CTI Addendum

Drafting note: for use with ToS prior to 8.1.25.

This CTI Addendum is made on the date of acceptance and amends the Main Subscription Terms and Conditions or other relevant agreement (the “Agreement”) in place between BitSight Technologies, Inc. (“Bitsight”) and the customer specified on the Order or similar document referring to this CTI Addendum (“Customer”).

This Addendum specifies additional use rights and/or restrictions related to CTI (Cyber Threat Intelligence) services, and shall take precedence to the extent of any conflict or inconsistency with the Agreement.

________________________________________________________________________________________

The definitions below shall apply, in addition to those specified in the Agreement:

CTI Bitsight’s cyber threat intelligence services, designated as such in an Order (including via a ‘CSG’ SKU) or statement of work.
CTI Deliverables The content and data obtained via the CTI Solution. The CTI Deliverables form part of the Bitsight Data.
CTI Solution The proprietary solution and API identified in the applicable Order, and all related manuals, specifications and documentation provided by Bitsight. The CTI Solution forms part of the Bitsight Services.
Customer Data Any non-public data (e.g., assets and user information) provided by Customer to enable the provision and use of the CTI Solution, other than Threat Identifiers.
SoW Services Any services described in a CTI statement of work.
Threat Identifiers Phishing URLs, crimeware or other threat identifiers either provided by Customer or collected in the ordinary operation of the Bitsight Services, not containing data directly relating to Customer or identifying Customer.

 

  1. Supplementary Use Rights and Restrictions

    1.1 Except as expressly permitted in this Agreement, Customer shall not, directly or indirectly: (i) modify, incorporate into or use the CTI Solution with other software, or create a derivative work of any part of the CTI Solution or CTI Deliverables; or (ii) use the CTI Solution to access any confidential or other non-public information of any third party without such third party’s consent or collect, copy or use any CTI Deliverables in a manner that infringe or violate the rights of any third party, including, without limitation, privacy rights and intellectual property rights.

    1.2 Notwithstanding anything to the contrary in the Agreement, the CTI Solution and CTI Deliverables are for internal use only.

    1.3 Use of the API provided as part of the CTI Solution shall be subject to the additional terms available at https://www.bitsight.com/sixgill-api-restrictions.
     
  2. Customer Data. Any Customer Data shall comprise Confidential Information of Customer.  Customer hereby grants to Bitsight a worldwide, royalty-free, nonexclusive, transferable right and license to store, host and display to Customer any Customer Data and Threat Identifiers, including to service Customer-specific support requests. Threat Identifiers may be used for any lawful business purpose without a duty of accounting to Customer. 
     
  3. Warranties and Representations. Customer represents and warrants that (i) it has all required permissions, authorizations and approvals to request, collect and use any and all CTI Deliverables and any data and content requested by Customer as part of the Bitsight Services; (ii) it has all necessary consents and permissions to provide any information, including Customer Data, that it uploads in the CTI Solution or otherwise supplies to Bitsight in connection with the CTI Solution, CTI Deliverables or Bitsight Services; and (iii) that it shall not permit any personnel located in China (including the special administrative regions of Hong Kong and Macau) to access any Personally Identifiable Sensitive Data of U.S. individuals (as defined in the Protecting Americans’ Data from Foreign Adversaries Act of 2024) provided as part of the CTI Solution or CTI Deliverables. Customer shall implement appropriate controls to ensure compliance with this restriction and shall promptly notify Bitsight of any unauthorized access or non-compliance. Failure to comply with this provision constitutes a material breach of this Agreement.
     
  4. Disclaimer of Warranties.

    4.1 THE CTI DELIVERABLES AND ANY RESULTS OF THE SOW SERVICES ARE BASED ON INFORMATION AND CONTENT COLLECTED FROM THE DARK AND DEEP-WEB AND SUCH OTHER THIRD PARTY SOURCES, AND THEREFORE BITSIGHT DOES NOT WARRANT THAT THEY ARE CORRECT, COMPLETE, ACCURATE OR RELIABLE. BITSIGHT DOES NOT WARRANT THAT THE CTI SOLUTION OR CTI DELIVERABLES WILL OPERATE WITHOUT INTERRUPTIONS OR ERRORS OR THAT ANY ERRORS OR BUGS WILL BE REPRODUCIBLE OR REPAIRABLE. FURTHER, UNLESS OTHERWISE AGREED BETWEEN THE PARTIES, BITSIGHT DISCLAIMS ANY WARRANTY OF CORRECTNESS, USEFULNESS, ACCURACY, RELIABILITY, OR OTHERWISE RELATED TO THE CTI SOLUTION, CTI DELIVERABLES OR SOW SERVICES. CUSTOMER SHALL BE RESPONSIBLE FOR TAKING ALL PRECAUTIONS IT BELIEVES ARE NECESSARY OR ADVISABLE TO PROTECT IT AGAINST ANY CLAIM, DAMAGE, LOSS OR HAZARD THAT MAY ARISE BY VIRTUE OF ANY USE OF OR RELIANCE UPON THE CTI SOLUTION, CTI DELIVERABLES OR SOW SERVICES. CUSTOMER IS RESPONSIBLE FOR VERIFYING ANY OUTPUT RESULTING FROM USE OF THE CTI SOLUTION INCLUDING ANY USE AND OUTPUT FROM AI FEATURES AND FUNCTIONALITY.

    4.2 As part of any SoW Services, Customer may access and use Third-Party Services under a direct engagement with the third party service provider. Bitsight shall not be liable for Customer’s use of any Third-Party Services.
     
  5. Indemnification. Customer agrees to defend, indemnify and hold harmless Bitsight, its affiliates, licensors, suppliers, officers, directors, employees and agents from and against any and all claims, damages, obligations, losses, liabilities, costs, debts, and expenses (including but not limited to attorney’s fees) arising from: (i) Customer’s use of the CTI Deliverables or the content or data provided as part of the Bitsight Services or CTI Solution; (ii) Customer’s violation of any law, rule, regulation or order in relation to the CTI Deliverables, or its violation of any terms and conditions of any third party service; (iii) takedown services requested by Customer, including any request or approval by or on Customer’s behalf to seek the suspension or removal of any website, social media page or other online asset (including for the avoidance of doubt, violations of export compliance); and/or (iv) Customer’s provision of Customer Data to Bitsight. Customer may not settle a claim that provides for Bitsight liability without Bitsight’s prior written consent and will pay those costs and damages finally awarded in any such legal action, or in a settlement of such legal action, that are specifically attributable to the claim. For the purposes of the Intellectual Property Indemnity specified in the Agreement, ‘Bitsight Services’ shall mean the CTI Solution excluding CTI Deliverables. The exclusions and limitations of liability specified in the Agreement shall not apply to the indemnification in this Section 5.
     
  6. Termination. Notwithstanding anything to the contrary in the Agreement, upon termination, Customer shall discontinue all further use of the CTI Solution and CTI Deliverables, shall promptly remove the CTI Solution and CTI Deliverables from all hard drives, networks and other storage media, and destroy all copies of the CTI Solution in its possession or under its control.