1.1. Definitions. Terms which are capitalized in these Zerocopter Terms and Conditions of Sale have the following meaning:
(a) “Agreement” means the agreement made between Zerocopter and Customer for the purchase and use of Zerocopter Services and/or the purchase of Partner Services.
(b) “Customer” means you, the customer purchasing Services on the Zerocopter Marketplace.
(c) “Deliverables” means all reports, analyses, or other materials or deliverables provided by Zerocopter to Customer.
(d) “Force Majeure Event” means any event or circumstance outside a Party’s reasonable control, including but not limited to fire, flooding, natural disasters and acts beyond human control; strike, lock out, or other industrial action, including those by a third party service provider; power outage or reduction; war, riot, insurrection, terrorism, vandalism, sabotage, or epidemic; third party telecommunications networks, software or hardware; and law, rule, or regulation of any government or governmental agency and executive or administrative order or act of general or particular application.
(e) “Intellectual Property Rights” means all patent rights (including reissues, divisions, continuations and extensions thereof), copyrights, moral rights, trademarks (including service mark, trade name, logo or any other indicator of source or origin owned by or licensed to Zerocopter), design rights, rights to utility models, trade secret rights, database rights, mask work rights, and neighboring rights.
(f) “Partner” means third parties providing Partner Services for purchase through the Zerocopter Marketplace.
(g) “Partner Agreement” means the agreement between Customer and Partner for the purchase of Partner Services.
(h) “Partner Services” means any services purchased on the Zerocopter Marketplace and provided by third party partners of Zerocopter.
(i) “Party” means Customer or Zerocopter, as applicable.
(j) “Researchers” means third party ethical hacker suppliers to Zerocopter for the performance of Zerocopter Services.
(k) “Zerocopter” means Zerocopter B.V., a limited liability company having its principal place of business at Werfkade 2, 1033 RA Amsterdam, the Netherlands.
(l) “Zerocopter Platform” means the platform on which Customer logs in to use Zerocopter Services and communicate with Zerocopter.
(m) “Zerocopter Marketplace” means the Zerocopter marketplace on which Customer is purchasing Services, located at www.zerocopter.com or any successor website.
(n) “Zerocopter Services” means, as described in Annex A (Zerocopter Services Description): (i) Bounty Service (ii) Coordinated Vulnerability Disclosure, (iii) Dedicated Hackertime, (iv) Recon Service and (v) Membership.
2.1. Applicability. These Zerocopter Terms and Conditions of Sale apply to and form part of the Agreement between Zerocopter and Customer for the purchase and use of Zerocopter Services and/or the purchase of Partner Services. Unless explicitly agreed otherwise in writing, these Zerocopter Terms and Conditions of Sale shall take precedence over any other communication (oral or in writing) between the Parties relating to the sale those services. It is explicitly agreed that the general terms and conditions (of sale) of Partner shall not apply to this Agreement between Zerocopter and Customer and are expressly rejected for this purpose.
2.2. Structure. Customer’s purchases and use of Zerocopter Services, and provision of those Zerocopter Services by Zerocopter, are governed by this Agreement. Customer’s purchases and use of Partner Services, and provision of those Partner Services by Partner, are governed by a separate Partner Agreement to which additional terms and conditions of Partner may apply.
3.1. Partner Services Provision. Partner (and any party it elects through the Partner Agreement) is solely responsible for the performance of the Partner Services. Zerocopter is not a party to the Partner Agreement, and Zerocopter’s responsibility in relation to Partner Services under the Agreement is limited to (i) facilitating the closing of the Partner Agreement through the Zerocopter Marketplace, and (ii) receiving payment from Customer for the performance of the Partner Services, and providing payment to Partner. For the avoidance of doubt, Customer hereby expressly waives any rights towards Zerocopter in relation to the provision and use of Partner Services.
4.1. Zerocopter Services Provision. Zerocopter shall perform the Zerocopter Services purchased by Customer as described in Annex A (Zerocopter Services Description). Customer acknowledges that any timelines provided by Zerocopter are indicative only and are unless explicitly stated otherwise performed on the basis of commercially reasonable efforts.
4.2. Zerocopter Deliverables. Customer acknowledges and agrees that the Deliverables are solely for Customer’s information and internal use in connection with Customer’s internal business purposes and may not be disclosed to any third party without the prior written consent of Zerocopter, except as may be required by law. Notwithstanding anything to the contrary herein or Zerocopter’s consent to disclosure, Customer agrees that Zerocopter will not be responsible for any losses incurred by Customer or any third party as a result of or in connection with such disclosure, or any third party’s use of or reliance on the Deliverables or any other aspect of Zerocopter’s work.
4.3. Zerocopter Obligations. Zerocopter warrants (“garandeert”) that (i) only Researchers assessed in accordance with article 2 of Annex A and subject to non-disclosure obligations at least as strict as those set out in article 5 shall be involved to perform Zerocopter Services under this Agreement; and, (ii) the agreement with the Researchers as referred to in article 2 is legally effective. Furthermore, Zerocopter agrees that it will make commercially reasonable efforts to provide the Zerocopter Services under this Agreement. Yet due to amongst other things the nature of the Zerocopter Services and Zerocopter’s reliance on third party suppliers (such as the Researchers), unless expressly stated otherwise in this Agreement, Zerocopter Services are provided on an as-is and as-available basis. In particular, Zerocopter makes no warranty for (i) the completeness, accuracy, availability, timeliness, security or reliability of the Zerocopter Services; (ii) any harm to any computer system, loss of data, or other harm that results from the Customer’s use of the Zerocopter Services; (iii) the deletion of, or the failure to store or to transmit, any communications maintained by the Zerocopter Services; (iv) whether the Zerocopter Services will meet the Customer’s requirements or be available on an uninterrupted, secure, or error-free basis. No advice or information, whether oral or written, obtained from Zerocopter or through the Zerocopter Services, will create any warranty not expressly made herein.
4.4. Customer Obligations. Zerocopter’s ability to deliver the Zerocopter Services described herein is dependent upon Customer’s full and timely cooperation with Zerocopter, as well as the accuracy and completeness of any information and data Customer provides to Zerocopter. Customer commits to behaving respectfully and responsibly on a personal level towards Zerocopter and the Researchers. Lack of availability and/or delays in access to resources may impact Zerocopter’s ability to complete the work as intended and may require adjustment to the planned delivery and/or pricing of the Zerocopter Services. Customer warrants (“garandeert”) that (i) it will comply with all of its obligations described in this Agreement and on the Zerocopter Platform in a timely manner, including providing all information reasonably required to execute the Zerocopter Services and access to Customer personnel, and having personnel fully familiar with Customer’s business and requirements perform timely reviews of Zerocopter’s work, (ii) Customer has full right, power and authority to enter into and perform its obligations under this Agreement, including sufficient rights from Customer subcontractors, including IT and hosting providers and in relation to IP addresses, (iii) Customer is procuring Zerocopter Services solely in relation to IT environments which Customer is authorized to control and administrate, and that (iv) more generally, by entering into this Agreement and performing under it, Customer is not in breach of any obligation to any third party or under applicable laws and regulations. Except to the extent an action is determined to have resulted from Zerocopter’s attributable non-performance under this Agreement, Customer agrees to indemnify, defend, and hold harmless Zerocopter its and officers, directors, stockholders, personnel, and agents from any and all liability, loss, claim, damage, cost, or expense (including reasonable attorneys’ fees) arising out of any third party claims relating to Customer’s purchase and use of the Zerocopter Services, including but not limited to alleged breaches of third party Intellectual Property Rights, interruption or unavailability of products and services, and infringement of personal data protection obligations.
5.1. Payment. The Customer shall owe Zerocopter the fees for the Zerocopter Services and/or Partner Services indicated on the Zerocopter Marketplace or as communicated through the Zerocopter Platform or by the Partner. For Zerocopter Services, the fee model is described in Annex A (Zerocopter Services Description). Unless otherwise agreed in writing or indicated on the Zerocopter Marketplace, the price does not include value added tax (VAT), taxes or import or export formalities, which costs shall be the responsibility of Customer. If the ordered Zerocopter Services and/or Partner Services are subject to any taxes, Zerocopter may charge the relevant taxes to Customer. Sums paid for Services are non-refundable.
5.2. Invoicing. Purchases made through the Zerocopter Marketplace are completed upon payment through the Zerocopter Marketplace. For any other or follow-up purchases, any invoice shall be due and payable within thirty (30) calendar days of the date of such invoice. Zerocopter shall provide the Customer with a VAT invoice. All amounts due under the Agreement to be paid by Customer to Zerocopter shall be paid in full and without any deduction and Customer shall not be entitled to any right of setoff. Any amounts which Customer owes Zerocopter under the Agreement shall become immediately due and payable in full if (i) Zerocopter is entitled to terminate the Agreement pursuant to article 10.1, or (ii) Zerocopter has objective and reasonable grounds to expect that Customer is heading towards bankruptcy.
5.3. Price changes. Zerocopter may change the monthly subscriptions prices.
6.1. Ownership. All right, title, and interest in and to the Intellectual Property Rights relating to (i) the Zerocopter Services, (ii) the Zerocopter website (including the Zerocopter Marketplace and the Zerocopter Platform) (iii) the Deliverables, and (iv) any related concepts, approaches, methodologies, models, algorithms, tools, generic industry information, knowledge and experience possessed by it prior to, or acquired, enhanced or improved by Zerocopter during, the performance of the Zerocopter Services are and will remain the exclusive property of Zerocopter or its licensors.
6.2. Zerocopter License. Subject to payment of the owed fees, Zerocopter hereby grants Customer a non-exclusive, non-transferable license, for which the price is included in the Zerocopter Services fees, to use the Deliverables solely for its internal business purposes during the term of the Agreement.
7.1. Confidential Information. Neither Party shall at any time during the term of this Agreement and for a period of five (5) years after termination or expiration of this Agreement disclose any information marked as confidential or that a reasonable person should understand to be confidential (together, “Confidential Information”) of the other Party to any third party, except to authorized representatives who have a need to know such Confidential Information and who are bound by confidentiality obligations no less stringent than those contained in this Agreement. The receiving Party shall instruct its employees, personnel, and any authorized representatives of its obligations under this Agreement.
7.2. Confidentiality. The receiving Party shall: (i) make best efforts to keep the Confidential Information in the strictest confidence; (ii) use the Confidential Information only for the purpose of performing its obligations or exercising its rights under this Agreement; and (iii) store the Confidential Information with the same degree of care as the receiving Party uses to protect its own information of a similar nature, but no less than a reasonable degree of care.
7.3. Disclosure Notification. The receiving Party shall notify the disclosing Party without undue delay of any misuse or misappropriation of its Confidential Information that may come to the receiving Party’s attention.
7.4. Exclusions. This Agreement imposes no obligation upon a receiving Party with respect to Confidential Information which: (i) the receiving Party can demonstrate was already in the receiving Party’s possession or knowledge and which the receiving Party lawfully acquired other than from the disclosing Party; (ii) is or becomes publicly available through no fault of the receiving Party; (iii) is independently developed by the receiving Party without a breach of this Agreement, which can be demonstrated by documentary evidence; (iv) is disclosed by the receiving Party with the disclosing Party’s prior written consent; or (v) is required by law to disclose.
8.1. Data Protection. The Customer understands that through its use of the Zerocopter Marketplace and by purchasing and receiving the Zerocopter Services, it consents to the collection and use of certain personal data as set forth in the Privacy Policy available at https://www.zerocopter.com/cookie-policy or any successor site. Please review the Privacy Policy, which forms an integral part of the Agreement. Zerocopter will only use personal information in accordance with its Privacy Policy.
9.1 Support. Zerocopter offers support for use of the Zerocopter Services during business hours (Monday to Friday) and business hours (from 9:00 to 18:00 CET), through the following contact details which may be updated in due course on its website: e-mail ([email protected]) and phone (+31 2 02 61 67 43). Support is provided on an as-is and as-available basis, and Zerocopter reserves the right to refrain from providing support in case of excessive support requests, i.e. when Customer structurally requests support significantly more than average.
10.1. Limitation of Liability. Except with respect to (i) indemnification claims, and (ii) claims arising from intent (“opzet”) or gross negligence (“grove schuld”) of either Party’s management, and (iii) liability for death or personal injury, under no circumstances will either party’s liability per event to the other for any and all claims arising from the purchase and provision of the Zerocopter Services, whether in contract, tort (including negligence) or otherwise, exceed an amount of (a) the purchase price paid to Zerocopter for the relevant Zerocopter Services or Partner Services in the twelve (12) months preceding the event giving rise to the claim, or (b) its coverage under its liability insurance, whichever is less. In no event will either Party be liable to the other Party for any indirect, special, exemplary, incidental, punitive or consequential damages, or for any direct or indirect loss of data, revenue, profits, savings or goodwill, whether arising out of contract, tort (including negligence), strict liability or otherwise, resulting from the Agreement, even if such Party knew or should have known of the possibility of any damages.
11.1. Term and Termination. Unless otherwise agreed, any engagement for Zerocopter Services shall be entered into for an indefinite period of time and can be terminated by either party in writing (“opzeggen”) at the end of each month. Upon termination by Customer, under this article 10.1 or otherwise, sums paid for Zerocopter Services are non-refundable, regardless of whether such Zerocopter Services have been performed. Zerocopter is furthermore permitted to immediately terminate the Agreement in writing in case of the Customer’s (i) bankruptcy or a request thereto, (ii) suspension of payments (“surseance van betaling”) or a request thereto, (iii) liquidation or dissolution, or (iv) breach of any obligations vis-à-vis Zerocopter.
11.2. Survival. All terms and conditions of the Agreement which are destined, whether express or implied, to survive the termination or the expiration of the Agreement, including but not limited to articles (Definitions), (Applicability and Structure), (Customer Obligations), (Payment), (Intellectual Property Ownership), (Confidentiality), (Privacy), (Limitation of Liability), (Survival) and (General) shall survive.
12.1. Applicable Law and Jurisdiction. This Agreement and any non-contractual obligations arising out of or in connection with it are governed by Dutch law. Any dispute that cannot be settled by mutual agreement between the Parties will be brought exclusively to the competent courts of Amsterdam, The Netherlands. This includes any dispute relating to (i) the existence, validity or termination of this Agreement or (ii) any non-contractual obligation arising out of or in connection with this Agreement.
12.2. No waiver. Failure or neglect by either Party to enforce at any time any of the terms of this Agreement shall not be construed or deemed to be a waiver of that Party’s rights hereunder.
12.3. Force Majeure. Neither Party shall be liable for any damages to the extent such failure or delay is due to a Force Majeure Event. If the Force Majeure Event continues for a period in excess of sixty (60) days, either Party may terminate this Agreement immediately upon written notice. In the event of such termination, work which has already been performed under the contract shall be paid for on a proportional basis.
12.4. Order of Precedence. In case of any conflict or inconsistency between any documents in this Agreement that is not expressly resolved in those documents, their terms will control in the following order, from highest to lowest priority: (1) provisions in the main body of text of the Zerocopter Terms and Conditions of Sale, (2) any annex thereto, including Annex A (Zerocopter Services Description).
12.5. Relationship. Nothing in this Agreement is intended to, or shall operate to, create a legal partnership, joint venture or agency relationship between the Parties thereto, or to authorize either Party to act as agent for the other, and neither Party shall have authority to act in the name or on behalf of or otherwise to bind the other in any way (including the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
12.6. Assignment. Customer shall not assign (any of its rights under) the Agreement or delegate any of its obligations hereunder to a third party without the prior written consent of Zerocopter, and any such attempted assignment shall be void. Zerocopter may, without obtaining the prior written consent of Customer, assign any of its rights and obligations under the Agreement to third parties or Zerocopter’s affiliates or to the surviving corporation with or into which Zerocopter may merge or consolidate or an entity to which Zerocopter transfers all, or substantially all, of its business and assets, to which assignment Customer herewith agrees in advance.
12.7. Amendment of Terms. Zerocopter is at any time entitled to amend these Zerocopter Terms and Conditions of Sale, including any annex thereto. Amendments shall take effect from the moment that Zerocopter has notified the Customer accordingly. In the event that an amendment is not acceptable to Customer, the Customer has the right to terminate the Agreement in accordance with article , after which the old Zerocopter Marketplace Terms and Conditions remain applicable.
12.8. Severability. Should any provision of this Agreement be determined to be void, invalid, or otherwise unenforceable by any court of competent jurisdiction, then: (i) the Parties shall agree to a suitable and equitable provision to be substituted in order to carry out, so far as may be valid and enforceable, the intent and purpose of the impugned provision; and (ii) the remainder of this Agreement shall not be affected.
12.9. Third Party Rights. This Agreement is made for the benefit of the Parties, and is not intended to benefit or be enforceable by any third party, including Partners.
12.10. Entire Agreement. This Agreement (incorporating the main body of the Agreement, the Appendixes and Attachments) and the documents attached thereto or referred to therein, contain the entire agreement between the Parties in respect of the provision of the Products specified in this Agreement and supersede all previous agreements between the Parties relating to that subject matter.
1. General. Depending on the Zerocopter Services procured and the Zerocopter shall, based on your monthly subscription: (i) maintain a Triage Team of security experts; (ii) act as intermediary between a researcher reporting a vulnerability and the Customer; (iii) instruct the researcher to select a severity category upon reporting (e.g. OWASP 10); (iv) check validity of all vulnerabilities on the basis of ‘Proof of concept’ refers to the report submitted by the researcher; (v) within a specified number of business days, based on your monthly subscription, determine whether a filed report contained an actual vulnerability and instruct the researcher and the Customer accordingly; (vi) grant the Customer online access to the Zerocopter Platform.
2. Researchers. Bounty Service, Dedicated Hackertime and Recon Service are performed with help of Researchers. Researchers are selected by Zerocopter security experts, including by: (i) reviewing/checking personal information through an ID verification check; (ii) reviewing ethical hackers track record through an internet background check; (iii) checking presence on international (terrorism) wanted lists. Upon selection, Researchers perform their work based on an agreement between Zerocopter and the Researcher. Within the scope of the normal exercise of the services by Researchers, Zerocopter accepts full responsibility for all acts and omissions of the Researchers.
3. Fair Use Policy. Zerocopter Services are delivered provided that Customer does not make excessive use of the Zerocopter Services. Excessive use exists if Customer structurally uses the Zerocopter Service significantly more than Zerocopter customers do on average, or if Coordinated Vulnerability Disclosure causes more than five (5) times the average number of vulnerability disclosures caused by other customers. In the event of excessive use, Zerocopter will discuss the excessive use with Customer, and subsequently at its discretion (i) charge Customer higher fees with retroactive effect, (ii) temporarily or permanently disable the affected Zerocopter Service, or (iii) terminate the Agreement in accordance with article of the Zerocopter Terms and Conditions of Sale.
4. Bug Bounty.
(a) Description. A Bug Bounty is a “no cure, no pay” program in which Zerocopter hackers are invited to look for and disclose any vulnerabilities in Customer’s environment, for which they will receive a monetary reward based on the threat level. It offers a continuous way to test Customer’s system, regardless of how fast Customer releases software.
(b) Fee Model. (i) a fixed setup fee set by Zerocopter, and; (ii) a variable budget for rewarding the Researchers, agreed upon by Customer and Zerocopter jointly during setup, including a 20% Zerocopter fee.
5. Coordinated Vulnerability Disclosure.
(a) Description. Coordinated Vulnerability Disclosure is a policy that creates a safe harbour for reporters to report security issues in Customer’s system and help Customer improve its security posture. It sets up a structured process for receiving and responding to these reports that otherwise wouldn’t have been reported. By having Customer’s Coordinated Vulnerability Disclosure managed by Zerocopter, Customer will only receive relevant and actionable reports.
(b) Fee Model. (i) a fixed monthly or yearly fee or yearly fee set by Zerocopter, and (ii)variable rewards for reporters, agreed upon by Customer and Zerocopter jointly, including a 20% Zerocopter fee.
6. Dedicated Hacker time.
(a) Description. Dedicated Hacker Time will help Customer gain a higher level of security expertise and support than Customer may be able to achieve, for example, in-house. Dedicated Hacker Time is valuable for security challenges and questions that lack ready-made solutions. It offers a personalized approach to address unique security concerns, and Customer is ensured that these will be addressed and looked at. Book by the hour and gain access to an extended team of hackers.
(b) Fee Model. (i) an hourly rate as set by Zerocopter.
7. Recon Service.
(a) Description. The Zerocopter Recon service leverages the power of the world-class hackers in the Zerocopter network to look from the outside-in at Customer’s digital footprint. With their skills and experience, they identify public-facing assets associated with an organization that might have previously gone unnoticed and, more importantly, unsecured. Having the same view as an attacker, they offer a different perspective and help gain new insights to bolster security further.
(b) Fee Model. (i) a fixed fee for each Recon, as set by Zerocopter.