Last Updated March 27, 2023. To see previous terms click here.
The following terms and conditions (“Terms of Service”) apply to the Services to be delivered by Beauceron Security Inc. (“we,” “us”, “our” or “Beauceron”) to the customer ordering the Services or identified in the Service Order (“Customer”, “you” or “yours”).
BY SUBSCRIBING TO OUR SERVICES, YOU AGREE THAT YOU HAVE READ AND AGREE, WITHOUT RESERVATIONS, TO BE BOUND BY THE LATEST VERSION OF THESE TERMS OF SERVICE.
This is a legal document. If you use Beauceron Security’s SaaS, you agree to the terms we’ve publicly posted.
Beauceron Security may modify these terms and conditions from time to time, for any reason, by posting revised terms and conditions on its website www.beauceronsecurity.com. Please review these terms and conditions from time to time so you will be apprised of any changes. If you continue to use our products after the revised terms and conditions have been posted, you will be deemed to have agreed to them.
It’s up to you to stay up to date on changes to these terms and conditions.
“Business Day” means Monday to Friday except for statutory holidays in the Province of New Brunswick, Canada and Canadian Federal Public Holidays;
“Business Hour(s)” means any hour(s) between 9 a.m. to 5 p.m. Atlantic Time on Business Days;
“Confidential Information” means any and all information disclosed, either directly or indirectly, by a disclosing party (“Disclosing Party”) to a receiving party (“Receiving Party”) in connection with this Agreement, whether provided before, on or after the Effective Date, including, without limitation, any inventions or discoveries (whether or not patentable), trade secrets, ideas, concepts, prototypes, designs, financial information, technical data or know-how, marketing and product information, pricing, business plans, contracts policies and procedures, customer lists (including customer information), technologies (including computer programs, computer code, modules, scripts, algorithms, routines, systems, databases, equipment, features, processes, methodologies, schematics, testing procedures, software design and architecture, design and function specifications, analysis and performance information, and user documentation), internal documentation and materials and any personal information pertaining to an individual or person, such as employees or customers, together with all notes, memoranda, analysis, records, or other documents prepared by Receiving Party or its representatives containing or based upon, in whole or in part, information acquired from Disclosing Party in connection with this Agreement; verbal, written or machine-readable form, and regardless of whether it is specifically identified or marked as “confidential” or “proprietary”;
“Customer Data” means any data, information or material that you or your Users disclose or submit to us or the SaaS in the course of using the SaaS;
“Documentation” means the user and technical manuals in paper or electronic format for the SaaS that we generally make available to our customers, as updated, amended and replaced from time to time;
“Effective Date” means the date we receive the Service Order for your initial term, or the renewal date for any renewal term;
“Maintenance” means Updates and Upgrades to the SaaS;
“SaaS Agreement” or “Agreement” means, collectively, the Service Order, Terms of Service, and each of the other documents referenced in these Terms of Service, which together make up the contract between you and us;
“Services” means the services identified in a Service Order;
“Service Order” means the document which describes the Services you are purchasing, including any quote, proposal, purchase order, process, or tool through which you request or provision Services.
“Software-as-a-Service” or “SaaS” means our cloud-based behavior change platform;
“Support Services” means telephone and email answers to resolve inquiries concerning the functioning and use of the SaaS and malfunctions as set out in these terms and conditions;
“Training” means the education and training of your system administrators and other personnel to assist in preparing you to operate, manage and use the SaaS.
“Update” means changes we make to the SaaS to correct errors or defects, or to make the SaaS conform to our specifications; and,
“Upgrade” means improvements, enhancements, additions or changes to the SaaS which:
(a) provide new or enhanced capability;
(b) replace any portion of a Beauceron Security product; or,
(c) enable the SaaS to operate with third-party technology.
“User(s)” means your employees, representatives, consultants, contractors or agents who are authorized to use the SaaS and have been supplied access by you (or by us at your request).
If you see a capitalized term in this Agreement, check here for its definition.
The initial term of this Agreement commences on the Effective Date and continues for a period of one (1) year or three (3) years, as specified on the Service Order. This Agreement will automatically renew thereafter for an unlimited number of one (1) year periods.
There are three ways this Agreement may be terminated.
First, if you provide us written notice of your intention not to renew at least:
thirty (30) days prior to this Agreement’s auto-renewal date, and this Agreement has a one-year Term; or
ninety (90) days prior to this Agreement’s auto-renewal date, and this Agreement has a three-year Term,
this Agreement will expire at the renewal date.
Second, if either of us breaches any provision of this Agreement, the non-breaching party may, by notice to the breaching party, terminate this Agreement upon one hundred and twenty (120) days written notice unless, in the case of a breach capable of remedy, the breaching party cures the breach within that period.
Third, either of us may terminate this Agreement within thirty (30) days written notice if the other commits one or more of the following breaches of this Agreement:
(a) terminates our respective business;
(b) voluntarily or involuntarily files a bankruptcy petition or similar proceeding under the laws of our respective jurisdiction(s);
(c) becomes insolvent or makes an assignment for the benefit of creditors;
(d) fails to comply with any other material provision of this Agreement; or,
(e) you fail to pay us amounts due in accordance with this Agreement.
On termination of this Agreement, your use of the SaaS as well as any access to our Maintenance and Support Services will cease.
FEES & PAYMENT
All fees will be set out in the Service Order. Renewal fees are based on our then-applicable annual subscription fees.
All fees are non-refundable.
If you terminate a three-year Agreement prior to its renewal date, you agree to pay a cancellation fee equivalent to the multi-year discount you received over the life of this Agreement.
Our invoices are payable:
(a) by you upon receipt in Canadian dollars, unless otherwise specified on the invoice; and,
(b) within thirty (30) days, unless otherwise specified on the invoice.
You agree that you shall not withhold from payments any federal, state or provincial income tax, unemployment insurance premiums, premiums or contributions to any federal, state or provincial retirement plan or any other amounts not required by law.
You may use our SaaS for your own internal use to:
(a) measure, monitor and manage cyber risk as assessed by the system using our user surveys, self-assessments, education and quizzes as well as external threat information gathered by our SaaS;
(b) deliver online-based educational materials via included course modules, licensed third-party content or your unique modules using our course builder tool;
(c) conduct simulated social engineering attacks via email against only your organization or a subsidiary using the built-in simulated phishing emails or custom emails;
(d) deliver email newsletters for security awareness with content provided by us, developed by you or through licensed third-party content; and,
(e) use any other features for the purposes they were designed according to the Documentation that we may make available to you during the Term.
You may not:
(a) use, copy, modify, rent, sell, distribute or transfer any part of the SaaS except as provided in this Agreement, and shall not authorize or instruct any third party to engage in any of the specific uses of the SaaS as identified in in this Agreement;
(b) connect to third party systems through unlicensed application programming interface;
(c) reverse engineer, decode, decompile, or disassemble the SaaS;
(d) add, remove, obscure or modify any label or other indication of trademark, copyright or other intellectual property rights on the SaaS, our Documentation or other written material supplied by us; or,
(f) duplicate or reproduce any part of the SaaS, our Documentation or other written material supplied by us,
(d) sublicense the SaaS to a third-party organization;
(g) use the service to send simulated phishing exercises that use government agency logos. Specifically, due to direction from specific government agencies, notably the Internal Revenue Service in the United States, you are not allowed to send phishing simulations using the IRS logo or name;
without our explicit prior written consent.
You acquire only the right to use the SaaS in accordance with this Agreement and you do not acquire any intellectual property rights to the SaaS, our Documentation or our Confidential Information. You retain all intellectual property rights to your content and data.
Use the SaaS the way it was designed to be used!
You can’t use Beauceron for any nefarious activity, or tell anyone else to.
You promise not to steal our code, our brand and our content.
You promise not to sell or give licenses to third parties.
You promise not to use government brands.
We’re selling you the right to use our product, you don’t own it.
Security and compliance is a shared responsibility between Us and You. We provide the requirements for infrastructure and you must provide your own control implementation within the SaaS. You are responsible for all activity occurring under your User accounts.
You agree that you will:
(a) comply with the Documentation, and agree that we may establish new procedures for your use of the Services as we deem necessary for the optimal performance of the Services; and
(b) provide Tier 1 Support Services to your Users.
(c) abide by all applicable provincial, state, national and foreign laws, treaties and regulations in connection with your use and your Users’ use of the SaaS;
(d) regularly review and approve user access and privileges within Your instance of the SaaS;
(e) keep your security credentials to access your SaaS instance secure;
(f) notify us as soon as practical of any unauthorized access to the SaaS;
(g) notify us as soon as practical of any copying or distribution of the SaaS that is known or suspected by you or your Users, and use reasonable efforts to stop same;
(h) regularly review and update your configuration of and integrations with the SaaS.
Beauceron shall not be liable for the unauthorized disclosure, alteration or destruction of data as a result of any failure by you to regularly review and approve appropriate access to, permissions within, and configuration of, your instance of the SaaS. We shall not be liable for any damages arising out of your failure to use security tools we provide for use in the SaaS – such as, but not limited to, multi-factor authentication and domain validation – and any damages that occur to you or third parties through the abuse of the SaaS using your tenant (including, but not limited to, unauthorized phishing), is solely at your risk and liability.
You are also responsible for your account security, and for what your users do in/with the platform.
Don’t use our product to do anything hinky or to break the law. That goes for your users, too!
We’re not responsible for any loss if you give someone the wrong level of access or fail to use security tools we’ve provided.
Support Services are provided from 9:00am to 5:00pm AST on Business Days (“Normal Business Hours”). You may notify us of a support issue by emailing [email protected] . We may engage certain third parties for the purposes of providing Support Services.
We divide support requests into the following categories with the associated responsibilities:
(a) Tier One addresses basic user authentication issues, basic user interface questions and user questions about score, reporting suspected phishes, and typos and errors in custom content developed by you. You are responsible for all Tier One requests.
(b) Tier Two addresses administrative user questions related to managing your tenant not covered by our standard Documentation.
(c) Tier Three addresses:
(1) broken functionality in the SaaS; and,
(2) service availability or speed issues.
TIER TWO AND THREE PROTOCOL
We will notify you of the action that will be taken and, if applicable, of the availability of a fix. We will make all reasonably commercial efforts to meet the following response time, resolution time and escalation targets:
Supplier will respond to and commence efforts to fix the issue no later than one (1) Business Day after we are notified of the issue.
We will use reasonable efforts during Normal Business Hours to resolve the issue within 3 Business Days of notification. In any event, We will provide a workaround no later than 5 Business Days and a permanent fix no later than 21 Business Days after notification.
If the issue is not resolved within 3 Business Days of notification, We will escalate the resolution efforts to more senior representatives.
We will respond to and commence efforts to fix the issue within 2 Normal Business Hours after we are notified of the issue.
Our best available resources will use best and continuous efforts to resolve the issue within 12 hours of notification. In any event, We will provide a workaround no later than 1 Business Day and a permanent fix no later than 7 Business Days after notification for technical issues. Security issues will be resolved as quickly as technically and commercially feasible.
If the issue is not resolved within 12 hours of notification, We will escalate the resolution efforts to our most senior engineers.
The following are excluded from our Support Services:
(a) any of your communication charges;
(b) issues due to improper use of the SaaS resulting from insufficient training;
(c) issues arising from applying the SaaS to uses for which the SaaS was not designed;
(d) issues related to your system and software environment;
(e) issues relating to your network;
(f) telephone support relating to business consulting or training related issues; and,
(g) government or regulatory changes affecting the SaaS.
If you reach out to us, we’ll answer you during our regular business hours!
Please listen during implementation! We might not be able to help you if you don’t!
We don’t control your technology infrastructure or the government, so we might not be able to help you with those things.
At all times during this Agreement and after its termination or expiration, each of us shall:
(a) protect the confidentiality of the other party’s Confidential Information with the same degree of care as it uses for its own similar information, but no less than a commercially reasonable degree of care;
(b) not divulge or disclose the other party’s Confidential Information to any third parties; and,
(c) not use any Confidential Information for any purposes other than the performance of the obligations under this Agreement.
Confidential Information may only be used by those employees or agents who have a need to know such information for the purposes related to this Agreement.
Our respective confidentiality obligations do not apply to any information that is:
(a) already known by the recipient prior to disclosure by the other party;
(b) independently developed prior to, or independent of, the disclosure;
(c) publicly available;
(d) rightfully received from a third party with no duty of confidentiality;
(e) disclosed with prior written approval;
(f) disclosed under, or required, by law;
(g) aggregate data gathered, created or interpreted by the SaaS, which will not contain any personal identifiable information.
We’re a cybersecurity company; information security is really important to us, and we’ll handle your information with care. You agree to do the same.
EVENTS BEYOND OUR CONTROL
If either of us is affected by any act of God, act of war, or other cause beyond our control and without fault or negligence, we shall promptly notify each other of the nature and extent of the situation. Neither of us shall be deemed to be in breach of this Agreement, or otherwise be liable to the other, by reason of any delay in performance or nonperformance, of any of its obligations hereunder to the extent that such delay or nonperformance is due to any delaying cause of which the other has been notified. As well, the time for performance of that obligation shall be extended accordingly, provided that we all use commercially reasonable efforts to perform.
We agree not to blame each other for stuff neither of us could control.
WARRANTEES AND LIABILITY
You represent, warrant and agree that you own, or have sufficient rights to, all intellectual property rights to Customer Data. If We receive a complaint that Your Customer Data is unauthorized use of third-party intellectual property rights, We will require You to remove or modify the Customer Data in question so that it is no longer infringing, or We will do so ourselves. Beauceron will not be liable for any interruption of service or SaaS reconfiguration required by such removal or modification.
Beauceron will not indemnify your organization for issues related to the use of government logos. Failure to cooperate with Beauceron if it is contacted by a government agency or other third party regarding an infringing phishing template or campaign could result in the termination of service without refund.
We represent and warrant to you that we own, or have sufficient rights to, all intellectual property rights to the SaaS and any third-party products used in the SaaS.
The SaaS is provided “as is” and we do not warrant that use of the SaaS will be uninterrupted or error free.
We also warrant that our Maintenance and Support Services will be performed in a professional manner in conformance with generally accepted industry standards. We will rectify any Support Services which fail to conform with these standards provided you report to us in writing within thirty (30) days after the failure.
WE MAKE NO WARRANTEES, REPRESENTATIONS OR CONDITIONS WITH RESPECT TO THE SAAS, MAINTENANCE OR SUPPORT SERVICES EXCEPT AS SET OUT IN THESE TERMS AND CONDITIONS AND ALL OTHER WARRANTEES, REPRESENTATIONS OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTEES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE HEREBY EXCLUDED. WE DO NOT WARRANT ANY SOFTWARE OR OTHER PRODUCTS MANUFACTURED BY THIRD PARTIES AND SUPPLIED IN CONNECTION WITH THE SAAS, MAINTENANCE AND SUPPORT SERVICES.
OUR LIABILITY FOR DAMAGES OR INDEMNIFICATION HEREUNDER SHALL BE LIMITED TO DIRECT DAMAGES AND SUCH AMOUNT SHALL BE NO GREATER THAN THE AMOUNT ACTUALLY BILLED TO YOU BY US FOR THE FIRST SIX (6) MONTHS OF THIS AGREEMENT. IN NO EVENT SHALL WE BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES OR DAMAGES FOR YOUR LOST PROFITS, DATA, OPPORTUNITIES OR REVENUES RELATING TO THIS AGREEMENT. IN NO EVENT SHALL WE BE LIABLE FOR ANY LOSS, CLAIM OR ACTION BASED ON A CLAIM THAT CUSTOMER DATA INFRINGES ANY INTELLECTUAL PROPERTY RIGHT OF ANY THIRD PARTY. THESE LIMITATIONS AND EXCLUSIONS FROM LIABILITY SHALL APPLY REGARDLESS OF THE BASIS OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, ANY CLAIM OF BREACH OF CONTRACT, AND SHALL APPLY FOR THE BENEFIT OF OUR OFFICERS, EMPLOYEES, AGENTS AND SUBCONTRACTORS.
NO ACTION, REGARDLESS OF FORM, ARISING OUT OF THIS AGREEMENT MAY BE BROUGHT BY EITHER PARTY MORE THAN ONE YEAR AFTER THE CAUSE OF ACTION HAS ARISEN, EXCEPT FOR PAYMENT OF AN OUTSTANDING ACCOUNT.
You promise not to steal other people’s stuff and put it in the platform. If you accidentally do, you promise to cooperate with us to remove it.
We do our best, but sometimes things break.
THINGS TO AVOID
This SaaS Agreement, these terms and conditions or any right, license, privilege or obligation provided herein may not be assigned, transferred or shared by you without our prior written consent, which consent shall not be unreasonably withheld. Any attempted assignment without such consent is void.
You may not issue press releases or otherwise publish any information with respect to the SaaS, Maintenance or Support Services without our prior written consent.
This Agreement will be governed in all respects by the laws of the Province of New Brunswick, Canada. Under no circumstances will either of us be a partner, employee or agent of the other. If any provision in this Agreement is held invalid or unenforceable it will be construed, limited or, if necessary, severed to the extent necessary to eliminate such invalidity or unenforceability.
The terms of the Agreement may be varied only by a written agreement signed by both parties that expressly refers to the Agreement.
The data controller of your personal data is Beauceron Security Inc. We are located at 527 Queen St, Fredericton, NB, Canada, E3B 3T2. Our data protection officer is our Chief Security Officer (CSO), reachable at [email protected].
OUR COMMITMENT TO PRIVACY
We strive to adhere to the principles of privacy by design (PbD) in our business operations and delivery of the SaaS. We appreciate any feedback on how we can further improve to meet this goal.
Beauceron Security only collects the minimum Personal Data required to offer our SaaS.
We collect de-personalized, anonymized data that does not identify you or our clients (“aggregate data”) and use such data to improve our services.
We collect Technical Information provided about you from your web browser when you interact with our SaaS. This “Technical Information” does not, by itself, identify a specific individual but could be used to indirectly identify you. Our website and applications automatically record Technical Information, which includes your Internet Protocol “IP” address, browser type and version, language and the data and time of your request. We use this information to improve our services.
HOW WE COLLECT INFORMATION
We collect information when you use our services.
E-mail communications – customer success
We use pixel tags and cookies in our customer success e-mails so that we can track interactions with those messages, such as when they are opened or a link is clicked within them. We use these tools to help improve our customer success communications.
Email communications – SaaS
Our phishing simulation services use pixel tags, cookies and URL tracking when conducting exercises. These tools allow us and our clients to measure when simulated phishing emails are opened, when links are clicked on or if attachments are accessed. We use this information to help clients improve their cybersecurity awareness efforts.
We use log files on our SaaS. We use this to understand how our services are being used, to monitor for unauthorized account activity and to monitor the performance and availability of our services.
We use analytics, performance cookies and tracking codes provided to us by Google Analytics and HubSpot.
HOW WE USE INFORMATION
We may use your information to:
Provide personalized content;
Process and respond to inquiries;
Provide marketing information about services;
Improve our website;
Improve our services;
Deliver our services.
We will use your information in accordance with our Terms of Service or any applicable fully executed agreement between the parties.
You have the right to know what Personal Data we may hold about you. You can submit a request to us at [email protected]. We will supply Personal Data about you that we hold and will do so in as reasonable a timeframe as possible. We reserve the right to charge a reasonable fee for repeated requests.
We will not sell or rent your information to a third party.
We may disclose your personal data with contracted third-party vendors and service providers who we work with and are contractually bound by confidentiality obligations. We only share Personal Data with vendors and service providers to help us provide our service to you.
Customer Feedback and Testimonials
Any client feedback or testimonials submitted to Beauceron will become Our intellectual property, and may be used in marketing or referral activity pending verbal or written approval by You.
Acquisition or sale
If Beauceron Security sells any or all of its operations, we may transfer Personal Data in connection with such a sale. In the event of a sale, where possible, Beauceron Security will contact those whose data will be disclosed.
We reserve the right to disclose information, by law, litigation or as a matter of national security to comply with valid legal processes including subpoenas, court orders or search warrants. We may also disclose Personal Data in the event of an emergency that threatens an individual’s life, health or security.
We will provide information to law enforcement or government officials when provided with a production or court order. When permitted by law or order, we will inform you of any lawful access requests.
To date, we have not had any lawful access requests.
Opt-out. A User may contact Beauceron Security at any time to opt-out of any commercial electronic message (email, text, social media message).
Access. A User may access the data we hold about them at any time by contacting us directly or viewing their personal profile in the SaaS.
Move. Subject to our retention period, a User may receive an extract of all their personal data in a CSV format for their personal use or use in another platform. Any requests by business clients will be subject to a fee.
Erase and Forget. If the data we have about a User is not correct or no longer relevant, they can request we erase their data.
We use reasonable administrative, technical and physical safeguards to protect Personal Data from unauthorized access, modification or disclosure. Only necessary people and third-party service providers have access to Personal Data.
We require our third-party service providers and partners agree to keep all confidential information shared with them secure and to use any information shared with them to perform their obligations we have in place with them. We provide third parties with only the information required to perform the function for which we have engaged with them. Any information you provide directly to them independently is subject to their respective privacy policies.
Where our SaaS is offered by or combined with professional services of a partner, the partner is responsible for ensuring only necessary personnel have access to personal information as well as ensuring they have in place reasonable administrative, technical and physical safeguards to protect information in their custody.
Any and all liabilities related to any security incidents will be as outlined in our Terms of Service or any other fully executed agreement between you and us.
Unless stated in those agreements, Beauceron Security will not be responsible for any damages or liabilities related to the loss, damage, abuse, alteration or disclosure of Personal Data to the fullest extent permitted by law.
Upon confirmation of any security incident involving your personal data, we will comply with the notification requirements under the appropriate jurisdiction, for example Canadian federal privacy or provincial privacy law, GDPR for European citizens or applicable US state law.
If a security incident involving data hosted in our services requires notification and such services were contracted through a partner, the partner is responsible for contacting the respective client administrative contact who will then be responsible for coordinating any communications to you.
Our public website (www.beauceronsecurity.com) is hosted in the United States with data related to it processed and stored in the United States.
Our service is hosted, processed and stored in Canada and Europe by a third-party acting on our behalf.
Retention – Beauceron Security
Beauceron Security retains information for business purposes for as long as an account is active and/or as long as is reasonably required to provide you with our services. We will retain your information for as long as reasonably necessary to comply with any and all legal obligations, resolve disputes or to enforce agreements.
You agree and acknowledge that we are not obligated to retain Customer Data for longer than thirty (30) days after termination of this Agreement, and that we have no obligation to retain Customer Data, and may delete Customer Data, if Customer has materially breached this Agreement and the breach has not been cured within ten (10) days of notice of the breach. Upon termination for cause resulting from an uncured breach, your right to access or use Customer Data immediately ceases, and we shall have no obligation to maintain or forward any Customer Data.
Data requested to be deleted may be retained in backup systems for up to 90 days.
Retention – Partners
Our partners are responsible for setting their own retention policies in accordance with applicable laws and customer contracts.
Retention – Clients
Our clients have the ability to customize the retention of Personal Data in their respective service. Data retention periods will be subject to those settings.
LINKS TO OTHER WEBSITES OR SERVICES
OPTIONAL ADVANCED E-MAIL ANALYSIS AND THREAT CATEGORIZATION SERVICE
Our service now includes an optional component for our clients that analyzes emails submitted to our service through our Outlook or Google “Report a Phish” button, PhishForward email forwarding system or via our Application Programming Interface (API).
This system only analyzes emails that end users choose to submit on an individual basis. If our system determines the submitted emails are not a Beauceron Security simulated phishing email, a series of programmatic and machine analyses will be done automatically to determine the likelihood that the email is harmful or malicious, or if it is likely an unsolicited commercial message, also known as spam.
Submitted emails are stored securely in each client’s Beauceron Security unique database instance for a period of 30 days. After 30 days, the emails are deleted from the active database and will be removed from the Beauceron Security database backups per their retention schedules. This allows client administrators and, on request, Beauceron Security technical support, to review the results generated by the system by comparing the results to submitted email information and content. This allows for the determination of both false-positive and false-negative results and allows administrators to tune their system for improved accuracy. Malicious emails verified during this process may also be used to help create new educational material in the form of phishing simulations. In such an event, all personal and organizational information will be completely removed from any such examples and as with the retention schedule noted above, the original content will be deleted within 30 days. Clients can remove specific emails at any time from the live database, and the encrypted data will be deleted from backups per their retention schedules.