Terms of Service

Cover Page

Order Form

Framework Terms: This Order Form incorporates and is governed by the Framework Terms that are made up of the Key Terms below and the Common Paper Cloud Service Agreement Standard Terms Version 2.1, which are incorporated by reference. Any modifications to the Standard Terms made in the Cover Page will control over conflicts with the Standard Terms. Capitalized words have the meanings given in the Cover Page or the Standard Terms.

Cloud Service: Trace, a cloud-based AI-powered penetration testing service for web applications, APIs, cloud infrastructure, and AI systems, including automated vulnerability identification and remediation guidance.

Order Date: The Effective Date

Subscription Period: 12 month(s)

Cloud Service Fees: Fees are as set forth in the applicable Order Form or as otherwise agreed in writing between the parties. Provider may update Product pricing by giving at least 30 days notice to Customer (including by email or notification within the Product), and the change will apply in the next Subscription Period.

Payment Process: Automatic payment: Customer authorizes Provider to bill and charge Customer's payment method on file Annually for immediate payment or deduction without further approval, unless otherwise specified in an Order Form.

Non-Renewal Notice Period: At least 30 days before the end of the current Subscription Period.

Key Terms

Customer: The company or person who accesses or uses the Product. If the person accepting this Agreement is doing so on behalf of a company, all use of the word "Customer" in the Agreement will mean that company.

Provider: Clerk Technologies, Inc.

Effective Date: The date Customer first accepts this Agreement.

Governing Law: The laws of the State of Delaware

Chosen Courts: The state or federal courts located in Delaware

Covered Claims

Provider Covered Claims: Any action, proceeding, or claim that the Cloud Service, when used by Customer according to the terms of the Agreement, violates, misappropriates, or otherwise infringes upon anyone else's intellectual property or other proprietary rights.

Customer Covered Claims: Any action, proceeding, or claim that (1) the Customer Content, when used according to the terms of the Agreement, violates, misappropriates, or otherwise infringes upon anyone else's intellectual property or other proprietary rights; (2) results from Customer's breach or alleged breach of Section 2.1 (Restrictions on Customer); or (3) arises from Customer's use of the Product to test systems, networks, or applications for which Customer does not have proper authorization.

Liability Caps

General Cap Amount: The fees paid or payable by Customer to Provider in the 12 month period immediately before the claim

Notice Address

For Provider: legal@securewithtrace.com

For Customer: The main email address on Customer's account

Additional Terms for Penetration Testing Services

The following additional terms apply specifically to the penetration testing services provided through the Product and supplement the Common Paper Cloud Service Agreement Standard Terms:

1. Authorization and Scope

1.1. Customer Authorization. Customer represents and warrants that it has full legal authority to authorize Provider to perform automated security testing on all systems, networks, applications, and infrastructure submitted to or tested through the Product ("Target Systems"). Customer acknowledges that the Product will actively probe, scan, and test Target Systems for security vulnerabilities.

1.2. Third-Party Systems. If any Target Systems are hosted by, owned by, or subject to the control of any third party (including but not limited to cloud service providers such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, or any other hosting provider), Customer represents and warrants that it has obtained all necessary permissions, authorizations, and consents from such third parties to conduct penetration testing on those systems. Customer is solely responsible for compliance with all third-party terms of service and acceptable use policies.

1.3. Scope Limitations. Customer agrees to accurately define the scope of systems to be tested. Provider is not liable for any testing activities that occur on systems outside the scope defined by Customer, provided such testing was a reasonable result of Customer's scope definition.

2. Testing Activities

2.1. Nature of Testing. Customer acknowledges that penetration testing by its nature involves activities that simulate malicious attacks, including but not limited to: vulnerability scanning, exploitation attempts, privilege escalation testing, and security control bypass testing. These activities may cause temporary service disruptions, generate security alerts, create log entries, or in rare cases cause system instability.

2.2. Production Environment Risks. Customer acknowledges that testing production environments carries inherent risks. Provider recommends testing in staging or non-production environments when possible. If Customer chooses to test production systems, Customer accepts all risks associated with such testing, including potential service interruption.

2.3. No Guarantee of Complete Coverage. Customer acknowledges that no penetration testing methodology, including AI-powered testing, can guarantee identification of all vulnerabilities. Provider does not warrant that all vulnerabilities will be discovered or that systems will be secure after remediation of identified vulnerabilities.

3. AI-Powered Testing

3.1. Automated Decision-Making. Customer acknowledges that the Product uses artificial intelligence and machine learning to conduct security testing, identify vulnerabilities, and generate remediation guidance. AI-generated outputs may contain errors, inaccuracies, or incomplete information.

3.2. Human Review Required. Customer agrees that all vulnerability findings, risk assessments, and remediation recommendations generated by the Product should be reviewed by qualified security personnel before action is taken. Provider is not responsible for damages arising from Customer's implementation of AI-generated recommendations without appropriate human review.

3.3. Remediation Guidance. The Product may provide automated remediation suggestions, code fixes, or configuration recommendations. Customer is solely responsible for reviewing, testing, and validating any remediation guidance before implementation in any environment. Provider makes no warranty that implementing suggested remediations will fully address identified vulnerabilities or will not introduce new issues.

4. Compliance

4.1. Regulatory Compliance. While the Product may assist Customer in meeting certain compliance requirements (such as PCI DSS, SOC 2, HIPAA, or ISO 27001), Customer acknowledges that use of the Product does not guarantee compliance with any regulatory framework. Customer is solely responsible for determining its compliance obligations and ensuring they are met.

4.2. Legal Compliance. Customer agrees to use the Product only in compliance with all applicable laws and regulations, including but not limited to the Computer Fraud and Abuse Act (CFAA), state computer crime laws, data protection laws, and export control regulations.

5. Confidentiality of Findings

5.1. Security Findings. All vulnerability reports, security assessments, and testing results generated by the Product constitute Confidential Information of both parties. Provider will not disclose Customer's security findings to any third party without Customer's prior written consent, except as required by law.

5.2. Responsible Disclosure. If Provider's testing activities inadvertently discover vulnerabilities in third-party systems or software not owned by Customer, Provider may, in its discretion, engage in responsible disclosure practices. Provider will use commercially reasonable efforts to notify Customer before making any such disclosure.

6. Data Handling

6.1. Customer Data Access. In the course of providing the Product, Provider's automated systems may access, process, or store data from Target Systems, including potentially sensitive information. Provider will handle all such data in accordance with applicable data protection laws and industry-standard security practices.

6.2. Data Retention. Provider will retain vulnerability reports and testing data for the duration of Customer's subscription plus 90 days, after which such data will be deleted unless Customer requests earlier deletion or extended retention.

6.3. Prohibited Data. Customer agrees not to submit to the Product, or direct the Product to test systems containing, data that Customer does not have authorization to access or process, or data that would violate any applicable law or third-party agreement.

7. Disclaimer of Warranties for Security Testing

7.1. Security Testing Disclaimer. IN ADDITION TO THE DISCLAIMERS IN THE STANDARD TERMS, PROVIDER SPECIFICALLY DISCLAIMS ANY WARRANTY THAT: (A) THE PRODUCT WILL IDENTIFY ALL VULNERABILITIES IN CUSTOMER'S SYSTEMS; (B) CUSTOMER'S SYSTEMS WILL BE SECURE AFTER REMEDIATION OF IDENTIFIED VULNERABILITIES; (C) AI-GENERATED FINDINGS OR RECOMMENDATIONS WILL BE ACCURATE, COMPLETE, OR SUITABLE FOR CUSTOMER'S SPECIFIC CIRCUMSTANCES; OR (D) IMPLEMENTATION OF REMEDIATION GUIDANCE WILL NOT CAUSE SERVICE DISRUPTION OR OTHER ADVERSE EFFECTS.

8. Limitation of Liability for Security Testing

8.1. Testing-Related Damages. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, PROVIDER SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM: (A) CUSTOMER'S TESTING OF SYSTEMS FOR WHICH CUSTOMER LACKS PROPER AUTHORIZATION; (B) SERVICE DISRUPTIONS OR DATA LOSS RESULTING FROM PENETRATION TESTING ACTIVITIES ON PRODUCTION SYSTEMS; (C) CUSTOMER'S IMPLEMENTATION OF AI-GENERATED REMEDIATION RECOMMENDATIONS; OR (D) SECURITY INCIDENTS OCCURRING AFTER TESTING DUE TO VULNERABILITIES NOT IDENTIFIED BY THE PRODUCT.

Website Terms of Use

In addition to the Cloud Service terms above, the following terms apply to your use of the securewithtrace.com website:

1. Use of the Website

By using the website, you agree to abide by all applicable laws. You shall not:

1. Attempt to gain unauthorized access to any account, server, or computer system;
2. Violate the security of any computer network or crack any passwords or encryption;
3. Decompile, reverse engineer, or attempt to obtain the source code of Provider's systems;
4. Interfere with the function of the website or network; or
5. "Crawl," "scrape," or "spider" any page or data on the website through manual or automated means.

2. Intellectual Property

All content on the website, including text, graphics, logos, images, and software, is the property of Provider or its licensors and is protected by intellectual property laws. You may not copy, reproduce, modify, distribute, or create derivative works from any content without prior written consent.

3. External Links

The website may contain links to third-party websites. Provider is not responsible for the content, privacy practices, or terms of any third-party sites. Links do not imply endorsement by Provider.

Contact

For questions about these Terms of Service, please contact us at:

Clerk Technologies, Inc.
Email: legal@securewithtrace.com