Last updated: 23 November 2023
These Terms (as defined below) apply between you as a natural person or a representative of a legal person and Detectify AB, a Swedish corporation with registration number 556985-9084 (“Detectify”), as set forth in Your subscription or separate Order Form. These Terms apply to Your access and use of the Services (as defined below) made available by Detectify at its websites and/or by other means. If you are accepting these Terms on behalf of another person, a company or other legal entity, you represent and warrant that you have full authority to bind that person, company or legal entity to these Terms. “Customer” and “You” refer to you as a natural person or the legal person that you represent.
“Acceptable Use Policy”
means the acceptable use policy referenced to in these Terms.
means any entity that directly or indirectly controls, is controlled by, or is under common control with such party, where control means the possession, directly or indirectly, of the power to direct or cause the direction of the management or the policies of an entity.
means these Terms and your subscription or any applicable Order Forms executed hereunder, and any schedules or additional terms referenced to in these Terms.
means the software as a service (SaaS) based external Attack Surface management service made available by Detectify that enables You to continuously scan your Attack Surface, including custom-built applications, for vulnerabilities.
means the availability of the Service as defined in the Service Level Agreement, if applicable.
means apex domains and their subdomains, including other domains and IP-addresses such domains point to, and all associated information, such as but not limited to DNS records, open ports and applications and services run on them. For the avoidance of doubt, other domains that your domain(s) point to may be owned by a third party and will be included in the attack surface monitored and scanned under Surface Monitoring and Application Scanning, respectively.
means all business or technical information whether it is received, accessed or viewed in writing, visually, electronically or orally, including without limitation the Results and Customer Data, technical information, including without limitation details of Detectify’s Service, marketing and business plans, databases, specifications, formulations, tooling, prototypes, sketches, models, drawings, specifications, engineering information, samples, computer software (source and object codes), including without limitation Detectify’s software, forecasts, identity of or details about actual or potential customers or projects, techniques, inventions, discoveries, know-how, personal data (within the meaning of applicable data protection laws) and trade secrets, provided that such information is identified as confidential or a reasonable person would know it is confidential from the circumstances of disclosure.
Confidential Information does not include information that: (a) was known to the Receiving Party prior to the time of disclosure by the Disclosing Party; (b) was in the public domain prior to the time of execution of this Agreement, or which comes into the public domain during the term of this Agreement through no fault or breach of the Agreement of the Receiving Party; (c) has been independently developed by the Receiving Party without reference to or use of the Confidential Information; or (d) the Receiving Party is obliged to disclose by law, or by a governmental or administrative agency or body or decision by a court of law, but only then after the Receiving Party has notified the Disclosing Party of the required disclosure, if not such notification is prohibited by applicable law, court or government order. The Receiving Party will limit the disclosure of Confidential Information to the greatest extent possible under the circumstances.
means data uploaded by You or by a third party on Your behalf to the Service platform, including the Results.
“Data Processing Agreement”
means the data processing agreement referenced to in these Terms.
means as defined in Section 13.1.
means the effective date of the Agreement, which is the start date of Your subscription to the Service as indicated in Your subscription account. However, if the Service is provided to You subject to an Order Form, the Effective Date is stated therein.
“Intellectual Property Rights”
means all copyrights and related rights, design rights, registered designs, patents, trademarks and service marks (registered and unregistered), trade secrets, database rights, know-how, rights in confidential information and all other intellectual property rights throughout the world for the full term of the rights concerned, including any derivative works incorporating any of the foregoing that may be created or developed in connection with this Agreement.
means as defined in the Service Level Agreement.
means a binding call-off for Services executed under these Terms, specifying the scope, price and terms for provision of an individual Service, including, if applicable, any professional services.
“Party” or “Parties”
means either one of the parties to the Agreement, You or Detectify, either individually or jointly, as the case may be.
means the purpose of the Service as described in Section 1.
means as defined in Section 13.1.
means in relation to each Party, and any of its Affiliates, i) its officers and employees that need to know the Confidential Information, ii) its professional advisers or consultants who are engaged to advise that Party and/or any of its Affiliate, iii) its contractors and sub-contractors engaged by that Party, and/or any of its Affiliate and iv) any other person to whom the other Party agrees in writing that Confidential Information may be disclosed, and which is in connection with or necessary for the fulfilment of the Agreement.
means the outcome generated by a completed Test, which is made available to You in the Service platform. Results include, inter alia, vulnerability findings and reports. The Results can be accessed through a user interface, API’s or directly through an integrated third-party tool.
means as defined in Section 25.3.
means the software as a service (SaaS) based external Attack Surface management services, including Surface Monitoring and Application Scanning or any related professional services made available by Detectify.
“Service Level Agreement”
means the Service Level Agreement applicable to customers if stated in the applicable Order Form.
means the duration of Your subscription of the Service as defined in Your account or as stated in the applicable Order Form.
means the software as a service (SaaS) based external Attack Surface management service made available by Detectify that continuously monitors Your applications’ Internet-facing assets and detects exposed files, vulnerabilities, and misconfigurations. Domains monitored under Surface Monitoring, can be either root domains or subdomains and shall both in this context be regarded as equivalent to “domains” regardless of what is stated in the Order Form or other document.
means an information technology asset of a Customer, such as websites, applications, software and information technology environments.
means the security and vulnerability scans or such continuous monitoring of a given Customer System included in the Service. A Test may, depending on the type of service You are using, include, among other things, information gathering, crawling, fingerprinting, fuzz testing, deploying of test scripts and introducing other non-intrusive penetration tests.
means a free of cost trial subscription period or proof of concept of the Service granted to You by Detectify.
means an individual user, who has been granted access to the Service by the Customer or its Affiliates in accordance with this Agreement.
1. Purpose of Services
You acknowledge that the purpose of the Service is to, as applicable, monitor and strengthen the security of Your applications’ Internet-facing assets (Surface Monitoring) and/or strengthen the security of Your Attack Surface, including custom-built web applications, (Application Scanning) and that in furtherance of the purpose, Detectify may, when performing a Test, among other things, perform crawling, fuzz testing, authenticated testing, deploy test script, and introduce other non-intrusive penetration tests for the limited purpose of revealing security vulnerabilities in Your Systems (“Purpose”). You agree and acknowledge that the provision of the Service, including performance of the Tests, in accordance with this Agreement, may lead to detrimental impact on Your Systems and is made solely at Your risk, and that You are responsible for the initiation of all Tests and the outcome of the Tests and for any inconveniences, interruptions or other negative consequences thereof.
2. Your use of the Service
Subject to these Terms and Your subscription or separate Order Form, if applicable, and payment of all applicable fees, Detectify grants You a non-exclusive, non-transferable, non-assignable and limited right to use the respective Service(s) during the subscription term for Your own business purposes only. You are authorized to permit use of the Service to (a) Your own employees, (b) Your Affiliates and their respective employees, and (c) any third-party consultants performing services as independent contractors or subcontractors on Your behalf and/or on behalf of Customer Affiliates, solely for the purpose of providing such services to You and/or Your Affiliates.
Upon completion of a Test, the findings and insights will be generated into so-called Results. The Results are Your Customer Data. Application Scanning Reports will be retained for a period of time of Your choosing in the Service platform, the default retention time being twelve (12) months, or until You request Your account to be removed. However, Detectify has the right to store and freely use anonymised and aggregated data generated from Your use of the Service even after such a period of time.
4. Acceptable Use of the Service
You shall, and shall procure that Your Affiliates shall, (a) obtain all necessary authorizations, approvals and permissions for use of the Service in relation to the relevant System; (b) use the Service in full compliance with this Agreement; (c) be responsible for any acts or omissions by Users; (d) use the Service in accordance with all applicable laws and government regulations (including any local laws to which You are subject); (e) use the Service in compliance with the Acceptable Use Policy; (f) not make the Service available to any unauthorized third party, and promptly inform Detectify in the event of any suspected unauthorized access to or use of the Service; (g) not create or attempt to create any substitute service or service similar to the Service, by use of, reference to or access to, the Service or any of Detectify’s Intellectual Property Rights; (h) not sell, lend out, lease, transfer, assign, sublicense, distribute or permit access or use of the Services, or any part thereof, to any third party without Detectify’s prior written approval; (i) not interfere with, or disrupt the integrity or performance of the Service or any third party data contained therein; (j) not attempt to gain unauthorized access to the Service or its related systems or networks; and (k) not decompile, disassemble, or reverse-engineer the software included in the Service, subject to what follows from applicable law.
5. Suspension of Service
Detectify may suspend Your, Your Affiliates’ or an individual Users’ access to and use of the Service (in whole or in part) upon prior notice, if, in Detectify’s reasonable opinion, Your, Your Affiliate’s or any User’s use of the Service a) poses a threat to the security, availability or integrity of the Service or any other customer environment, b) is in violation of the explicit use rights, included in the Acceptable Use Policy, granted under these Terms or any Order Form or any applicable law governing the use of the Service, or c) poses a legal or third-party liability risk for Detectify. Detectify shall limit the suspension disabling only such component, use or access to the Service that is unauthorized according to this Section 5. Detectify shall promptly reinstate the Service for the relevant Customer, Customer Affiliate or User, when the underlying cause is remedied.
6.1 Detectify represents and warrants to You that (a) it has the right to grant the licenses and other rights relating to the Service provided under this Agreement; (b) the Services will conform in all material respects to the features, functionality and other specifications or requirements for the Services set forth in the support manual published by Detectify at support.detectify.com, as updated from time to time; and (c) any professional services provided by Detectify will be performed in a diligent, timely, professional and workmanlike manner in accordance with prevailing industry standards and practices.
6.2 SUBJECT TO THE REPRESENTATIONS AND WARRANTIES PROVIDED IN SECTION 6.1, DETECTIFY EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES AND REPRESENTATIONS TO THE FULLEST EXTENT POSSIBLE UNDER APPLICABLE LAWS, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE OR FITNESS FOR A PARTICULAR PURPOSE. DETECTIFY SPECIFICALLY MAKES NO WARRANTY THAT THE SERVICE SHALL BE FREE FROM DEFECTS OR INTERRUPTIONS OF USE OR THAT THE SERVICE WILL BE 100% SUCCESSFUL IN IDENTIFYING ALL POSSIBLE SECURITY VULNERABILITIES. WITHOUT LIMITING THE ABOVE, DETECTIFY DOES NOT WARRANT THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OR RESULT OF THE SERVICES WILL BE FREE FROM INTERRUPTIONS OR ERRORS. YOU ACKNOWLEDGE THAT BY USING THE SERVICE YOU SIMULATE A REAL SYSTEM INTRUSION AND YOU ARE AWARE OF AND TAKE FULL RESPONSIBILITY FOR ANY CONSEQUENCES THEREOF, INCLUDING ANY CONSEQUENCES ATTRIBUTABLE TO THE USE OF THE INFORMATION CONTAINED IN REPORTS GENERATED AS PART OF THE SERVICE.
7. Modifications to the Service
The content, functionality and features of the Service may change over time as Detectify continuously enhances and updates the Service. Subject to Your termination rights as set forth in Section 15.2, Detectify will notify You in writing no later than fourteen (14) days before making any material changes to the Service. Without limiting the generality of the foregoing, Detectify reserves the right to delete or disable content or functionality of the Service in the event of any claims based on alleged infringements of any third-party Intellectual Property Rights.
8.1 Detectify is ISO27001 certified, and the Service is subject to security measures in line with best industry practice and Detectify will take reasonable steps and precautions against security breaches. Detectify will maintain appropriate technical and organizational measures to protect any data and information, including personal data and Confidential Information, that it collects, accesses, processes or receives from You within the scope of the Service against unauthorized or unlawful transfer, processing, alteration or access and against accidental loss, damage, processing, use, transfer or destruction.
8.2 Detectify shall notify You immediately, but no later than 72 hours, or such shorter time period as may be required under applicable law, after becoming aware of any security breach or potential security breach which affects Your Service or Your business or Systems. Each of Detectify and You shall use commercially reasonable efforts to cooperate with one another to address or remediate any such security breach or potential security breach.
9. Personal data processing
9.2 If and to the extent that Detectify processes any personal data within the meaning of applicable data privacy laws (including the EU General Data Protection Regulation, as supplemented, varied or amended) on behalf of You when providing the Services, the Data Processing Agreement applies to such processing of personal data.
10. Service Level Agreement
The Service Level Agreement is applicable to customers if so stated in the separate Order Form applicable between You and Detectify.
11. Prices and Payment terms
11.1 In consideration of the provision of the Service and the licenses granted hereunder, You shall pay the fees for the Service, as specified on Detectify’s website or in a mutually agreed Order Form. The fees for the Service shall, on an annual basis, increase by the greater of (a) 5% and (b) any increase in Labour Cost Index (LCI tjm) SNI2007 kod j (IT and telecom sector), but no more than 10% compared to the previous year for the same amount of licenses. For the avoidance of doubt, Detectify reserves the right to change its fees at any time in its sole discretion provided that such changes will only take effect once per year.
11.2 Unless otherwise specified by Detectify, all prices and charges are exclusive of tax, levies, or similar governmental charges that may be assessed by any jurisdiction, including without limitation, any export, or local VAT, lease tax, sales, use of goods and service tax and excise duty.
11.3 If you are paying by credit card: Subscription fees are payable and drawn in advance from your account for the Subscription Term, as specified in Your subscription or applicable Order Form. License upscale fees will be drawn for the reminder of the Subscription Term once ordered by You. The third-party payment service provider will store your credit card details to fulfil the payment obligations. When you add your credit card details we will charge your card an amount as a pre-authorization to verify that the details you have entered are valid. The transaction is immediately cancelled when we have verified your details.
11.4 If you are paying by invoice: If You are paying by invoice the payment will be made for the specified Subscription Term in advance as stated in Your subscription or applicable Order Form. All undisputed invoices shall be paid within thirty (30) days of the date of Detectify’s invoice. You shall provide Detectify with your updated billing information prior to the start of your Subscription Term. Detectify reserves the right to charge interest for late and non-disputed payments according to applicable legislation.
11.5 Detectify reserves the right to charge You separately for Overuse of the number of licenses granted in Your Subscription or Order Forms in accordance with the Applicable Use Policy.
12. Intellectual Property Rights
12.1 All Intellectual Property Rights subsisting in, and relating to or arising out of the Service, including all software, technology and content, are owned by and vest in Detectify and/or its licensors, including all developments and enhancements made to the Service. You acknowledge and agree that no rights, title, or interest in or to the Service or any related Intellectual Property Rights of Detectify are assigned or transferred to You under this Agreement except for the limited use rights granted in Section 2.
12.2 The Results generated under the Agreement are Your Customer Data and shall be owned by You, however excluding any Intellectual Property Rights of Detectify included therein (including but not limited to software, copyrighted works, know-how and trade secrets, such as attack vectors and payloads). You may only use such Intellectual Property Rights of Detectify for the purpose of handling any identified security gaps in Your Systems.
12.3 You grant to Detectify a non-exclusive, sub-licensable, royalty-free, worldwide, perpetual and irrevocable license to freely use any data generated as a result of Your use of the Service, in anonymized and aggregated form only, for commercial purposes including sharing with any third parties, provided that Your confidentiality is maintained, and such material is disclosed in a form which is not capable of being reverse engineered.
12.4 If You submit feedback about the Service to Detectify, including comments and ideas on how to improve the Service, all such feedback will constitute Confidential Information of Detectify and will be the sole and exclusive property of Detectify. You hereby irrevocably assign and transfer to Detectify all Your rights, title and interest in and to all feedback including all Intellectual Property Rights therein.
13.1 A Party receiving Confidential Information (the “Receiving Party”) from the other Party (the “Disclosing Party”) shall keep Confidential Information strictly confidential and not disclose such Confidential Information to any third party without the Disclosing Party’s prior written consent. The Receiving Party shall ensure that the Confidential Information is treated and stored carefully and appropriately so that the Confidential Information is not inadvertently made available to any third party or otherwise disclosed in breach of the Agreement.
13.2 The Receiving Party may only use the Confidential Information for the purpose of complying with the Agreement and undertakes not to use the Confidential Information for any other purpose whatsoever.
13.3 The Receiving Party may disclose the Confidential Information only to its Representatives that have a direct need to know it. The Receiving Party shall procure that such Representatives are bound by no less extensive obligations than those set out in these Terms. The Receiving Party shall be liable to the Disclosing Party pursuant to the provisions set forth in these Terms for any breach by its Representatives.
13.4 The Receiving Party may not copy, make transcriptions or recordings or in any other way reproduce or duplicate any document or other medium containing Confidential Information, without the Disclosing Party’s prior written consent.
14.1 The term of the Agreement shall commence upon the date You signed up for the Service online or upon the Effective Date of the Order Form, and unless earlier terminated as provided herein, shall continue for the Subscription Term as set out in Your subscription or applicable Order Form. The Subscription Term will automatically renew for successive terms equal in duration to the initial Subscription Term unless You notify Detectify in writing 30 days before the expiration of the then-current Subscription Term that You do not wish to renew the Services for an additional Subscription Term.
14.2 If You are on a Trial plan: The term of your Trial subscription and the Agreement shall commence when You sign up for the Trial or as set out in an Order Form or similar, and apply as set out in Your subscription or as separately agreed to between You and Detectify. A Trial subscription will not renew upon expiration of the Trial period.
15. Termination for cause
15.1 Either Party may terminate the Agreement without further notice if the other Party materially breaches the terms of the Agreement and does not remedy such breach within thirty (30) calendar days of the date on which breaching Party receives written notice of such breach from the other Party. Additionally, either Party may terminate the Agreement without liability to the other Party if the other enters into compulsory or voluntary liquidation, ceases for any reason to carry on business, or takes or suffers any similar action that the other Party reasonably believes will materially impair its performance under the Agreement (including payment of fees).
15.2 You may terminate the Agreement with immediate effect upon written notice to Detectify, if Detectify changes the Service according to Section 7 in a way which constitutes a material adverse change of the Service (in Your reasonable opinion). Your notice of termination shall be given within two (2) weeks of Detectify’s notice of the material adverse change.
15.3 Detectify may terminate the Agreement with immediate effect upon written notice to You, if a suspension event according to Section 5 has lasted for more than 30 days without being remedied by You.
15.4 Where a Party has the right to terminate the Agreement for cause, it may also terminate all outstanding Order Forms on the same termination ground, or alternatively (at its discretion) only terminate the Order Form to which the termination ground relates.
16. Effects of termination
16.1 Where You have terminated the Agreement for material breach by Detectify pursuant to Sections 15.1 or 15.2 (or under the Service Level Agreement, if applicable) You shall receive a pro rata refund of any prepaid and unused fees from Detectify.
16.2 Where Detectify has terminated the Agreement subject to Sections 15.1 or 15.3 above, any sum owed or due to Detectify shall be immediately payable and You shall not be entitled to any remuneration or compensation from Detectify.
16.3 Further, upon the termination of this Agreement for any reason: (a) Your rights hereunder shall terminate; and (b) each Party shall upon request return (or at the other Party’s option, destroy) any and all Confidential Information in that Party’s possession or control to the other Party within fourteen (14) days, with the exception of confidential information stored in back-ups or archives and which cannot without significant efforts be retrieved or that a Party is required to retain due to a legal or regulatory obligation.
17.1 Detectify shall defend, indemnify and hold harmless You and Your representatives and employees from and against all costs, damages, losses and expenses, including reasonable attorneys’ fees and other legal expenses, arising from any third-party claim that use of the Service as expressly permitted herein violates any third-party Intellectual Property Rights.
17.2 You shall defend, indemnify and hold harmless Detectify and its representatives and employees from and against all costs, damages, losses and expenses, including reasonable attorneys’ fees and other legal expenses, arising from any third-party claims that: (a) Your use of the Service, in violation of the terms of this Agreement, infringes any third-party rights, including without limitation, infringement or violation of any third-party Intellectual Property Rights or privacy rights; (b) You do not hold all necessary authorizations, approvals and permissions necessary for lawful use of the Service, including to conduct Tests; or (c) Your use of the Service is in any other way in breach of the acceptable use of the Service as set out in Section 4.
18.1 In no event shall Detectify be liable to You or Your Affiliates for any direct or indirect damages resulting from Your or Your Affiliates’ use of the Service, provided that Detectify has provided the Service in accordance with the Agreement. Furthermore, in no event shall Detectify be liable for the accuracy or availability of any integrated services or products provided by third parties.
18.2 Nothing in these Terms or the Agreement shall operate to exclude or restrict either Party’s liability for (a) any damage caused by wilful misconduct, gross negligence, or fraud; or (b) the specific indemnity undertakings made by a Party under Section 17 of this Agreement.
18.3 Detectify’s total liability hereunder shall, subject to Section 18.2, for all damage arising under the Agreement, be limited to 100% of the total fees paid or payable by You under the Agreement in the contract year in which the breaches occurred.
Neither Party may assign or otherwise transfer this Agreement without the other Party’s prior written consent, which will not be unreasonably withheld; provided, however, that either Party may transfer this Agreement to an Affiliate or to a third party in connection with a merger, sale of all (or substantially all) of its shares or other ownership or a corporate reorganization upon prior written notice.
20. Force majeure
Neither Party shall be liable for failure to fulfil any obligations under the Agreement, when this is due to any event beyond the reasonable control of a Party and which were not foreseen at the time of execution of the Agreement, and which could not have been prevented or its effects avoided by use of reasonable actions, such as, explosion, fire, storm, earthquake, flood, drought, riots, strikes, civil disobedience, sabotage, terrorist acts, civil war or revolutions, war or government action (“Force Majeure”). Each Party will use commercially reasonable efforts to undertake all necessary and reasonable actions within its control in order to limit the extent of the damages and consequences of Force Majeure. The Party affected by such Force Majeure shall immediately inform the other Party in writing of the beginning and the end of such occurrence. If an event of Force Majeure continues for a period of thirty (30) days or more, either Party may, upon written notice to the other Party, terminate this Agreement and/or the relevant Order Form without any further liability on the part of either Party, except to pay for Services already supplied.
21. Modification of the Terms
Detectify may revise these Terms, of which the current version will be available on Detectify’s website. The revised Terms become effective once made available on the website. Detectify will notify its customers of any major changes to the Terms, such as when Your rights and/or obligations will significantly change, in which case You will have the opportunity to object by contacting your Detectify customer contact or email@example.com. If you continue to use the Services after a revision of Terms has become effective, you agree to be bound by the revised Terms.
Any notice or other communication under the Agreement shall be in writing and shall be sent by letter or e-mail to the said contact person and shall be deemed to have been effectively given: (a) at the time it is sent, if sent by e-mail (unless the sender receives an automated message that the e-mail has not been delivered); or (b) two (2) business days after the day it is sent, if sent by recommended mail.
Notices to You shall be sent to the contact person and e-mail address stated in the Order Form, if You have one, or in Your subscription account. Notices to Detectify shall be sent to:
Mäster Samuelsgatan 56, 111 21 Stockholm, Sweden
23.1 The Agreement between You and Detectify constitutes the entire agreement between the Parties with respect to its subject matter and supersedes any previous agreement, proposal, correspondence or communication whether written or oral relating to that subject matter as well as any previous or simultaneous customer purchase order to the extent it includes terms conflicting with these Terms.
23.2 If there is a subject matter conflict between the Order Form and these Terms and any of the schedules or additional terms referenced to herein, these Terms will prevail unless the conflicting provision of the Order Form specifically references the provision of these Terms to be superseded.
23.3 Nothing in the Agreement is intended to, or shall be deemed to, establish any employment relationship, partnership or joint venture between the Parties, constitute any right to act as an agent of the other party, or authorise any party to make or enter into any commitments for or on behalf of any other party.
23.4 A waiver of any right or remedy under the Agreement is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy. No failure or delay by a party to exercise any right or remedy provided under the Agreement shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
23.5 All provisions of the Agreement and these Terms that can be reasonably interpreted as surviving upon the full performance, expiry, termination or voidance of the Agreement shall survive said performance, expiry, termination or voidance.
23.6 If any provision of the Agreement is or becomes invalid, illegal or unenforceable in whole or in part it shall not affect the validity and enforceability of the rest of the Agreement.
24.1 Detectify undertakes to maintain, during the term of the Agreement, coverage for:
a) comprehensive commercial general liability, including premises and operations, independent contractors, personal injury, and products, with a limit equivalent to USD 1,000,000 per occurrence;
b) professional services and technology errors or omissions liability insurance with an annual limit equivalent to USD 3,000,000; and
c) cyber and Privacy insurance with respective annual limits equivalent to USD 3,000,000.
24.2 Detectify shall upon Your request deliver to You certificates of insurance as evidence of the insurance and stipulated limits.
25. Governing law and dispute resolution
25.1 This Agreement shall be governed by and construed in accordance with the substantive laws of Sweden, without regard to its provisions concerning choice of laws. The UN Convention on the International Sale of Goods (CISG) shall not apply to this Agreement.
25.2 Any dispute, controversy or claim arising out of or in connection with the Agreement, or the breach, termination, or invalidity thereof, shall preferably be resolved through negotiations between the Parties.
25.3 Where the Parties have failed to resolve the dispute within thirty (30) days of it having been referred to negotiations, the dispute shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC”). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Stockholm, Sweden. The language to be used in the arbitral proceedings shall be the English language, unless the Parties agree otherwise. The Parties hereby explicitly agree that the confidentiality undertaking in Section 13 shall be upheld by both Parties and the arbitrators in relation to any arbitration proceeding and any arbitration award or decision.
25.4 Notwithstanding what is set forth above, Detectify shall be entitled to commence proceedings before a court of general jurisdiction or any enforcement authority to demand payment of non-paid fees which have not been disputed by the Customer within 45 days of the payment due date.