Bitsight - Terms of Service - Product Schedules

Version date: 1 May 2026

A) BITSIGHT SPM (Security Performance Management), FQ (Financial Quantification)

1. Customer may externally share Bitsight Data exclusively related to Customer.

2. A feature of the Services allows Customer, at its option, to create or provide annotations (such as annotations Customer marks “public” that explain aspects of its rating, or information that corrects or updates its rated IP addresses or domains), corrections, additional information, clarifications, and comments with respect to the internet protocol (IP) assets or associated events attributed to it by Bitsight (collectively, “Annotations”), and make these Annotations available for viewing by other users in the Services.  Customer hereby grants to Bitsight a worldwide, perpetual, irrevocable, nonexclusive, transferable, and royalty-free right and license to use such Annotations in connection with the Bitsight Services.

3. Customer may publicly display the Bitsight logo or ‘Bitsight BadgeⓇ’ in the form made available by Bitsight, either alone or with the Bitsight-provided industry sector rating (together, the “Bitsight Logo”), solely to notify third parties of its Bitsight rating. All goodwill arising from such use will inure to Bitsight’s benefit. Customer may not use the Bitsight Logo other than as expressly permitted or in any way that misrepresents the Bitsight Security Rating, is deceptive or misleading, or tarnishes or damages Bitsight or its trademarks. The right to use the Bitsight Logo is personal to Customer and may be revoked by Bitsight at any time.

4. To support the accuracy and effectiveness of the Services, during the Subscription Term, Customer agrees it will not opt-out of or implement technical measures that would prevent Bitsight from conducting non-intrusive internet scanning activities with respect to internet protocol (IP) and other information technology assets associated with Customer.

 

B) BITSIGHT TPRM (Third Party Risk Management), CM (Continuous Monitoring), EASM (External Attack Surface Management)

Additional Definition:

Monitored Organization Customer’s current or prospective vendor, service provider, regulator, insured, or affiliate (including any portfolio companies or potential acquisition or investment targets) in relation to which Customer receives Bitsight Data via the Services.

1. External Use. The Bitsight Services may additionally be used externally by Customer to share the Bitsight Data that relates exclusively to a Monitored Organization with such organization via functionality provided in the Bitsight Service, for the purpose of initiating or maintaining a business relationship.

 

C) BITSIGHT VRM (Vendor Risk Management); TRUST MANAGEMENT HUB

Additional Definition:

Monitored Organization Customer’s vendor, service provider, regulator, insured, or affiliate (including any portfolio companies or potential acquisition or investment targets) in relation to which Customer receives Bitsight Data via the Services;

1. External Use. Customer may share Bitsight Data exclusively related to a Monitored Organization with that Monitored Organization via functionality provided in the Services, to support a business relationship for the benefit of Customer.

2. Shareable Content. A core feature of Bitsight VRM and Trust Management Hub provides Customer the option of sharing content with third parties regarding its vendor risk management program and cybersecurity risk profile (“Shareable Content”). Shareable Content shall comprise Customer’s Confidential Information. Solely as directed and authorized by Customer within the Services, Bitsight may disclose Shareable Content to those third parties designated by Customer, and Customer grants to Bitsight a worldwide, royalty-free, nonexclusive, transferable license to host and use Shareable Content for such purposes.

3. Corporate Data. Customer acknowledges that the Bitsight Services are not intended to process sensitive or special categories of personal data (including but not limited to personal health information or social security numbers), and Customer agrees it will not provide or upload such information. When uploading data relating to third parties, Customer may only include corporate assets (IPs and Domains); personal IP addresses and Domain information may not be provided.

 

D) INSURANCE

Additional Definitions:

Insurance Services The Bitsight products and services intended for use by insurers as specified in a corresponding Order;
Monitored Insurance Organization Customer’s insured party, prospective insured party, or broker of record in relation to which Customer receives Bitsight Data via the Services.

1. Use of Insurance Services. Insurance Services, consisting of curated cyber security risk information about Customer’s insureds or potential insureds, may be used by Customer for its internal underwriting, risk assessment, loss control and portfolio management activities, and for other related internal business purposes.

2. External Use. Customer may share Bitsight Data exclusively related to a Monitored Insurance Organization with the Monitored Insurance Organization via functionality provided in the Services to support an existing or prospective business relationship. If sharing with a broker of record, Customer is responsible for obtaining consent from the Monitored Insurance Organization.

3. Shareable Content. Certain Bitsight insurance products provide Customer the option of sharing insurance content with Customer’s designated third parties (“Shareable Content”). Shareable Content shall comprise Customer’s Confidential Information; however, Bitsight may disclose any Shareable Content to the third parties designated by Customer, solely as directed and authorized by Customer within the Services, and Customer grants to Bitsight a worldwide, royalty-free, nonexclusive, transferable license to host and use Shareable Content for such purposes.

4. Indemnification. Customer shall indemnify, defend, and hold Bitsight (together with its affiliates and each of their respective employees, officers, and directors) harmless against any third-party claims, suits or actions and any damages, losses, or costs associated therewith, resulting from Customer’s distribution of Bitsight Data received as part of the Insurance Services, without limit of liability

5. Optional FeaturesAdditional terms apply, specified at https://www.bitsight.com/embedded-service-terms-and-conditions-for-additional-functionality, where accessing the following features: (i) Exposed Credentials; (ii) Manage IP Visibility; and (iv) Generative AI Features.

 

E) CYBER THREAT INTELLIGENCE (CTI) (including ‘CSG’ SKUs)

Additional Definitions:

CTI Bitsight’s cyber threat intelligence services, designated as such in an Order (including any ‘CSG’ SKU) or statement of work.
CTI Deliverables The content and data obtained via the CTI Solution. The CTI Deliverables form part of the Bitsight Data.
CTI Solution The proprietary solution and API identified in the applicable Order, and all related manuals, specifications and documentation provided by Bitsight. The CTI Solution forms part of the Services.
Customer Data Any non-public data (e.g., assets and user information) provided by Customer to enable the provision and use of the CTI Solution, other than Threat Identifiers.
SoW Services Any services described in a CTI statement of work.
Threat Identifiers Phishing URLs, crimeware or other threat identifiers either provided by Customer or collected in the ordinary operation of the Services, not containing data directly relating to Customer or identifying Customer.

1. Supplementary Use Rights and Restrictions

1.1 Except as expressly permitted in this Agreement, Customer shall not, directly or indirectly: (i) modify, incorporate into or use the CTI Solution with other software, or create a derivative work of any part of the CTI Solution or CTI Deliverables; or (ii) use the CTI Solution to access any confidential or other non-public information of any third party without such third party’s consent or collect, copy or use any CTI Deliverables in a manner that infringes or violates the rights of any third party, including, without limitation, privacy rights and Intellectual Property Rights.

1.2 Notwithstanding anything to the contrary in the Agreement, the CTI Solution and CTI Deliverables are for internal use only.

1.3 Use of the API provided as part of the CTI Solution shall be subject to the additional terms available at https://cybersixgill.com/api-restrictions.

1.4 The Services, including all CTI Deliverables, shall not be used for any purposes regulated by the Health Insurance Portability and Accountability Act (HIPAA) or similar laws and regulations.

2. Customer Data. Any Customer Data shall comprise Confidential Information of Customer.  Customer hereby grants to Bitsight a worldwide, royalty-free, nonexclusive, transferable right and license to store, host and display to Customer any Customer Data and Threat Identifiers, including to service Customer-specific support requests. Threat Identifiers may be used for any lawful business purpose without a duty of accounting to Customer. 

3. Warranties and Representations. Customer represents and warrants that (i) it has all required permissions, authorizations and approvals to request, collect and use any and all CTI Deliverables and any data and content requested by Customer as part of the Services; (ii) it has all necessary consents and permissions to provide any information, including Customer Data, that it uploads in the CTI Solution or otherwise supplies to Bitsight in connection with the CTI Solution, CTI Deliverables or Services; and (iii) that it shall not permit any personnel located in China (including the special administrative regions of Hong Kong and Macau) to access any Personally Identifiable Sensitive Data of U.S. individuals (as defined in the Protecting Americans’ Data from Foreign Adversaries Act of 2024) provided as part of the CTI Solution or CTI Deliverables. Customer shall implement appropriate controls to ensure compliance with this restriction and shall promptly notify Bitsight of any unauthorized access or non-compliance. Failure to comply with this provision constitutes a material breach of this Agreement.

4. Disclaimer of Warranties.

4.1 THE CTI DELIVERABLES AND ANY RESULTS OF THE SOW SERVICES ARE BASED ON INFORMATION AND CONTENT COLLECTED FROM THE DARK AND DEEP-WEB AND SUCH OTHER THIRD PARTY SOURCES, AND THEREFORE BITSIGHT DOES NOT WARRANT THAT THEY ARE CORRECT, COMPLETE, ACCURATE OR RELIABLE. BITSIGHT DOES NOT WARRANT THAT THE CTI SOLUTION OR CTI DELIVERABLES WILL OPERATE WITHOUT INTERRUPTIONS OR ERRORS OR THAT ANY ERRORS OR BUGS WILL BE REPRODUCIBLE OR REPAIRABLE. FURTHER, UNLESS OTHERWISE AGREED BETWEEN THE PARTIES, BITSIGHT DISCLAIMS ANY WARRANTY OF CORRECTNESS, USEFULNESS, ACCURACY, RELIABILITY, OR OTHERWISE RELATED TO THE CTI SOLUTION, CTI DELIVERABLES OR SOW SERVICES. CUSTOMER SHALL BE RESPONSIBLE FOR TAKING ALL PRECAUTIONS IT BELIEVES ARE NECESSARY OR ADVISABLE TO PROTECT IT AGAINST ANY CLAIM, DAMAGE, LOSS OR HAZARD THAT MAY ARISE BY VIRTUE OF ANY USE OF OR RELIANCE UPON THE CTI SOLUTION, CTI DELIVERABLES OR SOW SERVICES. CUSTOMER IS RESPONSIBLE FOR VERIFYING ANY OUTPUT RESULTING FROM USE OF THE CTI SOLUTION INCLUDING ANY USE AND OUTPUT FROM AI FEATURES AND FUNCTIONALITY.

4.2 As part of any SoW Services, Customer may access and use Third-Party Services under a direct engagement with the third party service provider. Bitsight shall not be liable for Customer’s use of any Third-Party Services.

5. Indemnification. Customer agrees to defend, indemnify and hold harmless Bitsight, its affiliates, licensors, suppliers, officers, directors, employees and agents  from and against any and all claims, damages, obligations, losses, liabilities, costs, debts, and expenses (including but not limited to attorney’s fees) arising from: (i) Customer’s use of the CTI Deliverables or the content or data provided as part of the Services or CTI Solution; (ii) Customer’s violation of any law, rule, regulation or order in relation to the CTI Deliverables, or its violation of any terms and conditions of any third party service; (iii) takedown services requested by Customer, including any request or approval by or on Customer’s behalf to seek the suspension or removal of any website, social media page or other online asset (including for the avoidance of doubt, violations of export compliance); and/or (iv) Customer’s provision of Customer Data to Bitsight. Customer may not settle a claim that provides for Bitsight liability without Bitsight’s prior written consent and will pay those costs and damages finally awarded in any such legal action, or in a settlement of such legal action, that are specifically attributable to the claim. This indemnification shall not be subject to any limitation of liability stated in the Agreement.  For the purposes of the Intellectual Property Indemnity specified in the Agreement, ‘Services’ shall mean the CTI Solution excluding CTI Deliverables.

6. Termination. Notwithstanding anything to the contrary in the Agreement, upon termination Customer shall discontinue all further use of the CTI Solution and CTI Deliverables, promptly remove the CTI Solution and CTI Deliverables from all hard drives, networks and other storage media, and destroy all copies of the CTI Solution in its possession or under its control.


F)  ARTIFICIAL INTELLIGENCE

The terms set out at https://service.bitsighttech.com/accounts/ai-terms/ govern your use of any AI Features which are made available within Bitsight's Services.