Last Updated: May 16, 2023
THE KNOWBE4 TERMS OF SERVICE (THE "AGREEMENT") GOVERN CUSTOMER’S ACCESS AND USE OF KNOWBE4’S SUBSCRIPTION SERVICES. “KNOWBE4” SHALL MEAN KNOWBE4, INC. AND ITS SUBSIDIARIES. IF CUSTOMER HAS FULLY EXECUTED A MASTER AGREEMENT WITH KNOWBE4, SUCH MASTER AGREEMENT WILL GOVERN THE ACCESS AND USE OF THE SUBSCRIPTION SERVICES. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN. BY ACCEPTING THIS AGREEMENT, EITHER BY: (1) CLICKING A BOX INDICATING ACCEPTANCE THROUGH THE SUBSCRIPTION SERVICES; (2) EXECUTING A QUOTE THAT REFERENCES THIS AGREEMENT; OR (3) USING KNOWBE4’S SUBSCRIPTION SERVICES, CUSTOMER AGREES TO BE BOUND BY THE TERMS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF AN ORGANIZATION OR LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS AND WARRENTS THAT THEY HAVE THE FULL POWER AND AUTHORITY TO BIND SUCH ORGANIZATION AND ITS AFFILIATES TO THESE TERMS, IN WHICH CASE THE TERM “CUSTOMER” SHALL REFER TO SUCH ORGANIZATION AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY OR DOES NOT AGREE WITH THESE TERMS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SUBSCRIPTION SERVICES. Customer and KnowBe4 may be referred to in this Agreement individually as a “party” or jointly as the “parties.” This Agreement governs all access and use of KnowBe4’s Subscription Services, as defined below, provided by KnowBe4 to Customer. KnowBe4 may update or make changes to this Agreement from time to time. KnowBe4 encourages Customer to periodically review and check this Agreement for updates to stay informed about the terms that govern Customer’s use of the Subscription Services. Customer’s continued use of the Subscription Services after KnowBe4 makes any changes is deemed to be an acceptance of those changes. The Subscription Services may not be accessed for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes, or as otherwise restricted by this Agreement. KnowBe4’s direct competitors (or third party agents acting on behalf of such direct competitors) are prohibited from accessing the Subscription Services.
- Definitions. For purposes of this Agreement:
- “Active User(s)” means Customer’s Users with active assigned Seats.
- “Affiliate” means an entity that, directly or indirectly, through one or more entities, controls; is controlled by; or is under common control with, the specified entity.
- “Beta Services” means the second phase of software testing in which a sampling of the intended audience samples a service prior to its general release where Customer, in return, provides KnowBe4 feedback about the Beta Services.
- “Channel Partner” means an authorized KnowBe4 reseller, distributor, or managed service provider through which Customer may acquire the Subscription Services and/or Professional Services.
- “Confidential Information” means all information or material disclosed by a party (the “Disclosing Party”) to the other party (the “Receiving Party”), whether orally or in writing, that: (a) gives either party some competitive business advantage, gives either party an opportunity of obtaining some competitive business advantage, or the disclosure of which may be detrimental to the interests of the Disclosing Party; and (b) is either: (i) marked “Confidential,” “Restricted,” “Proprietary,” or includes other similar markings; (ii) known by the parties to be confidential and proprietary; or (iii) from all the relevant circumstances should reasonably be assumed to be confidential and proprietary. The Subscription Services are deemed Confidential Information of KnowBe4.
- “Customer Privacy Notice” means KnowBe4’s Customer Privacy Notice located at knowbe4.com/product-privacy-notice, or such other URL locations on KnowBe4’s website as KnowBe4 may provide from time to time.
- “Documentation” means KnowBe4’s then-current generally available knowledge base that contains usage documentation, specifications, user manuals, and support guidance, for the Subscription Services that are located at https://support.knowbe4.com/hc/en-us or such other URL locations on KnowBe4’s website as KnowBe4 may provide from time to time.
- “LMS” means a learning management system for the administration, documentation, tracking, reporting, and delivery of Training Content, that includes any e-learning education courses or training programs. KnowBe4 provides a cloud-based LMS through its Web Hosted Services. Upon approval by KnowBe4, Customer may also opt to use its own, or a third party’s, LMS in accordance with the terms of this Agreement.
- “Professional Services” means any professional services, including implementation and installation services, managed services, consultancy services, or customization and branding services of Training Content as agreed upon by the parties and set forth in a Quote. KnowBe4 may require Customer to enter into a statement of work (“SOW”) detailing the Professional Services to be performed.
- “Quote” means a purchasing document or other similar document, such as a purchase order or SOW, in connection with a purchase under this Agreement.
- “Seat(s)” refers to the number of Users permitted access to the Subscription Services pursuant to the user count purchased via a Quote.
“Security Page” means KnowBe4’s security statement that provides information about KnowBe4’s security practices, located at knowbe4.com/security, or such other URL locations on KnowBe4’s website as KnowBe4 may provide from time to time.
- “Software” means the object code version of any software that may be licensed by Customer under this Agreement for installation on Customer’s systems. To the extent KnowBe4 delivers any updates or enhancements to Customer as part of the Support Services, such updates and enhancements will be deemed included in the definition of Software.
“Subscription Services” means any Web Hosted Services, Software, Support Services, Professional Services, Training Content, and/or other services that KnowBe4 offers to Customer, including any applicable Documentation.
“Support Services” means maintenance and support of any Subscription Services provided by KnowBe4, as set forth in Exhibit A.
- “Subscription Term” means the term set forth in the respective Quote during which the Customer is granted access to the Subscription Services in accordance with this Agreement.
- “Training Content” means digital courseware, training modules, testing and training templates, games, posters, artwork, videos, newsletters, security documents, or other content and materials provided by KnowBe4 and/or its third party licensors (as defined below).
- “User(s)” means Customer’s authorized employees or independent contractors, with an assigned unique business email address (i.e., an email address using a business email domain name that Customer owns or is authorized by the domain name owner to use for the purposes contemplated herein), who may access the applicable Subscription Services.
- “Web Hosted Services” means an application and/or database services hosted by KnowBe4 or its agents, made available for remote access and use by Customer and its Users, under this Agreement.
- Payment Terms.
- 2.1. Subscription Services Purchase. Customer is deemed to have committed to a purchase in full for the Subscription Services (regardless of any split payment terms) upon the earlier of: (a) a Quote signed by Customer that is sent to KnowBe4 or to the respective KnowBe4 Channel Partner for processing; (b) an attached Quote, upon execution of this Agreement; or (c) tender of payment by Customer through check, credit card, or other form of payment. Payment via check, credit card, or other form of tendering payment will be deemed acceptance of the corresponding Quote or invoice sent to Customer by KnowBe4. If Customer is an organization subject to certain fiscal period restrictions or appropriations, Customer hereby represents and warrants that Customer has the ability to pay all fees, regardless of any split payment terms, in full, out of Customer’s current fiscal period’s allocated budget or that Customer has the authority to legally commit to a purchase outside of the current fiscal period. Except as otherwise specified herein, all sales are final, non-refundable, and non-returnable.
- 2.2. Subscription Services Fees. The fees for Subscription Services will be specified by KnowBe4 and will be applicable for the period specified in the KnowBe4 Quote (as applicable). If no period is specified, pricing will be applicable for thirty (30) calendar days. Notwithstanding the foregoing, prices may be subject to increase upon the renewal of a Quote, or in the event Customer adds on or upgrades the Subscription Services during the Subscription Term specified in the Quote. Fees do not include any taxes, levies, duties, or similar governmental assessments of any nature including, for example, value-added; sales; use; or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If KnowBe4 has the legal obligation to pay or collect Taxes for which Customer is responsible under this Section, KnowBe4 will invoice Customer and Customer will pay that amount unless Customer provides KnowBe4 with a valid tax exemption certificate authorized by the appropriate taxing authority. For the avoidance of doubt, KnowBe4 is solely responsible for taxes assessable against it based on its income, property, and employees. Except as otherwise specified herein or in a Quote: (a) fees are based on the Subscription Services acquired and not actual usage; (b) payment obligations are non-cancelable and fees paid are non-refundable, except where expressly permitted herein; and (c) the Subscription Term and quantities purchased cannot be decreased during the applicable Subscription Term. For clarity, Customer is responsible for any payments owed but not paid by any Affiliates ordering Subscription Services hereunder. In the event Customer requires KnowBe4 to use a vendor payment portal or compliance portal which charges KnowBe4 a fee or a percentage of any uploaded invoice as a required cost of doing business,, Customer shall be invoiced by KnowBe4 for, and Customer is obligated to pay, the cost of any such fees.
- 2.3. Due Date; Late Payments. Amounts due for Subscription Services may be invoiced by KnowBe4 in full at the start of the Subscription Term or as otherwise expressly provided in the Quote. Customer agrees to pay the net amount of each invoice without offset or deduction within thirty (30) days after the date of KnowBe4’s invoice (unless otherwise noted on the invoice). If any undisputed amount is not paid by Customer within fifteen (15) days’ notice of late payment, KnowBe4 will be entitled to receive the amount due plus interest thereon at a rate of 1.5% per month (or the highest rate permitted by applicable law) on all undisputed amounts that are not paid on or before the date due. Customer will also pay all of KnowBe4’s reasonable costs of collection including, but not limited to, reasonable attorneys’ fees.
- 2.4. Disputed Payments. Customer has the right, in good faith, to dispute all or a portion of an invoice prior to its due date. KnowBe4 will not collect interest on disputed amounts in the event Customer provides KnowBe4 with written notice, prior to the due date, that Customer disputes such charges, pays all undisputed charges on time, and cooperates diligently to resolve the dispute.
- 2.5. Credit Approval; Application of Payment. Customer may, from time to time, be subject to credit approval by KnowBe4. Customer agrees to submit financial information as may be reasonably requested by KnowBe4 for the establishment and/or continuation of credit terms. Any payment received from Customer may be applied by KnowBe4 against any obligation owed to KnowBe4 by Customer.
- 2.6. Channel Partner Purchases. In the event Customer acquires Subscription Services through a Channel Partner, all payment-related terms will be set forth in the applicable agreement between such Channel Partner and Customer. Any agreements Customer enters into with a Channel Partner shall be between Customer and the Channel Partner and shall not be binding upon KnowBe4.
- Product Usage & Rights.
- 3.1. Subscription Services. For the duration of the Subscription Term, and in accordance with the terms of this Agreement and the Documentation, KnowBe4 grants to Customer a non-exclusive, non-transferable, non-assignable right to access the applicable Subscription Services set forth in the Quote for Customer’s internal business use only, and not for resale or publication. If Software and/or Training Content downloads are enabled in the applicable Subscription Services, Customer will have the license right to download, install, use, execute, and display the Software and Training Content in accordance with this Agreement, the Documentation, and Section 4.3 (“Use of Customer or Third Party LMS”). Some Software or other components used in KnowBe4’s Subscription Services may be offered under an open source license, located at https://support.knowbe4.com/hc/en-us/articles/360000870387-Open-Source-Licensing-Information, or such other URL locations on KnowBe4’s website as KnowBe4 may provide from time to time.
- 3.2. Operation of the Subscription Services. The implementation and operation of KnowBe4’s Subscription Services, and any deliverables resulting from the Subscription Services, are performed by designated administrator(s) employed or contracted by Customer. Any Managed Services, as defined below, may be subject to additional fees.
- 3.3. Customer Users. The Subscription Services are only permitted to be used by the authorized number of Users for whom Customer paid the applicable Subscription Services fees. The Subscription Services are provided on a per-Seat, subscription basis. Customer is solely responsible for the management of access to the Subscription Services of its Users. The concurrent number of Active Users receiving access may not exceed the number of purchased Seats. If the number of Active Users exceeds the number of purchased Seats, Customer is obligated to either pay for any Seats that surpass the purchased amount or immediately reduce its number of Active Users. Customer is not permitted to freely re-assign Seats to Users. KnowBe4 prohibits cycling of Seats amongst Customer’s personnel. If an Active User’s account is terminated or removed, that User’s Seat license is no longer considered active and may be allocated to another User upon written approval by KnowBe4. Notwithstanding the foregoing, KnowBe4’s approval is not required in the instance an Active User’s account is terminated or removed due to Customer’s termination of that Active User’s employment, or otherwise for termination of contract with that Active User, to account for Customer’s normal attrition in its workforce. KnowBe4 reserves the right to monitor Customer’s compliance with this Section. Upon request by KnowBe4, Customer agrees to certify its compliance with this Section. Additional Seats may be added during the applicable Subscription Term and such additional Seats will be co-pending with the then-current Subscription Term and will terminate on the same date. Add-ons for more Seats, mid-Subscription Term, will be priced at the same volume, level, and term discount purchased under the applicable co-pending Quote and will be valid only until the end of such co-pending Subscription Term. New rates may apply upon renewal.
- 3.4. Professional Services. 1.1. In the instance Customer purchases Professional Services to be performed by KnowBe4, Customer may be required to sign an SOW detailing the project specifications. Professional Services may include, but are not limited to, the request for KnowBe4 to implement and operate the Subscription Services on behalf of Customer (“Managed Services”), additional maintenance and support (as opposed to the standard Support Services already included), customization and branding of any Training Content, and any additional consultancy or professional services. The completion time for any Professional Services to be performed under an SOW, and any milestones, will be dependent on KnowBe4’s receipt of all Customer assets and specifications necessary for the project, in addition to KnowBe4 receiving a validly signed SOW for processing, as requested by KnowBe4. The completion deadline will start from the date of delivery of all such assets and specifications, not the date of KnowBe4’s receipt of the signed SOW. Customer acknowledges that delays in providing assets or specifications at the request of KnowBe4 for such Professional Services may delay the completion of the Professional Services. KnowBe4 will not be faulted for delays caused by Customer’s failure to reasonably cooperate. Services hours purchased pursuant to an SOW or a Quote will expire upon the earlier of the expiration or termination of Customer’s then-current Subscription Term and will not carry over to any subsequent Subscription Term renewal. Any pre-purchased, unused Professional Service hours will be rolled over if the respective Subscription Term is renewed under this Agreement. Professional Service hours that are not rolled over will not be refunded upon termination or expiration of this Agreement/all Quote Subscription Terms.
- 3.5. Support Services. Subscription Services are made available with standard Support Services for no additional charge. Support Services are made available in accordance with the terms and conditions set forth in Exhibit A. Notwithstanding the foregoing, KnowBe4 will have no obligation to support: (a) services, hardware, or software provided by anyone other than KnowBe4; (b) Subscription Services issues caused by Customer’s negligence, abuse, or misapplication; or (c) Customer’s use of Subscription Services other than as specified in the Documentation.
- 3.6. Limited Access Account. In the event Customer is granted access or use of any Subscription Services on an evaluation or trial period basis, including any limited access accounts created by Customer, then, subject to the terms and conditions of this Agreement, KnowBe4 hereby grants Customer, solely for its internal evaluation purposes, a revocable, limited, non-exclusive, non-transferable, non-assignable right to access the included Subscription Services for the Limited Access Period, subject to any terms or limitations expressly set forth in any activation email or Quote, as applicable. Customer may only use such Subscription Services from the earlier of: (1) the date this Agreement is accepted by Customer; or (2) the date in which Customer was permitted access to the Subscription Services by way of an activation email or Quote, until the expiration date set forth in applicable activation email, or, if no expiration date is set forth in the applicable activation email, thirty (30) days after the earlier of either (a) or (b) herein (the “Limited Access Period”). Customer and KnowBe4 may extend the Limited Access Period upon mutual written agreement (including via email). This evaluation license and grant of access will terminate automatically upon expiration of the Limited Access Period. At any time prior to the end of the Limited Access Period, KnowBe4 may terminate the Limited Access Period for the Subscription Services without notice. Upon any termination, Customer shall discontinue use and/or access to the Subscription Services unless and until Customer has agreed to purchase a license or grant of access to use and/or access such Subscription Services. During the Limited Access Period, all terms and conditions of this Agreement will apply, except that (i) no fees will be due from Customer, unless otherwise specified; (ii) the Subscription Services will be provided without warranties or indemnities of any kind and entirely on an “as-is” basis (e.g., Sections including Support Services, warranties and KnowBe4 indemnity obligations will not apply); and (iii) additional evaluation terms and conditions may appear on the trial registration web page or activation email sent by KnowBe4, on the applicable Quote provided by KnowBe4, or by way of a proof of concept agreement executed between the parties. Any such additional terms and conditions shall be incorporated into this Agreement by reference and are legally binding. Apart from the foregoing limited license and grant of access, Customer is not being granted any right, title, or interest in or to the Subscription Services. All such rights are expressly reserved by KnowBe4. CUSTOMER DATA, INFORMATION, REPORTS, MATERIALS AND/OR CONFIGURATIONS TO THE SUBSCRIPTION SERVICES MAY BE PERMANENTLY LOST OR DELETED.
- 3.7. Beta Services. KnowBe4 may offer Beta Services to Customer at no charge. Use of the Beta Services are at the election of Customer and are for evaluation purposes only. Beta Services are not considered “Subscription Services” and do not come with Support Services. Beta Services may be subject to additional terms. KnowBe4 reserves the right to discontinue the Beta Services at any time. Use of the Beta Services will automatically terminate at such time that KnowBe4 makes such Beta Services generally available. Beta Services may be unpredictable and lead to erroneous results. Customer acknowledges and agrees that: (a) Beta Services are experimental and have not been fully tested; (b) Beta Services may not meet Customer’s requirements; (c) the use or operation of any Beta Services may not be uninterrupted or error free; (d) Customer’s use of any Beta Services is for purposes of evaluating and testing the Beta Services and for providing feedback to KnowBe4; (e) Customer will inform its Users regarding the nature of Beta Services; and (f) Beta Services are considered Confidential Information. Customer will promptly report any errors, defects, or other deficiencies in any Beta Services to KnowBe4. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, ALL BETA SERVICES ARE PROVIDED “AS-IS” AND “AS-AVAILABLE,” WITHOUT WARRANTIES OF ANY KIND. Customer hereby waives any and all claims, now known or later discovered, that Customer may have against KnowBe4, and KnowBe4’s third party providers, and KnowBe4’s third party licensors (KnowBe4’s third party providers and KnowBe4’s third party licensors, collectively, “TPPs”) arising out of Customer’s use of Beta Services.
- 3.8. Intellectual Property. This is not a work made-for-hire agreement, as defined by U.S. or other applicable law. KnowBe4 and its licensors own and reserve all right, title, and interest, including intellectual property rights, in the Subscription Services and all enhancements, modifications, and updates thereto. All rights and licenses granted by KnowBe4 to the Subscription Services under this Agreement are not, and shall not, be deemed to be rights or licenses to “intellectual property,” as such term is used and interpreted under Section 365(n) of the United States Bankruptcy Code (11 U.S.C. § 365(n)), or other applicable laws. Except for express licenses granted in this Agreement, KnowBe4 is not granting any interest, express or implied, in or to KnowBe4’s intellectual property. KnowBe4 reserves all rights in such property.
- 3.9. Feedback. Customer may provide KnowBe4 with suggestions, comments, or other feedback (collectively, “Feedback”) with respect to the Subscription Services. Feedback is voluntary. KnowBe4 is not obligated to hold any Feedback in confidence. KnowBe4 may use Feedback for any purpose without obligation of any kind. To the extent a license is required to make use of any intellectual property in any Feedback, Customer grants KnowBe4 an irrevocable, non-exclusive, perpetual, royalty-free license to use such Feedback in connection with KnowBe4’s business, including the enhancement of the Subscription Services.
- 3.10. Subscription Services Analytics. KnowBe4 may use and reproduce data for the development, maintenance, support, and improvement of current and future Subscription Services; for tracking Subscription Services usage metrics and statistics; for analyzing and reporting on threat intelligence; for training artificial intelligence/machine learning; and for other similar purposes (the “Subscription Services Analytics”). KnowBe4 owns all rights in and to the Subscription Services Analytics. To the extent such data is publicly disclosed, it will only be disclosed in a generic or aggregated manner that does not directly or indirectly identify the Customer or any individual User and will exclude Customer Confidential Information and Personal Data (as defined below). KnowBe4 shall implement industry standard practice technical safeguards that prevent reidentification of data and implement industry standard practice business processes to prevent inadvertent release of Customer Data (as defined below).
- Customer Obligations and Restrictions.
- 4.1. Connectivity. Customer is solely responsible for all telecommunication or Internet connections, and associated fees, required to access and use the Subscription Services, as well as all hardware and software. KnowBe4 is not responsible for: (a) Customer’s access to the Internet; (b) interception or interruptions of communications through the Internet; or (c) changes or losses of data through the Internet.
- 4.2. User Credentials. Customer will ensure User credentials (e.g., usernames and passwords) remain confidential, and Customer and Users will not disclose any such credentials to any third party. In addition, Customer will notify KnowBe4 immediately upon discovery of an unauthorized disclosure of any such credentials or upon any unauthorized access. Upon any termination of the engagement or deactivation of any User with knowledge of any such credentials, Customer will immediately change such credentials and remove access for that User. Customer may only assign Seats to Users with unique email addresses with business domain names that Customer either owns or is authorized to use by the domain name owner in accordance with this Agreement and the applicable Documentation.
- 4.3. Use of Customer or Third Party LMS. In the event Customer uses its own or a third party’s LMS for hosting Training Content or other such content provided by KnowBe4 or TPPs, Customer will ensure strict compliance in accordance with this Agreement and will ensure an agreement is in place with any such third party that contains substantially the same level of protection for the Training Content and other such content as contained herein. After the termination or expiration of the applicable Term (as defined below), Customer will ensure all Training Content and other such content is removed from its own, or the third party’s, possession.
- 4.4. Affiliates. Customer, if purchasing Seats on behalf of an Affiliate, will ensure its Affiliates comply with the terms of this Agreement. The use of the Subscription Services by the Affiliate and its Users represents acceptance of the terms of this Agreement by such Affiliate and its Users for which Customer will be jointly and severally liable with its Affiliate for any breach by the Affiliate or its Users of this Agreement. No Affiliate may directly enforce any provision of this Agreement. All actions to enforce this Agreement must be brought by Customer.
- 4.5. Restrictions. Customer agrees not to: (a) copy, reproduce, reverse engineer, disassemble, create derivative works from, decompile, or otherwise attempt to reveal the trade secrets or know-how underlying the Subscription Services; (b) use KnowBe4’s intellectual property or Confidential Information to develop a competitive offering or otherwise copy KnowBe4’s content, materials, and/or user interface for the development of similar services; (c) remove or destroy any copyright notices, other proprietary markings, or confidentiality legends placed on or made available through the Subscription Services; (d) attempt to gain unauthorized access to, or disrupt the integrity or performance of, the Subscription Services or the data contained therein (including without limitation penetration or other such security testing); (e) use the Subscription Services for competitive analytical, benchmarking, or market research purposes; or (f) use the Subscription Services in any manner or for any purpose inconsistent with the terms of this Agreement or the Documentation.
- 4.6. Customer acknowledges that some of KnowBe4’s Subscription Services are designed to assist Customer in training Users and may include developing, customizing, and sending fake cyber security attack campaigns for purposes of employee training, but that Customer, and not KnowBe4 or any Channel Partners, will be responsible for Customer’s compliance with all laws and governmental regulations, and any results in connection with the Customer’s use of the Subscription Services (including any reports or information produced in connection therewith).
- 4.7. Customer Content.
- 4.7.1. Depending on the Subscription Services purchased via a Quote, Customer may use KnowBe4’s Subscription Services for the hosting of its assets, content, and other materials, such as certain reports; documents; manuals; audiovisual materials; photos; videos; and audio files, to make available to Active Users on or through the KnowBe4’s LMS or Web Hosted Services (“Customer Content”). Customer shall retain ownership of the Customer Content. Subject to, and conditioned on, Customer’s and its Users’ compliance with the terms and conditions of this Agreement, during the applicable Subscription Term, KnowBe4 will provide Customer and Active Users remote electronic access to the Customer Content through the Subscription Services in accordance with this Agreement. KnowBe4 has the right to: (a) take any action with respect to Customer Content that it deems necessary or appropriate, in KnowBe4’s sole discretion, including if KnowBe4 reasonably believes that such Customer Content violates this Agreement, infringes any intellectual property right or other right of any person or entity, threatens the personal safety of any person, or creates potential liability for KnowBe4; (b) take appropriate legal action including, without limitation, referral to law enforcement related to any illegal or unauthorized Customer Content provided by Customer; or (c) terminate or suspend Customer’s access to the Subscription Services for violation of this Agreement. Customer grants KnowBe4, its TPPs, and each of their respective licensees, successors, and assigns the right to use, reproduce, modify, perform, display, distribute, and otherwise disclose the Customer Content as necessary to make the Customer Content available to Customer and its Active Users through the Subscription Services.
- 4.7.2. Customer represents and warrants that: (a) Customer owns all rights in and to the Customer Content and/or has the right to grant the licenses granted herein to KnowBe4, its TPPs, and each of their respective licensees, successors, and assigns; and (b) all Customer Content does and will continue to comply with this Agreement; (c) all Customer Content does and will continue to comply with all applicable laws and regulations; and (d) the Customer Content does not and will not: (i) contain any material which is defamatory, obscene, indecent, abusive, offensive, violent, hateful, inflammatory, or otherwise objectionable; (ii) promote sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age; (iii) infringe any patent, trademark, trade secret, copyright, or other intellectual property or other rights of any person; (iv) violate the legal rights (including the rights of publicity and privacy) of others or contain any material that may give rise to any civil or criminal liability under applicable laws or regulations or that otherwise may be in conflict with this Agreement; (v) promote any illegal activity or advocate, promote, or assist in any unlawful act; (vi) intentionally create unreasonable disturbances to any other person or organization; or (vii) contain any: (A) viruses, trojan horses, worms, backdoors, or other software or hardware devices, the effect of which would permit unauthorized access to, or disable, erase, or otherwise harm any computer, systems, software, or content; or (B) time bombs, drop dead devices, or other software or hardware devices designed to disable a computer program automatically with the passage of time or under the positive control of any person, or otherwise deprive KnowBe4, or its customers/users, of its lawful rights. In addition to Customer’s indemnification obligations contained in this Agreement, Customer will defend and indemnify KnowBe4 and hold it harmless from any and all claims, losses, deficiencies, damages, liabilities, costs, and expenses (including, but not limited to, reasonable attorneys’ fees) incurred by KnowBe4 as a result of any claim by a third party arising from KnowBe4’s hosting or distribution of the Customer Content as authorized under this Agreement. The procedure for indemnification will be as set forth in the Section covering Customer’s indemnification obligations.
- Term and Termination.
- 5.1. Term. This Agreement will be effective as of the Effective Date and will remain in full force and effect until all Quote terms have expired or otherwise have been terminated (a Quote term individually, a “Subscription Term” and all Quote Subscription Terms, collectively, the “Term”).
- 5.2. Suspension. KnowBe4 may, at its option, suspend Customer’s (or a User’s) use or access to the Subscription Services if: (a) Customer is in breach of the Agreement (including failure to make timely payment in accordance with Section 5.3.1); (b) KnowBe4 believes that such use or access poses a security risk to the Subscription Services or to other Customers or users of the Subscription Services; (c) it is necessary to prevent damage to, or degradation of, the Subscription Services or KnowBe4’s systems; (d) such use or access violates any law, regulation, court order, or other governmental request; or (e) KnowBe4 suspects fraud or abuse. KnowBe4 will make commercially reasonable efforts to: (i) limit the suspension to the affected portion of the Subscription Services; and (ii) promptly resolve the issues causing the suspension of the Subscription Services. Nothing in this clause limits KnowBe4’s right to terminate for cause as outlined in this Agreement, or ability to terminate this Agreement in the instance Customer is acting, or has acted, in a manner that violates applicable law.
- 5.3. Termination.
- 5.3.1. If Customer fails to pay any invoice when due and does not make such payment within fifteen (15) days after receipt of notice from KnowBe4 of such failure, KnowBe4 may, in its sole discretion, either: (a) suspend delivery or performance of any Quote, or any remaining balance thereof, until such payment is made; or (b) terminate any Quote. In either event, Customer will remain liable to pay for the Subscription Services.
- 5.3.2. Either party may terminate the Agreement or a Quote upon a material breach of the Agreement or Quote by the other, if the breaching party does not cure the breach within thirty (30) days after receipt of written notice from the other party specifying the breach.
- 5.3.3. Customer may terminate this Agreement or any applicable Quote at any time and for any reason upon providing thirty (30) days’ written notice to KnowBe4, provided Customer will not be entitled to reimbursement or relief of its future payment obligations.
- 5.3.4. KnowBe4 may terminate this Agreement or any applicable Quote at any time and for any reason upon providing thirty (30) days’ written notice to Customer, provided Customer will be entitled to a prorated refund and relief of its future payment obligations for the unused portion of the Subscription Services.
- 5.4. Effects of Termination.
- 5.4.1. In the event the Agreement or Quote is terminated by Customer without cause, or by KnowBe4 for cause, Customer will pay for all Subscription Services ordered as of the effective date of termination of the particular Quote. In addition, if a Quote specifies a Subscription Term for which KnowBe4 will provide Subscription Services or Professional Services to Customer (e.g., thirty-six (36) months), and that Quote is terminated by KnowBe4 for cause (including nonpayment) or by Customer without cause, then all future, recurring fees associated with the remaining Subscription Term of such Quote will become immediately due and payable, and will be paid by Customer to KnowBe4 upon the effective date of such termination.
- 5.4.2. In the event Customer terminates the Agreement or Quote for material breach in accordance with this Agreement, Customer will be issued a refund for any unusable, pre-paid Subscription Services fees for the remainder of the Subscription Term, as applicable, of the affected Subscription Services.
- 5.4.3. Upon any termination, Customer’s right to use and access the Subscription Services (including any Training Content and other materials provided by KnowBe4) will immediately cease. Customer must return or destroy all copies (original and duplicates) of such Subscription Services, in accordance with this Agreement. Upon request by KnowBe4, Customer must provide to KnowBe4 a certification of destruction.
- 5.4.4. 5.4.4. During an applicable Subscription Term, Customer will have the ability to download a copy of its Customer Data contained in the Subscription Services in the form and format as such Customer Data exists in the Subscription Services. Upon termination or expiration of this Agreement or the Term, KnowBe4 and its TPPs will have the right to delete or destroy Customer Data in its possession. Notwithstanding the forgoing, KnowBe4 will be permitted to retain copies of data contained in an archive that: (a) are made in accordance with its security retention (including email retention) policy, a database backup, and/or disaster recovery procedures; or (b) are kept by KnowBe4 for record-keeping, archival, or governance purposes in compliance with KnowBe4’s document retention policies. To the extent it is not commercially reasonable or technically feasible for KnowBe4 to remove Customer Data from archive or other backup media, KnowBe4 may retain Customer Data on such media in accordance with its retention, backup, or other disaster recovery procedures. Any such retained data will remain subject to the provisions of this Agreement for so long as it is retained.
- 5.4.5. The exercise of the right to terminate this Agreement and any Quote will be in addition to any other rights or remedies provided in this Agreement, or existing at law or equity, that are not otherwise excluded or limited under this Agreement.
- 6.1. Confidential Information. During the Term, each party may disclose to the other certain Confidential Information. Notwithstanding the foregoing, Confidential Information does not include information that: (a) is or becomes publicly available through no breach by the Receiving Party of this Agreement; (b) was previously known to the Receiving Party prior to the date of disclosure, as evidenced by contemporaneous written records; (c) was acquired from a third party without any breach of any obligation of confidentiality; or (d) was independently developed by a party hereto without reference to Confidential Information of the other party.
- 6.2. Protection of Confidential Information. Except as expressly provided in this Agreement, the Receiving Party will not use or disclose any Confidential Information of the Disclosing Party without the Disclosing Party’s prior written consent, except disclosure to, and subsequent uses by: (a) the Receiving Party’s employees or consultants on a need-to-know basis, provided that such employees or consultants have executed written agreements restricting use or disclosure of such Confidential Information that are at least as restrictive as the Receiving Party’s obligations under this Section; and/or (b) as required pursuant to a subpoena or other similar order of any court or government agency provided, however, that the party receiving such subpoena or order will promptly inform the other party in writing and provide a copy thereof (unless notice is precluded by the applicable process), and will only disclose that Confidential Information as necessary to comply with such subpoena or order. Subject to the foregoing nondisclosure and non-use obligations, the Receiving Party will use at least the same degree of care and precaution that it uses to protect the confidentiality of its own Confidential Information and trade secrets of similar nature, but in no event less than reasonable care. Each party acknowledges that due to the unique nature of the other party’s Confidential Information, the Disclosing Party will not have an adequate remedy in money or damages in the event of any unauthorized use or disclosure of its Confidential Information. In addition to any other remedies that may be available in law, in equity, or otherwise, the Disclosing Party shall be entitled to seek injunctive relief to prevent such unauthorized use or disclosure.
- 6.3. Return and Destruction of Materials. All documents and other tangible objects containing or representing Confidential Information that have been disclosed by either party to the other party, and all summaries, copies, descriptions, excerpts, or extracts thereof that are in the possession of the other party will be, and remain, the property of the Disclosing Party and will be promptly returned to the Disclosing Party. The Receiving Party will use reasonable efforts to promptly delete or destroy all summaries, copies, descriptions, excerpts, or extracts thereof in its possession upon the Disclosing Party's written request. The Receiving Party will have no obligation to delete or destroy copies that: (a) are contained in an archived computer system backup that were made in accordance with such party’s security, retention, and/or disaster recovery procedures; or (b) are kept by a party for record-keeping, archival, or governance purposes in compliance with such party’s document retention policies. Any such retained Confidential Information will remain subject to the terms and conditions of this Agreement for so long as it is retained. Notwithstanding the return or destruction of the Confidential Information, the Receiving Party will continue to be bound by its confidentiality and other obligations hereunder in accordance with the terms of this Agreement. At the Disclosing Party’s option, the Receiving Party will provide written certification of its compliance with this Section.
- Data Rights and Protection.
- 7.1. Customer Data. Customer grants KnowBe4 a non-exclusive, world-wide, royalty-free license to use data and other information including, but not limited to, Personal Data processed or stored through the Subscription Services by Customer or on behalf of Customer (“Customer Data”): (a) in accordance with this Agreement; (b) in accordance with the Customer Privacy Notice; (c) for the provision of the Subscription Services including any Professional Services and Support Services; and/or (d) as may be required by law. “Personal Data” means personally identifiable information as defined by applicable law. Customer will be responsible for obtaining all rights, permissions, and authorizations to provide Customer Data to KnowBe4 for use as contemplated under this Agreement. Except for the limited license granted herein, nothing contained in this Agreement will be construed as granting KnowBe4 any right, title, or interest in the Customer Data.
- 7.2. Data Security. Customer Data is maintained in accordance with Exhibit B using industry standard administrative, physical, and technical safeguards that are designed to provide for the protection of the security, confidentiality, and integrity of Customer Data. KnowBe4’s security safeguards include means for preventing access, use, modification, and disclosure of Customer Data by unauthorized individuals. Notwithstanding the foregoing, Customer Data access may be provided: (a) to KnowBe4 and other personnel to the extent necessary to provide the Subscription Services, Professional Services, and Support Services; (b) as compelled by law; (c) as set forth in the Customer Privacy Notice; or (d) as expressly permitted by Customer. KnowBe4’s Subscription Services currently operate in third party data centers that have been built with high availability, business continuity, and disaster recovery in mind. KnowBe4’s cloud architecture follows industry standard security practices and is regularly assessed for vulnerabilities and risks. Information about KnowBe4’s information security practices may be found at KnowBe4’s Security Page.
- 7.3. Data Protection. The collection, use, and disclosure of Customer Data in connection with Customer’s use of the Subscription Services is subject to the Customer Privacy Notice. By using the Subscription Services, Customer and each User acknowledge that the Customer Data will be processed in accordance with both the Customer Privacy Notice and this Agreement and may be processed in a country where it was collected, as well as in countries where privacy laws may be different or less stringent, provided KnowBe4 ensures compliance with applicable data protection laws. By using the Subscription Services, or submitting Customer Data via the Subscription Services, Customer expressly consents to such processing. To the extent Customer or User provides Personal Data or other information belonging to a third party, Customer represents and warrants that it has that person’s, or organization’s, or other such third party’s proper consent, or otherwise proper authorization, to do so. In the event Customer enters into a Data Processing Agreement with KnowBe4, such Data Processing Agreement will govern the data handling practices between the parties and will supersede the language contained in this Section in the event of a conflict.
- 7.4. Third Party Products. Customer (and its Users, as permitted by Customer) may choose to use or procure other third party products or services in connection with the Subscription Services, including third party integrations or implementation, customization, training, or other services. Customer’s use of any such third party products or services (and the third parties’ use of any of Customer Data) is subject to a separate agreement between Customer and the third party provider. If you enable or use third party products or services with the Subscription Services (including any third party integrations), KnowBe4 will allow the third party providers to access or use Customer Data as required for the interoperation of their products and services with the Subscription Services, provided it is permissible in accordance with the Documentation and this Agreement. This may include transmitting, transferring, modifying, or deleting Customer Data, or storing Customer Data on systems belonging to the third party providers or other third parties. Any third party provider’s use of Customer Data is subject to the applicable agreement between Customer and such third party provider. KnowBe4 is not responsible for any access to, or use of, Customer Data by third party providers or their products or services, or for the security or privacy practices of any third party provider or its products or services. Customer is solely responsible for Customer’s decision to permit any third party provider or third party product or service to use Customer Data. It is Customer’s responsibility to carefully review the agreement between Customer and the third party provider, as provided by the applicable third party provider. AS FURTHER SET FORTH BELOW, KNOWBE4 DISCLAIMS ALL LIABILITY AND RESPONSIBILITY FOR ANY THIRD PARTY PRODUCTS OR SERVICES (WHETHER SUPPORT, AVAILABILITY, SECURITY, OR OTHERWISE) OR FOR THE ACTS OR OMISSIONS OF ANY THIRD PARTY PROVIDERS OR VENDORS.
- 7.5. Protected Health Information, Payment Card Information, and other Sensitive Information. KnowBe4 does not need, nor does KnowBe4 request, any protected health information (“PHI”) governed by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”). KnowBe4 does not need, nor does KnowBe4 request, any non-public consumer personally identifiable information or financial information governed by the Gramm-Leach-Bliley Act (“GLBA”) or payment card information covered by the Payment Card Industry Data Security Standards (“PCI DSS”) in order to provide KnowBe4’s Subscription Services. Customer should never disclose, nor allow to be disclosed, PHI or information protected by GLBA, PCI DSS, or other sensitive information to KnowBe4. Customer acknowledges that KnowBe4 does not take steps to ensure KnowBe4’s Subscription Services are compliant with HIPAA, GLBA, PCI DSS, or equivalent laws and regulations. All obligations of the aforementioned regulations remain solely with Customer. KnowBe4’s Subscription Services are not intended for use with minors (as defined by applicable law). Customer is prohibited from authorizing minors, as defined by applicable law, to use or access the Subscription Services, except as otherwise provided in a signed writing by an authorized representative of KnowBe4.
- 8.1. Anti-Bribery & Corruption. Customer will not: (a) make any unlawful payments to any government official or employee; (b) make any unlawful payment to any person or unlawfully provide anything of value (whether as property, services, or in any other form) to any person for the purpose of obtaining an improper business advantage; or (c) agree, commit, or otherwise offer to undertake any of the foregoing actions in connection with this Agreement or any related activities.
- 8.2. International Trade Compliance. The sale, resale, or other disposition of Subscription Services and any related technology or documentation are subject to various economic sanctions, export control laws, and other restrictive trade measures administered by the U.S. and other applicable governments. Because these laws may have extraterritorial effect, Customer will comply with all such measures where applicable, including, without limitation: (a) the Export Administration Act of 1979, as amended (50 U.S.C. §§ 2401–2420) and the Export Administration Regulations, 15 C.F.R. §§ 730–774 (“EAR”); (b) the Arms Export Control Act, 22 U.S.C. § 2778, and the corresponding International Traffic in Arms Regulations (“ITAR”); (c) the economic sanctions laws and regulations enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), 31 C.F.R. §§ 500, et seq., and the U.S. Department of State; and (d) the anti-boycott regulations, guidelines, and reporting requirements under the Export Administration Regulations and Section 999 of the Internal Revenue Service Code. Customer understands and acknowledges that it is solely responsible for complying with such laws whenever applicable. Customer further understands and acknowledges that it will not directly or indirectly export, import, sell, disclose, or otherwise transfer any Subscription Services to any country or party subject to such restrictions, and that it is solely responsible for obtaining any license(s) to export, re-export, or import the Subscription Services that may be required.
- 8.3. Anti-Money Laundering. Customer represents and warrants that all payments will be made by its legal entity as identified in the Quote or this Agreement (or by its Affiliates) entering into this Agreement and that Customer will not misrepresent or attempt to conceal the identity of the party paying or any recipient(s) of the Subscription Services.
- 8.4. Background Checks. In accordance with KnowBe4’s background check policy for its U.S. entity, and to the extent allowed by applicable laws, KnowBe4 has not knowingly employed any persons who, in the past seven (7) years, have been convicted of an offense involving violence, theft, fraud, money laundering, sex crimes, or other offenses that pose an unacceptable level of risk, given the scope of the applicable employment position and KnowBe4’s business needs.
- Warranties and Disclaimers.
- 9.1. Subscription Service Warranties.The Subscription Services will materially conform to the then-current applicable Documentation, and during the applicable Subscription Term, KnowBe4 will not materially decrease the overall functionality of the Subscription Services. Customer must promptly notify KnowBe4 of any breach of this warranty. Customer’s sole and exclusive remedy, and KnowBe4’s sole and exclusive liability, for a breach of the foregoing warranty will be for KnowBe4 to provide Support Services to repair or replace the relevant Subscription Service within thirty (30) days of such notice of non-conformity. If KnowBe4 is unable to remedy such non-conformity within such period to cure, Customer will be entitled to terminate the relevant Quote and will be issued a refund for any pre-paid Subscription Services fees for the unusable portion of the Subscription Services from the date of KnowBe4’s receipt of adequate notice of an actual non-conformity. KnowBe4 will not be responsible for any breach of the foregoing warranty resulting from Customer’s abuse or misuse of the Subscription Services or failure to use the Subscription Services as described in this Agreement, including failure to use the Subscription Services in accordance with its operational requirements described in the Documentation, and provided that Customer will not be entitled to any refund or relief of payment obligations if Customer is also in breach of the Agreement at the time of such termination. Customer is required to sufficiently detail the non-conformity in a manner that allows KnowBe4 to properly assist with the remediation. KnowBe4 will not be responsible for delays in remediation caused by Customer’s failure to respond to requests by KnowBe4. Customer understands that the Subscription Services will only operate in accordance with KnowBe4’s Documentation, and it is Customer’s responsibility to ensure that the Subscription Services will be fit for its purposes and to ensure that the Subscription Services will be supported by Customer’s technology and business environment.
- 9.2. Professional Service Warranties. KnowBe4 warrants that KnowBe4 will provide the Professional Services in a professional, workmanlike manner consistent with this Agreement. Customer must notify KnowBe4 of any breach of this warranty within thirty (30) days of discovery of the breach. Customer’s sole and exclusive remedy, and KnowBe4’s sole and exclusive liability, for a breach of the foregoing warranty will be for KnowBe4, in its sole discretion, either to use reasonable efforts to re-perform the Professional Services or to terminate the relevant Quote or SOW and issue a refund for the portion of pre-paid Professional Services fees for the non-conforming Services.
- 9.3. Compliance Warranties. Each party warrants that it will comply with all laws and regulations applicable to its provision or use of the Subscription Services.
- 9.4. Disclaimers. EXCEPT FOR THE LIMITED WARRANTIES IN THIS SECTION: (A) THE SUBSCRIPTION SERVICES ARE PROVIDED “AS IS,” WITH ALL FAULTS, AND WITHOUT WARRANTIES OF ANY KIND; AND (B) KNOWBE4 EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, QUIET ENJOYMENT, QUALITY OF INFORMATION, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. KNOWBE4 DOES NOT WARRANT THAT THE OPERATION OF THE SUBSCRIPTION SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS IN THE SUBSCRIPTION SERVICES WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION, MARKETING, OR PROMOTIONAL MATERIALS, OR ADVICE GIVEN BY KNOWBE4 OR KNOWBE4’S AUTHORIZED REPRESENTATIVES WILL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THE EXPRESS WARRANTIES PROVIDED HEREIN. CUSTOMER ACKNOWLEDGES THAT TRAINING CONTENT IS FOR GENERAL INFORMATION PURPOSES ONLY AND THAT KNOWBE4 IS NOT A LAW FIRM, NOR DOES IT PROVIDE ANY PROFESSIONAL OR ADVISORY SERVICES. THE INFORMATION PRESENTED IS NOT LEGAL ADVICE AND IS NOT TO BE ACTED ON AS SUCH. THE SUBSCRIPTION SERVICES MAY CONTAIN THE TRADE NAMES OR TRADEMARKS OF VARIOUS THIRD PARTIES AND, IF SO, ANY SUCH USE IS FOR ILLUSTRATIVE AND EDUCATIONAL PURPOSES ONLY. ALL SUBSCRIPTION SERVICES AND COMPANY NAMES ARE PROPERTY OF THEIR RESPECTIVE OWNERS. USE OR DISPLAY OF THE TRADEMARKS DOES NOT IMPLY ANY AFFILIATION WITH, ENDORSEMENT BY, OR ASSOCIATION OF ANY KIND BETWEEN SUCH THIRD PARTIES AND KNOWBE4.
- 9.5. THE SUBSCRIPTION SERVICES MAY BE USED TO ACCESS AND TRANSFER INFORMATION OVER THE INTERNET. CUSTOMER ACKNOWLEDGES AND AGREES THAT KNOWBE4 AND ITS TPPS DO NOT OPERATE OR CONTROL THE INTERNET AND THAT: (A) VIRUSES, WORMS, TROJAN HORSES, OR OTHER UNDESIRABLE DATA OR SOFTWARE; OR (B) UNAUTHORIZED USERS (E.G., HACKERS) MAY ATTEMPT TO OBTAIN ACCESS TO, AND DAMAGE, CUSTOMER DATA, WEBSITES, COMPUTERS, OR NETWORKS. KNOWBE4 WILL NOT BE RESPONSIBLE FOR THOSE ACTIVITIES. FURTHER, EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD PARTY HOSTING PROVIDERS. CUSTOMER IS SOLELY RESPONSIBLE FOR ITS ACTIONS USING FEATURES OR COMPONENTS OF THE SUBSCRIPTION SERVICES THAT INTEGRATE WITH CUSTOMER’S INFORMATION TECHNOLOGY SYSTEMS AND ACKNOWLEDGES THAT KNOWBE4 IS NOT RESPONSIBLE FOR: (I) CUSTOMER’S ACTIONS WITHIN ITS SYSTEMS USING SUCH FEATURES OR COMPONENTS; (II) FOR CUSTOMER’S BACKUPS OF ITS INFORMATION TECHNOLOGY SYSTEMS; AND/OR (III) CUSTOMER’S COMPLIANCE WITH APPLICABLE LAW. .
- 10.1. KnowBe4 Indemnity Obligations. KnowBe4 will defend and indemnify Customer from and against any claims filed against Customer arising from a third party that allege Customer’s authorized use of the Subscription Services directly infringe that third party’s valid U.S. patent, copyright, or trade secret rights. KnowBe4 agrees to pay any amounts finally awarded by a court of law or pursuant to a settlement in respect of such third party claim (including, but not limited to, reasonable attorneys’ fees).
- 10.1.1. Standard Exclusions. Notwithstanding the foregoing, KnowBe4 will have no obligation with respect to any claim of infringement to the extent it is based upon or arises out of Customer’s (including its representatives): (a) use or combination of the Subscription Services with any third-party intellectual property not authorized by KnowBe4; (b) modification or alteration of the Subscription Services by Customer, or Customer’s representatives, not authorized KnowBe4 or the Documentation; (c) use of the Subscription Services in excess of the permissible uses in the Agreement or the Documentation; (d) specifications or other intellectual property provided by Customer; or (e) failure to implement updates, modifications, or replacements issued by KnowBe4 to the Subscription Services (collectively, the “Excluded Claims”).
- 10.1.2. Process. The foregoing indemnification obligation of KnowBe4 is contingent upon Customer promptly notifying KnowBe4 in writing of such claim (provided the failure or delay in doing so will not relieve KnowBe4 from any obligations to indemnify Customer except to the extent that such delay or failure materially prejudices the defense of such claim), permitting KnowBe4 sole authority to control the defense or settlement of such claim and providing KnowBe4 reasonable assistance (at KnowBe4’s sole expense) in connection therewith.
- 10.1.3. Remedies. If a claim of infringement under this Section occurs, or if KnowBe4 determines a claim is likely to occur, KnowBe4 will have the right, in its sole discretion, to either: (a) procure for Customer the right or license to continue to use the Subscription Services free of the infringement claim; or (b) modify the Subscription Services to make them non-infringing, without loss of material functionality. If neither of these remedies is reasonably available to KnowBe4, KnowBe4 may, in its sole discretion, immediately terminate this Agreement and related Quote and provide a prorated refund for any prepaid Subscription Services fees for the unusable portion of the Subscription Services for the remainder of the applicable Subscription Term. The provisions of this Section state the sole and exclusive obligations and liability of KnowBe4 and its licensors and suppliers for any claim of intellectual property infringement arising out of or relating to the Subscription Services or this Agreement, and are in lieu of any implied warranties of non-infringement, all of which are expressly disclaimed.
- 10.2. Customer Indemnity Obligations. Customer will defend and indemnify KnowBe4 from and against any third party claims as a result of any claim by a third party arising from: (a) Customer’s use of the Subscription Services in breach of this Agreement; (b) KnowBe4’s authorized use of the Customer Data; or (c) the Excluded Claims. Customer agrees to pay any amounts finally awarded by a court of law or pursuant to a settlement in respect of such third party claim (including, but not limited to, reasonable attorneys’ fees). The foregoing indemnification obligation of Customer is contingent upon KnowBe4 promptly notifying Customer in writing of such claim (provided the failure or delay in doing so will not relieve Customer from any obligations to indemnify KnowBe4 except to the extent that such delay or failure materially prejudices the defense of such claim), permitting Customer sole authority to control the defense or settlement of such claim, provided that Customer may not settle any such claim unless it unconditionally releases KnowBe4 of all liability, and providing Customer reasonable assistance (at Customer’s sole expense) in connection therewith.
- Limitations of Liability.
- 11.1. 11.1. NEITHER KNOWBE4 NOR ITS THIRD PARTY PROVIDERS OR LICENSORS WILL HAVE ANY LIABILITY TO CUSTOMER OR ANY THIRD PARTY FOR ANY LOSS OF PROFITS, SALES, BUSINESS, DATA, OR OTHER INCIDENTAL, CONSEQUENTIAL, OR SPECIAL LOSS OR DAMAGE, INCLUDING EXEMPLARY AND PUNITIVE DAMAGES, OF ANY KIND OR NATURE RESULTING FROM, OR ARISING OUT OF, THIS AGREEMENT, THE SUBSCRIPTION SERVICES, ANY PROFESSIONAL SERVICES, OR ANY SUPPORT SERVICES RENDERED HEREUNDER. THE TOTAL LIABILITY OF KNOWBE4 AND ITS TPPs TO CUSTOMER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT, THE SUBSCRIPTION SERVICES, ANY PROFESSIONAL SERVICES, AND ANY SUPPORT SERVICES RENDERED HEREUNDER FOR ANY AND ALL CLAIMS OR TYPES OF DAMAGES WILL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE HEREUNDER BY CUSTOMER FOR THE SUBSCRIPTION SERVICES, ANY PROFESSIONAL SERVICES, AND ANY SUPPORT SERVICES AS TO WHICH THE LIABILITY RELATES, IN THE TWELVE (12) MONTHS PRIOR TO THE FIRST EVENT GIVING RISE TO LIABILITY. Both parties specifically acknowledge that the limitations of liability and the exclusion of certain losses or damages stated in this Section represent the agreed, bargained-for understanding of the parties and are reflected in the applicable Subscription Services fees. The limitation of liability and types of losses or damages stated in this Agreement are intended by the parties to apply, regardless of the form of lawsuit or claim a party may bring, whether in tort (including negligence), contract, or otherwise, and regardless of whether any limited remedy provided for in this Agreement fails of its essential purpose.
- Miscellaneous Provisions.
- 12.1. Freedom of Information; Government Public Disclosure Requests. The purpose of the relationship between KnowBe4 and Customer is for Customer to purchase a subscription to the Subscription Services that contain software, content, and information related to internet security awareness training, IT risk management, regulatory compliance, simulation of security attacks, vulnerability assessments, and other subscription service and service offerings. The Subscription Services, and any Confidential Information disclosed, are proprietary to KnowBe4 and are an important business asset of KnowBe4 (the “Proprietary Information”). The Proprietary Information consists of protected financial data, trade secrets, and commercially valuable information that, if disclosed, would harm the competitive position of KnowBe4. In the event of a statutory public disclosure request for release of KnowBe4’s Proprietary Information, Customer will ensure that its response to such request will be limited to the minimum necessary, based upon the opinion of counsel. Customer will promptly, but no later than five (5) business days after receiving such request, forward the request to KnowBe4. Customer will not release any Proprietary Information except pursuant to written instructions by KnowBe4 or a final un-appealable court order.
- 12.2. U.S. Government Procurement. This Section shall only apply to U.S. government customers. The Subscription Services are made commercially available and are deemed to be commercial items, commercial computer software, commercial computer software documentation, and/or commercially available technical data pursuant to the applicable sections of the DFAR and the FAR. If acquired by, or on behalf of, the Department of Defense or any component thereof, the U.S. Government acquires the Subscription Services pursuant to DFAR 227.7202-3, Rights in Commercial Computer Software or Commercial Computer Software Documentation and DFAR 252.227-7015, Technical Data – Commercial Items, subject to the terms of this Agreement. If acquired by or on behalf of any civilian agency, the U.S. Government acquires the Subscription Services pursuant to FAR 12.212, Software and/or commercially available technical data as defined in FAR 12.211, Technical Data, and such acquisition is subject to this Agreement, as required by FAR 52.227-19, Commercial Computer Licensed Software - Restricted Rights. Customer acknowledges that KnowBe4’s Subscription Services and intellectual property are and were developed solely by KnowBe4 and its TPPs, and each of their respective licensees, successors, and assigns, at KnowBe4’s expense for KnowBe4’s commercial use. The use of KnowBe4’s Subscription Services and intellectual property by the U.S. government is governed solely by, and in accordance with, this Agreement.
- 12.3. Insurance. KnowBe4 will maintain insurance coverages as required by law or regulation, with an insurance carrier or carriers having an A.M. Best rating of A- or better, or an equivalent rating by another rating agency in the following minimum amounts: (a) Comprehensive General Liability – not less than $1,000,000 per occurrence, $2,000,000 general aggregate; (b) Errors and Omissions (including Cyber & Privacy) – not less than $5,000,000 in the aggregate; and (c) Workers Compensation Coverage – as required by applicable law. Upon Customer’s written request, KnowBe4 will furnish a Certificate of Insurance evidencing its insurance coverage to Customer.
- 12.4. Independent Contractor. KnowBe4, its personnel, agents, subcontractors, and independent contractors are not employees or agents of Customer and are acting as independent contractors with respect to Customer. Neither party is, nor will be, considered to be an agent; distributor; partner; joint venture; or representative of the other party for any purpose, and neither party will have the authority to act on behalf of, or in the name of, or to bind, the other party in any manner whatsoever.
- 12.5. Force Majeure. Neither party to this Agreement will be liable for delays or failures in performance under this Agreement (other than for payment obligations or breach of confidentiality requirements) resulting from acts or events beyond the reasonable control of such party, including acts of war, terrorism, acts of God, natural disasters (fires, explosions, earthquakes, hurricane, flooding, storms, explosions, infestations), embargos, riots, sabotage, governmental acts, failure of the Internet, power failures, energy interruptions or shortages, other utility interruptions, or telecommunications interruptions, provided that the delayed party: (a) gives the other party notice of such cause without undue delay; and (b) uses its reasonable commercial efforts to promptly correct such failure or delay in performance.
- 12.6. Governing Law; Venue. The following provisions include the law that will apply in the event of any dispute or lawsuit arising out of or in connection with this Agreement and the courts that have jurisdiction over any such dispute or lawsuit. The accompanying terms depend on where the Customer is domiciled in accordance with the following table. All proceedings are to be conducted in English.
If the Customer is domiciled in:
Without giving effect to any choice or conflict of law provisions, rules, or principles, the governing law is the laws of:
Venue/Courts with exclusive jurisdiction are:
Additional terms included are:
A country in North America, Central America, South America or Caribbean, other than Brazil. If Customer is domiciled in a geographic region that does not fall into one of the designations described in this table, then Customer will fall into this category.
Florida and controlling United States federal law
Hillsborough County, Florida, U.S.
Notwithstanding the foregoing, the parties will have the right to seek injunctive or pre-judgment relief in any court of competent jurisdiction to prevent or enjoin the misappropriation, misuse, infringement or unauthorized disclosure of its Confidential Information or intellectual property rights. No Federal Acquisition Regulations will be construed to apply to KnowBe4 without KnowBe4’s written agreement thereto. The United Nations Convention for the International Sale of Goods will not apply to this Agreement. THE PARTIES HERETO WILL AND THEY HEREBY DO WAIVE TRIAL BY JURY IN ANY ACTION, PROCEEDING OR COUNTERCLAIM BROUGHT BY EITHER OF THE PARTIES HERETO AGAINST THE OTHER ON ANY MATTERS WHATSOEVER ARISING OUT OF OR IN ANY WAY RELATED TO THIS AGREEMENT.
A country in EMEA
(Middle East, Europe and Africa) other than United Kingdom, South Africa, Germany, Austria and/or Switzerland
Germany, Austria or Switzerland
Federal Republic of Germany
The UN Convention on Contracts for the International Sale of Goods (UNCITRAL) will not apply.
England and Wales
Australia, New Zealand or Oceania
Tokyo District Court
Federative Republic of Brazil
São Paulo, State of São Paulo, Brazil
The parties agree that any subpoena or notice relating to the proceeding will be made by registered correspondence.
England and Wales
A country in the Asia-Pacific region, other than Japan, Australia, New Zealand or Oceania
- 12.7. Entire Agreement; Construction; Modifications; Severability; Survivability. This Agreement, including any and all exhibits attached hereto, constitutes the entire understanding between the parties related to this Agreement which understanding supersedes and merges all prior understandings and all other proposals, letters, agreements, whether oral or written. The parties further agree that there are no other inducements, warranties, representations, or agreements regarding the matters herein between the parties except as expressly set forth in this Agreement. In the event of any conflict between the body of this Agreement and any Quote, or additional agreements entered into by the parties, the body of this Agreement will control, unless otherwise expressly stated in a signed writing by authorized representatives of the parties. In the event that the Customer or Users are presented with KnowBe4 click-wrap, the contents of this Agreement will supersede any conflicting terms. As used herein, the term “including” will mean “including, without limitation”; the term “includes” as used herein will mean “includes, without limitation”; and terms appearing in the singular will include the plural, and terms appearing in the plural will include the singular. This Agreement may not be modified, amended, or altered in any manner except by a written agreement signed by authorized representatives of the parties, and any attempt at oral modification will be void and of no effect. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in full force and effect. All provisions of this Agreement relating to confidentiality, non-disclosure, intellectual property, disclaimers, limitation of liability, indemnification, payment, and any other provisions which must survive in order to give effect to their meaning will survive the termination of this Agreement. KNOWBE4 SPECIFICALLY OBJECTS TO ANY ADDITIONAL TERMS BEING ADDED THROUGH A CUSTOMER-PROVIDED PURCHASE ORDER OR SIMILAR DOCUMENT. IF A PURCHASE ORDER IS REQUIRED BY CUSTOMER, THE PARTIES AGREE THAT ANY ADDITIONAL TERMS CONTAINED THEREIN WILL NOT BECOME PART OF THE AGREEMENT BETWEEN THE PARTIES AND, SPECIFICALLY, THAT THE TERMS OF THIS AGREEMENT WILL SUPERSEDE AND REPLACE ANY AND ALL TERMS IN ANY PURCHASE ORDER.
- 12.8. Headings; Counterparts; Electronic Signatures. The headings contained in this Agreement are for purposes of convenience, only, and will not affect the meaning or interpretation of this Agreement. This Agreement may be executed in two or more original or facsimile counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument. The parties agree that the electronic signature of a party to this Agreement will be as valid as an original signature of such party and will be effective to bind such party to this Agreement. The parties agree that any electronically signed document (including this Agreement) will be deemed: (a) to be “written” or “in writing”; (b) to have been signed; and (c) to constitute a record established and maintained in the ordinary course of business and an original written record when printed from electronic files. Such paper copies or “printouts,” if introduced as evidence in any judicial, arbitral, mediation, or administrative proceeding, will be admissible as between the parties to the same extent and under the same conditions as other original business records created and maintained in documentary form. For purposes hereof, “electronic signature” means a manually-signed original signature that is then transmitted by electronic means; “transmitted by electronic means” means sent via the internet as a “.pdf” (portable document format) or other replicating image attached to an email message; and, “electronically signed document” means a document transmitted by electronic means and containing, or to which there is affixed, an electronic signature.
- 12.9. Assignment. This Agreement may not be assigned or transferred by either party without the prior written consent of the other party, which consent will not be unreasonably withheld, conditioned, or delayed. Notwithstanding the foregoing, either party may assign its rights and obligations under this Agreement, in whole but not in part, without the other party’s permission, to an Affiliate (provided previously purchased licenses, access rights, and Seats for the Subscription Services will not be assignable or transferable without written consent from KnowBe4) or in connection with any merger, consolidation, sale of all or substantially all of such assigning party’s assets, or any other similar transaction, provided, that the assignee: (a) is not a direct competitor of the non-assigning party; (b) is capable of fully performing the obligations under this Agreement; and (c) agrees to be bound by the provisions of this Agreement.
- 12.10. No Waiver. No failure or delay in exercising any right under this Agreement shall constitute a waiver of such right. Except as otherwise provided, remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, such provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions shall remain in effect.
- 12.11. Notices. Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the third business day after mailing, or (c) the day of sending by email. All notices from Customer pertaining to contractual or legal matters (i.e. breach of contract, termination, indemnifiable claims, etc.) must clearly be identified and marked as Legal Notices to the address listed below. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer. All other notices to Customer will be addressed to the relevant account administrator designated by Customer.
- Notice address for KnowBe4:
Attn: Legal Department
33 N. Garden Ave.
Clearwater, Florida, U.S.A. 33755
- Country Specific Provisions. The following provisions are specific only to the local law requirements for the country indicated:
- 13.1 Local Law Requirements for Japan. If Customer is domiciled in Japan, then Customer represents and warrants that it, and its officers, directors, and material shareholders, are not: (a) Anti-Social Forces (defined below), and have not been for at least the last five years; and (b) involved with Anti-Social Forces, including, without limitation, involvement by management, utilization, or provision of funding or favors. KnowBe4 may immediately terminate this Agreement for cause in the event of a breach of any of these representations and warranties. For the purposes of this section “Anti-Social Forces” means, collectively, an organized crime group (bouryokudan) or a member or affiliate thereof, a corporate racketeer (soukaiya), a rogue person or group advocating a social or political movement, or any other anti-social forces.
- 13.2. Local Law Requirements for Germany. With respect to Customers to which German law applies, Section 11 “Limitations of Liability” of this Agreement is replaced with the following:
- 11. Limitations of Liability for Customers Domiciled in Germany.
- 11.1 Unlimited Liability. The parties shall be mutually liable without limitation: (a) in the event of willful misconduct or gross negligence; (b) within the scope of a guarantee taken over by the respective party; (c) in the event that a defect is maliciously concealed; (d) in case of an injury to life, body, or health; or (e) according to the German Product Liability Law.
- 11.2 Material Obligations. In the event of a slightly negligent breach of such essential contractual obligations, the fulfilment of which is essential for the proper performance of the Agreement, the breach of which endangers the achievement of the purpose of the Agreement and on the observance of which the recipient of the service regularly relies (so-called material obligations/Kardinalspflichten), the liability of either party shall be limited in amount to the damage which is foreseeable and typical according to the nature of the transaction in question. Further liability of either party does not exist.
- 11.3 Unless the parties are liable in accordance with either section 11.1 or 11.2, in no event shall the aggregate liability of each party together with all of its Affiliates arising out of or related to this Agreement exceed the total amount paid by Customer and its Affiliates hereunder for the Services giving rise to the liability in the twelve (12) months preceding the first incident out of which the liability arose. The foregoing limitation will not limit Customer’s and its Affiliates’ payment obligations.
- 11.4 Unless the parties are liable in accordance with section 11.1, the above limitations of liability shall apply to all claims for damages, irrespective of the legal basis including claims for tort damages. The above limitations of liability also apply in the case of claims for a party’s damages against the respective other party’s employees, agents, or bodies.
- 11.5 Any rights arising out of or in connection with this Agreement shall expire twenty-four (24) months after the beginning of the statutory limitation period. The statutory limitation rules for intentional and grossly negligent acts, for claims due to intentional or negligent injury to life, body, or health, for fraudulent misrepresentation, and for claims under the Product Liability Act as well as sec. 548 of the German Civil Code shall remain unaffected.”
EXHIBIT A - SERVICE LEVEL AGREEMENT
This Service Level Agreement (“SLA”) is for the provisioning of Support Services required to support and sustain the Subscription Services under the Agreement to which this SLA is attached. This SLA is valid for the Subscription Term specified in the applicable Quote. Termination of the Agreement and/or a Quote will result in termination of this SLA.
Support Parameters. KnowBe4’s support parameters, including its support hours, may be found at https://www.knowbe4.com/hubfs/KnowBe4-Support-Document.pdf?t=1518625292505, or such other URL as KnowBe4 may provide from time to time. To make a request for Support Services, Customer may submit a ticket at https://support.knowbe4.com/hc/en-us/requests/new, or such other URL as KnowBe4 may provide from time to time.
Availability & Uptime. KnowBe4 agrees to: (a) make the Subscription Services available to Customer pursuant to the Agreement and the applicable Quote; (b) provide Support Services for the Subscription Services to Customer at no additional charge, and/or upgraded support if purchased; and (c) use commercially reasonable efforts to make the online Subscription Services available 99.9% of the time to be measured annually, excluding any planned downtime, maintenance windows, or any unavailability caused by circumstances beyond KnowBe4’s reasonable control, such as a force majeure event in accordance with the Agreement. If Customer would like to receive status updates on the availability of KnowBe4’s Subscription Services, Customer may subscribe to receive updates at https://status.knowbe4.com, or such other URL as KnowBe4 may provide from time to time.
Maintenance Windows. Maintenance windows for other Subscription Services not specified below may be found on the KnowBe4 Documentation page, as defined in the Agreement.
Customer Requirements. Customer responsibilities and/or requirements in support of this SLA include: (a) Customer’s compliance with the Agreement and the applicable Quote; (b) reasonable availability of Customer’s admin and/or technical representative(s) when resolving a service-related incident or request; and (c) providing proper notice of KnowBe4’s non-compliance with any Subscription Service or Professional Service warranty in accordance with the Agreement and sufficiently detailing the non-compliance in a manner that enables KnowBe4 to properly assist with the remediation. KnowBe4 will not be responsible for delays in remediation caused by Customer’s failure to respond to requests by KnowBe4. Customer understands that the Subscription Services will only operate in accordance with KnowBe4’s Documentation, as defined in the Agreement, and it is Customer’s responsibility to ensure that the Subscription Services will be fit for its purposes and to ensure that the Subscription Services will be supported by Customer’s technology and business environment. Customer understands that KnowBe4’s Subscription Services are non-mission critical to Customer’s business.
Response Times. In support of services outlined in this SLA, KnowBe4 will respond to service-related incidents and/or requests submitted by Customer within the following time frames:
• Within 2 business days for issues classified as High Priority. “High Priority” means complete failure of the Web Hosted Services or the complete unavailability of core functionality such as training and phishing services for KMSAT.
• Within 3 business days for issues classified as Medium Priority. “Medium Priority” means impacted operations, core operations such as user and admin login operational but functionality impaired or requiring workarounds to achieve documented operation.
• Within 5 business days for issues classified as Low Priority. “Low Priority” means inconvenience due to operations not performing as defined or at a degraded speed.
KMSAT Support Tiers:
- Core Support will assist with:
- Password resets
- Phishing and Training Campaign creation
- Explaining overall navigation of the KMSAT Subscription Services
- Providing KnowBe4’s recommended best practices
- Issues accessing the training console
- Whitelisting for delivery of emails from our servers
- Issues related to accessing/completion of training modules
- Resolving phishing/training result discrepancies
- SAML Single Sign-On support and troubleshooting
- Phish Alert Button installation
- Active Directory Integration support
- Channel partner support, as applicable
- Advanced Support will be available for the escalation of advanced support requests related to issues occurring within the KMSAT Subscription Services.
CSM Support. Customer will be assigned a designated customer service manager (“CSM”) to assist the Customer’s administrator(s) with onboarding and training on how to use the Subscription Services.
Channel Partners. In the event Customer purchases through a KnowBe4 authorized Channel Partner, such Channel Partner may have its own SLA associated with the purchase. Customer acknowledges that KnowBe4 is not responsible, nor is KnowBe4 liable, for ensuring compliance with such Channel Partner SLA.
EXHIBIT B - INFORMATION SECURITY REQUIREMENTS
- Security. KnowBe4 will maintain its information technology environment and Customer Confidential Information secure from unauthorized access by using commercially reasonable efforts and industry standard organizational, physical and technical safeguards, and refrain from implementing changes that materially lower the level of security protection provided as of the Effective Date of the Agreement. KnowBe4 will comply with the minimum security standards set forth in this Exhibit and provide prior notice to Customer of any significant changes to KnowBe4’s information security policy that would materially lessen the security posture of its information technology environment. KnowBe4 will conduct a SOC-2 Type 2 or such similar or successor audit on an annual basis. Upon request, KnowBe4 will provide Customer with a copy of such audit report and promptly remediate and/or mitigate any non-conformance findings in line with KnowBe4’s existing vulnerability remediation process. Such audit report will be considered Confidential Information of KnowBe4.
- Audit Rights. Not more than once per calendar year during the Term of the Agreement and with at least thirty (30) days’ prior written notice by Customer to KnowBe4, Customer may, at Customer’s sole expense, audit KnowBe4 to verify compliance with the terms and conditions of this Exhibit. Such audit will be: (i) Completed within two (2) weeks; (ii) Performed during KnowBe4’s regular business hours in a manner that, in KnowBe4’s reasonable judgment, does not disrupt or degrade KnowBe4’s regular business operations and is done in accordance with KnowBe4’s security and data protection policies; (iii) Limited to KnowBe4’s facilities and personnel of KnowBe4 in scope of this Agreement; and (iv)Conducted by either Customer’s personnel or, with KnowBe4’s approval, by an independent third party mutually agreed to by the parties. Customer may create an audit report summarizing the findings and observations of the audit ("Audit Report"). Audit Reports are deemed to be Confidential Information of KnowBe4 and the Customer will not disclose the Audit Reports to third parties except to Customer’s legal counsel and consultants bound by obligations of confidentiality using at least the same degree of care Customer employs in maintaining in confidence its own Confidential Information of a similar nature, but in no event less than a reasonable degree of care. Customer will disclose the results of its audit to KnowBe4 within one week after its completion. KnowBe4 will promptly respond to audit findings and, at KnowBe4’s expense, discuss the findings with Customer, and if applicable, remediate and/or mitigate any critical or high-risk findings.
- Technical Security Controls. With respect to KnowBe4 infrastructure that processes, stores, or transmits Customer Confidential Information, KnowBe4 will use the following technical security controls where applicable (and keep them current by incorporating and using all updates commercially available):
- Network Protection
- Network based firewalls or equivalent
- Network intrusion detection/protection systems
- Client Protection
- Malware and malicious code protection are applied to all applicable workstations. No workstations are permitted to store or process customer data
- Host-based firewall/intrusion prevention software that blocks activity not directly related to or useful for business purposes
- System and Software Protection
- All system and applications must utilize secure authentication and authorization mechanisms
- All KnowBe4-developed applications must be designed and implemented using secure coding standards and design principles (e.g., OWASP)
- Operating systems must be hardened appropriately according to industry standard practices
- Systems must be inspected for known vulnerabilities and all identified known vulnerabilities must be patched as soon as reasonably possible
- KnowBe4 will review and update encryption configurations on all systems that utilize encryption. KnowBe4 will utilize only modern industry accepted encryption algorithms, ciphers, modes and key sizes
- Customer Confidential Information Protection
- Customer Confidential Information Access: KnowBe4 will ensure that only authorized individuals (based on role) will, on behalf of KnowBe4, have access to Customer Confidential Information
- Customer Confidential Information Storage: KnowBe4 will not process or transfer Confidential Information such to any portable storage medium, unless the storage medium is fully encrypted in accordance with encryption requirements set forth in this Exhibit
- Customer Confidential Information Transmission: All transmission or exchange of Customer Confidential Information by KnowBe4 will use secure protocol standards in accordance with encryption requirements set forth in this Exhibit
- Incidents. If KnowBe4 becomes aware of any unauthorized access to the Customer Confidential Information on systems owned, managed, or subcontracted by KnowBe4, KnowBe4 will, without undue delay, notify Customer; consult and reasonably cooperate with investigations and potentially required notices; and provide any information reasonably requested by Customer. In the event of a breach or any unauthorized disclosure of Customer Confidential Information, at no additional cost to Customer, KnowBe4 will reasonably cooperate with Customer in investigating the incident including, but not limited to, the provision of system, application, and access logs, conducting forensics reviews of relevant systems, imaging relevant media, and making personnel available for interview. On notice of any actual breach, KnowBe4 will immediately institute appropriate controls to maintain and preserve all electronic evidence relating to the breach in accordance with industry standard practices.
- Training. KnowBe4 will periodically provide its representatives that manage, or have access to, Customer Confidential Information, including Personal Data, with privacy and security awareness training.