We only use cookies that are strictly necessary for our website and services to work.
Defend your mailboxes with PhishTool Enterprise. Find out more
Last modified: Friday 26th January 2024
THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN PHISHTOOL AND THE CUSTOMER. THE CUSTOMER IS RESPONSIBLE FOR CAREFULLY READING ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT BEFORE ACCESSING OR USING ANY PHISHTOOL SERVICE OR PRODUCT. BY ACCESSING OR USING ANY PHISHTOOL SERVICE OR PRODUCT, THE CUSTOMER CONFIRMS THAT THE CUSTOMER HAS ACCESSED ONLINE AND/OR BEEN PROVIDED A COPY OF THIS AGREEMENT, AND HAS READ AND ACCEPTS ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT IN THEIR ENTIRETY. NOTWITHSTANDING ANY DIFFERENT OR ADDITIONAL TERMS THE CUSTOMER MAY REFERENCE OR PROVIDE, PHISHTOOL’S OFFER OR ACCEPTANCE TO ENTER INTO AN AGREEMENT WITH THE CUSTOMER WITH RESPECT TO ANY PHISHTOOL SERVICE OR PRODUCT IS EXPRESSLY LIMITED TO THE TERMS AND CONDITIONS CONTAINED IN THIS AGREEMENT AND CONDITIONED ON THE CUSTOMER’S CONSENT TO THIS AGREEMENT.
The definitions in this clause apply in this Agreement
"Additional Charges" means all charges payable by the Customer to PhishTool or an Authorised Reseller in addition to the Subscription Fee.
"Agreement" means these terms and conditions contained herein, agreed by both the Customer and PhishTool.
"Authorised Reseller" means any third-party entity explicitly authorised in writing by PhishTool to sell PhishTool's products and/or services.
"Authorised Users" means any employee, agent or contractor of the Customer or authorised affiliate of the Customer, permitted by the Customer to use the Products in accordance with the Agreement.
"Confidential Information" means any information disclosed by or on behalf of a Disclosing Party to the other Receiving Party, or its Representatives that would be regarded as confidential by a reasonable business person relating to the business, affairs, customers, clients, suppliers, plans, intentions, market opportunities, operations, processes, product information, know-how, designs, trade secrets or software of a party or any of its subsidiaries or affiliates (but not information that is publicly known through no fault of the Receiving Party). Information shall not constitute Confidential Information for the purposes of this Agreement to the extent that the information (a) is or becomes publicly available through no fault of the Receiving Party; (b) is already in the Receiving Party’s lawful possession prior to the Disclosing Party’s disclosure; (c) is received by the Receiving Party from a third-party without any restriction and without breach of any confidentiality obligation; or (d) is developed independently without assistance of the Disclosing Party and without the use of any information disclosed by the Disclosing Party. To implement exchanges of Confidential Information pursuant to this Agreement, from time to time, either party may be the Disclosing Party and the other party shall be the Receiving Party.
"Customer" means the entity that purchases the Products.
"Customer Data" means any data inputted into the Products by the Customer or any Authorised Users for the purpose of using the Products or facilitating the Customer’s use of the Products.
"Disclosing Party" a party that discloses information to a Receiving Party.
"Effective Date" is the date specified by either PhishTool or the Customer for the commencement of the Subscription Period.
"Fees" means the Subscription Fee and Additional Charges owed by the Customer to PhishTool or Authorised Reseller.
"Intellectual Property Rights" means all intellectual property rights in any part of the world, including patents, rights to inventions, utility models, copyright and related rights, trade and service marks, trade, business and domain names, rights in trade dress, rights to goodwill or to sue for passing off, unfair competition rights, rights in designs, rights in computer software, database rights, semiconductor and topography rights, moral rights, rights in confidential information (including know-how and trade secrets) and any other intellectual property rights, in each case whether registered or unregistered and including all applications for and renewals or extensions of such rights, and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future.
"Privacy Policy" means the then current PhishTool Privacy Policy located at https://phishtool.com/privacy-policy, which is incorporated herein by reference.
"PhishTool" means PhishTool Limited, whose company number is 12126730 and whose registered address is PhishTool Limited, International House, 36-38 Cornhill, London, EC3V 3NG, United Kingdom.
"Products" means the PhishTool products and/or services ordered by the Customer under this Agreement, excluding any Third-Party Products (as defined herein).
"Receiving Party" a party that receives information disclosed by a Disclosing Party.
"Representatives" means the affiliates, employees, agents and advisors of an entity.
"SLA" means the PhishTool support and service level agreement for the Products which is annexed hereto as Exhibit “A” and is incorporated herein by reference.
"Subscription Fee" means the fees payable to PhishTool or an Authorised Reseller for the Products by the Customer.
"Subscription Period" means the fixed period of time for which PhishTool agrees to render the Products to the Customer, commencing on the Effective Date.
"Terms of Service" means the then current PhishTool Terms of Service located at https://phishtool.com/terms-of-service, which is incorporated herein by reference.
"Third-Party Product" means any product or service created and provided or sold by any entity other than PhishTool.
Clause and schedule headings are for informational and organisational purposes only and shall not affect the interpretation of this Agreement.
Where the words "include", "includes", "including" or "in particular" are used in the Agreement, they are deemed to have the words “without limitation” following them. Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
This Agreement shall take effect on the Effective Date and shall continue to be in force for the length of the Subscription Period, at the conclusion of which the Agreement shall be terminated in accordance with clause 11.2, unless the Agreement is terminated before the conclusion of the Subscription Period by either party under clause 11.1.
During the Subscription Period, PhishTool shall make available to the Customer the Products for which the Customer has paid a Subscription Fee to PhishTool or an Authorised Reseller, on and subject to the terms and conditions of this Agreement. PhishTool undertakes that the Products will be made available to the Customer with reasonable and professional skill and care and in accordance with the SLA, Terms of Service and Privacy Policy, provided that such undertaking shall not apply to the extent of any non-conformance that is caused by use of the Products contrary to PhishTool’s instructions, written or oral, or any modification or alteration of the Products by a party other than PhishTool or PhishTool's duly authorised partners, contractors or agents. The Products are provided to the Customer “as-is”, subject to reasonable defect.
Although PhishTool has no obligation to monitor the Customer’s use of the Products, PhishTool may do so and may prohibit any use of the Products (in whole or in part) that PhishTool believes may be (or is alleged to be) in violation of this Agreement and/or the Terms of Service.
The Customer agrees that PhishTool shall not be held responsible for loss or damage resulting from the transfer of data over communication networks and/or infrastructure that is not under the direct operation and control of PhishTool, and the customer agrees that the Products may be subject to limitations, delays, outages and/or other problems inherent in the use of such communication networks and/or infrastructure.
Other than as expressly provided in this Agreement, SLA and Terms of Service and Privacy Policy, no implied conditions, warranties, guarantees or other terms apply (including any implied warranties or terms as to the Customer's use of the Products being uninterrupted or error-free or fitness for a particular purpose). The Customer acknowledges, agrees and understands that nothing herein shall be construed as, or considered a guaranty of performance of the Products, including, but not limited to the success of such Products.
This Agreement shall not prevent PhishTool from entering into the same or similar agreements with any other entity, or from independently developing, using, selling, licensing or otherwise making available any documentation, products and/or services that are the same or similar to the Products provided to the Customer under this Agreement.
The Customer accepts that the Products may enable or assist the Customer to access Third-Party Products which are separate and distinct from PhishTool's Products. When a Customer accesses any Third-Party Product, the Customer does so at their own risk. Any use of a Third-Party Product is subject solely to the terms and conditions governing such Third-Party Products (and the Customer shall materially comply with such terms and conditions), and any contract entered into, or any transaction completed via any Third-Party Product, is between the Customer and the relevant third party, and not to PhishTool.
PhishTool makes no representation and shall have no liability or obligation whatsoever in relation to the content or use of any such Third-Party Products or any contract entered into by the Customer with any such third-party. The Customer acknowledges that use of the Third-Party Products may involve the exchange of Customer Data and such Third-Party Products, and that such exchange of Customer Data may involve a transfer of personal data outside of networks and/or infrastructure owned and/or controlled by PhishTool.
The Customer hereby consents to such exchange of Customer Data and warrants that such exchange complies with the terms of all applicable laws. Further, the Customer acknowledges and agrees that, if the Customer or Authorised Users enable a Third-Party Product, the Customer grants PhishTool permission to facilitate such Third-Party Products to access Customer Data solely to the extent required for the inter-operation of the Third-Party Products with the Products or as the Customer may otherwise authorise or direct. Without limiting the generality of the foregoing, if the Customer subscribes to any Third-Party Product via PhishTool, the Customer is expressly agreeing to be bound by the terms and conditions applicable to such product and/or services.
Subject to the terms and conditions of this Agreement (including payment by the Customer of the Fees), PhishTool hereby grants the Customer a non-exclusive, non-transferable, non-sublicensable, freely revocable right and licence, during the Subscription Period only, to permit the Customer and Authorised Users to use the Products, in accordance with this Agreement, during the Subscription Period only and solely for the Customer's business operations.
The Customer hereby grants to PhishTool a non-exclusive, royalty-free, non-transferable, freely revocable right and licence to use, modify, create derivative works of, transfer, and otherwise reproduce in any medium, currently known or developed in the future, any Customer Data for the sole purposes of (a) rendering the Products under this Agreement, and (b) developing, maintaining or improving the Products.
The Customer hereby grants to PhishTool a non-exclusive, worldwide, royalty free, irrevocable and transferable right and license to use, modify, create derivative works of, transfer, and otherwise reproduce in any medium, currently known or developed in the future, in accordance with the Terms of Service and Privacy Policy any part or in whole any Customer Data that pertains to the identification of phishing emails or otherwise malicious email attachments or other malicious email content for the purposes of (a) rendering the Products under this Agreement, and (b) developing, testing, maintaining or improving the Products and any future product.
The customer agrees to keep secure and confidential any passwords and/or API keys necessary for accessing and using the Products, and to use all reasonable means to prevent any unauthorised access to, or use of the Products.
The Customer shall not, directly or indirectly:
(a) except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties: (i) and except to the extent expressly permitted under this Agreement, attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Product; or (ii) attempt to disassemble, tamper with, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Products or any other product or service which PhishTool owns that is outside of the scope of this Agreement; (b) use the Products in a manner that is illegal or facilitates illegal activity, or causes damage or injury to any person or property or tortuously violates any rights or interests; (c) attempt to interfere with or compromise the integrity or security of the Products; (d) access all or any part of the Products in order to build or facilitate a product or service that competes with the Product; (e) license, sell, rent, lease, transfer, assign, distribute, display, disclose, provide, or otherwise commercially exploit, or otherwise make the Products available to any unauthorised third-party; (f) attempt to obtain, or assist any third-party in obtaining, access to the Products other than as provided under this Agreement; (g) use the Products, after the earlier expiration, termination or default of this Agreement.
The Customer Acknowledges and understands that continued use of the Products after the expiration of the Subscription Period or termination of this Agreement, shall cause irreparable harm to PhishTool, and accordingly, PhishTool may take any and all actions necessary and appropriate to protect its rights, and in addition to payment of all Fees for the time of unauthorised use, the Customer shall be liable for all costs and damages incurred by PhishTool in it's efforts to secure compliance, including legal fees.
PhishTool may, at its sole discretion and without liability and without being subject to damages, or prejudice to its other rights under this Agreement, disable the Customer’s and/or any Authorised Users’ access to the Products for any breach or suspected breach of any part of this clause 5.5.
The Customer shall ensure that all Authorised Users comply with the terms and conditions of this Agreement. The Customer shall be primarily responsible for all activities conducted under its or its Authorised Users’ logins. Without prejudice to PhishTool's other rights under this Agreement, the Customer shall endeavour to notify PhishTool as soon as practicable in the event that any Authorised User is in breach of this Agreement (to the best of the Customer's knowledge) and shall work with PhishTool to ensure that any such Authorised User immediately discontinues their use of the Products. The Customer shall reasonably cooperate with PhishTool to remedy any misuse of the Products or any conduct that is or would constitute a breach of this Agreement.
To the extent that PhishTool processes any Personal Data contained in Customer Data, on the Customer’s behalf, in the provision of the Products, the terms of the Privacy Policy shall apply and the parties agree to comply with such terms.
The Fees for the Subscription Period shall be the prices agreed between PhishTool and the Customer or Authorised Reseller. Payment will be requested by invoice, submitted to the Customer by PhishTool or an Authorised Reseller.
The Customer will pay each invoice submitted by PhishTool (a) within thirty (30) days of the date of the invoice; and (b) in full and cleared funds.
If the Customer fails to make payment of any and all Fees within thirty (30) days of the date of the invoice, then, without liability to the Customer or prejudice to any of PhishTool’s other rights and remedies: (a) PhishTool may cease to provide and/or disable the Customer’s and Authorised Users’ access to all or part of the Products and PhishTool shall be under no obligation to provide the Products to the Customer while the invoice(s) concerned remain unpaid; and (b) PhishTool shall be entitled to recover all reasonable legal fees and other reasonable costs associated with the collection of the Fees.
All amounts and Fees: (a) shall (unless otherwise stated by PhishTool in writing) be payable in Pounds Sterling (GBP); (b) are exclusive of any applicable taxes or charges (including any sales or other transaction-based tax, or value added or non-resident withholding tax), which shall (if applicable) be added to PhishTool's invoice at the appropriate rate and be payable by the Customer; (c) are non-cancelable and all payments are non-refundable. The Customer must make all payments without set-offs, withholdings or deductions of any kind.
The Customer acknowledges and agrees that PhishTool and/or its licensors or partners own all Intellectual Property Rights and any other rights in or arising out of or in connection with the Products. Except as expressly stated in this Agreement, this Agreement does not grant the Customer any Intellectual Property Rights or any other rights or licences in respect of the Products, and the Customer shall not acquire or claim any rights in respect of the same by virtue of the rights granted under this Agreement.
PhishTool expressly reserves all right, title and interest in and to any Intellectual Property Rights not specifically granted to the Customer herein. PhishTool grants no licence, whether implied or express, except as specifically set forth in this Agreement.
PhishTool acknowledges and agrees that the Customer (or Customer Affiliate(s) as applicable) and/or its licensors own all Intellectual Property Rights and any other rights in their Customer Data. Except as expressly stated in this Agreement, this Agreement does not grant PhishTool any Intellectual Property Rights or any other rights or licences in respect of Customer Data and PhishTool shall not acquire or claim any additional rights in respect of Customer Data by virtue of the rights granted under this Agreement.
The Receiving Party shall hold all Confidential Information in confidence and, unless required by law, not make Confidential Information available to any third-party, or use the Confidential Information for any purpose other than the performance of its obligations or exercise of its rights under this Agreement.
Without prejudice to clause 9.1, the Receiving Party may disclose Confidential Information to those of its Representatives who need to know such Confidential Information solely in connection with the implementation of this Agreement, provided that the Receiving Party is at all times responsible for its Representatives’ compliance with the obligations set out in this Agreement. Each party shall procure that its Representatives are bound by confidentiality agreements applicable to the Confidential Information supplied to the Receiving Party on terms no less onerous than those contained in this clause 9. Subject to the foregoing, neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third-party, provided that such loss, destruction, alteration or disclosure was not caused or authorised by the Receiving Party.
The Disclosing Party hereby represents and warrants that it has the right and authority to disclose the Confidential Information to the Receiving Party (or its Representatives).
The Receiving Party agrees that the Confidential Information is and shall at all times, unless otherwise notified, remain the exclusive property of the Disclosing Party and the Receiving Party shall not acquire, by implication or otherwise, any right, title, interest or licence in or to any Confidential Information or to any intellectual property rights, if any, embodied in such Confidential Information. The Receiving Party acknowledges and agrees that Disclosing Party may be irreparably harmed by a breach of the terms of this Agreement and that damages may not be an adequate remedy. The Disclosing Party shall be entitled to seek an injunction or specific performance for any threatened or actual breach of the provisions of this Agreement by the Receiving Party or any other person receiving Confidential Information pursuant to this Agreement.
Each party shall use the same degree of care to protect the other’s Confidential Information as it uses to protect its own Confidential Information, but in no circumstances less than reasonable care. Each party shall take appropriate action to address incidents of unauthorised access to the other’s Confidential Information, including promptly notifying the other of the unauthorised access.
This clause 10 sets out the entire financial liability of either party (including any liability for the acts or omissions of either party’s employees, agents or sub-contractors) to the other, including in respect of: (a) any breach of any obligation (whether implied or express) arising out of or in connection with this Agreement; (b) any use made by the Customer or Authorised Users of the Products or any part of them; and (c) any representation, statement or tortious act or omission (including negligence) or breach of statutory duty arising under or in connection with this Agreement.
The Customer assumes sole responsibility (and PhishTool shall have no liability) for: (a) results obtained from the use of the Products by the Customer and/or Authorised Users and for conclusions drawn from the use; (b) any damage caused by errors or omissions in any information, instructions or Customer Data provided to PhishTool by the Customer in connection to the Products; or (c) any actions taken by PhishTool at the Customer's direction.
Subject to clause 10.5, neither party shall under any circumstances whatsoever be liable to the other for any: (a) loss of profits, revenues or opportunity costs; (b) loss of business or business opportunities; (c) loss or depletion of goodwill and/or similar losses or injuries; (d) loss or corruption of data or information (including Customer Data); (e) special, indirect, punitive or consequential loss, costs, damages, charges or expenses howsoever arising from the terms of this Agreement.
Subject to clause 10.5, neither party shall under any circumstances whatsoever be liable to the other for any: (a) loss of profits, revenues or opportunity costs; (b) loss of business or business opportunities; (c) loss or depletion of goodwill and/or similar losses or injuries; (d) loss or corruption of data or information (including Customer Data); (e) special, indirect, punitive or consequential loss, costs, damages, charges or expenses howsoever arising from a criminal act committed by a third-party.
Nothing in this Agreement excludes the liability of either party for: (a) death or personal injury caused by the negligence of either party; or (b) fraud or fraudulent misrepresentation commited or attempted by either party; or (c) any other liability which may not be limited or excluded by applicable law.
Subject to clause 10.5, each party’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising under or in connection with this Agreement or the performance or contemplated performance of this Agreement shall be limited to the total Fees actually paid by the Customer for the Products incorporated in this Agreement during the twelve (12) months immediately preceding the date on which the claim arose.
Without prejudice to any other rights or remedies which the parties may have, either party may terminate this Agreement without liability to the other immediately on giving written notice to the other if: (a) (i) the other party is in material breach of this Agreement where the breach is incapable of remedy; or (ii) the other party is in material breach of this Agreement where the breach is capable of remedy and the breaching party fails to remedy that breach within thirty (30) days after receiving written notice of such breach; (b) the other party enters into an arrangement for an assignment for the benefit of its creditors, goes into administration, receivership or administrative receivership, is declared bankrupt or insolvent or is dissolved or otherwise ceases to carry on business; or (c) any event analogous to those described in clause 11.1(b) above happens to the other party in any jurisdiction in which it is incorporated or resident or in which it carries on business or has assets.
On termination of this Agreement for any reason: (a) all licences and other rights granted by PhishTool under this Agreement shall immediately terminate; (b) the Customer shall immediately pay to PhishTool all outstanding unpaid Fees. (c) PhishTool will have no further obligation to store and/or make available Customer Data and may delete the same at any time from and including the date thirty (30) days after the termination or expiry of this Agreement, without further notice to Customer; and (d) the accrued rights of the parties as at termination in clauses 5.2, 5.3, 5.5, 5.6, 6, 8, 9 and 10, will survive any expiration or termination of this Agreement.
Neither party shall have any liability to the other under or in connection with this Agreement and SLA if it is prevented from, or delayed in performing, its obligations under this Agreement or from carrying on its business by acts, events, omissions or accidents beyond its reasonable control (a “Force Majeure Event”), including strikes, lock-outs or other industrial disputes (whether involving the workforce of either party to this Agreement or any other party), failure of a utility service or transport network, natural disaster, war, riot, internet interruptions, civil commotion, malicious damage, compliance with any law or governmental order, rule, change in law, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or subcontractors. If a Force Majeure Event prevents, hinders, or delays a party’s performance of its obligations under this Agreement for a continuous period of more than six (6) months, either party may terminate this Agreement immediately on written notice to the other party.
PhishTool shall be permitted to identify the Customer as a Customer of PhishTool on its website or other marketing materials and accordingly, the Customer hereby grants to PhishTool the right to use and display Customer’s name, logo and/or any other identifying words or marks associated with the Customer, in whole or in part, and in any media for the sole purposes of identifying Customer as a customer of PhishTool.
The parties are independent contracting parties and owe no fiduciary or other duties to each other except as set forth in this Agreement. Neither party has, or will hold itself out as having, any right, title or authority to incur any obligation on behalf of the other party, unless expressly authorised in writing to do so. The parties relationship in this Agreement shall not be construed as a joint venture, partnership, franchise, employment or agency relationship, or as imposing any liability upon either party that otherwise might result from such a relationship.
The Customer recognises that PhishTool continually seeks to innovate and find ways to improve it's Products with new features and functions. The Customer agrees that PhishTool may therefore change the Products: (i) without notice to the Customer, provided such changes do not materially adversely affect the nature or quality of the Products; or (ii) on written notice to the Customer where such changes will materially adversely affect the nature or quality of the Products, the Customer shall have the right to terminate the Agreement on giving written notice to PhishTool not more than one (1) month following any such change taking effect. Subject to the preceding sentence, no variation of this Agreement shall be valid unless it is in writing and signed by or on behalf of each of the parties.
The Customer may submit feedback, ideas and/or feature requests in relation to the Products, including how to improve the Products or any other service or product offered by PhishTool (“Feedback”). The Customer acknowledges that no further consideration is payable as a result of such Feedback, and that PhishTool is free (but not obligated) to use the Feedback on a non-exclusive and non-confidential basis for any business purpose, during or after the Subscription Period.
A waiver of any right under this Agreement is effective only if it is in writing and it applies only to the circumstances for which it is given. No failure or delay by a party in exercising any right or remedy under this Agreement or by law shall constitute a waiver of that (or any other) right or remedy, nor preclude or restrict its further exercise. No single or partial exercise of such right or remedy shall preclude or restrict the further exercise of that (or any other) right or remedy. Unless specifically provided otherwise, rights arising under this Agreement are cumulative and do not exclude rights provided by law.
If any provision of this Agreement (or part of any provision) is found by any court or other authority of competent jurisdiction to be invalid, illegal or unenforceable, that provision or part-provision shall, to the extent required, be deemed not to form part of this Agreement, and the validity and enforceability of the other provisions of this Agreement shall not be affected. If a provision of this Agreement (or part of any provision) is found illegal, invalid or unenforceable, the provision shall apply with the minimum modification necessary to make it legal, valid and enforceable.
This Agreement, and any documents referred to in it, constitutes the whole agreement between the parties and supersedes all previous agreements between the parties relating to its subject matter. Each party acknowledges that, in entering into this Agreement, it has not relied on, and shall have no right or remedy in respect of, any statement, representation, assurance or warranty (whether made negligently or innocently, other than for breach of contract), as expressly provided in this Agreement. Each party represents and warrants that in entering into this Agreement it has not relied upon any oral or written statements, collateral or other warranties, assurances, representations or undertakings (or the failure or omission of the other party to make statements, assurances, representations or undertakings) (together “Pre-Contractual Statements”) other than what is expressly set forth in this Agreement. Each party waives all rights and remedies which might otherwise be available to it in relation to such Pre-Contractual Statements, including any claim it was induced into entering into this Agreement or accepting its terms based on any Pre-Contractual Statements.
Neither party may assign any of its rights or obligations under this Agreement to any other entity without the prior written consent of the other party.
A person or entity who is not a party to this Agreement shall not have any rights under or in connection with it. No third-party beneficiaries are created by this Agreement.
All notices must be in English, in writing, addressed to: (a) in the case of PhishTool to support@phishtool.com; and (b) in the case of the Customer: to the postal address or email address provided by the Customer in a Purchase Order or any other document provided by the Customer, or such other address as either party has notified the other in accordance with this clause.
All notices shall be deemed to have been given on receipt as verified by written or automated receipt or electronic log (as applicable).
This Agreement, and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims), shall be governed by, and construed in accordance with, the law of England and Wales. The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim that arises out of, or in connection with, the Agreement or its subject matter or formation (including non-contractual disputes or claim).
The Products PhishTool makes available, and derivatives thereof may be subject to export laws and regulations of the United Kingdom and other jurisdictions. Each party represents that it is not subject to any embargo, trade sanction or trade restriction implemented by the United Kingdom. The Customer shall not permit Authorised Users to access or use the Products or any part of the Products in any country embargoed by the United Kingdom, or in violation of any export law or regulation of the United Kingdom.
This is Exhibit A to PhishTool's Service Agreement (the “Agreement”). Capitalised terms not defined in Section III (3) of this exhibit, or otherwise herein, have the meaning previously defined in this Agreement. Unless otherwise provided herein, this SLA is subject to the terms of the Agreement. PhishTool reserves the right to change the terms of this SLA in accordance with the Agreement.
PhishTool will provide the following technical support for all customers, during Business Hours:
Response Times: PhishTool bases its response times and the actions it takes to resolve support requests on an assessment of the impact of the reported technical issue. The more serious the impact, the higher the assigned priority. For all support requests raised by the Customer during Business Hours, PhishTool will respond in accordance with Table 1. For all support requests raised by the Customer outside of Business Hours, PhishTool makes no commitment to respond in accordance with Table 1:
Table 1
| Priority* | Request Response Time** | Resolution Time*** |
|---|---|---|
| P1 | 1 hour | 4 hours |
| P2 | 1 hour | 8 hours |
| P3 | 4 hours | 72 hours |
| P4 | 1 Business Day | Next or later major update |
* The "Priority" levels are defined in Table 2 below.
** The "Request Response Time" is defined as the amount of time taken for PhishTool to issue a response to a request for support.
*** "Resolution Time" is the maximum time within which PhishTool will resolve each support issue reported by the Customer.
Table 2
| Priority | Definition |
|---|---|
| P1 | Mission Critical. Critical issue affecting all users of PhishTool's products and/or services. |
| P2 | Urgent. Essential services are significantly degraded and/or impacting significant aspects of the Products. The issue is persistent and affects many users and/or major functionality. |
| P3 | Important. Services are noticeably impaired, but most business operations continue as normal. Some but not all users are affected. |
| P4 | Minor. The support request consists of "how to" questions, feature requests, or other general questions. This may include routine technical issues, account related issues, information requested on capabilities, navigation, configuration, or a bug affecting a small proportion of users. |
Assignment of Priority levels: PhishTool will determine the Priority level assigned to each support issue at its reasonable discretion, but taking into consideration any Priority level input or suggestion from the Customer.
Requests for support: The Customer must use the PhishTool online support form or support contact details listed below to submit requests for support and PhishTool shall provide technical support and answer specific information requests in the manner set out below. The Customer understands that PhishTool will only provide support in accordance with this SLA. In the event that the Customer experiences any issue with respect to the Products that is not caused by a Permitted Downtime, the Customer may notify PhishTool. Such notification of an issue must include a clearly written description of the issues(s) and any steps that the Customer can reasonably identify that would allow PhishTool to replicate the issue(s). PhishTool shall, acting reasonably and in good faith, assign a priority, generally following the definitions found in Table 2 above, and PhishTool shall use commercially reasonable endeavours to respond to the issue in accordance with the time-frames set forth in Table 1, during Business Hours.
Support email address: support@phishtool.com
P1 and P2 Response and Resolution: PhishTool shall confirm to the Customer receipt of the support request within the Request Response Time of such a request, provided the request is received during Business Hours. If a P1 or P2 support request cannot be resolved within the Resolution Time after the Customer makes the initial request for support during Business Hours, PhishTool will: (a) immediately escalate to more senior stakeholders within PhishTool's engineering team, as appropriate; (b) take and continue to take the actions which will most expeditiously resolve the request; (c) provide regular reports to the Customer of the steps taken and to be taken to resolve the request and the estimated time until the request is resolved.
P3 and P4 Response and Resolution: PhishTool shall confirm to the Customer receipt of the support request within the Request Response Time of such a request, provided the request is received during Business Hours. If a P3 or P4 support request cannot be resolved within the Request Resolution Time after the Customer makes the initial request for support during Business Hours, PhishTool and the Customer will mutually agree upon a schedule within which to resolve the request.
Resolution of issues: The resolution of a technical support issue is defined as accomplishing any one of the following: (i) providing a reasonable solution to the issue; (ii) providing a reasonable work-around to the issue; (iii) determination by PhishTool that the issue is a feature request and forwarding the request to PhishTool's product management team for future consideration; (iv) determination by PhishTool that the root cause of the issue is outside of PhishTool's control; or (v) escalation to to PhishTool's engineering team for review. PhishTool will make reasonable efforts to resolve the issue but cannot guarantee that every issue will be resolved.
Remedies for breach: If PhishTool fails to meet the Request Response Times in Table 1 above during Business Hours, the Customer’s exclusive remedy and PhishTool’s sole obligation will be for PhishTool to make commercially reasonable efforts to respond to the issue promptly after the Customer notifies PhishTool that it failed to meet the Request Response Times. If PhishTool fails to meet the relevant Resolution Time for any issue reported by the Customer during Business Hours, not caused by Permitted Downtime five (5) times during a calendar month, the Customer’s exclusive remedy and PhishTool’s sole obligation will be for the Customer to terminate the applicable Agreement and receive a refund, on a pro rata basis, of any Subscription Fees paid by the Customer that are unused as of the termination effective date.
Uptime Commitment: The target Uptime Percentage for the PhishTool User Interface (the "PhishTool Console") shall be Ninety Nine Percent (99%) (the “Uptime Commitment”). Subject to the exclusions described in Section II (2) below, the “Uptime Percentage” is calculated by subtracting from 100% the percentage of 1-minute periods during any quarterly cycle (i.e., 3 calendar months) in which the Customer’s ability to access the PhishTool Console is Unavailable out of the total number of minutes in that quarterly cycle. “Unavailable” and “Unavailability” mean that, in any 1-minute period, all connection requests made by Customer to access the PhishTool Console were unsuccessful (each a “Failed Connection”); provided, however, that no Failed Connection will be counted as a part of more than one such 1-minute period (e.g. a Failed Connection will not be counted for the period 12:00:00-12:00:59 and the period 12:00:30-12:01:29). The Uptime Percentage for the PhishTool Console shall be measured based on the monitoring tools PhishTool uses.
Notification of Downtime: The Customer shall, in order to be eligible for any service credits as are set forth in this Section II (2), notify PhishTool in writing about any Failed Connection within ten (10) days of experiencing such downtime. Exclusions from the Uptime Percentage Notwithstanding anything to the contrary in this exhibit, any Unavailability issues resulting from or connected to any Permitted Downtime will be excluded from the calculation of the Uptime Percentage.
Service Credits: (a) If PhishTool does not meet the Uptime Commitment with respect to any particular calendar quarter (i.e., the actual Uptime Percentage was below 99.0%), and the Customer is negatively impacted thereby, then as the Customer’s sole and exclusive remedy, and only upon the Customer’s written request in accordance with this Section II (2), PhishTool will provide to the Customer a service credit (“Service Credit”) pursuant to Table 3 below:
Table 3
| Actual Uptime Percentage | Service Credit Percentage |
|---|---|
| ≥ 98.0% but < 99.0% | 4% of Quarterly Fees |
| ≥ 97.0% but < 98.0% | 8% of Quarterly Fees |
| ≥ 96.0% but < 97.0% | 10% of Quarterly Fees |
| ≥ 94.0% but < 96.0% | 12% of Quarterly Fees |
| ≥ 90.0% but < 94.0% | 15% of Quarterly Fees |
| < 90.0% | 25% of Quarterly Fees |
(b) The Service Credit shall be calculated against the quarterly fees due to PhishTool, which shall be calculated by dividing the annual Subscription Fee by four (“Quarterly Fees”), and shall be deducted against future fees.
(c) Subject to the termination rights set forth in the Agreement, any credits provided pursuant to this SLA will constitute PhishTool’s sole liability and the Customer’s sole and exclusive remedy for any failure to achieve the Uptime Percentage. Failure to achieve the Uptime Commitment shall result in the Service Credit Percentage applicable to the Products, subject to a maximum cumulative Service Credit Percentage of 33% of total Quarterly Fees (regardless of the number of individual service failures in the applicable month). In the event that the actual Uptime Percentage is less than 90.0%, PhishTool will be deemed to be in material breach of the Agreement.
Service Credit Process: To receive a Service Credit, the Customer must submit a request by sending an email to support@phishtool.com. To be eligible, the credit request must: (a) include the dates and times of each Unavailability incident that the Customer claims to have experienced, along with sufficient details to enable PhishTool to verify the information; and (b) be received by PhishTool within ten (10) Days after the last Failed Connection that is part of the Customer’s Service Credit claim. If the Customer is past due with respect to any payment obligation, or otherwise in material breach of any contractual obligation to PhishTool, the Customer is not eligible for any Service Credits. Service Credits will be issued to the Customer within sixty (60) days after PhishTool confirms that the Customer qualifies for the Service Credit under this clause.
"Business Day" means any day that is not a Saturday, Sunday or public holiday in the United Kingdom.
"Business Hours" means the time between 9:00 AM and 5:00 PM in the United Kingdom on a Business Day.
"Emergency Maintenance Period" means the period of time elapsed during any maintenance performed on the Network, which maintenance is required as a result of conditions beyond PhishTool’s reasonable control. PhishTool will provide the Customer with at least thirty (30) minutes advance notice for emergency maintenance. Emergency maintenance may occur at any time, as PhishTool deems necessary. Emergency maintenance notifications will be sent to a single Customer email address. It is the Customer’s sole responsibility to ensure the provided email address is current and fully functional. The Customer’s email address for notification purposes must be communicated to PhishTool in writing prior to the issuance of any emergency maintenance notifications by PhishTool.
"Network" means the network facilities that host the Products and related software (hosted either internally on PhishTool's network or externally on remote server sites owned and operated by third party providers).
"Permitted Downtime" means the following: (a) Inoperability due to any scheduled or emergency maintenance (occurring during the Scheduled Maintenance Periods or Emergency Maintenance Periods); (b) Problems caused by the Customer or its telecommunications and Internet services; (c) Problems caused by software or hardware not provided or controlled by PhishTool or any third-party service to which the customer subscribes; (d) Problems due to Force Majeure events, as provided in the Agreement, and acts of war or nature; (e) Problems due to acts or omissions of the Customer, its agents, employees or contractors; (f) Inoperability due to a Customer driven increase in demand for system resources that has not allowed PhishTool a reasonable time to accommodate; (g) Problems due to operation under a disaster recovery plan (assuming PhishTool has complied with its material obligations with respect thereto); (h) Provision of the Products after expiration of the Agreement; (i) Any failures of the Customer to abide by the Notification clauses of this SLA; (j) Negligent or intentional misuse of any of the Products by the Customer; (k) “Beta”, “Tester” or “limited availability” products or services, features and functions identified as such by PhishTool; (l) Software that has been subject to unauthorised modification by the Customer; and (m) PhishTool's suspension or termination of the Products in accordance with the Agreement.
“Scheduled Maintenance Period” means the period of time elapsed during any scheduled maintenance performed by PhishTool on the Products or the Network. PhishTool will provide the Customer with at least one (1) day advance notice for standard maintenance. PhishTool will use commercially reasonable efforts to schedule maintenance during hours other than during Business Hours. Scheduled maintenance notifications will be sent to a single Customer email address. It is Customer’s sole responsibility to ensure the provided email address is current and fully functional. The Customer’s email address for notification purposes must be communicated to PhishTool in writing.
PhishTool Limited, International House,
36-38 Cornhill,
London,
EC3V 3NG,
United Kingdom
Copyright © 2024 PhishTool Limited. All rights reserved.