Terms and Conditions
INTRUDER
FULL PRODUCT TERMS
Between
(1) Intruder Systems LTD with registered office 71-75 Shelton Street, London, WC2H 9JQ and registered number 09529593 (“Intruder”); and
(2) The Customer as identified in the Order (“Customer”)
Background
A. Intruder has developed certain vulnerability scanner software products which it makes available to customers on a SaaS basis, to enable the Customer to find cyber security weaknesses in their digital infrastructure.
B. The Customer wishes to use Intruder’s services for its internal business purposes.
C. Intruder has agreed to provide, and the Customer has agreed to take and pay for, Intruder’s services subject to the terms and conditions of this Agreement.
1 Definitions
1.1 In this Agreement, the following words will have the following meanings:
“Agreement” means these terms and conditions together with the Order, schedules, annexes and all other documents referred to herein;
"Business Day" means any day which is not a Saturday, a Sunday or a bank or public holiday in England;
"Confidential Information" means the provisions of this Agreement and in relation to either Party, all information, in any form or medium, which is secret or otherwise not publicly available (either in its entirety or in the precise configuration or assembly of its components), including commercial, financial, marketing or technical information, accounts, business plans, business methods, strategies and financial forecasts, tax records, correspondence, designs, drawings, manuals, specifications, customer or sales or supplier information, technical or commercial expertise, software, formulae, processes, methods, knowledge, know-how and trade secrets, whether disclosed orally, in writing or by electronic means, before or after the date of this Agreement, and in the case of the Customer shall include the specific Customer results and reports generated from use of the Service;
"Customer User" means any employee, agent, contractor and/or consultant of the Customer who uses the Service on behalf of the Customer;
“Effective Date” means the date that the Order is accepted by Intruder;
“End Customers” means the end customers of the Customer on behalf of whom the Customer may use the Service.
“Fees” means the fees for the Service as specified in the relevant Plan;
"Force Majeure" means any event outside the reasonable control of either Party affecting that Party's ability to perform any of its obligations (other than payment) under this Agreement including act of God, fire, flood, lightning, illegality, compliance with any law or governmental order, rule, regulation or direction, war, revolution, act of terrorism, riot or civil commotion, strikes, lock outs and industrial action, failure of supplies of power, fuel, transport, equipment, raw materials or other goods or services including telecommunications and internet services;
"Intellectual Property Rights” means any and all rights in and to any patent, copyright, database, design, trade mark, service mark, domain name, know-how, utility model, business method or process, whether such right is registered or not, or where relevant, any application for any such right, or other industrial or intellectual property right anywhere in the world;
"Intruder Portal" means the online portal (as may be modified by Intruder from time to time) through which the Customer and Customer Users can manage their Target(s) and view their security Weaknesses;
“Order” means the specific order for the Service as accepted by Intruder during the relevant sign up process;
"Party" or "Parties" means Intruder and/or the Customer as the context may require;
“Plan” means the relevant plan (Essential, Cloud, Pro, Enterprise or other plan) as made available by Intruder, including in relation to the specified number of Target(s), and the relevant related Fees and Term as specified in the relevant Order.
“Platform” means the Intruder software platform, including the Intruder Portal, via which the Service is made available, including all versions, amendments and improvements thereto and/or any other tools, methods, models, know how, code, functionality or other elements owned or developed by Intruder;
“Platform Data” means all usage and/or statistical or other data, information, learnings or know how related to and/or derived from the use of the Platform by customers and users, only in anonymized and aggregated form, and at all times not including any data or information that could individually identify a Customer.
“Service” means the services to be supplied by Intruder under this Agreement, in accordance with the relevant Plan, as identified in the Order;
"Service Specification" means the specification of the Service set out at http://www.intruder.io/the-intruder-service as updated and amended from time to time by Intruder to reflect changes, enhancements and improvements that it makes to the Intruder systems and technology;
"Target(s)" means an individual computer system as identified by the IP address, hostname or other unique identifier assigned to it. Where the same computer system is monitored via multiple IP addresses, hostnames, or other identifiers, each separate entry in the Intruder Portal will count as a unique system;
“Term” means the monthly or annual period set out in the relevant Plan or Order;
"Weakness" means a particular configuration, software patch level, or application code deployment which is perceived as likely to, or can be demonstrated to reduce or undermine the security of Target(s), or the information stored, processed or transmitted by it;
"Year" means each period of 12 months from the commencement date.
1.2 Drafting Conventions
(a) The headings in this Agreement are inserted for convenience only and shall not affect the interpretation or construction of this Agreement.
(b) Words expressed in the singular shall include the plural and vice versa. Words referring to a particular gender include every gender. References to a person include an individual, company, body corporate, corporation, unincorporated association, firm, partnership or other legal entity.
(c) The words "other", "including" and "in particular" shall not limit the generality of any preceding words or be construed as being limited to the same class as any preceding words where a wider construction is possible.
(d) All references in this Agreement to clauses are to the clauses in these Terms and Conditions unless otherwise stated.
2 The Service
2.1 Subject to acceptance of a relevant Order by Intruder, and receipt of the Fees in accordance with the relevant payment terms, and subject to compliance by the Customer with the provisions of the relevant Plan and the terms of this Agreement, Intruder agrees to provide the Customer with the Service.
2.2 The Customer may, subject to the relevant Plan details:
(a) use the Service for the Customer's own internal business purposes in relation to its own Target(s);
(b) use the Service to provide services to its own End Customers, by including its End Customer’s systems in the Target(s).
2.3 For the avoidance of doubt the Customer may not permit its End Customers to use the Service or access the Platform directly, and the Customer must at all times use the Service on behalf of its End Customers. The Customer is responsible for ensuring that only employees, agents and consultants authorized and permitted by the Customer can access and use the Service. Only employees, agents and consultants of the Customer are entitled to be Customer Users.
2.4 The Customer shall be responsible for all access to and use of the Service as enabled by the Customer via the Customer’s account and or Customer Users’ login credentials.
2.5 In connection with its supply of the Service, Intruder may be required to process personal data on behalf of the Customer. In such circumstances the parties will each comply with the terms and conditions of Schedule 1 – the Data Processing Agreement.
3 Customer Systems and Customer Responsibilities
3.1 The Customer shall perform or comply with the Customer responsibilities under this Agreement and agrees that Intruder's provision of the Service is dependent on the Customer performing or complying with the Customer responsibilities.
3.2 The Customer authorises and permits Intruder to access the Customer's systems and networks (including without limitation the Target(s) and any applications or data held on such network and systems) for the purposes of the Computer Misuse Act 1990 (as updated, replaced and amended from time to time) and / or other relevant legislation and regulations in the relevant territories, and represents it has authority and will have authority at all times during this Agreement, to give such permission. To the extent permitted by law, the Customer waives any rights or protections it may have under the Computer Misuse Act 1990 and / or equivalent local legislation, with respect to Intruder's activities performed in the course of providing the Service, save in the event of negligence, fraud or wilful misconduct on the part of Intruder.
3.3 The Customer warrants and represents that it has and will have at all times during this Agreement, all necessary permissions, authorizations and consents from the owners or licensors of the Customer's systems and networks and or those of the End Customer (including without limitation the Target(s) and any hosting provider, cloud provider, software-as-a-service provider, infrastructure provider or other party whose authorisation is required for the AI Pentest) to enable the Service to be provided to the Customer.
3.4 The Customer warrants and represents that where it uses the Service in any jurisdiction or territory other than the UK, it shall be wholly responsible for ensuring that the use of the Service in that jurisdiction or territory complies with applicable laws or regulation.
3.5 The Customer shall not and shall not permit any third party to:
(a) attempt to download, copy, modify, create derivative works from, frame, mirror, republish or distribute any portion of the Platform except to the extent expressly set out in this Agreement; or
(b) attempt to copy, adapt, decompile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Platform, except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties;
(c) use any knowledge or information acquired in relation to the Platform or Service in order to build a software product which competes with the Platform;
(d) resell, sublicense or otherwise use the Platform or Service to provide services to third parties, save as permitted under clause 2.2.
4 Security and Disclaimers
4.1 The Customer acknowledges that in order for Intruder to provide the Service it will use penetration testing techniques on the Target(s) in accordance with the Service Specification to try and identify Weaknesses. The Customer acknowledges that use of the Service may cause certain temporary increase of network bandwidth usage and / or system processing load of the Target(s) during the tests, and that Intruder is not responsible for any consequences of Customer network bandwidth or processing capacity limitations.
4.2 Notwithstanding the above, Intruder will ensure it or the Service does not cause any new or worsen any existing Weaknesses, and will not enable any unauthorized access to or use of the Target(s).
4.3 The Customer acknowledges that the Service is not built specifically as a service for the Customer or the Target(s) and is not guaranteed to and may not identify all Weaknesses that can impact or affect systems.
4.4 Intruder shall not be responsible for any damage or loss that the Customer, any Customer User or End Customer may suffer, whether directly or indirectly as a result of use and provision of the Service as intended, and / or in relation to any Weakness that is not identified by the Service.
5 Intellectual Property
5.1 Intruder has, at its sole cost, created, licensed and developed the Service and the technology and systems including the Platform that form part of the Service.
5.2 As between the Parties, all Intellectual Property Rights in the Service, the Platform and the Platform Data belong to Intruder.
5.3 This Agreement shall not constitute a transfer of any Intellectual Property Rights in the Service or Platform to the Customer, nor grant the Customer any rights to the Service or Platform, (including any Intellectual Property Rights in the same) other than as set out in clause 2.
6 Fees
6.1 The Fee under this Agreement is payable by the Customer in full and cleared funds on the Effective Date and on the first day of each Year or Month thereafter, in advance of any access to the Service. In the event your payment method is by payment card, you authorize us to automatically take further payment on renewal of the Term, until you instruct us otherwise.
6.2 The Fee payable under this Agreement is exclusive of value added, sales, withholding or any similar tax, import or customs duties, which shall be paid in addition by the Customer to Intruder at the then prevailing rate.
6.3 If any sum payable under this Agreement is not paid when due then until payment is made in full Intruder shall be entitled to:
(a) suspend access to the Service; and
(b) charge interest on any overdue payment at the rate of 4% per annum above the base rate of the Bank of England.
6.4 Intruder reserves the right to modify the Fees at any time and will notify the Customer of any such changes by email, through the Intruder Portal, or other means of electronic communication.
6.5 If Intruder increases its Fees for the Service, the new Fees will take effect at the beginning of the next billing period after the Customer has been notified, subject to clause 6.6. Existing Agreements or Orders will remain in effect at the original Fees until the end of the current billing period.
6.6 If the Customer does not agree with any Fee changes, it has the right to terminate the Agreement by providing written notice within twenty eight (28) days of the date of the notice of the Fee change. Such termination will take effect at the end of the current Term.
6.7 Promotional offers or discounts may be offered from time to time at Intruder's discretion. Such offers will have their own terms, which will be communicated to the Customer at the time of the offer.
7 Confidentiality
7.1 Each Party shall keep and procure to be kept secret and confidential all Confidential Information of the other Party disclosed or obtained as a result of the relationship of the Parties under this Agreement and shall not use nor disclose the same except in relation to the performance of this Agreement or with the prior written consent of the other Party. Where disclosure is made by a Party of the other Party's Confidential Information, to any employee, agent or consultant, it shall be done subject to obligations equivalent to those set out in this Agreement. Each Party agrees to use its best endeavors to procure that any such employee, agent or consultant complies with such obligations provided that each Party shall continue to be responsible to the other Party in respect of any disclosure or use of such Confidential Information by a person to whom disclosure is made.
7.2 The obligations of confidentiality in this clause shall not extend to any information which the other Party can show:
(a) is in, or has become part of, the public domain other than as a result of a breach of the obligations of confidentiality under this Agreement; or
(b) was in its written records prior to the date of this Agreement and not subject to any confidentiality obligations; or
(c) was independently disclosed to it by a third party entitled to disclose the same; or
(d) is required to be disclosed under any applicable law, or by order of a court or governmental body or authority of competent jurisdiction.
7.3 The Customer shall ensure that the Customer Users are aware of and undertake to comply with the obligations of confidentiality set out in this clause.
7.4 This clause shall survive termination of this Agreement.
8 Warranties and Indemnities
8.1 Subject to clauses 4 and 8.2, Intruder warrants that:
(a) the Service shall comply in all material respects with the Service Specification and shall be provided with all reasonable skill and care and good industry practice.
(b) it has full right, power and authority to enter into this Agreement; and
(c) the Platform and Service will, to the best of its knowledge, contain nothing that infringes the statutory, common law, or Intellectual Property Rights of any third party.
8.2 Save as expressly set out here, any other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this Agreement whether by statute, common law or otherwise, are hereby excluded to the fullest extent permitted by law, including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality and fitness for purpose.
8.3 The Customer warrants that:
(a) it, and its representative signing up to the Agreement, has full right, power and authority to enter into this Agreement;
(b) it has all the rights, licenses, permits, approvals and clearance of third party rights as required by applicable laws and as are necessary to perform its obligations and allow Intruder to perform its obligations under this Agreement;
8.4 Intruder will indemnify the Customer from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the Customer payable in relation to any third party claims or actions as a result of or in connection with any breach by Intruder of clause 8.1.
8.5 The Customer will indemnify Intruder from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against Intruder payable in relation to any third party claims or actions as a result of or in connection with any breach by the Customer of clause 8.3 and/or clauses 3.2, 3.3 and 3.4.
8.6 Each Party will fully indemnify the other from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the other as a result of or in connection with any breach by the other of clause 7 (Confidentiality).
8.7 In all cases the indemnified party agrees to:
(a) promptly notify the indemnifying party of any allegation of infringement or other claim that may give rise to reliance on an indemnity, which comes to its attention, and give the indemnifying party all reasonable assistance subject to reimbursement by the indemnifying party of the indemnified party’s costs so incurred;
(b) not to make any admission, settle, compromise or negotiate the settlement of any such claim without the prior consent of the indemnifying party (such consent not to be unreasonably withheld) provided that the indemnifying party considers and defends any claim diligently, using competent counsel and in such a way as not to bring the reputation of the indemnified party into disrepute; and
(c) allow the indemnifying party to conduct and settle all negotiations and proceedings, save that the indemnifying party may not conclude settlement of any negotiations and proceedings which may have a material effect (whether financial, practical or in terms of reputation) on the indemnified party without the indemnified party’s prior written consent which will not be unreasonably withheld.
9 Limitation of Liability
9.1 Nothing in this Agreement shall exclude or limit:
(a) either Party’s liability for death or personal injury caused by that Party’s negligence, fraud or fraudulent misrepresentation, or any liability which cannot be legally excluded or limited;
(b) the Customer's liability to pay the Fees.
9.2 Subject to clause 9.1, neither party will be liable, whether in contract, tort (including negligence) breach of statutory duty, or otherwise, for any of the following losses or damage (whether or not such losses or damage were direct, foreseen, foreseeable, known or otherwise) howsoever arising in respect of any: special, indirect, incidental or consequential loss or damage; loss of actual or anticipated profits; loss of business or contracts; loss of revenue or of the use of money; loss of anticipated savings; and/or loss of goodwill, arising out of or in connection with this Agreement.
9.3 Subject to clauses 9.1, the maximum aggregate liability of Intruder to the Customer for all claims arising in connection with this Agreement whether in contract, tort (including negligence) or breach of statutory duty, misrepresentation or otherwise shall be limited £1,000,000 (one million pounds).
9.4 Intruder shall have no liability towards any End Customer.
10 Term, Termination and Suspension
10.1 This Agreement will begin on the Effective Date and continue for the Term, unless terminated in accordance with these terms.
10.2 At the end of the relevant Term the Order will be automatically renewed for successive periods equivalent to the Term (each a "Renewal Period"), unless either party notifies the other party of termination, before the end of the Term or any Renewal Period, in which case this Order shall terminate upon the expiry of the applicable Term or Renewal Period. The Customer will not be entitled to any refund or credit for any portion of the Fee for any unused part of the Term already paid for. In the event your payment method is by payment card, you authorize us to automatically take further payment on renewal of the Term, until you instruct us otherwise.
10.3 Either Party may terminate this Agreement if the other party commits a material breach of this Agreement that is capable of remedy and which the party in breach has not remedied within 30 days of a receipt of a written notice identifying the breach.
10.4 Intruder may terminate this Agreement immediately and/or suspend the Service without notice if the Fee has not been received by the due date, or if the provision of the Service is found to be unlawful in the jurisdiction or territory in which it is used.
10.5 In the event of any termination of this Agreement by Intruder under clause 10.3 or 10.4, Intruder will not refund nor shall credit, and the Customer will not be entitled to any refund or credit for, any portion of the Fee for any unused part of the Term.
10.6 Upon termination of this Agreement for any reason whatsoever:
(a) the relationship of the Parties shall cease and all rights granted under this Agreement to access and use the Service shall cease immediately;
(b) any provision which is expressly or by implication intended to come into force or remain in force on or after termination will continue in full force and effect.
10.7 The termination of this Agreement shall be without prejudice to the rights and remedies of either Party which may have accrued up to the date of termination.
11 Force Majeure
11.1 A Party will not be in breach of this Agreement nor liable for any failure or delay in performance of any obligations (except for those in relation to payment) under this Agreement, and the date for performance of the obligations affected will be extended accordingly, as a result of Force Majeure, provided that such Party shall:
(a) promptly notify the other Party in writing of the matters constituting the Force Majeure and shall keep that Party fully informed of their continuance and of any relevant change of circumstances whilst such Force Majeure continues; and
(b) take all reasonable steps available to it to minimize its effects on the performance of its obligations under this Agreement.
11.2 If Force Majeure continues for longer than 30 days' either Party may, whilst the Force Majeure continues, immediately terminate this Agreement by notice in writing to the other.
12 Parties
12.1 The Customer may not assign, transfer, charge or otherwise dispose of all or any of its rights and responsibilities under this Agreement.
12.2 A person who is not a Party to this Agreement has no rights (whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise) to enforce any provision of this Agreement.
12.3 Neither Party may pledge the credit of the other Party nor represent itself as being the other Party nor an agent, partner, employee or representative of the other Party and neither Party may hold itself out as such nor as having any power or authority to incur any obligation of any nature, express or implied, on behalf of the other.
12.4 Nothing in this Agreement, and no action taken by the Parties pursuant to this Agreement creates, or is deemed to create, a partnership or joint venture or relationship of employer and employee or principal and agent between the Parties.
13 Construction
13.1 Entire Agreement
(a) This Agreement contains the entire agreement between the Parties in relation to its subject matter and supersedes any prior arrangement, understanding written or oral agreements between the Parties in relation to such subject matter.
(b) The Parties acknowledge that this Agreement has not been entered into wholly or partly in reliance on, nor has either Party been given, any warranty, statement, promise or representation by the other or on its behalf other than as expressly set out in this Agreement.
(c) Each Party agrees that the only rights and remedies available to it arising out of or in connection with any warranties, statements, promises or representations will be for breach of contract and irrevocably and unconditionally waives any right it may have to any claim, rights or remedies including any right to rescind this Agreement which it might otherwise have had in relation to them.
(d) All warranties, conditions, terms and representations not set out in this Agreement whether implied by statute or otherwise are excluded to the extent permitted by law.
(e) Nothing in this clause will exclude any liability in respect of misrepresentations made fraudulently.
13.2 Severability of provisions
(a) If at any time any part of this Agreement is held to be or becomes void or otherwise unenforceable for any reason under any applicable law, the same shall be deemed omitted from this Agreement and the validity and/or enforceability of the remaining provisions of this Agreement shall not in any way be affected or impaired as a result of that omission.
(b) If any void or unenforceable part of this Agreement would be valid and enforceable if some part of it were deleted, the part shall apply with the minimum modification necessary to make it valid and enforceable.
13.3 Waiver. The rights and remedies of either Party in respect of this Agreement shall not be diminished, waived or extinguished by the granting of any indulgence, forbearance or extension of time granted by that Party to the other nor by any failure of, or delay in ascertaining or exercising any such rights or remedies. Any waiver of any breach of this Agreement shall be in writing. The waiver by either Party of any breach of this Agreement shall not prevent the subsequent enforcement of that provision and shall not be deemed to be a waiver of any subsequent breach of that or any other provision.
14 Contract Administration
14.1 Variation. No purported alteration or variation of this Agreement shall be effective unless it is in writing, refers specifically to this Agreement, and is signed or otherwise expressly agreed to by each of the Parties to this Agreement.
14.2 Language. This Agreement is entered into in the English language. All amendments or correspondence concerning or relating to this Agreement and all notices given and all documentation to be delivered by either Party to the other under this Agreement shall be written in the English language or shall be accompanied by an English translation prepared by such person or body as the Parties shall have approved in advance. If there is any conflict in meaning between the English language version and any version or translation of this Agreement in any other language the English version shall prevail.
14.3 Notices
(a) Any notices sent under this Agreement must be in writing, sent and delivered by email to contact@intruder.io.
(b) Notices shall be served to the addresses set out above or to such other email address and/or address as the relevant Party may give notice to the other Party for the purpose of service of notices under this Agreement. The deemed time of delivery of notice by email shall be 9:00am recipient’s time on the first Business Day after sending and proof of service of email despatched in a legible and complete form to the correct email address without any error message.
14.4 Complaints. Formal complaints relating to the Service must be delivered either by email to contact@intruder.io, or via the in-app customer support widget.
15 Applicable Law and Jurisdiction
15.1 This Agreement and any issues, disputes or claims arising out of or in connection with it (whether contractual or non-contractual in nature) shall be governed by, and construed in accordance with, the laws of England.
15.2 All disputes or claims arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the English Courts to which the Parties irrevocably submit.
16 Publicity
Intruder shall be entitled to describe the Customer as a customer of this Service and include its name on marketing and promotional materials. In addition and on reasonable notice the Customer shall act as a referee for Intruder in respect of prospective customers of Intruder for the Service.
INTRUDER
FREE TRIAL TERMS
BETWEEN:
(1) Intruder Systems LTD with registered office 71-75 Shelton Street, London, WC2H 9JQ and registered number 09529593 (“Intruder”); and
(2) The Customer as identified in the Order (“Customer”)
Background
(A) Intruder has developed certain vulnerability scanner software products which it makes available to customers on a SaaS basis, to enable the Customer to find cyber security weaknesses in their digital infrastructure.
(B) The Customer wishes to take a 14 Day Free Trial of Intruder’s services for its internal business purposes.
(C) Intruder has agreed to provide, and the Customer has agreed to take a 14 Day Free Trial of Intruder’s services subject to the terms and conditions of this Agreement.
1 Definitions
1.1 In this Agreement, the following words will have the following meanings:
“Agreement” means these terms and conditions together with the Order, schedules, annexes and all other documents referred to herein;
"Confidential Information" means the provisions of this Agreement and in relation to either Party, all information, in any form or medium, which is secret or otherwise not publicly available (either in its entirety or in the precise configuration or assembly of its components), including commercial, financial, marketing or technical information, accounts, business plans, business methods, strategies and financial forecasts, tax records, correspondence, designs, drawings, manuals, specifications, customer or sales or supplier information, technical or commercial expertise, software, formulae, processes, methods, knowledge, know-how and trade secrets, whether disclosed orally, in writing or by electronic means, before or after the date of this Agreement, and in the case of the Customer shall include the specific Customer results and reports generated from use of the Service;
"Customer User" means any employee, agent, contractor and/or consultant of the Customer who uses the Service on behalf of the Customer;
“Effective Date” means the date that the Order is accepted by Intruder;
“End Customers” means the end customers of the Customer on behalf of whom the Customer may use the Service.
"Intellectual Property Rights” means any and all rights in and to any patent, copyright, database, design, trade mark, service mark, domain name, know-how, utility model, business method or process, whether such right is registered or not, or where relevant, any application for any such right, or other industrial or intellectual property right anywhere in the world;
"Intruder Portal" means the online portal (as may be modified by Intruder from time to time) through which the Customer and Customer Users can manage their Target(s) and view their security Weaknesses;
“Order” means the specific order for the Service as accepted by Intruder during the relevant sign up process;
"Party" or "Parties" means Intruder and/or the Customer as the context may require;
“Platform” means the Intruder software platform, including the Intruder Portal, via which the Service is made available, including all versions, amendments and improvements thereto and/or any other tools, methods, models, know how, code, functionality or other elements owned or developed by Intruder;
“Platform Data” means all usage and/or statistical or other data, information, learnings or know how related to and/or derived from the use of the Platform by customers and users, only in anonymised and aggregated form, and at all times not including any data or information that could individually identify a Customer;
“Service” means the services to be supplied by Intruder under this Agreement under the Trial;
"Service Specification" means the specification of the Service set out at http://www.intruder.io/the-intruder-service as updated and amended from time to time by Intruder to reflect changes, enhancements and improvements that it makes to the Intruder systems and technology;
"Target(s)" means an individual computer system as identified by the IP address, hostname or other unique identifier assigned to it. Where the same computer system is monitored via multiple IP addresses, hostnames, or other identifiers, each separate entry in the Intruder Portal will count as a unique system;
“Term” means a 14 Day Free Trial;
“Trial” means the 14 Day Free Trial plan as made available by Intruder.
"Weakness" means a particular configuration, software patch level, or application code deployment which is perceived as likely to, or can be demonstrated to reduce or undermine the security of Target(s), or the information stored, processed or transmitted by it;
2 The Service
2.1 Subject to acceptance of a relevant Order by Intruder, and subject to compliance by the Customer with the provisions of the Trial and the terms of this Agreement, Intruder agrees to provide the Customer with the Service.
2.2 The Customer may under the Trial:
(a) use the Service for the Customer's own internal business purposes in relation to its own Target(s);
(b) use the Service to conduct trials in relation to its own End Customers, by including its End Customer’s systems in the Target(s).
2.3 For the avoidance of doubt the Customer may not permit its End Customers to use the Service or access the Platform directly, and the Customer must at all times use the Service on behalf of its End Customers. The Customer is responsible for ensuring that only employees, agents and consultants authorised and permitted by the Customer can access and use the Service. Only employees, agents and consultants of the Customer are entitled to be Customer Users.
2.4 The Customer shall be responsible for all access to and use of the Service as enabled by the Customer via the Customer’s account and or Customer Users’ login credentials.
2.5 In connection with its supply of the Service, Intruder may be required to process personal data on behalf of the Customer. In such circumstances the parties will each comply with the terms and conditions of the Data Processing Agreement available here.
3 Customer Systems and Customer Responsibilities
3.1 The Customer shall perform or comply with the Customer responsibilities under this Agreement and agrees that Intruder's provision of the Service is dependent on the Customer performing or complying with the Customer responsibilities.
3.2 The Customer authorises and permits Intruder to access the Customer's systems and networks (including without limitation the Target(s) and any applications or data held on such network and systems) for the purposes of the Computer Misuse Act 1990 (as updated, replaced and amended from time to time) and / or other relevant legislation and regulations in the relevant territories, and represents it has authority and will have authority at all times during this Agreement, to give such permission. To the extent permitted by law, the Customer waives any rights or protections it may have under the Computer Misuse Act 1990 and / or equivalent local legislation, with respect to Intruder's activities performed in the course of providing the Service, save in the event of negligence, fraud or wilful misconduct on the part of Intruder.
3.3 The Customer warrants and represents that it has and will have at all times during this Agreement, all necessary permissions, authorisations and consents from the owners or licensors of the Customer's systems and networks and or those of the End Customer (including without limitation the Target(s) and any hosting provider, cloud provider, software-as-a-service provider, infrastructure provider or other party whose authorisation is required for the AI Pentest) to enable the Service to be provided to the Customer.
3.4 The Customer warrants and represents that where it uses the Service in any jurisdiction or territory other than the UK, it shall be wholly responsible for ensuring that the use of the Service in that jurisdiction or territory complies with applicable laws or regulation.
3.5 The Customer shall not and shall not permit any third party to:
(a) attempt to download, copy, modify, create derivative works from, frame, mirror, republish or distribute any portion of the Platform except to the extent expressly set out in this Agreement; or
(b) attempt to copy, adapt, decompile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Platform, except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties;
(c) use any knowledge or information acquired in relation to the Platform or Service in order to build a software product which competes with the Platform;
(d) resell, sublicense or otherwise use the Platform or Service to provide services to third parties.
4 Security and Disclaimers
4.1 The Customer acknowledges that in order for Intruder to provide the Service it will use penetration testing techniques on the Target(s) in accordance with the Service Specification to try and identify Weaknesses. The Customer acknowledges that use of the Service may cause certain temporary increase of network bandwidth usage and / or system processing load of the Target(s) during the tests, and that Intruder is not responsible for any consequences of Customer network bandwidth or processing capacity limitations.
4.2 Notwithstanding the above, Intruder will ensure it or the Service does not cause any new or worsen any existing Weaknesses, and will not enable any unauthorised access to or use of the Target(s).
4.3 The Customer acknowledges that the Service is not built specifically as a service for the Customer or the Target(s) and is not guaranteed to and may not identify all Weaknesses that can impact or affect systems.
4.4 Intruder shall not be responsible for any damage or loss that the Customer, any Customer User or End Customer may suffer, whether directly or indirectly as a result of use and provision of the Service as intended, and / or in relation to any Weakness that is not identified by the Service.
5 Intellectual Property
5.1 Intruder has, at its sole cost, created, licensed and developed the Service and the technology and systems including the Platform that form part of the Service.
5.2 As between the Parties, all Intellectual Property Rights in the Service, the Platform and the Platform Data belong to Intruder.
6 Confidentiality
6.1 Each Party shall keep and procure to be kept secret and confidential all Confidential Information of the other Party disclosed or obtained as a result of the relationship of the Parties under this Agreement and shall not use nor disclose the same except in relation to the performance of this Agreement or with the prior written consent of the other Party. Where disclosure is made by a Party of the other Party's Confidential Information, to any employee, agent or consultant, it shall be done subject to obligations equivalent to those set out in this Agreement. Each Party agrees to use its best endeavours to procure that any such employee, agent or consultant complies with such obligations provided that each Party shall continue to be responsible to the other Party in respect of any disclosure or use of such Confidential Information by a person to whom disclosure is made.
7 Warranties and Indemnities
7.1 The Service under the Trial is provided to the Customer on an "as is" and "as available" basis, without warranty of any kind, whether express, implied, or statutory. In any event, Intruder does not warrant that the Service will be uninterrupted, timely, secure, or error-free, that defects will be corrected. No advice or information, whether oral or written, obtained by the Customer from Intruder or through or from the Service shall create any warranty not expressly stated in this Agreement
7.2 Save as expressly set out here, any other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this Agreement whether by statute, common law or otherwise, are hereby excluded to the fullest extent permitted by law, including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality and fitness for purpose, title, non-infringement, accuracy, reliability, security, compatibility, or arising from any course of dealing, usage, or trade practice.
7.3 The Customer warrants that:
(a) it, and its representative signing up to the Agreement, has full right, power and authority to enter into this Agreement;
(b) it has all the rights, licences, permits, approvals and clearance of third party rights as required by applicable laws and as are necessary to perform its obligations and allow Intruder to perform its obligations under this Agreement.
7.4 The Customer will indemnify Intruder from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against Intruder payable in relation to any third party claims or actions as a result of or in connection with any breach by the Customer of clause 7.3 and/or clauses 3.2, 3.3 and 3.4.
7.5 Each Party will fully indemnify the other from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the other as a result of or in connection with any breach by the other of clause 6 (Confidentiality).
8 Limitation of Liability
8.1 Nothing in this Agreement shall exclude or limit either Party’s liability for death or personal injury caused by that Party’s negligence, fraud or fraudulent misrepresentation, or any liability which cannot be legally excluded or limited.
8.2 Subject to clause 8.1, neither party will be liable, whether in contract, tort (including negligence) breach of statutory duty, or otherwise, for any of the following losses or damage (whether or not such losses or damage were direct, foreseen, foreseeable, known or otherwise) howsoever arising in respect of any: special, indirect, incidental or consequential loss or damage; loss of actual or anticipated profits; loss of business or contracts; loss of revenue or of the use of money; loss of anticipated savings; and/or loss of goodwill, arising out of or in connection with this Agreement.
8.3 Subject to clauses 8.1, the maximum aggregate liability of Intruder to the Customer for all claims arising in connection with this Agreement whether in contract, tort (including negligence) or breach of statutory duty, misrepresentation or otherwise shall be limited £10 (ten pounds).
8.4 Intruder shall have no liability towards any End Customer.
8.5 For the avoidance of doubt, the Service under the Trial is provided free of charge, and the Customer acknowledges that no consideration has been paid and that the limitations and exclusions set out in this Agreement are fundamental elements of this Agreement, reflect a fair and reasonable allocation of risk between the parties and that the Provider would not provide the Service to the Customer without such limitations
9 Term, Termination and Suspension
9.1 This Agreement will begin on the Effective Date and continue for the Term, unless terminated in accordance with these terms.
9.2 At the end of the Term the Customer may sign up separately for a paid plan or limited functionality free plan.
9.3 Either Party may terminate this Agreement if the other party commits a material breach of this Agreement.
9.4 Upon termination of this Agreement for any reason whatsoever:
(a) the relationship of the Parties shall cease and all rights granted under this Agreement to access and use the Service shall cease immediately;
(b) any provision which is expressly or by implication intended to come into force or remain in force on or after termination will continue in full force and effect.
9.5 The termination of this Agreement shall be without prejudice to the rights and remedies of either Party which may have accrued up to the date of termination.
10 Entire Agreement
10.1 This Agreement contains the entire agreement between the Parties in relation to its subject matter and supersedes any prior arrangement, understanding written or oral agreements between the Parties in relation to such subject matter.
10.2 All warranties, conditions, terms and representations not set out in this Agreement whether implied by statute or otherwise are excluded to the extent permitted by law.
11 Applicable Law and Jurisdiction
11.1 This Agreement and any issues, disputes or claims arising out of or in connection with it (whether contractual or non-contractual in nature) shall be governed by, and construed in accordance with, the laws of England.
11.2 All disputes or claims arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the English Courts to which the Parties irrevocably submit.
INTRUDER
FREE PLAN TERMS
BETWEEN:
(1) Intruder Systems LTD with registered office 71-75 Shelton Street, London, WC2H 9JQ and registered number 09529593 (“Intruder”); and
(2) The Customer as identified in the Order (“Customer”)
Background
- Intruder has developed certain vulnerability scanner software products which it makes available to customers on a SaaS basis, to enable the Customer to find cyber security weaknesses in their digital infrastructure.
- Intruder also offers a Free Plan for the product as a basic no commitment alternative.
- The Customer wishes to sign up to the Free Plan for its internal business purposes.
- Intruder has agreed to provide, and the Customer has agreed to take the Free Plan subject to the terms and conditions of this Agreement.
- Definitions
- In this Agreement, the following words will have the following meanings:
“Agreement” means these terms and conditions together with the Order, schedules, annexes and all other documents referred to herein;
"Confidential Information" means the provisions of this Agreement and in relation to either Party, all information, in any form or medium, which is secret or otherwise not publicly available (either in its entirety or in the precise configuration or assembly of its components), including commercial, financial, marketing or technical information, accounts, business plans, business methods, strategies and financial forecasts, tax records, correspondence, designs, drawings, manuals, specifications, customer or sales or supplier information, technical or commercial expertise, software, formulae, processes, methods, knowledge, know-how and trade secrets, whether disclosed orally, in writing or by electronic means, before or after the date of this Agreement, and in the case of the Customer shall include the specific Customer results and reports generated from use of the Service;
"Customer User" means any employee, agent, contractor and/or consultant of the Customer who uses the Service on behalf of the Customer;
“Effective Date” means the date that the Order is accepted by Intruder;
“End Customers” means the end customers of the Customer on behalf of whom the Customer provides other services;
“Free Plan” means the free plan for the Intruder Service with limited and restricted functionality as made available by Intruder;
"Intellectual Property Rights” means any and all rights in and to any patent, copyright, database, design, trade mark, service mark, domain name, know-how, utility model, business method or process, whether such right is registered or not, or where relevant, any application for any such right, or other industrial or intellectual property right anywhere in the world;
"Intruder Portal" means the online portal (as may be modified by Intruder from time to time) through which the Customer and Customer Users can manage their Target(s) and view their security Weaknesses;
“Order” means the specific order for the Service as accepted by Intruder during the relevant sign up process;
"Party" or "Parties" means Intruder and/or the Customer as the context may require;
“Platform” means the Intruder software platform, including the Intruder Portal, via which the Service is made available, including all versions, amendments and improvements thereto and/or any other tools, methods, models, know how, code, functionality or other elements owned or developed by Intruder;
“Platform Data” means all usage and/or statistical or other data, information, learnings or know how related to and/or derived from the use of the Platform by customers and users, only in anonymised and aggregated form, and at all times not including any data or information that could individually identify a Customer;
“Service” means the limited and restricted services to be supplied by Intruder under this Agreement under the Free Plan;
"Service Specification" means the limited and restricted specification of the Service set out at http://www.intruder.io/the-intruder-service as updated and amended from time to time by Intruder to reflect changes, enhancements and improvements that it makes to the Intruder systems and technology;
"Target(s)" means an individual computer system as identified by the IP address, hostname or other unique identifier assigned to it. Where the same computer system is monitored via multiple IP addresses, hostnames, or other identifiers, each separate entry in the Intruder Portal will count as a unique system;
“Term” means perpetual, subject to termination rights below;
"Weakness" means a particular configuration, software patch level, or application code deployment which is perceived as likely to, or can be demonstrated to reduce or undermine the security of Target(s), or the information stored, processed or transmitted by it;
- The Service
- Subject to acceptance of a relevant Order by Intruder, and subject to compliance by the Customer with the provisions of the Free Plan and the terms of this Agreement, Intruder agrees to provide the Customer with the Service.
- The Customer under the Free Plan:
- may only use the Service solely for the Customer's own internal business purposes in relation to its own Target(s);
- must not use and is specifically restricted from using the Service to provide services to its own End Customers, including by adding its End Customer’s systems as the Target(s).
- The Customer is responsible for ensuring that only its own employees, agents and consultants authorised and permitted by the Customer can access and use the Service. Only employees, agents and consultants of the Customer are entitled to be Customer Users.
- The Customer shall be responsible for all access to and use of the Service as enabled by the Customer via the Customer’s account and or Customer Users’ login credentials.
- In connection with its supply of the Service, Intruder may be required to process personal data on behalf of the Customer. In such circumstances the parties will each comply with the terms and conditions of the Data Processing Agreement available here.
- Customer Systems and Customer Responsibilities
- The Customer shall perform or comply with the Customer responsibilities under this Agreement and agrees that Intruder's provision of the Service is dependent on the Customer performing or complying with the Customer responsibilities.
- The Customer authorises and permits Intruder to access the Customer's systems and networks (including without limitation the Target(s) and any applications or data held on such network and systems) for the purposes of the Computer Misuse Act 1990 (as updated, replaced and amended from time to time) and / or other relevant legislation and regulations in the relevant territories, and represents it has authority and will have authority at all times during this Agreement, to give such permission. To the extent permitted by law, the Customer waives any rights or protections it may have under the Computer Misuse Act 1990 and / or equivalent local legislation, with respect to Intruder's activities performed in the course of providing the Service, save in the event of negligence, fraud or wilful misconduct on the part of Intruder.
- The Customer warrants and represents that it has and will have at all times during this Agreement, all necessary permissions, authorisations and consents from the owners or licensors of the Customer's systems and networks (including without limitation the Target(s) and any hosting provider, cloud provider, software-as-a-service provider, infrastructure provider or other party whose authorisation is required for the AI Pentest) to enable the Service to be provided to the Customer.
- The Customer warrants and represents that where it uses the Service in any jurisdiction or territory other than the UK, it shall be wholly responsible for ensuring that the use of the Service in that jurisdiction or territory complies with applicable laws or regulation.
- The Customer shall not and shall not permit any third party to:
- attempt to download, copy, modify, create derivative works from, frame, mirror, republish or distribute any portion of the Platform except to the extent expressly set out in this Agreement; or
- attempt to copy, adapt, decompile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Platform, except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties;
- use any knowledge or information acquired in relation to the Platform or Service in order to build a software product which competes with the Platform;
- resell, sublicense or otherwise use the Platform or Service to provide services to third parties.
- Security and Disclaimers
- The Customer acknowledges that in order for Intruder to provide the Service it will use penetration testing techniques on the Target(s) in accordance with the Service Specification to try and identify Weaknesses. The Customer acknowledges that use of the Service may cause certain temporary increase of network bandwidth usage and / or system processing load of the Target(s) during the tests, and that Intruder is not responsible for any consequences of Customer network bandwidth or processing capacity limitations.
- Notwithstanding the above, Intruder will ensure it or the Service does not cause any new or worsen any existing Weaknesses, and will not enable any unauthorised access to or use of the Target(s).
- The Customer acknowledges that the Service is not built specifically as a service for the Customer or the Target(s) and is not guaranteed to and may not identify all Weaknesses that can impact or affect systems.
- Intruder shall not be responsible for any damage or loss that the Customer or any Customer User may suffer, whether directly or indirectly as a result of use and provision of the Service as intended, and / or in relation to any Weakness that is not identified by the Service.
- Intellectual Property
- Intruder has, at its sole cost, created, licensed and developed the Service and the technology and systems including the Platform that form part of the Service.
- As between the Parties, all Intellectual Property Rights in the Service, the Platform and the Platform Data belong to Intruder.
- Confidentiality
- Each Party shall keep and procure to be kept secret and confidential all Confidential Information of the other Party disclosed or obtained as a result of the relationship of the Parties under this Agreement and shall not use nor disclose the same except in relation to the performance of this Agreement or with the prior written consent of the other Party. Where disclosure is made by a Party of the other Party's Confidential Information, to any employee, agent or consultant, it shall be done subject to obligations equivalent to those set out in this Agreement. Each Party agrees to use its best endeavours to procure that any such employee, agent or consultant complies with such obligations provided that each Party shall continue to be responsible to the other Party in respect of any disclosure or use of such Confidential Information by a person to whom disclosure is made.
- Warranties and Indemnities
- The Service is provided to the Customer on an "as is" and "as available" basis, without warranty of any kind, whether express, implied, or statutory. In any event, Intruder does not warrant that the Service will be uninterrupted, timely, secure, or error-free, that defects will be corrected. No advice or information, whether oral or written, obtained by the Customer from Intruder or through or from the Service shall create any warranty not expressly stated in this Agreement.
- Save as expressly set out here, any other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this Agreement whether by statute, common law or otherwise, are hereby excluded to the fullest extent permitted by law, including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose, title, non-infringement, accuracy, reliability, security, compatibility, or arising from any course of dealing, usage, or trade practice.
- The Customer warrants that:
- it, and its representative signing up to the Agreement, has full right, power and authority to enter into this Agreement;
- it has all the rights, licences, permits, approvals and clearance of third party rights as required by applicable laws and as are necessary to perform its obligations and allow Intruder to perform its obligations under this Agreement.
- The Customer will indemnify Intruder from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against Intruder payable in relation to any third party claims or actions as a result of or in connection with any breach by the Customer of clause 7.3 and/or clauses 3.2, 3.3 and 3.4.
- Each Party will fully indemnify the other from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the other as a result of or in connection with any breach by the other of clause 6 (Confidentiality).
- Limitation of Liability
- Nothing in this Agreement shall exclude or limit either Party’s liability for death or personal injury caused by that Party’s negligence, fraud or fraudulent misrepresentation, or any liability which cannot be legally excluded or limited.
- Subject to clause 8.1, neither party will be liable, whether in contract, tort (including negligence) breach of statutory duty, or otherwise, for any of the following losses or damage (whether or not such losses or damage were direct, foreseen, foreseeable, known or otherwise) howsoever arising in respect of any: special, indirect, incidental or consequential loss or damage; loss of actual or anticipated profits; loss of business or contracts; loss of revenue or of the use of money; loss of anticipated savings; and/or loss of goodwill, arising out of or in connection with this Agreement.
- Subject to clauses 8.1, the maximum aggregate liability of Intruder to the Customer for all claims arising in connection with this Agreement whether in contract, tort (including negligence) or breach of statutory duty, misrepresentation or otherwise shall be limited £10 (ten pounds).
- For the avoidance of doubt, the Service is provided free of charge, and the Customer acknowledges that no consideration has been paid and that the limitations and exclusions set out in this Agreement are fundamental elements of this Agreement, reflect a fair and reasonable allocation of risk between the parties and that the Provider would not provide the Service to the Customer without such limitations.
- Term, Termination and Suspension
- This Agreement will begin on the Effective Date and continue for the Term, unless terminated in accordance with these terms.
- Either Party may terminate this Agreement if the other party commits a material breach of this Agreement.
- Intruder may terminate the Agreement at will at any time for any or no reason on 28 days’ notice.
- Upon termination of this Agreement for any reason whatsoever:
- the relationship of the Parties shall cease and all rights granted under this Agreement to access and use the Service shall cease immediately;
- any provision which is expressly or by implication intended to come into force or remain in force on or after termination will continue in full force and effect.
- The termination of this Agreement shall be without prejudice to the rights and remedies of either Party which may have accrued up to the date of termination.
- Entire Agreement
- This Agreement contains the entire agreement between the Parties in relation to its subject matter and supersedes any prior arrangement, understanding written or oral agreements between the Parties in relation to such subject matter.
- All warranties, conditions, terms and representations not set out in this Agreement whether implied by statute or otherwise are excluded to the extent permitted by law.
- Applicable Law and Jurisdiction
- This Agreement and any issues, disputes or claims arising out of or in connection with it (whether contractual or non-contractual in nature) shall be governed by, and construed in accordance with, the laws of England.
- All disputes or claims arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the English Courts to which the Parties irrevocably submit.
INTRUDER
AI PENETRATION TEST TERMS
Between
(1) Intruder Systems LTD with registered office 71-75 Shelton Street, London, WC2H 9JQ and registered number 09529593 (“Intruder”); and
(2) The Customer as identified in the Order (“Customer”)
Background
A. Intruder has developed an AI enabled penetration testing software product which it makes available to customers on a SaaS basis, to enable the Customer to find cyber security weaknesses in their digital infrastructure.
B. The Customer wishes to use Intruder’s services for its internal business purposes.
C. Intruder has agreed to provide, and the Customer has agreed to take and pay for, Intruder’s services subject to the terms and conditions of this Agreement.
1 Definitions
1.1 In this Agreement, the following words will have the following meanings:
“Agreement” means these terms and conditions together with the Order, schedules, annexes and all other documents referred to herein;
"AI Pentest" means a one-off automated penetration testing engagement performed by Intruder against the Target(s) using the AI Pentest Agent to create one AI Pentest Report;
“AI Pentest Agent(s)” means AI-assisted and large language model-based tooling alongside conventional security testing techniques.
"AI Pentest Report" means the written report deliverable produced by Intruder following completion of the AI Pentest;
"Business Day" means any day which is not a Saturday, a Sunday or a bank or public holiday in England;
"Confidential Information" means the provisions of this Agreement and in relation to either Party, all information, in any form or medium, which is secret or otherwise not publicly available (either in its entirety or in the precise configuration or assembly of its components), including commercial, financial, marketing or technical information, accounts, business plans, business methods, strategies and financial forecasts, tax records, correspondence, designs, drawings, manuals, specifications, customer or sales or supplier information, technical or commercial expertise, software, formulae, processes, methods, knowledge, know-how and trade secrets, whether disclosed orally, in writing or by electronic means, before or after the date of this Agreement, and in the case of the Customer shall include the specific Customer results and reports generated from use of the Service;
"Customer User" means any employee, agent, contractor and/or consultant of the Customer who uses the Service on behalf of the Customer;
“Effective Date” means the date that the Order is accepted by Intruder;
“End Customers” means the end customers of the Customer on behalf of whom the Customer may use the Service.
“Fees” means the fees for the Service as specified in the relevant Order;
"Force Majeure" means any event outside the reasonable control of either Party affecting that Party's ability to perform any of its obligations (other than payment) under this Agreement including act of God, fire, flood, lightning, illegality, compliance with any law or governmental order, rule, regulation or direction, war, revolution, act of terrorism, riot or civil commotion, strikes, lock outs and industrial action, failure of supplies of power, fuel, transport, equipment, raw materials or other goods or services including telecommunications and internet services;
"Intellectual Property Rights” means any and all rights in and to any patent, copyright, database, design, trade mark, service mark, domain name, know-how, utility model, business method or process, whether such right is registered or not, or where relevant, any application for any such right, or other industrial or intellectual property right anywhere in the world;
"Intruder Portal" means the online portal (as may be modified by Intruder from time to time) through which the Customer and Customer Users can manage their Target(s) and view their security Weaknesses;
“Order” means the specific order for the AI Pentest Service as accepted by Intruder during the relevant sign up process;
"Party" or "Parties" means Intruder and/or the Customer as the context may require;
“Platform” means the Intruder software platform, including the Intruder Portal, via which the Service is made available, including all versions, amendments and improvements thereto and/or any other tools, methods, models, know how, code, functionality or other elements owned or developed by Intruder;
“Platform Data” means all usage and/or statistical or other data, information, learnings or know how related to and/or derived from the use of the Platform by customers and users, only in anonymized and aggregated form, and at all times not including any data or information that could individually identify a Customer.
“Service” means the single AI Pentest to be provided by Intruder under this Agreement, in accordance with the scope of the relevant Order, including the creation and delivery of one AI Pentest Report;
"Service Specification" means the specification of the AI Pentest Service set out at https://www.intruder.io/pentest-pricing as updated and amended from time to time by Intruder to reflect changes, enhancements and improvements that it makes to the Intruder systems and technology, which will at all times in any event be subject to the AI Pentest Process, Acknowledgements and Disclaimers at Annex 1;
"Target(s)" means an individual computer system as identified by the IP address, hostname or other unique identifier assigned to it. Where the same computer system is monitored via multiple IP addresses, hostnames, or other identifiers, each separate entry in the Intruder Portal will count as a unique system;
"Weakness" means a particular configuration, software patch level, or application code deployment which is perceived as likely to, or can be demonstrated to reduce or undermine the security of Target(s), or the information stored, processed or transmitted by it;
1.2 Drafting Conventions
(a) The headings in this Agreement are inserted for convenience only and shall not affect the interpretation or construction of this Agreement.
(b) Words expressed in the singular shall include the plural and vice versa. Words referring to a particular gender include every gender. References to a person include an individual, company, body corporate, corporation, unincorporated association, firm, partnership or other legal entity.
(c) The words "other", "including" and "in particular" shall not limit the generality of any preceding words or be construed as being limited to the same class as any preceding words where a wider construction is possible.
(d) All references in this Agreement to clauses are to the clauses in these Terms and Conditions unless otherwise stated.
2 The Service
2.1 Subject to acceptance of a relevant Order by Intruder, and receipt of the Fees in accordance with the relevant payment terms, and subject to compliance by the Customer with the scope of the relevant Order and the terms of this Agreement, Intruder agrees to provide the Customer with the Service.
2.2 The Customer may, subject to the scope of the relevant Order:
(a) use the Service for the Customer's own internal business purposes in relation to its own Target(s);
(b) use the Service to provide services to its own End Customers, by including its End Customer’s systems in the Target(s).
2.3 The Service includes the execution of a single AI Pentest against the defined Target(s) and the delivery of a single AI Pentest Report. The Customer is not entitled to repeat, re-run or extend the AI Pentest, nor to add additional Target(s), nor to substitute Target(s) after launch, without placing a further Order.
2.4 The Service must be used within 12 months of the Order. In the event it is not used within the time limit, there will be no refund or credit given.
2.5 For the avoidance of doubt, the scope of the AI Pentest Service will be as set out in the Order and includes the Target(s) identified in the Order, along with any domains, services or resources upon which those Target(s) depend for their normal function, along with any additional scope or instructions provided by the Customer to the AI Pentest Agent during the use of the Service. Intruder will not knowingly test any system outside that scope.
2.6 For the avoidance of doubt the Customer may not permit its End Customers to use the Service or access the Platform directly, and the Customer must at all times use the Service on behalf of its End Customers. The Customer is responsible for ensuring that only employees, agents and consultants authorized and permitted by the Customer can access and use the Service. Only employees, agents and consultants of the Customer are entitled to be Customer Users.
2.7 The Customer shall be responsible for all access to and use of the Service as enabled by the Customer via the Customer’s account and or Customer Users’ login credentials.
2.8 In connection with its supply of the Service, Intruder may be required to process personal data on behalf of the Customer. In such circumstances the parties will each comply with the terms and conditions of Schedule 1 – the Data Processing Agreement.
3 Customer Systems and Customer Responsibilities
3.1 The Customer shall perform or comply with the Customer responsibilities under this Agreement and agrees that Intruder's provision of the Service is dependent on the Customer performing or complying with the Customer responsibilities.
3.2 The Customer authorises and permits Intruder to access the Customer's systems and networks (including without limitation the Target(s) and any applications or data held on such network and systems) for the purposes of the Computer Misuse Act 1990 (as updated, replaced and amended from time to time) and / or other relevant legislation and regulations in the relevant territories, and represents it has authority and will have authority at all times during this Agreement, to give such permission. To the extent permitted by law, the Customer waives any rights or protections it may have under the Computer Misuse Act 1990 and / or equivalent local legislation, with respect to Intruder's activities performed in the course of providing the Service, save in the event of negligence, fraud or wilful misconduct on the part of Intruder.
3.3 The Customer warrants and represents that it has and will have at all times during this Agreement, all necessary permissions, authorizations and consents from the owners or licensors of the Customer's systems and networks and or those of the End Customer (including without limitation the Target(s) and any hosting provider, cloud provider, software-as-a-service provider, infrastructure provider or other party whose authorisation is required for the AI Pentest) to enable the Service to be provided to the Customer.
3.4 The Customer warrants and represents that where it uses the Service in any jurisdiction or territory other than the UK, it shall be wholly responsible for ensuring that the use of the Service in that jurisdiction or territory complies with applicable laws or regulation.
3.5 The Customer shall not and shall not permit any third party to:
(a) attempt to download, copy, modify, create derivative works from, frame, mirror, republish or distribute any portion of the Platform except to the extent expressly set out in this Agreement; or
(b) attempt to copy, adapt, decompile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Platform, except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties;
(c) use any knowledge or information acquired in relation to the Platform or Service in order to build a software product which competes with the Platform;
(d) resell, sublicense or otherwise use the Platform or Service to provide services to third parties, save as permitted under clause 2.2.
4 AI Pentest Process, Acknowledgments and Disclaimers
4.1 The Customer specifically acknowledges that the use of the Service to conduct an AI Pentest comes with inherent risks. Whilst Intruder will use all reasonable endeavours to avoid and mitigate such risks, the Customer specifically and expressly acknowledges and accepts the Process, Acknowledgments and Disclaimers set out in Annex 1.
4.2 The Customer also acknowledges that the Service is not built specifically as a service for the Customer or the Target(s) and is not guaranteed to and may not identify all Weaknesses that can impact or affect systems.
4.3 Intruder shall not be responsible for any damage or loss that the Customer, any Customer User or End Customer may suffer, whether directly or indirectly as a result of use and provision of the Service as intended, and / or in relation to any Weakness that is not identified by the Service.
5 Intellectual Property
5.1 Intruder has, at its sole cost, created, licensed and developed the Service and the technology and systems including the Platform that form part of the Service.
5.2 As between the Parties, all Intellectual Property Rights in the Service, the Platform and the Platform Data belong to Intruder.
5.3 This Agreement shall not constitute a transfer of any Intellectual Property Rights in the Service or Platform to the Customer, nor grant the Customer any rights to the Service or Platform, (including any Intellectual Property Rights in the same) other than as set out in clause 2.
6 Fees
6.1 The Fee under this Agreement is payable by the Customer in full and cleared funds on the Effective Date and in any event in advance of any access to the Service.
6.2 The Fee payable under this Agreement is exclusive of value added, sales, withholding or any similar tax, import or customs duties, which shall be paid in addition by the Customer to Intruder at the then prevailing rate.
6.3 If any sum payable under this Agreement is not paid when due then until payment is made in full Intruder shall be entitled to:
(a) suspend access to the Service; and
(b) charge interest on any overdue payment at the rate of 4% per annum above the base rate of the Bank of England.
6.4 The Service must be used within 12 months of the Order. In the event it is not used, there will be no refund or credit given.
7 Confidentiality
7.1 Each Party shall keep and procure to be kept secret and confidential all Confidential Information of the other Party disclosed or obtained as a result of the relationship of the Parties under this Agreement and shall not use nor disclose the same except in relation to the performance of this Agreement or with the prior written consent of the other Party. Where disclosure is made by a Party of the other Party's Confidential Information, to any employee, agent or consultant, it shall be done subject to obligations equivalent to those set out in this Agreement. Each Party agrees to use its best endeavors to procure that any such employee, agent or consultant complies with such obligations provided that each Party shall continue to be responsible to the other Party in respect of any disclosure or use of such Confidential Information by a person to whom disclosure is made.
7.2 The obligations of confidentiality in this clause shall not extend to any information which the other Party can show:
(a) is in, or has become part of, the public domain other than as a result of a breach of the obligations of confidentiality under this Agreement; or
(b) was in its written records prior to the date of this Agreement and not subject to any confidentiality obligations; or
(c) was independently disclosed to it by a third party entitled to disclose the same; or
(d) is required to be disclosed under any applicable law, or by order of a court or governmental body or authority of competent jurisdiction.
7.3 The Customer shall ensure that the Customer Users are aware of and undertake to comply with the obligations of confidentiality set out in this clause.
7.4 This clause shall survive termination of this Agreement.
8 Warranties and Indemnities
8.1 Subject to clauses 4 and 8.2, Intruder warrants that:
(a) the Service shall comply in all material respects with the Service Specification and shall be provided with all reasonable skill and care and good industry practice.
(b) it has full right, power and authority to enter into this Agreement; and
(c) the Platform and Service will, to the best of its knowledge, contain nothing that infringes the statutory, common law, or Intellectual Property Rights of any third party.
8.2 Save as expressly set out here, any other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this Agreement whether by statute, common law or otherwise, are hereby excluded to the fullest extent permitted by law, including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality and fitness for purpose.
8.3 The Customer warrants that:
(a) it, and its representative signing up to the Agreement, has full right, power and authority to enter into this Agreement;
(b) it has all the rights, licenses, permits, approvals and clearance of third party rights as required by applicable laws and as are necessary to perform its obligations and allow Intruder to perform its obligations under this Agreement;
8.4 Intruder will indemnify the Customer from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the Customer payable in relation to any third party claims or actions as a result of or in connection with any breach by Intruder of clause 8.1.
8.5 The Customer will indemnify Intruder from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against Intruder payable in relation to any third party claims or actions as a result of or in connection with any breach by the Customer of clause 8.3 and/or clauses 3.2, 3.3 and 3.4.
8.6 Each Party will fully indemnify the other from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the other as a result of or in connection with any breach by the other of clause 7 (Confidentiality).
8.7 In all cases the indemnified party agrees to:
(a) promptly notify the indemnifying party of any allegation of infringement or other claim that may give rise to reliance on an indemnity, which comes to its attention, and give the indemnifying party all reasonable assistance subject to reimbursement by the indemnifying party of the indemnified party’s costs so incurred;
(b) not to make any admission, settle, compromise or negotiate the settlement of any such claim without the prior consent of the indemnifying party (such consent not to be unreasonably withheld) provided that the indemnifying party considers and defends any claim diligently, using competent counsel and in such a way as not to bring the reputation of the indemnified party into disrepute; and
(c) allow the indemnifying party to conduct and settle all negotiations and proceedings, save that the indemnifying party may not conclude settlement of any negotiations and proceedings which may have a material effect (whether financial, practical or in terms of reputation) on the indemnified party without the indemnified party’s prior written consent which will not be unreasonably withheld.
9 Limitation of Liability
9.1 Nothing in this Agreement shall exclude or limit:
(a) either Party’s liability for death or personal injury caused by that Party’s negligence, fraud or fraudulent misrepresentation, or any liability which cannot be legally excluded or limited;
(b) the Customer's liability to pay the Fees.
9.2 Subject to clause 9.1, neither party will be liable, whether in contract, tort (including negligence) breach of statutory duty, or otherwise, for any of the following losses or damage (whether or not such losses or damage were direct, foreseen, foreseeable, known or otherwise) howsoever arising in respect of any: special, indirect, incidental or consequential loss or damage; loss of actual or anticipated profits; loss of business or contracts; loss of revenue or of the use of money; loss of anticipated savings; and/or loss of goodwill, arising out of or in connection with this Agreement.
9.3 Subject to clauses 9.1, the maximum aggregate liability of Intruder to the Customer for all claims arising in connection with this Agreement whether in contract, tort (including negligence) or breach of statutory duty, misrepresentation or otherwise shall be limited £1,000,000 (one million pounds).
9.4 Intruder shall have no liability towards any End Customer.
10 Term, Termination and Suspension
10.1 This Agreement will begin on the Effective Date and continue until the Service has been fulfilled, subject to a maximum period of 12 months in accordance with clause 2.4, unless terminated in accordance with these terms.
10.2 Either Party may terminate this Agreement if the other party commits a material breach of this Agreement that is capable of remedy and which the party in breach has not remedied within 30 days of a receipt of a written notice identifying the breach.
10.3 Intruder may terminate this Agreement immediately and/or suspend the Service without notice if the Fee has not been received by the due date, or if the provision of the Service is found to be unlawful in the jurisdiction or territory in which it is used.
10.4 In the event of any termination of this Agreement by Intruder under clause 10.2 or 10.3, Intruder will not refund nor shall credit, and the Customer will not be entitled to any refund or credit for, any portion of the Fee for any unused part of the Service.
10.5 Upon termination of this Agreement for any reason whatsoever:
(a) the relationship of the Parties shall cease and all rights granted under this Agreement to access and use the Service shall cease immediately;
(b) any provision which is expressly or by implication intended to come into force or remain in force on or after termination will continue in full force and effect.
10.6 The termination of this Agreement shall be without prejudice to the rights and remedies of either Party which may have accrued up to the date of termination.
11 Force Majeure
11.1 A Party will not be in breach of this Agreement nor liable for any failure or delay in performance of any obligations (except for those in relation to payment) under this Agreement, and the date for performance of the obligations affected will be extended accordingly, as a result of Force Majeure, provided that such Party shall:
(a) promptly notify the other Party in writing of the matters constituting the Force Majeure and shall keep that Party fully informed of their continuance and of any relevant change of circumstances whilst such Force Majeure continues; and
(b) take all reasonable steps available to it to minimize its effects on the performance of its obligations under this Agreement.
11.2 If Force Majeure continues for longer than 30 days' either Party may, whilst the Force Majeure continues, immediately terminate this Agreement by notice in writing to the other.
12 Parties
12.1 The Customer may not assign, transfer, charge or otherwise dispose of all or any of its rights and responsibilities under this Agreement.
12.2 A person who is not a Party to this Agreement has no rights (whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise) to enforce any provision of this Agreement.
12.3 Neither Party may pledge the credit of the other Party nor represent itself as being the other Party nor an agent, partner, employee or representative of the other Party and neither Party may hold itself out as such nor as having any power or authority to incur any obligation of any nature, express or implied, on behalf of the other.
12.4 Nothing in this Agreement, and no action taken by the Parties pursuant to this Agreement creates, or is deemed to create, a partnership or joint venture or relationship of employer and employee or principal and agent between the Parties.
13 Construction
13.1 Entire Agreement
(a) This Agreement contains the entire agreement between the Parties in relation to its subject matter and supersedes any prior arrangement, understanding written or oral agreements between the Parties in relation to such subject matter.
(b) The Parties acknowledge that this Agreement has not been entered into wholly or partly in reliance on, nor has either Party been given, any warranty, statement, promise or representation by the other or on its behalf other than as expressly set out in this Agreement.
(c) Each Party agrees that the only rights and remedies available to it arising out of or in connection with any warranties, statements, promises or representations will be for breach of contract and irrevocably and unconditionally waives any right it may have to any claim, rights or remedies including any right to rescind this Agreement which it might otherwise have had in relation to them.
(d) All warranties, conditions, terms and representations not set out in this Agreement whether implied by statute or otherwise are excluded to the extent permitted by law.
(e) Nothing in this clause will exclude any liability in respect of misrepresentations made fraudulently.
13.2 Severability of provisions
(a) If at any time any part of this Agreement is held to be or becomes void or otherwise unenforceable for any reason under any applicable law, the same shall be deemed omitted from this Agreement and the validity and/or enforceability of the remaining provisions of this Agreement shall not in any way be affected or impaired as a result of that omission.
(b) If any void or unenforceable part of this Agreement would be valid and enforceable if some part of it were deleted, the part shall apply with the minimum modification necessary to make it valid and enforceable.
13.3 Waiver. The rights and remedies of either Party in respect of this Agreement shall not be diminished, waived or extinguished by the granting of any indulgence, forbearance or extension of time granted by that Party to the other nor by any failure of, or delay in ascertaining or exercising any such rights or remedies. Any waiver of any breach of this Agreement shall be in writing. The waiver by either Party of any breach of this Agreement shall not prevent the subsequent enforcement of that provision and shall not be deemed to be a waiver of any subsequent breach of that or any other provision.
14 Contract Administration
14.1 Variation. No purported alteration or variation of this Agreement shall be effective unless it is in writing, refers specifically to this Agreement, and is signed or otherwise expressly agreed to by each of the Parties to this Agreement.
14.2 Language. This Agreement is entered into in the English language. All amendments or correspondence concerning or relating to this Agreement and all notices given and all documentation to be delivered by either Party to the other under this Agreement shall be written in the English language or shall be accompanied by an English translation prepared by such person or body as the Parties shall have approved in advance. If there is any conflict in meaning between the English language version and any version or translation of this Agreement in any other language the English version shall prevail.
14.3 Notices
(a) Any notices sent under this Agreement must be in writing, sent and delivered by email to contact@intruder.io.
(b) Notices shall be served to the addresses set out above or to such other email address and/or address as the relevant Party may give notice to the other Party for the purpose of service of notices under this Agreement. The deemed time of delivery of notice by email shall be 9:00am recipient’s time on the first Business Day after sending and proof of service of email despatched in a legible and complete form to the correct email address without any error message.
14.4 Complaints. Formal complaints relating to the Service must be delivered either by email to contact@intruder.io, or via the in-app customer support widget.
15 Applicable Law and Jurisdiction
15.1 This Agreement and any issues, disputes or claims arising out of or in connection with it (whether contractual or non-contractual in nature) shall be governed by, and construed in accordance with, the laws of England.
15.2 All disputes or claims arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the English Courts to which the Parties irrevocably submit.
16 Publicity
Intruder shall be entitled to describe the Customer as a customer of this Service and include its name on marketing and promotional materials. In addition and on reasonable notice the Customer shall act as a referee for Intruder in respect of prospective customers of Intruder for the Service.
Annex 1
AI Pentest Process, Acknowledgements and Disclaimers
1 Customer Acknowledgment of Risk.
The Customer acknowledges that an AI Pentest simulates the activity of a real attacker and uses AI-assisted tooling that operates with a degree of autonomy. The Customer acknowledges in particular that:
(a) by design, Intruder's AI Pentest tooling is exploratory and non-deterministic, adapting its actions to what it discovers during the engagement, and the specific actions taken in any given engagement cannot be predicted in advance and may differ from one execution to another;
(b) the AI Pentest Agent is configured to avoid destructive actions where possible, but the Customer acknowledges that the AI Pentest may still result in state-changing and potentially destructive operations on the AI Pentest Target(s), including without limitation: the creation, modification or deletion of data, records, files, database tables or user accounts; the upload of files; the submission of forms; the sending of messages or notifications from the AI Pentest Target(s); the issuing of commands intended to validate whether a Weakness is exploitable (which may include destructive operations such as data deletion, file removal, or modification of system state); and the triggering of automated workflows or third-party integrations;
(c) the AI Pentest may trigger alerts, notifications, billing events, fraud-prevention measures or other automated responses within the Customer's own systems or those of its service providers;
(d) the AI Pentest may, where it identifies an exploitable Weakness, demonstrate that exploitation by carrying it out, which may result in temporary states of the AI Pentest Target(s) that did not exist prior to the AI Pentest;
(e) as with any penetration test, Intruder cannot guarantee the security of the AI Pentest Target(s) at any stage before, during or after the AI Pentest, nor that the AI Pentest will identify every Weakness present;
(f) as with any penetration test, the results may include false positives (findings reported as Weaknesses which, on independent verification, are not present or are not exploitable in the manner described). Intruder takes reasonable steps to minimise false positives but cannot eliminate them entirely, and the Customer is responsible for validating findings before undertaking remediation activity;
(g) the AI Pentest Agent processes content received from the AI Pentest Target(s) in the course of its testing, and such content may contain adversarial inputs (commonly known as prompt injection) deliberately or inadvertently designed to influence the AI Pentest Agent 's behaviour. While Intruder applies safeguards in accordance with section 2 below, the Customer acknowledges that Intruder cannot guarantee absolute prevention of such influence.
IN ANY EVENT the Customer expressly acknowledges and agrees and that any actions taken by the AI Pentest Agent within the AI Pentest Target(s) remain within the scope of the Customer's authorisation under clause 3 of the Agreement, and that the possible consequences described above and in this Annex are not a breach of the Agreement and the Customer accepts such consequences at its own risk, save to the extent caused by a breach by Intruder of the Agreement and subject to clause 9.1(a).
2 Intruder safeguards.
Intruder maintains technical and organisational measures designed to:
(a) operate the AI Pentest Agent within the scope set out in the Agreement;
(b) apply industry-standard prompt injection mitigations to the AI Pentest Agent, including by submitting prompts used by the AI Pentest Agent to a third-party prompt injection detection service for screening;
c) ensure isolation of context, prompts, intermediate state and outputs between AI Pentests for different Customers, such that no Customer data is reused, exposed or commingled in another Customer's AI Pentest.
The Customer acknowledges that the measures described in this section 2 reduce but do not eliminate the risks described in section 1 above.
3 Treatment of source code and other Customer data ingested by the AI Pentest.
(a) Where the Customer provides source code or other data to the AI Pentest Agent, that data is processed solely within the engagement's testing container for the duration of the engagement, and is deleted on engagement teardown. Intruder does not retain Customer source code or other ingested data after the engagement ends, save where excerpts are required for delivery of the AI Pentest results or Reports.
(b) Notwithstanding section 3(a), source code excerpts may be retained for improving the AI Pentest service, but will be deleted within 30 days of engagement teardown. Intruder personnel will not access any complete copy of a source code repository provided by the Customer.
(c) AI model providers used in delivering the AI Pentest act as sub-processors. Customer data ingested by the AI Pentest is not used to train, fine-tune or otherwise improve any AI model.
(d) The Customer retains all Intellectual Property Rights in source code and other data provided to the AI Pentest. Nothing in this Agreement transfers any such rights to Intruder.
4 Customer Responsibilities – targets and environments.
(a) The Customer is solely responsible for selecting AI Pentest Target(s) appropriate for active automated security testing.
(b) Intruder strongly recommends that AI Pentests be performed against non-production, staging or test environments wherever feasible. Where the Customer selects a production environment as an AI Pentest Target(s), the Customer warrants that it has:
(i) taken adequate backups and/or system snapshots immediately prior to the AI Pentest;
(ii) the ability to roll back any changes made during the AI Pentest; and
(iii) considered and accepted the risk of disruption to its business operations, end users and third parties as a result of the AI Pentest.
(c) Prohibited Target(s). The Customer warrants that no AI Pentest Target(s) falls within any of the following categories, and the Customer shall not include any such system as an AI Pentest Target(s):
(i) industrial control systems, operational technology (OT), supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), distributed control systems, or any system controlling physical processes, machinery or equipment;
(ii) safety-instrumented systems, life-safety systems, fire suppression systems, or any system whose failure, disruption or unauthorised modification could result in death, personal injury or harm to physical health;
(iii) medical devices, hospital information systems, or any system in active use in the diagnosis, monitoring, treatment or care of patients;
(iv) vehicles, aircraft, marine vessels, autonomous or semi-autonomous systems, or any system integrated with the control, navigation or safety functions of any of the foregoing;
(v) any system which the Customer does not own or operate, and for which the Customer has not obtained authorisation as required by clause 3 of the Agreement.
(d) The Customer acknowledges that breach of section 4(c) is a material breach of the Agreement. In the event of breach, Intruder may, in its sole discretion and without prejudice to any other rights or remedies:
(i) immediately suspend or terminate the AI Pentest without notice and without refund of Fees; and
(ii) refuse to provide the AI Pentest Report or, where the AI Pentest Report has already been delivered, withdraw it and require its destruction.
(e) The Customer shall indemnify Intruder, from or in connection with any breach by the Customer of section 4(c), which will be added to and dealt with under the indemnity in clause 8.3 of the Agreement.
5 Conduct and suspension/halt of the AI Pentest
(a) Customer Halt. Intruder shall make available to the Customer, at all times during the engagement , a control accessible through the Intruder Portal through which the Customer may halt the AI Pentest immediately ("Customer Halt"). On a Customer Halt:
(i) Intruder shall halt all AI Pentest activity against the AI Pentest Target(s) without delay; and
(ii) Intruder shall confirm to the Customer through the Intruder Portal when halt is complete.
(b) The Customer acknowledges that a Customer Halt halts further activity by the AI Pentest Agent but does not interrupt actions already initiated by the AI Pentest Agent at the moment halt is activated (which may complete before halt is achieved), and does not undo or roll back actions already taken on the AI Pentest Target(s). The Customer further acknowledges that any AI Pentest activity occurring between Customer Halt and halt completion remains within the scope of the Customer's authorisation under clause 3 of the Agreement.
(c) Intruder right to suspend or halt. Intruder may, in its sole and absolute discretion, suspend or halt an AI Pentest where Intruder identifies or considers that continued testing poses a risk to the AI Pentest Target(s), to third parties, to Intruder's testing infrastructure, or to the integrity or accuracy of the AI Pentest. The Customer acknowledges that Intruder has no duty or obligation to actively monitor or supervise the AI Pentest for such risks, and Intruder shall have no liability for any failure to exercise its right to suspend or halt under this section. Where Intruder exercises this right:
(i) Intruder shall notify the Customer as soon as reasonably practicable;
(ii) where the AI Pentest is permanently halted before completion and the cause is not the Customer's breach of this Agreement, Intruder shall re-run the AI Pentest at no additional Fee, subject to the Customer's agreement to the rescheduled timing; and
(iii) Intruder shall have no further obligation to deliver an AI Pentest Report in respect of the halted engagement.
(d) Model provider and infrastructure dependencies. The AI Pentest relies on AI model providers, cloud infrastructure and other supporting services operated by third parties. The Customer acknowledges that outages, degraded performance or interruptions in those services may delay or interrupt the AI Pentest. Ongoing infrastructure status is published on Intruder's status page at https://status.intruder.io, to which the Customer may subscribe for updates. Where any such issue causes a delay or interruption to the AI Pentest exceeding 24 hours, Intruder shall notify the Customer directly. Where third-party service issues have prevented the AI Pentest from running substantially in accordance with the agreed scope of the AI Pentest Order, Intruder shall re-run the AI Pentest (or the affected portion of it) at no further Fee, and shall not represent the AI Pentest as complete or deliver the AI Pentest Report as final until it has so run.
6. Delivery of AI Pentest Report
(a) The AI Pentest Report shall be made available to the Customer for download in the Intruder Portal upon completion of the AI Pentest.
(b) The AI Pentest Report will be provided in PDF format and will include a description of the Weaknesses identified, an opinion on the impact and likelihood of exploitation, supporting evidence, and suggested remediation advice.
(c) The Customer may use, copy and distribute the AI Pentest Report internally for its own business purposes, and may share the AI Pentest Report only with its own customers, regulators, auditors and professional advisors to demonstrate compliance with its security obligations. The Customer shall not share the AI Pentest Report with any other third party, and is specifically restricted from sharing the AI Pentest Report with any entity that provides security testing services in competition with Intruder, without Intruder's prior written consent.