Terms of Services

Last update: March 26, 2025

SOCURELY TERMS AND CONDITIONS

IMPORTANT – READ CAREFULLY. THESE TERMS AND CONDITIONS (THIS “AGREEMENT”) SET FORTH A LEGAL AGREEMENT BETWEEN YOU AND SOCURELY AND GOVERN YOUR USE OF SOCURELY’S PRODUCTS AND SERVICES. BY PLACING AN ORDER OR BY USING SOCURELY’S PRODUCTS OR SERVICES, YOU REPRESENT AND WARRANT THAT YOU (A) HAVE READ THIS AGREEMENT AND (B) AGREE TO BE LEGALLY BOUND BY THIS AGREEMENT AND ANY ORDER YOU ENTER INTO FROM TIME TO TIME. THE INDIVIDUAL WHO PLACES AN ORDER ON BEHALF OF AN ENTITY REPRESENTS AND WARRANTS THAT THEY ARE AN AUTHORIZED REPRESENTATIVE OF THE ENTITY WITH FULL POWER AND AUTHORITY TO BIND THE ENTITY TO SUCH ORDER AND THIS AGREEMENT. THIS AGREEMENT MAY BE MODIFIED FROM TIME TO TIME BY SOCURELY IN ACCORDANCE WITH SECTION 14(l).

Definitions. Capitalized terms used but not otherwise defined herein shall have the meanings assigned to such terms on Schedule 1.

Use of Technology Offerings and Audit Services.
Right to Use Technology Offerings. Subject to the terms and conditions of this Agreement and the applicable Order, Socurely grants to Customer a limited, non-exclusive, non-transferable, non-sublicensable right, during the Offering Term for the applicable Technology Offerings, to access and use such Technology Offerings and Documentation for Customer’s internal use by Customer’s employees and consultants (each, an “Authorized User”); provided, that, each such Authorized User may use the Technology Offerings solely on behalf of Customer.

Conditions and Restrictions. Notwithstanding anything to the contrary in this Agreement, the rights granted in Section 2(a) above do not authorize Customer to, and Customer will not (directly or indirectly) and save to the extent allowed by any applicable law which is incapable of exclusion by agreement between the parties: (i) reproduce (except for a number of copies of the Documentation as reasonably required for the use of the Technology Offerings internally by Authorized Users for Customer’s internal use), modify, adapt, alter, translate, or create derivative works of the Technology Offerings or the Documentation; (ii) rent, lease, loan, sell, distribute, disseminate, disclose, publish, display, transfer or otherwise make available (including on a time share, application service or outsourced basis) the Technology Offerings to any Person (except to Authorized Users as expressly authorized under this Section 2); (iii) reverse engineer, decompile, disassemble, decode or otherwise attempt to discover the source code, architecture, structure, or underlying technology of the Technology Offerings, except as and only to the extent any part of this restriction is prohibited by applicable law; (iv) use the Technology Offerings or the Documentation for purposes of (A) engaging in any activities in violation of applicable laws, rules or regulations or (B) competitive or benchmarking analysis or for development of a competing product, service or other offering; (v) gain unauthorized access to, interfere with, damage or disrupt any portions of the Technology Offerings (including any servers, databases or accounts), or attempt to do any of the foregoing; (vi) introduce into the Technology Offerings any viruses, trojan horses, worms, logic bombs or other material which is malicious or technologically harmful, (vii) remove any copyright or other Intellectual Property Rights notices contained within the Technology Offerings or Documentation, or (viii) use the Technology Offerings in any manner that could disable, overburden, damage, or impair the Technology Offerings or interfere with the authorized use of the Technology Offerings by others.

Authorized Users. Customer is responsible for all activities that occur as a result of the use of log-in credentials issued to or adopted by Authorized Users. Customer will ensure that its Authorized Users maintain the security and confidentiality of such log-in credentials and will notify Socurely promptly of any unauthorized use of such log-in credentials or any other breach of security known to Customer. Customer will ensure that its Authorized Users comply with the terms and conditions of this Agreement that are applicable to Customer with respect to access and use of the Technology Offerings and Documentation and agrees that Customer will be responsible for any non-compliance with such terms. Socurely will have the right (but not the obligation) to monitor use of the Technology Offerings to confirm Customer’s compliance with the terms of this Agreement.

Audit Services. Subject to the terms and conditions of this Agreement, Socurely will provide those Audit Services as may be described in any Order or otherwise purchased by Customer. In connection with Socurely’s performance of Audit Services, Customer will provide Socurely personnel with all such cooperation and assistance as they may reasonably request, or as otherwise may reasonably be required, to enable Socurely to provide any Audit Services under and in accordance with the terms and conditions of this Agreement and the applicable Order. In providing the Audit Services, Socurely assumes the truthfulness of all evidence and data that Customer provides regarding the nature and implementation of the relevant controls. Customer acknowledges and agrees that Audit Services will be performed by third-party providersand will be deemed Third Party Services hereunder, and the providers of such Audit Services will be deemed Third Party Providers hereunder.

Supplementary Terms; Modification and Discontinuation of Technology Offerings. Customer acknowledges and agrees that its use of certain Socurely Offerings may be subject to additional terms and conditions (“Supplementary Terms”). To the extent any Supplementary Terms are referenced in an Order or otherwise provided to Customer in connection with Customer’s or an Authorized User’s use of Socurely Offerings, Customer agrees to be bound by such Supplementary Terms with respect to such Socurely Offerings. Customer may be notified of such additions or changes electronically (including through e-mail or through the applicable Technology Offering), or by Socurely posting updated pricing information to its website.

Intellectual Property Rights. Customer acknowledges that the Technology Offerings and Documentation are not sold to Customer. Except for the limited rights expressly granted to Customer in Section 2 above, nothing in this Agreement will be construed, either by implication, estoppel, or otherwise, as a grant to Customer of any right, title, or interest in the Technology Offerings or Documentation (including any Intellectual Property Rights with respect to any of the foregoing), and Customer hereby disclaims any and all right, title, or interest in the same. As between the parties, Socurely and/or its licensors will retain exclusive ownership and title (including all Intellectual Property Rights) in and to the Technology Offerings and Documentation. Anything to the contrary notwithstanding, to the extent that Customer (including any Authorized User) provides to Socurely any suggestions, recommendations, or other feedback relating to any modifications, corrections, improvements, updates or enhancements to the Technology Offerings and/or other Socurely offerings (whether current or proposed) (collectively, “Feedback”), Customer hereby grants to Socurely a fully paid, royalty-free, non-exclusive, irrevocable, worldwide, perpetual, fully transferable and sublicensable (through multiple tiers), royalty-free license to use and otherwise exploit the Feedback without restriction.

Customer Data.

Customer Obligations. Customer represents and warrants that: (i) Customer has obtained all necessary rights and consents in and with respect to the Customer Data to (A) use the Customer Data in connection with the Socurely Offerings and (B) to grant Socurely the rights to use the Customer Data as set forth in this Agreement; and (ii) the Customer Data (including the use thereof pursuant to the rights granted under this Agreement) does not violate, misappropriate or infringe the Intellectual Property Rights of any Person or violate any applicable laws, rules or regulations.

Customer Ownership; Socurely Rights of Use. As between the parties, Customer will retain all of its ownership rights in the Customer Data (including all Intellectual Property Rights with respect thereto). Socurely may use the Customer Data for the purposes of providing and improving the Socurely Offerings and otherwise performing under this Agreement. Customer acknowledges and agrees that Socurely may collect data relating to the operation of the Technology Offerings, including patterns identified through the use of the Technology Offerings and data regarding the performance of the Technology Offerings (“Usage Data”); provided, that such Usage Data does not contain any Customer Data. Customer agrees that Socurely shall have the right to use any Usage Data, during and after the Term, in connection with monitoring, developing, improving and providing the Technology Offerings and its other offerings (whether current or proposed).

Data Security. Socurely will maintain administrative, physical, and technical safeguards designed to protect the security and integrity of the Customer Data from unauthorized access, use or disclosure. Socurely may, from time to time, publish certain information regarding its data security practices and procedures on its website or through the Technology Offerings, including information regarding security audits or self-assessments undertaken by Socurely. Socurely reserves the right to change and improve its data security practices and procedures from time to time in its sole discretion.

Third Party Services. Socurely may from time to time recommend, enable integration with, or otherwise facilitate the provision of third-party products, services or offerings (“Third Party Services”). Third Party Services includes Audit Services provided to Customer. Third Party Services are not part of the Socurely Offerings. Socurely has no control over such Third Party Services and will not be responsible or liable to Customer or anyone else for such Third Party Services. Customer’s (including any Authorized User’s) purchase, access or use of any such Third Party Services is solely between Customer and the applicable Third Party Services provider (“Third Party Provider”).

Fees and Payments.

Fees. Customer will pay to Socurely fees based on the rates and charges as set forth in the applicable Order and as may be updated from time to time in accordance with this Agreement (“Fees”). The recurring Fees (whether fixed or variable) for the Technology Offerings will be assessed on the billing cycle basis as indicated on the Order. If Customer’s use of the Technology Offerings exceeds the volume included in the applicable subscription, any such excess usage will be priced in accordance with the applicable schedule or at Socurely’s then-current standard rates. With respect to each Renewal Subscription Period or each new engagement for Audit Services, Socurely may increase the Fees payable for such Renewal Subscription Period or such new engagement by providing notice of the increased Fees to Customer at least thirty (30) days prior to the commencement of the Renewal Subscription Period or in connection with the Order for such new engagement, as applicable. In addition, Socurely may increase the cost of Audit Services to the extent Socurely’s out-of-pocket costs of providing such Audit Services increases (including as a result of increased fees assessed by the Audit Partner, if applicable). The notices contemplated in this Section 6(a) may be provided in writing, electronically (including through e-mail or through the applicable Technology Offering).

Expenses. Customer will reimburse Socurely for any expenses incurred by Socurely that are specified for reimbursement in the Order or are otherwise approved in writing (which may be via email) by Customer. Upon Customer’s request, Socurely will provide reasonable supporting documentation with respect to any such expense reimbursements.

Invoicing; Payment Terms. Unless otherwise expressly provided in the Order, with respect to Technology Offerings, (i) Fees for the Initial Subscription Period will be invoiced in advance on or around the effective date of the Order and (ii) Fees for the Renewal Subscription Period will be invoiced in advance on or around the first day of each such Renewal Subscription Period. Unless otherwise expressly provided in the applicable Order, any other Fees (including overage Fees for use of the Technology Offerings and Fees for all Audit Services) and any reimbursable expenses will be invoiced on a monthly basis in arrears. Unless otherwise expressly provided in the applicable Order, Customer will pay all Fees, reimbursable expenses and any other amounts due within thirty (30) days following the date of invoice, without deduction or set-off. Customer will pay interest at a rate of 1.5% per month, or, if less, the maximum rate permitted by law, on any unpaid amount to Socurely under this Agreement for such time as the outstanding balance remains past due. Failure of Customer to pay any amounts when due under and in accordance with this Agreement will constitute a material breach of this Agreement, and Customer agrees to reimburse Socurely for any and all reasonable attorneys’ fees and other costs of collection or litigation incurred by Socurely in connection with its efforts to collect such amounts.

Taxes. All amounts payable by Customer to Socurely are exclusive of any applicable sales, use, value-added taxes and other assessments imposed by any governmental authority upon or with respect to the transactions and/or payments under this Agreement (collectively, “Taxes”). Customer is responsible for paying Taxes, excluding, for the avoidance of doubt, any taxes assessable against Socurely based on its income, property or employees. If Socurely is obligated under applicable law to collect or pay any Taxes, Customer agrees to pay to Socurely, in addition to the amounts owed to Socurely, such Taxes as invoiced, unless Customer provides Socurely with a valid tax exemption certificate for each jurisdiction in which it is claiming an exemption from such Taxes. Unless otherwise agreed to by the parties, the Socurely Offerings provided by Socurely to Customer under this Agreement are provided and sourced to Customer at the billing address identified on the applicable Order. Customer will make payment of all amounts owed to Socurely under this Agreement free and clear of any tax deduction or withholding, except to the extent otherwise required under applicable law. If any such tax deduction or withholding is required under applicable law, then the amount otherwise payable by Customer shall automatically be deemed to be increased such that the amount received by Socurely following the application of such withholding shall be equal to the amount that would have been received by Socurely if such withholding requirement did not apply.

Term and Termination.

Term. The term of this Agreement will commence on the effective date of the initial Order placed by Customer and, unless earlier terminated in accordance with this Section 7, will continue until all Offering Terms have expired or terminated (the “Term”). Upon the termination of this Agreement (as a whole), all then-existing Offering Terms for all Socurely Offerings will terminate as of the date of such termination.

Offering Terms. For any Socurely Offering, the Offering Term will be calculated as follows:

with respect to Technology Offerings, the initial period indicated in the Order for such Technology Offerings (with such period measured from the effective date of the Order, unless otherwise provided in the Order) (such period, the “Initial Subscription Period”), and thereafter automatically renewing for consecutive renewal periods each equal to one year unless a party notifies the other party in writing at least thirty (30) days prior to the end of the then-current period of its decision not to renew (each renewal period, a “Renewal Subscription Period”); provided, that certain features and functionality purchased by Customer during the term of an Initial Subscription Period or a Renewal Subscription Period will be provided for the remaining duration of such Initial Subscription Period or Renewal Subscription Period, as applicable, subject to the automatic renewal mechanic contemplated herein; and

with respect to any Audit Services, the period commencing on the effective date of the applicable Order or the commencement of performance of such Audit Services and ending upon Socurely’s completion of such Audit Services or, if the applicable Order contemplates a specific time period for such Audit Services, the expiration of the time period contemplated in such Order. Audit Services will automatically recur annually unless either party notifies the other party in writing at least thirty (30) days prior to the date on which the Audit Services are scheduled to recur that it does not desire to receive or provide Audit Services for such calendar year.

Termination for Breach. This Agreement (as a whole) may be terminated by a party immediately upon notice to the other party if the other party is in material breach of this Agreement and has failed to cure such breach within ten (10) days after notice of the breach or seeks protection under any bankruptcy, receivership, trust deed, creditors’ arrangement, composition, or comparable proceeding in any jurisdiction, or if any such proceeding is instituted against such party and is not dismissed within 60 days.

Effect of Termination. Upon termination or expiration of this Agreement (as a whole) or the Offering Term for a particular Socurely Offering, (i) all unpaid Fees and other amounts payable to Socurely under this Agreement with respect to the affected Socurely Offering(s) will become immediately due and payable and (ii) the rights granted to Customer with respect to the affected Socurely Offering(s) will terminate automatically.

Survival. Anything to the contrary notwithstanding, termination or expiration of this Agreement will not affect any of the parties’ respective rights or obligations that (A) are vested pursuant to this Agreement as of the effective date of such termination or expiration (including obligations for payment and remedies for breach of this Agreement) or (B) arise under Sections 1 (“Definitions”), 3 (“Ownership of Technology Offerings and Documentation”), 4(b) (“Usage Data”), 6 (“Fees and Payments”), 7(d) (“Effect of Termination”), 7(e) (“Survival”), 8 (“Confidentiality”), 9 (“Compliance with Laws”), 11 (“Disclaimers”), 12 (“Limitations of Liability”), 13 (“Indemnity”) and 14 (“Miscellaneous”).

Suspension of Use. Socurely may suspend access to and use of the Technology Offerings if, in Socurely’s reasonable good faith determination, suspension of the Technology Offerings is necessary to avoid or mitigate harm to the security of Socurely’s systems or data.

Confidentiality.

Each party (a “Receiving Party”) agrees that any and all information (regardless of form or medium) obtained or otherwise received by Receiving Party from, through, by or on behalf of the other party (a “Disclosing Party”) during the Term that (i) is conspicuously marked as “proprietary” or “confidential” or similar designation, or (ii) if disclosed orally or visually, is identified by Disclosing Party as “proprietary” or “confidential” or similar designation either through an oral or written statement at the time of such disclosure or through a written statement delivered to Receiving Party within a reasonable period of time (not to exceed ten (10) days) following such disclosure, or (iii) based on the nature of the information, or the manner of its disclosure, should reasonably be considered as confidential, in each case, will be deemed the confidential information of Disclosing Party (“Confidential Information”). Examples of Confidential Information include information consisting of or relating to the Disclosing Party’s technology, information security and audit information, trade secrets, know-how, business operations, plans, strategies, customers, and pricing, and similar information with respect to which the Disclosing Party has contractual or other confidentiality obligations. Receiving Party will maintain the Confidential Information in confidence and, subject to the terms and conditions of this Section, will not disclose or use any Confidential Information. Receiving Party agrees to use the same degree of care to protect the Confidential Information as it uses to protect its own confidential information of like importance, but in no event will Receiving Party use less than reasonable care.

Receiving Party may use the Confidential Information only as reasonably necessary to perform its duties and/or exercise its rights subject to and in accordance with this Agreement, and for no other purpose, commercial or otherwise (including to inform any decision to transact in securities of the Disclosing Party). Receiving Party may disclose the Confidential Information only to those (i) Receiving Party employees, contractors and representatives, (ii) Disclosing Party employees, contractors and representatives, and (iii) such other Persons approved in writing by Disclosing Party, in each case who need to know the Confidential Information in order to assist Receiving Party in its authorized use of the Confidential Information; provided, that, in the case of disclosure to Receiving Party employees, contractors and representatives, such Persons agree to be bound by obligations of confidentiality and nonuse (without further rights of distribution) no less restrictive than those contained herein, and Receiving Party will be jointly and severally liable for any such Person’s breach of the foregoing obligations of confidentiality and nonuse.

Disclosure or use of any Confidential Information will not be restricted to the extent that: (i) it is or becomes generally available to the public without any breach of this Agreement, (ii) it is rightfully known to Receiving Party without restriction prior to the date of disclosure by or on behalf of Disclosing Party hereunder; (iii) Receiving Party rightfully obtains it from a third party who Receiving Party reasonably believes has the right to transfer or disclose it without restriction; or (iv) it is developed independently by Receiving Party without any breach of this Agreement and without any use of the Confidential Information.

Further, disclosure of any Confidential Information to any judicial or other governmental entity will not be prohibited to the extent that such disclosure is required by applicable laws, so long as (Y) Receiving Party will first have given prompt written notice to Disclosing Party of the same (to the extent not prohibited by applicable law), and (Z) Receiving Party reasonably cooperates with Disclosing Party’s efforts to prevent or limit any such disclosure.

Compliance with Laws. Each party agrees to comply with all laws, rules and regulations applicable to such party and its performance under this Agreement. Without limiting the foregoing, Customer shall comply with all applicable laws and regulations pertaining to trade and economic sanctions administered by the United States and any other jurisdiction applicable to this Agreement.

Limited Warranty; Remedies.

Socurely warrants that, during the Offering Term, the Technology Offerings will conform, in all material respects, to its specifications set forth in the then-current Documentation. In the event of a breach of the foregoing warranty, Socurely, at its sole expense, will use reasonable efforts to correct the non-conformance and, if Socurely is unable to correct such non-conformance after a reasonable time, then Customer may terminate the Offering Term with respect to such Technology Offerings upon notice to Socurely and be entitled to a refund of any pre-paid Fees for the applicable Socurely Offering attributable to the period following the effective date of termination (calculated on a pro-rated basis). THE PRECEDING SENTENCE SETS FORTH CUSTOMER’S SOLE AND EXCLUSIVE REMEDY, AND SOCURELY’S SOLE AND EXCLUSIVE LIABILITY, FOR THE BREACH OF THE WARRANTY SET FORTH ABOVE IN THIS SECTION 10(a).

Socurely warrants that it will perform all Audit Services in a professional and workmanlike manner. In the event of a breach of the foregoing warranty for which Customer provides notice to Socurely within thirty (30) days of the date of delivery, Socurely, at its sole expense, will use reasonable efforts to correct the non-conformance and, if Socurely is unable to correct such non-conformance after a reasonable time, then Customer may terminate the Offering Term with respect to such Audit Service and be entitled to a refund of the portion of the Fees paid by Customer with respect to such non-conforming Audit Service. THE PRECEDING SENTENCE SETS FORTH CUSTOMER’S SOLE AND EXCLUSIVE REMEDY, AND SOCURELY’S SOLE AND EXCLUSIVE LIABILITY, FOR THE BREACH OF THE WARRANTY SET FORTH ABOVE IN THIS SECTION 10(b).

Disclaimers.

NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, EXCEPT TO THE EXTENT OTHERWISE EXPRESSLY PROVIDED IN SECTION 10 ABOVE, SOCURELY (INCLUDING, FOR PURPOSES OF THIS SECTION, ITS LICENSORS AND SUBCONTRACTORS) DOES NOT MAKE ANY, AND HEREBY EXPRESSLY DISCLAIMS ALL, WARRANTIES, WHETHER EXPRESSED OR IMPLIED, WITH RESPECT TO THE SOCURELY OFFERINGS, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, WARRANTIES OF TITLE OR NON-INFRINGEMENT, OR ANY OTHER WARRANTIES THAT MAY ARISE FROM USAGE OF TRADE OR COURSE OF DEALING. WITHOUT LIMITING THE FOREGOING, SOCURELY DOES NOT REPRESENT OR WARRANT THAT (I) USE OF THE TECHNOLOGY OFFERINGS WILL CAUSE CUSTOMER TO PASS AN AUDIT OR ACHIEVE ANY PARTICULAR LEVEL OF COMPLIANCE OR SECURITY, INCLUDING ANY SUCH LEVEL OF COMPLIANCE OR SECURITY THAT MAY BE REQUIRED UNDER APPLICABLE LAWS, RULES OR REGULATIONS OR ANY CONTRACTS TO WHICH CUSTOMER IS PARTY OR (II) RESULTS FROM AUDIT SERVICES WILL BE REPRODUCIBLE, INCLUDING IN CONNECTION WITH A SEPARATE AUDIT CONDUCTED BY CUSTOMER OR ANY THIRD PARTY. THE RESULTS OF AUDIT SERVICES ARE DEPENDENT ON INFORMATION PROVIDED BY CUSTOMER, INCLUDING WITH RESPECT TO THE CONTROLS IMPLEMENTED BY CUSTOMER THAT ARE RELEVANT TO THE APPLICABLE AUDIT. ANY INACCURACY OR OMISSION IN SUCH INFORMATION MAY AFFECT THE RESULTS OF SUCH AUDIT, AND SOCURELY SHALL NOT BE RESPONSIBLE FOR ANY ERROR OR OMISSION IN ANY AUDIT REPORT TO THE EXTENT RESULTING FROM SUCH INACCURACY OR OMISSION. WITHOUT LIMITING THE FOREGOING, SOCURELY MAY ENABLE CERTAIN AUDITS TO BE CONDUCTED THROUGH THE USE OF ARTIFICIAL INTELLIGENCE OR MACHINE LEARNING TECHNOLOGIES, AND SOCURELY DOES NOT GUARANTEE THE RESULTS OR OUTPUT FROM SUCH AUDIT SERVICES..

CUSTOMER ACKNOWLEDGES AND AGREES THAT CERTAIN AUDIT SERVICES ARE LEGALLY REQUIRED TO BE PROVIDED BY AN AUDIT PARTNER. IN SUCH CASES, THE AUDIT PARTNER (AND NOT SOCURELY) IS THE ENTITY THAT IS PROVIDING SUCH AUDIT SERVICES.

Limitation of Liability.

SUBJECT TO SUBSECTION (c) BELOW, IN NO EVENT WILL EITHER PARTY (OR, IN THE CASE OF SOCURELY, ITS LICENSORS) BE LIABLE TO THE OTHER PARTY OR ANY OTHER PERSON FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES, OR ANY DAMAGES FOR LOSS OF REVENUE OR PROFIT, LOSS OF DATA, OR LOSS OF TIME OR BUSINESS, ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SOCURELY OFFERINGS, WHETHER LIABILITY IS ASSERTED IN CONTRACT OR IN TORT (INCLUDING STRICT LIABILITY OR NEGLIGENCE) OR OTHERWISE, AND REGARDLESS OF WHETHER SOCURELY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SUBJECT TO SUBSECTION (c) BELOW, IN NO EVENT WILL THE TOTAL MAXIMUM AGGREGATE LIABILITY OF SOCURELY FOR ANY AND ALL CLAIMS, DAMAGES AND LIABILITIES ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SOCURELY OFFERINGS, WHETHER LIABILITY IS ASSERTED IN CONTRACT OR IN TORT (INCLUDING STRICT LIABILITY OR NEGLIGENCE) OR OTHERWISE, EXCEED THE TOTAL AMOUNT OF FEES PAID TO SOCURELY BY CUSTOMER UNDER THE APPLICABLE ORDER DURING THE 12-MONTH PERIOD PRIOR TO THE OCCURRENCE OF THE EVENT GIVING RISE TO SUCH CLAIM, DAMAGE OR LIABILITY.

THE EXCLUSIONS AND LIMITATIONS OF LIABILITY SET FORTH IN SECTIONS 12(a) AND 12(b) DO NOT APPLY TO (I) EITHER PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT OR (II) EITHER PARTY’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

Indemnity.

Socurely will indemnify and defend Customer from and against any third party claim that the Technology Offerings or the Documentation infringe, violate or misappropriate the Intellectual Property Rights of any other Person; provided, that such indemnification obligations will not extend to any such claim to the extent based on (i) any modification to the Technology Offerings or the Documentation made by or on behalf of Customer without Socurely’s written approval, (ii) the combination of the Technology Offerings or the Documentation with any technology (including any software, hardware, firmware, system or network) not provided by Socurely, including the Third Party Services, (iii) any Customer Data, or (iv) Customer’s use of the Technology Offerings or the Documentation in violation of the terms, conditions and restrictions set forth in this Agreement. If Customer’s use of the Technology Offerings or the Documentation is, or, in Socurely’s opinion, is likely to be, enjoined due to any such alleged infringement, then Socurely, at its sole option and expense, may, in addition to its indemnification obligations under this Section 13(a), do one or more of the following: (X) obtain for Customer the right to continue using the alleged infringing item as otherwise provided in this Agreement; (Y) replace or modify the alleged infringing item so that it is no longer infringing, and require Customer to implement such replaced or modified item; or (Z) terminate this Agreement upon notice to Customer and refund to Customer any pre-paid Fees for the Technology Offerings attributable to the period following the effective date of termination (calculated on a pro-rated basis). Socurely’s obligations pursuant to this Section 13(a) states the entire obligation of Socurely and its suppliers, and the exclusive remedy of Customer, with respect to the infringement, violation or misappropriation of any Intellectual Property Rights.

Customer will indemnify and defend Socurely from and against any third-party claim that arises out of or relates to (i) Customer’s breach or violation of Section 2 (“Use of Technology Offerings, Audit Services”) or Section 4(a) (“Customer Obligations”) or (ii) any third party claim excluded from Socurely’s indemnification obligations pursuant to subsections (i) through (v) of Section 13(a) or (iii) any litigation matter in which Customer or Authorized Users are engaged.

In the event of any such indemnifiable claims, the party seeking indemnification (the “Indemnified Party”) will notify the party required to provide indemnification (the “Indemnifying Party”) of any matter with respect to which the Indemnified Party may seek indemnification from the Indemnifying Party under this Section promptly after the Indemnified Party becomes aware of such matter; provided, however, that any failure to give prompt notice of any such matter will not relieve the Indemnifying Party from any of its liabilities or obligations hereunder with respect to such matter unless (and then only to the extent that) such failure adversely affects the ability of the Indemnifying Party to defend any claim arising out of such matter. The Indemnifying Party will assume the defense and have sole control over the defense and settlement of any claim subject to indemnification hereunder, and will pay any amounts awarded in judgment or agreed in settlement against the Indemnified Party with respect to such claim, provided that (i) the Indemnified Party will have the right to participate in the defense with counsel of its own choice and (ii) the Indemnifying Party may not settle any such claim that would bind the Indemnified Party to any obligation (other than payment covered by the Indemnifying Party or ceasing to use infringing materials) or require any admission of fault by the Indemnified Party, without the Indemnified Party’s prior written consent, such consent not to be unreasonably withheld or delayed. The fees and expenses of any counsel retained by the Indemnified Party will be at the expense of the Indemnified Party.

Miscellaneous.

Governing Law. THIS AGREEMENT WILL BE GOVERNED BY AND CONSTRUED IN ACCORDANCE WITH THE LAWS OF THE STATE OF DELAWARE, WITHOUT REGARD TO PRINCIPLES OF CONFLICT OF LAWS. EACH PARTY IRREVOCABLY SUBMITS AND CONSENTS TO THE JURISDICTION OF THE UNITED STATES DISTRICT COURTS FOR THE DISTRICT OF DELAWARE, AND THE DELAWARE STATE COURTS, LOCATED IN NEW CASTLE COUNTY, DELAWARE, AND, SUBJECT TO THE PROVISIONS OF SECTION 14(b) (“ARBITRATION”) BELOW, HEREBY AGREES THAT SUCH COURTS WILL BE THE EXCLUSIVE PROPER FORUM FOR THE DETERMINATION OF ANY DISPUTE ARISING OUT OF OR RELATING TO THIS AGREEMENT. FURTHERMORE, SUBJECT TO THE PROVISIONS OF SECTION 14(b) (“ARBITRATION”) BELOW, EACH PARTY HEREBY IRREVOCABLY AND UNCONDITIONALLY WAIVES ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN RESPECT OF ANY LEGAL ACTION ARISING OUT OF OR RELATING TO THIS AGREEMENT.

Arbitration.

Subject to the provisions of Section 14(c) below, the parties agree that any dispute between the parties arising out of or relating to this Agreement shall be resolved by binding arbitration administered by the American Arbitration Association in New Castle County, Delaware in accordance with its commercial arbitration rules then in effect, and judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. The arbitrator shall be an attorney licensed in Delaware with experience in legal issues related to commercial software-as-a-service. The award shall be made within nine months of the filing of the notice of intention to arbitrate (demand), and the arbitrator shall agree to comply with this schedule before accepting appointment. This time limit may be extended by the arbitrator for good cause shown, or by mutual agreement of the parties. Any award in an arbitration initiated under this clause shall be limited to monetary damages and shall include no injunction or direction to any party other than the direction to pay a monetary amount. The arbitrator shall have the authority to allocate the costs of the arbitration process among the parties, including attorneys’ fees. Except as may be required by law or as necessary to enforce the award in a court of law, neither party nor the arbitrator may disclose the existence, content, or results of any arbitration hereunder without the prior written consent of both parties, except that a party may disclose such information to its attorneys or auditors who are subject to confidentiality and ethical obligations. The parties agree that failure or refusal of a party to pay its required share of the deposits for arbitrator compensation or administrative charges shall constitute a waiver by that party to present evidence or cross-examine witnesses. In such event, the other party shall be required to present evidence and legal argument as the arbitrator may require for the making of an award.

Equitable Remedies. Customer agrees that its breach of Sections 2, 4, or 8 of this Agreement would cause irreparable harm to Socurely for which monetary damages alone would not be an adequate remedy. Accordingly, Customer agrees that, in addition to any other remedies to which Socurely may be entitled, in the event of any such breach by Customer, Socurely will be entitled to seek equitable relief (including injunctive relief) with respect to any such breach in any court of competent jurisdiction (notwithstanding any exclusive venue or arbitration provisions of this Agreement) without the requirement of posting bond.

Free Trials. From time to time, Socurely may make a Free Trial Service available to Customer at no charge. Customer may choose to try such Free Trial Service or not in its sole discretion. If Customer uses a Free Trial Service, Socurely will make such Free Trial Service available to Customer on a trial basis, free of charge, until the earlier of (a) the end of the free trial period for which Customer agreed to use such Free Trial Service, (b) the start date of any Technology Offerings subscription purchased by Customer that includes such Free Trial Service, or (c) termination of the Free Trial Service by Socurely in its sole discretion. A free trial period may be extended upon mutual agreement by Socurely and Customer. Notwithstanding anything to the contrary in this Agreement, a Free Trial Service is provided “AS IS.” Socurely MAKES NO REPRESENTATION OR WARRANTY AND SHALL HAVE NO INDEMNIFICATION OBLIGATIONS WITH RESPECT TO A FREE TRIAL SERVICE. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, Socurely SHALL HAVE NO LIABILITY OF ANY TYPE WITH RESPECT TO A FREE TRIAL SERVICE, UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW, IN WHICH CASE Socurely’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO A FREE TRIAL SERVICE IS LIMITED TO A MAXIMUM OF USD $1,000. CUSTOMER SHALL NOT USE THE FREE TRIAL SERVICE IN A MANNER THAT VIOLATES APPLICABLE LAWS AND WILL BE FULLY LIABLE FOR ANY DAMAGES CAUSED BY ITS USE OF A FREE TRIAL SERVICE. ANY DATA OR INFORMATION ENTERED INTO THE FREE TRIAL SERVICE BY CUSTOMER MAY BE PERMANENTLY LOST UPON TERMINATION OF THE FREE TRIAL SERVICE. Customer agrees that it will not make any public statements or otherwise disclose its participation in the Free Trial Service without Socurely’s prior written consent. Socurely may change or not release a final or commercial version of a Free Trial Service in its sole discretion.

Severability. If a court of competent jurisdiction finds any provision of this Agreement to be unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible so as to effect the intent of the parties, and the remainder of this Agreement will continue in full force and effect.

Notices. Except to the extent as may be otherwise expressly permitted in this Agreement and for routine electronic communications regarding the Socurely Offerings provided on or through the Technology Offerings, any notice required or permitted under this Agreement will be in writing, and will be delivered by email to the parties as follows: if to Customer, at the address(es) indicated in the Order; and if to Socurely, at contact@socurely.com. Notice given will be deemed effective on the date delivered. Either party may change the person(s) and/or address(es) designated for notice effective ten (10) days following delivery of notice of such change(s).

Marketing Materials. Customer hereby consents to Socurely’s inclusion of Customer’s name and logo on Socurely’s website and in other Socurely marketing materials (whether in hard copy or electronic form) in order to factually identify Customer as a current customer. To the extent Customer provides Socurely with standard trademark usage guidelines, Socurely shall use the Customer’s name and logo in accordance with such guidelines.

Assignment. Neither party may assign or otherwise transfer this Agreement, or any of its rights or obligations hereunder, in any manner without the prior written consent of the other party; provided, however, that a party may assign and transfer this Agreement, and all of its rights and obligations hereunder, without the consent of the other party, to the purchaser or surviving entity in connection with a sale of its business (whether directly or indirectly and whether by way of merger, exchange, consolidation or combination, or sale of fifty percent (50%) or more of its capital stock or similar ownership interests, or sale of all or substantially all of its assets)f”. Subject to the foregoing, this Agreement will be binding on the parties and their respective successors and assigns.

Interpretation. Each instance in this Agreement of the words “include,” “includes,” and “including” will be deemed to be followed by the words “without limitation.” As used in this Agreement, the term “days” means calendar days, not business days, unless otherwise specified. All headings or section divisions contained in this Agreement are for reference purposes only and will not be construed to affect the meaning or interpretation of this Agreement. There are no intended third-party beneficiaries of this Agreement.

Independent Contractors. The relationship between the parties is that of independent contractors. Nothing in this Agreement will be construed as creating any agency, partnership, joint venture or other form of joint enterprise, employment or fiduciary relationship between the parties, and neither party will have the authority to contract for or bind the other party in any manner whatsoever.

Force Majeure. Socurely will not be liable for any failure or delay in performance resulting from any event beyond its reasonable control, including due to fire, flood, action or decree of civil or military authority, insurrection, act of war, vandalism, terrorism, hackers, denial of service attacks, epidemic or pandemic, labor disputes or shortages, material shortages, power outages, failure of internet connections, failure of suppliers, or embargo.

Waiver; Amendments. No waiver of any provision of this Agreement will be effective unless made in writing and signed by the party to be charged with such waiver. From time to time, Socurely may modify this Agreement by providing notice to Customer. Such notice may be provided in writing, electronically (including through e-mail or through the applicable Technology Offering), or by Socurely posting an updated version of this Agreement to its website. Unless otherwise specified by Socurely, changes become effective on the date of such notice or such later date identified in such notice; provided, that with respect to Technology Offerings, the modified version of this Agreement will not become effective as to such Technology Offerings until the first day of the next Renewal Subscription Period that follows the effective date of the modification. Continued use of any Socurely Offerings after a modified version of this Agreement goes into effect will constitute Customer’s acceptance of such modified version. Any Order may be amended, supplemented or otherwise modified as agreed to in writing (including electronically) by Customer and Socurely, including through terms accepted by Customer within the Technology Offerings (any of the foregoing, an “Order Amendment”). Each Order Amendment shall, unless specifically designated as applying to multiple Orders, apply only to the specific Order referenced in such Order Amendment. For clarity, nothing in this Section 14(l) shall restrict Socurely from modifying Fees in the manner contemplated in Section 6(a).

Entire Agreement. This Agreement constitutes the entire agreement of the parties with respect to the subject matter hereof and supersedes any and all prior representations, warranties, understandings or agreements (written or oral) between the parties with respect to the subject matter hereof. Without limiting the foregoing, no terms or conditions stated in a Customer purchase order, vendor onboarding process or web portal, or any other Customer order documentation (excluding Orders) shall be incorporated into or form any part of this Agreement, and each of the foregoing shall be null and void ab initio. If Customer is party to an existing Master Services Agreement or other existing agreement with Socurely (a “Prior Agreement”), Customer acknowledges and agrees that this Agreement shall apply to all Orders that reference this Agreement and shall supersede the Prior Agreement with respect to such Orders. In the event of a conflict between or among this Agreement and an Order, the provisions contained in this Agreement will prevail over any conflicting provisions in the Order (except to the extent that the Order specifically references that a particular Section of this Agreement is being altered (including Section number), and where a specific Section of this Agreement is referenced and varied in an Order, that change, unless it is specifically designated as applying to multiple Orders, only applies to the Order in which it is contained and it does not otherwise vary this Agreement in respect of any other Order then in force or any future Order which may be entered into by the parties). The terms of each Order shall apply solely with respect to the Technology Offerings and/or Audit Services subject to such Order.

SCHEDULE 1

DEFINITIONS

A. “Audit Partner” means a licensed accounting firm or other accredited advisory firm that is engaged by Socurely to assist in providing Audit Services. For clarity, an accounting firm or other accredited advisory firm that is engaged directly by Customer will not be deemed an Audit Partner for purposes of this Agreement.

B. “Audit Services” means any audit services identified in an Order to be provided by Socurely, directly or indirectly through its Audit Partner.

C. “Customer” means the company or other legal entity placing an Order or using the Socurely Offerings.

D. “Customer Data” means any and all data that is uploaded, submitted, transmitted or otherwise provided by Customer or an Authorized User (i) to the Technology Offerings or (ii) to Socurely for provision of Audit Services.

F. “Data Protection Laws” means all laws relating to the use, protection and privacy of personal data or personal information (including, without limitation, the privacy of electronic communications) which are from time to time applicable to Customer, Socurely or the Socurely Offerings.

G. “Socurely” means IDation Tech Inc., a company incorporated under the laws of the State of Delaware.

H. “Socurely Offerings” means the Technology Offerings and/or the Audit Services, as applicable.

I. “Documentation” means any user guides, training materials, and other technical documentation published by Socurely describing the features, functionality, use and operation of the Technology Offerings that Socurely makes generally available to its users of the Technology Offerings.

J. “Free Trial Service” means any Socurely service or functionality that Socurely makes available to Customer to try at Customer’s option, at no additional charge, and which is designated as “beta,” “trial,” “pilot,” “free trial,” “evaluation,” or by similar designation.

K. “Intellectual Property Rights” means any and all patent rights, copyrights, trademark rights, trade secret rights, sui generis database rights, and other proprietary or intellectual property rights, whether now existing or hereafter arising, under the laws of any jurisdiction.

L. “Offering Term” means the period for which any Socurely Offering is provided.

M. “Order” means an order either (i) agreed to in writing (including electronically) by Customer and Socurely or (ii) completed and submitted by Customer online at the Socurely site or through the Technology Offerings, including, in each case any and all schedules or other supplementary terms included therein or incorporated by reference therein.

N. “Person” means any individual, partnership, corporation, limited liability company, trust, joint stock company, government (including any department or agency thereof) or any other form of association or entity.

O. “Technology Offerings” means the Socurely-provided technology offering(s) identified in an Order or otherwise purchased by, or made available to, Customer (as the same may be updated from time to time) but excluding any Free Trial Service.

Terms of Services

Last update: July 18, 2023

This Master Subscription Agreement (“Agreement” or “MSA”) is between IDationTech Inc., the creator, owner and manager of Socurely (“Socurely”, “we”, “us”, or “our”) and the customer (“you”, “your”, “user” or “customer”).
By accepting this Agreement by: (a) clicking a box indicating acceptance; (b) executing an Order Form that references this Agreement; or (c) using the Services on a free trial basis, Customer agrees to the terms of this Agreement.

If the individual accepting this Agreement is accepting on behalf of a company or other legal entity, such individual represents that they have the authority to bind such entity and its Affiliates to this Agreement, and the term “Customer” shall refer to such entity and its Affiliates. If the individual accepting this Agreement does not have such authority or does not agree with the terms and conditions of this Agreement, such individual must not accept this Agreement and may not use the Services.

If Customer is provided with access to the Services on a free trial basis, the section of this Agreement entitled “Free Trial Services” will govern such access.

The Services may not be accessed for the purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes. Socurely’s competitors are prohibited from accessing the Services, except with Socurely’s prior written consent.

This Agreement is effective as of the date Customer accepts this Agreement.

1 – Services

The “Services” mean the products and services that are ordered by Customer from Socurely in an Order Form referencing this MSA or, if applicable, the Free Trial Services that are made available to Customer. Services exclude any products or services provided by third parties, even if Customer has connected those products or services to the Services. Subject to the terms and conditions of this MSA, Socurely will make the Services available to Customer during the Term.

2 – Fees and Payment

Fees: Customer will pay to Socurely all fees set forth in Order Forms (the “Fees”). Except as otherwise set forth in this Agreement or an Order Form, payment obligations are non-cancelable, and Fees paid are non-refundable.
Price Changes: Socurely may increase the Fees upon renewal of each Order Form subscription term by providing written notice to Customer at least thirty (30) days prior to the commencement of the applicable renewal subscription term.
Invoices and Payments: Except as otherwise set forth in the relevant Order Form, Socurely will invoice Customer, or, where Customer has provided valid credit card information to Socurely, Socurely will charge Customer, for all Fees annually in advance. Unless otherwise stated in the Order Form, full payment for invoiced Fees is due within 30 days after the invoice date.
Late Payments: Customer will be responsible for reasonable costs and expenses incurred by Socurely in the collection of any overdue Fees. If any Fees are 15 days or more overdue, Socurely may, without limiting its other rights and remedies, immediately suspend Services until such amounts are paid in full, provided that Socurely will use commercially reasonable efforts to give Customer at least 5 days’ prior written notice that its account is overdue before suspending Services.
Taxes: Except as otherwise set forth in the relevant Order Form, Fees do not include local, state, or federal taxes or duties of any kind and any such taxes will be assumed and paid by Customer, except for taxes on Socurely based on Socurely’s income or receipts.
Discounts and Promotional Pricing: Prices specified in the Order Form may include discounts or promotional pricing. These discounts or promotional pricing amounts may be temporary and may expire upon the commencement of a Renewal Term, without additional notice. Socurely reserves the right to discontinue or modify any promotion, sale or special offer at its sole and reasonable discretion.
Free Trial Services: If Customer is granted access to Free Trial Services, Socurely will make the applicable Free Trial Services available to Customer pursuant to this MSA starting from the time that Customer registers and is approved for such Free Trial Services until the earlier of: (a) the end of the Free Trial Services period communicated to Customer; (b) the start date of any Order Form executed by Customer for Service(s) in exchange for payment; or (c) termination by Socurely in its sole discretion.

Any Customer Information That Customer Provides Or Makes Available To Socurely During The Provision Of Free Trial Services May Be Permanently Deleted, At Socurely’s Discretion, Unless Customer Executes An Order Form For The Same Services As Those Covered By The Free Trial Services Or Exports Such Customer Information Before The End Of The Free Trial Services Period.

Notwithstanding The “representations, Warranties And Disclaimers” Section And “indemnification” Section Below, Free Trial Services Are Provided “as-is” Without Any Warranty And Socurely Shall Have No Indemnification Obligations Nor Liability Of Any Type With Respect To The Free Trial Services Unless Such Exclusion Of Liability Is Not Enforceable Under Applicable Law In Which Case Socurely’s Liability With Respect To The Free Trial Services Shall Not Exceed $1,000.00. Notwithstanding Anything To The Contrary In The “limitation Of Liability” Section Below, Customer Shall Be Fully Liable Under This Agreement To Socurely And Its Affiliates For Any Damages Arising Out Of Customer’s Use Of The Free Trial Services, Any Breach By Customer Of This Agreement And Any Of Customer’s Indemnification Obligations Hereunder.

3 – Use of the Services

Licenses: Socurely grants the Customer a non-exclusive, non-transferable, and non-sublicensable right and license to access and utilize the Services, as outlined in the Order Form or on a Free Trial Services basis, all in accordance with the terms and conditions of this MSA and the Order Form (if applicable). In return, the Customer grants Socurely a non-exclusive, non-transferable, and non-sublicensable right and license to use the Customer Information exclusively for the purpose of delivering the Services to the Customer.
Feedback: Customer hereby grants Socurely a perpetual, irrevocable, royalty-free and fully paid right to use and otherwise exploit in any manner any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer related to the Services or other Socurely products or services, including for the purpose of improving and enhancing the Services, provided that Customer is not referenced in such use.
Use Restrictions: Customer Users will not: (a) “frame,” distribute, resell, or allow access to the Services by any third party, except as permitted by the Services’ features and functionality; (b) use the Services in violation of applicable laws; (c) interfere with, disrupt, or gain unauthorized access to the Services; (d) attempt, whether successfully or not, to decompile, disassemble, reverse engineer, uncover the underlying source code or structure of, or copy the Services; (e) provide Socurely with any Customer Information or Feedback that is unlawful, defamatory, harassing, discriminatory, or infringes on third-party intellectual property rights; (f) transfer or use on the Services any code, exploit, or undisclosed feature designed to delete, disable, deactivate, interfere with, or otherwise harm or provide unauthorized access to the Services; (g) use any robot, spider, data scraping, or extraction tool or similar mechanism in relation to the Services; (h) grant access to the Services to an individual associated with an Socurely Competitor (defined below); (i) extract information from the Services for the purpose of competing with Socurely; (j) encumber, sublicense, transfer, rent, lease, time-share, or use the Services in any service bureau or otherwise for the benefit of any third party; (k) copy, distribute, manufacture, adapt, create derivative works of, translate, localize, port, or otherwise modify any aspect of the Services; (l) introduce into the Services any software containing a virus, worm, “back door,” Trojan horse, or other harmful code; or (m) allow any third party to engage in any of the aforementioned prohibited actions. A “Socurely Competitor” refers to any entity that offers goods and services similar to those provided by Socurely, as determined by a commercially reasonable individual. The Customer must promptly notify Socurely of any violations of the prohibited uses by an Authorized User or a third party and require such Authorized User or third party to immediately cease any such use. Socurely reserves the right to suspend the Customer’s and/or Authorized User’s access to the Services if Socurely suspects a breach of this MSA.
Customer Responsibilities:Customer will: (a) use the Services only in accordance with this Agreement, Order Forms, Documentation and applicable laws and government regulations; (b) be responsible for Users’ compliance with this Agreement, Order Forms and Documentation; (c) be responsible for the accuracy, quality and legality of Customer Data, including the means by which Customer acquired Customer Data, and Customer’s use of Customer Data with the Services; and (d) use commercially reasonable efforts to prevent unauthorized access to or use of the Services, and notify Socurely promptly of any such unauthorized access or use. Any use of the Services in breach of the foregoing by Customer or Users that in Socurely’s judgment threatens the security, integrity or availability of Socurely’s services, may result in Socurely’s immediate suspension of the Services, however Socurely will use commercially reasonable efforts to provide notice and an opportunity to remedy such violation or threat prior to any such suspension.

Affiliates: We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
Service providers: We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Service (such as customer support, hosting, analytics, email delivery, marketing, and database management services).
Advertising partners: Third-party advertising companies for the interest-based advertising purposes.
Partners: We may sometimes share your personal information with partners or enable partners to collect information directly via our Service.
Professional advisors: We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us. For compliance, fraud prevention and safety: We may share your personal information for the compliance, fraud prevention and safety purposes.
Business transfers: We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in Socurely, financing of Socurely, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares), for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose some or all of your personal information to an acquirer, successor or assignee of Socurely as part of any business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization, sale of assets, or similar transaction, and/or in the event of bankruptcy, dissolution, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

4 – Term and Termination

Term: This Agreement will begin on the effective date of the first Order Form between the Parties and will continue for as long as any Order Form remains in effect, unless earlier terminated in accordance with this Agreement (the “Term”).
Term of Order Forms: The initial term of each Order Form will begin on effective date of such Order Form and continue for the subscription term set forth therein. Except as set forth in such Order Form, each Order Form will automatically renew for successive renewal terms equal in length to the initial term of such Order Form, unless either party provides the other party with written notice of non-renewal at least thirty (30) days prior to the end of the then-current subscription term.
Termination for Cause: Either party may terminate this Agreement immediately upon notice to the other party if: (a) the other party materially breaches this Agreement, and such breach remains uncured more than thirty (15) days after receipt of written notice of such breach; or (b) the other party: (i) becomes insolvent; (ii) files a petition in bankruptcy that is not dismissed within sixty (60) days of commencement; or (c) makes an assignment for the benefit of its creditors.
Effect of Termination: Upon the earlier of expiration or termination of this Agreement, the rights and licenses granted to Customer hereunder will immediately terminate, Customer will cease use of the Services and Documentation, and Customer will return or destroy all copies of the Documentation in its possession or control. Termination or expiration will not relieve Customer of its obligation to pay all Fees that accrued prior to such expiration or termination.

5 – Confidentiality

If the parties have a separate mutual nondisclosure agreement in place, that agreement will take precedence (the “Separate MNDA”). Otherwise, the term “Confidential Information” refers to any financial, technical, or business information belonging to a Party (the “Disclosing Party”) that is either designated as confidential when disclosed to the other Party (the “Receiving Party”) or reasonably understood to be confidential based on the nature of the information or the circumstances of its disclosure. Services Information and Customer Information are considered Confidential Information under this MSA or confidential under the Separate MNDA, as applicable. The Receiving Party must not disclose, duplicate, publish, transfer, or make available the Disclosing Party’s Confidential Information in any form to any person or entity without the Disclosing Party’s prior written consent, except as explicitly allowed in this MSA. The Receiving Party may only use the Disclosing Party’s Confidential Information to fulfill its obligations under this MSA, including, for Socurely, the provision of Services.

Notwithstanding the above, the Receiving Party may disclose Confidential Information if required by law, provided that the Receiving Party: (a) gives the Disclosing Party prior written notice of the disclosure, allowing the Disclosing Party a reasonable opportunity to object and obtain a protective order or other appropriate relief regarding the disclosure (if not prohibited by applicable law); (b) diligently attempts to limit disclosure and secure confidential treatment or a protective order; and (c) permits the Disclosing Party to participate in the proceeding. Additionally, Confidential Information does not include information that: (i) becomes publicly known without the Receiving Party’s breach of any obligation owed to the Disclosing Party; (ii) was independently developed by the Receiving Party without breaching any obligation owed to the Disclosing Party; or (iii) is received from a third party who acquired such Confidential Information without violating any obligation owed to the Disclosing Party.

6 – Representations, Warranties

Representations: Each party represents that it has validly entered into this Agreement and has the legal power to do so.
Warranties: Socurely warrants that during the applicable subscription term Socurely will not: (a) materially decrease the overall functionality of the Services; or (b) materially decrease the overall security of the Services.

The Customer must inform Socurely of any non-compliance regarding the Services under the above warranty within 30 days. If the Customer notifies Socurely within this timeframe, Socurely will make commercially reasonable efforts to rectify the non-compliance at no extra cost. If Socurely is unable to correct the non-compliant Services within a reasonable period, the Customer has the right to terminate the relevant Order Form and receive a prorated refund for any prepaid, unused Fees covering the remaining subscription term. The aforementioned remedy is the Customer’s exclusive recourse in the event of a breach of the limited warranties stated above.

7 – Disclaimers

(A) Except As Expressly Stated Herein, The Services And Reports Are Provided “as Is.” Neither Party Makes Any Warranty Of Any Kind, Whether Express, Implied, Statutory, Or Otherwise. Each Party Specifically Disclaims All Implied Warranties, Including Any Implied Warranty Of Merchantability, Fitness For A Particular Purpose, Or Non-infringement, To The Maximum Extent Permitted By Applicable Law. Without Limiting The Generality Of The Foregoing, Socurely Does Not Warrant That The Services Are Error-free Or That The Services Will Operate Without Interruption, That The Reports Will Be Accurate, And Socurely Grants No Warranty Regarding The Use By Customer Of The Services. The Services May Be Subject To Limitations, Delays, And Other Problems Inherent In The Use Of The Internet And Electronic Communications. Socurely Is Not Responsible For Any Delays, Delivery Failures, Or Other Damages Resulting From Such Problems. (B) Customer Acknowledges And Agrees That Socurely Is Not Liable, And Customer Agrees Not To Seek To Hold Socurely Liable, For The Conduct Of Third Parties, Including Providers Of Third-party Services, And That The Risk Of Injury From Such Third-party Services Rests Entirely With Customer. (C) Socurely May Offer New “beta” Features Or Tools With Which Customer May Experiment. Such Features Or Tools Are Offered Solely For Experimental Purposes And Without Any Warranty Of Any Kind, And May Be Modified Or Discontinued At Socurely’s Sole Discretion. (D) Customer Acknowledges And Agrees That The Services And The Reports Provided By Socurely To Customer Are Intended As Recommendations Only And Do Not Constitute Any Warranty Or Guaranty That Customer, By Following Such Recommendations, Will Be Fully Compliant With Any Applicable Standards Contemplated By The Services. Customer Acknowledges And Agrees That It Is Solely Customer’s Responsibility To Ensure That It Complies With All Such Applicable Standards.

8 – Indemnification

You agree to indemnify, defend, and hold harmless Socurely, its employees, members, directors, managers, officers or agents from and against any loss, liability, damage, penalty or expense (including attorneys’ fees, expert witness fees and cost of defense) they may suffer or incur as a result of (a) Prohibited uses that violate this MSA as outlined above; or (b) claims alleging that Customer Information infringes or misappropriates a valid third party’s patent, copyright, trademark, or trade secret; provided (i) Socurely promptly informs Customer about the threat or notice of such a claim; (ii) Customer has the sole and exclusive authority to choose defense attorneys and defend and/or settle any such claim (however, Customer will not settle or compromise any claim resulting in liability or an admission of liability by Socurely without prior written consent); and (iii) Socurely fully cooperates in relation to the matter.

9 – Limitation of Liability

To The Maximum Extent Permitted By Applicable Law, Under No Circumstances And Under No Legal Theory (Whether In Contract, Tort, Negligence Or Otherwise) Will Either Party To This Agreement, Or Their Affiliates, Officers, Directors, Employees, Agents, Service Providers, Suppliers Or Licensors Be Liable To The Other Party Or Any Affiliate For Any Lost Profits, Lost Sales Or Business, Lost Data (Being Data Lost In The Course Of Transmission Via Customer’s Systems Or Over The Internet Through No Fault Of Socurely), Business Interruption, Loss Of Goodwill, Costs Of Cover Or Replacement, Or For Any Type Of Indirect, Incidental, Special, Exemplary, Consequential Or Punitive Loss Or Damages, Or Any Other Indirect Loss Or Damages Incurred By The Other Party Or Any Affiliate In Connection With This Agreement Or The Services Regardless Of Whether Such Party Has Been Advised Of The Possibility Of Or Could Have Foreseen Such Damages. Notwithstanding Anything To The Contrary In This Agreement, Either Party’s Aggregate Liability To The Other Party Or Any Third Party Arising Out Of This Agreement Or The Services Will In No Event Exceed The Fees Paid By Customer During The Twelve (12) Months Prior To The First Event Or Occurrence Giving Rise To Such Liability; Provided That Liability Under The Parties’ Indemnification Obligations, For Breaches Of Confidentiality, Or For Damages Due To Prohibited Uses Will Not In The Aggregate Exceed Five Times That Amount. For Clarity, Nothing In This Agreement Will Limit Or Exclude Either Party’s Liability For Gross Negligence Or Intentional Misconduct Of A Party. Customer Acknowledges And Agrees That The Essential Purpose Of This Section Is To Allocate The Risks Under This Agreement Between The Parties And Limit Potential Liability Given The Fees, Which Would Have Been Substantially Higher If Socurely Were To Assume Any Further Liability Other Than As Set Forth Herein. Socurely Has Relied On These Limitations In Determining Whether To Provide Customer With The Rights To Access And Use The Services Provided For In This Agreement. The Disclaimers, Exclusions, And Limitations Of Liability Under This Agreement Will Not Apply To The Extent Prohibited By Applicable Law.

10 – Miscellaneous

Relationship Between the Parties: Socurely is an independent contractor, nothing in this Agreement will be construed to create a partnership, joint venture, or agency relationship between the parties.
Governing Law and Jurisdiction: The Terms of Use have been made in and shall be construed and enforced under the laws of the jurisdiction of the Province of Quebec and the federal laws of Canada, without regard to conflict of laws principles, and you irrevocably consent to submit to the exclusive jurisdiction of the courts of the Province of Quebec for any claim, proceeding or action under the Terms of Use against Socurely. Notwithstanding the foregoing, Socurely may seek and obtain injunctive relief in any jurisdiction in any court of competent jurisdiction and you agree that these Terms of Use are specifically enforceable by Socurely through injunctive relief and other equitable remedies without proof of monetary damages. The Terms of Use and the Privacy Policy shall constitute the complete and exclusive agreement between you and Socurely, and govern your use of the Website. If any provision of these Terms of Use is declared by a court of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be severed from the Terms of Use and the other provisions shall remain in full force and effect.
Publicity and Marketing: Socurely may use Customer’s name, logo, and trademarks solely to identify Customer as a client of Socurely on Socurely’s website and other marketing materials and in accordance with Customer’s trademark usage guidelines. Socurely may share aggregated and/or anonymized information regarding use of the Services with third parties for marketing purposes to develop and promote Services. Socurely never will disclose aggregated and/or anonymized information to a third party in a manner that would identify Customer or any identifiable individual as the source of the information.
Force Majeure: Any delay in the performance of any duties or obligations of either Party (except for the obligation to pay Fees owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, war, fire, earthquake, typhoon, flood, natural disasters, governmental action, pandemic/epidemic, cloud-service provider outages any other event beyond the control of such Party, provided that such Party uses reasonable efforts, under the circumstances, to notify the other Party of the circumstances causing the delay and to resume performance as soon as possible.
Amendments: Socurely reserves the right to modify this MSA on occasion, in which case the new MSA will supersede prior versions. Socurely will notify Customer not less than seven (7) days prior to the effective date of any such amendment and Customer’s continued use of the Services following the effective date of any such amendment may be relied upon by Socurely as consent to any such amendment.

11 – Contact Us

If you have any questions or complaints about this Agreement, you can contact us support@socurely.com

SOC 2 Type I

SOC 2 Type I is a foundational step for organizations aiming to establish and communicate their commitment to the highest standards of data security and privacy at a point in time. SOC 2 Type I is a designation within the Service Organization Control (SOC) framework, specifically focusing on the security, availability, processing integrity, confidentiality, and privacy of data handled by service providers. It represents a point-in-time assessment, evaluating the design effectiveness of the controls implemented by an organization. The American Institute of Certified Public Accountants (AICPA) developed the Trust Services Criteria (TSC), which serves as its foundation. SOC 2 Type I provides stakeholders, including customers and business partners, with assurance regarding the design of controls related to the security, availability, processing integrity, confidentiality, and privacy of information. It is particularly relevant for service organizations that handle sensitive data but do not require a continuous, ongoing assessment of control effectiveness.

Phishing

Phishing is a form of social engineering attack in which a perpetrator sends phony emails, texts, or other electronic communications to people to compel them into disclosing personal information, financial information, or login credentials. Phishing attacks can employ several techniques to persuade the target to divulge the required information. Usually, they are made to appear as though they are from a reliable source, such as a bank, social media platform, or online merchant. These strategies may involve using ominous or frightening language, making rewards- or bonus-related claims, or requesting personal information to validate an account or change a password. Phishing attempts can lead to identity theft, account compromise, money loss, and other undesirable outcomes. Businesses and individuals should take effective measures to protect against phishing attacks.

Policy

A policy is a set of principles, guidelines, or rules established by an organization to govern its operations, decision-making processes, and behavior of individuals within the organization. It also underlines the procedures for maintaining compliance and security. It describes roles and basic practices for putting particular security and compliance controls into place and keeping them up to date. Particular procedure details are typically provided by an organization in its procedure documentation.

Privacy Policy

Privacy Policies are the legal procedures applied to an organization for gathering, using, and safeguarding personal data from users, clients, and consumers. It is a legally binding document. Names, addresses, phone numbers, email addresses, credit card numbers, and any other information that identifies a specific person defines this personal information. In reality, privacy policy is an essential tool for businesses to tell consumers and users about how their data is gathered, utilized, and safeguarded. The policy ought to outline the types of data that are gathered, their purposes, their uses, and, if any, the recipients of the data. This official document also outlines the organization's methods for safeguarding the personal data it gathers. The deployment of firewalls, access controls, and encryption, should be covered in the privacy policy. Additionally, it ought to outline people's rights to their data, including the ability to see, amend, and remove it.

Qualified Security Assessor (QSA)

QSA is an organization or individual authorized by the Payment Card Industry Security Standards Council (PCI SSC) to assess, evaluate, and validate an entity's compliance with the Payment Card Industry Data Security Standard (PCI DSS). A QSA will examine an organization's policies, practices, and systems during a PCI DSS assessment to make sure they adhere to the standard's criteria. To confirm that the company is adhering to the necessary security protocols, they will also interview staff members and examine records. Following the examination, the QSA will offer a report outlining any non-compliance areas and remedy recommendations. The firm uses this report to maintain PCI DSS compliance and strengthen its security posture.

Personally identifiable information (PII)

Personally Identifiable Information (PII) is a set of any information that can be used to identify an individual, including but not limited to name, address, email, social security number, financial data, and more. PII is critical to safeguard as it holds sensitive details about individuals. Protecting PII is crucial for privacy, preventing identity theft, and complying with data protection regulations. Organizations must establish robust measures to secure and responsibly handle PII to maintain trust and legal compliance.

Ransomware

Malicious software also called ransomware encrypts a victim's data or system, making it impossible for them to be accessed, and then demands a ransom to be paid to unlock the system. When a victim of a ransomware assault clicks on a malicious link or opens a malicious attachment in an email, the malware is downloaded and executed on the victim's computer. The victim's files or system will get encrypted as soon as the ransomware starts to operate, rendering them unusable without a decryption key. After that, the attackers would ask for a ransom payment, frequently in cryptocurrency, in return for the decryption key. Ransomware is highly dangerous malware as it results in the loss of critical data, system downtime, and financial losses. Individuals and companies should put in place a thorough cybersecurity plan that includes frequent data backups, software updating, anti-malware software, and staff training on how to spot phishing and other social engineering scams to defend against ransomware assaults.

Risk Assessment

Risk Assessment is the best process that Organizations use to identify and assess their cybersecurity risks, vulnerabilities, and threats with the aid of a secured approach. The two main objectives of risk assessment are to impart an organization's security posture a thorough understanding and to spot any security holes that might be used by cybercriminals. An essential technique for strengthening an organization's security posture and lowering its vulnerability to cyberattacks is risk assessment. In addition to ensuring that they comply with all applicable laws, regulations, and industry standards, it may assist enterprises in identifying and prioritizing their security investments. Some risk assessment steps involve asset inventory, threat modeling, vulnerability assessment, risk analysis, risk mitigation, and ongoing monitoring.

SOC 1

SOC 1- Service Organization Control Report 1 SOC 1 is an auditor's report that evaluates financial reporting controls. It is also called the Service Organization Control 1 Report (SOC 1). Businesses that offer services that might have an impact on a client's financial statements or internal controls over financial reporting are the focus of SOC 1. While a SOC 1 Type 2 examines a company's internal financial controls' efficacy throughout time, a SOC 1 Type 1 just analyzes the internal financial controls' design at one particular moment in time.

SOC 2

SOC 2- Service Organization Control Report 2 Security and compliance controls are evaluated in the Service Organization Control 2 Report (SOC 2). It is also another version of the auditor report. In addition to B2C companies handling sensitive data, every business providing B2B services ought to consider completing a SOC 2 report. The implementation of security and compliance measures is demonstrated by a SOC 2 Type 1 audit. On the other hand, customers and partners are more likely to request a SOC 2 Type 2 since it provides strong evidence of implementation over an extended time.

SOC 2 Report

SOC 2 Report is a comprehensive report generated based on the results of a Service Organization Control (SOC) 2 audit, assessing an organization's controls related to security, availability, processing integrity, confidentiality, and privacy. The SOC 2 Report includes Management Assertion, Independent Service Auditor's Report, System Overview, Infrastructure, Relevant Aspects of the Control Environment, Complementary User-Entity Control, Complementary Subservice Organization Controls, Trust Services Criteria, Criteria Related Controls, and Tests of Controls, and other information. The SOC 2 report holds paramount importance as it serves as a comprehensive testament to a service organization's commitment to the highest standards of information security, availability, processing integrity, confidentiality, and privacy. Its significance lies not only in showcasing compliance with industry-recognized criteria but also in differentiating organizations in a competitive landscape. By addressing potential risks, offering insights for continuous improvement, and aligning with privacy laws, the SOC 2 report opens doors to new business opportunities.

Trust Services Criteria

Trust Service Criteria is a set of criteria developed by the American Institute of CPAs (AICPA) for assessing controls related to security, availability, processing integrity, confidentiality, and privacy in service organizations undergoing audits such as SOC 2. Auditors utilize the AICPA's Trust Services Criteria as a framework to decide which security and compliance measures to look for in an organization. Security is the only Trust Services Criteria that must be included in every SOC 2 report; however, auditors can choose to include Availability and Processing Integrity as well, once the audit scope has been established. It is important for essential standards guiding audits, ensuring service organizations meet rigorous benchmarks in safeguarding data, and upholding client trust.

Pen Test

A cybersecurity assessment technique that simulates real-world attacks on a system, network, or application to identify vulnerabilities and assess the effectiveness of security controls. Penetration testing is required for both the ISO 27001 and SOC 2 audits. For businesses, Penetration testing is crucial as it proactively identifies and addresses security vulnerabilities before malicious actors, hackers, or white hats can exploit them. It provides insights into the effectiveness of existing security measures, helps organizations prioritize and implement necessary remediation, and contributes to the overall resilience of systems and networks. By simulating real-world attack scenarios, penetration testing enhances the organization's security posture, protects sensitive data, and fosters a proactive approach to cybersecurity.

Social Engineering

The term "social engineering" describes the use of psychological manipulation strategies to deceive individuals into disclosing private information or acting against their better judgment. This can use strategies like trickery, cajoling, threats, or taking advantage of vulnerable feelings in people, including trust or greed. Attacks using social engineering can take many forms, such as baiting, pretexting, phishing scams, and more. People should exercise caution when divulging sensitive information or complying with demands they receive via email or other digital channels to guard against social engineering assaults. It is crucial to confirm the request's legitimacy using a third-party source, including making a phone call or going to the relevant organization's official website. Furthermore, education and awareness-raising programs can assist people in identifying and avoiding typical social engineering techniques.

System Description

System Description is a SOC 2 report on business systems, rules, and practices about the Trust Services criteria of security, availability, processing integrity, confidentiality, and privacy reports. Also included in the SOC 2 report, the System Description is a crucial part of a SOC 2 audit. The SOC 2 System Description serves the objective of informing the auditor and SOC 2 report users about the systems and controls of the service organization. The explanation ought to be thorough, addressing every facet of the systems and controls of the service organization that are pertinent to the Trust Services Criteria. The System Description ought to be customized to the particular requirements of the company and ought to highlight the special features of its controls and systems. To make sure that it appropriately represents the systems and controls in place at the service organization, it should be evaluated and updated regularly. Information on the service organizations presented here includes: Operations of businesses Data structures Environment of control Procedure for risk assessment keeping an eye on things Procedures for responding to incidents Practices for security management Policies for the destruction and keeping of data Policies and procedures regarding privacy Methods of availability management Controls for processing integrity

Vendor Risk Assessment

A Vendor Risk Assessment (VRA) is a systematic process of evaluating and managing the potential risks associated with engaging third-party vendors, suppliers, or service providers. The assessment aims to ensure that these external entities adhere to security, privacy, and compliance standards, minimizing risks to the organization. The primary purpose of a Vendor Risk Assessment is to: Mitigate Risks: Identify and mitigate potential risks associated with third-party relationships that could impact the organization's operations or reputation. Ensure Compliance: Verify that vendors adhere to relevant industry regulations, standards, and contractual obligations. Protect Information: Safeguard sensitive information by assessing and enhancing the security measures implemented by external vendors. Build Trust: Establish trust between the organization and its vendors by ensuring a shared commitment to cybersecurity and risk management. A well-executed Vendor Risk Assessment is an integral part of a comprehensive risk management strategy, helping organizations proactively manage and mitigate potential risks associated with their external partnerships.

Vulnerability Scan

A Vulnerability Scan is a systematic process of identifying, assessing, and prioritizing security vulnerabilities in computer systems, networks, applications, or infrastructure. It involves the use of specialized tools to detect weaknesses that could be exploited by malicious actors to compromise the security of an organization's assets. Vulnerability scanning is an essential component of a comprehensive cybersecurity strategy, helping organizations maintain a robust security posture in the face of evolving cyber threats.

Intrusion Detection System (IDS)

IDS is an automated security technology designed to monitor and analyze network or system activities for signs of malicious activities or security policy violations. IDSs employ a variety of methods, such as anomaly, behavior, and signature-based detection, to find suspicious activity. When an intrusion detection system finds unusual activity, it can either issue a warning or take additional action, such as blocking traffic or deactivating user accounts. To offer a complete defense against online threats, an IDS can be set up to cooperate with firewalls and antivirus programs, among other network security technologies. Network-based IDSs (NIDSs) and host-based IDSs (HIDSs) are the two primary categories of IDSs. HIDSs keep an eye out for indications of unauthorized access or other security dangers on specific systems or hosts, whereas, NIDSs scan network traffic for indications of malicious behavior. Both intrusion detection systems are crucial for safeguarding against an extensive array of cyber hazards and are frequently employed in business settings to augment network security.

Intrusion Prevention System (IPS)

IPS is a network security solution that actively monitors and analyzes network or system activities to detect and prevent potential security threats or malicious activities in real-time. Unlike IDS, IPS identifies hostile activity and traffic in systems using methods including signature-based detection, anomaly detection, and behavior-based detection. An IDS can only produce alerts; in contrast, an IPS can stop or prevent any harmful behavior that it finds. To offer complete protection against cyber threats, and denial-of-service (DoS) attacks an IPS is set to cooperate with other network security technologies like firewalls and antivirus programs. Network-based IPSs (NIPSs) and host-based IPSs (HIPSs) are the two primary categories of IPSs. While HIPSs are installed on individual machines or hosts and watch system activity for indications of malicious behavior, NIPSs are placed at network borders and monitor network traffic in real-time. IPS is vital as it can actively prevent and block attacks, and lowers the risk of data breaches and other cyber dangers, making it a crucial part of network security.

Malware

Any software or program that is intentionally created to harm, damage, or interfere with computer systems, networks, or mobile devices is referred to as malware or malicious software. Malware can be found in a wide variety of formats, such as worms, Trojan horses, spyware, adware, ransomware, and more. Usually, malware spreads by a variety of channels, including email attachments, compromised websites, social engineering techniques, and holes in operating systems or software. Malware can carry out a wide range of nefarious tasks after it is installed on a system, such as stealing confidential data, jeopardizing system security, managing system resources, or interfering with regular system functions. Users should take several safety measures to guard against malware. Some of the protection measures include updating their operating system and security software, staying away from dubious downloads and links, and exercising caution when opening email attachments or clicking on links from unidentified sources. Regular system backups can also lessen the damage caused by malware attacks.

Attestation of Compliance (AoC)

AoC or Attestation of Compliance (AoC) is a document that attests to an organization's compliance with the Payment Card Industry Data Security Standard (PCI DSS) after scrutinizing an evaluation. Major credit card firms create the PCI DSS as a set of security guidelines to guarantee the security of credit card information. An organization must complete a PCI DSS assessment, which entails a detailed analysis of the organization's security procedures and controls, to receive an AoC. An internal security team or a qualified security assessor (QSA) usually conducts the assessment. After fulfilling all the PCI DSS requirements, this document is generated, which adds the scope of the assessment, the assessment date, and the assessor's conclusions. The AoC serves as evidence of PCI DSS compliance and ensures the company's commitment to securing credit card data. All things considered, an Attestation of Compliance is a crucial record that attests to an organization's adherence to the PCI DSS and its dedication to safeguarding sensitive credit card information

SOC 2 Type II

A SOC 2 Type 2 report looks at the system and control performance of a service organization for a set amount of time, usually three to twelve months. An external audit by a CPA firm authorized by the AICPA is required for both report types. Type I reports take less time to complete, thus they may be the better choice for organizations that need a SOC 2 report as soon as feasible. SOC 2 Type II reports, however, are more important to consumers and will be required for the majority of businesses to get. SOC 2 Type II report is a valuable demonstration of a service provider's commitment to maintaining a secure and compliant environment over an extended period, providing stakeholders with a higher level of confidence in the organization's control practices.

SOC 3

A higher level and more succinct version of SOC 2, the Service Organizational Control 3 Report (SOC 3) is intended for public dissemination as promotional material. A SOC 2 Type II must be completed before an organization can receive a SOC 3 report; however, for an extra fee, a SOC 2 can be provided along with a SOC 3.

Security Questionnaires

Security questionnaires are a structured set of inquiries designed to assess the cybersecurity practices and measures implemented by organizations. Typically used in vendor risk management and third-party assessments, these questionnaires help evaluate the security posture of a company, ensuring it aligns with industry standards, regulations, and the security expectations of stakeholders. The primary purpose of security questionnaires is to evaluate the cybersecurity practices of an organization, especially those that may impact the security of sensitive data or services provided to other entities. These questionnaires aid in risk management, compliance verification, and the establishment of trust between organizations. Security questionnaires play a vital role in ensuring the security and compliance of organizations, fostering transparency and trust in a dynamic and interconnected business landscape.

Governance, Risk, and Compliance (GRC)

Organizations utilize the GRC management framework to make sure they are conducting business in a morally, legal, and efficient manner. It is a comprehensive strategy that mixes different procedures, practices, and technological tools to control risks for a company, comply with legal requirements, and accomplish organizational goals. Governance- The procedures and frameworks that allow businesses to decide wisely, establish strategic goals, and guarantee that those goals are met ethically and responsibly are referred to as governance. Risk- Identification, evaluation, and prioritization of risks to a business, along with the implementation of risk-mitigation strategies, comprise risk management. Compliance- Compliance is making sure that a company complies with internal policies and processes as well as legal and regulatory requirements. An organization may manage its operations, risks, and compliance needs more effectively when the combined GRC is applied.

Auditor

A professional that examines and evaluates financial information, internal controls, and business processes. A business hires an Auditor to assess compliance security standards like SOC 2, ISO 27001 and PCI DSS. It also helps companies to express an opinion on the fairness of financial statements. Companies must use a lengthy range of security procedures to comply with compliance criteria. The purpose of an audit is for the auditor to get proof from your organization that the appropriate security measures have been put in place. After the audit is finished, the auditor will provide a report, attestation or certification confirming the security measures in place at your business. Customers, business associates, and other parties with an interest in your security and compliance procedures can use these documents for further reference.

CCPA

CCPA- California Consumer Privacy Act Comprehensive privacy legislation in California grants consumers certain personal rights. It imposes obligations on businesses that collect, process, or sell consumer data. As per this act, businesses must notify customers about the uses of their data and give them the option to control whether or not their data is shared. Customers specifically have the right to inspect, remove, and refuse to have their data sold to outside parties. As of January 2020, the majority of enterprises doing business with California businesses or workers are subject to the California Consumer Privacy Act (CCPA).

Cardholder Data

Cardholder data is defined by the Payment Card Industry Security Standards Council (PCI SSC) as the complete Primary Account Number (PAN) or the complete PAN. It can include any of the following components: Name of the cardholder Date of expiration Service number Also as per PCI DSS, the delicate verification must be protected. Among this data are: whole data on magnetic stripes PIN blocks and PINs CAV2 CVC2 CVV2 CID Simply put, cardholder data is the Information associated with a payment card that is entrusted to a merchant during a transaction.

Risk Management

Risk Management is defined as the systematic process of identifying, assessing, prioritizing, and mitigating risks to minimize their impact on an organization's objectives. It involves planning, monitoring, and controlling risks. It can include both quantitative and qualitative approaches to identify security threats. Usually, it involves several stakeholders, including decision-makers, risk analysts, and subject matter experts. For enterprises to make sure that any risks are found and dealt with before they may cause damage or disruption, effective risk management is essential. To implement risk management processes, a variety of risk management approaches and frameworks can be employed, such as ISO 31000, the COSO framework, and the NIST Cybersecurity Framework.

Compliance Software

Compliance Software is Software designed to assist organizations in adhering to regulatory requirements, industry standards, and internal policies. It helps automate compliance management processes, track regulatory changes, and ensure adherence to guidelines. A company can use compliance software to scan and monitor its systems, controls, and vendors to make sure they comply with security standards and requirements. It is a valuable component of an organization's compliance risk management strategy. Using this software the need of thousands of laborers gets omitted. Also, this software can assist businesses in maintaining compliance while enhancing security measures.

Cybersecurity

Cybersecurity is the advanced practice of protecting computer systems, networks, and data from theft, damage, or unauthorized access to the internet. It encompasses various technologies, processes, and practices to ensure the confidentiality, integrity, and availability of information. Designing effective cybersecurity solutions is becoming challenging daily. The robust cybersecurity protection should possess the following for the utmost security: Network safety - Guarding the network from intruders and malicious attacks. Application Safety- It involves testing and updating programs to maintain their security. Endpoint security: Safeguarding a company's network from remote access. Data security: Safeguarding client and business data. Identity management: Knowing inside an organization who can access what! Infrastructure and database security- Preserving physical devices and databases. Cloud Security- Data protection in "the cloud" is known as cloud security. Mobile security- Safeguarding tablets and phones. Detailed procedures recovery and business continuity planning. Organizations of all sizes operating in areas such as finance, insurance, and healthcare are required to have a cybersecurity strategy. It can assist in fulfilling legal or regulatory obligations and demonstrate to partners, clients, potential clients, and staff how seriously your company takes security.

Data Breach

Data Breach is defined as the unauthorized access, disclosure, or acquisition of sensitive information, such as personal or financial data. Data breaches can result in the compromise of data integrity and confidentiality. Numerous things, such as physical theft, human error, or cyberattacks, might cause this. Frequently the result of cyberattacks like malware, phishing, or hacking is the result of pulling data breaches. For both individuals and companies, data breaches can have detrimental effects that include monetary losses, harm to one's reputation, legal liabilities, and fines from regulatory bodies. Therefore, people and businesses must take action to stop data breaches. Some of these actions include putting in place robust security measures, carrying out frequent security audits and assessments, and giving staff members continual security awareness training.

Data Integrity

The reliability, correctness, and consistency of data at every stage of its lifecycle—from creation to deletion—are referred to as data integrity. It is an essential component of data management that guarantees data is reliable and suitable for the intended use. Administrative and technical measures work together to preserve data integrity. Technological controls can shield data against unwanted alteration, loss, or corruption by utilizing encryption, access controls, backup and recovery procedures, and other security measures. Policies, processes, and training are examples of administrative controls that guarantee proper handling of data and users' understanding of their roles in preserving data integrity. Data integrity is crucial for adhering to data protection laws like the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA), which require organizations to guarantee the accuracy and dependability of personal data. It is also necessary for preserving the trust and confidence of stakeholders who depend on data for decision-making, such as customers, partners, regulators, and internal users.

Data Loss Prevention

DLP- Data Loss Prevention A collection of procedures and tools known as data loss prevention (DLP) are intended to stop private or sensitive data from being misplaced, stolen, or made public. It is an essential part of information security that deals with keeping an eye on and safeguarding data while it is being stored and transported. Mainly, DLP solutions monitor, detect, and respond to potential data breaches. Additionally, adherence to data protection laws is crucial for compliance with laws like the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), which mandate that businesses safeguard confidential information and notify individuals in the event of a data breach.

Firewall

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between trusted internal networks and untrusted external networks. Firewalls come in various varieties, such as application-level gateways, stateful inspection firewalls, packet-filtering firewalls, and next-generation firewalls. Firewalls can be implemented as hardware or software, and they can be made to filter traffic according to a variety of parameters, including IP addresses, ports, protocols, and content. They can also be set up to permit or prohibit traffic by an organization's particular requirements; for example, they can be set up to restrict access to particular individuals or devices or to prohibit access to specific websites or applications. Firewalls are a crucial part of network security because they guard against a variety of online dangers, including malware, phishing scams, and illegal access. By limiting access to critical information and keeping an eye out for any unusual activity on the network, they can also aid in the prevention of data breaches.

GDPR

GDPR- General Data Protection Regulation GDPR is a comprehensive data protection and privacy regulation enacted by the European Union (EU). It governs the processing and handling of personal data and enhances the rights and privacy of individuals. GDPR is important as it establishes a robust framework that not only protects individuals' privacy but also promotes responsible and ethical data practices, contributing to a global culture of digital trust and accountability.

AICPA

AICPA- American Institute of Certified Public Accountants The AICPA is a professional organization for certified public accountants (CPAs) in the United States. It provides guidance, sets professional standards, and advocates for the accounting profession. It is the largest organization of accountants in the United States. The AICPA developed the SOC 2 standard, which provides standards that a qualified accounting firm can utilize to audit, evaluate, and vouch for a company's security and compliance procedures. Also, it assists businesses in establishing standards for handling client data, the AICPA created the Trust Service Criteria (TSC), which include security, availability, confidentiality, processing integrity, and privacy.

ISO 27001

ISO 27001 is an international standard protocol for information security management systems (ISMS), and the International Electrotechnical Commission (IEC). It provides a systematic approach to managing sensitive company information and ensuring its confidentiality, integrity, and availability. Auditors can award ISO 27001 certificates in North America. ISO 27001 auditing organizations are accredited by the ANSI National Accreditation Board. These are globally used certificates that build the required assurance among businesses. In essence, ISO 27001 is not just a certification; it is a strategic tool that enables organizations to proactively manage information security risks, build trust, and position themselves as secure and reliable entities in an interconnected and information-driven world.

ISO 27001 Stage 1 Audit

Stage 1 Audit of ISO 27001 is an audit where the information security management system (ISMS) documentation will be examined by the auditor to make sure that the policies and procedures adhere to the specifications stated in clauses 4 through 10. The certification process moves on to the Stage 2 audit if the auditor is pleased with the results of the design review.

ISO 27001 Stage 2 Audit

The second stage of the two-stage audit process for Information Security Management System (ISMS) certification to the ISO/IEC 27001 standard is called an ISO 27001 Stage 2 audit. This stage determines whether the organization's ISMS is successfully implemented and maintained in compliance with the standard's requirements as well as the organization's policies and procedures. In the stage 2 ISO 27001 Audit, several interviews with staff members from various organizational levels will be conducted, and pertinent documents and records will also be reviewed. The auditor will evaluate how well the organization's information security management system (ISMS) manages the risks and threats to the availability, confidentiality, and integrity of its information assets. Upon completion of the Stage 2 audit, the auditor will furnish a report outlining any non-conformities or areas requiring improvement, which the organization must tackle to attain ISO 27001 certification. The organization will receive ISO 27001 certification if it successfully satisfies all standard requirements.

ISMS

ISMS- Information Security Management System The ISMS protects and safeguards sensitive data within an enterprise. It secures organizations' information which consists of people, processes, systems, technologies, information assets, and policies. Data is safeguarded by an ISMS through: Determining which information assets require protection Determining the information assets' hazards Putting security measures in place to reduce risks and safeguard information assets Creating a plan for responding to data breaches Establishing a procedure for continuously assessing and enhancing the ISMS

Information Security Policy

A comprehensive document that outlines an organization's approach, commitment, and directives regarding the protection of information assets and the management of information security risks. The policy acts as a guide for the information security program of an organization, defining the aims, duties, and protocols for protecting data from unauthorized access, use, disclosure, interruption, alteration, or destruction. Typically, the information security policy consists of: An outline of the information security program's goals for the organization. Information security roles and responsibilities, including managerial and staff duties. Methods for identifying and controlling hazards related to information security. Rules for choosing and putting into place security measures including firewalls, encryption, and access restrictions Policies for keeping an eye out for and identifying security incidents, such as incident response plans and reporting guidelines. It is important as organizations can lower their risk of security breaches, safeguard sensitive data, and guarantee legal and regulatory compliance by implementing this policy. Additionally, it offers a framework for informing staff members and other stakeholders about security standards and encouraging a security-aware culture.

Internal Audit

An independent, objective assurance and consulting activity designed to add value and improve an organization's operations. Internal audit provides an evaluation of risk management, control, and governance processes.

International Organization for Standardization (ISO)

The non-governmental International Organization for Standardization, or ISO, is responsible for creating and disseminating international standards across a broad spectrum of fields and industries. The ISO 9001 standard for quality management systems, which is widely utilized by businesses worldwide to raise the caliber of their goods and services, is credited to ISO. In addition, ISO creates standards for a variety of industries, including information security, food safety, occupational health and safety, and environmental management. Many businesses implement ISO to streamline processes, show their dedication to quality and other areas, and improve their standing with clients, partners, and other stakeholders.

Approved Scanning Vendor (ASV)

ASV is an organization authorized by the Payment Card Industry Security Standards Council (PCI SSC) to conduct external vulnerability scanning services for merchants and service providers to achieve PCI DSS compliance. The PCI SSC intends to safeguard the collection of data following the PCI DSS ( Payment Card Industry Data Security Standard). A company must fulfill specific requirements and go through a demanding certification procedure to get PCI ASV. This entails proving their prowess in vulnerability scanning and passing a battery of tests to guarantee the precision and potency of their scanning techniques. A corporation can do external vulnerability scans of merchants and service providers that handle payment card data after obtaining PCI ASV certification. These scans yield results that are used to find potential security flaws and offer suggestions for fixing them.

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that guarantees any business handling, storing, or securely transmitting credit card data. To handle PCI security standards and enhance account security throughout the transaction process, it was introduced on September 7, 2006. The independent PCI Security Standards Council was established by major credit card companies, including Visa, MasterCard, American Express, Discovery, and JCB, to oversee and maintain the PCI DSS. Enforcing PCI compliance is the responsibility of the payment brands and acquirers. Failure to comply may result in fines, legal ramifications, lost revenue, and damage to one's reputation. Through the creation of a uniform set of rules that all businesses, regardless of the volume or magnitude of their transactions, must abide by to conduct business, PCI seeks to strengthen client security.

Self-Assessment Questionnaire (SAQ)

PCI SAQ- Payment Card Industry Self-Assessment Questionnaire A validation tool designed by the Payment Card Industry Security Standards Council (PCI SSC) for merchants and service providers to assess their compliance with the Payment Card Industry Data Security Standard (PCI DSS). It ensures every industry that uses acceptance, process, store, or transmit credit card information follows a secure surrounding. PCI SAQs come in various forms, each designed to meet the needs of a particular kind of business and how it processes credit card payments. SAQ A: Designed for merchants who don't store, process, or transmit cardholder data on their systems and solely accept card-not-present transactions (e-commerce or mail/telephone orders). SAQ A-EP: For retailers who accept online payments but contract with a third-party service provider that complies with PCI DSS for payment processing. SAQ B: For retailers who do not store, process, or transmit cardholder data on their systems and instead employ standalone dial-out terminals or imprint machines. SAQ B-IP: For retailers who do not store, process, or transmit cardholder data on their systems and instead employ stand-alone IP-connected payment terminals. SAQ C: For retailers who do not keep cardholder data on their systems and instead handle cardholder data through a payment application system. SAQ C-VT: For retailers who do not keep cardholder data on their systems and instead process cardholder data over a virtual terminal. SAQ D: For retailers using their systems to handle, transmit, or store cardholder data. It is vital to maintain by the businesses as it determines the compliance strength with PCI DSS.

Report on Compliance (RoC)

A comprehensive document generated by a Qualified Security Assessor (QSA) following an audit, detailing an organization's adherence to the Payment Card Industry Data Security Standard (PCI DSS). The RoC serves as a validation of an organization's commitment to maintaining secure payment card transactions. It instills trust among customers, partners, and stakeholders, demonstrating robust security controls and compliance with industry standards. Businesses with a RoC are more likely to attract and retain customers, mitigate risks, and safeguard their reputation in the competitive landscape. Additionally, the RoC helps identify areas for improvement, fostering continuous enhancement of security measures.

Terms of Services

Terms of Services

1 – Services

2 – Fees and Payment

3 – Use of the Services

4 – Term and Termination

5 – Confidentiality

6 – Representations, Warranties

7 – Disclaimers

8 – Indemnification

9 – Limitation of Liability

10 – Miscellaneous

11 – Contact Us

Notification Center

Personnel Management

Pen-testing

Evidence Library

Compliance Report

Dynamic Policies

Security Awareness Training

Team Portal

Socurely Agent

Access Review

Audit Readiness Scan

AI CoPilot

Risk Mitigation Plan

Unified Dashboard

Trust Center

Audit Hub

Compliance Task tracking

Automated Evidence Collection

SOC 2 Type I

Phishing

Policy

Privacy Policy

Qualified Security Assessor (QSA)

Personally identifiable information (PII)

Ransomware

Risk Assessment

SOC 1

SOC 2

SOC 2 Report

Trust Services Criteria

Pen Test

Social Engineering

System Description

Vendor Risk Assessment

Vulnerability Scan

Intrusion Detection System (IDS)

Intrusion Prevention System (IPS)

Malware

Attestation of Compliance (AoC)

SOC 2 Type II

SOC 3

Security Questionnaires

Governance, Risk, and Compliance (GRC)

Auditor

CCPA

Cardholder Data

Risk Management

Compliance Software

Cybersecurity

Data Breach

Data Integrity

Data Loss Prevention

Firewall

GDPR

AICPA

ISO 27001

ISO 27001 Stage 1 Audit

ISO 27001 Stage 2 Audit

ISMS

Information Security Policy

Internal Audit

International Organization for Standardization (ISO)

Approved Scanning Vendor (ASV)

PCI DSS

Self-Assessment Questionnaire (SAQ)

Report on Compliance (RoC)