Product Selector
HelpImmuniWeb® Package Selector helps you select the most appropriate and cost-effective ImmuniWeb package tailored for you application.
Restart
Close

I am looking for:

Thank you!

Our security engineers will have a careful look on the application
and get back to you with a suggested package shortly.

For your needs, we recommend:

For your needs, SMB package of ImmuniWeb® Discovery will provide comprehensive
Application Security Testing and other benefits.

Any Sales Questions?


Phone Phone EU: +41 22 723 2424
Phone Phone US: +1 720 605 9147

Platform Time: 14 Dec 2019 02:50:42 (CET)

TERMS OF SERVICE FOR
IMMUNIWEB®
PROVIDED BY HIGH-TECH BRIDGE SA

1. Recitals and Scope

High-Tech Bridge SA (hereinafter "HTB") is a Swiss company registered in the Commercial Register of Geneva under Swiss Federal Identification Number CH-660.3.042.007-9 with VAT number CHE-113.980.579, domiciled at:

World Trade Center II
29, Route de Pre-Bois
CH-1215 Geneva
Switzerland

The present Terms of Service agreement governs your and/or your company (hereinafter "the Customer") usage of ImmuniWeb® AI Platform provided by HTB via ImmuniWeb® Portal (hereinafter "the Portal"), designed to assess application security and to provide the findings with suggested remediations.

By ticking the «I have read and agreed to the Terms of Service & Privacy» check-box during registration on the Portal, you are unconditionally accepting and agreeing without any reservations with the present Terms of Service agreement. The electronic acceptance of the present Terms of Service agreement by the above-mentioned procedure implies that the Customer has carefully read and understood the present agreement. Otherwise, the Customer is kindly requested to leave the Portal.

The present Terms of Service agreement does not govern the relationship between the Customer and Swiss bank "PostFinance AG" that is in charge of online credit card and PayPal payments processing on behalf of HTB.



2. ImmuniWeb® AI for Application Security

2.1 Description of ImmuniWeb®

ImmuniWeb® is a globally registered trademark (Trademark Number: 629207; Application Number: 54506/2012) owned by HTB. ImmuniWeb and the underlying technology are entirely developed and supported by HTB, who is its sole owner.

ImmuniWeb AI Platform for Application Security is designed to provide security assessment service for applications and other digital assets (hereinafter "the Infrastructure"). The purpose of the service is to discover vulnerabilities, weaknesses and misconfigurations of the Infrastructure operated and/or owned by the Customer, and to offer general remediation recommendations guidelines for the issues discovered.

This service is solely provided to the users who (i) created an account on the Portal via the registration procedure, (ii) activated the account by clicking on the special link in account activation email, (iii) confirmed their legitimacy and authorization to run the service, and (iv) paid for the service according to the procedures outlined below in the agreement. HTB retains the right to refuse providing the Customer with the service in case of any reasonable doubt regarding the Customer's legitimacy or authorization to order the service.

To assess the security of the Infrastructure, the Customer shall login to the Portal under its account and create one of the ImmuniWeb projects described below.

ImmuniWeb Discovery project consists of four consecutive steps:

  • Enter your company name and website
  • Confirm your authorization to conduct the discovery
  • Select your package, subscription duration and pay
  • Get continuous security monitoring

ImmuniWeb On-Demand project consists of five consecutive steps:

  • Configure your assessment
  • Confirm your authorization to conduct the assessment
  • Select your package and pay for the service
  • Select your assessment date to start
  • Get the remediation report

ImmuniWeb MobileSuite project consists of five consecutive steps:

  • Upload your mobile app and configure your assessment
  • Confirm your authorization to conduct the assessment
  • Select your package and pay for the service
  • Select your assessment date to start
  • Get the remediation report

ImmuniWeb Continuous project consists of four consecutive steps:

  • Configure your assessment
  • Confirm your authorization to conduct the assessment
  • Select your package, subscription duration and pay for the service
  • Get continuous web security monitoring and testing

2.2 ImmuniWeb® On-Demand and MobileSuite Security Assessment Report

Upon completion of an ImmuniWeb® On-Demand or MobileSuite Security Assessment, the assessment report can be viewed and downloaded by the Customer directly from the Portal. The report becomes available within 1 (one) business day after the Security Assessment completion.

The Customer will be able to view and download the report in HTML, XML or PDF formats directly from the Portal. The report will stay available on the Portal during the next 90 (ninety) days following the Security Assessment completion, and then will be securely deleted.

The Customer has a possibility to securely delete the report from the Portal at any time before the above-mentioned deadline.

After being deleted, the report cannot be recovered. The Customer is solely and entirely responsible for downloading the report within the aforementioned 90 (ninety) days deadline, as well as for saving the report on a secure local storage.


2.3 ImmuniWeb® Continuous Dashboard

Within 2 (two) business days after receiving a payment for ImmuniWeb® Continuous subscription, the Customer will be provided with an access to the interactive vulnerability management dashboard designed to manage and monitor the assessment and its results via the Portal.

The data provided to the Customer, including but not limited to assessment results and statuses of detected vulnerabilities, is accessible via the Portal and API functionality during the validity of Customer’s subscription and 6 (six) months after the subscription expiration.

After the above-mentioned 6 (six) months deadline, or upon the Customer’s written demand, the data will be securely deleted. After being deleted the data cannot be recovered.


2.4 ImmuniWeb® Discovery Dashboard

Within 3 (three) business days after receiving a payment for ImmuniWeb Discovery, discovered applications and other digital assets will appear on the Discovery dashboard.

The dashboard and its functionality remain active while the Customer pays for the subscription. Once the subscription expires, the Customer may request the data from the dashboard within the next 30 (thirty) days by contacting support.

After the above-mentioned 30 (thirty) days deadline, or upon the Customer’s written demand, the data will be securely deleted. After being deleted the data cannot be recovered.


2.5 ImmuniWeb® Security Seal

Some ImmuniWeb® packages may provide the Customer with ImmuniWeb Security Seal designed to confirm the fact and the time of the performed security assessment.

Despite our best efforts to identify as many vulnerabilities as possible within the assessment scope and timeframe, the Seal cannot and does not and cannot guarantee that the Infrastructure is 100% secure, unbreakable, or totally vulnerability-free.


2.6 ImmuniWeb® Continuous and Discovery Notifications

For the Customers of ImmuniWeb® Continuous and Discovery, instant notification functionality is available to receive alerts about newly-detected vulnerabilities, weaknesses or other events via email or SMS, depending on the ImmuniWeb subscription package.

Despite our best efforts to send the above-mentioned notifications in strict accordance to the Customer’s preferences selected on the Portal, we cannot not guarantee that they will arrive in a timely manner. HTB declines any responsibility for any delays or omissions related thereto.

The SMS notification service is operated and maintained by "Twilio, Inc." (CA), USA. HTB shall never be liable for any problems or damage related to the SMS notification service.


2.7 ImmuniWeb® Assessment Scope

The present clause applies solely to ImmuniWeb On-Demand, MobileSuite and Continuous.

The scope of the assessment is always defined by the Customer on the first step of the project creation. The Customer is encouraged to provide as much information about the scope as practical under the circumstances. Any omissions may lead to incomplete or inaccurate assessment for which HTB shall not be accountable or liable in any manner.

Within reasonable, the Customer can provide specific requirements for the scope and methodology of testing on the first step of the project creation. HTB will undertake reasonable efforts to follow the instructions and scope defined by the Customer as precisely as practical under the integrity of the circumstances. In case of substantial impossibility to comply with the instructions, HTB may pause the project and communicate the issue to the Customer for resolution.


2.8 ImmuniWeb® Discovery Scope

The Customer recognizes that ImmuniWeb® Discovery is based on Open Source Intelligence (OSINT) meaning that the discovered assets, data and all other information provided to the Customer within the scope of ImmuniWeb Discovery are already accessible, or otherwise visible, in the Internet.

For the duration of a Discovery project, the Customers grants HTB full authority to monitor various web and Internet resources, including so-called Dark Web, on its behalf or on behalf of third-parties for which the discovery is run. The Customer thereby accepts that HTB may detect and get its data, or data of its subsidiaries or third-parties, that has been previously stolen or leaked. In any case, HTB shall promptly bring the relevant data to the attention of the Customer via the Dashboard. HTB shall never be liable to the Customer or to any third-parties for suppling this data to the Customer. The Customer shall likewise protect and if necessary fully indemnify HTB for any third-party claims related to the discovery run by the Customer.

The Customer understands and accepts that the discovery process may not detect some of its digital assets, related vulnerabilities, misconfigurations, weaknesses or data leaks due to unreachability of the relevant systems during the discovery process, the non-intrusive nature of the discovery process, inability to attribute the asset or data to the Customer with reasonable certainty or any other circumstances beyond reasonable control of HTB. Therefore, HTB shall never be liable for any missed assets, data or information provided to the Customer within the scope of any Discovery project.

The Customer likewise agrees that one Discovery project covers only one brand unless otherwise is expressly authorized by ImmuniWeb in writing. Therefore, websites or other digital assets belonging to other brands shall not be manually added or imported by the Customer into one project.


2.9 ImmuniWeb® Methodology of Testing

The present clause applies solely to ImmuniWeb On-Demand, MobileSuite and Continuous.

HTB’s application security testing methodology is developed and based on its proprietary technology described on the dedicated page about ImmuniWeb® AI Platform.

Except if otherwise requested by the Customer, or required by the circumstances of the assessment, the methodology of testing is compliant with the latest versions of globally recognized standards, such as OWASP Testing Guide, NIST800-115 (Technical Guide to Information Security Testing and Assessment) and the PCI DSS Penetration Testing Guide. HTB may, however, at its own discretion and without any prior notice reasonably change or amend its methodology of testing if such a change will be beneficial for the Customer under the integrity of circumstances.

HTB makes its best efforts to avoid any security testing or exploitation techniques that may harm, corrupt or destroy Customer’s data or Infrastructure. However, HTB may use intrusive testing and vulnerability exploitation techniques if it is necessary for comprehensive testing and is appropriate under the circumstances. If an unexpected and dangerous event occurs during the assessment, HTB will contact the Customer within the next 15 (fifteen) minutes of the event detection to coordinate further activities.


2.10 ImmuniWeb® Quality Assurance

For the most important and critical processes and activities of the assessment, HTB relies on the four-eyes principle, which involves at least two people controlling each other.


2.11 ImmuniWeb® Customer Support

HTB provides 24/7 online and email support for the Customer.

HTB makes its best possible efforts to respond to normal support tickets within 4 (four) business hours and within 15 (fifteen) minutes to urgent support tickets. Nevertheless, HTB cannot guarantee that a problem will be resolved within the above-mentioned deadline and shall never be liable for any delays and the damage caused by such delays.

Urgent support ticket functionality is available only to the Customers who have already paid for at least one assessment project. Abusive or non-appropriate usage of urgent support tickets by the Customer may lead to temporary or permanent disablement of urgent ticket functionality on the Portal.

HTB makes its best possible efforts to provide reliable, competent and accurate information via Customer Support. However, the Customer shall not solely rely on the information obtained from support to make its decisions. The Customer acknowledges and agrees that any information obtained from support is provided “as is” without any warranty of any kind. HTB shall not be liable for any damages ensued from any actions performed by the Customer based on the information or recommendations received via support.


2.12 Project Sharing

The Customer may grant any other Portal user with various access permissions to any of its ImmuniWeb® projects. The Customer shall take all the necessary precautions and due care when granting and/or revoking such access as the grantee will have limited or even full access to the project. The Customer is solely responsible to timely revoke access from users who shall not have access to the project anymore.

HTB shall not be liable for any incidents caused by project sharing activities performed by the Customer.


3. ImmuniWeb® Portal

3.1 Registration Procedure

To use ImmuniWeb®, the Customer must be registered and authenticated on the Portal. To obtain an account on the Portal, the Customer shall follow the registration procedure. During the registration, the Customer undertakes to provide HTB with correct, truthful and up-to-date information required by the procedure.

HTB may verify at any time the authenticity and veracity of the information provided by the Customer during the registration. Any accounts with doubtful or dubious information may be temporarily suspended, accounts with deliberately false or fake information may be deleted immediately. Any claims for reimbursement for the projects created under accounts with false or fake information will be refused.

HTB can, at its own discretion, deny the registration to any user at any time without any justification of its decision.


3.2 Identification of the Customer

The Customer should identify himself, or herself, on the Portal with his, or her, email address (login) and password (hereinafter "the Credentials").

HTB draws particular attention of the Customer that the Credentials are strictly personal and non-transferable.

The Customer undertakes to keep his, or her, Credentials strictly confidential. Otherwise, HTB retains the right to block the Customer's account and claim any damage occurred. Any claims for reimbursement for the projects created under accounts shared with third parties will be refused.


3.3 Modification of Customer Account Information

The Customer undertakes to keep its account information up-to-date. To do so, it can modify the information directly on the Portal via profile update function. Accounts with outdated information may be suspended.


3.4 Customer Data and PII Collection, Processing, Retention and Deletion

During the aforementioned registration procedure initiated by the Customer, HTB collects information that is consciously and voluntarily submitted by the Customer (e.g. name, email address, business phone, etc.) for the purpose of using ImmuniWeb® and staying update about its improvements.

The information may contain Personally Identifiable Information (PII) that will be used solely for the purpose of registration and ImmuniWeb usage by the Customer subject to the present agreement.

The information is never shared with third parties except authorized parties for legitimate business purposes (e.g. technology or business partners that provide joint services with HTB) that have (i) valid NDA prohibiting divulgation and inappropriate usage of the information, and (ii) enacted privacy policy that complies with Swiss law of data protection and other applicable laws and regulations if any.

The information is securely stored in a dedicated data center located in Canada (recognized by the European Commission as a country providing adequate level of data protection alongside with Switzerland) until the Customer requests to delete the account. The data center is owned by Internap Corporation (NASDAQ: INAP) that does not have any access to HTB’s data. The integrity of HTB’s servers are managed and operated by authorized HTB employees only.

The information is stored as long as reasonably required to pursue the initial purpose of the information submission by the Customer.

The Customer can request HTB to delete its account on the Portal by submitting the request via Portal Support. The account and all Customer-related information available, will be securely deleted within 15 (fifteen) business days since the receipt of the request.

Deleted information is not recoverable. Any claims for reimbursement, indemnification or compensation for the projects created under deleted accounts will be refused.


3.5 Portal Availability

Notwithstanding external interruptions beyond HTB's control, the Portal is available 7 days a week, 24 hours a day. In case of reasonable necessity, HTB retains the right to temporary interrupt access to the Portal, at any time, for any period of time and at its own discretion.


3.6 Portal Security

Special attention is given to the security of the Portal. Nevertheless, the Customer recognizes that despite the best efforts undertaken by HTB, including continuous risk assessment, threat and vulnerability monitoring, usage of up-to-date software, system hardening, data encryption and compliance with the latest safety regulations and standards, including ISO 27001, HTB cannot guarantee the absolute security of the Portal.


3.7 Portal Time Zone

The Portal is operating in the Central European Time (CET/CEST) time zone.


4. Limitations

HTB takes all appropriate measures not to disturb the availability of the Customer’s Infrastructure, related systems or network equipment during an ImmuniWeb® assessment. Nevertheless, exceptional and unexpected side effects may occur beyond HTB’s control, and HTB shall not be liable or responsible for any interruptions of Customer's operations, or operations of any third parties related to the Customer and concerned by the assessment, that may occur during the assessment. The Customer is advised to create a backup of the tested system and data before starting the assessment.

HTB makes its best efforts to identify all possible vulnerabilities and weaknesses within the scope and during the timeframe of assessment, however HTB does not and cannot guarantee that all the vulnerabilities will be detected, and declines any responsibility for missed, undiscovered or unreported vulnerabilities.

An ImmuniWeb assessment itself is not intended to prevent, eliminate or fix any vulnerabilities or security weaknesses. The assessment purports to identify vulnerabilities and weaknesses within the Infrastructure, and to propose general remediation solutions for them. The Customer bears the sole responsibility for implementing all necessary corrections for the discovered vulnerabilities and weaknesses. The Customer understands that vulnerability remediations, proposed in the report or via the interactive dashboard, consist of general guidelines only, provided “as is” without any warranty of any kind.

ImmuniWeb assessment results reflect the state of security of the Customer's Infrastructure only at the time of the assessment’s execution, and therefore cannot be considered as permanently up-to-date.

The integrity of Portal’s user interface functionality including but not limited to vulnerability management and related features for any types of assessment or discovery projects are provided “as is” without any warranty of any kind.


5. Obligations of the Customer

5.1 Strictly Prohibited Usage

The Customer is strictly prohibited to use ImmuniWeb® to test security of any Infrastructure that does not belong to it and/or for which it does not have an explicit, express and undisputed written authorization from the legitimate Infrastructure owner to perform such testing.

The Customer is not allowed to use ImmuniWeb in countries where the legislation or regulatory rules prohibit such usage.

In case of violation of the above-mentioned conditions by the Customer, HTB reserves the right to immediately suspend the Customer's account and refuse any claims for reimbursement, compensation or indemnification for the projects created under this account.


5.2 Confirmation of the Infrastructure Ownership

The Customer unconditionally agrees to use ImmuniWeb® only to assess security of the Infrastructure that belongs to it or for which it has an explicit written authorization from the legitimate Infrastructure owner to do so.

In case of a website security testing, the Customer agrees that an email notification about the assessment may be sent to emails obtained from the website domain WHOIS record, or to the official emails provided directly on the website that the Customer wants to assess.

HTB also reserves the right to contact the Customer and/or its company by telephone and by any other appropriate means in order to verify Customer's identity and legitimacy to perform assessment of the Infrastructure.


5.3 Correctness and Completeness of Technical Information

During the creation of ImmuniWeb® project on the Portal, the Customer is solely and entirely responsible for submitting correct, complete and up-to-date technical information about the Infrastructure (e.g. URL, authentication and other technical information, etc.).

In case of erroneous, outdated or incomplete technical information submitted to the Portal, the Customer will bear the sole responsibility for the error or omission. In this case, HTB does not guarantee accuracy or completeness of the assessment and its results. Any claims for reimbursement in such cases will be refused.


5.4 Non-Resistance to Security Assessment

The present clause applies solely to ImmuniWeb On-Demand, MobileSuite and Continuous.

HTB’s IP addresses from which the assessment will take place will be communicated to the Customer by email (i) 1 (one) day before the assessment start and (ii) just before the start of the assessment for all ImmuniWeb® On-Demand and MobileSuite projects. For ImmuniWeb Continuous projects, the IP addresses are constantly visible on the Portal.

The Customer is required to properly authorize or otherwise whitelist HTB’s IP addresses on its IPS (Intrusion Prevention System), WAF (Web Application Firewall), and any other hardware or software solutions that may partially or entirely block or slow down the assessment and thus influence its completeness and accuracy. Otherwise, accuracy and completeness of the assessment and of its results are not guaranteed by HTB. Any claims for reimbursement in such case will be refused.

The Customer is strongly advised to delete HTB’s IP addresses from any whitelists and revoke any temporary permissions and demo accounts created for the purpose of the assessment once the assessment is successfully finished.


5.5 Availability of the Infrastructure

The present clause applies solely to ImmuniWeb On-Demand, MobileSuite and Continuous.

The Customer is entirely responsible for accessibility and availability of its Infrastructure during the assessment.

If for any reason the Infrastructure will not be fully accessible from any of HTB’s IP addresses during the assessment, the Customer will bear the sole responsibility for incompleteness, inaccuracy or non-delivery of the assessment. Any claims for reimbursement in such case will be refused.


5.6 Obligation to Inform Concerned Third Parties

The present clause applies solely to ImmuniWeb On-Demand, MobileSuite and Continuous.

The Customer must inform and obtain an explicit authorization to perform the assessment from all the third parties (if any) that are directly or indirectly concerned by the assessment.

This obligation particularly applies if the Customer is not the sole owner of the web, database or any other servers or equipment where Customer’s Infrastructure or its data are located. HTB does not bear any responsibility for delays caused by coordination between the Customer and the concerned third-parties.


5.7 Obligation to Respect Account Integrity and Confidentiality

The Customer undertakes to take all reasonable measures to protect its, account Credentials from unauthorized third-parties. If the Customer becomes aware of any illegal, unauthorized, unethical or improper usage of its Portal account, it shall immediately inform HTB by writing or another reliable and prompt mean.

The Customer undertakes to be solely responsible and liable to compensate any damages suffered by HTB, its employees or agents in case of breach of this clause.


5.8 Availability for Emergencies

The Customer undertakes to provide a valid email and direct phone number in its profile on the Portal, to be contacted in case of emergency (e.g. unexpected event or breach detection).

Failure to do so absolves HTB from any responsibility and liability in case of unforeseen emergency when interaction with Customer was required to mitigate damages.


6. Measures Against Abuse

In case of any illegal, unethical, improper, unauthorized by the present agreement or performed in a bad faith usage of ImmuniWeb®, the Customer unconditionally agrees to be solely liable and responsible for any damages suffered by HTB including but not limited to direct, incidental and consequential damages and reasonable lawyers’ fees, as well as for any liabilities that HTB could owe to any third parties in the result of such usage by the Customer.

In case of abuse HTB retains the right to:

  • Take any technical measures it deems appropriate;
  • Inform competent law enforcement agencies;
  • Inform third parties concerned by the abuse;
  • Take legal action against the Customer;
  • Demand indemnification for all the damages suffered with applicable interest.

7. Limited Liability of HTB

7.1 Access to the Portal

HTB makes its best efforts to provide the Customer with an uninterrupted access to the Portal. However, HTB does not guarantee a permanent access or uninterrupted operation of the Portal. HTB shall not be liable for any interruptions of the Portal’s availability.


7.2 Security Assessment Interruption

The present clause applies solely to ImmuniWeb On-Demand, MobileSuite and Continuous.

HTB retains the right to interrupt the assessment at any time in case of any risk related to the security or stability of the Infrastructure or any of the related system(s), without any obligation to justify such action.

HTB shall not be liable for any direct or indirect damage caused by this kind of interruption. HTB's liability is also excluded in case of interruption of the assessment by HTB due to a Force Majeure.


7.3 Inappropriate Usage by the Customer

HTB shall not bear any responsibility or liability for any damages resulting from any inappropriate, unethical, illegal or abusive usage of ImmuniWeb® by the Customer, particularly for the damage caused by Customer’s breach of the present agreement or of the instructions indicated on the Portal.


7.4 Damage Caused to Third Parties

In no case HTB shall bear responsibility for any direct, incidental or consequential damages caused to any third parties during the execution of any ImmuniWeb project or related tasks.

In the unlikely case if HTB will be held liable for any damage caused to a third party, the Customer undertakes to entirely indemnify HTB for the amount that HTB may be obliged to pay in relation thereto, as well as to reimburse HTB all reasonable expenses incurred while defending its interests in courts including but not limited to legal costs and reasonable lawyers’ fees.


7.5 Damage Caused to the Customer

Except for the case of deliberate and willful misconduct, HTB shall not bear any responsibility or liability for any direct, incidental or consequential damages (including but not limited to loss of integrity, availability or accessibility of any data or information, destruction of any information, files, databases or archives, or damage caused to any software, hardware or network equipment) incurred by the Customer in relation to any ImmuniWeb® assessment.

By accepting the present agreement, the Customer unconditionally agrees not to undertake, encourage, assists, join or file any legal actions, lawsuits or procedures against HTB, its employees, directors or agents in relation to any ImmuniWeb services except for deliberate and willful misconduct by HTB.


7.6 Liability Limit

In any case, HTB's total liability in relation with an ImmuniWeb® service is limited to the total net price paid by the Customer for the service in question.

By accepting the present agreement, the Customer unconditionally and without reservation accepts the aforementioned HTB's liability limit.


7.7 No Liability for Third-Party Solutions

HTB shall not bear any responsibility or liability for any damages caused by any joint solutions, implementations or integrations with any third-party technology solutions, including but not limited to Web Application Firewalls and SIEMs, that are provided "as is" without any warranty of any kind.


8. Payment Conditions

8.1 Price, Currencies and VAT

The price of ImmuniWeb® assessment is fixed in USD (US Dollars) and varies depending on the selected package. The price of a package is always displayed on the Portal on the Payment Step of project creation.

The price of any ImmuniWeb package may be changed at any time at HTB’s own discretion. All projects that were fully prepaid prior to the price change will not be affected by the change.

Payment can be made in US Dollars (USD), Euros (EUR) and Swiss Francs (CHF). When paying in EUR or CHF a currency conversion commission may be applied by your bank and/or by your card processing center.

Online payment processing may increase the price by a commission or a transaction fee charged by the processing company, bank and/or their subsidiaries. HTB has absolutely no relation or influence over these fees and shall never be responsible to reimburse or compensate them.

The prices are indicated without VAT (Value Added Tax). Swiss VAT of 7.7% will be charged if the Customer resides in Switzerland and is not exempted from VAT; or in the exceptional case when the Customer resides abroad but is obliged to pay VAT in Switzerland.


8.2 Online Payment

The entire online payment procedure via credit and debit cards or PayPal is managed and operated by Swiss bank "PostFinance AG" in accordance to their Terms and Conditions.

The entire online payment procedure via crypto-currencies is managed and operated by Lithuanian processing center UAB "Virtualios valiutos" under the brand of “CoinGate” in accordance to their Terms and Conditions.

HTB declines any responsibility and liability for any delay, loss or damages incurred by the Customer in relation to the online payment procedure.


8.3 Terms of Payment for ImmuniWeb® On-Demand, MobileSuite and Discovery

Any ImmuniWeb® On-Demand, or MobileSuite or Discovery assessment project is started only after receiving a full prepayment for package selected by the Customer.

The Customer can either pay online on the Portal, or just generate an invoice on the Portal and make the payment via a wire bank transfer. If paid via a bank transfer, within the next 5 (five) business days after the receipt of the funds on HTB’s bank account, the Customer will receive a 100% Discount Code to be entered on the Payment step of the project to skip the online payment procedure.

The invoice in PDF format becomes available for download on the Portal immediately after a successful payment for the On-Demand or MobileSuite assessment. The invoice will be available on the Portal for the next 12 (twelve) months after the payment. After the above-mentioned deadline, the invoice will be automatically deleted without any notification to the Customer.

For ImmuniWeb Discovery the invoice is generated by online payment processing system and will be emailed to the Customer after a successful payment.

The Customer is solely responsible for printing and keeping the invoice for administrative and accounting needs and requirements. HTB does not provide any backup or copies of the invoices.


8.4 Terms of Payment for ImmuniWeb® Continuous

ImmuniWeb® Continuous assessment starts in 2 (two) business days upon receipt of a full payment for the entire duration of the service or of the first invoice if the Customer selects a monthly, quarterly or annual billing cycle.

Thirty (30) days before the end of current billing cycle period, an invoice for the next period becomes available on the Portal and shall be entirely paid within the next twenty-nine (29) days. Any overdue payments may lead to monetary penalties and overdue interests in accordance with the Swiss law.

The Customer can select the duration of an ImmuniWeb Continuous subscription on the Portal of one (1) month, six (6) months, one (1) year, two (2) years, or three (3) years, and obtain a corresponding loyalty discount that will be displayed alongside the price. Once selected, the subscription is deemed to be purchased for the selected period of time, and if cancelled before the initially selected period for any reason, the entire amount of the upcoming payments must be paid to HTB without any deduction.

The invoice in PDF format is stored on the Portal during the subscription validity and six (6) months after subscription expiration. After the above-mentioned deadline, the invoice will be automatically deleted without any notification to the Customer.

The Customer is solely responsible for printing and keeping the invoice for administrative and accounting needs and requirements. HTB does not provide any backup or copies of the invoices.


8.5 Payments via Authorized Partners

The Customer may acquire ImmuniWeb® services via authorized partners of HTB. In this case, the Customer shall enter a 100% discount code (i.e. a license) obtained from the Partner on a project payment step to skip the payment and start the service.


8.6 False-Positives Reimbursement

The present clause applies solely to ImmuniWeb On-Demand, MobileSuite and Continuous.

HTB makes its best efforts to assure zero false-positives for every security assessment. In the unlikely case when the Customer finds a false-positive (i.e. a reported vulnerability that (i) does not exist and (ii) did not exist at the time of the assessment) in the assessment report or on the dashboard, the Customer may claim a reimbursement.

If the false-positive is confirmed and recognized by HTB, the Customer shall receive the amount paid for ImmuniWeb® On-Demand or MobileSuite package purchased by the Customer, or the amount paid for one (1) week of assessment in pro rata for ImmuniWeb Continuous package.

The present clause is valid only for the false-positives among security vulnerabilities with the assigned (i) CVSSv3 score and (ii) CWE-ID.


8.7 Reimbursement Claims and Limitations

Any reimbursement claims must be made by the Customer via Support within 10 (ten) business days after an incident that triggered the claim has occurred. Any reimbursement claims received after the aforementioned deadline will not be reimbursed.

In case of reimbursement claim approval by HTB, the reimbursement amount corresponding to the gravity and other relevant circumstances of the incident shall be paid to the Customer within the next 30 (thirty) days following the approval. The amount of the reimbursement can never exceed the total amount paid by the Customer for the assessment during which the incident occurred.


8.8 Deferred Payments and Overdue

Under exceptional circumstances, HTB may grant the Customer a deferred payment deadline up to thirty (30) days. In this case, the Customer will receive a 100% discount code to be entered on the payment step in order to skip the online payment procedure and start the project. The Customer will also be provided with an invoice for a wire transfer of the amount due to HTB’s bank account.

Hereby, the Customer expressly agrees that if the deferred payment regime is partially or entirely granted by HTB, the Customer unconditionally and without reserve agrees to:

(a) timely make the payment of the exact amount due without any deduction of any kind including but not limited to transactional fees or bank charges;

(b) recognize a monthly 1% (one percent) cumulative interest for the integrity of overdue regardless the reason of the said overdue;

(c) compensate all reasonable administrative, accounting and collecting fees HTB may incur for overdue amounts collection at an hourly rate of USD 100 (one hundred US dollars);

(d) be transferred to a full prepayment regime for systematic or bad faith delays in payments.

By accepting the present agreement, the Customer expressly agrees not to challenge the aforementioned provisions.


9. Confidentiality and Privacy

9.1 Customer Data Protection, Commercial and Business Secrets

When providing its services under to the present agreement, HTB and its employees undertake their best reasonable efforts to handle the information related to, or received from, the Customer in a strictly confidential manner and in compliance with HTB’s ISO 27001 certification, related security policies and procedures.

All customer-related data is accessible only to the authorized HTB’s employees, required to have access this data to perform their direct professional duties. HTB’s employees are internally vetted and required to sign a Non-Disclosure Agreement (NDA) before obtaining an access to any customer-related data. HTB’s technical personnel is required to act in conformity with CREST Code of Conduct for Individuals, assuring confidentially, ethics, honesty and integrity. Regular internal vetting in accordance to CREST guidelines is performed on HTB employees.

HTB undertakes not to disclose, share or transfer any customer-related data (e.g. technical, operational or vulnerability data) to any unauthorized third parties for any purposes, with the only exception when such action is demanded by a valid order of a Swiss court.

Retention of technical data (e.g. vulnerability data) is described in the articles 2.2, 2.3 and 2.4 of the present agreement. Customer account removal described in the article 3.4 of the present agreement implies secure deletion of all the projects created by the Customer and all the related data.

The Customer is solely responsible for using ImmuniWeb in accordance with any concerned third party's right to data protection.

9.2 Customer PII Data Protection

HTB and its employees undertake their best reasonable efforts to protect Customer's PII data in accordance with corporate ISO 27001 certification, related security policies, procedures and applicable law.

PII data collection, processing, retention and removal are performed according to the procedures outlined by the article 3.4 of the present agreement.

HTB’s Data Protection Officer is regularly conducting privacy audits as imposed by applicable law.


10. Intellectual Property

HTB remains the sole owner of names, trademarks, logos, labels and any other distinctive signs that belong to it, as well as of the software, source codes, programming algorithms, design concepts, databases, assessment reports, dashboard interface and all tangible and intangible goods related to ImmuniWeb service.


11. Entire Agreement

The present agreement constitutes the entire agreement between the Customer and HTB with respect to the subject matter thereof and supersedes all and any prior oral and written understandings, promises, arrangements or agreements relating to such subject matter. The Customer hereby agrees that there are no other representations or warranties relating to the subject matter of the present agreement.


12. Severability

If any provision of the present agreement is found to be invalid or unenforceable:

(a) the validity and enforceability of the remaining provisions shall not be affected unless the agreement reasonably fails in its essential purpose; and

(b) such provision shall be replaced by one or more valid and enforceable provisions approximating the original provision as closely as possible.


13. Modifications

HTB undertakes not to make modifications of the present Terms of Service agreement that will jeopardize confidentiality or privacy of the Customer except if such modification is required by the applicable law or a court order. In other cases, when the modifications are performed for a good reason and in good faith, the present agreement can be modified without any prior notification and at any time by HTB at its own discretion. The modified agreement shall be effective only for the projects created and started after the modification.

The new version of the agreement shall be immediately published on the Portal. For any substantial changes, or changes involving Customer’s confidentiality or privacy, the Customer shall receive a prompt notification about such change via email, special message or support ticket on the Portal.

The present version of this Terms of Service was last modified on the 4th of November 2019.


14. No Waiver

A failure of HTB to insist upon strict adherence of the Customer to any term of the present agreement on any occasion shall not be considered a waiver of HTB’s rights for any of the available remedies or deprive HTB of the right thereafter to insist upon strict adherence to that term or any other term of the present agreement.


15. Assignment

The Customer may not transfer or assign this agreement, in whole or in part, or delegate any of its duties hereunder, to a third party by change in control, operation of law or otherwise, without the prior written consent of HTB.


16. Governing Law and Venue

The present Terms of Service agreement applies worldwide and is governed by and construed in accordance with the Swiss law. Application of any international treaties or conventions is excluded.

The Customer irrevocably consents to the jurisdiction and venue of a competent Swiss court in Geneva in connection with any action, suit, proceeding or claim to enforce the provisions of the present agreement, to recover damages for breach of or default under the present agreement, or otherwise arising under or by reason of the present agreement.