Terms & Conditions : End User Agreement

This End User Assessment Agreement (“Agreement”) is entered into by and between Security Phoenix, Ltd., a Company incorporated in England and Wales with offices at 124 City Road, EC1V 2NX London, UK, (“Security Phoenix”) and the Customer entity identified on an order referencing this Agreement (“Customer”). The parties to this Agreement may be referred to as a “Party” singularly or the “Parties” collectively. In consideration of the promises and mutual agreements contained herein, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, and intending to be legally bound hereby, Phoenix Security and Customer agree as follows:


1.     Definitions.


“Affiliate” means an entity controlled by, controlling, or under common control by a Party during the period such control exists. For the purposes hereof “control” means the power to direct the operation, policies, and management of an entity through the ownership of more than fifty percent (50%) of the voting securities of such entity, by contract, or otherwise.

“Aggregated Data” means Statistical Data that is aggregated with Assessment results of other parties and does not allow for the identification of an Application or Customer.

“Application(s)” means a supported software application, owned by Customer and/or its Affiliates (provided that the Application may contain third party software components licensed by Customer and/or its Affiliates) or (ii) an Application licensed by Customer from a third party, which is designated for Assessment by Customer and composed of one or multiple components.

“Components(s)” means a supported software element (repository, web api…), owned by Customer and/or its Affiliates (provided that the Application may contain third party software components licensed by Customer and/or its Affiliates) or (ii) an Application licensed by Customer from a third party, which is designated for Assessment by Customer.


“Assess(es)(ed)(ment)” means the analysis performed by Phoenix Security on an Application, Components or a portion of an Application as part of a particular Solution.

“Authorized Recipient” means an entity, only as designated by Customer, to receive the summary results of an Assessment via an electronic prompt in the Solution Platform.

“Available” or “Availability” is expressed as the number of minutes during a particular calendar month, as calculated by Phoenix Security, that the Solution Platform was available for Customer to successfully transmit data to, and receive data from Phoenix Security using the Solution Platform, excluding maintenance time.

“Availability Percentage” is expressed as the percentage defined as (i) the Availability less any Unavailability during any particular calendar month, divided by (ii) the total number of minutes in such calendar month.

“Business Day(s)” means Monday through Friday, GMT, excluding Phoenix Security recognized holidays.

“Confidential Information” means any information, whether disclosed in written, oral, electronic or visual form, which is identified as confidential at the time of disclosure or should reasonably be understood to be confidential given the nature of the information and the circumstances surrounding the disclosure, including without limitation business, operations, finances, technologies, products and services, pricing, personnel, customer and suppliers, other proprietary information and (i) with regard to Customer, Customer Data, Customer Components, Business application, threat intelligence, Credentials and Keys, the Customer Applications, and information regarding the specific security vulnerabilities of the Customer Applications, Components, Cloud environments, infrastructure environments and, subject to Phoenix Security’s ownership of the Phoenix Security Property, the Reports and Document Output. The existence of this Agreement shall not be considered Confidential Information; however, the economic terms of this Agreement, inclusive of pricing, discounts, shall be considered Confidential Information.

“Customer Data” means any Customer data, information, or content (including the Applications, Component, Cloud elements and any Assessment including the individual vulnerabilities results thereof) provided by, or on behalf of, Customer to Phoenix Security in connection with its use of a Solution but excludes personal data. It is agreed and acknowledged that Customer owns and retains all rights, inclusive of all intellectual property rights, to all Customer Data.

“Document Output” means any type of Solution output, other than a Report, which may include but is not limited to presentations, slide decks, or other document provided or made available by Phoenix Security, through the Solution Platform, or otherwise.

“Documentation” means any user guides, help windows, Solution descriptions and other documents relating to the use, performance, or technical information, of a Solution made available via the Solution Platform by Phoenix Security at https://kb.phoenix.security or via e-mail at support@phoenix.security .

“Force Majeure Event” means any act or event, or circumstances beyond a Party’s reasonable control, which prevents a Party from performing its obligations under this Agreement, including but not limited to acts of God, epidemic, pandemic, terrorist acts, acts of war labor strikes and other labor disturbances, or power surges or failures.

“Internal Use” means customary business use and not use for compensation of any kind.

“Order Form(s)” means a sales order and/or statement of work referencing this Agreement, which has been mutually agreed to by the Parties either (i) in a mutually signed writing or explicitly agreed via the Platform or Software (ii) by a Customer issued purchase order expressly referencing a Phoenix Security provided sales order, that describes the particular Solution(s) ordered, the quantity of Solution(s) ordered, the fees for the Solution(s) and the Subscription Term. If Customer licenses the Solution(s) through a Phoenix Security authorized reseller, an Order may be entered into between Phoenix Security and the authorized reseller for Customer’s use.


“Report(s)” means any report (or any portion of a report) accessible through the Solution Platform (or provided by such other means as mutually agreed by the Parties), that provides the results of an Assessment relating to an Application.

“Software” means any software provided by Phoenix Security which and may be used by Customer in conjunction with a licensed Solution, such as agents, APIs, virtual appliances, and certain e-Learning course content, and which may be subject to separate terms.

“Solution(s)” means the particular security related solution(s) stated in an Order or order (including, in the case of any Solution provided on a software as a service basis, the Solution Platform and any Phoenix Security content provided as a part thereof), the Software, the Documentation, and any updates to the particular Solution made available by Phoenix Security from time to time, in its sole discretion. As used herein, the term Solution specifically excludes all Applications.

“Statistical Data” means high level, anonymized statistical information that Phoenix Security has complied relating to Assessments, which does not identify an Application or Customer.

“Subscription Term” means the time period during which Customer has access to certain Solution(s) and/or support as set forth in an applicable Order.

“Support Package” means the technical assistance described in the Phoenix Security Technical Support Services and Service Levels page posted at Terms of Support  . The document posted at such link shall be effective for the entirety of a Subscription Term.

“Third Party” means a third-party software provider that designates an Application for Assessment by Phoenix Security.

“Unavailable” or “Unavailability” is expressed as the number of minutes during a particular calendar month that the Solution Platform was not Available to Customer, but expressly excludes any time the Solution Platform was not Available as a result of (i) any planned maintenance and support (which Phoenix Security shall endeavor to post notice of on the Solution Platform at least one (1) Business Days in advance); or (ii) any unanticipated maintenance; or (iii) a Force Majeure Event as described in the Agreement.

“Users” means anyone granted access to a Solution by Customer as permitted under this Agreement.

“Phoenix Security Property” means any Phoenix Security technical information, e- Learning or other course content, techniques, ideas, methods, processes, software, interfaces, utilities, data, documents, directories, designs, user interfaces, know-how, intellectual property, information or materials of any kind (regardless of form) which has been or is acquired, created, developed or licensed by Phoenix Security prior to or outside the scope of this Agreement and any improvement, modification or other derivative works thereof and all intellectual property rights therein; and expressly includes, without limitation, the Solution, Solution Platform, Reports and Document Output templates.


2.     Orders.

      An order shall be deemed placed when the Parties enter into one or more Order Forms which reference this Agreement, each of which shall be incorporated herein by reference. An Affiliate may enter into an Order Form pursuant to this Agreement, and by doing so, agrees to be bound to the terms of this Agreement. Customer shall be responsible for the compliance of its Affiliates with the terms and conditions of this Agreement.


3.     License Grants.

Any and all rights not expressly granted herein are reserved by Phoenix Security. All rights and licenses granted herein are subject to the terms of this Agreement.

3.1.                Phoenix Security Solution License. Phoenix Security grants Customer a non- exclusive, non-transferable right and license, during the Subscription Term, to (i) access and use the Solution(s) stated in an Order Form solely for Customer’s Internal Use; (ii) access and use Software, if any, solely at a Customer owned or controlled site; and (iii) access and use each Report and/or the Document Output made available via the Solution Platform subject to the terms of this Section 3

3.2.                Phoenix Security Report and Document Output License. For each Application, Cloud Components, Application Component, Infrastructure Asset Assessed or derived from third party scanner assessment as part of the Solution, Phoenix Security will make available to Customer a Report containing the results of the Assessment with recommendations on what to fix first. The recommendation are subject to threat intelligence and are to be considered only a suggestion. As Such Phoenix Security shall not undergo any liability as consequence of decisions taken as consequence of the suggestions. Customer shall own all right, title, and interest to each Report, subject to Phoenix Security’s ownership of any Phoenix Security Property contained therein. Phoenix Security grants Customer an exclusive, transferable, perpetual, worldwide license to access, use and reproduce each of the Report and Document Output, and any Phoenix Security Property incorporated therein, solely for Internal Use. Customer grants Phoenix Security the right to provide Authorized Recipients with high level status updates regarding the status of the Assessment and the availability of the Report solely upon Customer request.

3.3.                Customer Applications and Customer Data License. Customer grants Phoenix Security a limited, non-exclusive right and license, during the Subscription Term, to (i) use, access, reproduce, and store each Application and use the Customer Data solely to the extent necessary to provide the Solution and/or perform its obligations under this Agreement; (ii) create, reproduce, store, make available and transfer Reports; (iii) collect, modify and analyze meta data and/or operations data which does not contain any Customer Data, such as log files and transaction counts; and (iv) create Statistical Data and Aggregated Data, each of which shall be anonymized. Customer grants Phoenix Security, for a perpetual license term thereafter, the right to use, reproduce, store, publish, license, and transmit the Statistical Data included within the Aggregated Data. Phoenix Security will not expose or attempt to derive the source code of any Application. Except as expressly licensed herein, (i) Customer and its Affiliates (and/or their licensors) shall retain all right, title and/or interest to the Applications and Customer Data and all intellectual property rights therein, and (ii) Phoenix Security shall obtain no right or license thereto.

3.4.                Third Party Application Assessments and Reports. If Customer chooses to have an Application Assessed that is owned or licensed by a Third Party, Phoenix Security will only perform such Assessment if Phoenix Security and such Third Party enter into a separate written, signed agreement in a form acceptable to Phoenix Security. Customer hereby grants Phoenix Security the right to use Customer’s name in Phoenix Security’s communications to such Third Party for such purpose. Upon completion of such Assessment, such Third Party shall own the detailed Report relating to the Assessed Application, Cloud, Components and Infrastructure assets, and Phoenix Security shall make available to Customer a summary version of the Report containing the results of the Assessment. Customer is hereby granted a non-exclusive, non- transferable, perpetual, worldwide license to access, use and reproduce the summary version of such Report and any Phoenix Security Property contained therein, solely for Customer’s and its Affiliates’ Internal Use.


4.     Access and Acceptable Use.

4.1.                Access to Applications. Customer agrees to make the Applications to be Assessed available to Phoenix Security in accordance with Phoenix Security’s submission specifications. Each Application shall be provided in a form mutually agreed to by the parties, including, but not limited to, executable object code form (unless the particular Application is only deployed in source, in which case Customer will provide source) or, in the case of a web Application, by providing the URL. Customer is responsible for providing the systems, servers, software and network and communications necessary to connect to and utilize the Solution.

4.2.                Solution and Solution Platform Access. Customer will register a primary administrative User. Such administrative User is authorized to set up Customer’s account, including creating subaccounts for additional Users, each of which shall have unique login IDs and passwords. Customer shall be responsible for the acts or omissions of all of its Users.

4.3.                Acceptable Use. Customer and its User shall not:


  • use the Solution(s) except as contemplated by this Agreement;
  • use the Solution(s) in any manner that is in breach of any law or regulation;
  • make the Solution available to any third party not authorized or as otherwise contemplated by this Agreement;
  • send Applications, Connections,  strings, input, or code that can harm or result in damage to the Solution(s) (including but not limited to malicious code and malware);
  • willfully interfere with or disrupt the integrity of the Solution(s) or the data contained therein;
  • attempt to gain unauthorized access to the Solution(s) or its related systems or networks;
  • use the Solution(s) to provide services to, or on the behalf or benefit of, third parties except as expressly permitted by the Agreement;
  • remove or modify any program markings or any notice of Phoenix Security’s or its licensors’ proprietary rights;
  • modify or attempt to expose the source code of or attempt to recreate any software which forms a part of the Solution(s), or Software;
  • perform or disclose any benchmark or performance tests on the Solution(s);
  • perform or disclose any of the following security testing of the Solution(s), or associated infrastructure: network discovery, port and service identification, vulnerability scanning, password cracking, remote access testing, penetration testing or any other test or procedure not authorized in the Documentation;
  • provide any health, payment card or similarly sensitive personal information in its use of the Solution or Solution Platform that imposes specific data security obligations for the processing of such data unless it is a supported feature in the Documentation of the applicable Solution; or
  • use the Solution(s) or Solution Platform and any of the features thereof, or any APIs, in a manner that effects the stability or accessibility of the Solutions.

Customer agrees that it, and its Users shall, if notified by Phoenix Security that such Customer or User utilization has been determined by Phoenix Security to be the cause of stability or accessibility issues, immediately cease such usage. Customer further agrees to promptly notify Phoenix Security upon learning of any unauthorized use of Customer’s accounts or any other breach of security related to the rights granted under this Agreement. Upon such notification, or if Phoenix Security learns of any malicious activity associated with any Customer or User account, Phoenix Security may temporarily suspend such accounts to mitigate the effects of any security event or malicious activity, and when reasonably practicable and lawfully permitted, will provide Customer with notice of any such suspension. Phoenix Security will use reasonable efforts to re- establish any temporarily suspended account promptly after the issue causing the suspension has been resolved.


Phoenix Security reserves the right to refuse registration of, or to cancel login IDs of any Users who violate the terms of this Agreement; and/or limit or remove Customer access to the Solution or Solution Platform for usage of quantities in excess of the quantity stated in an Order. Customer is responsible for payment of fees for any use of the Solution(s) in excess of the quantity stated in an Order Form.

4.4 Phoenix Security reserve the right to suspend the accounts for in case the user has more asset than authorized (after expiration of license over the grace period). After Expiration of license and grace period the user are transitioned to a standard account and if the asset limit is not rectified Phoenix Security reserves the right to suspend the account after 30 days from the downgrade.

Phoenix Security reserves the right to change the terms and conditions and offers 1 week notice to users to disconnect from the service if not in agreement.

4.5 Phoenix Security reserve the right to contact and suspend the accounts to professional license or standard license if trial period is over and the usage is still above the allowed


5.     Maintenance, Modifications, Availability and Service Levels.

5.1.                Maintenance. Phoenix Security shall endeavor to post all scheduled maintenance periods notified on the platform banner, no less than forty-eight (48) hours prior to such scheduled maintenance. There may be instances where Phoenix Security must perform unanticipated maintenance on a Solution or the Solution Platform to maintain the stability or accessibility of the Solution or Solution Platform for all customers and users. In such cases, Phoenix Security will post a notice of such maintenance period as soon as practicable and may temporarily suspend access to the Solutions and/or the Solution Platform during such maintenance period. Such suspension for such unanticipated maintenance period shall not be considered Unavailability. Phoenix Security shall immediately restore access upon completion of such unanticipated maintenance.

5.2.                Modifications. Phoenix Security reserves the right to modify the Solutions and Solution Platform from time to time in an effort to improve the functionality of the Solutions and Solution Platform, however such changes shall not materially reduce the functionality provided during the Subscription Term.

5.3.                Solution Platform Availability. Phoenix Security shall maintain the Availability Percentage of the Solution Platform in line with the service level described in the web page Terms of Support

5.4.                Service Levels. Service levels associated with support response times are described at the page posted at Terms of Support. The content posted at such page is effective as posted for entirety of a Subscription Term on the Order Form.


6.     Confidentiality and Security.

6.1.                Confidentiality. During the term of this Agreement and continuing for a period of twelve (12) months after termination of this Agreement, unless superseded by an NDA, each Party shall retain in confidence, and not use except for the purposes described in this Agreement, the Confidential Information of the other Party disclosed by such Party or its Affiliates or made available in connection with this Agreement. The receiving party will use the same degree of care and discretion (but not less than reasonable care) to avoid disclosure, publication, or dissemination of the disclosing party’s Confidential Information as it uses with its own information of a similar nature. Except as authorized in this Agreement, the receiving party will not disclose the Confidential Information of the disclosing party to a third party other than to its or its Affiliates’ employees, contractors, agents or advisors in connection with its performance of this Agreement and the receiving party shall be liable to the disclosing party for any violation of this Agreement by such persons. Confidential Information shall not include information that (a) is publicly known at the time of disclosure, (b) is lawfully received from a third party not bound in a confidential relationship with the disclosing party, (c) is published or otherwise made known to the public by the disclosing party, or (d) was or is generated independently without use of the disclosing party’s Confidential Information. The receiving party may disclose Confidential Information as required to comply with orders of governmental entities that have jurisdiction over it or as otherwise required by law, provided that the receiving party (i) to the extent permitted by the governmental order or law, gives the disclosing party reasonable advance written notice to allow the disclosing party to seek a protective order or other appropriate remedy , (ii) discloses only that portion of the Confidential Information as is required, and (iii) uses commercially reasonable efforts to obtain confidential treatment for any Confidential Information so disclosed. Notwithstanding anything herein to the contrary, provided that Phoenix Security does not use or disclose Customer Confidential Information, Phoenix Security shall be free to use, exploit and disclose its general skills, concepts, ideas, know-how, and expertise gained or learned during the course of this Agreement, and Phoenix Security shall not be restricted from creating output for other customers which is similar to that provided to Customer. Each Party owns and retains all rights, inclusive of all intellectual property rights, to their respective Confidential Information. In case there is an NDA the NDA agreement will take precedence over this Agreement

6.2.                Security. Phoenix Security shall maintain, use, and process any Customer Confidential Information in compliance with all applicable laws. Phoenix Security shall establish and maintain administrative, physical and technical safeguards designed to guard against the destruction, loss, or alteration of Customer Confidential Information. Without limiting the foregoing, Phoenix Security shall at all times in connection with this Agreement: (i) maintain and enforce security measures and procedures with respect to its processing of Customer Data and Customer Confidential Information consistent with commercially reasonable industry practices and standards;

(ii)       provide technical and organizational safeguards designed to protect against accidental, unlawful or unauthorized access to or use, destruction, loss, alteration, disclosure, transfer, commingling or processing of such information and ensure a level of security appropriate to the risks presented by the processing of such information and the nature of such information, consistent with commercially reasonable industry practice and standards;

(iii)      take commercially reasonable measures to secure the Solution Platform against “hackers” and others who may seek, without authorization, to disrupt, damage, modify, access or otherwise use the Solution Platform or the information found therein; (iv) take commercially reasonable measures to logically separate Customer Confidential Information from that of other customers. Phoenix Security shall periodically test and continuously monitor its systems for potential areas where security could be breached and shall also periodically conduct security testing, including penetration testing. Phoenix Security shall be solely responsible for its information technology infrastructure, including all computers, software, databases, electronic systems and networks that are owned or controlled by Phoenix Security that may be used by Phoenix Security to access Customer’s systems or otherwise in connection with the Solutions. To the extent that Phoenix Security utilizes service providers or subcontractors in connection with the performance of the Solutions, Phoenix Security acknowledges that this provision applies equally to any such service provider or subcontractor, such service provider or subcontractor will possess a level of security and data protection equal to Phoenix Security and Phoenix Security shall be responsible for such service providers and subcontractors in accordance with the terms of this Agreement.


7.   Representations and Warranties; Disclaimer.

7.1.                General Warranties. Each Party represents and warrants to the other party that (i) it has and shall have all the necessary rights, approvals, consents and permissions to enter into this Agreement and to grant the rights and licenses herein, and (ii) the execution, delivery and performance of this Agreement does not and will not conflict with any agreement, instrument, judgment or understanding, oral or written, to which it is a party or by which it may be bound.

7.2.                Customer Data Warranty. Customer represents and warrants that it has the right to disclose all Confidential Information Customer provides to Phoenix Security for the purpose of enabling Phoenix Security to perform its obligations under this Agreement.

7.3.                Solution Performance Warranty. Phoenix Security represents and warrants that the Solution will be provided as described in the applicable Order Form, by qualified personnel in a professional manner, and will comply in all material respects with applicable Documentation. In order to state a claim for breach of this Solution performance warranty, Customer must provide notice of such non-compliance within the thirty (10) day period following such non-compliance (such as, for example, within thirty (10) days from date of performance of the part of a particular Assessment or delivery of a Report with respect to an Assessment) specifying the details of such noncompliance. If Customer timely provides Phoenix Security with the required notice, as Customer’s sole and exclusive remedy and Phoenix Security’s sole and exclusive liability for breach of warranty, Phoenix Security shall re-perform such portion of the Solution or otherwise use commercially reasonable efforts to correct any such non-compliance, at its expense, within thirty (90) days of its receipt of such notice. During any trial period, this warranty shall not apply.



8.   Indemnification.

8.1.  Phoenix Security’s Indemnity. Phoenix Security shall defend and indemnify Customer and its Affiliates and their officers, directors and employees (the “Customer Indemnitees”) against actual damages, costs and expenses, including reasonable attorneys’ fees, suffered by the Customer Indemnitees arising out of a third party claim that (i) the Solution infringes or violates any valid patent, copyright, or trademark or misappropriates a third party’s trade secret or (ii) Phoenix Security is not the owner or licensee of any Phoenix Security Property, including without limitation the Solution and/or does not have the right, title and/or interest to grant the license rights provided for herein and make available the Solution; provided that, in each case, Phoenix Security shall not be responsible for any claim to the extent arising from or relating to (a) Customer’s unauthorized use of the Solution; or (b) any Applications or any Customer Data used in combination with the Solution if the claim would not have arisen but for such combination.

8.2.      Customer’s Indemnity. Customer shall defend and indemnify Phoenix Security and its Affiliates and their officers, directors and employees (the “Phoenix Security Indemnitees”) against any actual damages, costs and expenses, including reasonable attorneys’ fees, suffered by the Phoenix Security Indemnitees arising out of any third party claim that Customer and/or its Affiliates (i) are not the owner or licensee of each Application and any Customer Data or (ii) do not have the right, title and/or interest to grant the license rights provided for herein and to submit and designate for Assessment each Application and any Customer Data for the purposes of allowing Phoenix Security to provide the Solution and produce the Reports or Document Output.

8.3.      Indemnity Procedures. The indemnifying party shall conduct and have sole control of the defense and settlement of any claim for which it has agreed to provide indemnification; provided that the indemnified party shall have the right to provide for its separate defense at its own expense. The indemnified party shall give prompt notice of all claims for which indemnity is sought and shall cooperate in defending against such claims, at the expense of the indemnifying party. The rights and remedies set forth in this


Section 8 state each Party’s exclusive liability and exclusive rights and remedies with regard to claims made by a third party for intellectual property infringement or violation of a third party’s intellectual property rights.


9 Limitation of Liability.



Without limiting the foregoing, except to the extent arising from Phoenix Security’s GROSS negligence or intentional misconduct, Phoenix Security shall not have any liability for losses, claims or damages for any harm or disruption of Customer’s systems or applications arising out of penetration tests or simulated attacks which may be provided by Phoenix Security as part of a particular Solution in accordance with the terms of this Agreement.

10.       Term and Termination.

10.1.    Term of Agreement. This Agreement shall commence on the Effective Date and will continue thereafter until sixty (60) days after the expiration of the last to expire of any existing Order Forms which are then in effect at the time of such notice of termination (the “Term”).

10.2.    Termination of an Order Form for Breach. A Party may terminate this Agreement for material breach by the other Party, provided that in each instance of a claimed breach: (i) the non-breaching party notifies the breaching party in writing of such material breach within thirty (30) days of its occurrence and (ii) the breach is not cured within thirty (30) days of receipt of such notice. An Order Form may only be terminated (in whole or in part) by a Party if the other Party fails to cure a material breach of the terms of such Order Form or of this Agreement as it relates to the terms of such Order Form within thirty (30) days after receiving written notice of the material breach from the non-breaching party. The termination of a particular Order Form shall not impact the validity of other Order Forms.

10.3.    Effect of Termination. Upon any termination or expiration of this Agreement, all rights and obligations of the Parties shall end, other than the rights and obligations under Sections 6.1, 8, 9, 10.2 hereof.

10.4.    Destruction of Applications and Data. Phoenix Security shall destroy, using industry standard methods, all copies of each Application, component, cloud data, and Tokens, the results of the Assessments of each of the above, Customer Confidential Information, and all associated documentation and related materials provided by Customer either (i) upon request by Customer; or (ii) within ninthy (90) days following any termination or expiration of a particular Order Form or this Agreement if such destruction has not already occurred. Upon request, Phoenix Security shall confirm such destruction in writing. Upon the expiration or termination of any Order Form granting Customer access to Software, Customer shall promptly destroy such Software and upon request, Customer shall confirm such destruction in writing.


11.       Insurance.

Phoenix Security shall maintain, at its expense, at all times during any Subscription Term set forth on an Order Form, insurance of such type and level as is reasonable and prudent in the industry. Such insurance shall be carried with responsible insurance companies of recognized standing which are authorized to do business in the state in which the Solution is rendered


12.       General.

12.1.    Assignment and Subcontractors. Neither Party may assign this Agreement, or any of its rights or obligations hereunder (in whole or in part) without the prior written consent of the other Party. Notwithstanding the foregoing, either Party may assign this Agreement, without the other Party’s consent, in whole (but not in part) to a successor in interest to the business of such Party in connection with a merger, sale of substantially all of its assets, change of control or by operation of law, or to an Affiliate, provided that (i) the assignee agrees to assume the obligations under this Agreement in writing and has adequate resources to meet its obligations hereunder; and (ii) the assignment shall not change the scope of work to be performed under any Order Form then in effect. The terms of this Agreement shall be binding upon the permitted successors and assigns of each Party. Phoenix Security may use subcontractors and shall be responsible for the acts and omissions of its subcontractors.

12.2.    Governing Law and Venue. This Agreement is governed by the laws of England and Wales, without regard to conflict of laws principles. The Parties agree to submit to the exclusive jurisdiction of, and venue in, the courts of London, England in any dispute arising out of or relating to this Agreement. The United Nations Convention on Contracts for the International Sale of Goods does not apply to the transactions contemplated by this Agreement.

12.3.    Notices. Notices may be sent via e-mail, which in the case of Phoenix Security shall be to leagal@phoenix.security and in the case of Customer shall be to the customer’s name and address as set forth on the Order Form. Notices may also be sent in writing to each Party at the address first set forth above. Notices sent in writing shall be deemed to be delivered (i) one day after delivery with a reputable overnight carrier or (ii) three days after deposit with Royal Mail sent first class mail, return receipt requested. Any notices to Phoenix Security made by Customer shall also include a copy to: Phoenix Security Office 124 City Road, EC1V 2NX, London, UK.

12.4.    Force Majeure. Neither Party shall be liable to the other Party for any failure or delay caused by a Force Majeure Event, provided the Party shall use reasonable efforts to remove such causes of nonperformance. Notwithstanding the foregoing, (i) neither Party is excused from its obligation to take reasonable steps to follow its disaster recovery procedures and (ii) Customer is not excused from its payment obligation.

12.5.    Relationship of the Parties. The relationship of the Parties is that of independent contractors and Phoenix Security shall not be construed to be an employee, partner, or agent of Customer.

12.6.    Entire Agreement. The terms of this Agreement (including any applicable exhibits, referenced documents, or Order Forms entered into pursuant to this Agreement) provide the complete understanding of the Parties with regard to the subject matter hereof and supersede all previous communications, agreements, proposals or representations related to the subject matter hereof.

12.7.    Amendment. Except as otherwise expressly provided for herein, any waiver, amendment, or modification of any right or remedy, in whole or in part under this Agreement, or any additional or different terms in acknowledgments or other documents, will not be effective unless expressly agreed to in writing and signed by the authorized representatives the Parties.

12.8.    Order of Precedence. Unless the Order Form expressly amends this Agreement and except as otherwise expressly provided herein, the terms and conditions of this Agreement shall take precedence over any conflicting terms in the Order Form. It is expressly agreed that no additional terms and conditions contained in Customer’s purchase order, internet procurement portal or other non-Phoenix Security document shall apply to the Solutions ordered.

12.9.    Miscellaneous. This Agreement may be executed in counterparts, including information which is incorporated by written reference, which, taken together, will constitute one and the same instrument. The exchange of a fully executed Agreement (in counterparts or otherwise) by electronic means or in writing shall be sufficient to bind the Parties to the terms and conditions of this Agreement and to any Order Form. 


Derek Fisher

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Jeevan Singh

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

James Berthoty

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

Christophe Parisel

Senior Cloud Security Architect

Senior Cloud Security Architect

Chris Romeo

Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

Jim Manico

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.