Differences

This shows you the differences between two versions of the page.

--- terms_and_conditions [2019/06/22 09:17] – lucy
+++ terms_and_conditions [2021/06/11 18:50] – lucy
@@ Line 1: / Line 1: @@
-TERMS AND CONDITIONS
+**TERMS AND CONDITIONS**
-**Payment**
+**Payment**\\
-Payment Net 30 days after invoice date
+Payment net 30 days after invoice date. Invoice is sent after delivery of software/services.
-**Price Validity**
+**Price Validity**\\
-Prices are valid for 30 days
+Prices are valid for 60 days
-**Own use of the software**
+**Own use of the software**\\
-The software allows an unlimited number of recipients for testing and training during the contractual period. There are no restrictions within the software regarding the number of campaigns, domains, customers and reports created.
+The software allows an unlimited number of recipients for testing and training during the contractual period. There are no restrictions within the software regarding the number of campaigns, domains and reports created. Access and use of the LUCY products, services, documentation and related materials are solely authorized for the internal business purposes of the organization in which you are a representative of and only for the duration of the term of your subscription period.
-**Use of the software for third parties**
+**Use of the software for third parties**\\
-The software can be used during the contractual term to test third-party organizations such as customers, partners or suppliers.
+The software can be used during the contract period for your own organization. This also includes companies in which the customer has a majority shareholding or legally belongs to the parent company. The use of LUCY for third parties requires an MSP (Managed Security Provider) license, which is the subject of another contract.
-Delivery of Service/Application
+**Delivery of Service/Software**\\
+The creation of a license key requires an existing installation. The customer can download the software from our website at any time free of charge. Lucy Security AG grants access to the licensed functions within a maximum of 5 days after receipt of the order. The customer needs the workstation ID to be delivered to us. This ID is located in the administration area under support/license.
-After Payment Lucy Security AG shall within 5 days of execution of this Purchase Order deliver to the buyer
+**Software Warranty**\\
-access to the functional (tested) software and according license key.
+Lucy Security AG warrants that during the use of the Software by the buyer the Software (i) is free from any virus, malware, spyware or any other software code* that may pose a danger to the buyer and its affiliates’ IT infrastructure, and (ii) is free from any defects and errors (except for minor errors that have no impact on the functionality of the Software), and (iii) does not create any safety risk to the buyer and its affiliates’ IT environment, and (iv) does not violate any third party rights, and (v) does not violate any laws. Minor errors (so called bugs) are being fixed as fast as possible but within a period of 1 month after reporting latest *The software contains a feature which can simulate the functionality and behavior of a virus. The buyer is responsible to use this and all other features of the Software in accordance of local laws (e.g. data privacy for collected results). In the event of breach of any of the warranties, Lucy Security AG shall fully defend, indemnify and hold the buyer and its affiliates harmless from any against any loss, liabilities, damages, claims, costs and expenses. Lucy Security AG warrants that all necessary measures* have been implemented to avoid any abuse of the Software by any third party which would pose a safety risk to the buyer’s IT infrastructure *It is the buyer’s responsibility to set a secure password to secure the access to LUCY.
-Software Warranty
-Lucy Security AG warrants that during the use of the Software by the buyer the Software (i) is free from any
+**Limitation of Liability**\\
-virus, malware, spyware or any other software code* that may pose a danger to the buyer and its affiliates’ IT
+Except in the case of a breach of a right of intellectual property of a party, which results in compensation obligations, a party shall not be liable for any special, incidental, consequential or exemplary damages of any kind, including but not limited to lost profits and lost savings, regardless of how they were caused. The limitations and exclusions contained herein are limited to the maximum extent permitted by applicable law.
-infrastructure, and (ii) is free from any defects and errors** (except for minor errors that have no impact on the
-functionality of the Software), and (iii) does not create any safety risk to the buyer and its affiliates’ IT
+**License period**\\
-environment, and (iv) does not violate any third party rights, and (v) does not violate any laws.
+Each software is licensed for the period specified in the particular order. Unless otherwise specified in the order, the Software License will not be automatically extended beyond the initial term of the Software License. Software support services will be provided for the period specified in each order, or, if no period for support services is specified, support services will be provided for a period of one (1) year from the date of delivery of the software to the Customer Customers provided. Once the commercial license has expired, the LUCY software is automatically available as "Community Edition". The administrator will still have access to all content (e-learnings or attack templates), but access to other functions will be restricted. The full functionality of the software can be recovered at any time by purchasing a new license key.
-**Minor errors (so called bugs) are being fixed as fast as possible but within a period of 1 month after reporting
-latest
+**Effect of termination**\\
-*The software contains a feature which can simulate the functionality and behavior of a virus. The buyer is
+Upon termination of any applicable SOW or Order for any reason, all access rights and licenses granted herein in respect of the affected Order or SOW will cease immediately. The termination or expiration of any order or SOW shall not be deemed termination or expiration of any other order or SOW in effect at the time of termination or expiration, and this Agreement shall continue to apply to such outstanding orders and SOWs until such orders and SOWs have expired or terminated by their own terms or as set forth herein.
-responsible to use this and all other features of the Software in accordance of local laws (e.g. data privacy for
-collected results).
+**Professional services**\\
-In the event of breach of any of the warranties, Lucy Security AG shall fully defend, indemnify and hold the buyer
+The period of performance for Professional Services begins with the date specified in the applicable order or, as otherwise agreed between the parties in writing, and remains in effect for the duration specified in the applicable order. If the applicable order does not specify a time limit for Professional Services, then professional services commence upon the entry into force of SOW and continue until completed unless otherwise stated herein.
-and its affiliates harmless from any against any loss, liabilities, damages, claims, costs and expenses. Lucy
-Security AG warrants that all necessary measures*** have been implemented to avoid any abuse of the Software
+**Data Protection & GDPR**\\
-by any third party which would pose a safety risk to the buyer’s IT infrastructure
+Lucy Security AG undertakes to comply with applicable data protection rules according to a separate Data Processing Addendum (the "Addendum" https://wiki.lucysecurity.com/lib/exe/fetch.php?media=gdpr_agreement.docx) to be entered into by the parties. The communication named below is excluded from this Addendum
-***It is the buyer’s responsibility to set a secure password to secure the access to LUCY (http://phishingserver.
-com/PS/doc/dokuwiki/doku.php?id=user_management&s[]=password)
+{{:picture1.jpg?600|}}
-Data Protection
-Warranties
+To comply with local data protection law, the client is responsible selecting the according LUCY settings.
-Lucy Security AG warrants that (i) it complies with Swiss Data Protection laws, and (ii) it will not transfer any data
+LUCY Security has committed itself to comply with the GDPR guidelines applicable in the EU. Inquiries and requests regarding the customer's data protection rights should be sent to dpo@lucysecurity.com.
-outside of Switzerland****, except with the buyer’s prior written consent and subject to a Purchase Order in
-writing with the recipient of the data outside of Switzerland.
+Within ten (10) business days of the termination of this Agreement or upon Discloser’s written request, LUCY will promptly destroy or return all of Discloser’s Confidential Information in LUCY’s possession or in the possession of any representative of LUCY
-****Excluded is all communication named in this article: http://phishingserver.
-com/PS/doc/dokuwiki/doku.php?id=network_communication_-_lucy_--_internet. To comply with Swiss
-data protection law, it is the client is responsible selecting the according LUCY setting: http://phishingserver.
+**Support**\\
-com/PS/doc/dokuwiki/doku.php?id=confidentiality_of_campaign_data&s[]=anonymous
+All support activities related to software bugs are free of charge. The hourly price for support services is $90. Support bills will be created monthly or yearly. All invoices issued hereunder are due and payable within thirty (30) days of the invoice date. Other exceptions: If a WIKI article is not clearly formulated or is outdated, the customer will not be charged for the resulting questions. All other issues will be charged once the support budget included in the according license model is used up. Please ensure that the LUCY software is always up to date with the latest patch before contacting our customer service. Having said all that, the LUCY team aims to be helpful and accommodating at all times, and will do its absolute best to assist the client wherever possible. Examples of issues that are not considered LUCY bugs: \\
-Applicable law and
+•	Application or system problems caused by changing anything within the Linux operating system on which LUCY runs.\\
-dispute resolution
+•	Third party SPAM filters blocking mails from LUCY.\\
-This Purchase Order / Invoice shall be governed by Swiss law. Any dispute arising out of or in connection with
+•	External Mail relays that do not work as expected.\\
-this Purchase Order / Invoice shall be brought before the competent courts in Zurich. Place of jurisdiction shall be
+•	Proxy settings preventing LUCY to receive updates\\
-Zurich.
+•	DNS configuration issues caused by DNS entries not made by LUCY.
-Any pre-printed terms and conditions of Lucy Security AG shall be excluded in their entirety and shall not become
-part of this Purchase Order, unless and to the extent that the client has explicitly accepted in writing such general
-terms and conditions.
+**Security and Monitoring on LUCY VPS/SaaS environment**\\
+The following information describes the process of installing and supporting a new LUCY server when it is hosted by LUCY. In case of purchasing the SaaS edition, LUCY creates a new server on the infrastructure of LUCY’s prefered provider in the country of the customer's choice. Once the LUCY server is created, security software is distributed, installed and configured using Playbook Ansible in automated mode. Centralized installation and configuration of the security software allows us to achieve the unified automation for rapid installation and configuring of any server. After the installation of the protection tools, the system check is performed using Lynis tool. LUCY server’s protection tools consists oft he following components:\\
+.	All LUCY serves have configured Firewall to restrict access to the servers. The access is only allowed for the System Administrator and Support team. If required, access (root) can also be assigned exclusively to the client.\\
+.	Fail2ban daemon is running for protection from brute-force attacks, it is configured to protect both SSH and Postfix.\\
+.	Auditd daemon provides the detailed information about all system events, especially information on security violations that allows to take necessary actions. The event information is available in log files stored locally.\\
+.	Lynis – a flexible tool that is normally executed after installation of a new server and allows to check a new system in the following ways: Security audits, Compliance testing, Penetration testing, Vulnerability detecting & System hardening.\\
+.	Rkhunter –  is executed weekly, it is used to scan the server for rootkits, backdoors and possible local exploits. The scanning results are available in log files stored locally.\\
+.	Zabbix agent – is used for monitoring processes and hardware on the LUCY server.\\
+.	Backup script – is used for encrypting LUCY backups and transferring backups to the backup server. If you do not require external backups, we can disable this feature.
+Additionally, Zabbix agents are running in 24×7 mode on all LUCY servers. They are used for monitoring processes and daemons required for successful operation of LUCY. Zabbix agents keep connection to central stand-alone Zabbix server and report all important events to it. Zabbix server send alarm e-mails to System Administrator and to Support team in case of problems. Based on monitoring alarms System Administrator or Support team immediately react to any problem found, e. g. server crash, network unavailability, insufficient disk space, etc. In case of installation LUCY on a dedicated server with RAID Zabbix agent also monitors the status of the RAID array in order to prevent possible data loss due to hard disk malfunctioning. Elk stack and Wazuh software allow real-time monitoring of possible vulnerabilities in the used LUCY components. Elk stack and Wazuh software are also used for certain incident types. Based on the incident type, specific rules for escalation process are defined. Elk stack and Wazuh software allow real-time monitoring of possible vulnerabilities in the used LUCY components. Elk stack and Wazuh software are also used for certain incident types. Based on the incident type, specific rules for escalation process are defined. Elk stack and Wazuh software are also used for certain incident types. Based on the incident type, specific rules for escalation process are defined. Patches to the OS (Debian) are automatically rolled out using the software “Patchman”
+Since updating to the new version of LUCY is only possible when all campaigns are stopped, the LUCY software updating process is done manually by the client after publishing a new LUCY version. The update can be done with a click of a button.
+**Confidentiality Obligations**\\
+For purposes of this Agreement, "Confidential Information" shall mean any and all non-public information, including, without limitation, technical, developmental, marketing, sales, operating, performance, cost, know-how, business plans, business methods, and process information, disclosed to the Recipient.  For convenience, the Disclosing Party may, but is not required to, mark written Confidential Information with the legend "Confidential" or an equivalent designation. All Confidential Information disclosed to the Recipient will be used solely for the Business Purpose and for no other purpose whatsoever. The Recipient agrees to keep the Disclosing Party’s Confidential Information confidential and to protect the confidentiality of such Confidential Information with the same degree of care with which it protects the confidentiality of its own confidential information, but in no event with less than a reasonable degree of care. Recipient may disclose Confidential Information only to its employees, agents, consultants and contractors on a need-to-know basis, and only if such employees, agents, consultants and contractors have executed appropriate written agreements with Recipient sufficient to enable Recipient to enforce all the provisions of this Agreement. Recipient shall not make any copies of Disclosing Party’s Confidential Information except as needed for the Business Purpose. At the request of Disclosing Party, Recipient shall return to Disclosing Party all Confidential Information of Disclosing Party (including any copies thereof) or certify the destruction thereof. All right title and interest in and to the Confidential Information shall remain with Disclosing Party or its licensors. The obligations and limitations set forth herein regarding Confidential Information shall not apply to information which is: (a) at any time in the public domain, other than by a breach on the part of the Recipient; or (b) at any time rightfully received from a third party which had the right to and transmits it to the Recipient without any obligation of confidentiality. In the event that the Recipient shall breach this Agreement, or in the event that a breach appears to be imminent, the Disclosing Party shall be entitled to all legal and equitable remedies afforded it by law, and in addition may recover all reasonable costs and attorneys' fees incurred in seeking such remedies.  If the Confidential Information is sought by any third party, including by way of subpoena or other court process, the Recipient shall inform the Disclosing Party of the request in sufficient time to permit the Disclosing Party to object to and, if necessary, seek court intervention to prevent the disclosure.
+**Applicable law and dispute resolution**\\
+This contract shall be governed by Swiss law. Any dispute arising out of or in connection with this contract shall be brought before the competent courts in Zurich. Place of jurisdiction shall be Zurich. Any pre-printed terms and conditions of Lucy Security AG shall be excluded in their entirety and shall not become part of this contract, unless and to the extent that the client has explicitly accepted in writing such general terms and conditions.