If you signed a separate Cover Page to access the Product with the same account, and that agreement has not ended, the terms below do not apply to you. Instead, your separate Cover Page applies to your use of the Product.
This Agreement is between Clerk Technologies, Inc. and the company or person accessing or using the Product. This Agreement consists of: (1) the Order Form below and (2) the Framework Terms defined below.
If you are accessing or using the Product on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company. By signing up, accessing, or using the Product, Customer indicates its acceptance of this Agreement and agrees to be bound by the terms and conditions of this Agreement.
Cover Page
Order Form
Framework Terms: This Order Form incorporates and is governed by the Framework Terms that are made up of the Key Terms below and the Common Paper Cloud Service Agreement Standard Terms Version 2.1, which are incorporated by reference. Any modifications to the Standard Terms made in the Cover Page will control over conflicts with the Standard Terms. Capitalized words have the meanings given in the Cover Page or the Standard Terms.
Cloud Service: Trace, a cloud-based AI-powered penetration testing service for web applications, APIs, cloud infrastructure, and AI systems, including automated vulnerability identification and remediation guidance.
Order Date: The Effective Date
Subscription Period: 12 month(s)
Cloud Service Fees: Fees are as set forth in the applicable Order Form or as otherwise agreed in writing between the parties. Provider may update Product pricing by giving at least 30 days notice to Customer (including by email or notification within the Product), and the change will apply in the next Subscription Period.
Payment Process: Automatic payment: Customer authorizes Provider to bill and charge Customer's payment method on file Annually for immediate payment or deduction without further approval, unless otherwise specified in an Order Form.
Non-Renewal Notice Period: At least 30 days before the end of the current Subscription Period.
Key Terms
Customer: The company or person who accesses or uses the Product. If the person accepting this Agreement is doing so on behalf of a company, all use of the word "Customer" in the Agreement will mean that company.
Provider: Clerk Technologies, Inc.
Effective Date: The date Customer first accepts this Agreement.
Governing Law: The laws of the State of Delaware
Chosen Courts: The state or federal courts located in Delaware
Covered Claims
Provider Covered Claims: Any action, proceeding, or claim that the Cloud Service, when used by Customer according to the terms of the Agreement, violates, misappropriates, or otherwise infringes upon anyone else's intellectual property or other proprietary rights.
Customer Covered Claims: Any action, proceeding, or claim that (1) the Customer Content, when used according to the terms of the Agreement, violates, misappropriates, or otherwise infringes upon anyone else's intellectual property or other proprietary rights; (2) results from Customer's breach or alleged breach of Section 2.1 (Restrictions on Customer); or (3) arises from Customer's use of the Product to test systems, networks, or applications for which Customer does not have proper authorization.
Liability Caps
General Cap Amount: The fees paid or payable by Customer to Provider in the 12 month period immediately before the claim
Notice Address
For Provider: legal@securewithtrace.com
For Customer: The main email address on Customer's account
Additional Terms for Penetration Testing Services
The following additional terms apply specifically to the penetration testing services provided through the Product and supplement the Common Paper Cloud Service Agreement Standard Terms:
1. Authorization and Scope
1.1. Customer Authorization. Customer represents and warrants that it has full legal authority to authorize Provider to perform automated security testing on all systems, networks, applications, and infrastructure submitted to or tested through the Product ("Target Systems"). Customer acknowledges that the Product will perform active security testing, including but not limited to vulnerability scanning, exploit attempts, authentication testing, and payload injection, on systems that Customer designates.
1.2. Scope of Testing. Testing is limited to the Target Systems explicitly submitted by Customer through the Product interface. Customer is solely responsible for ensuring that all Target Systems are within Customer's authorized scope. Provider is not responsible for verifying Customer's authorization over any Target System.
1.3. Third-Party Systems. If Customer wishes to test systems owned or operated by a third party, Customer must obtain and maintain written authorization from the third-party owner prior to initiating testing. Customer will provide such authorization to Provider upon request.
2. Testing Activities and Risks
2.1. Nature of Testing. Penetration testing inherently involves activities designed to identify and potentially exploit vulnerabilities. Customer acknowledges that testing activities may include, without limitation: network scanning and enumeration, web application fuzzing, authentication and session testing, API endpoint probing, SQL injection and XSS testing, file upload and command injection attempts, and other standard penetration testing techniques.
2.2. Production Environment Risks. Customer acknowledges that penetration testing on production environments carries inherent risks, including potential service disruption, data corruption, application crashes, or performance degradation. Provider recommends testing against staging or development environments where possible. If Customer chooses to test production systems, Customer assumes all risk of disruption or damage to those systems.
3. AI-Powered Testing
3.1. AI Capabilities and Limitations. The Product uses artificial intelligence to identify vulnerabilities, generate test cases, and suggest remediation strategies. Customer acknowledges that: (a) AI-generated findings may include false positives; (b) the Product may not identify all vulnerabilities; (c) AI-generated remediation recommendations should be reviewed and validated by qualified personnel before implementation; and (d) the security landscape evolves continuously, and the Product's capabilities are limited to known patterns and techniques at the time of testing.
4. Compliance Guidance
4.1. Compliance Mapping. The Product may provide mapping of findings to compliance frameworks including PCI DSS, SOC 2, HIPAA, and ISO 27001. This mapping is provided for informational guidance only and does not constitute legal, regulatory, or certification advice. Customer should consult with qualified compliance professionals for authoritative compliance assessments.
5. Confidentiality of Findings
5.1. Finding Confidentiality. All security findings, vulnerability reports, and testing results generated through the Product are confidential information of Customer. Provider will not disclose Customer's findings to any third party except: (a) as necessary to provide the Product functionality; (b) in response to a valid legal process; or (c) with Customer's prior written consent.
6. Data Handling and Retention
6.1. Testing Data. During testing, the Product may access, process, and temporarily store data from Target Systems. Provider will handle all such data in accordance with Provider's Privacy Policy and applicable data protection laws.
6.2. Data Retention. Vulnerability findings and scan results are retained for the duration of Customer's active subscription. Upon termination, Customer's data will be deleted within 90 days unless required by law or Customer requests earlier deletion.
7. Security Testing Disclaimers
7.1. No Guarantee of Security. THE PRODUCT PROVIDES SECURITY TESTING AND VULNERABILITY IDENTIFICATION BUT DOES NOT AND CANNOT GUARANTEE COMPLETE SECURITY OF CUSTOMER'S SYSTEMS. SECURITY TESTING IS A POINT-IN-TIME ASSESSMENT, AND NEW VULNERABILITIES MAY EMERGE AFTER TESTING IS COMPLETE. CUSTOMER REMAINS SOLELY RESPONSIBLE FOR THE OVERALL SECURITY OF ITS SYSTEMS AND DATA.
7.2. Limitation of Liability for Testing. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, PROVIDER SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM: (A) CUSTOMER'S TESTING OF SYSTEMS FOR WHICH CUSTOMER LACKS PROPER AUTHORIZATION; (B) SERVICE DISRUPTIONS OR DATA LOSS RESULTING FROM PENETRATION TESTING ACTIVITIES ON PRODUCTION SYSTEMS; (C) CUSTOMER'S IMPLEMENTATION OF AI-GENERATED REMEDIATION RECOMMENDATIONS; OR (D) SECURITY INCIDENTS OCCURRING AFTER TESTING DUE TO VULNERABILITIES NOT IDENTIFIED BY THE PRODUCT.
Website Terms of Use
In addition to the Cloud Service terms above, the following terms apply to your use of the securewithtrace.com website:
1. Use of the Website
By using the website, you agree to abide by all applicable laws. You shall not:
- Attempt to gain unauthorized access to any account, server, or computer system;
- Violate the security of any computer network or crack any passwords or encryption;
- Decompile, reverse engineer, or attempt to obtain the source code of Provider's systems;
- Interfere with the function of the website or network; or
- "Crawl," "scrape," or "spider" any page or data on the website through manual or automated means.
2. Intellectual Property
All content on the website, including text, graphics, logos, images, and software, is the property of Provider or its licensors and is protected by intellectual property laws. You may not copy, reproduce, modify, distribute, or create derivative works from any content without prior written consent.
3. External Links
The website may contain links to third-party websites. Provider is not responsible for the content, privacy practices, or terms of any third-party sites. Links do not imply endorsement by Provider.
Contact
For questions about these Terms of Service, please contact us at:
Clerk Technologies, Inc.
Email: legal@securewithtrace.com
These Terms of Service incorporate the Common Paper Cloud Service Agreement Standard Terms Version 2.1, available at https://commonpaper.com/standards/cloud-service-agreement/2.1/