TERMS AND CONDITIONS

These Terms and Conditions ("Terms") govern your use of the SPOTTR software-as-a-service platform ("SPOTTR," the "Service," or the "Platform") provided by Veriti Incorporated, a Delaware corporation ("Veriti," "we," "our," or "us"). By using SPOTTR, you ("Customer," "you," or "your") agree to these Terms. If you do not agree, you may not access or use the Service.

1. Service Overview

SPOTTR is a web-based cybersecurity assessment and monitoring platform that performs domain and subdomain scans, collects and analyzes publicly available information, and provides cybersecurity scoring, reports, and recommendations. The Service may also request user-provided survey data regarding cybersecurity practices and policies.

2. Eligibility

You must be at least 18 years old and legally capable of entering into a binding agreement. If you use the Service on behalf of an organization, you represent and warrant that you are authorized to bind that organization to these Terms.

3. Account Registration

Users must register for an account, providing accurate and complete information. You are responsible for maintaining the confidentiality of your login credentials and for any activity under your account. Notify Veriti immediately of unauthorized access or use.

4. Subscription and Payment Terms

4.1 Free Trial

New users are eligible for a thirty (30)-day free trial. Continued use after the trial requires a paid subscription.

4.2 Fees and Billing

Subscriptions are billed monthly unless otherwise stated. You authorize Veriti to charge your payment method on a recurring basis until cancellation. Prices may be updated upon notice.

4.3 Cancellation

You may cancel your subscription at any time. Access continues until the end of the billing period; fees are non-refundable except as required by law.

5. License and Acceptable Use

5.1 License Grant

Veriti grants you a limited, non-exclusive, non-transferable, revocable license to use SPOTTR for your internal business purposes in accordance with these Terms.

5.2 Restrictions

You may not:

  • Copy, modify, distribute, or create derivative works of SPOTTR;
  • Reverse engineer, decompile, or disassemble the software;
  • Rent, lease, resell, or sublicense the Service;
  • Use SPOTTR for unlawful, harmful, or fraudulent purposes;
  • Interfere with or disrupt the Service or servers.

6. Data and Privacy

6.1 User Data

You retain ownership of all data, information, and content uploaded to SPOTTR ("User Data"). By using SPOTTR, you grant Veriti a limited, non-exclusive, worldwide license to host, store, and process User Data solely to provide and improve the Service.

6.2 Publicly Available Information

SPOTTR may collect and analyze publicly available data related to your domain(s) and company. This information is not considered confidential.

6.3 Data Protection and GDPR Compliance

For users located in the European Economic Area (EEA), the United Kingdom, or Switzerland, Veriti acts as a data controller for personal data collected directly (e.g., account registration) and as a data processor for User Data uploaded by customers.

Veriti complies with the EU General Data Protection Regulation (GDPR) and implements appropriate technical and organizational measures to safeguard personal data.

Users have the right to:

  • Access, correct, or delete personal data;
  • Request data portability;
  • Object to or restrict processing under certain circumstances;
  • File a complaint with their local data protection authority.

To exercise these rights, contact: privacy@veriti.io

Veriti may process data in the United States or other countries with appropriate safeguards in place, including Standard Contractual Clauses (SCCs) for EU data transfers.

7. Reports and Recommendations

SPOTTR's scoring and reports are generated through automated analysis and self-reported data. They are intended for informational purposes only and do not guarantee compliance, protection, or immunity from cybersecurity risks.

8. Intellectual Property

All intellectual property rights in SPOTTR, including software, designs, algorithms, and trademarks, belong exclusively to Veriti or its licensors. You receive no ownership or implied license other than the limited right to use the Service under these Terms.

9. Disclaimers and Limitation of Liability

9.1 Disclaimer

SPOTTR is provided "as is" and "as available," without warranties of any kind. Veriti disclaims all implied warranties, including merchantability, fitness for a particular purpose, and non-infringement.

9.2 Limitation of Liability

To the fullest extent permitted by law, Veriti shall not be liable for any indirect, incidental, consequential, or special damages, including loss of profits, data, or goodwill.

Veriti's total cumulative liability shall not exceed the amount you paid during the twelve (12) months preceding the claim.

10. Indemnification

You agree to indemnify, defend, and hold harmless Veriti, its affiliates, officers, and employees from any claims, damages, liabilities, or expenses arising from your use of SPOTTR or violation of these Terms.

11. Termination

Veriti may suspend or terminate access to SPOTTR for any reason, including non-payment or misuse. Upon termination, your license to use the Service ends immediately.

12. Arbitration and Governing Law

12.1 Arbitration

Any disputes shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) in Fairfax County, Virginia. Arbitration shall be conducted in English, and each party shall bear its own legal fees.

12.2 Governing Law

These Terms are governed by the laws of the Commonwealth of Virginia, without regard to its conflict-of-law rules.

12.3 Jurisdiction

If court action is required, exclusive jurisdiction lies with the state or federal courts in Virginia.

13. International Use

You are responsible for compliance with all local laws applicable to your use of SPOTTR, including data protection and privacy requirements.

14. Modifications

Veriti may update these Terms periodically. The revised version will be effective upon posting on our website. Continued use constitutes acceptance of the updated Terms.

15. Contact Information

Veriti Incorporated

Email: support@veritispottr.com

Website: www.veritispottr.com

DATA PROCESSING ADDENDUM

This Data Processing Addendum ("Addendum") forms part of the Terms and Conditions or other written agreement ("Agreement") between Veriti Incorporated and the Customer (collectively, the "Parties") governing the use of the SPOTTR platform ("Service").

This Addendum reflects the Parties' agreement concerning the processing of personal data under EU, UK, and Swiss data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, and the Swiss Federal Data Protection Act (FDPA).

1. Definitions

For purposes of this Addendum:

  • "Controller" means the entity that determines the purposes and means of the processing of Personal Data.
  • "Processor" means the entity that processes Personal Data on behalf of the Controller.
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Data Subject" means the individual to whom Personal Data relates.
  • "Processing" means any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
  • "Sub-processor" means any third party engaged by the Processor to process Personal Data on behalf of the Controller.
  • "Applicable Data Protection Laws" include GDPR, UK GDPR, FDPA, and related laws or regulations.
  • "Standard Contractual Clauses (SCCs)" means the clauses approved by the European Commission for international data transfers.

2. Roles of the Parties

  • The Controller determines the purposes and means of processing Personal Data.
  • The Processor processes Personal Data only on behalf of and according to the documented instructions of the Controller, as described in this Addendum.

3. Scope and Nature of Processing

  • Subject Matter: The provision of SPOTTR cybersecurity services by Veriti.
  • Duration: For the term of the Agreement, unless otherwise required by law.
  • Nature and Purpose: Processing of Personal Data to provide cybersecurity scanning, analysis, and reporting services.
  • Types of Personal Data: Business contact details, domain registration information, user credentials, and any data voluntarily uploaded or entered by the Customer.
  • Categories of Data Subjects: Customer's employees, contractors, or representatives whose data may be processed within the Service.

4. Processor Obligations

Veriti shall:

  1. Process Personal Data only on documented instructions from the Controller, unless required by law.
  2. Ensure that persons authorized to process Personal Data are bound by confidentiality obligations.
  3. Implement and maintain appropriate technical and organizational security measures to protect Personal Data.
  4. Assist the Controller, insofar as possible, with fulfilling obligations related to Data Subject rights requests (access, rectification, deletion, portability, etc.).
  5. Assist with data protection impact assessments (DPIAs) and consultations with data protection authorities, where applicable.
  6. Notify the Controller without undue delay after becoming aware of a Personal Data Breach, providing sufficient detail for the Controller to meet its obligations.
  7. Delete or return all Personal Data upon termination of the Agreement, unless retention is required by law.
  8. Make available information necessary to demonstrate compliance with this Addendum and allow for audits as described in Section 7.

5. Sub-Processors

  1. The Controller authorizes Veriti to engage sub-processors for specific processing activities (e.g., hosting, billing, analytics).
  2. Veriti shall ensure that each sub-processor is bound by written obligations that provide data protection no less protective than those in this Addendum.
  3. Veriti will maintain an up-to-date list of sub-processors available upon request and notify the Controller of any intended changes.
  4. The Controller may object to a new sub-processor on reasonable grounds relating to data protection.

6. International Data Transfers

  1. Veriti is headquartered in the United States. Personal Data may be transferred and processed in the U.S. or other jurisdictions.
  2. For transfers from the EEA, UK, or Switzerland to countries without an adequacy decision, Veriti relies on:
    • The EU Standard Contractual Clauses (2021/914), Module Two (Controller → Processor);
    • The UK International Data Transfer Addendum; and
    • The Swiss Addendum for transfers under the FDPA.
  3. The Controller authorizes such transfers and agrees that appropriate safeguards are in place.

7. Audits and Compliance

  1. Upon reasonable notice, the Controller may request information necessary to verify Veriti's compliance with this Addendum.
  2. Veriti may provide certifications, security summaries, or third-party audit reports (e.g., SOC 2, ISO 27001) to demonstrate compliance in lieu of on-site audits.
  3. Any audit shall be limited in scope and frequency to once per year, and conducted in a manner that minimizes disruption and protects confidentiality.

8. Data Subject Requests

If Veriti receives a request from a Data Subject regarding their Personal Data processed through SPOTTR, Veriti shall:

  • Notify the Controller promptly, and
  • Not respond directly unless authorized by the Controller.

Veriti will assist the Controller in responding to such requests to the extent reasonably possible.

9. Security Measures

Veriti implements appropriate measures to ensure the confidentiality, integrity, and availability of Personal Data, including:

  • Encryption in transit and at rest;
  • Access controls and authentication;
  • Logging and monitoring;
  • Regular vulnerability assessments;
  • Staff training in data protection and cybersecurity.

Details of security practices are available upon request.

10. Personal Data Breach Notification

Veriti shall notify the Controller without undue delay after becoming aware of a Personal Data Breach. The notification shall include, where possible:

  • The nature of the breach;
  • The categories and number of Data Subjects affected;
  • Likely consequences; and
  • Measures taken or proposed to address the breach.

11. Deletion or Return of Data

Upon termination or expiration of the Agreement, Veriti shall delete or return all Personal Data (including copies) within a reasonable period, unless retention is required by law or regulatory obligations.

12. Liability

Each Party's liability under this Addendum is subject to the limitations set forth in the main Agreement. Nothing in this Addendum limits a Data Subject's rights under Applicable Data Protection Laws.

13. Governing Law and Jurisdiction

This Addendum shall be governed by:

  • The laws of the Commonwealth of Virginia, United States, except to the extent required by the GDPR or other data protection laws.
  • For EU Data Subjects, this Addendum shall also be interpreted consistently with GDPR requirements.

Disputes shall be resolved under the arbitration clause specified in the main Agreement.

14. Order of Precedence

In the event of conflict between this Addendum and other terms of the Agreement, this Addendum shall prevail with respect to data protection and privacy matters.

15. Contact Information

Veriti Incorporated

Email: support@veritispottr.com

Website: www.veritispottr.com