Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.
View
Effective as of March 15, 2023
THIS CUSTOMER AGREEMENT AND ITS CORRESPONDING ORDER FORM(S) (COLLECTIVELY REFERRED TO AS THIS “AGREEMENT”) GOVERN CUSTOMER’S USE OF SECURITI, INC.’S (“SECURITI”) SECURITI PRODUCT (DEFINED BELOW). PLEASE READ THE TERMS AND CONDITIONS OF THIS AGREEMENT CAREFULLY BEFORE USING THE SECURITI PRODUCT. BY EXECUTING AN ORDER FORM FOR THE SECURITI PRODUCT EITHER DIRECTLY OR INDIRECTLY, OR BY ACCEPTING THIS AGREEMENT BY ANY ONLINE OR DIGITAL PROCESS, CUSTOMER HEREBY ACCEPTS THE TERMS AND CONDITIONS SET OUT BELOW. THE INDIVIDUAL ACCEPTING THIS AGREEMENT HEREBY REPRESENTS THAT SUCH INDIVIDUAL IS AN AUTHORIZED REPRESENTATIVE OF THE CUSTOMER LISTED ON AN ORDER FORM AND IS AUTHORIZED TO OBLIGATE SUCH CUSTOMER TO ALL TERMS AND CONDITIONS IN THIS AGREEMENT, AND SUCH INDIVIDUAL ACKNOWLEDGES THAT SECURITI RELIES ON SUCH REPRESENTATION IN ENTERING INTO THIS AGREEMENT. SECURITI MAY MODIFY THIS AGREEMENT FROM TIME TO TIME, AND CHANGES TO THIS AGREEMENT WILL BE POSTED ON THE SECURITI WEBSITE AND REVISIONS WILL BE INDICATED BY VERSION DATE. CUSTOMER AGREES TO BE BOUND TO ANY CHANGES TO THIS AGREEMENT WHEN CUSTOMER USES THE SECURITI PRODUCT AFTER ANY SUCH MODIFICATION BECOMES EFFECTIVE. MODIFICATIONS TO THIS AGREEMENT WILL BECOME EFFECTIVE UPON THE RENEWAL OF AN ORDER FORM. THE “EFFECTIVE DATE” OF THIS AGREEMENT IS THE DATE THIS AGREEMENT IS ACCEPTED BY CUSTOMER.
THESE TERMS ARE ONLY AVAILABLE FOR ONLINE PURCHASES OF THE SECURITI AGREEMENT AND MAY NOT BE USED OR REFERRED TO FOR PURCHASES OF THE SECURITI PRODUCT THROUGH ANY OTHER CHANNEL.
Securiti is the developer of Data Privacy, Security, Governance and Compliance solutions across hybrid and multicloud environments. Customer desires to use certain functions of the Securiti platform to enhance their privacy and/or security practices.
The following terms, when used in this Agreement will have the following meanings:
“Affiliates” means an entity that directly or indirectly Controls, is Controlled by, or is under common Control with another entity, so long as such Control exists. For the purposes of this definition, “Control” means beneficial ownership of 50% or more of the voting power or equity in an entity.
“Authorized Users” means the employees, contractors and service providers of Customer or its Affiliates who are authorized to access and use the Securiti Product on behalf of Customer and its Affiliates.
“CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code, 1798.100 - 1798.198, as amended.
“Confidential Information” means any information or data disclosed by either party that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential in light of the nature of the information and the circumstances surrounding disclosure. However, “Confidential Information” will not include any information which (a) is in the public domain through no fault of receiving party; (b) was properly known to receiving party, without restriction, prior to disclosure by the disclosing party; (c) was properly disclosed to receiving party, without restriction, by another person with the legal authority to do so; or (d) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information. Customer Data and any data or information that identifies Customer’s business or business practices (e.g., number of Customer Data records, number of consumer requests or responses processed) is the Confidential Information of Customer. The Securiti Product is the Confidential Information of Securiti.
“Customer Data” means Personal Information, as defined in the CCPA or Personal Data, as defined in the GDPR or the UK GDPR that is uploaded by, or on behalf of, Customer to the Securiti Product (excluding the components downloaded to Customer's environment).
“Documentation” means the printed and digital instructions, on-line help files, technical documentation and user manuals made available by Securiti for the Securiti Product.
“Order Form” means an order form, quote or other similar document that sets forth the specific Securiti Product and pricing therefor, and that references this Agreement and is mutually executed by the parties.
“Professional Services” means any implementation, training, configuration, consulting, data migration, conversion, integration setup, or other services provided by Securiti to Customer, as set forth in an Order Form.
“Securiti Product” means the web-based application, as well as certain downloadable components that must deployed within Customer’s environment, made available to Customer by Securiti via a subscription. Securiti will host and operate such web-based application on computer servers accessible by Customer over the Internet. “Securiti Product” excludes any Customer Data contained or processed therein.
Subject to the terms and conditions of this Agreement and the Service Level Agreement (SLA) attached in Exhibit A, Securiti will make certain functions of the Securiti Product available to Customer pursuant to this Agreement and the applicable Order Form, and hereby grants Customer a non-exclusive right to access and use the Securiti Product for its privacy compliance purposes. Customer may extend the rights granted herein to its Affiliates, provided that it will ensure their compliance with this Agreement and be responsible for their acts and omissions hereunder, in each case as if they were Customer hereunder. Customer hereby grants to Securiti a royalty-free, worldwide, non-exclusive, fully paid-up license to use the Customer Data (as defined below) in order to perform and provide the Securiti Product and Professional Services for the benefit of Customer or for the purpose of enhancing product or services in accordance with the terms of this Agreement.
Securiti will maintain a security program materially in accordance with industry standards that is designed to reasonably (i) ensure the security and integrity of Customer data uploaded by, or on behalf of, Customer to the Securiti Product (“Customer Data”); (ii) protect against threats or hazards to the security or integrity of Customer Data; and (iii) prevent unauthorized access to Customer Data. Securiti’s security safeguards include measures for preventing access, use, modification or disclosure of Customer Data by Securiti personnel except (a) to provide the Securiti Product and prevent or address service or technical problems, (b) as required by applicable law, or (c) as Customer expressly permits in writing or under this Agreement. Securiti will comply with the Security Exhibit attached hereto as Exhibit B, and will provide to Customer, upon request, Securiti’s most recently completed Service Organization Control 2 (SOC2) audit reports or industry-standard successor report ("Controls Reports"). Securiti will not materially diminish the protections provided in this Section during the term of this Agreement.
The rights granted herein are subject to the following restrictions. Customer will not directly or indirectly:
Customer may permit its Authorized Users to use the Securiti Product and such access rights shall not be shared with any third parties other than Authorized Users. The number of Authorized Users accessing the Securiti Product shall not exceed the maximum number of Authorized Users specified in the Order Form.
Securiti may, from time to time, implement enhancements, upgrades, updates, improvements, modifications, extensions and other changes to the Securiti Product. Securiti shall provide Customer with access to all such changes to the specific Securiti Product subscribed to by Customer in an existing Order Form without separate charge.
Securiti agrees to comply with the Service Level Agreement attached hereto as Exhibit A.
Customer will pay Securiti the fees set forth in an Order Form. Except as otherwise specified herein or in any applicable Order Form, (a) fees are quoted and payable in United States dollars and (b) payment obligations are non-cancelable and non-pro-ratable for partial months, and fees paid are non-refundable, except as otherwise expressly provided herein. Effective upon the renewal of the term of an Order Form, Securiti may increase the applicable fees by an amount up to five percent (5%). Customer is not liable for any expenses incurred by Securiti (including travel, meals and hotels) except as otherwise pre-approved in writing by Customer.
Securiti may suspend access to the Securiti Product immediately upon notice to Customer if Customer fails to pay any non-disputed amounts hereunder at least thirty (30) days past the applicable due date. Undisputed late payments may incur a fee of one and one-half percent (1 ½ %) per month or the highest rate allowable under applicable law, if less, and Customer will be responsible for the cost of collection for any such amounts, including attorneys’ fees.
All amounts payable hereunder are exclusive of any sales, use and other taxes or duties, however designated (collectively “Taxes”).Customer will be solely responsible for payment of all Taxes, except for those taxes based on the income of Securiti. Customer will not withhold any taxes from any amounts due to Securiti, provided that if Customer is required by law to withhold any taxes then the invoiced amount shall be deemed increased so that the amount payable by Customer after such withholding equals the invoiced amount.
As between the parties, Securiti exclusively owns all right, title and interest in and to the Securiti Product (including any Securiti Product trademarks), and Securiti’s Confidential Information, including all System Data. “System Data” means anonymized user and other data collected by Securiti regarding the Securiti Product that may be used to generate logs, statistics and reports regarding performance, availability, integrity and security of the Securiti Product. Customer exclusively owns all right, title and interest in and to the Customer Data and Customer’s Confidential Information.
Customer may from time to time provide Securiti suggestions or comments for enhancements or improvements, new features or functionality or other feedback with respect to the Securiti Product. Securiti will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features or functionality. Securiti will have the full, unencumbered right, without any obligation to compensate or reimburse Customer, to use, incorporate and otherwise fully exercise and exploit any such feedback in connection with its products and services.
Each party agrees that it will use the Confidential Information of the other party solely in accordance with the provisions of this Agreement and it will not disclose, or permit to be disclosed, the same directly or indirectly, to any third party without the other party’s prior written consent, except as otherwise expressly permitted hereunder. However, either party may disclose Confidential Information (a) to its employees, officers, directors, attorneys, auditors, financial advisors and other representatives who have a need to know and are legally bound to keep such information confidential by confidentiality obligations consistent with those of this Agreement; and (b) as required by law (in which case the receiving party will provide the disclosing party with prior written notification thereof, will provide the disclosing party with the opportunity to contest such disclosure, and will use its reasonable efforts to minimize such disclosure to the extent permitted by applicable law). Neither party will disclose the terms of this Agreement to any third party, except that either party may confidentially disclose such terms to actual or potential lenders, investors or acquirers. Each party agrees to exercise due care in protecting the Confidential Information from unauthorized use and disclosure. In the event of actual or threatened breach of the provisions of this Section or the restrictions in Section 2.3 hereof, the non-breaching party will be entitled to seek immediate injunctive and other equitable relief, without waiving any other rights or remedies available to it. Each party will promptly notify the other in writing if it becomes aware of any violations of the confidentiality obligations set forth in this Agreement.
Both parties. Each party warrants that it has the authority to enter into this Agreement and, in connection with its performance of this Agreement, shall comply with all laws and regulations applicable to such party.
Securiti warrants that the Securiti Products will (i) substantially meet the requirements described in the relevant Order Form during the term of the Order Form consistent with prevailing industry standards, (ii) will substantially conform with the Documentation, and (iii) be free of viruses, malware, malicious code, time bombs, Trojan horses, back doors, drop dead devices, worms, self-replicating or other code of any kind that when used in Customer’s network environment, may alter, destroy, inhibit, disable, or disable or discontinue effective use of the Customer’s systems. The functionality of the Securiti Products ordered will not be decreased during the term of this Agreement. Securiti will perform any Professional Services in a professional and workmanlike manner. For a material breach of the foregoing express warranties contained this Section 5.2, Customer’s exclusive remedy shall be the re-performance of the deficient Securiti Product or Professional Services or, if Securiti cannot re-perform such deficient Securiti Product or Professional Services as warranted, Customer shall be entitled to terminate this Agreement for breach, any Order Form or applicable portion of the Order Form covering such Securiti Product or Professional Services in accordance with Section 8.2 and recover a pro-rata portion of the fees paid to Securiti for such deficient Securiti Product or Professional Services.
Customer warrants that it has all rights necessary to provide any information, data or other materials that it provides hereunder, and to permit Securiti to use the same as contemplated hereunder.
EXCEPT AS EXPRESSLY SET FORTH HEREIN, SECURITI DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMER ACKNOWLEDGES THAT THE SECURITI PRODUCT IS INTENDED ONLY TO AUGMENT CUSTOMER’S PRIVACY PRACTICES, BUT NOT REPLACE, LEGAL AND OTHER PROFESSIONAL ADVISORS. CUSTOMER IS A DATA CONTROLLER, RESPONSIBLE FOR WHICH DATA IT COLLECTS, AND IS RESPONSIBLE FOR ITS OWN PRIVACY POLICIES. EXCEPT AS EXPRESSLY SET FORTH HEREIN, SECURITI DOES NOT WARRANT THAT ACCESS TO THE SECURITI PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ALL DEFECTS AND ERRORS IN THE SECURITI PRODUCTS WILL BE CORRECTED, OR THAT THE SECURITI PRODUCTS AND SERVICES WILL MEET CUSTOMER’S PARTICULAR REQUIREMENTS OR EXPECTATIONS. SECURITI SHALL NOT BE LIABLE OR RESPONSIBLE FOR ANY DELAYS, INTERRUPTIONS, SERVICE FAILURES, AND ANY OTHER PROBLEMS ARISING FROM CUSTOMER’S USE OF THE INTERNET, ELECTRONIC COMMUNICATIONS OR ANY OTHER SYSTEMS. THE PROVISIONS OF THIS SECTION ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN SECURITI AND CUSTOMER. SECURITI’S PRICING REFLECTS THIS ALLOCATION OF RISK AND THE LIMITED WARRANTIES SPECIFIED HEREIN.
Securiti will defend Customer against any claim, demand, suit, or proceeding made or brought against Customer by a third party (“Claim”) (i) alleging that the use of the Securiti Product as permitted hereunder infringes or misappropriates a United States patent, copyright or trade secret or trademark of any third party, or (ii) arising out of any use or disclosure of Customer Data by Securiti in breach of this Agreement and in respect of each Claim described in (i) and (ii) above, Securiti will indemnify Customer for any liabilities, awards, penalties or costs (including reasonable attorneys' fees) in connection with any such Claim (“Costs”); provided that (a) Customer will promptly notify Securiti of such Claim (provided that the failure to provide such notice shall not relieve Securiti of its indemnification obligations except to the extent of any material prejudice directly resulting from such failure), (b) Securiti will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Securiti may not settle any Claim without Customer’s prior written consent, which will not be unreasonably withheld, unless it unconditionally releases Customer of all related liability) and (c) Customer reasonably cooperates with Securiti in connection therewith. If the use of the Securiti Product by Customer has become, or in Securiti’s opinion is likely to become, the subject of any claim of infringement, Securiti may at its option and expense (i) procure for Customer the right to continue using and receiving the Securiti Product as set forth hereunder; (ii) replace or modify the Securiti Product to make it non-infringing (with comparable functionality); or (iii) if the options in clauses (i) or (ii) are determined by Securiti to not be reasonably practicable, terminate this Agreement and provide refund of any prepaid unused fees corresponding to the terminated portion of the applicable subscription term. Securiti will have no liability or obligation with respect to any Claim to the extent such Claim results from (A) compliance with designs, guidelines, plans or specifications provided by Customer, or the use or inclusion of Customer Data; (B) use of the Securiti Product by Customer not in accordance with this Agreement or in violation of any applicable law; (C) modification of the Securiti Product by any party other than Securiti without Securiti’s express consent; (D) Customer Confidential Information or (E) the combination, operation or use of the Securiti Product with other applications, portions of applications, product(s) or services in a manner not reasonably required where the Securiti Product would not by itself be infringing (clauses (A) through (E),“Excluded Claims”). This Section states Securiti’s sole and exclusive liability and obligation, and Customer’s exclusive remedy, for any claim of any nature related to infringement or misappropriation of intellectual property.
Customer will defend Securiti against any Claim made or brought against Securiti by a third party arising out of the Excluded Claims, and Customer will indemnify Securiti for any Costs in connection with any such Claim; provided that (a) Securiti will promptly notify Customer of such Claim (provided that the failure to provide such notice shall not relieve Customer of its indemnification obligations except to the extent of any material prejudice directly resulting from such failure), (b) Customer will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Customer may not settle any Claim without Securiti’s prior written consent, which will not be unreasonably withheld, unless it unconditionally releases Securiti of all liability) and (c) Securiti reasonably cooperates with Customer in connection therewith.
UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL EITHER PARTY OR ITS AFFILIATES, OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS OR CONTRACTORS, BE LIABLE TO THE OTHER UNDER THIS AGREEMENT FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY CHARACTER, INCLUDING DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOST SALES OR BUSINESS, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOST CONTENT OR DATA, EVEN IF A REPRESENTATIVE OF SUCH PARTY HAS BEEN ADVISED, KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) EXCLUDING CUSTOMER’S PAYMENT OBLIGATIONS, ANY DIRECT DAMAGES, COSTS, OR LIABILITIES IN EXCESS OF THE LESSER OF AMOUNTS PAID BY CUSTOMER UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE MONTHS PRECEDING THE INCIDENT OR CLAIM AND $1,000,000.
The term of this Agreement will commence on the Effective Date and continue until terminated as set forth below. The initial term of each Order Form will begin on the Order Form effective date of such Order Form and will continue for the subscription term set forth therein. Except as set forth in such Order Form, the term of such Order Form will automatically renew for successive renewal terms equal to the length of the initial term of such Order Form, unless either party provides the other party with written notice of non-renewal at least thirty (30) days prior to the end of the then-current term.
Each party may terminate this Agreement upon written notice to the other party if there are no Order Forms then in effect. Each party may also terminate this Agreement or the applicable Order Form upon written notice in the event (a) the other party commits any material breach of this Agreement or the applicable Order Form and fails to remedy such breach within thirty (30) days after written notice of such breach or (b) subject to applicable law, upon the other party’s liquidation, commencement of dissolution proceedings or assignment of substantially all its assets for the benefit of creditors, or if the other party become the subject of bankruptcy or similar proceeding that is not dismissed within sixty (60) days.
Upon any termination or expiration of this Agreement: (i) Securiti will terminate Customer’s access to the Securiti Product and will cease providing such services; (ii) Customer shall immediately cease any and all use of and access to any Securiti Products; and (iii) each party hereunder shall return to the other party any and all Confidential Information of the other party in its possession. Termination shall not relieve Customer of the obligation to pay Securiti the fees agreed in an Order Form.
Upon termination of this Agreement all rights and obligations will immediately terminate except that any terms or conditions that by their nature should survive such termination will survive, including the restrictions in Section 2.3 hereof, and terms and conditions relating to proprietary rights and confidentiality, payment, disclaimers, indemnification, limitations of liability and termination and the general provisions below.
Each party will comply with the export laws and regulations of the United States, European Union and other applicable jurisdictions in providing and using the Securiti Product.
Customer agrees that Securiti may refer to Customer’s name and trademarks in Securiti’s marketing materials and website and case studies, provided Customer is allowed to review such use prior to publication. Securiti will not refer to Customer or its business in a press release without Customer’s prior written consent. In addition, Customer agrees to become part of Securiti’s reference program by working with a representative from Securiti’s marketing team to develop a customer profile for use on Securiti’s website. The profile will include a quote from an executive of Customer and Customer’s logo.
Neither party hereto may assign or otherwise transfer this Agreement, in whole or in part, without the other party’s prior written consent, except that either party may assign this Agreement without consent to a successor to all or substantially all of its assets or business related to this Agreement. Any attempted assignment, delegation, or transfer by either party in violation hereof will be null and void. Subject to the foregoing, this Agreement will be binding on the parties and their successors and assigns.
No amendment or modification to this Agreement, nor any waiver of any rights hereunder, will be effective unless assented to in writing by both parties. Any such waiver will be only to the specific provision and under the specific circumstances for which it was given, and will not apply with respect to any repeated or continued violation of the same provision or any other provision. Failure or delay by either party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.
Nothing contained herein will in any way constitute any association, partnership, agency, employment or joint venture between the parties hereto, or be construed to evidence the intention of the parties to establish any such relationship. Neither party will have the authority to obligate or bind the other in any manner, and nothing herein contained will give rise or is intended to give rise to any rights of any kind to any third parties.
If a court of competent jurisdiction determines that any provision of this Agreement is invalid, illegal, or otherwise unenforceable, such provision will be enforced as nearly as possible in accordance with the stated intention of the parties, while the remainder of this Agreement will remain in full force and effect and bind the parties according to its terms.
This Agreement will be governed by the laws of the State of California, exclusive of its rules governing choice of law and conflict of laws. The parties agree to submit to the exclusive jurisdiction of (i) the state courts located in Santa Clara County in the State of California and (ii) the federal courts located in the Northern District of California, with respect to disputes hereunder. This Agreement will not be governed by the United Nations Convention on Contracts for the International Sale of Goods or by Uniform Computer Information Transactions Act (UCITA).
Any notice required or permitted to be given hereunder will be given in writing by personal delivery, certified mail, return receipt requested, by overnight delivery, or by email or fax. Notices will be deemed given upon verifiable receipt
This Agreement comprises the entire agreement between Customer and Securiti with respect to its subject matter, and supersedes all prior and contemporaneous proposals, statements, sales materials or presentations and agreements (oral and written). No oral or written information or advice given by Securiti, its agents or employees will create a warranty or in any way increase the scope of the warranties in this Agreement. Notwithstanding anything to the contrary in this Agreement, a party’s terms and conditions on any purchase or release order, website, click-through agreement, order acknowledgment, invoice or otherwise shall not have any application to this Agreement or the transactions occurring pursuant to this Agreement, unless this Agreement shall be specifically amended in writing by the parties to provide otherwise.
Neither Party will be deemed in breach hereunder for any cessation, interruption or delay in the performance of its obligations due to causes beyond its reasonable control (“Force Majeure Event”), including earthquake, flood, or other natural disaster, act of god, labor controversy, civil disturbance, terrorism, war (whether or not officially declared), cyber-attacks (e.g., denial of service attacks), or the inability to obtain sufficient supplies, transportation, or other essential commodity or service required in the conduct of its business, or any change in or the adoption of any law, regulation, judgment or decree.
For purposes hereof, “including” means “including without limitation”.
IN WITNESS WHEREOF, the duly authorized representatives of each of the parties hereto have executed this Agreement as of the date of the last signature hereof.
|
Customer: By: ___________________________ Name: ________________________ Title: ________________________ |
Securiti, Inc.: By: ___________________________ Name: ________________________ Title: ________________________ |
Securiti provides the following support services:
| Issue Severity | Initial Contact | Status Update |
|---|---|---|
| Critical- Priority 1 (P1) Service is down. No workaround available. |
2 hours | 4 hours |
| High – Priority 2 (P2) The Customer can access the Securiti service, however one or more significant features are unavailable. |
4 hours | 12 hours |
| Medium – Priority 3 (P3) General support questions or other issues that prevent the Customer from using a feature of the Securiti service |
8 hours | 2 business days |
| Low – Priority 4 (P4) Product function is not impaired and has no impact on Customer business. |
24 hours | 4 business days |
Communication Channels:
| COMMUNICATION TOOL | |
|---|---|
| support@securiti.ai | Open a support ticket athttps://app.securiti.ai/#/customer-support or https://app.eu.securiti.ai/#/customer-support |
Customer Technical Contact(s):
| NAME(S) | EMAIL(S) |
|---|---|
Live technical support will not be available on Christmas Day (December 25) and New Year’s Day (January 1). Limited technical support will be available during the hours listed above during Securiti holidays. The current Securiti holidays are set forth below:
Initial privileged customer support accounts will be created for the customer contacts listed above. Additional privileged customer support accounts may be created based on a documented authorization request from a designated customer contact above or by Customer directly.
\To the extent hosted and operated by or on behalf of Securiti, the Securiti Product will be Available for the percentage of the time listed below, measured on a calendar monthly basis (the “Availability Commitment”). “Availability” means that the Securiti Product is available for use by Customer. Availability measures will not include downtime resulting from:
In order to receive the above notification emails, customer should subscribe to notifications on https://status.securiti.ai (or https://status.eu.securiti.ai for our EU Production cloud). Notifications will also be delivered via the portal 60 minutes prior to an upgrade or scheduled maintenance.
The Availability Commitment does not apply to any downtime of the Securiti Product that results from:
Securiti will provide Customer with reports on Availability upon request.
If Securiti fails to achieve an Availability Commitment of 99.5% for the Securiti Product, Customer may claim a credit as provided below.
| PERCENTAGE AVAILABILITY PER MONTH | CREDIT |
|---|---|
| 99.5-100.0 | 0% |
| 97.0-99.49 | 4% |
| 94.0-96.99 | 6% |
| 92.0-93.99 | 10% |
Notwithstanding the above, if Securiti fails to achieve an Availability Commitment of 99.95% for the following five (5) Securiti Products, Customer may claim a credit as provided below: (1) Website Scanning and Consent, (2) Universal Consent Management, (3) Workflow Automation, (4) DSR Portal and Workbench , and (5) Privacy Notice Management:
| PERCENTAGE AVAILABILITY PER MONTH | CREDIT |
|---|---|
| 99.95-100.0 | 0% |
| 97.0-99.94 | 4% |
| 94.0-96.99 | 6% |
| 92.0-93.99 | 10% |
Customer will not be entitled to a credit if it is in breach of its Agreement with Securiti, including payment obligations. To receive a credit, a Customer must file a claim for such credit within fifteen (15) days following the end of the month in which the Availability Commitment was not met by contacting Securiti at support@securiti.ai (or by opening a customer support ticket at https://app.securiti.ai/#/customer-support or https://app.eu.securiti.ai/#/customer-support in case of our EU Production cloud) with a complete description of the downtime, how Customer was adversely affected, and for how long.
The credit remedy set forth in this Service Level Agreement is Customer’s sole and exclusive remedy for the unavailability of the Securiti Product; provided that Customer shall have the right to terminate this Agreement if Securiti fails to achieve an Availability Commitment of 92% or better in three consecutive months; provided further that notwithstanding anything to the contrary in the Agreement, Customer shall have no payment obligations for services to be performed following such termination.
If Customer has purchased the Securiti Product through a third party, then any credit shall be calculated based upon fees received by Securiti from the third party that are associated with Customer’s purchase of the Securiti Product.
Securiti maintains a comprehensive, written information security program that contains administrative, technical, and physical safeguards that are appropriate to (a) the size, scope and type of Securiti’s business; (b) the type of information that Securiti will store; and (c) the need for security and confidentiality of such information.
Securiti’s security program includes:
A mandatory security awareness and training program for all members of Securiti’s workforce (including management), which includes:
Policies, procedures, and logical controls:
Controls that provide reasonable assurance that access to physical servers at the production data center, if applicable, is limited to properly authorized individuals and that environmental controls are established to detect, prevent and control destruction due to environmental extremes. These controls are implemented by Amazon Web Services (AWS) and they are listed here: https://aws.amazon.com/compliance/data-center/controls/. Specific to Securiti:
A security incident response plan that includes procedures to be followed in the event of any Security Breach. Such procedures include:
Policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, pandemic flu, and natural disaster) that could damage Customer Data or production systems that contain Customer Data. Such procedures include:
Hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic information.
Policies and procedures to ensure the confidentiality, integrity, and availability of Customer Data and protect it from disclosure, improper alteration, or destruction.
Security measures to guard against unauthorized access to Customer Data that is being transmitted over a public electronic communications network or stored electronically. Such measures include requiring encryption of any Customer Data stored on desktops, laptops or other removable storage devices.
Policies and procedures regarding the secure disposal of tangible property containing Customer Data, taking into account available technology so that Customer Data cannot be practicably read or reconstructed.
Assigning responsibility for the development, implementation, and maintenance of Securiti’s security program, including:
Regularly testing the key controls, systems and procedures of its information security program to validate that they are properly implemented and effective in addressing the threats and risks identified. Where applicable, such testing includes:
Network and systems monitoring, including error logs on servers, disks and security events for any potential problems. Such monitoring includes:
Maintaining policies and procedures for managing changes Securiti makes to production systems, applications, and databases. Such policies and procedures include:
Monitoring, evaluating, and adjusting, as appropriate, the security program in light of:
Ensuring that all laptop and desktop computing devices utilized by Securiti and any subcontractors when accessing Customer Data:
" Security Breach" means any security incident if there is a reason to believe Customer Data has been or may have been accessed by an unauthorized party.
At all times Securiti accesses, processes or stores Customer Data, Securiti will maintain: Errors & Omissions/Professional Liability /Cyber Insurance, in an amount not less than $3,000,000 per claim and annual aggregate, covering all acts, errors, omissions, negligence, and in the performance of services for Customer or on behalf of Customer hereunder. Securiti’s policy will provide for Data Security & Privacy “Cyber” coverage (including coverage for unauthorized access and use, failure of security, breach of confidential information, of privacy perils, as well as breach mitigation costs and regulatory coverage). Such insurance shall be maintained in force at all times during the term of the Agreement and for a period of two years thereafter for services completed during the term of the Agreement. Customer shall be given at least 30 days’ notice of the cancellation or expiration of the aforementioned insurance for any reason.
Updated May 2024
At Securiti, Inc. (“Securiti” or “We”), the protection of your personal data is of particular importance to us. We protect your personal data in accordance with applicable data protection laws as well as this Privacy Notice. We have prepared this Privacy Notice to inform you of the manner in which we collect, use, disclose, and otherwise process the information we may collect about you from (a) your use of our Website, located securiti.ai/and/or our products and services, (b) your interactions with us online and at in-person events, or (c) any other circumstances in which we provide you with a copy of this Privacy Notice.
Under this Privacy Notice:
We may collect your personal data when you:
Personal Data You Provide to Us Directly
We may collect information provided by you directly, including from your contacts with us, including through our webpage (such as via our web chat functions) and on social media; by your creation of a user account; and from your use or trial of our products and services. This information may include your first and last name, email address, username, password, job title, phone number, country of residence, company name, payment information, profile picture and any other information provided by you.
We may also collect information provided by you in the course of evaluating or engaging you for employment or other positions. This information may include your first and last name, email address, CV, resume, cover letter and any other information provided by you.
Personal Data We Collect through Automated Data Collection Technologies
We may collect information using Automated Data Collection Technologies from your use of our Website and products. This information may include your IP Address, Log Files, Referrer URL, Browser Information, Device Information, and Data and Time of user request, cookies, information reflecting how you searched, browsed, and were directed to the Website, including mouse movement, click, touch, scroll, and keystroke activity, and any other information provided by your use of our Website and products, as further explained in the “Use of Cookies and Other Tracking Technologies” section below.
Personal Data We Obtain from Third Parties
We may collect information from third party sources such as lead generation companies, data sellers, advertising partners, and Service Providers. This information may include your first and last name, email address, phone number, company name, job title, and country, and other information.
Personal Data we Process on Behalf of our Customers
We may also receive and process personal data on behalf of our customers in connection with their use of our products and services. For example, we may access personal data when we troubleshoot our products and services that are already in use by our customers. When this happens, our customer acts as the controller and their privacy notice applies to the personal data, not ours. As processor, we process this personal data pursuant to our contract with our customer.
We may use your personal data:
Personal data may be disclosed to third parties in the following circumstances.
Processors, Service Providers and other companies that work with or on behalf of Securiti
Personal data may be disclosed to processors or service providers who act on our behalf in order to process personal data in accordance with the purposes outlined above. This includes the following categories of service providers:
Data access by processors or service providers is protected under our contracts with these entities, which limit the processing purposes. The agreement obliges the service providers to process your personal data only on our behalf and upon our instruction. They are prohibited to pass on your personal data to other parties without permission, unless this is required by law.
Please note that such processors include our web chat service provider(s). By using web chat functionality to communicate with us, you consent to our use of web chat service providers.
We may also share data with entities that are controllers, such as advertising partners, data sellers, and similar companies, in accordance with the “Use of Cookies and Other Tracking Technologies” Section below and other sections of this Privacy Notice.
Sale of Business
If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your personal data to such third party (whether actual or potential) in connection with the foregoing events. In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your personal data in connection with the foregoing events.
Legal Purposes
We may share your personal data with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if we have a good faith belief that the law requires it, such as in response to a search warrant, subpoena, or other legally valid inquiry, order, or process. We may also disclose information to assist us in collecting a debt, or as necessary to exercise our legal rights or defend claims brought against us.
With Your Consent
We may share your personal data where you have provided your consent to us sharing or transferring your personal data (e.g., where you provide us with marketing consents or opt-in to optional additional services or functionality).
Depending on the circumstances, you may be entitled to exercise some or all of the following rights:
Further, you may be entitled to object, out of grounds relating to your particular situation, at any time to processing of personal data concerning you, including object to direct marketing and automated individual decision-making including profiling. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing.
You can exercise your rights by submitting a request here. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initial requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
Please see the “California Residents” Section below for information on rights under California law.
Where applicable under the GDPR or similar laws, the legal basis for our collection and use of your personal data may include any of the following:
Where applicable under the GDPR or similar laws, we have implemented appropriate cross-border transfer mechanisms when transferring your personal data to a country outside of your home jurisdiction, including, where relevant, the EU Standard Contractual Clauses and the UK International Data Transfer Agreement.
We may link to or otherwise enable you to interact with a third party Website, mobile software applications and products or services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services can collect personal data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service.
We retain your personal data as long as reasonably necessary for the respective purpose. In determining the period in which to retain or dispose of your personal data, we consider the following criteria: the type and sensitivity of the personal data, the context and purpose of collecting the information, whether or not data is necessary to retain longer than for the purposes it was collected or otherwise processed, and the terms of any contract we have entered into with you. Securiti may additionally delete your personal data in response to a valid data subject request, as described below.
We maintain administrative, technical, and physical safeguards designed to protect against unauthorized access, use, modification, and disclosure of your personal data in our custody and control. No data, on the Internet or otherwise, can be guaranteed to be 100% secure. While we strive to protect your information from unauthorized access, use, or disclosure, Securiti cannot and does not ensure or warrant the security of your personal data.
Securiti does not knowingly collect or process personal data from children under the age of 13. The Website is not directed at children under the age of 13. In the event that we learn that we have collected personal data of a child under the age of 13 without parental consent, we will promptly take steps to delete that information. If you believe that we may have collected personal data from a child under 13, please contact us using the contact details outlined in this policy.
We do not knowingly collect or process personal data for automated individual decision-making including profiling.
If your browser is configured to accept cookies, we may collect your information passively using “cookies” and other tracking technologies (“Tracking Technologies”).
“Cookies” are small text files that can be placed on your computer or mobile device in order to identify your Web browser and the activities of your computer on the Securiti Service and other Website.
We use cookies to personalize your experience on the Securiti Website (such as dynamically generating content on webpages specifically designed for you), to assist you in using the Securiti Service (such as saving time by not having to reenter your name each time you use the Securiti Service), to allow us to statistically monitor how you are using the Securiti Service so that we can improve our offerings, and to target certain advertisements to your browser which may be of interest to you or to determine the popularity of certain content. By using cookies and page tags together, we are able to improve the Securiti Service and measure the effectiveness of our advertising and marketing campaigns.
“Page tags, ” also known as web beacons or gif tags, are a web technology used to help track Website or email usage information, such as how many times a specific page or email has been viewed. Page tags are invisible to you, and any portion of the Securiti Service, including advertisements, or email sent on our behalf, may contain page tags.
You do not have to accept Tracking Technologies to use the Securiti Website or services. If you reject Tracking Technologies, certain features or resources of the Securiti Website may not work properly or at all and you may have a degraded experience.
Although most browsers are initially set to accept cookies, you can change your browser settings to notify you when you receive a cookie or to reject cookies generally. To learn more about how to control privacy settings and cookie management, click the link for your browser below.
To learn more about cookies; how to control, disable or delete them, please visit http: //www.aboutcookies.org. Some third party advertising networks, like Google, allow you to opt out of or customize preferences associated with your internet browsing. For more information on how Google lets you customize these preferences, see their documentation.
Tracking Technologies fall into one of these four categories:
You are able to see the specific Tracking Technologies we use and exercise choices about the types of cookies and other technologies you want to accept by selecting the “Manage Cookie Preferences” section of our website (>https://securiti.ai/#).
We collect non-personal data through our Internet log files, which record data such as browser types, domain names, and other anonymous statistical data involving the use of the Securiti services. This information may be used to analyze trends, to administer the Securiti services, to monitor the use of the Securiti services, and to gather general demographic information. We may link this information to personal data for these and other purposes such as personalizing your experience on the Securiti services and evaluating the Securiti services in general.
We do not currently respond or take any action with respect to web browser “do not track” signals. We do that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party web sites or online services.
If you are a California resident, your personal data may be covered by the California Consumer Privacy Act (CCPA). The below disclosures apply to the extent the CCPA applies to your personal data, subject to any applicable exemptions.
The categories of “personal information,” as defined in the CCPA, that we collect include:
Securiti may obtain, use, and share these data categories as detailed in the “Personal Data We Collect,” “How We Use Your Personal Data,” and “Data Sharing” sections of this Privacy Notice, above.
You may be entitled to exercise some or all of the following rights under the CCPA:
(i) Right to Know About Personal Data Collected, Disclosed, or Sold
You may have the right to request that we provide certain information to you about our collection and use of your personal data over the past twelve (12) months. Specifically, you may have the right to request disclosure of:
(ii) Right to Request Deletion of Personal Data
You may also have the right to request that we delete any of your personal Data that we collected or maintain about you, subject to certain exceptions.
(iii) Right to Correct Inaccurate Personal Data
You may also have the right to request that we correct inaccurate personal data we maintain.
(iv) Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not unlawfully discriminate against you for exercising any of your applicable privacy rights.
(v) Right to Opt Out of the Sale or Sharing of your Personal Data
Securiti uses third party cookies and similar technologies to deliver targeted advertisements, also known as data “sharing” and/or “selling” under the CCPA, as further detailed in the “Cookie Policy” section above. You can opt out of these practices by turning off advertising cookies in the “Manage Cookie Preferences” section of our website (>https://securiti.ai/#>).
You can exercise your rights by submitting a request here or modifying your cookie preferences here.
We will make our best effort to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Within ten (10) days of receiving the request, we will confirm receipt and provide information about its verification and processing of the request. Securiti will maintain records of consumer requests made pursuant to the CCPA as well as our response to said requests for a period of at least twenty-four (24) months.
In addition to your rights under the CCPA, California Civil Code Section 1798.83 permits California residents to request information regarding our disclosure, if any, of their personal data to third parties for their direct marketing purposes. If this applies, you may obtain the categories of personal data shared and the names and addresses of all third parties that received personal data for their direct marketing purposes during the immediately prior calendar year.
If you are a California resident under the age of 18 and a registered user, California Business and Professions Code Section 22581 permits you to remove content or personal data you have publicly posted. If you wish to remove such content or personal data please submit a request here and if you specify which content or personal data you wish to be removed, we will do so in accordance with applicable law. Please be aware that after removal you may not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or personal data you have posted and that there may be circumstances in which the law does not require us to enable removal of content.
You may submit this request using the information in the “Contact Us” section below.
We may update this Privacy Notice from time to time. If we modify our Privacy Notice, we will post the revised version here, with an updated revision date. You may visit these pages periodically to be aware of and review any such revisions. If we make material changes to our Privacy Notice, we may also notify you by other means prior to the changes taking effect, such as by posting a notice on our Website or sending you a direct notification.
Please feel free to contact us at any time if you have any questions or comments about this Privacy Notice.
Contact our Data Protection Officer at: dpo@securiti.ai
Contact the Controller for the processing of this Website at:
Securiti, Inc.
3155 Olsen Drive
Suite 350
San Jose, CA 95117
privacy@securiti.ai
The California Consumer Privacy Act (“CCPA”) 2018, which took effect on 1 January 2020, creates new rights for California consumers relating to the access to, deletion of, and sharing of personal information that is collected by certain types of businesses.
The CCPA also requires the California Attorney General to adopt regulations to further clarify the CCPA, establish procedures to facilitate consumers’ new rights under the CCPA and provide guidance to businesses for how to comply (the Regulations).
On 10 October 2019, the California Attorney General published draft Regulations for public consultation. The draft Regulations have been subject to a number of public hearings and are not expected to be finalized and enforced before July 1, 2020. There is therefore some uncertainty regarding the final text of the Regulations.
You can find out more about the CCPA by visiting the California Attorney General’s CCPA page here.
Securiti is dedicated to ensuring compliance with the CCPA and the Regulations (once finalized).
At this current time, Securiti does not consider that it meets the thresholds to be a “Business” under the CCPA and has identified itself as a “Service Provider”.
Similar to the concept of a data processor under the GDPR, a Service Provider under the CCPA processes personal information on behalf of a Business for a specific purpose, such as providing services to the Business.
Here is a brief overview of the steps Securiti has taken or is in the process of taking in response to the CCPA:
Please note that these changes do not affect your use of our services and products and you may continue to use our services in accordance with our updated policies and terms.
If you have any questions regarding Securiti’s privacy program or the CCPA please feel free to contact us at privacy@securiti.ai
This CCPA Addendum (this “Addendum”) is effective as of _______________ (the "Addendum Effective Date") forms a part of the _______________Agreement between Securiti Inc. (the “Supplier”) and _______________, its parent company and affiliates (collectively, the “Customer”) dated _____________, including all amendments and work orders thereto and extensions and renewals thereof (the “Agreement”). The parties agree as follows:
SECURITI INC.:
Signature:
Legal Name:
Print Name:
Title:
Date:
CUSTOMER
Signature:
Legal Name:
Print Name:
Title:
Date:
Securiti is the leader in AI-Powered Security, Privacy, Governance and Compliance for SaaS and data systems across multi-cloud and hybrid environments. Organizations globally rely on Securiti to secure and govern data systems, meet global privacy regulations and stay compliant. Securiti provides a comprehensive platform to manage security, privacy, and compliance risks across multi-cloud, SaaS, and on-premise environments with multiple well-integrated modular offerings.
The Securiti platform instances are available in multiple geographically distributed datacenters provided by IaaS vendors (AWS and GCP). Each instance caters to customers from specific geography as a standalone offering with no data exchange between the instances. The solution is deployed with high redundancy and availability to meet our commitments to uptime and performance. Daily backups are copied over to a different data center in a different region for disaster recovery. Critical infrastructure services are provisioned in the Disaster Recovery region using the pilot light strategy for a quick recovery of the service.
Failover strategy for Securiti’s SaaS cloud makes use of the multiple availability zones in a given region. All the compute nodes and storage services are spread across a minimum of two availability zones. If an AZ suffers an outage, excess capacity is spun in the other AZ or a different AZ (most regions have 3 or more AZs). Storage services use either active/standby failover model or distributed replica model across multiple nodes in different AZs. Entire region's failure is a rare occurrence - when an entire region fails, DR procedures kick in to restore the service in a different region with an RTO of 24 hours and RPO of 24 hours.
The following diagram illustrates the above strategy in simple terms for AWS. An identical architecture is employed for GCP.
Securiti uses various security tools to scan its environment and services. We also engage professional security vendors to perform third-party penetration tests and audits of our environment on an annual basis, respectively, while internal system scans are performed weekly.
Securiti platform is certified for the SOC2 Type II and ISO 27001 standards.
A subset of Securiti’s Personnel has access to customer data as necessary to support the platform. Individual access is granted based on the role and job responsibilities of the individual. Access to systems containing customer data is reviewed on a regular basis and is monitored on an ongoing basis.
IaaS vendors are responsible for the security of the underlying cloud infrastructure and SECURITI takes the responsibility of securing workloads we deploy in the cloud environments. Computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. Any device storing any data is subjected to data-at-rest encryption. Thus, a decommissioned device cannot be misused.
Securiti makes use of per-customer, virtual database instances to logically separate one customer’s data from other customers’ data. When a customer stops using the service, securiti destroys the corresponding virtual database instance. Any customer data that is identified and cataloged by SECURITI as personal data is subjected to a one-way, irreversible hash and stored in the virtual database instance of the customer. At no point, personal data is captured in clear-text in logs or databases.
Securiti platform is provided as a multi-tenant, cloud-based service, accessible on the internet via web browsers such as Chrome, Firefox, etc. As a user of the Securiti platform, customers should be proactive in recognizing the value, sensitivity, and need to safeguard the information provided by the service and access to the policy enforcement capabilities. This document details Securiti customer responsibilities as they relate to use of the Securiti platform. It is the responsibility of Securiti customers to familiarize themselves with the information and procedures set forth below and comply with them.
To safeguard information assets and policy enforcement capabilities available in the Securiti platform, the customers’ IT governance processes should include end-user training regarding appropriate use and awareness of the need for securing access to their Securiti platform account credentials. As with most cloud services, access to the Securiti platform requires a login ID and password (with optional two-factor authentication) or integration with a Single-Sign-On (SSO) provider. When an organization subscribes to the Securiti platform service, it is the customer’s responsibility to manage which end users should be given access. Customers should also define when access should be taken away from the end users. For example, access should be revoked upon end user’s separation from employment or as part of departmental changes that result in change of duties or responsibilities. Only valid account credentials should be used by authorized users to access the Securiti platform service.
Securiti’s platform service should be considered sensitive and confidential by Securiti platform users. Users should follow information security best practices in ensuring access to their account credentials is appropriately limited, as well as ensuring that the information and functionality provided by the Securiti platform service is protected and restricted from unauthorized use. Securiti platform users are responsible for maintaining the security and confidentiality of their user credentials (e.g., Login ID and Password), and are responsible for all activities and uses performed under their account credentials whether authorized by them or not. By establishing user credentials and accessing the Securiti platform, end users of the Securiti platform service agree to comply with these requirements to safeguard assets and account information.
Securiti platform service is accessible to the global Internet public, as a result, great care must be exercised by Securiti platform users in protecting their subscription against unauthorized access and use of their credentials. By establishing user credentials and accessing the Securiti platform service, end users agree to proactively protect the security and confidentiality of their user credentials and never share service account credentials, disclose any passwords or user identifications to any unauthorized persons, or permit any unauthorized person to use or access their Securiti platform accounts. Any loss of control of passwords or user identifications could result in the loss of “Personally Identifiable Data (PII)” and the culpable account owner(s) may be liable for the actions taken under their service account credentials whether they authorized the activity or not. Additionally, when establishing Securiti platform account credentials, end users are required to establish strong passwords following password strength and complexity best practices; passwords should not be easily guessable. Users are advised to make use of other security measures such as multi-factor authentication, IP address restrictions and single-sign-on configuration.
All Securiti services are monitored 24×7 and the status of the platform is updated at support.securiti.ai (or status.eu.securiti.ai for our EU platform). Any scheduled maintenance is also posted on the status page. On the occasion that Securiti users observe performance issues, problems or service outages, users can open a ticket at support.securiti.ai (requires Securiti subscription) or email support@securiti.ai to report such issues.
By establishing Securiti platform account credentials or accessing its service, end users of the service agree to notify Securiti immediately of any security incident, including any suspected or confirmed breach of security by opening a support ticket at support.securiti.ai (requires Security subscription) or by emailing support@securiti.ai or security-team@securiti.ai. Also, users of the service agree to logout or exit the service immediately at the end of each session to provide further protection against unauthorized use and intrusion. Securiti platform users should also notify Securiti immediately if they observe any activity or communications in other forums that may indicate that other Securiti customers have had their accounts compromised. Lastly, Securiti encourages users to practice responsible disclosure by notifying Securiti of any identified security vulnerabilities. Securiti is dedicated to providing secure services to clients, and will triage all security vulnerabilities that are reported. Furthermore, Securiti will prioritize and fix security vulnerabilities in accordance with the risk that they pose.
Regulatory requirements and industry mandates are continuously increasing in scope & depth and can vary from industry to industry. Securiti users agree to abide by the regulatory requirements, industry mandates, and other compliance requirements imposed on their organizations and understand that use of cloud-based services does not exclude the organizations from responsibilities for restricting access to application information and functionality.
Securiti is dedicated to keeping its cloud platform safe from all types of security issues thereby providing a safe and secure environment to our customers. Data security is a matter of utmost importance and a top priority for us. If you are a dedicated security researcher or vulnerability hunter and have discovered a security flaw in the Securiti platform including the cloud application and infrastructure, we appreciate your support in disclosing the issue to us in a responsible manner. Our responsible disclosure process is managed by the security team at Securiti. We are always ready to recognize the efforts of security researchers by rewarding them with a token of appreciation, provided the reported security issue is of high severity and not known to us. While reporting the security vulnerability to Securiti’s Security team, please refrain from disclosing the vulnerability details to the public outside of this process without explicit permission. Please provide the complete details. We determine the impact of vulnerability by looking into the ease of exploitation and business risks associated with the vulnerability.
As a security researcher, if you identify or discover a security vulnerability in compliance with the responsible disclosure guidelines, Securiti’s security team commits to:
Please send the details of the discovered vulnerability or any security issue to: security-team@securiti.ai.
| app.securiti.ai | Management Console |
| privacy-central.securiti.ai | Data subject portal |
| status.securiti.ai | Status page |
| cdn-prod.securiti.ai | CDN for Consent banner and SDK |
| packages.securiti.ai | Appliance images |
| docs.securiti.ai | Documentation |
| app.eu.securiti.ai | Management Console |
| privacy-central.eu.securiti.ai | Data subject portal |
| status.eu.securiti.ai | Status page |
| cdn-prod.eu.securiti.ai | CDN for Consent banner and SDK |
| packages.eu.securiti.ai | Appliance images |
| docs.eu.securiti.ai | Documentation |
| app1.securiti.ai | Management Console |
| privacy-central1.securiti.ai | Data subject portal |
| status1.securiti.ai | Status page |
| packages1.securiti.ai | Appliance images |
| docs.securiti.ai | Documentation |
| app2.securiti.ai | Management Console |
| privacy-central2.securiti.ai | Data subject portal |
| status2.securiti.ai | Status page |
| packages2.securiti.ai | Appliance images |
| docs2.securiti.ai | Documentation |
| support.securiti.ai: | Customer support |
The person or entity (the “Reseller”) accepting this Portal Referral Addendum (this “Addendum”) has entered into a Reseller Agreement (the “Reseller Agreement”) with Securiti, Inc. (“Securiti”). Reseller and Securiti now desire to enter into this Addendum in order to allow Reseller to refer Customers to Securiti via the Securiti Referral Portal (defined below), on the terms and conditions set forth in this Addendum.
RESELLER ACCEPTS AND AGREES TO BE BOUND BY THIS ADDENDUM BY ACKNOWLEDGING SUCH ACCEPTANCE DURING THE REGISTRATION PROCESS. IF THE PERSON ACCEPTING THIS ADDENDUM IS DOING SO ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH PERSON REPRESENTS THAT HE/SHE HAS THE AUTHORITY TO BIND SUCH ENTITY TO THIS ADDENDUM.
NOW, THEREFORE, in consideration of the mutual representations and agreements set forth herein, and other good and valuable consideration, the receipt and adequacy of which are hereby acknowledged, the parties hereto, intending to be legally bound, hereby agree as follows:
Partners under the referral model will receive a 30% commission fee based on the subscription fees actually paid by end-users referred by the partner for the first year.
Additional Terms and Conditions:
Payment to Reseller under this Addendum may be postponed until the Reseller’s accrued commissions payable is greater than $200. The transfer will not, however, be postponed for more than one (1) year.
If either party terminates the Agreement, the Reseller’s account will be paid within 30 days.
Referral Fee Percentage: 30%
Maximum Payment: N/A
DATA PROCESSING AGREEMENT/ADDENDUM
This Data Processing Agreement (“DPA”), made and entered into as of this ____ day of ____, 2023, forms part of the Securiti Customer Agreement between You and Securiti (including any Amendments, Addenda, Order Forms or Statements of Work thereto, the “Agreement”). You acknowledge that you, on behalf of [______] incorporated under __________ law, with its principal offices located at ____________________ (“Organization”) (collectively, ”You”, ”Your”, “Client”, or “Data Controller”) have read and understood and agree to comply with this DPA, and are entering into a binding legal agreement with Securiti as defined below (“Securiti”, ”Us”, ”We”, ”Our”, “Service Provider” or “Data Processor”) to reflect the parties’ agreement with regard to the Processing of Client Personal Data (as such terms are defined below). Both parties shall be referred to as the “Parties” and each, a “Party”.
WHEREAS, Securiti shall provide the services set forth in the Agreement (collectively, the “Services”) for Client, as described in the Agreement; and
WHEREAS, In the course of providing the Services pursuant to the Agreement, we may process Client Personal Data on your behalf, in the capacity of a “Data Processor”; and the Parties wish to set forth the arrangements concerning the processing of Client Personal Data (defined below) within the context of the Services and agree to comply with the following provisions with respect to any Client Personal Data, each acting reasonably and in good faith.
NOW THEREFORE, in consideration of the mutual promises set forth herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged by the Parties, the parties, intending to be legally bound, agree as follows:
If Securiti receives a request from a Data Subject to exercise its right to be informed, right of access, right to rectification, erasure, restriction of Processing, data portability, right to object, or its right not to be subject to a decision solely based on automated processing, including profiling (“Data Subject Request”), Securiti shall, to the extent legally permitted, promptly notify and forward such Data Subject Request to Client. Taking into account the nature of the Processing, Securiti shall use commercially reasonable efforts to assist Client using appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Client’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. To the extent legally permitted, Client shall be responsible for any costs arising from Securiti’s provision of such assistance.
To the extent required under applicable Data Protection Laws and Regulations, Securiti shall notify Client without undue delay after becoming aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Client Personal Data (a “Personal Data Incident”). Securiti shall make reasonable efforts to identify the cause of such Personal Data Incident and take those steps as Securiti deems necessary and reasonable in order to remediate the cause of such a Personal Data Incident. The obligations herein shall not apply to incidents that are caused by Client or Client’s users. In any event, Client will be the party responsible for notifying supervisory authorities and/or concerned data subjects (where required by Data Protection Laws and Regulations).
Subject to the Agreement, Securiti shall, at the choice of Client, delete or return Client Personal Data to Client upon termination or expiry of the Agreement, and shall delete existing copies unless applicable law requires storage of Client Personal Data. If the Client requests Client Personal Data to be returned, Client Personal Data shall be returned in the format generally available for Securiti’s Clients. In any event, to the extent required or allowed by applicable law, Securiti may retain Client Personal Data for evidence purposes and/or for the establishment, exercise or defence of legal claims and/or to comply with applicable laws and regulations, and/or as reasonably necessary to ensure the security and integrity of Client Personal Data.
This DPA shall automatically terminate upon the termination or expiration of the Agreement under which the Services are provided. Sections 2.2, 2.3.3, 12, and 13 shall survive the termination or expiration of this DPA for any reason. This DPA cannot, in principle, be terminated separately from the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this DPA shall automatically terminate.
In the event of any conflict between the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail over the conflicting provisions of the Agreement.
Notwithstanding anything to the contrary in the Agreement and/or in any agreement between the parties and to the maximum extent permitted by law: (A) Securiti’s (including Securiti’s Affiliates’) entire, total and aggregate liability, related to personal data or information privacy, or for breach of, this DPA and/or Data Protection Laws and Regulations, including, without limitation, if any, any indemnification obligation under the Agreement or applicable law regarding data protection or privacy, shall be limited to the amounts paid to Securiti under the Agreement within twelve (12) months preceding the event that gave rise to the claim. This limitation of liability is cumulative and not per incident; (B) In no event will Securiti and/or Securiti Affiliates and/or their third-party providers, be liable under, or otherwise in connection with this DPA for: (i) any indirect, exemplary, special, consequential, incidental or punitive damages; (ii) any loss of profits, business, or anticipated savings; (iii) any loss of, or damage to data, reputation, revenue or goodwill; and/or (iv) the cost of procuring any substitute goods or services; and (C) The foregoing exclusions and limitations on liability set forth in this Section shall apply: (i) even if Securiti, Securiti Affiliates or third-party providers, have been advised, or should have been aware, of the possibility of losses or damages; (ii) even if any remedy in this DPA fails of its essential purpose; and (iii) regardless of the form, theory or basis of liability (such as, but not limited to, breach of contract or tort).
This DPA may be amended at any time by a written instrument duly signed by each of the Parties.
This DPA shall only become legally binding between Client and Securiti when the formalities steps set out in the Section “INSTRUCTIONS ON HOW TO EXECUTE THIS DPA” below have been fully completed. Securiti may assign this DPA or its rights or obligations hereunder to any Affiliate therefor, or to a successor or any Affiliate thereof, in connection with a merger, consolidation or acquisition of all or substantially all of its shares, assets or business relating to this DPA or the Agreement. Any Securiti obligation hereunder may be performed (in whole or in part) and any Securiti right (including invoice and payment rights) or remedy may be exercised (in whole or in part) by an Affiliate of Securiti.
The Parties represent and warrant that they each have the power to enter into, execute, perform and be bound by this DPA.
You, as the signing person on behalf of Client, represent and warrant that you have, or you were granted, full authority to bind the Organization and, as applicable, its Authorized Affiliates to this DPA. If you cannot, or do not have authority to, bind the Organization and/or its Authorized Affiliates, you shall not supply or provide Personal Data to Securiti.
By signing this DPA, Client enters into this DPA on behalf of itself and, to the extent required or permitted under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates, if and to the extent that Securiti processes Personal Data for which such Authorized Affiliates qualify as the/a “data controller”.
This DPA has been pre-signed on behalf of Securiti.
Instructions on how to execute this DPA.
The parties’ authorized signatories have duly executed this Agreement:
CLIENT: SECURITI INC.
Signature: Signature:
Client Legal Name: Client Legal Name:
Print Name: Print Name:
Title: Title:
Date: Date:
SCHEDULE 1 - DETAILS OF THE PROCESSING
Subject matter and duration
The subject matter and duration of the Processing of the Client Personal Data are set out in the sections of the Agreement addressing scope of services and term and as set forth in this DPA.
Nature and Purpose of Processing and Processing Operations
The nature and purpose of the Processing of the Client Personal Data, and Processing Operations, are set out in the sections of the Agreement addressing scope of services and term.
Client may submit Personal Data to the Services, the extent of which is determined and controlled by Client in its sole discretion, includes:
In some limited circumstances Personal Data may also come from others sources, for example, in the case of anti-money laundering research, fraud detection or as required by applicable law. The Parties do not anticipate the Processing of Special Category Data or Data that is otherwise considered “Sensitive” under Data Protection Laws and Regulations.
Client may submit Personal Data to the Services, the extent of which is determined and controlled by Client in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
Frequency and Duration of the Transfer
Transfers will occur on an ongoing basis as reasonably required under the Agreement, and Client Personal Data shall be retained in accordance with Schedule 3 below.
Competent Supervisory Authority
The Irish Data Protection Commission shall be the competent supervisory authority for purposes of the SCCs.
SCHEDULE 2 – SUB-PROCESSOR LIST
|
Entity Name |
Sub-Processing Activities |
Entity Country |
|
Amazon Web Services, Inc. |
Cloud Service Provider |
United States |
|
Amazon Web Services (India) |
Cloud Service Provider |
India |
|
Amazon Web Service Jakarta |
Cloud Service Provider |
Indonesia |
|
Amazon Web Services EMEA SARL |
Cloud Service Provider |
European Union |
|
Amazon Web Services Canada, Inc |
Cloud Service Provider |
Canada |
|
Amazon web Services Australia, Pty Ltd |
Cloud Service Provider |
Australia |
|
Google Cloud Platform |
Cloud Service Provider |
United States |
|
Google Cloud Platform |
Cloud Service Provider |
Kingdom of Saudi Arabia |
|
Zendesk, Inc. |
Cloud Customer Support |
United States |
|
Amazon Web Services (UAE) |
Cloud Service Provider |
United Arab Emirates |
|
Microsoft Azure
|
Natural Language Processing |
United States |
SCHEDULE 3 - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Securiti maintains a comprehensive, written information security program that contains administrative, technical, and physical safeguards that are appropriate to (a) the size, scope and type of Securiti’s business; (b) the type of information that Securiti will store; and (c) the need for security and confidentiality of such information.
Securiti’s security program includes:
1. Security Awareness and Training. A mandatory security awareness and training program for all members of Securiti’s workforce (including management), which includes:
2. Access Controls. Policies, procedures, and logical controls:
3. Physical and Environmental Security. Controls that provide reasonable assurance that access to physical servers at the production data center, if applicable, is limited to properly authorized individuals and that environmental controls are established to detect, prevent and control destruction due to environmental extremes. These controls are implemented by Amazon Web Services (AWS) and they are listed here: https://aws.amazon.com/compliance/data-center/controls/. Specific to Securiti:
4. Security Incident Procedures. A security incident response plan that includes procedures to be followed in the event of any Security Breach. Such procedures include:
5. Contingency Planning. Policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, pandemic flu, and natural disaster) that could damage Customer Data or production systems that contain Customer Data. Such procedures include:
6. Audit Controls. Hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic information.
7. Data Integrity. Policies and procedures to ensure the confidentiality, integrity, and availability of Customer Data and protect it from disclosure, improper alteration, or destruction.
8. Storage and Transmission Security. Security measures to guard against unauthorized access to Customer Data that is being transmitted over a public electronic communications network or stored electronically. Such measures include requiring encryption of any Customer Data stored on desktops, laptops or other removable storage devices.
9. Secure Disposal. Policies and procedures regarding the secure disposal of tangible property containing Customer Data, taking into account available technology so that Customer Data cannot be practicably read or reconstructed.
10. Assigned Security Responsibility. Assigning responsibility for the development, implementation, and maintenance of Securiti’s security program, including:
11. Testing. Regularly testing the key controls, systems and procedures of its information security program to validate that they are properly implemented and effective in addressing the threats and risks identified. Where applicable, such testing includes:
12. Monitoring. Network and systems monitoring, including error logs on servers, disks and security events for any potential problems. Such monitoring includes:
13. Change and Configuration Management. Maintaining policies and procedures for managing changes Securiti makes to production systems, applications, and databases. Such policies and procedures include:
14. Program Adjustments. Monitoring, evaluating, and adjusting, as appropriate, the security program in light of:
15. Devices – Ensuring that all laptop and desktop computing devices utilized by Securiti and any subcontractors when accessing Customer Data:
16. Data Security Breach. Securiti shall comply with the requirements in Section 7 of the DPA.
17. Return or Destruction of Customer Data.
Securiti Inc. (“Securiti,” “we,” “our,” or “us”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Securiti has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Securiti has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
This Statement applies to personal data that we receive in reliance on the DPF. This may include data we receive on behalf of our customers in connection with their use of our products and services, as well as other categories of information disclosed in our Privacy Policy, available at https://securiti.ai/terms/#privacy-policy (“Privacy Policy”). Depending on the circumstances, we may process this personal data to perform our services for our customers or for the other purposes described in our Privacy Policy. To provide our services, we may share this personal data with the customer who originally provided the data and with other third parties consistent with the instructions of our customers. We may also share personal data with the other categories of third parties described in our Privacy Policy, for the purposes described therein.
Securiti may be liable if these third parties process data inconsistent with our obligations under the DPF and we are responsible for the event giving rise to the damage.
Please note that we may also be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
You have the right to access, correct, and/or delete your personal data in accordance with the DPF, our Privacy Policy, and applicable law. Please note that if your personal data was made available to us by a Securiti customer, we may have to coordinate with and/or redirect your request to our customer in accordance with applicable law. You can exercise your rights by submitting a request here.
Where applicable, if we share your personal data received under the DPF with third party controllers other than our agents, or if we use it for a purpose materially different than the purposes for which it was originally collected, we will first provide you with an individual opt-out choice, or opt-in for sensitive data.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF should first contact Securiti at:
Securiti, Inc.You may also contact our Data Protection Officer at: dpo@securiti.ai.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Securiti commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit www.bbbprograms.org/dpf-complaints for more information or to file a complaint. The Data Privacy Framework Services operated by BBB National Programs are provided at no cost to you.
If your DPF complaint cannot be resolved through the above channels, in certain circumstances, the DPF provides the right to invoke binding arbitration to resolve complaints not resolved by other means. Please see this DPF webpage for more information: https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.
Additionally, the Federal Trade Commission has jurisdiction over Securiti’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
This Business Associate Agreement ("BAA") is entered into and effective on this day of ______________ 20__ ("Effective Date") by and between ________________("Covered Entity") and SECURITI, INC. ("Business Associate") (each a "Party" and collectively, the "Parties").
In consideration of the Recitals and for other good and valuable consideration, the receipt and adequacy of which is hereby acknowledged, the Parties agree as follows:
The following terms shall have the meaning set forth below. Capitalized terms used in this BAA and not otherwise defined shall have the meanings ascribed to them in HIPAA, the HIPAA Regulations, or the HITECH Act, as applicable.
The Parties hereto have duly executed this as of the Effective Date.
SECURITI, INC.
By:
Print Name:
Title:
Dated:
Notice Address:
P.O. Box 13039, Coyote, CA 95013
attn: ___________________________
fax: ____________________________
email: __________________________
Organization Name:
By:
Print Name:
Title:
Dated:
Notice Address:
________________________________
________________________________
________________________________
attn: ___________________________
fax: ____________________________
email: __________________________
|
"API" is the application-programming interface used by you to access functionality provided by SECURITI |
|
"Monthly Active User" or "MAU" is a Platform Application User that uses the Service via an API call (made by or on behalf of the Platform Application User account) at least once in a monthly calendar period. |
|
"Monthly Platform API Calls" is any API call made by a Platform Application to the Service within a monthly calendar period on behalf of: (a) a Platform Application User; (b) a User; or (c) a Platform Service Account (connectors), not to exceed your allotted amount. Except as otherwise set forth in an order, excluded from Monthly Platform API Calls are API calls made on behalf of: (i) third party software application integrations that are permitted with your use of the Service; (ii) SECURITI provided application (e.g. PRIVACI virtual appliance); (iii) SECURITI provided services (e.g. consent javascript). |
|
"Monthly Platform Bandwidth" is the Platform Bandwidth consumed on a monthly calendar basis by or on behalf of: (a) a Platform Application User; or (b) a Platform Service Account (e.g. Connectors), not to exceed your allotted amount. Unless specified in an order, excluded from Monthly Platform Bandwidth is Platform Bandwidth consumed by: (i) SECURITI provided applications (e.g., the PRIVACI web app) and (ii) SECURITI provided software application (e.g. PRIVACI virtual appliance), if applicable. |
|
"PlatformApplication" is an application used by or on behalf of you that uses the API for the purposes of access to the Service. |
|
"Platform Application User" is a user with a unique identifier that is created and provisioned by the enterprise administrator and such user’s access to Content in the Service is governed through the Platform Application. |
|
"Platform Bandwidth" is the flow of data to or from the Service as a result of the Platform Application, measured in gigabytes (GB), not to exceed your allotted amount. |
|
"Platform Service Account" is a securiti.ai API based ‘Connector’ service that is created and provisioned by an application administrator to scan and detect personal data within your data stores and execute data subject rights requests where possible. |
|
"Platform Storage" is the total amount of Content, measured in gigabytes (unless otherwise specified), stored by or on behalf of all Platform Application Users, Platform Service Accounts and any other users of Platform Products, not to exceed your allotted amount. |
|
"Platform UseLimit(s)" is the amount as specified and allocated to you for: (i) Monthly Platform Bandwidth, Monthly Platform API Calls, Platform Storage and number of Monthly Active Users; and (ii) any other applicable usage limits or restrictions. |
|
"System Admin(s)" Users with system admin (also known as ‘admin’) access profile
are
one or more key stakeholders or IT managers who needs full control over the Securiti account and
its
administration. This role has special access to all system features, functions, and data because
administrators can override access profile rules and pass all access profile checks.
|
|
"Data Source Instance" is a unique, data repository that can be scanned to detect personal data and/or automated to execute data rights requests. A single data source instance could be a unique SaaS service instance identified by its instance Id or domain name, a single application database, a unique file share, a unique storage bucket, an LDAP/AD Organizational Unit etc. which can be connected to the PRIVACI environment through a supported PRIVACI Monitored or User Defined Connector. |
You receive the features and functionality that are provided in the specific Platform
Product(s) that you have registered or purchased. You will ensure that your usage of the Platform Products
is at all times in conformance with the Platform Use Limits, these Terms and applicable law. If you exceed
the Platform Use Limits, additional fees will be due and/or reasonable restrictions may be placed on your
account until any such excess usage is adequately eliminated by you.
You may not co-brand any
Platform Products or use any securiti.ai OR Securiti trademarks, logos, or other SECURITI marks to promote
and market the Platform Products without SECURITI’s prior written consent.
You will not permit
use of the Platform Application:
All PrivacyCenter.cloud Affiliates are required to remain in compliance with these terms. This list contains everything you need to know to be a PrivacyCenter.cloud affiliate, including resources, recommendations, and legal conditions. Capitalized terms not otherwise defined, shall have the definitions set forth in the PrivacyCenter.cloud Marketing Affiliate Program Agreement
If you're not yet part of the PrivacyCenter.cloud Marketing Affiliate Program, you can apply here.
If you ever need anything else or have questions, feel free to reach out to the team at affiliate@securiti.ai
Last Modified: Jan 08, 2024
There are a number of other limitations that may result in a Commission not being paid - we encourage you to read the Marketing Affiliate Program Agreement for more information on this.
1. PrivacyCenter.cloud branding
Do: Capitalize the “P” in “Privacy”. Capitalize the “C” in “Center”. No Space between the words “PrivacyCenter”. Must add “.” before the word “cloud”. Lowercase the letter “C” in “cloud”. This is important to maintaining consistent branding. You must follow our Trademark Usage Guidelines and our Content Usage Guidelines here.
Do Not: Use false or misleading statements on the benefits of using PrivacyCenter.cloud (e.g. “Get super rich quickly with PrivacyCenter.cloud”). Do not modify or adjust the PrivacyCenter.cloud logo in any sort of marketing material you might create, including the creation of any visual badges or dual-logo lockups.
Do Not: Use ‘PrivacyCenter.cloud’ and ‘Securiti’ interchangeably. Both are two distinct brands in terms of promotion. However, you can mention ‘PrivacyCenter.cloud by Securiti’ in your written text of the body paragraph.
2. What to call yourself
As we have multiple ways to partner with Securiti and several ways to reference those relationships, here are some guidelines around what you can and cannot call yourself within the PrivacyCenter.cloud Marketing Affiliate Program.
Do: Say you’re a “PrivacyCenter.cloud Marketing Affiliate” or “Marketing Affiliate”.
Do Not: Refer to yourself as a Partner or that you’ve “partnered with Securiti” or “partnered with PrivacyCenter.cloud.” This includes press releases, references in videos, listings on your website, or in any other marketing material you may be using.
3. Buying ads
You will not purchase ads that direct to your site(s) or through an Affiliate Link that could be considered as competing with Securiti’s and its intellectual properties own advertising, including, but not limited to, our branded keywords. If running ads, you need to direct the ad to your own website (and not to securiti.ai or any standalone landing page).
Other Related Policies
Last Modified: Jan 08, 2024
PLEASE READ THIS MARKETING AFFILIATE PROGRAM AGREEMENT CAREFULLY.
This is a contract between you (the “Affiliate”) and Securiti, Inc. (“Securiti”). It describes how we will work together and other aspects of our business relationship. It is a legal document so some of the language is necessarily “legalese” but we have tried to make it as readable as possible.
The Marketing Affiliate Program Agreement applies to your participation in our PrivacyCenter.cloud Marketing Affiliate Program. These terms are so important that we cannot have you participate in our Marketing Affiliate Program unless you agree to them.
We periodically update these terms. We might also choose to replace these terms in their entirety if, for example, the Marketing Affiliate Program changes, ends, or becomes part of an existing program, including our partner programs. If we update or replace the terms we or the Affiliate Tool will let you know via electronic means, which may include an in-app notification or by email. If you don’t agree to the update or replacement, you can choose to terminate as we describe below.
Definitions
“Marketing Affiliate Program” means our marketing affiliate program as described in this Agreement.
“Affiliate Lead” means a customer prospect who clicks on the Affiliate Link that we have made available to you via the Affiliate Tool.
“Affiliate Link” means the unique tracking link you place on your site or promote through other channels.
“Affiliate Policies” means the policies applicable to affiliates which we may make available to you from time to time.
“Affiliate Tool” means the tool that we make available to you upon your acceptance into the Marketing Affiliate Program and for you to use in order to participate in the Marketing Affiliate Program.
"Agreement" means this Marketing Affiliate Program Agreement and all materials referred or linked to in here.
“Commission” means an amount described in the Affiliate Tool (or if applicable, in the Program Policies) for each Customer Transaction.
“Customer” means the authorized actual user of the PrivacyCenter.cloud Product who has purchased or signed up for the PrivacyCenter.cloud Product after being an Affiliate Lead.
"Customer Data" means all information that Customer submits or collects via the PrivacyCenter.cloud Products and all materials that Customer provides or posts, uploads, inputs or submits for public display through the PrivacyCenter.cloud Products.
“Customer Transactions” means those transactions by Affiliate Leads that are eligible for a Commission pursuant to the ‘Customer Transactions’ section of this Agreement. Customer Transactions may include customer purchases or customer signups, as further described in the Affiliate Tool.
"PrivacyCenter.cloud Content" means all information, data, text, messages, software, sound, music, video, photographs, graphics, images, and tags that we incorporate into our services.
“PrivacyCenter.cloud Products” means both the Subscription Service and Other Products.
“Program Policies Page” means the landing page: https://securiti.ai/terms#affiliate-program-policy where we will provide all the up to date guidelines and policies for the Marketing Affiliate Program.
“Other Products” means those products and services that we offer, which are not included in the PrivacyCenter.cloud Subscription Service (as detailed below).
“Subscription Service” means our web-based data security, compliance and privacy software that is subscribed to, and developed, operated, and maintained by us, accessible via https://securiti.ai/privacy-center/ or another designated URL. For the purposes of this Agreement, the Subscription Service does not include our enterprise plan, legacy products, any implementation, customization, training, consulting, additional support or other professional services, or fees for third-party products or services.
"We", "us", “our”, and “PrivacyCenter.cloud” means Securiti.
“You” and “Affiliate” means the party, other than Securiti, entering into this Agreement and participating in the PrivacyCenter.cloud Marketing Affiliate Program.
Non-Exclusivity
This Agreement does not create an exclusive agreement between you and us. You have the right to recommend similar products of third parties and to work with other parties. However, you must not disclose any confidential information to the third-party, its representatives, and partners.
Affiliate Acceptance
Once you complete an application to become an Affiliate, we will review your application and notify you whether you have been accepted to participate in the Marketing Affiliate Program, or not. Before we accept an application, we may want to review your application with you, so we may reach out to you for more information. We may require that you complete certain requirements or certification(s) before we accept your application. If we do not notify you that you are accepted to participate in the Marketing Affiliate Program within thirty (30) days from your application, your application is considered to be rejected.
If you are accepted to participate in the Marketing Affiliate Program, then upon notification of acceptance, the terms and conditions of this Agreement shall apply in full force and effect, until terminated, pursuant to the terms set forth below. Further, you will need to complete any enrollment criteria set out in the Program Policies Page, if applicable. Failure to complete any enrollment criteria within thirty (30) days of your acceptance will result in the immediate termination of this Agreement and you will no longer be able to participate in the Marketing Affiliate Program.
Your acceptance and participation in the Marketing Affiliate Program does not mean that you will be accepted into any of our Securiti Partner Programs. In order to participate in these programs, you will need to apply in accordance with the relevant application procedure.
You will comply with the terms and conditions of this Agreement at all times, including any applicable Program Policies.
Customer Transactions
Training and Support
We may make available to you, without charge, various webinars and other resources made available as part of our Marketing Affiliate Program. If we make such resources available to you, you will encourage your sales representatives and/or other relevant personnel to participate in training and/or other certifications as we recommend and may make available to you from time-to-time. We may change or discontinue any or all parts of the Marketing Affiliate Program benefits or offerings at any time without notice.
Trademarks
You grant to us a non-exclusive, non-transferable, royalty-free right to use and display your trademarks, service marks and logos (“Affiliate Marks”) in connection with the Marketing Affiliate Program and this Agreement.
During the term of this Agreement, in the event that we make our trademark available to you within the Affiliate Tool, you may use our trademark as long as you follow the usage requirements in this section. You must: (i) only use the images of our trademark that we make available to you, without altering them in any way; (ii) only use our trademarks in connection with the Marketing Affiliate Program and this Agreement; (iii) comply with our Trademark Usage Guidelines; and (iv) immediately comply if we request that you discontinue use. You must not: (i) use our trademark in a misleading or disparaging way; (ii) use our trademark in a way that implies we endorse, sponsor or approve of your services or products; or (iii) use our trademark in violation of applicable law or in connection with an obscene, indecent, or unlawful topic or material.
Proprietary Rights
Confidentiality
As used herein, “Confidential Information” means all confidential information disclosed by a party ("Disclosing Party") to the other party (“Receiving Party”), (i) whether orally or in writing, that is designated as confidential, and (ii) Securiti customer and prospect information, whether or not otherwise designated as confidential. Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party or (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party. The Receiving Party shall: (i) protect the confidentiality of the Confidential Information of the Disclosing Party using the same degree of care that it uses with its own confidential information, but in no event less than reasonable care, (ii) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, (iii) not disclose Confidential Information of the Disclosing Party to any third party, and (iv) limit access to Confidential Information of the Disclosing Party to its employees, contractors and agents. The Receiving Party may disclose Confidential Information of the Disclosing Party if required to do so under any federal, state, or local law, statute, rule or regulation, subpoena or legal process.
Opt Out and Unsubscribing
You will comply promptly with all opt out, unsubscribe, "do not call" and "do not send" requests. For the duration of this Agreement, you will establish and maintain systems and procedures appropriate to effectuate all opt out, unsubscribe, "do not call" and "do not send" requests.
Term and Termination
Affiliate Representations and Warranties
You represent and warrant that: (i) you have all sufficient rights and permissions to participate in the Marketing Affiliate Program and to provision Securiti with Affiliate Leads for our use in sales and marketing efforts or as otherwise set forth in this Agreement, (ii) your participation in this Marketing Affiliate Program will not conflict with any of your existing agreements or arrangements; and (iii) you own or have sufficient rights to use and to grant to us our right to use the Affiliate Marks.
You further represent and warrant that: (i) you will ensure that you are compliant with any trade or regulatory requirements that may apply to your participation in the Marketing Affiliate Program (for example, by clearly stating you are a PrivacyCenter.cloud Affiliate on any website(s) you own where you make an Affiliate Link available); (ii) you will accurately provide in the Affiliate Tool all websites and domains you own where you intend to use Affiliate Links to generate Affiliate Leads; (iii) you will not purchase ads that direct to your site(s) or through an Affiliate Link that could be considered as competing with Securiti’s own advertising, including, but not limited to, our branded keywords; (iv) you will not participate in cookie stuffing or pop-ups, false or misleading links are strictly prohibited; (v) you will not attempt to mask the referring URL information; (vi) you will not use your own Affiliate Link to purchase PrivacyCenter.cloud Products for yourself; and (vii) you will not use any mechanisms to deliver leads other than through an intended consumer. This includes sourcing leads through compilations of personal data such as phonebooks, using fake redirects or other tools or automation devices to generate leads (including but not limited to robots, iframes, or hidden frames), or offering incentives to encourage purchases or signups.
Indemnification
You will indemnify, defend and hold us harmless, at your expense, against any third-party claim, suit, action, or proceeding (each, an "Action") brought against us (and our officers, directors, employees, agents, service providers, licensors, and affiliates) by a third party not affiliated with us to the extent that such Action is based upon or arises out of (a) your participation in the Marketing Affiliate Program, (b) our use of the prospect data you provided us, (c) your noncompliance with or breach of this Agreement, (d) your use of the Affiliate Tool, or (e) our use of the Affiliate Marks. We will: notify you in writing within thirty (30) days of our becoming aware of any such claim; give you sole control of the defense or settlement of such a claim; and provide you (at your expense) with any and all information and assistance reasonably requested by you to handle the defense or settlement of the claim. You shall not accept any settlement that (i) imposes an obligation on us; (ii) requires us to make an admission; or (iii) imposes liability not covered by these indemnifications or places restrictions on us without our prior written consent.
Disclaimers; Limitations of Liability
General
Last Modified: Jan 08, 2024
What Securiti Content You Can Use and How
Content Attribution Policy
Thanks for sharing the content. We appreciate it!
Securiti Inc. is dedicated to the safe and secure development and utilization of AI and related technologies, striving to provide groundbreaking solutions for our customers.
At Securiti Inc., safeguarding customer data is our top priority. We have implemented a range of security measures to ensure the protection of customer data. All AI model/system training employs public or synthetic data; no customer data is utilized. Securiti provides capability to train custom document types on customer data that is explicitly managed by the customer and the model is under the sole ownership of the customer where Securiti and other tenants have no access to the said model.
Embracing open communication, Securiti offers transparency by providing insights into the capabilities and limitations of our AI systems. Upon request, stakeholders can access detailed information about these systems.
Our focus at Securiti lies in developing AI systems with a strong emphasis on privacy and security to safeguard private and confidential information effectively. Stringent controls are in place to shield AI systems from potential threats and vulnerabilities.
A comprehensive control program oversees risk management, minimizing issues associated with AI while ensuring reliable, secure, ethical operation in compliance with various regulations and industry standards.
We prioritize compliance with evolving laws, regulations, and industry standards concerning AI technology. Our commitment extends to continuously enhancing our AI practices in alignment with emerging innovations and requirements.
At Securiti, our mission is to enable organizations to safely harness the incredible power of Data & AI.
Copyright © 2025 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
3155 Olsen Drive
Suite 350
San Jose, CA 95117
January 20, 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
January 15, 2025
While the cloud has offered the world immense growth opportunities, it has also introduced unprecedented challenges and risks. Solutions like Cloud Security Posture Management...
January 15, 2025
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
January 2, 2025
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
December 24, 2024
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
November 1, 2024
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
October 29, 2024
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
August 12, 2024
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
June 3, 2024
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
January 29, 2024
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
May 20, 2025
Across industries, AI systems are no longer just tools acting on human prompts. The AI landscape is evolving rapidly, and AI systems are gaining...
May 18, 2025
Still adapting to the initial Gen AI boom, the IT industry is now undergoing another profound evolution- the rise of Agentic AI. AI has...
May 22, 2025
Here are the top 10 data security risks for businesses in 2025, along with the best practices, measures, and solutions businesses can adopt to...
May 22, 2025
This blog discusses the importance of a sound data security policy, its essential elements, and how best to implement it across the organization.
May 25, 2025
Get insights into the EDPB’s AI Auditing project, which aims to map, develop, and pilot tools that help evaluate the GDPR compliance of AI...
May 20, 2025
Learn about regulatory frameworks, enforcement actions, privacy challenges, practical recommendations, how Securiti helps and more.
May 25, 2025
Download the infographic on the European Health Data Space Regulation, which features a clear timeline and roadmap highlighting key legislative milestones, implementation phases, and...
April 24, 2025
Download the infographic to compare Records of Processing Activities (RoPA) field requirements across jurisdictions. Learn its importance, penalties, and how to navigate RoPA.
January 7, 2025
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
November 18, 2024
DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...
