End User License Agreement (EULA)

The purpose of these general terms and conditions of service is to define the terms and conditions under which CYBERESIST, a simplified joint stock company with a capital of €1,000, having its registered office at 102 avenue des Champs-Elysées, 75008 Paris, France, registered with the Paris Trade and Companies Register under number 930 360 888 (hereinafter “CYBERESIST”), provides the Customer with the Platform and related Services, in return for full payment of their price.

Article 1 – Definitions

The following terms, when capitalised, shall have the meanings defined below, in the singular or plural:

• Client: refers to any professional, natural or legal person, registered in the trade and companies register or any equivalent commercial register, identified as a CYBERESIST client in the Quotation.
• Contract: refers to these general terms and conditions and the Quotation, as well as any appendices and amendments thereto;
• Quotation: refers to the document signed by the Parties, the purpose of which is for the Customer to subscribe to the Platform and Services. It includes, in particular, a description of the Services subscribed to, the conditions for the provision of the Platform, the pricing conditions and any other special conditions negotiated between the Parties. The Quotation forms an integral part of the Contract.
• Data: refers, in the context of using the Platform, to all information, data or content, which may include personal data, communicated, collected and/or processed by the Customer in the context of using the Platform;
• Platform: refers to the software platform called ‘CYBERESIST’ for cybersecurity auditing, published by CYBERESIST and made available to the Customer in accordance with the terms of the Quotation and the Contract.
• User: refers to the natural person who benefits from the services provided by the Platform and granted to the Client, who is employed by the Client or by the Client’s subcontractors, and authorised to use all or part of the Platform and Services, regardless of their location and the terms of their access.

Article 2 – Provision of the platform

2.1. Platform Description

The Platform provided by CYBERESIST is intended for the performance of automated cybersecurity audits and/or continuous monitoring of the Customer’s external and/or internal attack surface (all services offered by the Platform are hereinafter referred to as the “Services”).

2.2. Terms and conditions of provision – Accommodation

CYBERESIST offers several models for providing access to the Platform, depending on the choices made by the Client in the Quote for the types of audits to be carried out.

2.2.1. Provided in SaaS mode

The Platform is hosted on CYBERESIST servers at the hosting provider OVH in France and can be accessed via a web browser at the following address: https://app.cyberesist.fr/

CYBERESIST offers two types of hosting, at the customer’s discretion:

• Shared hosting, on data servers shared by several CYBERESIST customers;
• Dedicated hosting, on servers made available specifically to the Customer.

All Data, and in particular all personal data, collected and processed through the Platform will be stored on the server(s) of this host. This host acts as a subcontractor of CYBERESIST within the meaning of the Regulations applicable to the protection of personal data, only on the written instructions of CYBERESIST. It does not have the right to use the Data, except for the purposes of performing technical hosting and database management services and only under the contractual conditions signed between the host and CYBERESIST, which may not derogate from this article and the aforementioned regulations.

CYBERESIST undertakes, under an obligation of means, to make every effort to ensure, to the best of its ability, the availability of the Platform in accordance with the availability rate specified in the CYBERESIST service agreement, available at the following address:
https://cyberesist.com/convention-de-niveaux-de-services/

2.2.2. Provision on the Customer’s internal environment (On Premises – Hybrid Cloud)

If the Customer chooses to make the Platform available on its internal environment, the Platform may be deployed, at its discretion, on its hosting provider’s servers or on its own servers. In any event, the Customer is solely responsible for the security of the servers on which it deploys the Platform and the Data stored therein.

Depending on the Client’s technical constraints, the Platform is installed either via remote access to the Client’s IT facilities or directly on the Client’s premises. The terms and conditions and costs relating to installation are specified in the Quotation.

In the event that the Platform is made available on the Customer’s internal environment (On Premise or Hybrid Cloud), the Customer shall be solely responsible for backing up the Data and undertakes to perform regular incremental and full backups of the Data and to use appropriate and secure backup media.

2.3. Facilities

All costs related to accessing and using the Platform, whether hardware, software or internet access costs, shall be borne exclusively by the Customer. The Customer is solely responsible for the proper functioning and appropriate security of its information system.

2.4. Use of the Platform

It is expressly agreed between the Parties that, given the nature and purpose of the Platform, the Client shall ensure that Users act in a professional capacity for the purposes of their professional activity and undertake to use the Platform solely for the purposes of their activity.

The use of the Platform by Users is governed by its terms and conditions of use, which are available at any time on the Platform.

In any event, the Platform shall be used under the sole control, direction and responsibility of the Customer. Consequently, the Customer shall be responsible for, without this list being exhaustive, (i) implementing all necessary procedures and measures to protect its hardware, software packages, software and passwords against viruses and intrusions; (ii) compliance with the technical requirements as defined in Article 2.2 above; (iii) errors made in the use of the Platform; and (iv) the use of authentication means to access and use the Platform. The Client shall ensure that no person not authorised by it has access to the Platform.

In the event that a User uses the Platform in a manner that does not comply with the general terms and conditions of use, in the event that the User breaches the general terms and conditions of use, or more generally in the event of a violation of applicable laws and regulations, CYBERESIST reserves the right to suspend or terminate, as of right, without prior notice, without warning and without compensation, all or part of a User’s access to the Platform, which the Customer expressly accepts. CYBERESIST may impose this suspension or termination without prejudice to any other rights, actions and remedies it may have in order to obtain compensation for any damage it may have suffered as a result of such breaches.

Article 3 – Technical support and maintenance of the Platform

Depending on the Platform provision mode chosen by the Customer in the Quotation, CYBERESIST shall provide technical support to Users and maintenance of the Platform under the terms and conditions set out in the CYBERESIST service agreement available at the following address:
https://cyberesist.com/convention-de-niveaux-de-services/

The Customer expressly acknowledges and accepts that, in the event that the Platform is made available on its internal environment, CYBERESIST shall in no circumstances intervene in the event of a malfunction related to the Customer’s own hosting and/or information system. CYBERESIST shall not be held liable in this regard.

Article 4 – Other services

The Parties may, under the specific conditions set out in the Quotation, agree that CYBERESIST shall provide the Client with other services (training services, project management services, specific development services, etc.).

Article 5 – Collaboration between the Parties

The Parties undertake to collaborate closely, to the best of their ability and in good faith, in order to ensure the proper performance of the Contract. In particular, the Parties undertake to keep each other informed and to spontaneously communicate any events, information or documents that may be useful for the proper use of the Platform and, more generally, for the proper performance of the Contract.

Article 6 – Intellectual property rights

6.1. Intellectual property rights on the Platform

Le Client reconnaît et accepte que tous les droits, titres et intérêts relatifs à la Plateforme (y compris son architecture, ses logiciels, ses bases de données, les données, le contenu textuel ou visuel et les multimédias de la Plateforme ou divulgués par le biais de la Plateforme), aux Services, aux Standards, à sa documentation, et aux noms, signes et logos utilisés sur la Plateforme et/ou par CYBERESIST (les “Protected elements” ) sont protégés par des droits de propriété intellectuelle (en ce compris notamment, tous les droits associés aux œuvres de l’esprit, y compris les droits patrimoniaux et moraux d’auteur, tous les droits de propriété relatifs aux brevets, marques, dessins et modèles, logiciels, droits des producteurs de bases de données, noms de domaine, et tous les autres droits de propriété intellectuelle, dans le monde entier, d’ores et déjà ou ultérieurement déposés ou enregistrés), et appartiennent exclusivement à CYBERESIST ou des tiers ayant autorisé CYBERESIST à les exploiter. Le Contrat ne confère au Client aucun droit ou intérêt sur les Éléments Protégés, mais seulement un droit limité d’accès et d’utilisation de la Plateforme et des Services dans les conditions définies ci-après.

CYBERESIST does not transfer or grant any rights beyond those it holds over third parties, and it is hereby reiterated that third parties remain free to take legal action in the event of any infringement of their rights.

Subject to full payment by the Client of the sums mentioned in the Quotation, CYBERESIST grants the Customer, for the duration of the Contract as provided for in the Quotation, a non-exclusive, non-assignable, non-transferable licence to access and use the Platform and the Services subscribed to, for its own needs and solely for the purposes of its professional activity, with the right to sub-license to Users under the same conditions.

The Customer undertakes not to use the Platform and Services other than within the limits authorised by the Contract. The Customer further undertakes not to perform any of the following acts, nor to allow a User or third party to perform any of the following acts: (i) decompile or disassemble the Platform and/or Services, reverse engineer or otherwise attempt to obtain its source codes, in whole or in part; (ii) create derivative works of the Platform and/or Services, adapt, modify, translate or make changes to them, in whole or in part, or allow all or part of one or more of their elements to be associated with or incorporated into other works, including software works.

Article 7 – Financial conditions

7.1. Pricing

The price of the Platform subscription is set out in the Quote or the price list applicable on the date of subscription. It is quoted in euros excluding VAT. VAT will be added at the rate applicable on the date of invoicing.

Prices are set in the Quotation according to the options chosen and based on the length of the commitment in the case of a subscription. If the Customer benefits from a commercial discount in exchange for a fixed-term commitment, they acknowledge that the entire subscription fee for the agreed term will become payable in the event of early termination. In addition, as compensation, CYBERESIST will invoice the Customer for the amount of the discount granted for the entire duration of the commitment.

The rates applicable for external attack surface audits depend on the number of subdomains and the number of Active Directories for internal network audits.

Any excess usage beyond the subscription will be subject to a separate additional invoice applicable to specific services defined in the Quotation or on the price list.

Any expenses incurred by CYBERESIST for the Customer’s needs and at the Customer’s request (travel, on-site meetings, etc.) will be subject to additional invoicing.

7.2. Terms of payment

Unless otherwise stipulated in the Quotation, the price of a subscription is payable in advance and according to the term of commitment.

Invoices are payable within thirty (30) days of the invoice date, by bank transfer. The Customer expressly agrees to receive invoices by email.

Any late payment will result in the application of a late payment penalty calculated on the basis of an interest rate equal to three (3) times the legal interest rate, without the need for a reminder. A fixed compensation fee of forty (40) euros for collection costs will also be due.

Without prejudice to the foregoing, CYBERESIST reserves the right, five (5) working days after sending a formal notice to pay to the Customer by registered letter with acknowledgement of receipt, which has remained wholly or partially ineffective, to suspend access to the Platform for Users until full payment of the sums due.

Article 8 – Term – Termination

8.1. Contract Term

The Contract shall be concluded from the date of signature of the Quotation for the duration specified therein. In the case of a subscription to continuous monitoring services, the Contract shall be tacitly renewed for successive periods, unless terminated by either Party by registered letter with acknowledgement of receipt at least three (3) months before the expiry of the current period.

8.2. Termination of the Contract

In the event of a breach by one Party of any of its contractual obligations, the other Party may terminate the Contract, automatically and without legal formalities, after giving formal notice to the defaulting Party by registered letter with acknowledgement of receipt, which has remained partially or totally unsuccessful for a period of thirty (30) days. The termination shall take effect immediately and shall be without prejudice to any damages to which the aggrieved Party may be entitled.

8.3. Consequences of expiry and/or termination of the Contract

Any sums paid by the Client prior to the expiry or termination of the Contract shall remain the property of CYBERESIST. Upon expiry of the Contract or on the date of its termination, all sums remaining due by the Client to CYBERESIST shall become immediately payable.

Upon expiry or termination of the Contract, for whatever reason, the Customer shall immediately cease all use and exploitation of the Platform.

Article 9 – Garanties

CYBERESIST declares and guarantees that it holds all intellectual property rights necessary for the purposes hereof.

CYBERESIST makes no other express or implied warranties, including, without limitation, warranties as to the continuity and/or performance of the Platform, nor does it warrant that it is free from anomalies, errors or bugs or that it will operate without failure or interruption. The Platform is provided ‘as is’ and according to its availability.

When making the Platform available to the Customer in SaaS mode, CYBERESIST undertakes to make every effort to ensure the integrity of the network and servers against any external malicious acts or known cyber attacks. Similarly, access to the Platform implies knowledge and acceptance of the characteristics and limitations of the internet, particularly with regard to technical performance, response times for consulting, querying or transferring information, risks of interruption, and more generally, the risks inherent in any connection and transmission over the internet.

Article 10 – Limitation of liability

By express agreement, CYBERESIST is subject to an obligation of means in the provision of the Platform and Services to the Customer. The Customer expressly acknowledges having received from CYBERESIST all the necessary information enabling them to assess the suitability of the Platform for their needs and to take all necessary precautions for its use.

CYBERESIST shall in no event be liable for any claim, demand or action resulting from use that does not comply with the terms and conditions of use set out in the Contract.

Under no circumstances shall CYBERESIST be held liable for any indirect damages of any kind suffered by the Customer, including, but not limited to, loss of profit, loss of earnings, loss of customers, any commercial disruption, damage to image, in connection with or arising from the use of the Platform or the Services.

The Customer expressly acknowledges that use of the Platform is at their sole responsibility. No advice or information, whether oral or written, obtained by the Customer and/or a User while using the Platform shall create any warranties not expressly provided for in the Contract, nor shall it give rise to any liability on the part of CYBERESIST for any damages of any kind caused to the Customer, a User or third parties as a result of misuse of the Platform.

In any event, in the event that CYBERESIST is held liable as a result of a proven fault on its part, CYBERESIST’s total cumulative liability shall be expressly limited, for all causes combined, to the direct and foreseeable damage suffered by the Customer, without exceeding the amount paid by the Customer in the twelve (12) months preceding the event giving rise to liability.

Article 11 – Subcontracting

CYBERESIST may freely use subcontractors to provide all or part of the services subscribed to by the Customer.

It is expressly stated that in the event of a claim, whether amicable or judicial, against CYBERESIST due to a subcontractor’s failure to fulfil its obligations, CYBERESIST shall always have the option of calling on said subcontractor to provide a guarantee.

Article 12 – Insurances

Each Party undertakes to take out civil liability insurance with a reputable insurance company and to maintain such insurance throughout the term of the Contract in order to cover the risks associated with the performance of the Contract and any damages for which it may be liable in connection with the performance of the Contract. At the request of the other Party, each Party shall be able to provide proof of such insurance coverage.

Article 13 – Confidentiality

The Contract and all of its terms, as well as any information, data or documents of any kind communicated by one Party to the other for the purposes of the Contract, whether orally, in writing or electronically, including but not limited to reports, software, processes, methods, formulas, concepts, whether or not such information is protectable under intellectual and industrial property rights (hereinafter the “Confidential Information”).

Each Party undertakes to:

• protect and treat as strictly confidential any Confidential Information that has been or will be provided to it by the other Party or that has been disclosed to it by the other Party;
• not disclose to any third party, without the prior written consent of the other Party, the nature or content of the Confidential Information received from said other Party, either directly or indirectly;
• use said Confidential Information solely for the purposes of performing the Services covered by the Contract or its execution,
• not to copy, reproduce or duplicate, in whole or in part, the Confidential Information for purposes other than those of the Services or the performance of the Contract;
• ensure the integrity and security of Confidential Information entrusted to it by the other Party.

However, this confidentiality undertaking shall not apply to information:

• which entered the public domain prior to their disclosure and/or communication or which will enter the public domain after their communication and/or disclosure without any breach by the Party that received them;
• which have been lawfully received from a third party without breach of this agreement;
• which were lawfully in the possession of the Party that received them prior to their disclosure;

In accordance with Article 9 and given the characteristics and limitations of the internet, the Customer acknowledges that CYBERESIST is bound by an obligation of means with regard to Data security and cannot guarantee that there will be no breach of the integrity or confidentiality of the Data.

If the receiving Party is compelled to disclose Confidential Information received from the disclosing Party due to a legislative or regulatory provision, a judgment or a decision by an organisation vested with legal authority, the receiving Party shall inform the disclosing Party of this request as soon as possible, so as to enable the latter to take all measures to safeguard its Confidential Information as best as possible.

The Parties shall be bound by this obligation for as long as the data concerned has not been made public, unless the Party concerned has given its prior written consent to the lifting of confidentiality.

Each Party shall ensure that its personnel and any subcontractors comply with the confidentiality obligations set out in this article and shall assume full responsibility in the event of any breach of these obligations by its personnel or any subcontractors.

Confidential Information shall remain the property of the Party disclosing it to the other Party. Under no circumstances shall the transmission of Confidential Information to the other Party be construed as conferring upon it any rights or interests in the Confidential Information, except for the rights provided for in the Contract.

The Parties undertake to return or destroy, as instructed by the other Party, any documents or reproductions thereof containing Confidential Information, immediately upon request by the Party concerned and at the latest upon termination or expiry of the Contract for any reason whatsoever.

This clause shall survive the termination or expiry of the Contract for any reason whatsoever.

Article 14 – Protection of personal data

The Parties undertake to comply at all times with the regulations applicable to the protection of personal data and in particular Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 known as the “GDPR” and Law No 78-17 of 6 January 1978, as amended, known as the “Data Protection Act”.

In the event of non-subcontracted hosting, CYBERESIST does not have the status of subcontractor with regard to the hosted data.

In particular, the Parties undertake to implement and maintain appropriate security and confidentiality measures to ensure adequate protection of the personal data processed, adapted to the risks posed by their processing to the rights and freedoms of the data subjects. These measures are intended, in particular, to (i) protect personal data against destruction, loss, alteration, disclosure to unauthorised third parties and (ii) ensure the restoration of the availability of and access to personal data within an appropriate timeframe in the event of a physical or technical incident. The Parties also undertake to put in place a procedure to regularly test, analyse and evaluate the effectiveness of their technical and organisational measures to ensure the security of processing.

For more information on the personal data protection rules published by CYBERESIST, the Customer is invited to consult CYBERESIST’s Privacy Policy, available at the following address:
https://cyberesist.com/declaration-de-confidentialite-ue/

Article 15 – Force majeure

The Parties shall not be held liable if the non-performance or delay in the performance of any of their obligations, as described herein, results from a case of force majeure, within the meaning of Article 1218 of the Civil Code. During its duration, the event of force majeure shall suspend the performance of obligations for the Party invoking it.

In any event, the Party affected by the force majeure event shall do everything in its power to avoid, eliminate or reduce the causes of the delay and resume the performance of its obligations as soon as the event invoked has ceased to exist.

However, if the force majeure events lasted for more than one (1) month, they would entitle either Party to terminate the Contract.

Article 16 – Non-competition

For the duration of the Contract and for a period of one (1) year from the expiry or termination of the Contract, for any reason whatsoever, the Customer undertakes not to develop or have developed and/or market, on its own behalf or on behalf of third parties, any software that directly or indirectly competes with the Platform or the Services, in France or abroad.

In the event that the Customer fails to comply with this commitment, it shall be liable, automatically and without prior notice, to pay CYBERESIST a fixed penalty currently set at €50,000 (fifty thousand euros), without prejudice to any other rights and remedies, and in particular the right for CYBERESIST to seek compensation for the damage it has suffered and/or to seek an order, subject to a penalty payment, for the cessation of any wrongful conduct.

This penalty clause shall apply without CYBERESIST having to justify the extent or nature of its loss.

Article 17 – Reference

CYBERESIST is authorised to use the Customer’s name, brand and logo as a commercial reference, in particular on its website or any other medium.

The Customer may also use the CYBERESIST name, brand and logo as a commercial reference, except in the event of termination for any reason whatsoever.

Article 18 – Miscellaneous provisions

18.1. Independence of the Parties

The Parties declare and acknowledge that they are and will remain, throughout the term of the Contract, independent partners, and that the Contract cannot confer on either Party the status of agent or representative of its co-contractor, neither Party having the power to bind the other or to sign in the name and on behalf of the other, each Party being solely responsible for the risks of its own operations. Neither Party shall be liable for the acts or omissions of the other Party, or for the acts or omissions of their employees during the performance of the Services.

18.2. Completeness

The Contract and each Quotation form a contractual whole and express the entire agreement between the Parties. They supersede all previous written or oral proposals, communications or agreements relating to the subject matter of the Contract. In the event of any contradiction between the provisions of the Contract and those of a Quotation, the provisions of the Quotation shall prevail.

18.3. Amendment to the Contract

CYBERESIST reserves the right to modify the terms of the Contract at any time without prior notice. In the event of modification, the Contract applicable to the Customer shall be the one in force on the date of the Quotation.

18.4. Divisibility

In the event that one or more provisions of the Contract are held to be invalid or declared as such in application of a law, regulation or following a decision by a competent court that has become final, the other provisions of the Contract shall nevertheless remain in full force and effect. The Parties undertake to negotiate in good faith the amendment or replacement of the invalid provision. To this end, the Parties shall consult with each other to replace the invalid provision with a new clause that respects the spirit of the invalid provision and of the Contract.

18.5. Tolerance – Non-waiver

It is expressly agreed that any tolerance or waiver by either Party in the application of all or part of the commitments provided for in the Contract, regardless of its frequency and duration, shall not constitute an amendment to the Contract or give rise to any rights whatsoever.

18.6. Notifications

Except where otherwise stipulated herein, it is expressly agreed between the Parties that communications between them may take place by any means, including electronic mail.

The Parties agree that a hard copy of an email constitutes valid proof of the content of the exchanges.

The Parties shall implement all security measures necessary to guarantee the availability, integrity and confidentiality of e-mail files sent via the internet. At the same time, they shall implement all appropriate measures, such as regularly updated and correctly configured firewalls and antivirus software, to protect themselves as effectively as possible against intrusions, attacks and the spread of viruses in order to guarantee the availability, integrity and confidentiality of email files received. The Parties shall safeguard all messages transmitted relating to the subject matter of the Contract in the most appropriate and secure manner possible.

18.7. Election of domicile

For the performance of this Agreement and any subsequent agreements, the Parties hereby elect domicile at their registered offices as indicated at the beginning of the Agreement.

18.8. Electronic signature

Where applicable, each Party irrevocably agrees to use the electronic signature procedure for the Contract on the platform used for this purpose by CYBERESIST.

Article 19 – Applicable law and jurisdiction

The Contract is subject to French law, to the exclusion of any other legislation. If this Contract is drafted in several languages, only the English version shall be deemed authentic.

The Parties to this contract undertake to make every effort to settle amicably any dispute that may arise from the performance of the Contract. However, if no solution can be found, the Parties agree that their dispute shall be brought before the competent courts of Paris.