Platform Time (CET): 5 Nov 2024 03:15:03

TERMS OF SERVICE FOR
IMMUNIWEB® AI PLATFORM
PROVIDED BY IMMUNIWEB SA

1. Recitals and Scope

ImmuniWeb SA (hereinafter "IW") is a Swiss company registered in the Trade Register of Geneva under Swiss Federal Identification Number CH-660.3.165.019-5 with VAT number CHE-166.613.872, domiciled at:

Quai de l’Ile 13
CH-1204 Geneva
Switzerland

These terms of service (hereinafter “these Terms of Service” or “this agreement”) is a binding contract between IW and your company, governing your and your organization’s or company’s (hereinafter jointly "the Customer") usage of the ImmuniWeb® AI Platform provided by IW via the ImmuniWeb® Portal (hereinafter "the Portal").

It is expressly agreed that the parties hereto are independent contractors and that the relationship between the parties shall not constitute any form of partnership, joint venture, employment or agency relationship.

You hereby warrant and represent that you have an undisputed authority, legal competence and capacity to bind your organization or company to this agreement and all its terms.

By ticking the “I have read and agreed to the Terms of Service & Privacy” checkbox during online registration on the Portal, you agree and accept without any reservations to be exclusively bound by the terms and condition of this agreement to the exclusion of any other terms and conditions that the Customer may use.

Any usage of the ImmuniWeb® AI Platform or of the ImmuniWeb® Portal in violation of these Terms of Service shall be considered unauthorized usage and may lead to legal actions.

This agreement does not govern the relationship between the Customer and Swiss financial company "Worldline Schweiz AG (Worldline Switzerland Ltd)" that is in charge of online credit card and PayPal payments processing on behalf of IW. Likewise, this agreement does not govern usage of the Single Sign-On (SSO) functionality on the Portal, if used by the Customer, that is governed by a separate agreement between the Customer and the SSO provider such as Google, Amazon, Microsoft, or others.



2. ImmuniWeb® AI Platform

2.1 Description

ImmuniWeb® is an internationally registered trademark owned by IW. The ImmuniWeb® AI Platform and the underlying technology are developed and supported by IW that is its sole owner.

The ImmuniWeb® AI Platform is available via the Portal and is designed to, among other things, provide security assessment, monitoring and asset discovery services (hereinafter “the service”) for web and mobile applications, and other digital or IT assets (hereinafter "the Infrastructure").

The purpose of the service is to discover vulnerabilities, weaknesses and misconfigurations of the Infrastructure operated, managed, owned or lawfully entrusted to the Customer, and to offer general remediation guidelines for the discovered issues.

This service is solely provided to Platform users who (i) created an account on the Portal via the registration procedure, read and accepted this agreement without reservations, (ii) confirmed their identity and activated their account by clicking on special link in account activation email, (iii) confirmed their legitimacy and authorization to run the service, and (iv) paid for the service according to the procedures outlined below in this agreement. IW retains the right to refuse providing any Customer with the service in case of any reasonable doubts regarding the Customer’s identity, legitimacy or authorization to order such service.

To consume the service, the Customer shall log in to the Portal under its account and create one of the five ImmuniWeb project types described below.

ImmuniWeb Discovery project consists of four consecutive steps:

  • Enter a company name for which you run Discovery
  • Select a checkbox if you run Discovery for a third party
  • Select your package, subscription duration and pay for the service
  • Get access to your Discovery dashboard

ImmuniWeb Neuron project consists of four consecutive steps:

  • Enter your project name
  • Confirm your subscription duration and number of targets
  • Pay for the service
  • Get access to your Neuron dashboard

ImmuniWeb Neuron Mobile project consists of four consecutive steps:

  • Enter your project name
  • Confirm your subscription duration and number of annual scans
  • Pay for the service
  • Get access to your Neuron Mobile dashboard

ImmuniWeb On-Demand project consists of five consecutive steps:

  • Configure your assessment
  • Confirm your authorization to conduct the assessment
  • Select your package and pay for the service
  • Select your assessment date to start
  • Get the remediation report

ImmuniWeb MobileSuite project consists of five consecutive steps:

  • Upload your mobile app and configure your assessment
  • Confirm your authorization to conduct the assessment
  • Select your package and pay for the service
  • Select your assessment date to start
  • Get the remediation report

ImmuniWeb Continuous project consists of four consecutive steps:

  • Enter your project name
  • Confirm your subscription duration and start date
  • Pay for the service
  • Get access to your Continuous dashboard

2.2 ImmuniWeb® On-Demand and MobileSuite Security Assessment Report

After receiving a payment for ImmuniWeb® On-Demand or MobileSuite Security Assessment, and upon completion of the assessment, the assessment report can be viewed or downloaded by the Customer directly from the Portal. The report becomes available within 1 (one) business day after the Security Assessment completion.

The Customer will be able to view and download the report in HTML, XML or PDF formats directly from the Portal. The report will stay available on the Portal during the next 100 (one hundred) days following the Security Assessment completion, and then will be securely deleted.

The Customer has a possibility to securely delete the report from the Portal at any time before the above-mentioned deadline.

After being deleted, the report cannot be recovered. The Customer is solely and entirely responsible for downloading the report within the aforementioned 100 (one hundred) days deadline, as well as for saving the report on a secure local storage.


2.3 ImmuniWeb® Continuous Dashboard

Within 2 (two) business days after receiving a payment for ImmuniWeb® Continuous subscription, the Customer will be provided with an access to the interactive vulnerability management dashboard designed to manage and monitor the assessment and its results via the dashboard or API.

The dashboard and its functionality remain active while the Customer pays for the subscription. 100 days after the subscription expires, or upon earlier Customer’s written demand, the data will be securely deleted. After being deleted the data cannot be recovered.


2.4 ImmuniWeb® Neuron and Neuron Mobile Dashboard

After receiving a payment for ImmuniWeb Neuron or Neuron Mobile, the dashboard will become available for the Customer. Scan reports will be accessible via the dashboard or API once the scan is finished.

The dashboard and its functionality remain active while the Customer pays for the subscription. 100 days after the subscription expires, or upon earlier Customer’s written demand, the data will be securely deleted. After being deleted the data cannot be recovered.

The Customer is solely responsible to make backups of the data if the subscription is not renewed or is renewed with a delay.


2.5 ImmuniWeb® Discovery Dashboard

Within 3 (three) business days after receiving a payment for ImmuniWeb Discovery, discovered applications and other digital assets will appear on the Discovery dashboard.

The dashboard and its functionality remain active while the Customer pays for the subscription. 100 days after the subscription expires, or upon earlier Customer’s written demand, the data will be securely deleted. After being deleted the data cannot be recovered.

The Customer is solely responsible to make backups of the data if the subscription is not renewed or is renewed with a delay.


2.6 ImmuniWeb® Security Seal and ImmuniWeb® Attestation Letter

Some ImmuniWeb® products, depending on the package, may provide the Customer with ImmuniWeb Security Seal or ImmuniWeb Attestation Letter of Penetration Test Completion. Both are designed only to duly the fact and the time of the performed security assessment. The Customer understands this and hereby undertakes to never use the Seal or Letter for any purposes, including but not limited to claiming, advertising or proving its level of cybersecurity or compliance, but to show that a penetration test by IW took place.

Despite our efforts to identify as many vulnerabilities as possible within the assessment scope and timeframe, both the Seal and the Attestation cannot and do not guarantee that the Infrastructure or any parts of it are 100% secure, unbreakable or vulnerability-free.


2.7 ImmuniWeb® Continuous, Neuron, Neuron Mobile and Discovery Notifications

For Customers of ImmuniWeb® Continuous, Neuron, Neuron Mobile and Discovery, notification functionality is available to receive alerts about newly detected vulnerabilities, weaknesses or other events via email or SMS, depending on the service and subscription package.

Despite our best commercial efforts to send the above-mentioned notifications in accordance with the Customer’s preferences selected by the Customer on the Portal, we cannot and do not guarantee that they will arrive in a timely manner. IW declines any responsibility for any delays or omissions related thereto.

IW may replace SMS notifications by email alerts when IW considers such replacement appropriate under the circumstances and at its own discretion. No compensation is available for such replacement.

The SMS delivery service is operated and maintained by "Twilio, Inc." (CA), USA. The Customer hereby consents and agrees that if SMS service is activated, the cell phone numbers, provided by the Customer for the purpose of the SMS notifications, will be shared with Twilio whereas Twilio contractually agrees not to use the numbers for any purposes but the notification. IW may in no case be liable for any problems, delays or damage related to or caused by the SMS notification service.


2.8 ImmuniWeb® Assessment Scope

This clause applies solely to ImmuniWeb On-Demand, MobileSuite and Continuous.

The scope of the assessment is always defined solely by the Customer either on the first step of the project creation or elsewhere depending on the service. The Customer is encouraged to provide as much information and details about the scope as practical under the circumstances. Any omissions or incorrect information provided by the Customer may lead to incomplete, delayed or inaccurate assessment for which IW shall not be accountable or liable in any manner.

Within reasonable and in good faith, the Customer can provide specific requirements for the scope or methodology of testing on the first step of the project creation. IW will undertake commercially reasonable efforts to follow the instructions and scope defined by the Customer as precisely as practical under the integrity of the circumstances. In case of substantial impossibility to comply with the instructions, or requirement to upgrade the package, IW may pause the project and communicate the issue to the Customer for resolution.

The Customer acknowledges and accepts that IW has the right to cancel any ImmuniWeb On-Demand or MobileSuite project without any compensation if the scope entered by the Customer is different from the scope for which the Customers received and signed the corresponding quote from IW.

For ImmuniWeb Continuous projects, the Customer acknowledges that two distinct types of targets exist for its convenience. Penetration testing targets are manually tested to the extent available in the package, while automated scanning targets are tested only automatically. The Customer is solely responsible to configure testing of its targets via functionality available on the dashboard.


2.9 ImmuniWeb® Neuron Assessment Scope

The scope of the assessment is always defined solely by the Customer before launching a scan.

The Customer is encouraged to provide as accurate and carefully selected details about the scope as practical under the circumstances, considering, among other things, safety of its Infrastructure and concerned third parties.

Any omissions or incorrect information provided by the Customer may lead to incomplete, delayed or inaccurate assessment for which IW may in no case be accountable or liable in any manner.

To protect intellectual property of IW, it is strictly prohibited to launch scans against any types of purposely vulnerable web applications or frameworks designed to compare automated scanning tools. Any scans against such targets have no warranty of any kind and may lead to permanent suspension of the target without any reimbursement or compensation.

Each Neuron project can include targets belonging to one organization or company only. If the Customer wishes to lawfully scan targets from several organizations, then targets of each organization must be grouped into a separate package.

The Customer is solely responsible to correctly configure Neuron scan options, including but not limited to the authentication, speed and aggressivity of scanning, to prevent any damage to its Infrastructure or third parties. IW may in no case be liable for incorrect scan configuration in any manner and any of its consequences.


2.10 ImmuniWeb® Neuron Mobile Assessment Scope

The Customer must follow technical guidelines available on the Portal to properly compile a mobile application for security testing with Neuron Mobile. All incorrectly compiled applications may produce incomplete or incorrect results of security testing, or even be unsuitable for testing. IW shall never be liable for any problems, delays or failures with incorrectly compiled mobile applications. No warranties whatsoever are provided for incorrectly compiled mobile applications.

The Customer is informed and hereby accepts that uploading of a mobile application with hardcoded credentials (including but not limited to API keys) or other means of authentication for any backend endpoints (including but not limited to Customer’s or third-party web services of APIs) may cause damage to the backend despite the best reasonable efforts of IW to prevent such impact. The Customer hereby undertakes to defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action or lawsuit against IW in relation to any Neuron Mobile project started, initiated or managed by the Customer.


2.11 ImmuniWeb® Discovery Scope

The Customer recognizes that ImmuniWeb® Discovery is based on Open-Source Intelligence (OSINT) meaning that the discovered assets, data and all other information provided to the Customer within the scope of ImmuniWeb Discovery are already accessible, visible or otherwise discoverable on the Internet.

For the duration of a Discovery project, the Customer grants IW a full authority to monitor various web, cloud and other Internet resources and repositories, including resources located in the so-called Dark Web and Deep Web, on its behalf or on behalf of third parties for which the discovery is performed. The Customer hereby accepts and agrees that IW may detect and get its confidential, personal or sensitive data, or such data of its subsidiaries, agents, employees or third parties, that has been previously stolen, compromised or leaked. In any case, IW shall promptly bring the relevant data to attention of the Customer via the Dashboard. IW may in no case be liable to the Customer or to any third parties for processing, storing or supplying this data to the Customer. The Customer hereby undertakes to defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action or lawsuit against IW in relation to any Discovery project started, initiated or managed by the Customer.

For some packages of Discovery, a phishing websites takedown service may be provided to the Customer by IW. The service is limited to the phishing websites detected by Discovery. Upon receipt of a takedown request from the Customer, IW may contact all parties concerned by, or implicated into, hosting or providing access to the phishing website or domain name, and request suspension of the phishing resource. The Customer agrees that its corporate name may be mentioned in such communications as the party aggrieved by the phishing. The Customer hereby accepts and agrees that a takedown is not and may never be guaranteed despite the best reasonable efforts undertaken by IW. The Customer likewise agrees that IW may, at its own discretion and at its own expense, retain any licensed law firm and share with it all necessary details of a phishing takedown case when so is deemed necessary by IW for the purpose of takedown. The Customer unconditionally agrees that when its takedown request contains incorrect or misleading information about the nature, status or impact of the phishing website, the Customer shall defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action or lawsuit against IW in relation to the takedown actions made by IW. In addition to the foregoing, in case of any abusive usage of the takedown functionality by the Customer, IW may permanently terminate the functionality without any compensation to the Customer.

The Customer understands and hereby accepts that the Discovery process may not detect some of its digital or IT assets, related vulnerabilities, misconfigurations, weaknesses or data leaks due to unreachability of the systems, the non-intrusive nature of the Discovery process, inability to attribute the asset or data to the Customer with reasonable certainty or any other circumstances beyond reasonable control of IW. Therefore, IW shall never be liable for any missed or omitted, mislabeled, wrongly scored or attributed assets, data or information provided to the Customer within the scope of any Discovery project.

The Customer agrees that one Discovery project covers only one brand unless otherwise is expressly authorized by IW in writing. Therefore, domains, websites or any other digital assets or resources belonging to other brands, including but not limited to subsidiaries and third parties, must not be manually added or imported by the Customer into Discovery project. Violation of this clause by the Customer may lead to termination of the Discovery subscription without any compensation for non-used service.

If 15 (fifteen) days after launch of Discovery project the Customer’s infrastructure or assets increase by more than 10% (ten percent), the Customer agrees to pay IW in pro rata for the increased scope of monitoring or to remove the assets.


2.12 ImmuniWeb® Methodology of Testing

This clause applies solely to ImmuniWeb Neuron, Neuron Mobile, On-Demand, MobileSuite and Continuous.

IW’s application security testing methodology is developed and based on its proprietary technology, that may be deployed in fully automated or human-driven mode depending on the service and package.

Except if otherwise requested by the Customer, or required by circumstances of the assessment, the methodology of testing follows globally recognized standards, such as OWASP Web and Mobile Application Security Testing Guides. IW may, however, at its own discretion and without prior notice, change, expand or amend its methodology of testing if such a change may be beneficial or otherwise preferrable for the Customer or for IW under the integrity of circumstances.

IW makes its best efforts to avoid any security testing or exploitation techniques that may harm, slow down, corrupt, partially or entirely destroy Customer’s data or Infrastructure. However, IW may use intrusive testing and vulnerability exploitation techniques if it is necessary for comprehensive testing or is appropriate under the circumstances.

For some products, IW may provide a website testing map to the Customer for convenience. The Customer hereby acknowledges that it understands and agrees that the website map is not designed to contain full scope of testing, but rather the most relevant or representative parts of it. The Customer likewise acknowledges and accepts that some URLs may be purposely omitted in the website map.


2.13 ImmuniWeb® Quality Assurance

For the most important and critical processes and activities of the assessment, IW relies on the four-eyes principle, which involves at least two people controlling each other.


2.14 ImmuniWeb® Customer Support

IW strives to provide an uninterrupted 24/7 support for the Customers via email and web ticketing system.

IW makes its best commercial efforts to respond to normal-priority support tickets within 4 (four) business hours and within 15 (fifteen) minutes to urgent support tickets. Nevertheless, IW cannot and does not guarantee that request or problem will be resolved within the above-mentioned deadline and may in no case be liable for any delays or damage caused by such delays.

Urgent support ticket functionality is available only to the Customers who have already paid for at least one assessment project. Abusive, unwarranted or inappropriate usage of urgent support tickets by the Customer may lead to temporary or permanent disablement of urgent support ticket functionality on the Portal without any compensation as a counterpart. Urgent tickets are not available for ImmuniWeb Neuron, Neuron Mobile and Discovery.

IW undertakes its best reasonable efforts to provide competent and accurate information via the customer support (hereinafter “the Customer Support”). However, the Customer shall never rely solely on the information obtained from the Customer Support to make its decisions. The Customer hereby acknowledges and agrees that any information obtained from the Customer Support is provided “as is” without any warranty of any kind. IW shall in no case be liable for any harm or damage ensued from any actions performed by the Customer based on, relied upon, or derived from the information or recommendations received via the Customer Support.

When any information, statement or promise provided by the Customer Support or any IW employees under any circumstances materially amend or contradict this agreement, the text of this agreement shall always prevail in case of a dispute.


2.15 ImmuniWeb® Project Sharing and RBAC

The Customer may grant any other Portal user with various Role Based Access Control (RBAC) access permissions to any of its ImmuniWeb projects.

The Customer shall take all the necessary precautions and due care when granting, modifying or revoking such access as the grantee will have access to the project and its data. The Customer is solely responsible to monitor and timely revoke or adjust access from all Portal users who shall not have access to the project anymore.

IW shall not be liable for any incidents or damage caused by project sharing activities performed by the Customer or any Portal users empowered to do so by the Customer.


2.16 ImmuniWeb® API

On the Portal, the Customer may generate an API key to access its project data in JSON format from the API provided by IW depending on the service.

The Customer is solely responsible to protect all its API keys, timely revoke and prevent any unauthorized usage of the API keys.

IW may in no case be liable for any incidents or damage caused by the API or API key usage or management performed by the Customer. Likewise, IW may in no case be liable if the API key is compromised or misused as a result of Customer’s omission, compromise, error or negligence.


2.17 ImmuniWeb® Community Edition

ImmuniWeb Community Edition offers free online tests aimed to improve overall security awareness at no cost. It also provides a premium subscription designed to perform a higher number of online tests per day compared to the free version.

The subscription can be purchased online by the Customer for the price and duration that are visible online to the Customer. Purchased subscriptions cannot be modified, cancelled or reimbursed for non-usage or early termination.

All available ImmuniWeb Community Edition subscriptions are provided “as is” without any warranty of any kind.

The Customers, who misuse subscription and thereby cause inconvenience or damage to any third party, will be notified, and in case of re-occurrence, may have their subscription immediately terminated without any reimbursement or compensation. In case of deliberate abuse, the subscription may be terminated without a prior notice and with no compensation.

The Customer hereby undertakes to defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action or lawsuit against IW in relation to the Customer’s usage of the Community Edition.

Any usage of bots or automated tools to interact with the Community Edition in any manner is strictly prohibited unless is previously authorized by IW in writing.


2.18 Products Purchased via Microsoft Azure Marketplace

For all IW products or services purchased by the Customer via Microsoft Azure Marketplace, a possible delay of up to 3 business days may exist before a project can be started or delivered.

Likewise, IW may in no case be liable for any extra costs, fees or other liabilities incurred by the Customer while making a payment for any IW product or service to Microsoft or any of its affiliates or subsidiaries.


2.19 ImmuniWeb® Documentation

As a courtesy, IW offers free product documentation available to the Customer. While IW undertakes its best reasonable efforts to provide accurate and up-to-date information in the documentation, the Customer shall never rely solely on the information obtained from the documentation to make its decisions.

The Customer hereby acknowledges and agrees that the documentation is provided “as is” without any warranty of any kind. IW shall in no case be liable for any harm or damage ensued from any actions performed by the Customer based on, relied upon, or derived from the documentation.


3. ImmuniWeb® Portal

3.1 Registration Procedure

To use the ImmuniWeb® AI Platform, the Customer must be registered and authenticated on the Portal. To obtain an account on the Portal, the Customer shall follow the registration procedure. During the registration, the Customer undertakes to provide IW with correct, truthful and up-to-date personal and other information.

IW may verify, at any time, the authenticity and veracity of the information provided by the Customer during the registration. Any accounts with doubtful or dubious information may be temporarily suspended, accounts with deliberately false or fake information may be deleted immediately. Any claims for reimbursement or compensation for any projects created under accounts with false or fake information will be refused.

IW can, at its own discretion, deny registration to any user at any time without any justification of its decision.


3.2 Identification of the Customer

The Customer should authenticate itself on the Portal with its email address (login) and password (hereinafter “the Credentials”). The Customer may request to use a third-party SSO for its account. The Customer agrees that it uses the SSO at its own risk and that IW shall never be liable for any events or damage caused by or related to the SSO.

IW draws particular attention of the Customer that the Credentials are strictly personal and non-transferable.

The Customer undertakes to keep its Credentials strictly confidential. Otherwise, IW retains the right to block the Customer’s account and claim any damage occurred. Any claims for reimbursement or compensation for any projects created under compromised accounts or accounts shared with third parties will be refused.


3.3 Modification of Customer Account Information

The Customer undertakes to keep its account information up-to-date. To do so, it can modify the information directly on the Portal via profile update function. Accounts with outdated information may be suspended for security purposes.

IW may verify, at any time, the authenticity and veracity of the information provided by the Customer. Any accounts with doubtful or dubious information may be temporarily suspended, accounts with deliberately false or fake information may be deleted immediately. Any claims for reimbursement or compensation for any projects created under accounts with false or fake information will be refused.

IW can, at its own discretion, shut down an account at any time without any justification of its decision.


3.4 Customer Data and PII Collection, Processing, Retention and Deletion

IW values privacy of the Customer. IW collects Personally Identifiable Information (PII) of the Customer that is voluntarily submitted by the Customer on the Portal (e.g. name, email address, business phone, etc.) and technical information manually entered by the Customer on the Portal (e.g. website URLs) for the purposes of (i) using ImmuniWeb® AI Platform by the Customer, (ii) performing contractual duties owed to the Customer under this agreement, and (iii) pursuing legitimate interests of IW including but not limited to keeping the Customer informed about the Platform news and improvements by weekly newsletter with a one-click opt-out feature. IW also collects ancillary information about the Customer and its activities on the Portal, such as IP addresses and other relevant technical details, which are necessary to protect, maintain or improve the Platform or pursue other legitimate interests of IW.

The foregoing information is never shared with third parties except authorized parties (e.g. technology or business partners that provide joint services with IW) for performance of legitimate business purposes for the benefit of the Customer or for performance of this agreement. The authorized parties are required to have (i) a non-disclosure agreement (NDA) with IW prohibiting divulgation or inappropriate use of the entrusted information, and (ii) a privacy policy that complies with the Swiss data protection law (New Federal Act on Data Protection (nFADP)).

The information is securely stored on a dedicated data center located in Canada (recognized by the European Commission (EC) as a country providing adequate level of data protection alongside with Switzerland). IW servers are managed and operated by authorized IW personnel only.

The information is stored as long as reasonably required to perform IW’s duties under this agreement, pursue legitimate interests of IW, or as long as required by applicable law.

The Customer can request IW to delete its account on the Portal by submitting a request via the Customer Support. The account and Customer-related information will be securely deleted within 15 (fifteen) business days since the receipt of the request unless otherwise required by applicable law. IW may retain any information and data that is required to be retained by law or to protect legitimate interests of IW in compliance with Swiss data protection law.

Deleted information is not recoverable. Any claims for reimbursement or compensation for the projects created under deleted accounts will be refused. The foregoing does not absolve IW from liability, subject to the liability limit described below, for deliberate and willful misconduct.


3.5 Portal Availability

Apart from external interruptions beyond IW’s control, the Portal is available 7 days a week, 24 hours a day. In case of reasonable necessity, IW retains the right to temporarily interrupt access to the Portal, at any time, for any period of time and at its own discretion. IW may in no case be liable for any damages caused by any interruption.


3.6 Portal and Data Security

Special attention is given to security of the Portal and the data it processes and handles.

Nevertheless, the Customer hereby recognizes that despite the best commercial efforts undertaken by IW, including risk assessment, threat and vulnerability monitoring, usage of up-to-date software, system hardening, data encryption and adherence to the ISO 27001 security standard, IW cannot and does not guarantee the absolute security of the Portal, any related devices, systems or the data that they process or handle.

The Customer hereby acknowledges and accepts all risks related to data breaches and security incidents, and undertakes not to, and waives any right it may have, to initiate, file, encourage or participate in any legal actions or judicial proceedings against IW related thereto.


3.7 Portal Time Zone

The Portal is operating in the Central European Time (CET/CEST) time zone.


4. Limitations Accepted by the Customer

In addition to all other limitations stated in this agreement, the Customer hereby unconditionally accepts the limitations of the service provided by IW, which are described below.

IW undertakes its best commercial efforts to provide a broad selection of available assessment dates. Nonetheless, IW cannot and does not guarantee that a specific date will be available, neither provides any guarantee of date availability. For penetration testing projects, the next available assessment date is always shown on the Portal at the “payment step”. IW shall never be liable for any delays caused by unavailability of a specific assessment or report delivery date.

During security testing, IW takes appropriate measures not to disturb availability of the Customer’s Infrastructure. Nevertheless, exceptional, unforeseen or unexpected side effects may occur beyond IW’s reasonable control. IW shall never be liable or responsible for any damage, interruption or slowdown of any operations or property of the Customer or any third parties concerned by the testing. The Customer is advised to create a full backup of the tested system and data before starting the assessment, to avoid testing previously untested and unstable systems in production, and to avoid testing with real user accounts or with privileged user accounts that may have access to production or confidential data.

IW makes its best efforts to identify all possible vulnerabilities and weaknesses within the scope and during the timeframe of assessment, however IW does not and cannot guarantee that all the vulnerabilities and/or weaknesses will be detected, and declines any responsibility for missed, undiscovered or unreported vulnerabilities and/or weaknesses.

The service itself is not intended to prevent, eliminate or fix any vulnerabilities or security weaknesses. The assessment purports to identify vulnerabilities and weaknesses within the Infrastructure and to propose general remediation solutions for them. The Customer bears the sole responsibility for implementing all necessary patches and corrections for the discovered vulnerabilities and weaknesses.

The Customer understands that all vulnerability remediations, proposed in the report, via the interactive dashboard or otherwise, consist of general guidelines only and are provided “as is” without any representation and warranty of any kind.

Assessment results reflect the state of security of the Customer’s Infrastructure only at the time of the assessment’s execution and therefore cannot be considered as permanently up-to-date.

The integrity of the Portal features including but not limited to the user interface functionality, integrations, data import and export, vulnerability management, alerts and notifications, user management and any related features for all types of projects are provided “as is” without any warranty of any kind.


5. Obligations of the Customer

5.1 Strictly Prohibited Usage

The Customer is strictly prohibited to use ImmuniWeb® AI Platform to conduct security testing of any Infrastructure that does not belong to it and/or for which it does not have an explicit, express and undisputed written authorization from the legitimate Infrastructure owner to perform such testing.

The Customer is also prohibited to use ImmuniWeb® AI Platform to knowingly cause any damage, harm or foreseeable inconvenience to any third parties.

The Customer must not use ImmuniWeb® AI Platform for white labeling, re-delivering, reselling or re-distributing any IW products or services or any parts thereof unless previously expressly authorized in writing by IW. For any violation of this paragraph, the Customer hereby agrees to compensate IW with an amount of 50,000 USD (fifty thousand US dollars) per violation in addition to any direct, accidental or consequential damages including without any limitation loss of revenue, depreciation of IW brand value, IW’s legal and recovery costs and reasonable attorneys’ fee. Payment of any compensation does not relieve the Customer from his obligation to comply with this clause and IW’s right to request specific performance to ensure compliance with this clause remains reserved.

The Customer is not allowed to use ImmuniWeb® AI Platform in countries where the legislation, sanctions or regulatory rules prohibit such usage.

In case of violation of the above-mentioned conditions by the Customer, IW reserves the right to immediately suspend the Customer’s account, claim damages and refuse any Customer’s claims for reimbursement or compensation for the projects created under its account.

The Customer is strictly prohibited to use any and all derivatives of ImmuniWeb® AI Platform including but not limited to reports, findings and all other information provide by IW for any and all Machine Learning or AI training purposes. For any violation of this paragraph, the Customer hereby agrees to compensate IW with an amount of 50,000 USD (fifty thousand US dollars) per violation in addition to any direct, accidental or consequential damages including without limitation loss of revenue, depreciation of IW brand value, IW’s legal and recovery costs and reasonable attorneys’ fee. Payment of any compensation does not relieve the Customer from his obligation to comply with this clause and IW’s right to request specific performance to ensure compliance with this clause remains reserved.

The Customer hereby further undertakes to defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action, lawsuit or indictment against IW in relation to any Customer’s project in breach with this clause.


5.2 Confirmation of the Infrastructure Ownership

This clause applies solely to ImmuniWeb Neuron, On-Demand, MobileSuite and Continuous.

The Customer unconditionally agrees to use ImmuniWeb only to assess security of the Infrastructure that belongs to it or for which it has an explicit written authorization from the legitimate Infrastructure owner to do so.

In case of a website security testing, the Customer agrees that, among other things, an email notification about the assessment may be sent to emails obtained from the website domain WHOIS record, or to the official emails provided directly on the website that the Customer wants to assess.

IW also reserves the right to contact the Customer and/or its company by telephone and by any other appropriate means in order to verify Customer’s identity and legitimacy to perform assessment of the Infrastructure. Any claims of Customer for reimbursement or compensation in such cases will be refused.


5.3 Correctness and Completeness of Technical Information

During creation and management of any project on the Portal, the Customer is solely and entirely responsible for continually submitting correct, complete and up-to-date technical information about the Infrastructure (e.g. URL, authentication and all other technical information) and any specific testing requirements.

In case of erroneous, outdated or incomplete technical information submitted to the Portal, the Customer will bear the sole responsibility for all damage, errors and omissions. In this case, IW does not guarantee accuracy, safety or completeness of the assessment and its results. Any claims for reimbursement or compensation in such cases will be refused.

The Customer hereby further undertakes to defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action, lawsuit or indictment against IW in relation to any breach of this clause.


5.4 Non-Resistance to Security Assessment

This clause applies solely to ImmuniWeb Neuron, On-Demand, MobileSuite and Continuous.

IW’s IP addresses from which the assessment will take place will be communicated to the Customer by email (i) 1 (one) day before the assessment start, and (ii) just before the start of the assessment for all ImmuniWeb On-Demand and MobileSuite projects. For all ImmuniWeb Neuron and Continuous projects, the IP addresses are constantly visible on the dashboard.

The Customer is required to properly authorize or otherwise whitelist IW’s IP addresses on its IPS (Intrusion Prevention System), WAF (Web Application Firewall), and any other hardware, software or cloud solutions that may partially or entirely block or slowdown the assessment and thus impact its completeness and accuracy. Otherwise, accuracy of the assessment and of its results may be negatively impacted and impaired. Any claims for reimbursement or compensation in such cases will be refused.

For ImmuniWeb Neuron projects, in case of non-compliance with the foregoing provisions, the Customer shall be fully liable to IW for all damages, including but not limited to reasonable attorneys’ fees, suffered by IW if IP addresses of IW are eventually added to any black lists as a result of the non-compliance. In addition to any damage suffered, the Customer shall undertake its best reasonable efforts, despite the costs, to remove IW’s IP addresses from all the black lists as soon as possible, as well as to reach out to all concerned third parties to explain and resolve any conflicts or claims if so is requested by IW.

5.5 Post-Assessment Cleanup by the Customer

The Customer is strongly advised to delete IW’s IP addresses from any whitelists, revoke all temporary permissions and suspend any and all demo or test accounts created for the purpose of the assessment once the assessment is successfully finished.

The Customer is likewise advised to verify any new files, accounts, database entries or other online records created as the result of the assessment and delete them if they are not necessary.

IW shall never be liable for any of the foregoing entries, files, users, records or any other artifacts created or modified during the assessment, or for any harm or damage caused by them. The Customer hereby acknowledges and accepts all risks related to assessment and undertakes not to, and waives any right it may have to, initiate, file, encourage or participate in any legal actions or judicial proceedings against IW related thereto.


5.6 Availability of the Infrastructure

The Customer is entirely responsible for uninterrupted accessibility and unhindered availability of its Infrastructure during the assessment.

If for any reason the Infrastructure is not freely accessible from any of IW’s IP addresses during the assessment, the Customer will bear the sole responsibility for incompleteness, inaccuracy or non-delivery of the assessment. Any claims for reimbursement or compensation in such cases will be refused.


5.7 Obligation to Inform Concerned Third Parties

This clause applies solely to ImmuniWeb Neuron, Neuron Mobile, On-Demand, MobileSuite and Continuous.

The Customer must inform and obtain an explicit authorization to perform the assessment from all the third parties (if any) that are directly or indirectly concerned by the assessment. The Customer must further inform competent law enforcement or regulatory agencies about penetration testing if required by law.

This obligation particularly applies if the Customer is not the sole owner of the web, database or any other servers or equipment where Customer’s Infrastructure or its data are located. IW does not bear any responsibility for delays caused by coordination between the Customer and the concerned third parties.

The Customer hereby undertakes to defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action, lawsuit or indictment against IW in relation to any Customer’s project for violation of any - without limitation - security, privacy, data protection or anti-hacking laws or regulations.


5.8 Obligation to Respect Account Integrity and Confidentiality

The Customer undertakes to take all reasonable measures to protect its account credentials from unauthorized third parties. If the Customer becomes aware of any illegal, unauthorized, unethical or improper usage of its Portal account, it shall immediately inform IW in writing or via another reliable and prompt mean.

The Customer hereby undertakes to defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action, lawsuit or indictment against IW as a consequence of improper usage of the Customer’s Portal account including in case of unauthorized and/or illegal usage of its Portal account.


5.9 Obligation to Respect Third-Party Rights to Data Privacy

The Customer shall respect all applicable data protection and privacy laws when uploading or submitting any personally identifiable information to IW via the Portal, by email or any other means.

The Customer hereby undertakes to defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action, lawsuit or indictment against IW in relation to any violation of this clause.


5.10 Availability for Emergencies and Communications

The Customer undertakes to provide its individual email and direct phone number in its profile on the Portal to be contacted at any time in case of emergency (e.g. unexpected event or breach detection).

Failure to do so absolves IW from any responsibility and liability in case of unforeseen emergency when interaction with Customer is required to mitigate damages or properly deliver the service under this agreement.

The Customer agrees that IW’s communications by email shall suffice for all purposes including commercial and technical questions where there is no emergency situation. The Customer undertakes to ensure that IW’s emails are not blocked by any antispam filters and are responded as fast as practical. The Customer recognizes that its failure to read or respond to email communications from IW in a timely manner invalidates all warranties stated herein and absolves IW from any responsibility for incomplete, delayed and/or non-delivered service.


6. Measures Against Abuse and Improper Usage

In case of any illegal, unlawful, unethical, improper or unauthorized by this agreement usage (hereinafter “abuse”) of the ImmuniWeb® AI Platform, the Customer unconditionally agrees to be solely liable and responsible for all damages whatsoever suffered by IW including - without limitation - direct, incidental and consequential damages.

The Customer hereby undertakes to defend, hold harmless and fully indemnify ImmuniWeb, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action, lawsuit or indictment against IW in relation to any abuse of the ImmuniWeb® AI Platform.

In case of abuse by the Customer, IW also retains the right in particular to:

  • Take any technical measures it deems appropriate; and/or
  • Inform competent law enforcement agencies; and/or
  • Inform third parties concerned by the abuse; and/or
  • Take a legal action against the Customer; and/or
  • Demand indemnification for all costs and damages suffered with an interest of at least 5% (five percent) or more in compliance with applicable law.

7. Limited Liability of IW Accepted by the Customer

Notwithstanding all other limitations of liability stated in this agreement, the Customer unconditionally accepts the limited liability of IW described below.

7.1 Access to the Portal and the Service

IW makes its best commercial efforts to provide the Customer with an uninterrupted access to the Portal. However, IW does not guarantee a permanent access, availability or uninterrupted operation of the Portal and all of the related services. IW may in no case be liable for any interruptions (including partial interruptions) and/or slowdowns of the Portal’s availability.


7.2 Security Assessment Interruption

This clause applies solely to ImmuniWeb Neuron, On-Demand, MobileSuite and Continuous.

IW retains the right to interrupt any assessment at any time in case of any risk related to the security or stability of the Infrastructure, of any related systems and/or of any third-party or IW’s systems. IW may also interrupt any assessment in case IW doubts that the assessment causes a security or stability risk.

IW shall never be liable for any damages whatsoever caused by any interruption. IW’s liability is also excluded in case of interruption of the assessment by IW due to a Force Majeure.


7.3 Inappropriate Usage by the Customer

IW may in no case be liable for any direct, incidental or consequential damages resulting from any inappropriate, unethical, illegal, unwarranted or abusive usage of ImmuniWeb® AI Platform by the Customer, particularly for the damage caused by the Customer’s breach of this agreement or violation of any instructions indicated on the Portal or communicated to the Customer by any other means.


7.4 Damage Caused to Third Parties and Indemnification

IW may in no case be held responsible and/or liable for any damages whatsoever including but not limited to direct, incidental or consequential damages caused to any third parties during the performance of Customer’s project or related tasks under this agreement.

Furthermore, the Customer hereby undertakes to defend, hold harmless and fully indemnify IW, its directors, employees and agents, including compensating all reasonable attorneys’ fees, if any third party brings a legal action, lawsuit or indictment against IW in relation to or under this agreement.


7.5 Damage Caused to the Customer

Except for cases of deliberate and willful misconduct, IW shall never be liable for any damages whatsoever such as - without limitation - direct, incidental or consequential damages (including but not limited to loss of confidentiality, integrity, availability or accessibility of any data or information, destruction of any information, files, databases or archives, or damage caused to any software, cloud, hardware or any network equipment, or damage to the Customer’s business, reputation or goodwill) incurred by the Customer in relation to any service provided by IW under this agreement.

By accepting this agreement, the Customer unconditionally agrees not to undertake, encourage, assists, facilitate, join or file any legal actions, lawsuits or judicial procedures against IW, its employees, directors or agents in relation to any IW services except for deliberate and willful misconduct by IW.


7.6 Liability Cap

In all and any cases, IW’s total liability to the Customer in relation to any service provided hereunder or related to this agreement, is limited to the total net price paid by the Customer to IW during the previous 12 (twelve) months for the service in question.

By accepting this agreement, the Customer unconditionally and without reservation accepts the aforementioned IW’s liability limit.


7.7 No Liability for Any Third-Party Solutions

IW shall never be liable for any dysfunction, problems or damages caused by or related to any integrations or features available with or within any third-party products or solutions, including but not limited to Web Application Firewalls, DevSecOps, CI/CD or SIEM tools, that are all provided "as is" without any warranty whatsoever of any kind.


7.8 Disclaimer of Warranties

THE CUSTOMER AGREES AND ACCEPTS THAT, EXCEPT FOR THE EXPRESS WARRANTIES STATED ABOVE IN THIS AGREEMENT, ALL PRODUCTS AND SERVICESS BY IW ARE PROVIDED “AS IS” WITHOUT ANY WARRANTIES, REPRESENTATIONS, CONDITIONS OR COVENANTS WHATSOEVER, INCLUDING WITHOUT LIMITATION ANY EXPRESS, STATUTORY OR IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PUPROSE, QUALITY, NON-INFRINGEMENT OF ANY THIRD-PARTY RIGTHS, OR ARISING OTHERWISE IN LAW OR EQUITY, OR FROM PREVIOUS COURSE OF DEALING OR TRADE USAGE, ANY AND ALL OF WHICH ARE HEREBY EXPRESSLY DISCLAIMED AND EXCLUDED.


8. Payment Conditions

8.1 Price, Currencies and VAT

The price of the services available on the ImmuniWeb® AI Platform varies depending on the selected package or other parameters of the project visible to, or defined by, the Customer.

The price of any ImmuniWeb package may be changed at any time at IW’s own discretion. All projects that are prepaid prior to the price change will not be affected by such change.

Payment can be made in US Dollars (USD), Euros (EUR) or Swiss Francs (CHF). A currency conversion commission or other fee may be applied by your bank and/or by card processing center. IW may in no case be liable for such extra costs.

Online payment processing may increase the price by a commission or transaction fee charged by processing company, bank and/or their subsidiaries. IW has absolutely no relation nor influence over these fees and shall never be liable to reimburse or compensate them.

The prices are indicated without VAT (Value Added Tax). The Swiss VAT of 8.1% will be charged if the Customer resides in Switzerland and is not exempted from VAT, or in the exceptional case when the Customer resides abroad but is obliged to pay VAT in Switzerland.


8.2 Online Payment

The entire online payment procedure via credit and debit cards or PayPal is managed and operated by a Swiss financial company "Worldline Schweiz AG (Worldline Switzerland Ltd)" in accordance with their Terms and Conditions.

IW declines any responsibility or liability for any delay, problems, loss or damages incurred by the Customer in relation to the online payment procedure.


8.3 Terms of Payment and Delivery

A project may only be started after receiving a full prepayment for a service selected by the Customer and provided that IW does not refuse its service. The Customer shall bear all transaction fees and costs including but not limited to any withholding taxes.

No subscription can be cancelled, amended or terminated before the end of the purchased duration period. No compensation or reimbursement of any kind is provided in case of non-use of any subscription.

If the Customer pays or receives an invoice for any IW’s product or service and then fails to start using the product or service during the next 6 (six) months, the corresponding activation codes and projects automatically expire without any compensation by IW to the Customer.


8.4 False-Positives Reimbursement

This clause applies solely to ImmuniWeb Neuron, Neuron Mobile, On-Demand, MobileSuite and Continuous.

IW makes its best efforts to ensure zero false positive SLA for every security assessment. In case the Customer finds a false-positive (i.e. a reported vulnerability that (i) does not exist, and (ii) did not exist at the time of the assessment) in an assessment report or on a dashboard, the Customer may claim a reimbursement.

If the false-positive is confirmed by IW, the Customer shall receive full net amount paid for ImmuniWeb On-Demand or MobileSuite package purchased by the Customer, or full net amount equivalent to 1 (one) week of subscription for ImmuniWeb Continuous, Neuron or Neuron Mobile subscriptions.

For ImmuniWeb Neuron and Neuron Mobile, all reimbursements for false positives occurred during the same calendar week of scanning, will be consolidated into one non-cumulable reimbursement amount.

In no case, total reimbursement amount shall exceed the annual net price of subscription paid by the Customer.

This clause is valid only for false positives from web or mobile security vulnerabilities section and only for vulnerabilities with an assigned (i) CVSS score, and (ii) CWE-ID. All other sections of a report or dashboard including but not limited to network security assessment, security warnings, software composition analysis, fingerprinted vulnerable software and all other information brought to the Customer are expressly excluded from this clause.


8.5 Reimbursement Claims and Limitations

Any reimbursement claims must be made by the Customer via Support within 10 (ten) business days after the incident that triggered the claim has occurred. Any reimbursement claim received after the aforementioned deadline will be denied and considered as null and void.

In case of reimbursement claim approval by IW, the reimbursement amount corresponding to the gravity and other relevant circumstances of the incident and within the aforementioned cap shall be paid to the Customer within the next 30 (thirty) days following the approval. The amount of the reimbursement can never exceed the total amount paid by the Customer for the assessment during which the incident occurred.


8.6 Deferred Payments and Overdue Penalties

Under exceptional circumstances, IW may grant the Customer a deferred payment deadline up to 30 (thirty) days or longer. In this case, the Customer will receive an activation code to be entered at the “payment step” in order to skip the online payment procedure and start the project. The Customer will also be provided with invoice for a wire transfer of the amount due.

Likewise, under exceptional circumstances, IW may grant the Customer a deferred payment regime enabling the Customer to pay on a quarterly basis instead of annual prepayment for subscription-based products or services. In this case, the Customer will get 4 (four) invoices before the subscription starts. The first invoice is payable on the foregoing terms, while all subsequent invoices must be fully paid on the first day of the corresponding quarter. Failure to do so, will lead to automatic account blockage and suspension of the service with no compensation of any kind for the period while the service is undelivered.

Hereby, the Customer expressly agrees that if the deferred payment regime is partially or entirely granted by IW, the Customer unconditionally and without reserve agrees to:

(a) timely make the payment of the exact amount due without any deduction of any kind including but not limited to transactional fees, bank charges or withholding taxes; and

(b) recognize an annual 10% (ten percent) interest on any overdue payment regardless the reason of such overdue; and

(c) compensate IW all reasonable administrative, accounting, legal and debt collecting fees IW may incur for overdue amounts collection; and

(d) be transferred to a full prepayment regime for repetitive delays in payments.

The Customer likewise accepts that, in case of overdue, all its accounts may be blocked, delivery of service interrupted, and the Customer’s data be retained by IW as a lien until the Customer pays the overdue with all applicable interest. For the subscription-based services, a 60 (sixty) day overdue will lead to service termination while the Customer will be bound and liable to pay the full amount of the subscription without any deductions.

The foregoing applies to payments made by the Customer via any third parties including but not limited to resellers or marketplaces. The payment is considered performed once IW receives full payment on its bank account.

By accepting this agreement, the Customer expressly agrees not to challenge the aforementioned provisions.


9. Confidentiality and Privacy

9.1 Customer’s Data Protection

When providing services under this agreement, IW and its employees undertake best efforts to handle the non-public information related to, or received from, the Customer in a confidential manner and in compliance with IW’s ISO 27001 certification, related security policies and procedures.

The customer-related data is accessible only to authorized IW’s personnel, who is required to have access to this data in order to perform their professional duties. IW’s personnel is internally vetted and required to sign a Non-Disclosure Agreement (NDA) before obtaining access to the customer-related data. IW’s technical personnel is required to act in conformity with CREST Code of Conduct for Individuals that covers confidentially, ethics, honesty and integrity.

Unless requested by the Customer in writing, IW undertakes not to disclose, share or transfer the customer-related data (e.g. personal, technical, operational or vulnerability data) to any unauthorized third parties for any purposes unless such action is duly ordered by a valid court order, warrant or equivalent.

Retention of the customer-related technical data (e.g. vulnerability data) is described in the articles 2.2, 2.3, 2.4 and 2.5 of this agreement. Customer’s account removal, described in article 3.4 of this agreement, implies secure deletion of all projects and the related data created by the Customer unless otherwise required by applicable law.

The Customer is solely responsible for using ImmuniWeb in accordance with any concerned third party’s right to data protection.

9.2 Personally Identifiable Information (PII)

Personally Identifiable Information (PII)data collection, processing, retention and removal are performed according to the procedures outlined by the article 3.4 of this agreement.

IW’s Data Protection Officer conducts data protection impact assessment as imposed by Swiss law.


10. Intellectual Property and Non-Competition

All rights, titles and interests in and to all trademarks, trade names, service marks and logos adopted, whether registered or not, used or considered for use by IW to identify its business, products or services, together with the goodwill appurtenant thereto, are and shall be owned exclusively by IW. This agreement does not convey to the Customer any licenses, titles or rights of ownership in, or related, to ImmuniWeb® AI Platform or any other intellectual property rights owned by IW.

IW is and shall be the exclusive owner of all rights, titles and interests including but not limited to trade secrets, copyrights, patents and all other intellectual property rights in and to ImmuniWeb® AI Platform, related products, services and the underlying software, network architecture, databases, big data, source code, algorithms, concepts, processes, methodologies, designs, user interfaces, any data suitable for AI and Machine Learning training purposes, features and any elements or improvements thereto.

The Customer acknowledges that IW invests significant resources and efforts to continuously improve and develop the ImmuniWeb® AI Platform. The Customer thus unconditionally agrees to never reverse-engineer, leverage, exploit or otherwise exploit the above-mentioned intellectual property of IW to compete with IW in any manner or to share it with any IW competitors or their agents in any country. For any violation of this paragraph, the Customer hereby agrees to compensate IW with a fixed amount of IW 50,000 USD (fifty thousand US dollars) for each violation in addition, without any limitation, to any direct, accidental or consequential damage including loss of revenue, depreciation of IW brand value, legal and recovery costs and reasonable attorneys’ fee suffered by IW. For the avoidance of doubt, payment of any compensation does not relieve the Customer from his obligation to comply with this clause and IW’s right to request specific performance to ensure compliance with this clause remains reserved.

IW shall likewise own all rights, titles and interests, including all related intellectual property rights, in and to any improvements or ameliorations of the ImmuniWeb® AI Platform, products or services developed by IW upon receipt of a suggestion, feedback, idea, data or any other input from the Customer or any third party. The Customer agrees that no compensation whatsoever will be provided for any of the suggested improvements or ameliorations. The Customer shall, at IW’s expense, execute any and all applications, assignments or other instruments and take all such further measures which IW deems necessary to perfect IW’s title to any intellectual property and/or to register IW as an owner of a right.


11. Entire Agreement

This agreement supersedes all previous agreements with the Customer, including the agreements that seek to preempt, invalidate or modify these Terms of Service.

This agreement is intended by IW and the Customer to be the final expression of their agreement. This agreement is likewise intended to be a complete and exclusive statement of the agreement and understanding in respect of the subject matter contained herein, and supersedes all prior and contemporaneous agreements, understandings, inducements, promises and conditions, express or implied, oral or written, of any nature whatsoever with respect to the subject matter hereof. The express terms hereof control and supersede any course of performance and/or usage of the trade inconsistent with any of the terms hereof.


12. Severability

If any provision of this agreement is found to be invalid or unenforceable, the validity and enforceability of the remaining provisions shall not be affected unless the agreement reasonably fails in its essential purpose. Such provision shall be replaced by one or more valid and enforceable provisions approximating the original provision as closely as possible.


13. Modifications

This agreement can be modified without prior notification and at any time by IW at its own discretion. The modified agreement shall be effective only for the projects started after the modification.

The modified version of the agreement shall be immediately published on the Portal with the modification date. If a modification impairs confidentiality or privacy rights of the Customer, IW undertakes to promptly notify the Customer about such change by the most practical mean including email, support message or a conspicuously visible notice on the Portal.

This agreement was last updated on July 26, 2024.


14. No Waiver

A failure of IW to insist upon strict adherence of the Customer to any term of this agreement on any occasion shall not be considered a waiver of IW’s rights for any of the available remedies or deprive IW of the right thereafter to insist upon strict adherence to that term or any other term of this agreement.


15. Assignment

The Customer may not transfer, delegate or assign any of its rights or duties under this agreement, in whole or in part, to any third party by any means including but not limited to change in control and operation of law without a prior written consent of IW.

IW may delegate its duties and assign its rights arising out of this agreement upon a written notification to the Customer and in case if such transfer of rights will not materially impact Customer’s rights under this agreement.


16. No Third-Party Rights

Nothing expressed or referred to in this agreement shall be construed or interpreted to give any person or entity, other than the parties to this agreement, any legal or equitable right, remedy or claim hereunder or with respect to this agreement. This agreement and all of its provisions are for the sole and exclusive benefit of the parties hereto.


17. Force Majeure

IW shall be released from all and any liability for any failures or delay in performance of any duties or obligations under this agreement caused by an event beyond IW’s reasonable control including but not limited to fire, flood, earthquake and all other natural disasters, blackout and power supply accident, explosion, act of war including cyberwar, terrorist attack, civil unrest, pandemic, major accident, strike or other labor disturbance, newly enacted laws or embargoes, or large-scale DDoS attacks.


18. Governing Law and Venue

These Terms of Service apply worldwide and are exclusively governed by and construed in accordance with Swiss law. Application of any international treaties or conventions is expressly excluded.

The Customer irrevocably agrees to the exclusive jurisdiction and venue of a competent Swiss court in Geneva in connection with any legal action, suit, proceeding, claim, crossclaim or counterclaim arising under or related to this agreement in any manner.

The Customer agrees that, unless otherwise is required by law, any and all claims the Customer may have hereunder must be filed no later than one (1) year upon delivery of service by IW. All claims filed by the Customer after expiration of the foregoing period shall be null and void.