Privacy Policy
Privacy Policy
Last updated: October 31, 2024
At Ghost Security, Inc. ("we", "us", or "our"), we value your privacy and are committed to protecting your personal information. This privacy notice describes how and why we collect, store, use, and/or share ("process") your information when you use our services ("Services"), including:
Visiting our website at www.ghost.security, www.ghostsecurity.com, or any of our sites linked to this privacy notice.
Applying for jobs through our website.
Engaging with us in other related ways, including sales, marketing, or events.
If you have any questions or concerns, reading this privacy notice will help you understand your rights and choices regarding your privacy. If you do not agree with our policies and practices, please do not use our Services. For any inquiries, contact us at privacy@ghost.security.
1. What Information Do We Collect?
We collect personal information that you voluntarily provide to us when you express interest in our products and Services, participate in activities on the Services, or contact us.
Personal Information Provided by You
The personal information we collect may include:
Name
Title
Company name
E-mail address
Phone number
If you apply for a job with us, additional information may include (but is not limited to):
CV/resume and all information contained therein
Professional experience
Educational experience
References
Please ensure that all personal information you provide is true, complete, and accurate, and notify us of any changes.
Audio, Electronic, or Visual Information
If you attend a Ghost Security-hosted in-person or virtual event, we may record the event or meeting. This may include photos, interviews, or recordings of interactive sessions, used for business and marketing purposes.
Information Automatically Collected
We automatically collect certain information when you visit or use our website, which may include:
IP address
Browser and device characteristics
Operating system
Language preferences
Referring URLs
Device name
Location data
This information helps us maintain the security and operation of our Services and for internal analytics.
Cookies and Similar Technologies
We use cookies and similar tracking technologies to enhance your experience. For more details, please refer to our Cookie Notice.
2. How Do We Process Your Information?
We process your personal information for various reasons, including:
Delivering services to you
Responding to user inquiries and offering support
3. What Legal Basis Do We Rely On to Process Your Information?
We process your personal information based on valid legal grounds, such as:
Your consent
Compliance with laws
Providing services or fulfilling contractual obligations
Protecting your rights
Fulfilling our legitimate business interests
4. When and With Whom Do We Share Your Personal Information?
We may share or transfer your information in the following circumstances:
Business Transfers: In connection with mergers, sales, or acquisitions.
Analytics Services: We use Google Analytics and HubSpot for tracking. To opt out of Google Analytics, visit here.
Third-Party Service Providers: We may share your information with third-party providers, including:
5. Is Your Information Transferred Internationally?
Your information may be transferred to, stored, and processed in the United States and other countries. If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please note that data protection laws may differ. We will take necessary measures to protect your personal information.
6. How Long Do We Keep Your Information?
We retain your personal information only as long as necessary for the purposes outlined in this privacy notice, or as required by law.
7. How Do We Keep Your Information Safe?
We implement appropriate security measures to protect your information. However, please be aware that no electronic transmission or storage is 100% secure, and we cannot guarantee complete security.
8. Do We Collect Information from Minors?
We do not knowingly collect data from or market to children under 18 years old.
9. What Are Your Privacy Rights?
You have the following rights regarding your personal information:
Withdrawing Consent: You can withdraw your consent at any time by contacting us.
Opting Out of Marketing: Unsubscribe via the link in our emails or by contacting us.
California Residents: Under the California Consumer Privacy Act (CCPA), you have specific rights, including the right to opt out of the sale of your personal information and the right to request data deletion.
10. Policy Changes
We reserve the right to modify this policy and will post any changes on our website. Please review this policy periodically for updates.
THIS SAAS SUBSCRIPTION AGREEMENT GOVERNS CUSTOMER’S ACQUISITION AND USE OF GHOST SECURITY’S SERVICES. CAPITALIZED TERMS HAVE THEIR DEFINITIONS SET FORTH HEREIN.
BY ACCEPTING THIS AGREEMENT, BY EITHER (1) CLICKING A BOX INDICATING ACCEPTANCE OR (2) EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.
IF CUSTOMER HAS PURCHASED THE LICENSE GRANTED HEREUNDER FROM A PARTNER, RESELLER OR DISTRIBUTOR AUTHORIZED BY GHOST SECURITY (“PARTNER”), THEN TO THE EXTENT THAT THERE IS ANY CONFLICT BETWEEN THIS AGREEMENT AND THE AGREEMENT ENTERED BETWEEN CUSTOMER AND THE RESPECTIVE PARTNER, INCLUDING ANY PURCHASE ORDER (“PARTNER AGREEMENT”), THEN, AS BETWEEN CUSTOMER AND GHOST SECURITY, THIS AGREEMENT SHALL PREVAIL. ANY RIGHT GRANTED TO CUSTOMER IN SUCH PARTNER AGREEMENT WHICH ARE NOT CONTAINED IN THIS AGREEMENT, APPLY ONLY IN CONNECTION WITH THE PARTNER. IN THAT CASE, CUSTOMER MUST SEEK REDRESS OR REALIZATION OR ENFORCEMENT OF SUCH RIGHTS SOLELY WITH THE PARTNER AND NOT GHOST SECURITY.
The Services may not be accessed for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.
Ghost Security’s competitors, including but not limited to API and Application security vendors, are prohibited from accessing the Services, except with Ghost Security’s prior written consent.
This Agreement was last updated on March 18th, 2024. It is effective between Customer and Ghost Security as of the date of Customer’s accepting this Agreement (“the Effective Date”).
SAAS SUBSCRIPTION AGREEMENT
This SaaS Subscription Agreement, including all exhibits, schedules, Statements of Work and Order Forms (as defined below) (collectively, the “Agreement”) are the terms of service under which Ghost Security, Inc. (“Ghost” or “Ghost Security”) agrees to grant the Customer access to and use of the Ghost SaaS Service, and Beta Releases (as defined below). By indicating Customer’s acceptance of this Agreement, executing an Order Form that references this Agreement, or using the Ghost SaaS Service, or Beta Releases, Customer agrees to be bound by this Agreement. If you are entering into this Agreement on behalf of an entity, such as the company you work for, then you represent to Ghost Security that you have the legal authority to bind the Customer to this Agreement. Ghost Security and Customer are each a “Party” and collectively, the “Parties”, hereunder.
1. DEFINITIONS
“Affiliate” means with respect to a Party, any person or entity that controls, is controlled by, or is under common control with such Party, where “control” means ownership of fifty percent (50%) or more of the outstanding voting securities. “Agent” or “Software” means Ghost Security software, including but not limited to the application that runs in Customer’s operating environment and captures systems information, including but not limited to calls and events.
“Authorized User” means a named individual that: (a) is an employee, representative, consultant, contractor or agent of Customer or a Customer Affiliate; (b) is authorized to use the SaaS Service pursuant to this Agreement; and (c) has been supplied a user identification and password by Customer. Customer shall be responsible for all access and use of the SaaS Service by the Authorized Users.
“Beta Releases” means Ghost Security services or functionality that may be made available to Customer to try at its option at no additional charge which is clearly designated as beta, pilot, limited release, developer preview, non-production, evaluation, or by a similar description.
“B2B Relationship Data” means any administrative, transactional or account related data or communications provided by or on behalf of Customer to Ghost Security in connection with the creation, purchase, maintenance, or support of Customer’s account with Ghost.
“Customer” means any individual or entity with which Ghost Security has sold its products or services to.
"Customer Data" means any data or other information which is provided by (or on behalf of) Customer directly or indirectly to Ghost Security in connection with the Services, Introductory SaaS Service or Beta Releases, including data that is collected by the Software, and shall not include Customer Personal Data or Service Analytics as defined hereunder.
"Customer Personal Data" means any Customer Data which (i) qualifies as “Personal Data” “Personal Information” “Personally Identifiable Information” or any substantially similar term under applicable privacy laws and (ii) is processed by Ghost Security on behalf of Customer in connection with the Agreement. For the avoidance of doubt, Customer Personal Data shall not include B2B Relationship Data or Service Analytics as defined hereunder.
"Documentation" means the end user technical documentation provided with the Services, as may be modified from time to time.
"License Entitlement" means the license quantity pursuant to which the SaaS Service is deployed by Ghost Security, as set forth in an Order Form, which may be measured by the number of API endpoints, applications, volume of data mirrored, or other defined metric as outlined in the Order Form.
"License Keys" means an alphanumeric code that enables use of the Software.
“Open Source Software” means a program in which source code is made publicly and freely available for use and modification pursuant to certain license terms.
"Order Form" means a document executed by and between Ghost Security and Customer or electronically accepted by Customer that references this Agreement, purchase confirmation or any other document which details the Services to be provided by Ghost Security, the fees associated therewith, and any other transaction-specific terms and conditions.
“Statement of Work” or “SOW” means a statement of work or other such executed document that references this Agreement, whereby Customer engages Ghost Security to perform certain training, consulting, technical account management, professional, or similar services related thereto.
“SaaS Service” means Ghost’s hosted service solution as specified on an Order Form, made available at www.ghostsecurity.com. The SaaS Service may include the use of certain Software, as applicable.
"Services" means the specific ordered SaaS Service, Support Services, and any of the training services, technical account management services, and/or consulting or other professional services, pursuant to one or more Order Forms and SOW(s), if applicable.
“Subscription Term(s)” means the subscription period(s) specified in an Order Form, during which Authorized Users may use the SaaS Service, subject to the terms of this Agreement.
“Support Services” means the maintenance and support services provided by Ghost Security to Customer during the Subscription Term, as set forth on the Order Form.
“Update” is a SaaS Service release that Ghost Security makes generally available to all Ghost customers, along with any corresponding changes to Documentation. An Update may be an error correction or bug fix; or it may be enhancement, new feature, or new functionality.
2. PROVISION AND USE OF THE SERVICES
2.1 Provision of the SaaS Service. Subject to Customer’s payment of all fees due hereunder, Ghost Security grants Customer a limited, non exclusive, non-sublicenseable, nontransferable (except as specifically permitted in this Agreement) right to access and use the SaaS Service during the applicable Subscription Term, pursuant to the License Entitlement as set forth in the applicable Order Form, solely for Customer’s internal business purposes. This grant includes the right to implement the Software for use with the SaaS Service, if applicable. Customer may permit their Affiliates to use and access the SaaS Service and Documentation in accordance with this Agreement, but Customer shall be responsible for the compliance of all Affiliates with this Agreement, Documentation, and the Order Form(s).
2.2 Use Restrictions. Customer shall not (and shall not permit any third party to): (a) sublicense, sell, transfer, assign, distribute or otherwise grant or enable access to the SaaS Service in a manner that allows anyone to access or use the SaaS Service without an Authorized User subscription, or to commercially exploit the SaaS Service; (b) use the SaaS Service to provide, or incorporate the SaaS Service into, any product or service provided to a third party; (c) use the SaaS Service to develop a similar or competing product or service; (d) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code except to the extent expressly permitted by applicable law (and then only upon advance notice to Ghost Security); (e) copy, modify or create any derivative work of the SaaS Service or any Documentation; (f) remove or obscure any proprietary or other notices contained in the SaaS Service; (g) allow Authorized User subscriptions to be shared or used by more than one individual Authorized User (except that Authorized User subscriptions may be reassigned by Customer to new Authorized Users replacing individuals who no longer use the SaaS Service for any purpose); (h) publicly disseminate performance information regarding the SaaS Service; further, Customer shall not (and shall not permit any third party to) access or use the SaaS Service: (i) to send or store infringing, obscene, threatening, or otherwise unlawful material, including material violative of third-party privacy rights and/or in violation of applicable laws; (ii) to send or store material containing software viruses, worms, trojan horses or other harmful computer code, files, scripts, or agents; (iii) in a manner that interferes with or disrupts the integrity or performance of the SaaS Service (or the data contained therein); (iv) to gain unauthorized access to the SaaS Service (including unauthorized features and functionality) or its related systems or network; or (v) disable or bypass the measures that Ghost Security may use to prevent or restrict access to the SaaS Service, or if applicable, use the SaaS Service in excess of the License Entitlement limits set forth in the Order Form(s).
2.3 Support Services. During the Subscription Term, Ghost Security will provide Support Services to the Customer in accordance with the purchased Support Services level detailed in Exhibit A. Customer is required to have Support Services for the duration of the applicable Subscription Term. Customer shall be entitled to Updates to the extent Ghost Security incorporates such Updates into the SaaS Service subject to the applicable Order Form during the Subscription Term.
2.4 Use of Services Deliverables. Subject to Customer’s payment of all fees due hereunder, Ghost Security grants Customer a limited, non-exclusive, royalty-free, non-sublicensable, non-transferable license (except as specifically permitted in this Agreement), to use those elements of the Ghost Technology (as defined below) embodied in the Services deliverables, if any, in Customer’s ordinary course of business, solely as so embodied. Ghost Security reserves all other rights in and to the Ghost Technology.
2.5 Beta Releases. From time to time, Ghost Security may grant Customer access to Beta Releases. Customer shall comply with all terms related to any Beta Releases as posted or otherwise made available to Customer. Ghost Security may add or modify terms related to access or use of the Beta Release at any time. While Ghost Security may provide assistance with Beta Releases in its discretion, notwithstanding anything to the contrary in this Agreement, CUSTOMER AGREES THAT ANY BETA RELEASE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTY, SUPPORT SERVICES, MAINTENANCE, STORAGE, OR SERVICE LEVEL OBLIGATIONS OF ANY KIND. CUSTOMER FURTHER ACKNOWLEDGES AND AGREES THAT BETA RELEASES MAY NOT BE COMPLETE OR FULLY FUNCTIONAL AND MAY CONTAIN BUGS, ERRORS, OMISSIONS, AND OTHER PROBLEMS FOR WHICH GHOST SECURITY WILL NOT BE RESPONSIBLE. Ghost Security makes no promises that future versions of a Beta Release will be released. Customer’s use of the Beta Release will automatically terminate upon the release of a generally available version of the applicable Beta Release or upon notice of termination by Ghost Security.
2.6 Introductory SaaS Service. From time to time, Ghost Security may make available one or more offers for use of an introductory tier of the SaaS Service at no cost (“Introductory SaaS Service”). Customer shall comply with all terms, including applicable service, account and data retention limits related to any Introductory SaaS Service, all as posted or otherwise made available to Customer. Ghost Security may add or modify terms related to access or use of the Introductory SaaS Service at any time. While Ghost Security may provide limited support as further detailed in the documentation for the Introductory SaaS Service, CUSTOMER AGREES THAT AN INTRODUCTORY SAAS SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT ANY WARRANTY OF ANY KIND. Customer further acknowledges that Customer, subject to the terms and conditions of this Agreement, may upgrade to the SaaS Service at any time.
2.7. Either Party may suspend or terminate access or use of any Introductory SaaS Service or Beta Release at any time for any reason or no reason. Notwithstanding anything to the contrary in the Agreement, after suspension or termination of Customer’s access to or use of any Introductory SaaS Service or Beta Release for any reason (a) Customer will not have any further right to access or use the applicable Introductory SaaS Service or Beta Release and (b) Customer Data used in the applicable Introductory SaaS Service or Beta Release may be deleted or inaccessible. Notwithstanding anything contained to the contrary in this Agreement, Ghost Security and its licensors’ cumulative and aggregate liability arising out of or relating to the Introductory SaaS Service or Beta Releases is limited to $1,000 USD.
3. CUSTOMER OBLIGATIONS
3.1 Data Collection. Customer has exclusive control and responsibility for determining what Customer Data is submitted to the Services, Introductory SaaS Service and Beta Releases and for obtaining all necessary consents and permissions for submission of Customer Data and processing instructions to Ghost Security.
3.2 Rights in Customer Data. Customer is solely responsible for the accuracy, content and legality of all Customer Data and agrees to comply with all applicable laws in its use of the Services, Introductory SaaS Service and Beta Releases. Customer represents and warrants that Customer has all necessary rights, consents and permissions to collect, share and use Customer Data as contemplated in this Agreement, without violation or infringement of any third-party intellectual property, publicity, privacy rights or any laws and regulations.
3.3 Customer Data; Storage. Without limiting Ghost Security’s obligations hereunder, Customer acknowledges that Customer is responsible for properly configuring and using the SaaS Service, Introductory SaaS Service and Beta Releases and otherwise taking reasonable action to secure and protect Customer accounts and Customer Data.
3.4 Open Source Software and Third-Party Software. Customer acknowledges and agrees that certain Open Source Software libraries, components and utilities, and other third-party software not owned or developed by Ghost Security are embedded in the Software. The publicly available open source license terms governing the Open Source Software shall take precedence over this Agreement to the extent that the Agreement imposes greater restrictions on Customer. Customer hereby acknowledges that Ghost Security disclaims and makes no representation or warranty with respect to the Open Source Software, or any portion thereof, and notwithstanding anything contained to the contrary herein assumes no liability for any claim that may arise with respect to such Open Source Software or Customer's use or inability to use the same.
4. PROPRIETARY RIGHTS.
4.1 Customer Data. As between the Parties, Customer shall retain all right, title and interest (including any and all intellectual property rights) in and to the Customer Data. Subject to the terms of this Agreement, Customer hereby grants to Ghost Security a non-exclusive, worldwide, royalty-free right to use, copy, store, transmit, modify, create derivative works of and display the Customer Data solely to the extent necessary to provide the Services, Introductory SaaS Service and Beta Releases to Customer during the Subscription Term.
4.2 Ghost Technology. The Services, Introductory SaaS Service, Beta Releases, Documentation, including all copies and portions thereof, and all intellectual property rights therein, including, but not limited to derivative works, deliverables, Updates, enhancements and modifications therefrom (“Ghost Technology”), shall remain the sole and exclusive property of Ghost Security. Customer is not authorized to use (and shall not permit any third party to use) the Ghost Technology or any portion thereof except as expressly authorized by this Agreement.
4.3 Service Analytics. Ghost Security may process Service Analytics for internal business purposes in order to deliver, enhance, secure and support the Services, Introductory SaaS Service, Beta Releases and Software. Customer may have the ability to configure the Services, Introductory SaaS Service and Beta Releases (as applicable) to limit the Service Analytics that are collected. Customer may refer to the Documentation and/or Customer’s account representative for more information. “Service Analytics” means all information and data that the Services, Introductory SaaS Service, and Beta Releases generate or otherwise obtain from Customer’s use of the foregoing, including but not limited to usage statistics, telemetry and analytics and similar information, collected by cookies, web beacons, and other similar applications. Ghost Security may disclose the results of its analysis of the Service Analytics publicly or to third parties in connection with our marketing and promotion efforts, including but not limited to presentations, technical reports and whitepapers, provided that such results do not contain any personally identifiable information, or enable a third party to determine the source of such information.
5. FEES & PAYMENT
5.1 Fees and Payment. (A) All fees are as set forth in the applicable Order Form and shall be paid by Customer within thirty (30) days of date of invoice, unless otherwise specified in the applicable Order Form or SOW. Except as expressly set forth in an Order Form or SOW: (a) payment obligations are non-cancelable and fees are non-refundable; and (b) Customer may not decrease the License Entitlement or downgrade to the Introductory SaaS Service during the applicable Subscription Term. Where Customer designates use of a third-party payment processor network, Customer shall be responsible for payment of all fees and charges associated with use of such network (including registration, participation, and payment processing fees) and Ghost Security may invoice for such fees together with the subscription fees or on separate invoice(s).
5.2 Effect of Nonpayment. This Agreement or Customer’s access to Services may be suspended or terminated if Customer’s account falls into arrears. Unpaid amounts may be subject to interest at the lesser of one and one-half percent (1.5%) per month or the maximum permitted by law, plus all collection costs.
5.3 Taxes. All fees stated on Order Form are exclusive of any taxes, levies, or duties (“Taxes”), and Customer will be responsible for payment of all such Taxes excluding taxes based solely on Ghost Security income. Unless Customer provides Ghost Security a valid state sales/use/excise tax exemption certificate, Customer will pay and be solely responsible for all Taxes. Ghost Security may invoice Taxes in accordance with applicable law together on one invoice or a separate invoice. Ghost Security reserves the right to determine the Taxes for a transaction based on Customer’s “bill to” or “ship to” address, or other information provided by Customer on the location of Customer’s use of the SaaS Service. Customer will be responsible for any Taxes, penalties or interests that might apply based on Ghost Security’s failure to charge appropriate tax due to incomplete or incorrect location information provided by Customer. If Customer is required by any foreign governmental authority to deduct or withhold any portion of the amount invoiced for the delivery or use of the Services under this Agreement, Customer shall increase the sum paid to Ghost Security by an amount necessary for the total payment to Ghost Security equal to the amount originally invoiced.
5.4 Travel and Expenses. Customer will pay any reasonable and actual pre-approved out-of-pocket expenses incurred in connection with the Services which may include without limitation, airfare, lodging, and meals. Ghost Security shall provide Customer invoices and receipts for any such Customer pre-approved expenses.
5.5 Rescheduling Policy Applicable to Services. Ghost Security and Customer will commence Services (which for purposes of this Section 5.5 excludes the SaaS Service and Support Services) on a start date to be mutually agreed to between the Parties. Customer may reschedule Services by notifying Ghost Security in writing (which can include by email) with fifteen (15) business days’ prior notice and Ghost Security will make commercially reasonable efforts to reschedule. If performance of the Services is delayed due to Customer’s failure to provide required access, personnel availability or is otherwise canceled with less than fifteen (15) business days’ notice once ordered by Customer, Ghost Security may charge Customer the then prevailing daily charge, plus reimbursement of all travel-related expenses (if applicable), for each day (up to a maximum of 15 days) for each person assigned by Ghost Security to provide the Services. Ghost Security strongly recommends scheduling the Services engagement in a single instance over a period of consecutive days. However, in no event shall Services be scheduled in fewer than in one full day increments, unless otherwise set forth in an SOW. No Services shall be scheduled in partial day increments.
6. TERM AND TERMINATION
6.1 Term. This Agreement will continue for so long as there is an Order Form in effect between the Parties or for so long as Customer is using the Introductory SaaS Service, unless earlier terminated pursuant to the terms of this Agreement.
6.2 Termination for Cause. Either Party may terminate this Agreement (or any affected Order Form or Statement of Work) (a) upon the other Party’s material breach that remains uncured for thirty (30) days following written notice of such breach, except that termination will take immediate effect on written notice in the event of a breach of Section 2.2 (“Use Restrictions”), Section 2.4 (“Use of Services Deliverables”) or 10 (“Confidential Information”); or (b) immediately in the event the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors (and not dismissed within sixty (60) days thereafter).
6.3 Treatment of Customer Data Following Expiration or Termination. Customer agrees that following termination of this Agreement, or termination or expiration of any Order Form, Ghost Security may immediately deactivate Customer’s account(s) associated with the Agreement or applicable Order Form. Customer understands that Ghost Security may retain copies of Customer Data in regular backups or as required by law, which will remain subject to the confidentiality and security standards set forth in Sections 10 and 11, respectively, for so long as Customer Data is retained by Ghost Security. Customer acknowledges that the retention of Customer Data in the SaaS Service is at all times subject to Ghost Security’s SaaS Service data retention policies which shall be made available to Customer upon request and are subject to update from time to time in Ghost Security’s reasonable discretion, but in no event shall any such update result in a material reduction of SaaS Service data retention periods in effect during Customer’s applicable Subscription Term. Any “snapshot” of Customer Data therefore is inclusive of the Ghost Security SaaS Service data retention policies in effect at the time of Customer Data retrieval.
6.4 Effect of Termination. Upon early termination of this Agreement by Customer for Ghost Security's uncured material breach pursuant to Section 6.2 or by Ghost Security pursuant to Section 6.3, Customer is entitled to a prorated refund of prepaid fees relating to the Services applicable to the remaining period in the applicable Subscription Term. Upon expiration or termination of this Agreement by Ghost Security for Customer’s uncured material breach pursuant to Section 6.2 or by Customer pursuant to Section 6.3, unpaid fees relating to the Services applicable to the duration of any applicable Subscription Term will be immediately due and payable. In addition, upon expiration or termination of this Agreement for any reason: (a) all rights granted to Customer under this Agreement, and Ghost Security's obligation to provide the Services, Introductory SaaS Service or Beta Releases will terminate (including any and all rights related to Software); and (b) any payment obligations accrued pursuant to this Agreement, as well as the provisions of Section 6, 8, 10, and 12 of this Agreement will survive such expiration or termination.
7. LIMITED WARRANTY
7.1 Limited Warranty. Ghost Security warrants that during the Subscription Term the Services made available for Customer’s use (which for purposes of this Section 7.1 excludes Support Services which shall be addressed under Exhibit A) will operate in substantial conformity with the applicable Documentation. In the event of a material breach of the foregoing warranty, Customer’s exclusive remedy and Ghost Security’s entire liability, shall be for Ghost Security to use commercially reasonable efforts to correct the reported non-conformity within thirty (30) days, or if Ghost Security determines such remedy to be impracticable, Ghost Security at its discretion, may terminate the applicable Order Form (and applicable Statement of Work, if any) and Customer will receive, as its sole remedy, a refund of any fees Customer has pre-paid for use of affected Services for the terminated portion of the applicable Subscription Term. The warranty set forth in this Section 7.1 shall not apply if the error was caused by misuse, unauthorized modifications or third-party hardware, software or services, or any use provided on a no-charge or evaluation basis.
7.2 Malicious Code. Ghost Security warrants that Ghost Security will not knowingly introduce into the Services software viruses, worms, Trojan horses or other code, files, scripts, or agents intended to do harm.
7.3 Warranty Disclaimer. EXCEPT FOR THE WARRANTY IN THIS SECTION 7, THE SERVICES ARE PROVIDED “AS IS”. NEITHER GHOST SECURITY NOR ITS SUPPLIERS MAKES ANY OTHER WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT, THOSE ARISING FROM A COURSE OF DEALING OR USAGE OR TRADE, AND ALL SUCH WARRANTIES ARE HEREBY EXCLUDED TO THE FULLEST EXTENT PERMITTED BY LAW. FURTHER, GHOST SECURITY DOES NOT WARRANT THE SAAS SERVICE WILL BE ERROR-FREE OR THAT USE OF THE SAAS SERVICE WILL BE UNINTERRUPTED. GHOST SECURITY’S SOLE AND EXCLUSIVE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY IN RESPECT OF ANY ERROR SHALL BE LIMITED TO PROVISION OF SUPPORT SERVICES.
8. LIMITATION OF REMEDIES AND DAMAGES
8.1 Liability Cap. EXCEPT WITH RESPECT TO: (A) EITHER PARTY'S OBLIGATIONS UNDER SECTION 9 ("INDEMNIFICATION") (FOR WHICH THE LIABILITY LIMITATION SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER TO GHOST SECURITY IN THE CUMULATIVE AND AGGREGATE FOR ALL CLAIMS); AND (B) CUSTOMER'S INFRINGEMENT OF GHOST SECURITY'S INTELLECTUAL PROPERTY RIGHTS, IN NO EVENT SHALL EITHER PARTY'S TOTAL AGGREGATE LIABILITY EXCEED THE AMOUNTS PAID BY AND/OR DUE FROM CUSTOMER FOR THE THEN-CURRENT ANNUAL SUBSCRIPTION TERM, UNDER THE APPLICABLE ORDER FORM(S) RELATING TO THE CLAIM.
8.2 EXCEPT FOR CUSTOMER’S INFRINGEMENT OF GHOST SECURITY’S INTELLECTUAL PROPERTY RIGHTS, IN NO EVENT SHALL EITHER PARTY, OR GHOST SECURITY’S AFFILIATES OR ITS LICENSORS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, SPECIAL, INDIRECT, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION LOST PROFITS, LOSS OF USE, BUSINESS INTERRUPTIONS, LOSS OF DATA, REVENUE, GOODWILL, PRODUCTION, ANTICIPATED SAVINGS, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, IN CONNECTION WITH OR ARISING OUT OF THE PERFORMANCE OF OR FAILURE TO PERFORM THIS AGREEMENT, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN OF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
8.3 Limitations Fair and Reasonable. EACH PARTY ACKNOWLEDGES THAT THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION 8 REFLECT THE ALLOCATION OF RISK BETWEEN THE PARTIES UNDER THIS AGREEMENT, AND THAT IN THE ABSENCE OF SUCH LIMITATIONS OF LIABILITY, THE ECONOMIC TERMS OF THIS AGREEMENT WOULD BE SIGNIFICANTLY DIFFERENT.
9. INDEMNIFICATION
9.1 By Ghost Security. Ghost Security shall defend Customer from and against any claim by a third party alleging that the SaaS Service when used as authorized under this Agreement infringes any trademark or copyright of such third party, enforceable in the jurisdiction of Customer’s use of the SaaS Service, or misappropriates a trade secret (but only to the extent that such misappropriation is not a result of Customer’s actions) (“Infringement Claim”) and shall indemnify and hold harmless Customer from and against any damages and costs awarded against Customer by a court of competent jurisdiction or agreed in settlement by Ghost Security (including reasonable attorneys’ fees) resulting from such Infringement Claim. Ghost Security will have no obligation and assumes no liability under this Section 9 or otherwise with respect to any claim based on: (1) if the SaaS Service is modified by any party other than Ghost Security, but solely to the extent the alleged infringement is caused by such modification; (2) if the SaaS Service is combined, operated or used with any Customer Data or any Customer or third party products, services, hardware, data, content, or business processes not provided by Ghost Security where there would be no Infringement Claim but for such combination; (3) to any action arising as a result of Customer Data or any third-party deliverables or components contained within the SaaS Service; (4) if Customer settles or makes any admissions with respect to a claim without Ghost Security’s prior written consent; or (5) to any use provided on a no-charge or evaluation basis. THIS SECTION 9 SETS FORTH GHOST SECURITY’S AND ITS SUPPLIERS’ SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY CLAIM OF INTELLECTUAL PROPERTY INFRINGEMENT.
9.2 Remedies. If Customer’s use of the SaaS Service is (or in Ghost Security’s opinion is likely to be) enjoined, if required by settlement or if Ghost Security determines such actions are reasonably necessary to avoid material liability, Ghost Security may, at its option: (i) procure for Customer the right to use the SaaS Service in accordance with this Agreement; (ii) replace or modify, the SaaS Service to make it non-infringing; or (iii) terminate Customer's right to use the SaaS Service and discontinue the related Support Services, and upon Customer's certification of deletion of the Software (if any), refund prorated pre-paid fees for the remainder of the applicable Subscription Term for the SaaS Service.
9.3 By Customer. Customer will defend, indemnify and hold Ghost Security harmless from and against any damages and costs (including reasonable attorneys' fees and costs incurred by Ghost Security) finally awarded against Ghost Security arising from or in connection with any claim alleging that Ghost Security's use of the Customer Data infringes a copyright, trademark, trade secret or breaches privacy, or publicity right of a third party.
9.4 Indemnity Process. Each Party's indemnification obligations are conditioned on the indemnified Party: (a) promptly giving written notice of the claim to the indemnifying Party; (b) giving the indemnifying Party sole control of the defense and settlement of the claim; and (c) providing to the indemnifying Party all available information and assistance in connection with the claim, at the indemnifying Party's request and expense. The indemnified Party may participate in the defense of the claim, at the indemnified Party's sole expense (not subject to reimbursement). Neither Party may admit liability for or consent to any judgment or concede or settle or compromise any claim unless such admission, concession, settlement, or compromise includes a full and unconditional release of the other Party from all liabilities in respect of such claim.
10. CONFIDENTIAL INFORMATION
10.1 Each Party (as “Receiving Party”) agrees that all code, inventions, know-how, business, personal data, technical and financial information it obtains from the disclosing party (“Disclosing Party”) constitute the confidential property of the Disclosing Party (“Confidential Information”), provided that it is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure. Customer Data, pricing information, Ghost Security Technology, Beta Releases (including the existence of), performance information relating to the Services, Introductory SaaS Service or Beta Releases, and the terms and conditions of this Agreement shall be deemed Confidential Information without any marking or further designation. Except as expressly authorized herein, the Receiving Party shall (1) hold in confidence and not disclose any Confidential Information to third parties and (2) not use Confidential Information for any purpose other than fulfilling its obligations and exercising its rights under this Agreement. The Receiving Party may disclose Confidential Information to its employees, agents, contractors and other representatives having a legitimate need to know, provided that such representatives are bound to confidentiality obligations no less protective of the Disclosing Party than this Section 10 and that the Receiving Party remains responsible for compliance by any such representative with the terms of this Section 10. The Receiving Party’s confidentiality obligations shall not apply to information that the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (iv) is independently developed by employees of the Receiving Party without use of or reference to such information. The Receiving Party may make disclosures to the extent required by law or court order, provided the Receiving Party notifies the Disclosing Party in advance and cooperates in any effort to obtain confidential treatment. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party shall be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.
10.2 Customer Personal Data. Customer acknowledges that the Services, Introductory SaaS Service and Beta Releases do not require Customer to input or otherwise transmit Customer Personal Data and Customer agrees not to input or otherwise transmit any Customer Personal Data to the Services, Introductory SaaS Service or Beta Releases without Ghost Security’s explicit consent or as otherwise set forth in the applicable Order Form or other written agreement between the Parties.
10.3 B2B Relationship Data; Service Analytics. For the avoidance of doubt and subject to the terms hereunder, Ghost Security processes Service Analytics and B2B Relationship Data in its role as an independent controller and in accordance with applicable laws and Ghost Security’s privacy policy.
11. SECURITY.
11.1 During the Subscription Term, Ghost Security will maintain reasonable administrative, physical, and technical safeguards designed for the protection, confidentiality, and integrity of Customer Data at least as rigorous as the measures standard in the industry in accordance with Section 11.3. Ghost Security will not use Customer Data except to provide the Services, Introductory SaaS Service, Beta Releases or Support Services in accordance with this Agreement or as instructed by Customer.
11.2 Ghost Security will only be liable for any unauthorized access to Customer Data by third parties only to the extent resulting from Ghost Security’s gross negligence or willful misconduct. The provisions of this Section 11.2 apply notwithstanding any provision of this Agreement or any other agreement between Ghost Security and Customer (or any affiliate of Customer) to the contrary.
11.3 Ghost Security Security Addendum. Ghost Security will implement and maintain commercially reasonable security measures (as set forth in Exhibit B) designed to meet the following objectives: (i) ensure the security and confidentiality of Customer Data in the custody and under the control of Ghost Security; (ii) protect against any anticipated threats or hazards to the security or integrity of such Customer Data; (iii) protect against unauthorized access to or use of such Customer Data; and (iv) ensure that Ghost Security’s return or disposal of such Customer Data is performed in a manner consistent with Ghost Security’s obligations under the Agreement and applicable law.
12. GENERAL TERMS
12.1 If Customer acquired the Services from a Ghost Security authorized distributor or reseller (“Partner”), then this Agreement is not exclusive of any rights Customer obtains under Partner’s sale agreement. If a Partner has granted Customer any rights that Ghost Security does not also directly grant to Customer in this Agreement, or that conflict with this Agreement, then Customer’s sole recourse with respect to such rights is against the Partner. The provisions of Section 6.1-6.3 do not apply to Customer, and Customer’s billing and payment rights and obligations are governed by the Partner sale agreement. However, if the Partner from whom Customer purchased the Services fails to pay Ghost Security any amounts due in connection with the Services, then Ghost Security may suspend Customer’s rights to use the Services, with notice to Customer. Customer acknowledges that Customer’s remedy in the event of such suspension is solely against the Partner.
12.2 References. Unless otherwise specified in the applicable Order Form, Ghost Security may refer to Customer as one of Ghost Security’s customers and use Customer’s logo as part of such reference, provided that Ghost Security complies with any Customer trademark usage requirements provided by Customer. Upon reasonable request, Customer will serve as a reference account for Ghost Security, provided, however, that Ghost Security will provide Customer with reasonable notice and obtain Customer’s consent before scheduling any reference activity. Furthermore, if so specified in the applicable Order Form, Ghost Security may either: (a) issue a press release announcing the relationship between Ghost Security and Customer, or (b) submit a joint press release to Customer for Customer’s approval, such approval not to be unreasonably withheld or delayed.
12.3 Compliance With Laws. Ghost Security and Customer will comply with all applicable laws and regulations with respect to performance under this Agreement, including, without exception all requirements of applicable state and federal privacy laws and regulations governing personally identifiable information, personal information, personal data and any other substantially similar term. Without limiting the foregoing, each Party acknowledges that it is aware of, understands and has complied and will comply with, all applicable U.S. and foreign anti corruption corruption laws, including without limitation, the U.S. Foreign Corrupt Practices Act of 1977 and the U.K. Bribery Act of 2010, and similarly applicable anti-corruption and anti-bribery laws (“Anti- Corruption Laws”). Each Party agrees that no one acting on its behalf will give, offer, agree or promise to give, or authorize the giving directly or indirectly, of any money or other thing of value, including travel, entertainment, or gifts, to anyone as an unlawful inducement or reward for favorable action or forbearance from action or the exercise of unlawful influence (a) to any governmental official or employee (including employees of government-owned and government controlled corporations or agencies or public international organizations), (b) to any political party, official of a political party, or candidate, (c) to an intermediary for payment to any of the foregoing, or (d) to any other person or entity in a corrupt or improper effort to obtain or retain business or any commercial advantage, such as receiving a permit or license, or directing business to any person. Each Party represents and warrants to the other that neither it nor its Affiliates, nor any of its or their users, officers or directors, are persons, entities or organizations with whom the other Party is prohibited from dealing (including provision of software, products or services) by virtue of any applicable law, regulation, or executive order, including US export control laws, and names appearing on the U.S. Department of the Treasury’s Office of Foreign Assets Control’s Specially Designated Nationals and Blocked Persons List.
12.4 Assignment. Neither Party may assign this Agreement, in whole or in part, without the prior written consent of the other Party, provided that no such consent will be required to assign this Agreement in its entirety to (i) an Affiliate that is able to satisfy the obligations of the assignor under this Agreement or (ii) a successor in interest in connection with a merger, acquisition or sale of all or substantially of the assigning Party’s assets, provided that the assignee has agreed to be bound by all of the terms of this Agreement and all fees owed to the other Party are paid in full. If Customer is acquired by, sells substantially all its assets to, or undergoes a change of control in favor of, a direct competitor of Ghost Security, then Ghost Security may terminate this Agreement upon thirty (30) days prior written notice.
12.5 Severability. If any provision of this Agreement shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited to the minimum extent necessary so that this Agreement shall otherwise remain in effect.
12.6 Governing Law; Jurisdiction and Venue. This Agreement will be governed by the Applicable Law described below as applicable (without regard to the conflicts of law provisions of any jurisdiction), and claims arising out of or in connection with this Agreement will be subject to binding arbitration in accordance with Section 12.6 to be located in the Arbitration Tribunal and Venue of the State of Texas, USA. Each Party irrevocably submits to the personal jurisdiction and venue of and agrees to service of process issued or authorized by any court in the Jurisdiction in any action or proceeding. Neither the United Nations Convention of Contracts for the International Sale of Goods nor the Uniform Computer Information Transactions Act will apply to this Agreement.
12.7 Arbitration. Any and all disputes, claims or causes of action, in law or equity, including without limitation, claims arising out of or related to the Parties’ negotiations and inducements to enter into this Agreement, enforcement, breach, performance or interpretation of this Agreement will be submitted to mandatory, binding arbitration under the auspices of the Arbitration Tribunal applicable above, or its successors, under its then-current commercial arbitration rules and procedures. Both Parties acknowledge that by agreeing to arbitration, they waive the right to resolve any such dispute through a trial by jury or judge or administrative proceeding. Nothing in this Agreement is intended to prevent either Party from obtaining injunctive relief in any competent court to prevent irreparable harm pending the conclusion of any such arbitration. Each Party will bear its own expenses in the arbitration and will share equally the costs of the arbitration; provided, however, that the arbitrator(s) or any other court may, in its discretion, award reasonable costs and fees to the prevailing Party. This Agreement is subject to the operation of the 1958 United Nations Convention on the Recognition and Enforcement of Foreign Arbitral Awards.
12.8 Notice. Notices to a Party will be sent by first-class mail, overnight courier or prepaid post to the address for such Party as identified on the first page of this Agreement and will be deemed given seventy-two (72) hours after mailing or upon confirmed delivery or receipt, whichever is sooner. Customer will address notices to Ghost Security Legal Department at legalnotices@ghost.security. Either Party may from time to time change its address for notices under this Section 12.8 by giving the other Party at least thirty (30) days prior written notice of the change.
12.9 Force Majeure. Neither Party will be in default or liable under this Agreement by reason of any failure in performance of this Agreement if such failure arises, directly or indirectly, out of causes reasonably beyond the reasonable control of such Party, including acts of God or of the public enemy, terrorism, political unrest, U.S. or foreign governmental acts in either a sovereign or contractual capacity, fire, flood, failure of third party connections, epidemic, pandemic or virus, utilities or networks, earthquake, hostile attacks, restrictions, strikes, and/or freight embargoes.
12.10 Amendments; Waivers. No supplement, modification, or amendment of this Agreement shall be binding, unless executed in writing by a duly authorized representative of each Party to this Agreement. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the Party claiming such waiver. No provision of any purchase order or other business form employed by Customer will supersede the terms and conditions of this Agreement, and any such document relating to this Agreement shall be for administrative purposes only and shall have no legal effect.
12.11 Entire Agreement; Interpretation. This Agreement is the complete and exclusive statement of the mutual understanding of the Parties and supersedes all previous written and oral agreements and communications relating to the subject matter of this Agreement. In this Agreement, headings are for convenience only and “including”, “e.g.”, and similar terms will be construed without limitation. In the event of a conflict between the terms of this Agreement and the terms of any Order Form, or Exhibit hereto, such conflict will be resolved in the following order, except to the extent expressly specified otherwise in the applicable Order Form or SOW: this Agreement (b) the Exhibits (c) Order Form (d) Statement of Work. Any pre printed terms on any Customer ordering documents or terms referenced or linked therein will have no effect on the terms of this Agreement and are hereby rejected, including where such Customer ordering document is signed by Ghost Security. Customer acknowledges that the SaaS Service is an on-line, subscription-based product, and that in order to provide improved customer experience Ghost Security may make changes to the Services, and Ghost Security will update the applicable Documentation accordingly. The Support Service level may be updated from time to time upon reasonable notice to Customer to reflect process improvements or changing practices (but the modifications will not materially decrease Ghost Security’s obligations).
12.12 Subcontractors. Ghost Security may use the services of subcontractors and permit them to exercise the rights granted to Ghost Security in order to provide the Services, Introductory SaaS Service, and Beta Releases under this Agreement. These subcontractors may include, for example, Ghost Security’s hosting infrastructure. Ghost Security remains responsible for compliance of any such subcontractor with the terms of this Agreement.
12.13 Feedback. Ghost Security shall be free to use, irrevocably, in perpetuity, for free and for any purpose, all suggestions, ideas and/or feedback relating to the Services, Introductory SaaS Service or Beta Releases (collectively, “Feedback”) provided to Customer, its Affiliates and Authorized Users.
12.14 Independent Contractors. The Parties to this Agreement are independent contractors. There is no relationship of partnership, joint venture, employment, franchise or agency created hereby between the Parties. Neither Party will have the power to bind the other or incur obligations on the other Party’s behalf without the other Party’s prior written consent.
12.15 Export Control. In its use of the Services, Introductory SaaS Service, and Beta Releases, Customer agrees to comply with all export and import laws and regulations of the United States and other applicable jurisdictions. Without limiting the foregoing, (i) Customer represents and warrants that it is not listed on any U.S. government list of prohibited or restricted parties or located in (or a national of) a country that is subject to a U.S. government embargo or that has been designated by the U.S. government as a “terrorist supporting” country, (ii) Customer shall not (and shall not permit any of its users to) access or use the Services in violation of any U.S. export embargo, prohibition or restriction, and (iii) Customer shall not submit to the Services, Introductory Service or Beta Release any information that is controlled under the U.S. International Traffic in Arms Regulations.
12.16 Government End-Users. Elements of the Services, Introductory SaaS Service and Beta Releases are commercial computer software. If the user or licensee hereunder is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Services, Introductory SaaS Service or Beta Release, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. The Services, Introductory SaaS Services and Beta Releases were developed fully at private expense. All other use is prohibited.
12.17 Counterparts. This Agreement may be executed in counterparts, which taken together shall form one binding legal instrument. The Parties hereby consent to the use of electronic signatures in connection with the execution of this Agreement, and further agree that electronic signatures to this Agreement shall be legally binding with the same force and effect as manually executed signatures
Exhibit A
SUPPORT SERVICES POLICY
(SaaS)
1. DEFINITIONS
a) “Error” means a failure of the SaaS Service to conform to the specifications set forth in the Documentation, resulting in the inability to use, or material restriction in the use of the SaaS Service.
b) “Start Time” means the time at which Ghost Security first becomes aware of an Error.
2. SUPPORT SERVICES
Ghost Security will provide Support Services to Customer through the portal located at https://support.ghost.security or through other customer support center contacts, set forth below (the “Customer Support Center”). Customer will receive Updates, other software modifications or additions, procedures, or routine or configuration changes that may solve, bypass or eliminate the practical adverse effect of the Error. Support Services do not include: (i) Assistance in the development or debugging of Customer's system, including the operating system and support tools; (ii) Information and assistance on technical issues related to the installation, administration, and use of enabling technologies such as databases, computer networks, and communications; (iii) Assistance with the installation and configuration of hardware including, but not limited to, computers, hard disks, networks, and printers; (iv) Technical support, phone support, or updates to non-Ghost Security products or third party enabling technologies not licensed under the Agreement; or (v) Support for: (a) Software not operated on a supported hardware/operating system platform specified in the release notes or Documentation for the Software; (b) altered or modified Software; (c) problems caused by Customer's negligence, misuse, or hardware malfunction; or (d) use of the Software inconsistent with Ghost Security’s instructions. Ghost Security is not responsible for hardware changes necessitated by changes to the Software.
3. SUPPORT SERVICES SUBSCRIPTIONS
Pursuant to the Support Services Subscription purchased by Customer, as set forth in the Order Form, Ghost Security shall provide the following level of support services:
a) Standard Support Services. Customer will have access to the Customer Support Center in one of the geographical regions offered by Ghost Security and selected by Customer, Monday through Friday (9 a.m. to 5 p.m.) in Customer’s selected region. Customer shall be permitted, upon request, to change geographical region no more than once per calendar year. In the event Customer requires multi-regional Support Services coverage, Customer must purchase Premium Support. Submitted Errors will be classified by severity as set forth in the table below. Customer may assign two (2) Technical Support Contacts, which may contact the Customer Support Center through any of the Customer Support Center Contacts, as set forth below.
b) Premium Support Services. Customer will have access to the Customer Support Center 24 hours per day, 7 days a week. Submitted Errors will be classified by severity as set forth in the table below. Customer may assign five (5) Technical Support Contacts, which may contact the Customer Support Center through any of the Customer Support Center Contacts, as set forth below.
4. CUSTOMER RESPONSIBILITIES
Customer is responsible for the prompt installation of all Updates to the Software, as provided by Ghost Security. Customer shall provide commercially reasonable cooperation and full information to Ghost Security with respect to the furnishing of Support Services. Customer will designate a certain number of employees or agents that will interface with the Customer Support Center, and submit Errors, requests or support tickets (the “Technical Support Contacts”). Customer is permitted to name as many Technical Contacts as allowed pursuant to the purchased Support Service Subscription. Customer’s non-named Technical Contacts may contact the Customer Support Center only in case of an emergency or on an exception basis, and Ghost Security will respond to such Error submission and cooperate with the non-named Technical Contact, subject to later verification and involvement of a named Technical Support Contact. Additional named Technical Support Contacts may be permitted upon mutual agreement of the Parties.
5. EXCLUDED SUPPORT SERVICES. Ghost Security shall not be obligated to fix any Error or incident:
(a) where the SaaS Service is not used for its intended purpose; or
(b) where the SaaS Service (including Software as applicable) has been altered, damaged, modified or incorporated into other software or services in a manner not approved by Ghost Security; or
(c) where the SaaS Service (including Software as applicable) is a release that is no longer supported by Ghost Security; or
(d) which is caused by Customer’s or a third party’s software or equipment or by Customer’s negligence, abuse, misapplication, or use of the SaaS Service (including Software as applicable) other than as specified in the Documentation; or
(e) which would be resolved by the Customer using an Update or newer version of the SaaS Service (or Software as applicable) or by adding hardware.
If Ghost Security determines that it has no obligation to fix the reported incident for one of the reasons stated above, the Parties may mutually agree to enter into a separate agreement authorizing Ghost Security to provide additional services at Ghost Security’s then-current professional services rates plus expenses.
6. END OF LIFE POLICY. Customer acknowledges that new features may be added to the SaaS Service based on market demand and technological innovation. Accordingly, as Ghost Security develops enhanced versions of the SaaS Service, Ghost Security may cease to maintain and support older versions of the Software. Ghost Security will use commercially reasonable efforts to provide Support Services with respect to older versions of the Software that may accompany the SaaS Service. Ghost Security shall have no obligation to support Software outside of Ghost Security’s stated EOS/EOL policy for the applicable Software. Such EOS/EOL policies shall be made available to Customer either in the accompanying Documentation or upon request and are subject to update from time to time in Ghost Security’s reasonable discretion.
7. CUSTOMER SUPPORT CENTER CONTACT
a) Telephone for Premium Support Services only:
i. USA Regular: +1-(512) 522-3349
b) Email: Create support ticket via email to support@ghost.security
c) Portal: https://support.ghost.security and each Technical Support Contact must register with the Customer Support Center on the portal, prior to submitting a ticket.
d) Language: Support Services will be provided in the English language.
8. ERROR RESPONSE SERVICE LEVELS
Customer shall submit each ticket with a severity level designation based on the definitions in the table below. Severity response times do not vary, whether Customer contacts the Customer Support Center via phone, email or portal. Ghost Security shall respond to such a ticket in accordance with the severity designation within the time frame set forth below from the Start Time and validate Customer’s severity level designation or notify Customer of a proposed change in the severity level designation with justification for the change. Ghost Security will provide continuous efforts to resolve Severity 1 issues until a workaround or resolution can be provided or until the incident can be downgraded to a lower severity. Ghost Security will use reasonable efforts to meet the target response times for the Errors stated in the table below. Ghost Security does not guarantee resolution and resolution may consist of a fix, workaround, software availability or other solution Ghost Security deems reasonable.
Severity 1 (Critical)Description Standard Support ServicesPremiumSupport ServicesAny Error in the SaaS Service causing the SaaS Service to be unusable, resulting in a critical impact on the operation of the SaaS Service and there is no workaround. Ghost Security will promptly: (i) assign a specialist to correct the Error; (ii) provide ongoing communication on the status of an Update; and (iii) begin to provide a temporary workaround or fix.Response Time Response TimeWithin 4 hours. Within 30 minutes.Severity 2 (Serious)An Error in a SaaS Service where the SaaS Service will operate but its operation is severely restricted. No workaround is available, and performance may be degraded, or functions are limited. Ghost Security will promptly: (i) assign a specialist to correct the Error; and (ii) provide additional escalated Support Services as determined necessary by Ghost Security.Response Time Response TimeWithin 8 hours. Within 2 hours.Severity 3 (Moderate)An Error in the SaaS Service where the SaaS Service will operate with limitations that are not critical to the overall operation, such as a workaround forces a user and or a systems operator to use a time-consuming procedure to operate the system; or removes a non-essential feature. Ghost Security will triage the request and may include a resolution in the next Update.Response Time Response TimeNext business day.Within 4 hours.Severity 4 (Low)An Error in the SaaS Service where the SaaS Service can be used with only slight inconvenience. All SaaS Service feature requests fall into this severity level. Ghost Security will triage the request and may include a resolution in the next Update.Response Time Response TimeNext business day.Next business day.
Exhibit B
Ghost Security Security Addendum
This Ghost Security Security Addendum (the “Addendum”) outlines Ghost Security’s security infrastructure and practices, as may be applicable to the Services. This Addendum will control to the extent of a conflict between the Agreement and this Addendum. Capitalized terms not defined herein are defined in the Agreement.
1. Audits and Certifications
Ghost Security’s security control environment, in connection with certain regions of the SaaS Service, undergoes an independent evaluation in the form of a SOC 2 Type 1 or Type 2 Security audit. These reports are available upon request. For more information on Ghost Security’s security and related certifications (excluding whitepapers or other marketing materials referenced on the site, if any), visit the Ghost Security website at www.ghost.security (or its successor URL).
2. SaaS Service Architecture
The SaaS Service leverages third party cloud infrastructure, such as Google Cloud Platform (GCP), and is operated in a multi-tenant environment designed to segregate and restrict customer data access based on business needs. The architecture provides an effective logical data separation for different customers via customer-specific unique identifiers, allows the use of customer and user role-based access privileges and provides separate environments for different functions, especially for testing, staging, and production, and provides additional data segregation. Ghost Security and the third party cloud provider operate a shared security responsibility model, where the third party cloud provider is responsible for the security of the underlying cloud infrastructure (such as data center facilities, data encryption, automated backups, hardware and software systems).
3. Incident Management
Ghost Security maintains a security incident management program. Upon detection of a security incident, including but not limited to a data breach incident, Ghost Security undertakes an internal investigation and where appropriate, remediation process, up to and including notification to impacted individuals, all in accordance with applicable law.
4. Operational Security
Ghost Security maintains a set of physical security policies, processes and procedures based on industry best practices that govern physical security and environmental controls (e.g. badging, escorting) used to both guard Ghost Security’s systems and scoped data, and to govern visitors to Ghost Security’s physical locations and facilities. Ghost Security maintains a change management process to monitor changes to information systems, network devices, system components, physical and environment changes, and software development.
5. Asset Management
Ghost Security’s data and information system assets include corporate and customer assets. These asset types are managed under our security policies and procedures. Ghost Security authorized personnel who access and handle these assets are required to comply with the procedures and guidelines defined by Ghost Security’s security policies. Anti-virus tools are configured to run scans, virus detection, real-time file write activity and signature file updates. Laptop and remote users are required to run virus protection. Role based access controls are implemented for access to information systems. Processes and procedures are in place to address employees who are voluntarily or involuntarily terminated. Access controls to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis. Access control lists define the behavior of any user within our information systems, and security policies limit them to authorized behaviors.
6. Risk Assessment Management
Ghost Security maintains a corporate risk assessment program and policy that defines risk levels for discovered issues with employee(s) assigned to manage and regularly review the program and policy. Ghost Security’s risk management program includes guidance on the potential threat identification, and mitigation strategies for those risks. Ghost Security performs risk assessments on an annual basis.
7. Business Continuity
Ghost Security maintains a documented business continuity/disaster recovery plan and tests it on an annual basis. To minimize service interruption due to hardware failure, natural disaster, or other catastrophe, Ghost Security leverages cloud provider infrastructure and managed services to restore services. This program includes multiple components to minimize the risk of any single point of failure. Application data and services are deployed in a redundant fashion leveraging multiple cloud provider regions when possible.
8. Information Security
Ghost Security has documented security policies and procedures that define information security rules and requirements for its Software and Services environment that are reviewed at least annually and updated as necessary. Customer Data submitted by Customer to the SaaS Service is transmitted securely with adequate standard in-transit encryption protection. Additionally, Ghost Security uses the most current industry standard encryption for at-rest encryption of Customer Data.
9. Vendor Management
Ghost Security maintains a vendor management program that establishes the rules and requirements for any vendor that will access, store and/or process Ghost Security’s information assets and includes conducting the relevant security assessment for such vendor.
10. Personnel Security
Ghost Security employees are required to sign confidentiality agreements and acknowledge Ghost Security’s Code of Conduct. The Code of Conduct outlines Ghost Security’s expectation that every employee will conduct business ethically, lawfully and with integrity and respect for each other as well as Ghost Security customers, partners, vendors, competitors and other third parties. All employees are provided with security training as part of onboarding and all employees are required to complete an annual training course on code of conduct policies. Additionally, Ghost Security currently conducts employment background checks on all Ghost Security employees and certain consultants and contractors upon hire, unless expressly, and then solely to the extent, prohibited by law: (1) to verify the accuracy of employment chronology and educational credentials; and (2) to verify such employee, consultant or contractor (as applicable) has no civil, criminal or credit history that would preclude successful fulfillment of the role with Ghost Security including, but not limited to, meeting confidentiality obligations. There are processes in place to address both the onboarding and offboarding of Ghost Security employees, consultants and contractors.
11. Vulnerability Management
Ghost Security conducts security assessments to identify vulnerabilities in both Ghost Security’s corporate IT infrastructure and SaaS Service, and to determine the effectiveness of the Ghost Security patch management program.
12. Penetration Testing
Ghost Security, or an authorized third party on Ghost Security’s behalf, conducts annual penetration testing of its SaaS Service to assess current threats and vulnerabilities. Each security concern is reviewed to determine if it is applicable, ranked based on risk, and assigned to the appropriate team for remediation.
13. Data Protection and Personal Data Processing
In connection with providing products and services to our customers, Ghost Security protects Customer Personal Data using appropriate physical, technical and organizational security measures as further set forth in the DPA. Furthermore, Ghost Security’s privacy policy located at: https://www.ghost.security/privacy contains more information on how Ghost Security handles and protects Service Analytics, B2B Relationship Data and any other data collected by Ghost Security in its role as an independent data controller, such as data collected in connection from users of the Ghost Security websites.
14. Return/Deletion of Customer Data
Following termination or expiration of the Customer’s subscription to the relevant SaaS Service, Ghost Security shall deactivate Customer’s account and Customer Data in Ghost Security systems or otherwise in its possession or under its control shall be subject to deletion. See Agreement for more details.
Last updated February 10, 2024
This privacy notice for Ghost Security, Inc ("we", "us", or "our") describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:
Visit our website at www.ghost.security, www.ghostsecurity.com, or any website of ours that links to this privacy notice
Apply for jobs through our website
Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@ghost.security.
1. WHAT INFORMATION DO WE COLLECT?
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You
The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
Name
Title
Company name
E-mail address
Phone number
If you apply for a job with us through our website, additional voluntarily provided information may include but not be limited to:
CV/resume and all information contained therein
Professional experience
Educational experience
References
All personal information that you provide us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Audio, Electronic, or Visual Information
If you attend a Ghost Security-hosted in-person or virtual event, or agree to be recorded in a telephone or virtual meeting, we may record some or all of that event or meeting. We may document the event in various ways, such as by taking photos, interviewing you, or recording your participation in a live question-and-answer or other interactive session. We use this information for business and marketing purposes, including to enhance our offerings and your customer or user experience.
Information Automatically Collected
We automatically collect certain information when you visit, use, or navigate our website and/or Services. This information does not reveal your specific identity (like your name or contact information), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies. The information we collect includes:
Log and Usage Data: This is service-related, diagnostic, usage, and performance information we automatically collect when you access or use our Services, which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings, and information about your activity in the Services (such as date/time stamps associated with your usage, pages viewed, and searches).
Device Data: We collect device data such as information about your computer, phone, tablet, or other device used to access the Services. Depending on the device, this data may include your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, internet service provider, mobile carrier, operating system, and system configuration.
Location Data: We collect location data about your device, which can be either precise or imprecise depending on the type and settings of your device.
2. HOW DO WE PROCESS YOUR INFORMATION?
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
To deliver and facilitate the delivery of services to you.
To respond to user inquiries and offer support.
3. WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR INFORMATION?
We only process your personal information when we believe it is necessary, and we have a valid legal reason to do so under applicable law, such as with your consent, to comply with laws, to provide you with services, to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
We may share or transfer your information in connection with:
Business transfers: If there is a merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company or entity.
Google Analytics: We may use Google Analytics to track and analyze the use of the Services. To opt out of being tracked by Google Analytics, visit https://tools.google.com/dlpage/gaoptout.
Hubspot Analytics: We may share your information with Hubspot for tracking and analysis.
Third-Party Service Providers
We may use third-party service providers, who may collect, store, and/or process your information. Some third-party services we use include:
Google Analytics: https://policies.google.com/privacy
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
We may use cookies and similar tracking technologies. For more details, refer to our Cookie Notice.
6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
Your information may be transferred to, stored, and processed by us in the United States and other countries. If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please be aware that the data protection laws may differ from those in your country. We will take necessary measures to protect your personal information.
7. HOW LONG DO WE KEEP YOUR INFORMATION?
We will only retain your personal information for as long as necessary for the purposes outlined in this privacy notice unless a longer retention period is required or permitted by law.
8. HOW DO WE KEEP YOUR INFORMATION SAFE?
We implement appropriate security measures to protect your information. However, no electronic transmission or storage is 100% secure, and we cannot guarantee complete security.
9. DO WE COLLECT INFORMATION FROM MINORS?
We do not knowingly collect data from or market to children under 18 years old.
10. WHAT ARE YOUR PRIVACY RIGHTS?
Withdrawing consent: You can withdraw your consent at any time by contacting us at privacy@ghost.security.
Opting out of marketing: Unsubscribe via the link in our emails or by contacting us.
California Residents
California residents have specific privacy rights under the California Consumer Privacy Act (CCPA), including the right to opt out of the sale of personal information and the right to request data deletion.
11. POLICY CHANGES
We reserve the right to modify this policy by posting changes on our website.