SERVERSCAN SUBSCRIBER AGREEMENT
IMPORTANT—PLEASE READ THESE TERMS CAREFULLY BEFORE APPLYING FOR OR USING SERVERSCAN’S PCI OR VULNERABILITY SCANNING SERVICES. BY USING OR APPLYING FOR THE SERVICES OR BY CLICKING “I ACCEPT” BELOW, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, THAT YOU UNDERSTAND IT, AND THAT YOU ACCEPT THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT ACCEPT OR USE THE SERVICES. THIS AGREEMENT CONTAINS A BINDING ARBITRATION CLAUSE.
This subscriber agreement is between you, as either an individual or organization, and ServerScan, LLC. the entity providing the secure scanning services. By using the services, you agree as follows:
1. Use of the Services
1.1. License. ServerScan grants you a revocable, non-exclusive, non-transferable, and limited license to use the purchased ServerScan’s vulnerability scanning services, as selected during the registration process, to identify vulnerabilities associated with a scanned device, website, or other Internet-connected system (“System”). You may only use the services on Systems under your control or where the System’s owner has provided you direct authorization to use the services. You may use the services only for lawful purposes and in accordance with any documentation provided by ServerScan.
1.2. Information. You shall only provide accurate and correct information in connection with the services. You must notify ServerScan promptly if any information provided is inaccurate or misleading.
1.3. Account. You shall keep the username and password protecting your account confidential. You are responsible for an activities and scanning services requested through your account. You must notify ServerScan immediately if there is any unauthorized use of your account.
1.4. Scanning. ServerScan’s services are intended to provide information about well-known vulnerabilities only. The services are not intended to detect all possible vulnerabilities or fix, prevent, or eliminate vulnerabilities associated with the scanned System. ServerScan does not guarantee the results of the scan, and you are solely responsible for securing and protecting your systems against vulnerabilities. The number and types of scans are changed regularly, and ServerScan may modify the scanning services without notice and in its sole discretion.
1.5. Site Seal. ServerScan grants you a license to display the site seal applicable to the provided services in connection with a System receiving a passing result from the vulnerability scanning services. The System may only display the site seal in the manner specified by ServerScan and only to indicate that the System passed the provided scanning service. You may not display the site seal in a manner that misrepresents the extent of ServerScan’s services or could foreseeable result in legal action being taken against you or Secure Scan. You shall cease displaying the ServerScan site seal in connection with any System that fails to achieve a passing result within two days of failing a scan. You may resume displaying the applicable site seal immediately after the System receives a new passing grade from the scanning service.
1.6. Promotions. ServerScan may occasionally offer promotions with its services, such as a free trial account. ServerScan may make promotions unavailable at any time and may terminate trial accounts at any time. Promotions are limited to one per customer and may not be combined with other promotions or discounts.
1.7. Compliance. You shall comply with all laws and regulations related to use of the services, not use the services to interfere with a third party’s use of their network or Internet system, and not use the service to infringe on the intellectual property or privacy rights of a third party. You may not use the services to discover vulnerabilities that can be used to unlawfully access third party domains. You are responsible for all equipment and necessary required to use the vulnerability scanning services. You must (1) comply with all regulations, policies and procedures of networks where the services are used;
(2) not use the services to infringe on the rights of any third party; and (3) not use the services in a manner that could harm ServerScan’s business or reputation.
2. Data
2.1. Collected Information. You consent to ServerScan collecting and submitting information about your scanned Systems to ServerScan’s cloud servers, which are located in the United States. This information may contain personally identifiable information. ServerScan stores and uses this information in accordance with the privacy policy posted on its website, including improving the services, and updating the services, marketing the services. ServerScan does not license or sell collected information. ServerScan may disclose this information in connection with providing the services to you and for the reasons specified in the privacy policy.
2.2. Protection of Data. Although ServerScan has taken reasonable steps to protect data by building systems with high levels of security, there are risks of compromise beyond ServerScan’s control. ServerScan is not liable for any loss of data or information.
2.3. Emails. By subscribing to the Services, you opt into receiving further communication from ServerScan and its partners. You may opt-out of receiving additional communication (other than the communication necessary to provide ordered services, enforce this agreement, and provide notice) and any use of the information not directly related to the services by emailing a clear notice to privacy@serverscan.com.
3. Termination
3.1. Term. This agreement is effective when you activate your account or use the services and lasts until terminated by either you or ServerScan. You may terminate this agreement at any time by deactivating your account and sending a clear notice of termination to cancel@serverscan.com. Termination requests are processed within two business days after receiving an email at the correct address. The licenses granted herein are immediately revoked and this agreement automatically terminates if you breach this agreement. ServerScan may terminate this agreement at any time by closing your account or posting notice of the termination on its website.
3.2. Fees. You shall pay all fees related to services ordered through your ServerScan account, regardless of whether you used the services or the scanned System received a passing result from the security scanning service. Fees are owed in advance of each scan. ServerScan may provide a refund on fees paid in its sole discretion if the refund is requested within 30 days of ordering the scan. Although refunds are paid in ServerScan’s discretion, ServerScan typically only provides a refund if the System failed to pass a scan, ServerScan’s support service was promptly contacted and unable to assist you in passing the scan, and the refund is requested in writing within 30 days of ordering the services. ServerScan may revise its fees at any time by updating the pricing in your account. You must raise any concerns regarding the amount owed for services with SecureSan within 30 days of when the services are purchased as after 30 days, no refunds are provided. If the services are a purchased subscription, ServerScan may automatically charge your credit card, without additional notice, for all fees owed. No refunds are provided upon termination, and any outstanding balance for services remain owed post termination.
3.3. Events on Termination. Upon termination, you must immediately cease using the services. Upon termination, all rights and obligations under this agreement cease except ServerScan’s rights under section 2.2 and 2.3, your indemnification obligations under section 4, the limitation on damages under section 5, the arbitration requirement under section 6, and the miscellaneous obligations under section 7.
4. Indemnification
4.1. Indemnification. You shall indemnify ServerScan and its affiliates, and their directors, officers, contractors, employees, and agents (each an “Indemnified Person”) against all liabilities, losses, expenses, or costs (including reasonable attorney’s fees) that are brought by a third party and that are related to, directly or indirectly, your use of the services, your infringement on the rights of a third party, or your breach of this agreement.
4.2. Indemnification Procedure. ServerScan will notify you promptly of any demand for indemnification. However, ServerScan’s failure to notify will not relieve you from your indemnification obligations. You may assume the defense of any action, suit, or proceeding giving rise to an indemnification obligation unless assuming the defense would result in potential conflicting interests as determined by the Indemnified Person in good faith. You may not settle any claim, action, suit or proceeding related to this agreement unless the settlement also includes an unconditional release of all Indemnified Persons from liability.
4.3. Additional Liability. Your indemnification obligations are not ServerScan’s sole remedy for a breach of this agreement and are in addition to any other remedies ServerScan may have against you. Your indemnification obligations survive the termination of this agreement.
5. Disclaimers and Limitation of Liability
5.1. Disclaimer; Assumption of Risk. THE SERVICES ARE PROVIDED “AS-IS” AND SERVERSCAN EXPRESSLY DISCLAIMS ALL IMPLIED AND EXPRESS WARRANTIES IN THE SERVICES. THIS DISCLAIMER INCLUDES ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, AND IT IS EFFECTIVE TO THE MAXIMUM EXTENT ALLOWED BY LAW. SERVERSCAN DOES NOT GUARANTEE THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS OR THAT THE SERVICES WILL DETECT ALL KNOWN VULNERABILITIES. SERVERSCAN DOES NOT WARRANT THAT ANY RECOMMENDED REMEDIATION WILL REMEDY OR CURE A DETECTED VULNERABILITY. YOU ARE SOLELY RESPONSIBLE FOR ENSURING THE SECURITY OF YOUR SYSTEMS. If any legal right disallows or limits an exclusion of warranties, then the disclaimers herein apply to the maximum extent allowed by law.
5.2. Damage Limitation. SERVERSCAN’S MAXIMUM LIABLITY RELATED TO THE SERVICES IS LIMITED TO THE AMOUT YOU PAID FOR THE SERVICES. SERVERSCAN IS NOT LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING DAMAGES FOR LOST PROFITS, DATA, REVENUE, OR GOODWILL, EVEN IF SERVERSCAN WAS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. These limitations apply to the maximum extent permitted by law regardless of 1) the reason for or nature of the liability, including tort claims, 2) the number of claims, 3) the extent or nature of the damages, or 4) whether any other provisions of this agreement have been breached or proven ineffective.
5.3. Limitations on Remedy. Except for actions and claims related to a party’s indemnification obligations, all actions or claims related to this agreement must be brought within one year from the date when the cause of action occurred.
6. Arbitration
6.1. Disputes. To the extent permitted by law, you will notify ServerScan of any dispute arising under this agreement before seeking dispute resolution. If the dispute is not resolved within sixty days after initial notice, then a party may proceed to resolve the dispute by arbitration conducted through the services of the American Arbitration Association (“AAA”).
6.2. Notice and Hearing. The party initiating the arbitration must send notice to the other party. All arbitration hearings will be in Orem, Utah by a single arbitrator that is mutually agreed to by the parties. If the parties cannot agree to an arbitrator, the parties will use one selected by the AAA.
6.3. Costs. The parties will split the costs of the arbitrator equally regardless of the final decision; however, the party found in default of this agreement by the arbitrator will pay all costs of the other party that are incurred in enforcing its rights under this agreement (including attorney’s fees).
7. General Provisions
7.1. Notices. You shall send notices to ServerScan in English writing to ServerScan, 50 Church Street, American Fork, UT 84003. ServerScan provides notices to you by posting the notice on the ServerScan website or through your Account. Notices to you are effective when posted. Notices to ServerScan are effective upon receipt.
7.2. Entire Agreement. This agreement is the entire agreement between the parties with respect to the services, superseding all other agreements that may exist with respect to the subject matter. Nothing herein modifies or affects the terms of any agreement covering ServerScan’s other products and services. ServerScan may amend this agreement in its sole discretion to the extent allowed by law. ServerScan will give you notice of these amendments by posting the modified agreement to its website. You shall periodically visit ServerScan’s website to be aware of any changes. Continued use of the services after an amendment constitutes your acceptance of the change. A party’s failure to enforce a provision of this agreement does not waive the party’s right to enforce the same provision later or right to enforce any other provision of this agreement. All waivers must be both in writing and signed by the party benefiting from the waived provision.
7.3. Force Majeure and Internet Frailties. Neither party is liable for a delay or failure to perform an obligation to the extent that the delay or failure is caused by an occurrence beyond the party's reasonable control. Each party acknowledges that the operation of the Internet is beyond the other party’s reasonable control.
7.4. Governing Law and Venue. The laws of the state of Utah govern the interpretation, construction, and enforcement of this agreement and all proceedings arising out of it, including tort claims, without regard to any conflicts of law principles. The parties will commence all proceedings or legal action arising from this agreement in the state or federal courts of Utah, which courts have non-exclusive venue and jurisdiction over proceedings related to the services or this agreement.
7.5. Assignment. You may not assign any of your rights or obligations under this agreement, whether by merger, consolidation, operation of law, or any other manner, without the prior written consent of ServerScan. For purposes of this section only, a change in control is deemed an assignment. Any transfer without consent is void. To the extent allowed by law, ServerScan may assign its rights and obligations without your consent.
7.6. Severability. Any provision held invalid or unenforceable will be reformed to the minimum extent necessary to make the provision valid and enforceable. If reformation is not possible, the provision is deemed omitted and the balance of the agreement remains valid and enforceable.
7.7. Rights of Third Parties. There are no third party beneficiaries under the agreement.
ACCEPTANCE
BY CLICKING “I ACCEPT”, YOU REPRESENT THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT AND THAT YOU WILL BE BOUND BY AND COMPLY WITH ALL OF ITS TERMS. DO NOT CLICK “I ACCEPT” IF YOU DO NOT ACCEPT THIS AGREEMENT.