may contain Open Source Software, the usage of which is governed by the applicable open source license. Anything not expressly granted herein is reserved by the Licensor and/or its licensor.

Except as expressly provided herein, nothing contained in this EULA shall be construed as conferring by implication, estoppel or otherwise any license, interest or right in or to the Software as a Service or Security Awareness Material under any copyright, trademark or proprietary rights of Licensor or of any third party. Further, except as otherwise provided herein, the Software as a Service and/or Security Awareness Material (in whole or portions thereof) may not be used, copied, reproduced, distributed or redistributed, published or republished, downloaded, modified, displayed, posted, broadcasted, imitated, adapted, translated, or transmitted in any form or by any means, including, but not limited to, electronic, mechanical, photocopying, recording, or otherwise, or sold, offered for sale, licensed or sublicensed, reverse engineered, disassembled, decompiled or incorporated into compilations or used in the creation of derivative works, without Licensor’s express prior written permission or that of the respective third-party owner.

7. Confidentiality:

1. Licensee acknowledges that the Software as a Service, related documentation, and other confidential information that may be provided by Licensor or its authorized representative or Distributor (collectively "Confidential Information") is confidential information of Licensor. Licensee agrees not to disclose the Confidential Information to third parties or use the Confidential Information other than in connection with its License rights under this EULA. Licensee will use at least the same security measures as Licensee uses to protect its own confidential and trade secret information but no less than reasonable measures to protect the Confidential Information. Confidential Information shall not include information: (i) already in Licensee's possession at the time of disclosure, (ii) that is or later becomes part of the public domain through no fault of Licensee, or (iii) is required to be disclosed pursuant to law or court order provided that Licensee shall notify Licensor prior to such required disclosure and assist Licensor in preventing or limiting such required disclosure.
2. Licensee agrees and acknowledges that any breach of the provisions regarding ownership or confidentiality contained in this EULA shall cause Licensor irreparable harm and Licensor may obtain injunctive relief as well as seek all other remedies available to Licensor in law and in equity in the event of breach or threatened breach of such provisions.
3. Licensee acknowledges that Licensor may aggregate data from Licensee for analysis and reporting, provided that none of the individual data is able to be identified as received from Licensee or any of its employees or independent contractors.

8. Support: Subject to payment of license and/or subscription fees and fulfilling terms of this EULA, Support shall be provided to Licensee in accordance with the description herein:

Support Description: There are three levels of Support: Severity 1, Severity 2 and Severity 3. Every level of Shield Alliance Support provides telephone support and email. Support cases are handled based on case priority levels as described below:

Notwithstanding the foregoing, the first line support shall be provided by the authorized distributor and/or representative of the Licensor.

Support is delivered only in English unless agreed otherwise via writing.

Support in case of on-prem and hybrid provided by Shield Alliance shall be remote – email, telephonic, remote access to server.

Notwithstanding the foregoing, Shield Alliance will have no obligation of any kind to provide Support for issues caused by or arising out of any of the following (each, a “End-User Generated Error”): (i) modifications to the Software as a Service not made by Shield Alliance; (ii) use of the Software as a Service other than as authorized in the EULA or as provided in the Documentation; (iii) damage to the machine on which the Software as a Service is installed; (iv) Licensee’s continued failure to use the Software as a Service without reference to the Documentation; (v) versions of the Software as a Service other than the most recent version; (vi) Third-Party products not expressly supported by Shield Alliance and described in the Documentation; or (vii) conflicts related to replacing or installing hardware, drivers, and software that are not expressly supported by Shield Alliance and described in the Documentation.

9. Duration: This EULA is effective as long as the Licensee have been granted the right to continue to use the Software as a Service based on the applicable license term specified in the applicable Order Form and/or from the date of acceptance by the Licensee until:

1. Automatically terminated or suspended if Licensee fails to comply with any terms of this EULA; or
2. If we suspect anything untoward, we may terminate or suspend your access with or without cause and not otherwise.

In the event, the EULA is terminated, the Licensee must cease use of the Software as a Service and destroy all copies of the Software as a Service.

10. Payment: Licensee must pay all undisputed fees within 30 days of the date of an invoice. Licensee is responsible for the payment of all applicable sales, use, withholding, VAT and other similar taxes.

11. Warranty:

1. Licensor warrants to Licensee that the Software as a Service shall be provided in a professional and workmanlike manner.  

2. EXCEPT THE EXPRESS WARRANTY AS PROVIDED HEREIN, LICENSOR MAKES NO REPRESENTATIONS OR WARRANTIES OR CONDITIONS OF ANY KIND CONCERNING THE SOFTWARE AS A SERVICE OR THEIR USE, ACCURACY AND FUNCTION SHALL NOT BE LIABLE IN ANY MANNER FOR ANY REPRESENTATION OR WARRANTY OR CONDITION OF ANY KIND WHETHER EXPRESS OR IMPLIED OR COLLATERAL OR WHETHER ARISING BY OPERATION OF LAW OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OR CONDITION OF MERCHANTABLE QUALITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT THE SOFTWARE AS A SERVICE WILL BE ERROR-FREE.

3. Remedy: In the event of any breach of the warranties set forth above, Licensee shall notify Licensor, and Licensor shall, at Licensor’s option either promptly repair or replace the relevant functionality or features of the Service giving rise to the substantial non-conformity or re-perform the Services at no additional cost to Licensee. Such repair, replacement or re-performance shall be the sole and exclusive remedy of the Licensee for any breach of the warranty.

12. Licensor Indemnity: Licensor shall indemnify and hold Licensee harmless against any and all losses, damages, claims, or liabilities to the extent that they are based upon a third party claim that Licensee’s use of the Service in accordance with the terms of this EULA, provided by Licensor hereunder, infringes a valid U.S. and Hong Kong copyright. Licensor’s obligations under this Section are also contingent upon (i) Licensee providing Licensor with prompt written notice of such claim; (ii) Licensee providing reasonable cooperation to Licensor in Licensor’s defense of any such claim; and (iii) Licensee granting to Licensor sole authority and control over the defense and settlement of such claim. If the Software as a Service hereunder becomes, or in Licensor’s opinion is likely to become, the subject of a claim of infringement, Licensor may, at its option: (i) procure for Licensee the right to continue to use the Software as a Service; (ii) replace or modify the Software as a Service to make it non-infringing; or (iii) terminate this EULA and refund the fees paid for such Software as a Service for the then-current license term. Licensor will have no liability for any claim based on: (w) any modification of the Software as a Service except with respect to modifications performed by Licensor; (x) any use of the Software as a Service other than as expressly permitted under this EULA; or (y) any use or combination of the Software as a Service with any third-party products.  This Section sets forth Licensor’s complete liability, and Licensee’s sole remedy, with respect to claims relating to infringement of intellectual property rights.

13. Licensee Indemnification: Licensee shall indemnify and hold licensor as well as its subsidiaries, officers, directors, agents, representatives, employees and third-party licensors harmless from any and all claims, liabilities, losses, expenses or demands, including reasonable legal fees, based on, arising from, or otherwise related to (a) Licensee’s breach or violation of any of the provisions of this EULA; (b) Licensee’s access or use of the Software as a Service, including but not limited to the hosted platform, any of the information, materials, or any other services made available on or through the Software as a Service, in violation of the EULA; (c) any infringement or misappropriation by Licensee of any intellectual property or other rights of Licensor or any third party; (d) any threat, attack or abuse of the Software as a Service due to unauthorized use of the Software as a Service; or (e) any negligence or willful misconduct by Licensee.

14. Limitation of Liability:  Licensor shall not be liable to Licensee, or any other person or entity claiming through Licensee any loss of profit, income, savings, or any other consequential, incidental, special, punitive, direct and indirect damage, whether arising in contract, tort, warranty, or otherwise.  These limitations will apply regardless of the essential purpose of any limited remedy. Under no circumstances shall Licensor’s aggregate liability to Licensee, or any person or entity claiming through Licensee, exceed the financial amount actually paid by Licensee to Licensor for the Software as a Service.

15. Export Laws: Licensee may not use or otherwise export or re-export the Software except as authorized by United States law and the laws of the jurisdiction in which the Licensor’s Software was obtained.  In particular, but without limitation, the Licensor’s Software may not be exported or re-exported (a) into (or to a national or resident of) any U.S. embargoed countries (currently Cuba, Iran, Libya, North Korea, Sudan, and Syria) or (b) to anyone on the U.S. Treasury Department's list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List.  By using the Licensor’s Software, you represent and warrant that you are not located in, under control of, or a national or resident of any such country or on any such list.

16. Data Security by Licensee: The Licensee is solely responsible for ensuring that the Licensee Content generated via Software as a Service is appropriate for Licensee’s intended use and Licensee is solely responsible to maintain the security of Licensee Content. Licensee is responsible for taking and maintaining appropriate steps to maintain the confidentiality, integrity and security of the Licensee Content. Those steps include (without limitation) (i) controlling the access that Licensee provides to its users, (ii) configuring the service appropriately; (iii) ensuring the security of the Licensee Content while transferring the Licensee Content to any other medium (electronic or manual); (iv) using encryption technology wherever required to protect the Licensee Content; (v) backing up and/or archiving the Licensee Content in a secured environment to prevent any possible data loss due to technology failure or inactivation of the user account. The Licensor may retain Licensee Content in whole or in portion for specific duration in accordance with its internal data retention policy.

17. Data Security by Licensor: If and to the extent the EU Directive 95/46/EC or the EU General Data Protection Regulation (EU) 2016/679 (together with any transposing, implementing, or supplemental legislation “GDPR”) and/or any other applicable data protection and privacy laws apply to the processing of Personal Data (as defined in the GDPR or in the relevant legislation) (a) Licensor will process Personal Data only in accordance with Licensee’s instructions; (b) Licensor will process Personal Data only on Licensee’s written documented instructions, including with regard to transfers of Personal Data to any third party or any other country from the originating country; (c) Licensor will maintain and implement technical and organizational measures appropriate (having regard to the state of technological development and cost of implementation) to the risk of, and to seek to protect Licensee’s Personal Data against any Security Incident; (d) Licensor shall not transfer Licensee’s Personal Data without Licensee’s express written consent. In the event, the Licensor becomes aware of a confirmed Security Incident, inform Licensee without undue delay and provide reasonable information (to the extent such information is known or available to the Licensor) and cooperation to Licensee so that Licensee can fulfil any data breach reporting obligations it may have under applicable data protection laws. The Licensor further take such any reasonably necessary measures and actions to remedy or mitigate the effects of such Security Incident.  “Security Incident” means a breach of Licensor’s and/or Licensee’s security measures leading to (i) accidental or unlawful destruction of personal data or (ii) loss, alteration, unauthorised disclosure of, or access to personal data.

18. Privacy Policy: Please refer to Licensor’s Privacy Policy located online at https://ohphish.eccouncil.org/privacy_policy.html for information regarding how Licensor uses, transfers and shares information collected by or provided to it.

19. Permission to use Trademark and/or Logo: Licensee grants permission to Licensor to use Licensee’s trademark and/or logo on the Licensor’s website, or any other marketing material when referring to Licensee. Licensee will retain all title and rights to such trademarks and/or logos. Further, Licensor may customize the phishing simulation by including Licensee’s trademark and/or logo in which case the Licensee agrees not to bring any trademark infringement and/or trademark dilution claim against the Licensor.

20. Governing Law. This EULA shall be deemed to have been made in Hong Kong, and shall be construed and enforced in accordance with, and the validity and performance hereof shall be governed by the laws of the Hong Kong, without reference to principles of conflict of laws thereof. Judicial proceedings regarding any matter arising under the terms of this EULA shall be brought solely in the Courts of the Hong Kong.

21. Assignment: The Licensee shall not transfer its right to access and use the Software as a Service to any third party.

22. Publicity: With Licensee’s prior written consent, Licensor may refer to Licensee as one of its customers on Licensor's website and in other marketing material, including a possible joint press release.

23. Entire Agreement: This License constitutes the entire agreement between the parties with respect to the use of the Licensor’s Software licensed hereunder and supersedes all prior or contemporaneous understandings regarding such subject matter.  No amendment to or modification of this License will be binding unless in writing and signed by Licensor. The parties hereto confirm that they have requested that this License and all related documents be drafted in English.