Last Updated: September 4, 2020

THESE TERMS OF SERVICE (THE "AGREEMENT") GOVERN CUSTOMER’S ACCESS AND USE OF KNOWBE4’S PRODUCTS AND SERVICES, UNLESS CUSTOMER HAS FULLY EXECUTED A MASTER AGREEMENT WITH KNOWBE4 IN WHICH CASE SUCH MASTER AGREEMENT GOVERNS, OR UNLESS CUSTOMER HAS FULLY EXECUTED AN END USER LICENSE AGREEMENT (“EULA”) WITH AN AUTHORIZED KNOWBE4 CHANNEL PARTNER FOR THE PROVISION OF KNOWBE4 PRODUCTS AND SERVICES, IN WHICH CASE THAT EULA GOVERNS AND RELATED QUESTIONS ABOUT THE TERMS OF THE SUBSCRIPTION SHOULD BE DIRECTED TO THE AUTHORIZED KNOWBE4 CHANNEL PARTNER. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN. BY ACCEPTING THIS AGREEMENT, EITHER BY: (1) CLICKING A BOX INDICATING ACCEPTANCE; (2) EXECUTING A QUOTE THAT REFERENCES THIS AGREEMENT; OR (3) USING KNOWBE4’S PRODUCTS AND SERVICES, CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERM “CUSTOMER” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE PRODUCTS SERVICES. Customer and KnowBe4 may be referred to in this Agreement individually as a “party” or jointly as the “parties.” This Agreement governs all purchased Products and Services, as defined below, provided by KnowBe4 to Customer. KnowBe4 may update or make changes to these terms from time to time. KnowBe4 encourages Customer to periodically review and check this Agreement for updates to stay informed about the terms that govern Customer’s use of the Products and Services. Customer’s continued use of the Products and Services after KnowBe4 makes any changes is deemed to be an acceptance of those changes. The Products and Services may not be accessed for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes, or as otherwise restricted by this Agreement. KnowBe4’s direct competitors (or third party agents acting on behalf of such direct competitors) are prohibited from accessing the Products and Services.


1.     Definitions. For purposes of this Agreement:

Active User(s) means Customer’s Users with active assigned Seats.

Affiliate means an entity that, directly or indirectly, through one or more entities, controls; is controlled by; or is under common control with, the specified entity.

“Beta Product” means the second phase of software testing in which a sampling of the intended audience samples a product prior to its general release and, in return, Customer provides KnowBe4 feedback about the Beta Product. Use of Beta Products by Customer is optional.

Confidential Information” means all information or material disclosed by a party (the “Disclosing Party”) to the other party (the “Receiving Party”), whether orally or in writing, which: (a) gives either party some competitive business advantage or opportunity of obtaining some competitive business advantage, or the disclosure of which may be detrimental to the interests of the Disclosing Party; and (b) is either (i) marked “Confidential,” “Restricted,” “Proprietary,” or includes other similar markings, (ii) known by the parties to be confidential and proprietary, or (iii) from all the relevant circumstances should reasonably be assumed to be confidential and proprietary. The Products and Services are deemed Confidential Information of KnowBe4.

“Courseware” means training modules, games, posters, artwork, videos, newsletters, security documents, or other content and materials provided by KnowBe4.

“Direct Message Injection (DMI)” means a KnowBe4 product and add-on, specific to Microsoft 365 (formerly Office 365) that automatically bypasses Microsoft 365’s protections to allow simulated phishing emails to reach the end user. Use of DMI by Customer is optional; in order to activate DMI, Customer must provide separate and specific permissions and authorizations in accordance with the Documentation.  Customer has the ability to revoke any such access required to use DMI at any time. DMI is only applicable to Customers using Microsoft 365 for email.

Documentation” means KnowBe4’s then-current generally available documentation, specifications, user manuals, etc., for the Products and Services, located at https://knowbe4.zendesk.com/hc/en-us or such other URL locations on KnowBe4’s website as KnowBe4 may provide from time to time.

KnowBe4” means KnowBe4, Inc. and its Affiliates.

LMSmeans learning management system that is software for the administration, documentation, tracking, reporting, and delivery of Courseware, which includes any e-learning education courses or training programs. KnowBe4 provides a cloud-based LMS through its Web Hosted Services. Upon approval by KnowBe4, Customer may also opt to use its own, or a third party’s, LMS in accordance with the terms of this Agreement.

“PhishER means a KnowBe4 product that enables Customer to identify and respond to any potential threats in its email system. PhishER includes features such as PhishML and PhishRIP.

“PhishML means a feature included with a subscription to PhishER that uses machine learning to enable Customer to prioritize its evaluation of all user-reported emails for potential threats.  This feature may be deactivated at Customer’s option at any time.

“PhishRIP means a feature included with a subscription to PhishER that enables the Customer to quarantine and permanently delete specific emails (i.e., emails identified as potential threats) from its email system. Use of PhishRIP by Customer is optional; in order to activate PhishRIP, Customer must provide separate and specific permissions and authorizations in accordance with the Documentation.  Customer has the ability to revoke any such access required to use PhishRIP at any time.

Product Privacy Notice” means KnowBe4’s Product Privacy Notice, that may be found at https://www.knowbe4.com/product-privacy-notice, or such other URL locations on KnowBe4’s website as KnowBe4 may provide from time to time.

Products” means any Software, Services, Courseware, and/or Web Hosted Services that KnowBe4 offers to Customer, including any Documentation.

Product Support” means any maintenance and support of any Products provided by KnowBe4.

Quote” means a purchasing document or other similar document, such as a purchase order or statement of work (“SOW”), in connection with a purchase under this Agreement.

Seat(s) refers to the number of Users permitted access to the Products and/or Services pursuant to the user count purchased via a Quote.

Security Page” means KnowBe4’s security page that provides information about KnowBe4’s information security practices which may be found at https://www.knowbe4.com/security, or such other URL locations on KnowBe4’s website as KnowBe4 may provide from time to time.

Services” means any professional services, including implementation and installation services, managed services, consultancy services, or services for the customization or branding of Courseware, agreed upon by the parties, and set forth in a Quote or any additional Product Support purchased pursuant to a Quote. KnowBe4 may require Customer to enter into a statement of work (“SOW”) detailing the Services to be performed.

Software” means the object code version of any software that may be licensed by Customer under this Agreement for installation on Customer’s systems. To the extent KnowBe4 delivers any updates or enhancements to Customer as part of Product Support, such updates and enhancements will be deemed included in the definition of “Software.”

User(s) means any of Customer’s employees or its other third parties to whom Customer gives access to the Products and Services.

Web Hosted Services” means an application and/or database product hosted by KnowBe4 or its agents and made available for remote access and use by Customer under this Agreement.

2.          Products.

2.1             Software License. This Section applies only in the event Customer licenses Software from KnowBe4 or through an authorized KnowBe4 channel partner. Subject to Customer’s commitment to payment in accordance with this Agreement, KnowBe4 hereby grants to Customer, for use with Customer’s authorized Users, and solely for internal business purposes and not for resale or publication, a limited; non-exclusive; non-sublicensable; non-transferable; royalty-free license to install, use, execute, display, and access the Software. The Term, as defined below, of the foregoing license will be as set forth in the applicable Quote. Apart from the foregoing limited licenses, Customer is not being granted any right, title, or interest in or to the Software, or otherwise the Products. All such rights are expressly reserved by KnowBe4. Some Software or components used in KnowBe4’s Products may be offered under an open source license, which may be found at https://support.knowbe4.com/hc/en-us/articles/360000870387-Open-Source-Licensing-Information, or such other URL locations on KnowBe4’s website as KnowBe4 may provide from time to time.

2.2             Courseware License. This Section applies only in the event Customer licenses Courseware from KnowBe4 or through an authorized KnowBe4 channel partner. Subject to Customer’s commitment to payment in accordance with this Agreement, KnowBe4 hereby grants to Customer, for use with Customer’s authorized Users, and solely for internal business purposes and not for resale or publication, a limited; non-exclusive; non-sublicensable; non-transferable; royalty-free license to install, use, execute, display, and access the Courseware. The Term, as defined below, of the foregoing license will be as set forth in the applicable Quote. Apart from the foregoing limited licenses, Customer is not being granted any right, title, or interest in or to the Courseware, or otherwise the Products. All such rights are expressly reserved by KnowBe4.

2.3             Web Hosted Services Access. This Section applies only in the event Customer orders Web Hosted Services from KnowBe4 or through an authorized KnowBe4 channel partner. Subject to Customer’s commitment to payment in accordance with this Agreement, KnowBe4 hereby grants to Customer, for use with Customer’s authorized Users, and solely for internal business purposes and not for resale or publication, a non-exclusive and non-transferable right to access and use the Web Hosted Services for its internal business purposes. The Term, as defined below, of the foregoing access right will be as set forth in the applicable Quote. Customer will be solely responsible for connection of Customer’s systems to a telecommunications service that provides Internet access for purposes of Customer’s access and use of the Web Hosted Services. KnowBe4 will use commercially reasonable efforts to make the Web Hosted Services available in accordance with the terms set forth in the SLA.

2.4             Beta Products. KnowBe4 may offer Beta Products to Customer at no charge. Use of the Beta Products are at the election of Customer and are for evaluation purposes only. Beta Products are not considered “Services” and do not come with Product Support. Beta Products may be subject to additional terms. KnowBe4 reserves the right to discontinue the Beta Products at any time. Use of the Beta Products will automatically terminate at such time as KnowBe4 makes such Beta Products generally available. Beta Products may be unpredictable and lead to erroneous results. Customer acknowledges and agrees that: (a) Beta Products are experimental and have not been fully tested; (b) Beta Products may not meet Customer’s requirements; (c) the use or operation of any Beta Products may not be uninterrupted or error free; (d) Customer’s use of any Beta Products is for purposes of evaluating and testing the Beta Products and for providing feedback to KnowBe4; (e) Customer will inform its employees, staff members, and other Users regarding the nature of Beta Products; and (f) Customer will hold all information relating to Beta Products and Customer’s use of Beta Products, including any performance measurements and other data relating to Beta Products, in strict confidence and will not disclose such information to any unauthorized third parties. Customer will promptly report any errors, defects, or other deficiencies in any Beta Products to KnowBe4. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, ALL BETA PRODUCTS ARE PROVIDED “AS-IS” AND “AS-AVAILABLE,” WITHOUT WARRANTIES OF ANY KIND. Customer hereby waives any and all claims, now known or later discovered, that Customer may have against KnowBe4 and KnowBe4’s suppliers and licensors arising out of Customer’s use of Beta Products.

2.5             Limited Access Account. In the event Customer is granted access or use of any Products on an evaluation or trial period basis, including any limited access accounts created by Customer, then, subject to the terms and conditions of this Agreement, KnowBe4 hereby grants Customer, solely for its internal business evaluation purposes: (a) a revocable, limited, non-exclusive, non-sublicensable, non-transferable license during the Limited Access Period to install, use, execute, display, and access the Software and/or Courseware included in the Products; and (b) a revocable, limited, non-exclusive, non-transferable, right to access and use the Web Services included in the Products made available to Customer by KnowBe4 for the Limited Access Period, subject to any terms or limitations expressly set forth in any activation email. Customer may only use such Products from the earlier of: (1) the date this Agreement is accepted by Customer; or (2) the date in which Customer was permitted access to the Products by way of an activation email, until the expiration date set forth in applicable activation email, or, if no expiration date is set forth in the applicable activation email, thirty (30) days after the earlier of either (a) or (b) herein (the “Limited Access Period”). Customer and KnowBe4 may extend the Limited Access Period upon mutual written agreement (including via email). This evaluation license and grant of access will terminate automatically upon expiration of the Limited Access Period. At any time prior to the end of the Limited Access Period, KnowBe4 may terminate the Limited Access Period for the Products without notice. Upon any termination, Customer shall discontinue use and/or access to the Products unless and until Customer has agreed to purchase a license or grant of access to use and/or access such Products. During the Limited Access Period, all terms and conditions of this Agreement will apply, except that (i) no fees will be due from Customer, unless otherwise specified; (ii) the Products will be provided without warranties or indemnities of any kind and entirely on an “as-is” basis (e.g., Sections including Product Support, Product and Service Warranties and KnowBe4 Indemnity Obligations will not apply); and (iii) additional evaluation terms and conditions may appear on the trial registration web page or activation email sent by KnowBe4, on the applicable Quote provided by KnowBe4 or by way of a proof of concept agreement executed between the parties. Any such additional terms and conditions shall be incorporated into this Agreement by reference and are legally binding. Apart from the foregoing limited license and grant of access, Customer is not being granted any right, title, or interest in or to the Products. All such rights are expressly reserved by KnowBe4. CUSTOMER DATA ON KNOWBE4 SYSTEMS OR IN KNOWBE4’S POSSESSION OR CONTROL, REPORTS, AND ANY CUSTOMIZATIONS MADE TO THE PRODUCTS BY OR FOR CUSTOMER’S BENEFIT MAY BE PERMANENTLY LOST OR DELETED DURING THE LIMITED ACCESS PERIOD OR AT THE END OF THE LIMITED ACCESS PERIOD.

2.6             PhishER. This Section applies only in the event Customer orders PhishER from KnowBe4 or through an authorized KnowBe4 channel partner. For more information about PhishER and its additional features (such as PhishML and PhishRIP), Customer may refer to the Documentation. Customer is solely responsible for ensuring compliance with all applicable laws and regulations relating to Customer’s use of PhishER. Customer acknowledges that PhishER may pose certain risks to Customer’s email system. Customer is solely responsible for Customer’s actions in the operation of PhishER  and acknowledges KnowBe4 is not responsible for any of Customer’s actions, nor is KnowBe4 responsible for backups to Customer’s email system. CUSTOMER HEREBY WAIVES ANY COSTS, DAMAGES, OR EXPENSES ASSOCIATED WITH THESE RISKS AND HOLDS KNOWBE4 HARMLESS WITH RESPECT TO SUCH COSTS, DAMAGES, OR EXPENSES.

2.7             Direct Message Injection (DMI). This Section applies only in the event Customer: (a) utilizes Microsoft (formerly Office 365)365 for email; and (b) exercises the option to activate the DMI products and add-on from KnowBe4 or through an authorized KnowBe4 channel partner. For more information about DMI, Customer may refer to the Documentation. Customer is solely responsible for ensuring compliance with all applicable laws and regulations relating to its use of DMI. As a result, Customer acknowledges that DMI may pose certain risks to Customer’s email system. Customer is solely responsible for the actions of its representatives in the operation of DMI  and acknowledges KnowBe4 is not responsible for any actions of the Customer’s representatives nor is it responsible for backups to the Customer’s email system. CUSTOMER HEREBY WAIVES ANY COSTS, DAMAGES, OR EXPENSES ASSOCIATED WITH THESE RISKS AND HOLDS KNOWBE4 HARMLESS WITH RESPECT TO ANY SUCH COSTS, DAMAGES, OR EXPENSES.

3.          Product Usage & Rights.

3.1             Acceptance. Customer is deemed to have committed to a purchase in full for the Products and Services (regardless of any split payment terms) once a Quote is sent to KnowBe4 for processing or once payment has been tendered through check, credit card, or other form of payment. Payment via check, credit card, or other form of tendering payment will be deemed acceptance of the corresponding Quote or invoice sent to Customer by KnowBe4. If Customer is an organization subject to certain fiscal period restrictions or appropriations, Customer hereby represents and warrants that Customer has the ability to pay all fees, regardless of any split payment terms, in full, out of Customer’s current fiscal period’s allocated budget or that Customer has the authority to legally commit to a purchase outside of the current fiscal period. Except as otherwise specified herein, all sales are final, non-refundable, and non-returnable except with respect to Products and Services that do not meet applicable specifications in the relevant Documentation or that are not identified in the Quote.

3.2             Operation of the Products. The implementation and operation of KnowBe4’s Products, and any deliverables resulting from Services performed, are done so by designated admin(s) employed or contracted by Customer. Any Managed Services, as defined below, may be subject to additional fees.

3.3             Customer Users. The Products and Services are provided on a per-seat, subscription basis. The concurrent number of Active Users receiving access may not exceed the purchased number of Seats. If the number of Active Users exceed the purchased number of Seats, Customer is obligated to either pay for any Seats that surpass the purchased amount or immediately reduce its number of Active Users. Customer is not permitted to freely re-assign Seats to Users. KnowBe4 prohibits cycling of Seats amongst Customer’s personnel. If an Active User’s account is terminated or removed, that User’s Seat license is no longer considered in use and may be allocated to another User upon written approval by KnowBe4. Notwithstanding the foregoing, KnowBe4’s approval is not required in the instance an Active User’s account is terminated or removed due to Customer’s termination of that Active User’s employment, or otherwise for termination of contract with that Active User, to account for Customer’s normal attrition in workforce. Upon request by KnowBe4, Customer agrees to provide KnowBe4 with a certification of such compliance.  KnowBe4 reserves the right to audit Customer’s compliance with this Section. Additional Seats may be added mid-subscription term and such additional Seats will be co-pending with the then-current subscription term and will terminate on the same date. Add-ons for more Seats mid-term will be priced at the same volume/level discount purchased under the applicable co-pending Quote and will be valid only until the end of such co-pending subscription term. Upon renewal, new rates may apply.

3.4             Professional Services. In the instance Customer purchases Services to be performed by KnowBe4, Customer may be required to sign an SOW detailing the project specifications for the Services. Services may include, but are not limited to, the request for KnowBe4 to implement and operate the Products on behalf of Customer (“Managed Services”), additional maintenance and support (as opposed to any standard maintenance and support already included), customization and branding of any Courseware, and any additional consultancy or professional services. The completion time for any Services to be performed under an SOW, and any milestones, will be dependent on KnowBe4’s receipt of all Customer assets and specifications necessary for the project, in addition to KnowBe4 receiving a validly signed SOW for processing, as requested by KnowBe4. The completion deadline will start from the date of delivery of all such assets and specifications, not the date of KnowBe4’s receipt of the signed SOW. Customer acknowledges that delays in providing assets or specifications at the request of KnowBe4 for such Services may delay the completion of the Services. KnowBe4 will not be faulted for delays caused by Customer’s failure to reasonably cooperate. Service hours purchased pursuant to an SOW or a Quote will expire upon the expiration or termination of Customer’s subscription term and will not carry over to any subsequent renewal term. 

3.5             Intellectual Property. This is not a work made-for-hire agreement, as defined by U.S. or other applicable law. KnowBe4 and its licensors own and reserve all right, title, and interest, including intellectual property rights, in the Products and all enhancements, modifications, and updates thereto. Except for express licenses granted in this Agreement, KnowBe4 is not granting or assigning to Customer any right, title, or interest, express or implied, in or to KnowBe4’s intellectual property. KnowBe4 reserves all rights in such property.

3.6             Feedback. Customer may provide KnowBe4 with suggestions, comments, or other feedback (collectively, “Feedback”) with respect to the Products. Feedback is voluntary. KnowBe4 is not obligated to hold any Feedback in confidence. KnowBe4 may use Feedback for any purpose without obligation of any kind. To the extent a license is required to make use of any intellectual property in any Feedback, Customer grants KnowBe4 an irrevocable, non-exclusive, perpetual, royalty-free license to use such Feedback in connection with KnowBe4’s business, including the enhancement of the Products.

4.          Data.

4.1             Customer Data. Customer grants KnowBe4 a non-exclusive, world-wide, royalty-free license to use the data and other information input by Customer into the Products (“Customer Data”): (a) to perform KnowBe4’s obligations under this Agreement; (b) in compliance with the Product Privacy Notice; and (c) as may be required by law. Customer will be responsible for obtaining all rights, permissions, and authorizations to provide the Customer Data to KnowBe4 for use as contemplated under this Agreement. Except for the limited license granted in this Section, nothing contained in this Agreement will be construed as granting KnowBe4 any right, title, or interest in the Customer Data. Customer Data will be deemed Customer Confidential Information.

4.2             Aggregated Data. KnowBe4 may also use Customer Data in an aggregate, de-identified, and generic manner for marketing; survey; and benchmarking purposes, in the review and development of current and future Products, Product usage, and other similar purposes (“Aggregated Data”). Aggregated Data: (a) is used only for internal administrative purposes and general usage statistics; (b) does not identify Customer or any individual; and (c) to the extent such Aggregated Data is disclosed, is only disclosed in a generic or aggregated manner for the purposes of sharing Product usage and statistical or benchmarking purposes. Aggregated Data will not be considered Customer Confidential Information.

4.3             Data Security.  Customer Data is maintained in accordance with the Information Security Requirements in this Agreement using industry standard administrative, physical, and technical safeguards that are designed to provide for the protection of the security, confidentiality, and integrity of Customer Data. KnowBe4’s security safeguards include means for preventing access, use, modification, and disclosure of Customer Data by unauthorized individuals. Notwithstanding the foregoing, Customer Data access may be provided: (a) to KnowBe4 and other personnel to the extent necessary to provide the Products, Services, and support; (b) as compelled by law; (c) as set forth in the Product Privacy Notice; or (d) as expressly permitted by Customer. KnowBe4’s Products currently operate in third party datacenters located in the US or EU and have been built with high availability, business continuity, and disaster recovery in mind. KnowBe4’s cloud architecture follows industry standard security practices and is regularly assessed for vulnerabilities and risks. Information about KnowBe4’s information security practices may be found at KnowBe4’s Security Page.

4.4             Data Protection. The collection, use, and disclosure of Customer Data in connection with Customer’s use of the Products is subject to the Product Privacy Notice. By using the Products, Customer and each User acknowledge that the Customer Data will be processed in accordance with both the Product Privacy Notice and this Agreement and may be processed in a country where it was collected, as well as in countries where privacy laws may be different or less stringent, provided KnowBe4 ensures compliance with applicable data protection laws. By using the Products, or submitting Customer Data via the Products, Customer expressly consents to such processing. To the extent Customer or User provides personal data or other information belonging to a third party, Customer represents and warrants that it has that person’s, organization’s, or other such third party’s proper consent, or otherwise proper authorization, to do so. In the event Customer enters into a Data Processing Agreement with KnowBe4, such Data Processing Agreement will govern the data handling practices between the parties and will supersede the language contained in this Section in the event of a conflict.

4.4.1.            Protected Health Information, Payment Card Information, and other Sensitive Information. KnowBe4 does not need, nor does KnowBe4 request, any protected health information (“PHI”) governed by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”).  KnowBe4 does not need, nor does KnowBe4 request, any non-public consumer personally identifiable information or financial information governed by the Gramm-Leach-Bliley Act (“GLBA”) or payment card information covered by the Payment Card Industry Data Security Standards (“PCI DSS”) in order to provide KnowBe4’s products and services. Customer should never disclose, nor allow to be disclosed, PHI, information protected by PCI DSS or GLBA, or other sensitive information to KnowBe4. Customer acknowledges that KnowBe4 does not take steps to ensure KnowBe4’s products are GLBA, HIPAA, or PCI DSS compliant. All obligations of the aforementioned regulations remain solely with Customer. KnowBe4’s Products and Services are not intended for use with minors (as defined by applicable law). Customer is prohibited from authorizing minors, as defined by applicable law, to use or access the Products and Services, except as otherwise provided in a signed writing by an authorized representative of KnowBe4.

5.          Customer Obligations.

5.1             Connectivity. Customer is solely responsible for all telecommunication or Internet connections, and associated fees, required to access and use the Products, as well as all hardware and software. KnowBe4 is not responsible for: (a) Customer’s access to the Internet; (b) interception or interruptions of communications through the Internet; or (c) changes or losses of data through the Internet.

5.2             User Credentials. Customer will ensure User credentials (e.g., usernames and passwords) remain confidential, and Customer and Users will not disclose any such credentials to any third party. In addition, Customer will notify KnowBe4 immediately upon discovery of an unauthorized disclosure of any such credentials or upon any unauthorized access. Upon any termination of the engagement or deactivation of any User with knowledge of any such credentials, Customer will immediately change such credentials and remove access for that User.

5.3             Use of Customer or Third Party LMS. In the event Customer uses its own or a third party’s LMS, or other mechanisms for hosting Courseware or other such content provided by KnowBe4 or its third party licensors,  Customer will ensure strict compliance in accordance with this Agreement and will ensure an agreement is in place with any such third party that contains substantially the same level of protection for the Courseware and other such content as contained herein. After the termination of the applicable subscription term, Customer will ensure all Courseware and other such content is removed from such third party’s possession.

5.4             Affiliates. Customer, if purchasing Seats on behalf of an Affiliate, will ensure its Affiliates comply with the terms of this Agreement.  The use of the Products by the Affiliate and its Users represents acceptance of the terms of this Agreement by such Affiliate and its Users for which Customer will be jointly and severally liable with its Affiliate for any breach by the Affiliate of this Agreement.  No Affiliate may directly enforce any provision of this Agreement.  All actions to enforce this Agreement must be brought by Customer.

5.5             Restrictions.

5.5.1      Customer may not: (a) reverse engineer, disassemble, decompile, or otherwise attempt to reveal the trade secrets or know-how underlying the Products, except to the extent expressly permitted under applicable law; (b) use KnowBe4’s intellectual property or Confidential Information to develop a product that is similar to the Products; (c) use any KnowBe4 Confidential Information to contest the validity of any KnowBe4 intellectual property; (d) remove or destroy any copyright notices, other proprietary markings, or confidentiality legends placed on or made available through the Products; or (e) use the Products in any manner or for any purpose inconsistent with the terms of this Agreement or the Documentation. Software will only be used by the licensed number of Active Users for whom Customer paid the applicable fees.

5.5.2              Access and use of KnowBe4 Products, Services, or other related materials (which the parties acknowledge are proprietary and Confidential Information of KnowBe4) is solely authorized for the internal business purposes of the Customer and Active Users, and only for the duration of the subscription term or evaluation period, as applicable. Use of KnowBe4 Products, Services, or other related materials for analytical or research purposes, to be used or disclosed outside of Customer’s organization, is strictly prohibited. Sharing screenshots, downloads, or other forms of copying, duplicating, or replicating the Products, Services, or other related materials, publicly or outside of Active Users, is strictly prohibited. Customer acknowledges that some of KnowBe4’s Products and Services are designed to assist Customer in training Users and may include developing, customizing, and sending fake cyber security attack campaigns for purposes of employee training, but that Customer, and not KnowBe4 or any KnowBe4 channel partners, will be responsible for Customer’s compliance with all laws and governmental regulations, and any results in connection with the Customer’s use of the Products (including any reports or information produced in connection therewith).

5.5.3              Customer acknowledges and understands that if Customer is a direct competitor of KnowBe4 (or a third party acting on behalf of such direct competitor), Customer is not permitted to, and will not, access or use any KnowBe4 Products, Services, or other related materials, all of which are considered confidential and proprietary to KnowBe4.

6.          Customer Content.

6.1             Depending on the Products and Services purchased via a Quote, Customer may use KnowBe4’s Products and Services for the hosting of its assets, content, and other materials, such as certain reports; documents; manuals; audiovisual materials; photos; videos; and audio files, to make available to Active Users on or through the Products and Services (“Customer Content”). All Customer Content will be considered Customer Data. Subject to, and conditioned on, Customer’s and Users’ compliance with the terms and conditions of this Agreement, during the applicable subscription term, KnowBe4 will provide Customer and Active Users remote electronic access to the Customer Content through the Web Hosted Services in accordance with this Agreement. KnowBe4 has the right to: (a) take any action with respect to any Customer Content that it deems necessary or appropriate, in KnowBe4’s sole discretion, including if KnowBe4 reasonably believes that such Customer Content violates this Agreement, infringes any intellectual property right or other right of any person or entity, threatens the personal safety of any person, or creates potential liability for KnowBe4; (b) take appropriate legal action including, without limitation, referral to law enforcement related to any illegal or unauthorized Customer Content provided by Customer; or (c) terminate or suspend Customer’s access to the Web Hosted Services for any violation of this Agreement. Customer grants KnowBe4, its service providers, and each of their respective licensees, successors, and assigns the right to use, reproduce, modify, perform, display, distribute, and otherwise disclose the Customer Content as necessary to provide the Web Hosted Services and to make the Customer Content available to Customer and Users.

6.2             Customer represents and warrants that: (a) Customer owns all rights in and to the Customer Content and/or has the right to grant the licenses granted herein to KnowBe4, service providers, and each of their respective licensees, successors, and assigns; and (b) all Customer Content does and will continue to comply with this Agreement; (c) all Customer Content does and will continue to comply with all international, federal, state, and local laws and regulations; and (d) the Customer Content does not: (i) contain any material which is defamatory, obscene, indecent, abusive, offensive, violent, hateful, inflammatory, or otherwise objectionable; (ii) promote sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age; (iii) infringe any patent, trademark, trade secret, copyright, or other intellectual property or other rights of any person; (iv) violate the legal rights (including the rights of publicity and privacy) of others or contain any material that may give rise to any civil or criminal liability under applicable laws or regulations or that otherwise may be in conflict with this Agreement; (v) promote any illegal activity, or advocate, promote, or assist any unlawful act; (vi) intentionally create unreasonable disturbances to any other person or organization; or (vii) contain any: (A) viruses, trojan horses, worms, backdoors, or other software or hardware devices, the effect of which would permit unauthorized access to, or disable, erase, or otherwise harm, any computer, systems, software, or content; or (B) time bombs, drop dead devices, or other software or hardware devices designed to disable a computer program automatically with the passage of time or under the positive control of any person, or otherwise deprive KnowBe4, or its customers/users, of its lawful rights.

6.3             In addition to Customer’s indemnification obligations contained in this Agreement, Customer will defend and indemnify KnowBe4 and hold it harmless from any and all claims, losses, deficiencies, damages, liabilities, costs, and expenses (including, but not limited to, reasonable attorneys’ fees) incurred by KnowBe4 as a result of any claim by a third party arising from KnowBe4’s hosting or distribution of the Customer Content as authorized under this Agreement. The procedure for indemnification will be as set forth in the Section covering Customer’s indemnification obligations.

7.          Compliance.

7.1             Anti-Bribery & Corruption. Customer will not: (a) make any unlawful payments to any government official or employee; (b) make any unlawful payment to any person, or unlawfully provide anything of value (whether as property, services, or in any other form) to any person, for the purpose of obtaining an improper business advantage; or (c) agree, commit, or otherwise offer to undertake any of the foregoing actions in connection with this Agreement or any related activities.

7.2             International Trade Compliance. The sale, resale, or other disposition of Products and any related technology or documentation are subject to various economic sanctions, export control laws, and other restrictive trade measures administered by the U.S. and other applicable governments.  Because these laws may have extraterritorial effect, Customer will comply with all such measures, where applicable, including, without limitation: (a) the Export Administration Act of 1979, as amended (50 U.S.C. §§ 24012420) and the Export Administration Regulations, 15 C.F.R. §§ 730774 (“EAR”); (b) the Arms Export Control Act, 22 U.S.C. § 2778, and the corresponding International Traffic in Arms Regulations (“ITAR”); (c) the economic sanctions laws and regulations enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), 31 C.F.R. §§ 500, et seq., and the U.S. Department of State; and (d) the anti-boycott regulations, guidelines, and reporting requirements under the Export Administration Regulations and Section 999 of the Internal Revenue Service Code. Customer understands and acknowledges that it is solely responsible for complying with such laws whenever applicable.  Customer further understands and acknowledges that it will not directly or indirectly export, import, sell, disclose, or otherwise transfer any Products to any country or party subject to such restrictions, and that it is solely responsible for obtaining any license(s) to export, re-export, or import the Products that may be required.

7.3             FOIA and Public Disclosure Requests. The purpose of the relationship between KnowBe4 and Customer is for Customer to purchase a subscription to the Products and Services that contain software, content, and information related to internet security awareness training, IT risk management, regulatory compliance, simulation of security attacks, vulnerability assessments, and other product and service offerings. The Products, Services, and any Confidential Information disclosed is proprietary to KnowBe4 and is an important business asset of KnowBe4 (the “Proprietary Information”). The Proprietary Information consists of protected financial data, trade secrets, and commercially valuable information that, if disclosed, would harm the competitive position of KnowBe4. In the event of a request for disclosure of KnowBe4’s information, including any training materials, Customer will affirmatively respond denying the request pursuant to the terms of this paragraph and will promptly, but no later than five (5) business days after receiving such request, forward the request on to KnowBe4. Customer will not release any such information except pursuant to written instructions by KnowBe4, or a final un-appealable court order, provided that any such disclosure will be limited to the minimum necessary to be in compliance with the request, based upon the opinion of counsel. If Customer cannot agree to the foregoing, then Customer is not permitted access to the Proprietary Information.

7.4             Background Checks. In accordance with KnowBe4’s background check policy for its US entity, and to the extent allowed by applicable laws, KnowBe4 has not knowingly employed any persons who, in the past seven (7) years, have been convicted of an offense involving violence, theft, fraud, money laundering, sex crimes, or other offenses that pose an unacceptable level of risk, given the scope of the applicable employment position and KnowBe4’s business needs.

8.          Product Support.

8.1             In General. Products are made available with standard Product Support for no additional charge. Customer may purchase priority level support for an additional fee as set forth in the applicable Quote. Product Support is made available in accordance with the terms and conditions set forth in the SLA.

8.2             Exclusions. Notwithstanding the foregoing, KnowBe4 will have no obligation to support: (a) services, hardware, or software provided by anyone other than KnowBe4; (b) Product issues caused by Customer’s negligence, abuse, or misapplication; or (c) Customer’s use of Products other than as specified in the Documentation.

9.          Payment Terms.

9.1             Prices. Prices will be specified by KnowBe4 and will be applicable for the period specified in the KnowBe4 Quote (as applicable). If no period is specified, prices will be applicable for thirty (30) calendar days. Notwithstanding the foregoing, prices may be subject to increase upon a renewal of a Quote, or in the event Customer adds-on or upgrades Products during the subscription term specified in the Quote. Prices are exclusive of taxes, including sales, use, excise, value added, and similar taxes or charges imposed by any government authority, and domestic and international shipping charges. KnowBe4 will identify on a separate line item on the applicable invoice, Quote, or order the taxes due on any Services supplied by KnowBe4 where KnowBe4 has established taxable nexus for all state and local transaction taxes (including sales, use, excise, withholding, or similar functional transaction level taxes, collectively,Transaction Level Taxes”). In the event KnowBe4 does not include tax on an invoice to Customer, it will serve as notice to the Customer that KnowBe4 does not have taxable nexus for Transactional Level Taxes in the jurisdictions provided for by the Customer, and Customer will be responsible for calculating and remitting such Transaction Level Taxes, unless Customer provides KnowBe4 with a valid tax exemption certificate authorized by the appropriate taxing authority. Customer is not responsible for any taxes based on KnowBe4’s income. Except as otherwise specified herein or in a Quote: (a) fees are based on the Product acquired and not actual usage; (b) payment obligations are non-cancelable and fees paid are non-refundable, except where expressly permitted herein; and (c) subscription term and quantities purchased cannot be decreased during the applicable subscription term. For clarity, Customer is responsible for any payments owed but not paid by any Affiliates ordering Products or Services hereunder.

9.2             Due Date; Late Payments. Amounts due for Products and Services may be invoiced by KnowBe4 in full at the start of the subscription term or as otherwise expressly provided in the Quote. Customer agrees to pay the net amount of each invoice without offset or deduction within thirty (30) days after the date of KnowBe4’s invoice (unless otherwise noted on the invoice). If any undisputed amount is not paid by Customer within fifteen (15) days’ notice of late payment, KnowBe4 will be entitled to receive the amount due plus interest thereon at a rate of 1.5% per month (or the highest rate permitted by applicable law) on all undisputed amounts that are not paid on or before the date due. Customer will also pay all of KnowBe4’s reasonable costs of collection including, but not limited to, reasonable attorneys’ fees.

9.3             Disputed Payments. Customer has the right, in good faith, to dispute all or a portion of an invoice prior to its due date. KnowBe4 will not collect interest on disputed amounts in the event Customer provides KnowBe4 with written notice, prior to the due date, that Customer disputes such charges, pays all undisputed charges on time, and cooperates diligently to resolve the dispute.

9.4             Credit Approval; Application of Payment. All Quotes are subject to credit approval by KnowBe4. Customer agrees to submit such financial information from time to time as may be reasonably requested by KnowBe4 for the establishment and/or continuation of credit terms. Any payment received from Customer may be applied by KnowBe4 against any obligation owing from Customer to KnowBe4.

9.5             Channel Partner Purchases. In the event Customer acquires Products or Services via an authorized KnowBe4 channel partner (i.e., a reseller, distributor, managed service provider, etc.), all payment-related terms will be set forth in the applicable agreement between such channel partner and Customer.

10.    Confidentiality.

10.1        Confidential Information. During the Term, each party may disclose to the other certain Confidential Information to the other party. Notwithstanding the foregoing, Confidential Information does not include information that: (a) is or becomes publicly available through no breach by the Receiving Party of this Agreement; (b) was previously known to the Receiving Party prior to the date of disclosure, as evidenced by contemporaneous written records; (c) was acquired from a third party without any breach of any obligation of confidentiality; (d) was independently developed by a party hereto without reference to Confidential Information of the other party; or (e) is required to be disclosed pursuant to a subpoena or other similar order of any court or government agency, provided, however, that the party receiving such subpoena or order will promptly inform the other party in writing and provide a copy thereof (unless notice is precluded by the applicable process), and will only disclose that Confidential Information necessary to comply with such subpoena or order.

10.2        Protection of Confidential Information. Except as expressly provided in this Agreement, the Receiving Party will not use or disclose any Confidential Information of the Disclosing Party without the Disclosing Party’s prior written consent, except disclosure to, and subsequent uses by, the Receiving Party’s employees or consultants on a need-to-know basis, provided that such employees or consultants have executed written agreements restricting use or disclosure of such Confidential Information that are at least as restrictive as the Receiving Party’s obligations under this Section. Subject to the foregoing nondisclosure and non-use obligations, the Receiving Party will use at least the same degree of care and precaution that it uses to protect the confidentiality of its own Confidential Information and trade secrets of similar nature, but in no event less than reasonable care. Each party acknowledges that due to the unique nature of the other party’s Confidential Information, the Disclosing Party will not have an adequate remedy in money or damages in the event of any unauthorized use or disclosure of its Confidential Information. In addition to any other remedies that may be available in law, in equity, or otherwise, the Disclosing Party shall be entitled to seek injunctive relief to prevent such unauthorized use or disclosure.

10.3        Return and Destruction of Materials. All documents and other tangible objects containing or representing Confidential Information that have been disclosed by either party to the other party, and all summaries, copies, descriptions, excerpts, or extracts thereof that are in the possession of the other party will be, and remain, the property of the Disclosing Party and will be promptly returned to the Disclosing Party. The Receiving Party will use reasonable efforts to promptly delete or destroy all summaries, copies, descriptions, excerpts, or extracts thereof in their possession upon the Disclosing Party's written request. The Receiving Party will have no obligation to delete or destroy copies that: (a) are contained in an archived computer system backup that were made in accordance with such party’s security, e-mail retention, and/or disaster recovery procedures; or (b) are kept by a party for record-keeping, archival, or governance purposes in compliance with such party’s document retention policies. Any such retained Confidential Information will remain subject to the terms and conditions of this Agreement for so long as it is retained.  Notwithstanding the return or destruction of the Confidential Information, the Receiving Party will continue to be bound by its confidentiality and other obligations hereunder in accordance with the terms of this Agreement. At the Disclosing Party’s option, the Receiving Party will provide written certification of its compliance with this Section.

11.    Warranties and Disclaimers.

11.1        Product Warranties. All purchased Products will materially conform to their then-current Documentation and during the applicable subscription term, KnowBe4 will not materially decrease the overall functionality of the Products. Customer must notify KnowBe4 of any breach of this warranty within thirty (30) days of discovery of the breach. Customer’s sole and exclusive remedy, and KnowBe4’s sole and exclusive liability, for a breach of the foregoing warranty, will be for KnowBe4 to provide Product Support to repair or replace the relevant Product within thirty (30) days of such notice of non-conformity. If KnowBe4 is unable to remedy such non-conformity within the period to cure, Customer will be entitled to terminate the relevant Quote and be issued a refund for any pre-paid, unearned fees for the affected portion of the Products. KnowBe4 will not be responsible for any breach of the foregoing warranty resulting from Customer’s abuse or misuse of the Product or failure to use the Product as described in this Agreement, including failure to use the Product in accordance with its operational requirements. Customer is required to sufficiently detail the non-conformity in a manner that allows KnowBe4 to properly assist with the remediation. KnowBe4 will not be responsible for delays in remediation caused by Customer’s failure to respond to requests by KnowBe4. Customer understands that the Products will only operate in accordance with KnowBe4’s Documentation, and it is Customer’s responsibility to ensure that the Products will be fit for its purposes and to ensure that the Products will be supported by Customer’s technology and business environment.

11.2        Service Warranties. KnowBe4 warrants that KnowBe4 will provide the Services in a professional, workmanlike manner consistent with this Agreement. Customer must notify KnowBe4 of any breach of this warranty within thirty (30) days of discovery of the breach. Customer’s sole and exclusive remedy, and KnowBe4’s sole and exclusive liability, for a breach of the foregoing warranty will be for KnowBe4, in its sole discretion, to use reasonable efforts to re-perform the Services or terminate the relevant Quote and issue a refund for the portion of pre-paid fees for the non-conforming Services.

11.3        Compliance Warranties. Each party warrants that it will comply with all laws and regulations applicable to its provision or use of the Products and Services, as applicable (including applicable security breach notification laws).

11.4        Disclaimers. EXCEPT FOR THE LIMITED WARRANTIES IN THIS SECTION: (A) THE PRODUCTS AND SERVICES ARE PROVIDED “AS IS,” WITH ALL FAULTS, AND WITHOUT WARRANTIES OF ANY KIND; AND (B) KNOWBE4 EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, QUIET ENJOYMENT, QUALITY OF INFORMATION, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. KNOWBE4 DOES NOT WARRANT THAT THE OPERATION OF THE PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS IN THE PRODUCTS WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION, MARKETING, OR PROMOTIONAL MATERIALS, OR ADVICE GIVEN BY KNOWBE4 OR KNOWBE4’S AUTHORIZED REPRESENTATIVES WILL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THE EXPRESS WARRANTIES PROVIDED HEREIN. CUSTOMER ACKNOWLEDGES THAT COURSEWARE IS FOR GENERAL INFORMATION PURPOSES ONLY AND THAT KNOWBE4 IS NOT A LAW FIRM, NOR DOES IT PROVIDE ANY PROFESSIONAL OR ADVISORY SERVICES. THE INFORMATION PRESENTED IS NOT LEGAL ADVICE AND IS NOT TO BE ACTED ON AS SUCH. THE PRODUCTS MAY CONTAIN THE TRADE NAMES OR TRADEMARKS OF VARIOUS THIRD PARTIES AND, IF SO, ANY SUCH USE IS  FOR ILLUSTRATIVE AND EDUCATIONAL PURPOSES ONLY.  ALL PRODUCT AND COMPANY NAMES ARE PROPERTY OF THEIR RESPECTIVE OWNERS. USE OR DISPLAY OF THE MARKS DOES NOT IMPLY ANY AFFILIATION WITH, ENDORSEMENT BY, OR ASSOCIATION OF ANY KIND BETWEEN SUCH THIRD PARTIES AND KNOWBE4.

11.5        THE PRODUCTS AND SERVICES MAY BE USED TO ACCESS AND TRANSFER INFORMATION OVER THE INTERNET. CUSTOMER ACKNOWLEDGES AND AGREES THAT KNOWBE4 AND ITS VENDORS AND LICENSORS DO NOT OPERATE OR CONTROL THE INTERNET AND THAT: (A) VIRUSES, WORMS, TROJAN HORSES, OR OTHER UNDESIRABLE DATA OR SOFTWARE; OR (B) UNAUTHORIZED USERS (E.G., HACKERS) MAY ATTEMPT TO OBTAIN ACCESS TO, AND DAMAGE, CUSTOMER DATA, WEB‑SITES, COMPUTERS, OR NETWORKS. KNOWBE4 WILL NOT BE RESPONSIBLE FOR THOSE ACTIVITIES. FURTHER, EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD-PARTY HOSTING PROVIDERS.

12.    Indemnification.

12.1        KnowBe4 Indemnity Obligations. KnowBe4 will defend and indemnify Customer from any and all claims, losses, deficiencies, damages, liabilities, costs, and expenses (including, but not limited to, reasonable attorneys’ fees) finally awarded against Customer, as approved via a court-approved settlement, or via binding mediation or arbitration arising from a claim by a third party that Customer’s authorized use of a Product infringes that third party’s United States patent, copyright, or trade secret rights. The foregoing indemnification obligation of KnowBe4 is contingent upon Customer promptly notifying KnowBe4 in writing of such claim (provided the failure or delay in doing so will not relieve KnowBe4 from any obligations to indemnify Customer except to the extent that such delay or failure materially prejudices the defense of such claim), permitting KnowBe4 sole authority to control the defense or settlement of such claim and providing KnowBe4 reasonable assistance (at KnowBe4’s sole expense) in connection therewith. If a claim of infringement under this Section occurs, or if KnowBe4 determines a claim is likely to occur, KnowBe4 will have the right, in its sole discretion, to either (a) procure for Customer the right or license to continue to use the Products free of the infringement claim; or (b) modify the Products to make them non-infringing, without loss of material functionality. If neither of these remedies is reasonably available to KnowBe4, KnowBe4 may, in its sole discretion, immediately terminate this Agreement and related Quote and, upon return of the infringing Products from Customer, provide a prorated refund for any prepaid, unused fees for such Products for the remainder of the applicable subscription Term. Notwithstanding the foregoing, KnowBe4 will have no obligation with respect to any claim of infringement that is based upon or arises out of: (a) the use or combination of the Products with any hardware, software, products, data, or other materials not provided by KnowBe4; (b) modification or alteration of the Products by anyone other than KnowBe4; (c) use of the Products in excess of the rights granted in this Agreement; or (d) any specifications or other intellectual property provided by Customer (collectively, the “Excluded Claims”). The provisions of this Section state the sole and exclusive obligations and liability of KnowBe4 and its licensors and suppliers for any claim of intellectual property infringement arising out of or relating to the Products or this Agreement, and are in lieu of any implied warranties of non-infringement, all of which are expressly disclaimed.

12.2        Customer Indemnity Obligations. Customer will defend and indemnify KnowBe4 and hold it harmless from any and all claims, losses, deficiencies, damages, liabilities, costs, and expenses (including, but not limited to, reasonable attorneys’ fees) incurred by KnowBe4 as a result of any claim by a third party arising from: (a) Customer’s use of the Products in breach of this Agreement, (b) KnowBe4’s authorized use of the Customer Data; or (c) the Excluded Claims. The foregoing indemnification obligation of Customer is contingent upon KnowBe4 promptly notifying Customer in writing of such claim (provided the failure or delay in doing so will not relieve Customer from any obligations to indemnify KnowBe4 except to the extent that such delay or failure materially prejudices the defense of such claim), permitting Customer sole authority to control the defense or settlement of such claim, provided that Customer may not settle any such claim unless it unconditionally releases KnowBe4 of all liability, and providing Customer reasonable assistance (at Customer’s sole expense) in connection therewith.

13.    Limitations of Liability.

13.1        NEITHER KNOWBE4 NOR ITS VENDORS OR LICENSORS WILL HAVE ANY LIABILITY TO CUSTOMER OR ANY THIRD PARTY FOR ANY LOSS OF PROFITS, SALES, BUSINESS, DATA, OR OTHER INCIDENTAL, CONSEQUENTIAL, OR SPECIAL LOSS OR DAMAGE, INCLUDING EXEMPLARY AND PUNITIVE DAMAGES, OF ANY KIND OR NATURE RESULTING FROM, OR ARISING OUT OF, THIS AGREEMENT, THE PRODUCTS, AND ANY SERVICES RENDERED HEREUNDER. THE TOTAL LIABILITY OF KNOWBE4 AND ITS VENDORS AND LICENSORS TO CUSTOMER OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT, THE PRODUCTS, AND ANY SERVICES RENDERED HEREUNDER FOR ANY AND ALL CLAIMS OR TYPES OF DAMAGES WILL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE HEREUNDER BY CUSTOMER FOR THE PRODUCT OR SERVICE AS TO WHICH THE LIABILITY RELATES, IN THE TWELVE (12) MONTHS PRIOR TO THE FIRST EVENT GIVING RISE TO LIABILITY. The allocations of liability in this Section represent the agreed, bargained-for understanding of the parties and KnowBe4’s compensation hereunder reflects such allocations. The limitation of liability and types of damages stated in this Agreement are intended by the parties to apply, regardless of the form of lawsuit or claim a party may bring, whether in tort, contract, or otherwise, and regardless of whether any limited remedy provided for in this Agreement fails of its essential purpose.

14.    Term and Termination.

14.1        Term. This Agreement will be effective as of the Effective Date and will remain in full force and effect until all Quote terms have expired or otherwise have been terminated (“Term”).

14.2        Suspension. In the event KnowBe4, in good faith, believes or otherwise becomes aware of a User’s violation of this Agreement, then KnowBe4 may specifically request that Customer suspend such User’s access to, and use of, the Products. In the event Customer fails to suspend such non-compliant User, Customer hereby authorizes KnowBe4 to suspend such User. The duration of such suspension is at the sole determination of KnowBe4 and will continue until such time as KnowBe4 determines that the applicable User has cured the breach resulting in such suspension. KnowBe4 may also suspend access to, and use of, the Products with respect to any individual User or the Customer account to: (a) prevent damages to, or degradation of, the Products or KnowBe4’s systems; (b) comply with any law, regulation, court order, or other governmental request; or (c) otherwise protect KnowBe4 from potential legal liability. Any such suspension will be to the minimum extent and of the minimum duration required to prevent or terminate the cause of the suspension.

14.3        Termination.

14.3.1         If Customer fails to pay any invoice when due and does not make such payment within fifteen (15) days after receipt of notice from KnowBe4 of such failure, KnowBe4 may, in its sole discretion, either: (a) suspend delivery or performance of any Quote, or any remaining balance thereof, until such payment is made; or (b) terminate any Quote. In either event, Customer will remain liable to pay for the Products and Services.

14.3.2         Either party may terminate the Agreement or a Quote upon a material breach of the Agreement or Quote by the other, if the breaching party does not cure the breach within thirty (30) days after receipt of written notice from the other party specifying the breach.

14.3.3         Customer may terminate this Agreement or any applicable Quote at any time and for any reason upon providing thirty (30) days’ written notice to KnowBe4, provided Customer will not be entitled to reimbursement or relief of its future payment obligations.

14.4        Effects of Termination.

14.4.1         In the event of any termination of the Agreement or Quote without cause by Customer, or for cause by KnowBe4, Customer will pay for all Products and Services ordered as of the effective date of termination of the particular Quote. In addition, if a Quote specifies a term for which KnowBe4 will provide Products or Services to Customer (e.g., thirty-six (36) months), and that Quote is terminated by KnowBe4 for cause (including nonpayment) or by Customer without cause, then all future, recurring fees associated with the remaining term of such Quote will become immediately due and payable, and will be paid by Customer to KnowBe4 upon the effective date of such termination.

14.4.2         Upon any termination, Customer’s right to use and access the Products and Services (including any Courseware and other materials provided by KnowBe4) will immediately cease. Customer must return or destroy all copies (original and duplicates) of such Products and Services, in accordance with this Agreement. Upon request by KnowBe4, Customer must provide to KnowBe4 a certification of destruction.

14.4.3         During the applicable subscription term, Customer will have the ability to download a copy of its Customer Data contained in the Products in the form and format as such Customer Data exists in the Products.  Upon termination of this Agreement or applicable subscription term, KnowBe4 will have the right to delete or destroy all Customer Data in KnowBe4, or in KnowBe4’s agents’ possession. Notwithstanding the forgoing, KnowBe4 will be permitted to retain copies of data contained in an archived computer system backup that: (a) was made in accordance with its  security, e-mail retention, and/or disaster recovery procedures; or (b) are kept by KnowBe4 for record-keeping, archival, or governance purposes in compliance with KnowBe4’s document retention policies. Any such retained data will remain subject to the provisions of this Agreement for so long as it is retained.

14.4.4         The exercise of the right to terminate this Agreement and any Quote will be in addition to any other rights or remedies provided in this Agreement, or existing at law or equity, that are not otherwise excluded or limited under this Agreement.

15.    Miscellaneous Provisions.

15.1        U.S. Governmental Rights. The software Products and Services consist of commercial items and are commercial computer software as described in DFARS 252.227-7014(a)(1) and FAR 2.101. If acquired by or on behalf of any the Department of Defense or any component thereof, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in DFARS 227.7202-3, Rights in Commercial Computer Software or Commercial Computer Software Documentation. If acquired by or on behalf of any civilian agency, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in FAR 12.212, Computer Software.

15.2        Insurance.  KnowBe4 will maintain adequate insurance coverages as required by law or regulation, with an insurance carrier or carriers having an A.M. Best rating of A- or better, or an equivalent rating by another rating agency in the following amounts: (a) Comprehensive General Liability – not less than $1,000,000 per occurrence, $2,000,000 general aggregate; (b) Errors and Omissions (including Cyber & Privacy) – not less than $5,000,000 in the aggregate; and (c) Workers Compensation Coverage – as required by applicable law. Upon Customer’s written request, KnowBe4 will furnish a Certificate of Insurance evidencing its insurance coverage to Customer.

15.3        Independent Contractor. KnowBe4, its personnel, agents, subcontractors and independent contractors are not employees or agents of Customer and are acting as independent contractors with respect to Customer. Neither party is, nor will be, considered to be an agent; distributor; partner; joint venture; or representative of the other party for any purpose, and neither party will have the authority to act on behalf of, or in the name of, or to bind, the other party in any manner whatsoever.

15.4        Force Majeure. Neither party to this Agreement will be liable for delays or failures in performance under this Agreement (other than the payment obligations or breach of confidentiality requirements) resulting from acts or events beyond the reasonable control of such party, including acts of war, terrorism, acts of God, natural disasters (fires, explosions, earthquakes, hurricane, flooding, storms, explosions, infestations), embargos, riots, sabotage, governmental acts, failure of the Internet, power failures, energy interruptions or shortages, other utility interruptions, or telecommunications interruptions, provided that the delayed party: (a) gives the other party notice of such cause without undue delay; and (b) uses its reasonable commercial efforts to promptly correct such failure or delay in performance.

15.5        Governing Law; Venue. The following provisions include the law that will apply in the event of any dispute or lawsuit arising out of or in connection with this Agreement, the courts that have jurisdiction over any such dispute or lawsuit, and the accompanying terms depend on where the Customer is domiciled in accordance with the following table. All proceedings to be conducted in English.

If the Customer is domiciled in:

Without giving effect to any choice or conflict of law provisions, rules, or principles, the governing law is the laws of:

Courts with exclusive jurisdiction are:

Additional terms included are:

A country in North America, Central America, South America or Caribbean, other than Brazil. If Customer is domiciled in Russia, or a geographic region that does not fall into one of the designations described in this table, then Customer will fall into this category.

Florida and controlling United States federal law

Hillsborough County, Florida, U.S.A.

Notwithstanding the foregoing, the parties will have the right to seek injunctive or pre-judgment relief in any court of competent jurisdiction to prevent or enjoin the misappropriation, misuse, infringement or unauthorized disclosure of its Confidential Information or intellectual property rights. No Federal Acquisition Regulations will be construed to apply to KnowBe4 without KnowBe4’s written agreement thereto. The United Nations Convention for the International Sale of Goods will not apply to this Agreement. The parties hereto will and they hereby do waive trial by jury in any action, proceeding or counterclaim brought by either of the parties hereto against the other on any matters whatsoever arising out of or in any way related to this Agreement.

A country in EMEA
(Middle East, Europe and Africa) other than United Kingdom, South Africa, Germany, Austria and/or Switzerland

The Netherlands

Amsterdam

 

Germany, Austria or Switzerland

Federal Republic of Germany

Berlin

The UN Convention on Contracts for the International Sale of Goods (UNCITRAL) will not apply.

United Kingdom

England and Wales

London

 

Australia, New Zealand or  Oceania

Victoria, Australia

Victoria, Australia

 

Japan

Japan

Tokyo District Court

 

Brazil

Federative Republic of Brazil

São Paulo, State of São Paulo, Brazil

The parties agree that any subpoena or notice relating to the proceeding will be made by registered correspondence.

South Africa

England and Wales

London

 

A country in the Asia-Pacific region, other than Japan, Australia, New Zealand or Oceania

Singapore

Singapore

 

15.6        Entire Agreement; Construction; Modifications. This Agreement, including any and all Quotes, constitutes the entire understanding between the parties related to this Agreement which understanding supersedes and merges all prior understandings and all other proposals, letters, agreements, whether oral or written. The parties further agree that there are no other inducements, warranties, representations, or agreements regarding the matters herein between the parties except as expressly set forth in this Agreement. In the event of any conflict between the body of this Agreement and any Quote, or additional agreements entered into by the parties, the body of this Agreement will control, unless otherwise expressly stated in a signed writing by authorized representatives of the parties. In the event that the Customer or Users are presented with KnowBe4 click-wrap, the contents of this Agreement will supersede any conflicting terms. As used herein, the term “including” will mean “including, without limitation”; the term “includes” as used herein will mean “includes, without limitation”; and terms appearing in the singular will include the plural, and terms appearing in the plural will include the singular. This Agreement may not be modified, amended, or altered in any manner except by a written agreement signed by authorized representatives of the parties, and any attempt at oral modification will be void and of no effect.

15.7        Assignment. This Agreement may not be assigned or transferred by either party without the prior written consent of the other party, which consent will not be unreasonably withheld, conditioned, or delayed.  Notwithstanding the foregoing, either party may assign its rights and obligations under this Agreement, in whole but not in part, without the other party’s permission, to an Affiliate (provided previously purchased licenses, access rights, and Seats for the Products and Services will not be assignable or transferable without written consent from KnowBe4) or in connection with any merger, consolidation, sale of all or substantially all of such assigning party’s assets, or any other similar transaction, provided, that the assignee:  (a) is not a direct competitor of the non-assigning party; (b) is capable of fully performing the obligations of the assignor under this Agreement; and (c) agrees to be bound by the provisions of this Agreement.

15.8        No Waiver. The waiver or failure of either party to exercise any right in any respect provided for herein will not be deemed to be a waiver of any further right.

15.9        Purchase Order. KNOWBE4 SPECIFICALLY OBJECTS TO ANY ADDITIONAL TERMS BEING ADDED THROUGH A CUSTOMER PROVIDED PURCHASE ORDER OR SIMILAR DOCUMENT. IF A PURCHASE ORDER IS REQUIRED BY CUSTOMER, THE PARTIES AGREE THAT ANY ADDITIONAL TERMS CONTAINED THEREIN WILL NOT BECOME PART OF THE AGREEMENT BETWEEN THE PARTIES AND, SPECIFICALLY, THAT THE TERMS OF THIS AGREEMENT WILL SUPERSEDE AND REPLACE ANY AND ALL TERMS IN ANY PURCHASE ORDER.

15.10  Survivability. All provisions of this Agreement relating to confidentiality, non-disclosure, intellectual property, disclaimers, limitation of liability, indemnification, payment, and any other provisions which must survive in order to give effect to their meaning will survive the termination of this Agreement.

15.11  Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.

15.12  Notices. Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the third business day after mailing, or (c) the day of sending by email. All notices from Customer pertaining to contractual or legal matters (i.e. breach of contract, termination, indemnifiable claims, etc.) must clearly be identified and marked as Legal Notices to the address listed below. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer. All other notices to Customer will be addressed to the relevant account administrator designated by Customer.

Notice address for KnowBe4:

KnowBe4, Inc.

Attn: Legal Department

33 N. Garden Ave.

Suite 1200

Clearwater, Florida, U.S.A. 33755

support@knowbe4.com

15.13  Headings; Counterparts; Electronic Signatures. The headings contained in this Agreement are for purposes of convenience only and shall not affect the meaning or interpretation of this Agreement. This Agreement may be executed in two or more original or facsimile counterparts, each of which will be deemed an original, but all of which together shall constitute one and the same instrument.  The parties agree that the electronic signature of a party to this Agreement shall be as valid as an original signature of such party and shall be effective to bind such party to this Agreement. The parties agree that any electronically signed document (including this Agreement) shall be deemed (i) to be “written” or “in writing,” (ii) to have been signed and (iii) to constitute a record established and maintained in the ordinary course of business and an original written record when printed from electronic files. Such paper copies or “printouts,” if introduced as evidence in any judicial, arbitral, mediation or administrative proceeding, will be admissible as between the parties to the same extent and under the same conditions as other original business records created and maintained in documentary form. For purposes hereof, “electronic signature” means a manually-signed original signature that is then transmitted by electronic means; “transmitted by electronic means” means sent in the form of a facsimile or sent via the internet as a “pdf” (portable document format) or other replicating image attached to an e-mail message; and, “electronically signed document” means a document transmitted by electronic means and containing, or to which there is affixed, an electronic signature.

16.  Country Specific Provisions.  The following provisions are specific to the local law requirements for the specific country indicated, only.

16.1        Local Law Requirements for Japan. If Customer is domiciled in Japan, then Customer represents and warrants that it, and it officers, directors, and material shareholders, are not: (a) Anti-Social Forces (defined below), and have not been for at least the last five years; and (b) involved with Anti-Social Forces, including, without limitation, involvement by management, utilization, or provision of funding or favors. KnowBe4 may immediately terminate this Agreement for cause in the event of a breach of any of these representations and warranties. For the purposes of this section "Anti-Social Forces" means, collectively, an organized crime group (bouryokudan) or a member or affiliate thereof, a corporate racketeer (soukaiya), a rogue person or group advocating a social or political movement, or any other anti-social forces.

16.2        Local Law Requirements for Germany. With respect to Customers domiciled in Germany, Section 13 “Limitation of Liability” of this Agreement is replaced with the following:

“13      Limitation of Liability for Customers Domiciled in Germany.

13.1        Unlimited Liability. The Parties will be mutually liable without limitation: (a) in the event of willful misconduct or gross negligence; (b) within the scope of a guarantee taken over by the respective party; (c) in the event that a defect is maliciously concealed; (d) in case of an injury to life, body or health; or (e) according to the German Product Liability Law.

13.2        Liability for Breach of Cardinal Duties. If cardinal duties are infringed due to slight negligence and if, as a consequence, the achievement of the objective of this Agreement including any applicable Quote is endangered, or in the case of a slightly negligent failure to comply with duties, the very discharge of which is an essential prerequisite for the proper performance of this Agreement (including any applicable Quote), the parties’ liability will be limited to foreseeable damage typical for the contract. In all other respects, any liability for damage caused by slight negligence will be excluded.

13.3        Unless the parties are liable in accordance with “Unlimited Liability” section above, in no event will the aggregate liability of each party together with all of its Affiliates arising out of or related to this Agreement exceed the total amount paid by Customer and its Affiliates hereunder for the Services giving rise to the liability in the 12 months preceding the first incident out of which the liability arose. The foregoing limitation will not limit Customer’s and its Affiliates’ payment obligations.

13.4        With the exception of liability in accordance with the “Unlimited Liability” section, the above limitations of liability will apply to all claims for damages, irrespective of the legal basis including claims for tort damages. The above limitations of liability also apply in the case of claims for a party’s damages against the respective other party’s employees, agents or bodies.

13.5        Any rights arising out of or in connection with this Agreement will expire 24 months after the beginning of the statutory limitation period. The statutory limitation rules for intentional and grossly negligent acts, for claims due to intentional or negligent injury to life, body or health, for fraudulent misrepresentation and for claims under the Product Liability Act as well as sec. 548 of the German Civil Code will remain unaffected.


 

SERVICE LEVEL AGREEMENT

 

This Service Level Agreement (“SLA”) is for the provisioning of services required to support and sustain the Products under the Agreement to which this SLA is attached.

 

Term

This SLA is valid for the subscription term specified in the applicable Quote. Termination of the Agreement and/or a Quote will result in termination of this SLA.

 

Availability & Uptime

KnowBe4 agrees to: (a) make the Products available to Customer pursuant to the Agreement and the applicable Quote, (b) provide support for the Products to Customer at no additional charge, and/or upgraded support if purchased; and (c) use commercially reasonable efforts to make the online Services available 99.9% of the time to be measured annually, excluding any planned downtime, maintenance windows, or any unavailability caused by circumstances beyond KnowBe4’s reasonable control, such as a force majeure event in accordance with the Agreement. If Customer would like to receive status updates on the availability of KnowBe4’s Products, Customer may subscribe to receive updates at https://status.knowbe4.com/, or such other URL as KnowBe4 may provide from time to time.

 

CSM

Customer will be assigned a designated customer service manager (“CSM”) to assist the Customer’s admin with onboarding and training on how to use the Products, as applicable.

 

Maintenance Windows

Maintenance windows for other Products not specified below may be found on the KnowBe4 Documentation page, as defined in the Agreement. 

·        KMSAT maintenance windows may be found at https://support.knowbe4.com/hc/en-us/articles/360024057834-KnowBe4-Security-Awareness-Training-KMSAT-Site-Maintenance-, or such other URL as KnowBe4 may provide from time to time.

·        KCM GRC maintenance windows may be found at https://support.knowbe4.com/hc/en-us/articles/360025164193-KCM-GRC-Platform-Maintenance-Window, or such other URL as KnowBe4 may provide from time to time.

·        PhishER maintenance windows may be found at https://support.knowbe4.com/hc/en-us/articles/360025164473-PhishER-Platform-Site-Maintenance-, or such other URL as KnowBe4 may provide from time to time.

 

Support

KnowBe4’s support parameters, including its support hours, may be found at https://www.knowbe4.com/hubfs/KnowBe4-Support-Document.pdf?t=1518625292505, or such other URL as KnowBe4 may provide from time to time. To make a support request, Customer may submit a ticket at https://support.knowbe4.com/hc/en-us/requests/new, or such other URL as KnowBe4 may provide from time to time.

 

Customer Requirements

Customer responsibilities and/or requirements in support of this SLA include: (a) Customer’s compliance with the Agreement and the applicable Quote; (b) reasonable availability of Customer’s admin and/or technical representative(s) when resolving a service-related incident or request; and (c) providing proper notice of KnowBe4’s non-compliance with any Product or Service warranty in accordance with the Agreement and sufficiently detailing the non-compliance in a manner that enables KnowBe4 to properly assist with the remediation. KnowBe4 will not be responsible for delays in remediation caused by Customer’s failure to respond to requests by KnowBe4. Customer understands that the Products and Services will only operate in accordance with KnowBe4’s Documentation, as defined in the Agreement, and it is Customer’s responsibility to ensure that the Products and Services will be fit for its purposes and to ensure that the Products and Services will be supported by Customer’s technology and business environment. Customer understands that KnowBe4’s Products and Services are non-mission critical to Customer’s business.

 

Response Times

In support of services outlined in this SLA, KnowBe4 will respond to service-related incidents and/or requests submitted by Customer within the following time frames:

                Within 2 business days for issues classified as High Priority.

                High Priority”: Complete failure of platform or the complete unavailability of core functionality such as training and phishing.

                Within 3 business days for issues classified as Medium Priority.

                Medium Priority”: Impacted operations, core operations such as user and admin login operational but functionality impaired or requiring workarounds to achieve documented operation.

                Within 5 business days for issues classified as Low Priority.

                Low Priority”: Inconvenience due to operations not performing as defined or at a significantly degraded speed.

 

KMSAT Support Tiers

Tier 1 Support will assist with:


·        Password resets

·        Phishing and Training Campaign creation

·        Explaining overall navigation of the KMSAT Products

·        Providing KnowBe4’s recommended best practices

·        Issues accessing the training console

·        Whitelisting to ensure successful delivery of email from our servers

·        Issues related to accessing/completion of training modules

·        Resolving phishing/training result discrepancies

·        SAML Single Sign-On support and troubleshooting

·        Phish Alert Button installation

·        Active Directory Integration support

·        Channel partner support


 

Tier 2 and Tier 3 Support will be available for the escalation of more advanced support requests related to issues occurring with the KMSAT Products. 

 

Channel Partners

In the event Customer purchases through a KnowBe4-authorized channel partner, such channel partner may have its own SLA associated with the purchase. Customer acknowledges that KnowBe4 is not responsible, nor is KnowBe4 liable, for ensuring compliance with such channel partner SLA.

 

INFORMATION SECURITY REQUIREMENTS

1.          Security. 

a.          KnowBe4 will maintain Customer Confidential Information and its information technology environment secure from unauthorized access by using commercially reasonable efforts and industry standard organizational, physical and technical safeguards, and refrain from implementing changes that materially lower the level of security protection provided as of the Effective Date of the Agreement.  KnowBe4 will comply with the minimum security standards set forth in this Exhibit and provide prior written notice to Customer of any significant changes to KnowBe4’s information security policy that would lessen the security posture of the environment.

b.          KnowBe4 will conduct a SOC-2 Type 2 or such similar or successor audit on an annual basis. Upon request, KnowBe4 will provide Customer with a copy of such audit report and promptly remediate and/or mitigate any non-conformance findings in like with KnowBe4’s existing vulnerability remediation process. Such audit report will be considered Confidential Information of KnowBe4.

2.          Audit Rights.  Not more than once per calendar year during the term of the Agreement and with at least thirty (30) days’ prior written notice by Customer to KnowBe4, Customer may, at Customer’s sole expense, audit KnowBe4 to verify compliance with the terms and conditions of this Exhibit.  Such audit will be:        

a.          Completed within two (2) weeks;

b.          Performed during KnowBe4’s regular business hours in a manner that, in KnowBe4’s reasonable judgment, does not disrupt or degrade KnowBe4’s regular business operations and is done in accordance with KnowBe4’s security and data protection policies;

c.           Limited to KnowBe4’s facilities and personnel of KnowBe4 in scope of this Agreement; and   

d.          Conducted by either Customer’s employees or, with KnowBe4’s approval, by an independent third party agreed to by the parties.

Customer may create an audit report summarizing the findings and observations of the audit ("Audit Report"). Audit Reports are deemed to be Confidential Information of KnowBe4 and the Customer will not disclose the Audit Reports to third parties except to Customer’s legal counsel and consultants bound by obligations of confidentiality using at least the same degree of care Customer employs in maintaining in confidence its own Confidential Information of a similar nature, but in no event less than a reasonable degree of care. Customer will disclose the results of its audit to KnowBe4 within one week after its completion. KnowBe4 will promptly respond to audit findings and, at KnowBe4’s expense, discuss the findings with Customer, and if applicable, remediate and/or mitigate any critical and high risk findings to the satisfaction of Customer.

3.          Technical Security Controls.   With respect to KnowBe4 infrastructure that processes, stores, or transmits Customer Confidential Information, KnowBe4 will use the following technical security controls where applicable (and keep them current by incorporating and using all updates commercially available):

a.          Network Protection           

(i)          Network based firewalls or equivalent                 

(ii)        Network intrusion detection/protection systems            

b.          Client Protection

(i)          An antivirus or endpoint protection program using software that is updated at least daily on all applicable systems that may store or process Customer Confidential Information

(ii)        Host-based firewall/intrusion prevention software that blocks activity not directly related to or useful for business purposes               

c.           System and Software Protection  

(i)          All system and applications must utilize secure authentication and authorization mechanisms

(ii)        All KnowBe4-developed applications must be designed and implemented using secure coding standards and design principles (e.g., OWASP)              

(iii)     Operating systems must be hardened appropriately according to industry standard practices

(iv)     Systems must be inspected for known vulnerabilities and all identified known vulnerabilities must be patched as soon as reasonably possible

d.          Encryption

(i)          KnowBe4 will review and update encryption configurations on all systems that utilize encryption. KnowBe4 will utilize only modern industry accepted encryption algorithms, ciphers, modes and key sizes     

e.          Customer Confidential Information Protection        

(i)          Customer Confidential Information Access:  KnowBe4 will ensure that only authorized individuals (based on role) will, on behalf of KnowBe4, have access to Customer Confidential Information

(ii)        Customer Confidential Information Storage:  KnowBe4 will not process Customer Confidential Information on or transfer such to any portable storage medium, unless the storage medium is fully encrypted in accordance with encryption requirements set forth in this Exhibit                 

(iii)     Customer Confidential Information Transmission: All transmission or exchange of Customer Confidential Information by Company will use secure protocol standards in accordance with encryption requirements set forth in this Exhibit

4.          Incidents. 

a.          If KnowBe4 becomes aware of any unauthorized access to the Customer Confidential Information on systems owned, managed, or subcontracted by KnowBe4, KnowBe4 will without undue delay, notify Customer; consult and reasonably cooperate with investigations and potentially required notices; and provide any information reasonably requested by Customer

b.          In the event of a breach or any unauthorized disclosure of Customer Confidential Information, at no additional cost to Customer, KnowBe4 will reasonably cooperate with Customer in investigating the incident including, but not limited to, the provision of system, application, and access logs, conducting forensics reviews of relevant systems, imaging relevant media, and making personnel available for interview

c.           On notice of any actual breach, KnowBe4 will immediately institute appropriate controls to maintain and preserve all electronic evidence relating to the breach in accordance with industry standard practices

5.          Integration.  The terms of this Exhibit apply in addition to, not in lieu of, any other terms and conditions agreed with KnowBe4, except as specifically and expressly agreed in writing with explicit reference to this Exhibit.

6.          Training. KnowBe4 will periodically provide those employees, consultants, and any approved third parties (affiliated or not) that manage, or have access to, Confidential Information, including personally identifiable information, provided or made available by Customer, with privacy and security awareness training.


Get the latest about social engineering

Subscribe to CyberheistNews