High-Tech Bridge SA (hereinafter "HTB") is a Limited Company (Ltd.), registered in Commercial Register of canton of Geneva (Switzerland) under the Federal Identification Number CH-660.3.042.007-9 with VAT Number CHE-113.980.579, duly registered at:
World Trade Center II
29, Route de Pre-Bois
The present Terms of Service agreement governs usage by you and/or your company (hereinafter "the Customer") of ImmuniWeb® web security assessment service provided by HTB via ImmuniWeb® Portal (hereinafter "the Portal"), designed to assess security and reliability of websites and web applications (hereinafter "the Website") and to provide the findings along with remediations in PDF Report (for ImmuniWeb On-Demand) or via Interactive Dashboard (for ImmuniWeb Continuous).
By ticking «I HAVE READ AND AGREED» check-box during registration on the Portal, you are fully accepting and agreeing with the present Terms of Service agreement. The electronic acceptance of the present Terms of Service agreement by the above-mentioned procedure implies that the Customer has read, understood and fully accepted the present agreement. Otherwise, the Customer is requested to leave the Portal.
The present Terms of Service agreement does not govern the relationship between the Customer and company "PostFinance AG" that is in charge of online payment processing in the name and on behalf of HTB.
2.1 Description of ImmuniWeb®
ImmuniWeb® is a globally registered trademark (Trademark Number: 629207; Application Number: 54506/2012) owned by HTB. ImmuniWeb® is entirely developed and supported by HTB, who is its sole owner.
ImmuniWeb® is a web application security and reliability assessment service. The purpose of the service is to discover vulnerabilities, weaknesses and misconfigurations of the Website operated and/or owned by the Customer, and to offer general solutions and remediations for the discovered problems.
This service is provided to the users who created an account on the Portal via the registration procedure, obtained account approval via confirmation email, confirmed their authorization to perform security testing of the Website, and paid for the service according to the procedures outlined in the present agreement. HTB retains the right to deny Security Assessment for any Website in case of any doubts regarding the Customer's legitimacy/authorization to perform such assessment.
In order to assess security of the Website, the Customer shall connect to the Portal under his, or her, account and create ImmuniWeb® Security Assessment project.
ImmuniWeb® On-Demand Security Assessment project consists of 6 consecutive steps:
- Assessment Configuration
- Ownership Confirmation
- Online Payment
- Assessment Schedule
- Security Assessment
- Report Delivery
ImmuniWeb® Continuous Security Assessment project consists of 4 steps:
- Assessment Configuration
- Ownership Confirmation
- Customization and Online Payment
- Continuous Security Monitoring
2.2 ImmuniWeb® On-Demand Security Assessment Report
Upon completion of ImmuniWeb On-Demand Security Assessment, the assessment report can be downloaded by the Customer directly from the Portal. The report becomes available for download within one business day after Security Assessment completion.
The Customer will be able to download the report (in PDF format) directly from the Portal. The report will stay available for download on the Portal during the next 60 days following the Security Assessment completion, and then will be automatically deleted for security purposes.
After downloading the report, the Customer has a possibility to delete the report from the Portal anytime before the above-mentioned deadline. After being deleted, the report cannot be recovered. The Customer is entirely responsible for downloading the report within the aforementioned 60 days deadline, as well as for saving the report on a secure local storage device.
2.3 ImmuniWeb® Continuous Interactive Dashboard
Within one business day after activation of ImmuniWeb Continuous subscription, the Customer will be provided with an access to the interactive vulnerability management dashboard designed to manage and monitor the assessment and its results via the Portal.
The data provided to the Customer via the dashboard, including but not limited to assessment results and statuses of detected vulnerabilities, is stored and accessible via the Portal during the validity of Customer’s subscription and six (6) months after the subscription expiration.
After the above-mentioned 6 months deadline, the data will be automatically deleted for security purposes. After being deleted the data cannot be recovered.
2.4 ImmuniWeb® Security Seal
Certain ImmuniWeb® packages provide the Customer with ImmuniWeb® Security Seal designed to confirm the fact and timing of the performed security assessment.
The Seal does not guarantee that the website is 100% secure, unbreakable, or totally vulnerability-free.
2.5 ImmuniWeb® Continuous Notifications
For the Customers of ImmuniWeb Continuous instant notification functionality is available in order to get alerts about newly-detected vulnerabilities via email or SMS.
Despite our best efforts to send the above-mentioned notifications, we do not guarantee that they will arrive within the time period selected on the ImmuniWeb Portal. HTB decline any responsibility for any delays.
SMS notification service is fully maintained and operated by "Twilio, Inc." (CA), USA. HTB shall never be liable for any problems related to the SMS notification service.
3. ImmuniWeb® Portal
3.1 Registration Procedure
In order to use ImmuniWeb® the Customer must be registered and authenticated on the Portal. In order to obtain account on the Portal, the Customer shall follow the registration procedure. During the registration the Customer undertakes to provide HTB only with correct, truthful and up-to-date information.
HTB retains the right to verify at any time the authenticity of the data provided by the Customer during the registration. Any accounts with doubtful information may be blocked, while any accounts with deliberately false information will be deleted immediately. Any claims for reimbursement for the projects created under these accounts will be refused.
HTB can, at its own discretion, deny the registration to any user at any time without any justification of its decision.
3.2 Identification of the Customer
The Customer should identify himself, or herself, on the Portal with his or her email address (login) and password, (hereinafter "Credentials").
HTB draws particular attention of the Customer to the fact that the Credentials are strictly personal and non-transferable. The Customer undertakes to keep his, or her, Credentials strictly confidential. Otherwise, HTB retains the right to block the Customer's account and claim any damage occurred. Any claims for reimbursement for the projects created under these accounts will be also refused.
3.3 Modification of the Registration Information
The Customer undertakes to keep his, or her, account information up-to-date. In order to do so, he, or she, can modify the information submitted during the registration directly on the Portal via profile update function.
3.4 Portal Availability
Notwithstanding external interruptions beyond HTB's control, the Portal is available 7 days a week, 24 hours a day. In case of necessity HTB retains the right to temporary interrupt access to the Portal, at any time and at its own discretion.
3.5 Portal Security
Special attention is given to the security of the Portal. Nevertheless, the Customer recognizes that despite all the reasonable efforts undertaken by HTB, including the usage of up-to-date software, data encryption, compliance with the latest safety regulations and standards, including ISO 27001, HTB cannot guarantee the absolute security of the Portal.
3.6 Account and Related Information Removal
The Customer can request HTB to remove his, or her, account on the Portal by submitting the request in writing via support interface. The account and all the related information will be deleted, once the request has been approved and processed by HTB. Deleted information is not recoverable. Any claims for reimbursement for the projects created under deleted accounts will be refused.
3.7 Portal Time Zone and Business Days
The Portal is operating in Central European Time (CET/CEST) time zone. The Portal is available to the Customer in a 24/7 mode. Support and Security Assessment functions are available on Business Days. Business Days are Monday - Friday 9.00-21.00 (CET/CEST).
HTB takes all appropriate measures to ensure the absolute continuity and integrity of the Customer's operations during the ImmuniWeb® Security Assessment process, in particular not to disturb the functioning of the Website, web server and any related system(s) or network equipment. Nevertheless, exceptional side effects may occur, and HTB may not be held responsible for any interruptions of Customer's operations that may occur during the Security Assessment. The Customer is advised to create a backup of the tested system before starting a Security Assessment.
HTB always makes the best efforts to identify all the vulnerabilities and weaknesses during the assessment, however cannot guarantee that all the vulnerabilities will be detected, and declines any responsibility for missed or omitted vulnerabilities.
ImmuniWeb® assessment itself is not intended to prevent, eliminate or fix any vulnerabilities or security weaknesses. ImmuniWeb® assessment only identifies the vulnerabilities and security weaknesses on the Website, and proposes general solutions and remediations for them. The Customer bears the sole responsibility for implementing any necessary corrections for the discovered vulnerabilities and weaknesses. The Customer understands that vulnerability remediations proposed in the report or via the interactive dashboard consist of general guidelines only provided without any warranty.
ImmuniWeb® assessment results reflect the state of security of the Customer's Website only at the assessment time, and therefore cannot be considered as permanently up-to-date.
5. Obligations of the Customer
5.1 Strictly Prohibited Usage
The Customer is not allowed to use ImmuniWeb® to assess security of Websites that do not belong to him, or her, or for which he, or she, does not have explicit authorization from the legitimate Website owner to perform such testing.
The Customer is not allowed to use the ImmuniWeb® in countries where the legislation does not allow such usage.
In case of violation of the above-mentioned conditions by the Customer, HTB reserves the right to immediately block the Customer's account and refuse any claims for reimbursement for the projects created under this account.
5.2 Confirmation of Website Ownership
The Customer unconditionally agrees to use ImmuniWeb® to assess security only of the Websites that belong to him, or to her, or for which he, or she, has explicit authorization from the legitimate Website owner.
The Customer agrees that a notification email about Security Assessment may be sent to emails obtained from the Website domain WHOIS record, or to the official emails provided directly on the Website that the Customer wants to assess.
HTB also reserves the right to contact the Customer and/or his, or her, company by telephone and any other available communication means, in order to verify Customer's identity and legitimacy to perform Security Assessment of the Website.
5.3 Correctness and Completeness of Technical Information
During creation of an ImmuniWeb® On-Demand or Continuous Security Assessment project on the Portal the Customer is entirely responsible for submitting correct, complete and up-to-date technical information about the Website (e.g. URL, authentication information, etc).
In case of erroneous technical information submitted to the Portal, the Customer will bear the sole responsibility for the error. In this case HTB does not guarantee accuracy and completeness of the Security Assessment and its results. Any claims for reimbursement in such cases will be refused.
5.4 Non-Resistance to Security Assessment
The Customer is entirely responsible to carefully follow the instructions indicated on the Portal, and to properly whitelist HTB’s IP addresses on his, or her, IPS (Intrusion Prevention System), WAF (Web Application Firewall), and any other hardware or software solutions that may partially or entirely block or slow down the assessment, and thus influence its completeness and accuracy.
Otherwise, the accuracy and completeness of the Security Assessment and its results is not guaranteed by HTB. Any claims for reimbursement in such case will be refused.
5.5 Availability of the Website
The Customer is entirely responsible for availability of his, or her, Website during the Security Assessment. If for any reason the Website will not be accessible from HTB’s IP addresses during the Security Assessment, the Customer will bear the sole responsibility for incompleteness or non-delivery of the Security Assessment. Any claims for reimbursement in such case will be refused.
5.6 Obligation to Inform Concerned Third Parties
The Customer must inform and obtain explicit authorization to perform Security Assessment from all the third parties (if any) that are directly or indirectly concerned by the assessment. This obligation particularly applies if the Customer is not the sole owner of the web and database servers where the Website and its data are located. HTB does not bear any responsibility for delay caused by coordination between the Customer and the concerned third parties.
5.7 Obligation to Respect Confidentiality
Without HTB's explicit written authorization, the Customer is strictly prohibited to publish, share or transfer to any unauthorized third-parties or to publicly disclose any information obtained on or via the Portal. The Customer undertakes to take all possible measures to protect his, or her, account Credentials from unauthorized third-parties. If the Customer is aware of any illegal, unauthorized, or improper usage of his, or her, account, he, or she, shall immediately inform HTB.
The Customer undertakes henceforth, and without any counterpart, to be held liable and responsible for any damage suffered by HTB in case of breach of this clause.
6. Measures Against Abuse
In case of any illegal, improper, or contrary to the present Terms of Service agreement, usage of ImmuniWeb, the Customer agrees henceforth, and without any counterpart, to be held liable and responsible for any damage suffered by HTB, as well as for any liabilities that HTB could owe to any third party.
In case of abuse HTB retains the right to:
- Take any technical measures it deems appropriate under such circumstances;
- Inform competent law enforcement agencies, including Swiss Federal Police, Interpol, and all the third parties concerned by the abuse;
- Fill criminal and civil complaints against the Customer and request indemnification for all suffered damage with applicable interest.
7. Limited Liability of HTB
7.1 Access to the Portal
HTB makes all possible efforts to provide the Customer with uninterrupted access to the Portal. However, HTB does not guarantee permanent access to and uninterrupted operation of the Portal.
7.2 Security Assessment Interruption
HTB retains the right to interrupt Security Assessments at any time in case of any risk related to security or stability of the Website and/or related system(s), without any obligation to justify such action. HTB is not liable for any direct or indirect damage caused by this kind of interruption. HTB's liability is also excluded in the case of interruption of Security Assessment by HTB due to a Force Majeure.
7.3 Inappropriate Usage by the Customer
HTB shall not bear any responsibility for any damage resulting from any inappropriate, illegal or abusive usage of the ImmuniWeb® Security Assessment by the Customer. Particularly for the damage caused due to the non-observance by the Customer of the present Terms of Service agreement or instructions indicated on the Portal.
7.4 Damage Caused to Third Parties
HTB shall in no case bear responsibility for any direct or indirect damage caused to any third parties during the execution of the Security Assessment.
In the improbable case that HTB bears responsibility for damage caused to a third party, the Customer undertakes to entirely indemnify HTB for the amount that HTB may be obliged to pay in relation thereto, as well as to reimburse HTB for all expenses incurred while defending its interests in court (including any legal expenses and lawyers’ fees)..
7.5 Damage Caused to the Customer
Except for the case of serious and deliberate misconduct, HTB shall not bear any responsibility for any direct or indirect damage (loss of integrity, availability or accessibility of any data or information, destruction of any information, data, files, databases or archives, damage caused to any software or network equipment, etc.) incurred by the Customer in relation to the Security Assessment.
By accepting the present Terms of Service the Customer undertakes not to initiate any legal actions, lawsuits or procedures against HTB in relation to the ImmuniWeb® Security Assessment service.
7.6 Liability Limit
HTB's total liability arising in connection with the Security Assessment is limited to the purchase price of the Security Assessment. By accepting the present Terms of Service, the Customer unconditionally accepts HTB's liability limit.
8. Payment Conditions
8.1 Price and VAT
The price per ImmuniWeb® Security Assessment varies depending on the selected package. The price is always displayed on the Portal when you create the project and when you make the payment.
The price is indicated without VAT (Value Added Tax). Swiss VAT of 8% (eight percent) will be charged if the Customer resides in Switzerland and is not exempted from VAT; or in exceptional cases when the Customer resides abroad but is obliged to pay VAT in Switzerland.
Please note that the price for any package is a subject to change. All projects that were prepaid prior to a price change will not be affected by the change.
Payment can be made in US Dollars (USD), Euros (EUR) and Swiss Francs (CHF). When paying in EUR or CHF a currency conversion commission may be applied by your bank and/or by your card processing center. HTB has absolutely no relation or influence over these fees.
8.2 Terms of Payment
Any ImmuniWeb® Security Assessment is started only after full prepayment for the selected package.
The Customer can either pay online directly on the Portal, or just generate the invoice on the Portal and make payment via bank transfer. If paid by the bank transfer, 5 business days after the receipt of the funds on HTB’s bank account, the Customer will receive a 100% Discount Code that he, or she, shall enter on the Payment page and skip the online payment procedure.
The entire online payment procedure via credit cards or PayPal is managed and operated by "PostFinance AG" online payment platform in accordance to their Terms and Conditions. HTB declines any responsibility for damage incurred by the Customer in relation to the online payment procedure. Upon successful receipt of online payment the Customer will be immediately able to select the assessment date.
The invoice in PDF format becomes available for download on the Portal immediately after successful payment for the Security Assessment. The invoice will be available on the Portal during the next 12 months after the payment. After the aforementioned deadline the invoice will be automatically deleted.
The Customer is solely responsible for printing and keeping the invoice for administrative and accounting needs and requirements. HTB does not provide any backup copies of the invoices.
8.4 Reimbursement Claims and Limitations
Any reimbursement claims (via Support) must be made by the Customer within the 10 business days after an incident that triggered the claim. Any reimbursement claims received after the aforementioned 10 days deadline will not be accepted and are not liable for reimbursement.
In case of reimbursement claim approval by HTB, the reimbursement amount corresponding to the gravity of the incident will be paid within the next 30 business days following the approval. The amount of reimbursement can never exceed the total amount paid for the particular assessment project during which the incident occurred.
9. Privacy and Confidentiality
9.1 Confidentiality and Observance of Professional, Commercial and Business Secret
HTB and all its employees undertake to handle all the information received from the Customer:
a) via email;
b) via the Portal;
c) during Security Assessment;
in a strictly confidential manner and with compliance with the corporate ISO 27001 certification.
HTB undertakes not to share or transfer any Customer-related information to any unauthorized third-parties for any purposes, with the only exception when such action is demanded by the applicable law.
9.2 Assessment Results Storage and Data Deletion
HTB undertakes to delete all the Results according to the procedure outlined by article 2.2 (for ImmuniWeb On-Demand) and 2.3 (for ImmuniWeb Continuous) of the present Terms of Service.
9.3 Data Protection
HTB collects, stores and processes only the data that is necessary for the execution of the Security Assessment and related functionality of the Portal.
HTB undertakes to protect Customer's data in strict accordance with applicable Swiss law and regulations.
The Customer is responsible for using ImmuniWeb® in accordance with any concerned third party's right to data protection.
10. Intellectual Property
HTB remains the sole owner of names, trademarks, logos, labels and any other distinctive signs that belong to it, as well as of the software, source codes, programming algorithms, design concepts, databases, assessment reports, dashboard interface and all tangible and intangible goods related to ImmuniWeb service.
The present Terms of Service can be modified at any time by HTB and replaced by new version that will be immediately published on the Portal. The modified Terms of Service apply thereafter to all newly initiated ImmuniWeb® Security Assessments.
The present version of Terms of Service was last modified on the 16th of February 2016.
12. Applicable Law
The present Terms of Service agreement applies worldwide, and is governed by the Swiss Law.
Any dispute resolution in relation with this Agreement shall be transmitted to the Court of Geneva Canton and subsequently to the Swiss Federal Tribunal.