Terms of Service

Last updated: June 06, 2022


This Terms of Service sets forth an agreement (the "Agreement") between you (“you” “your” “Customer”) and PhishingBox, LLC, a Kentucky Limited Liability Company (“PhishingBox”, “we” “us”), for access to PhishingBox's Services (as defined below). Upon signing this Agreement, you and we shall have shown our agreement with the terms, which is required prior to, and as a condition of, use of the Service.

“Add-Ons” means additional product enhancements (including limit increases and other add-ons) that are made available for purchase.
"Affiliate" means any entity which directly or indirectly controls, is controlled by, or is under common control with a party to this Agreement. For purposes of this definition, control means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Confidential Information” means all confidential information disclosed by a party ("Disclosing Party") to the other party ("Receiving Party"), whether orally or in writing, that is designated as confidential. Confidential Information includes all information concerning: the Disclosing Party's customers and potential customers, past, present or proposed products, marketing plans, engineering and other designs, technical data, business plans, business opportunities, finances, research, development, and the terms and conditions of this Agreement. Confidential Information doesn't include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. Subject to the foregoing exclusions, Customer Data will be considered Confidential Information under this Agreement regardless of whether or not it is designated as confidential.
"Consulting Services" means the professional services, including Managed Services, provided to you by us, which may include training services, installation, integration or other consulting services.
"Customer Data" means all information that you submit or collect via the Service. Customer Data does not include PhishingBox Content.
"Customer Materials" means all materials that you provide or post, upload, input or submit for public display through the Service.
"Fee" means the amount you pay for the Service.
“Free Services” means the Service or other products or features made available by us to you on an unpaid trial or free basis.
“Managed Services” means any ongoing management of phishing campaigns and/or training campaigns being run or managed by PhishingBox on your behalf.
"Order" means the PhishingBox-approved form or online subscription process by which you agree to subscribe to the Service.
“Personal Data” means any information relating to an identified or identifiable individual where such information is contained within Customer Data and is protected similarly as personal data or personally identifiable information under applicable data protection laws.
"PhishingBox Content" means all information, data, text, messages, software, sound, music, video, photographs, graphics, images, and tags that we incorporate into the Service or Consulting Services.
“Professional Services” means, collectively, the consulting and other professional services which you have ordered. Professional Services include any deliverables described in your Proposal and delivered by PhishingBox to you under the order. The term “Professional Services” does not include your primary PhishingBox license.
“Proposal” means the executed document that outlines the Services and Professional Services you have ordered. The term Proposal covers synonymous terms, such as Quote, Order, and Estimate.
“SCCs” means the Standard Contractual Clauses for processors as approved by the European Commission or Swiss Federal Data Protection Authority (as applicable).
"Service" means all of our web-based applications, tools and platforms that you have subscribed to under an Order or that we otherwise make available to you, and are developed, operated, and maintained by us, accessible via https://www.phishingbox.com, portal.phishingbox.com, school.phishingbox.com or another designated URL, and any ancillary products that we provide to you.
“Service Period” refers to the period of time, or term, for which you have procured the Service and any Professional Services, as specified in your Proposal.
“Solutions Provider” refers to any account that either performs services for clients using our service or resellers our services to others.
"Subscription Term" means the initial term of your subscription to the Service, as specified on an Order, and each subsequent renewal term (if any). For Free Services, the Subscription Term will be the period during which you have an account to access the Free Services.
“Target” is an entity, such as an employee's email address, that is tested via the Service. A Target also means a single individual (other than a User) whose Target Information is stored by you in the Service or on your behalf through Professional Services.
"Target Information" means the name, email address, title, department, phone number, and similar information uploaded by you to the Service.
"Third-Party Products" means non-embedded products that are provided by third parties which interoperate with or are used in connection with the Service. These products include non-PhishingBox applications available from our marketplaces, directories, and links made available through the Service.
"Third-Party Sites" means third-party websites linked to or from within the Service.
"Users" means your employees, representatives, consultants, contractors or agents who are authorized to use the Service for your benefit.
3.1 Access. During the Subscription Term, we will provide your Users access to use the Service as described in this Agreement and the applicable Order. You may provide access and use of the Service to your Affiliate’s Users; provided that, all such access and use by your Affiliate’s Users is subject to and in compliance with the Agreement, and you will at all times remain liable for your Affiliate’s compliance with the Agreement.
3.2 Additional Features. You may subscribe to additional features of the Service by placing an additional Order or activating the additional features from within your account (if this option is made available by us.). This Agreement will apply to all additional Order(s) and all additional features that you activate from within your account.
3.3 Modifications. We modify the Service from time to time, including by adding or deleting features and functions, in an effort to improve the user experience.
3.4 Alpha/Beta Services. If we make alpha or beta access to some or all of the Service (the “Alpha/Beta Services”) available to you: (i) the Alpha/Beta Services are provided “as is” and without warranty of any kind, (ii) we may suspend, limit, or terminate the Alpha/Beta Services for any reason at any time without notice, and (iii) we will not be liable to you for damages of any kind related to your use of the Alpha/Beta Services.
3.5 Service Uptime Commitment. For the purposes of this Section 3.5, the following definitions shall apply:
"Priority 1" means a critical full outage/severe issue that constitutes a catastrophic problem that causes complete inability to use the Service, excluding Free Services, across a significant portion of the production environment (e.g., crash or hang), resulting in production downtime and where there is no workaround or solution to the problem.
"Excluded" means the following: (i) unavailability caused by circumstances beyond our reasonable control, including, without limitation, act of God, acts of government, emergencies, natural disasters, flood, fire, civil unrest, acts of terror, strikes or other labor problems (other than those involving our employees), or any other force majeure event or factors; (ii) any problems resulting from Customer's combining or merging the Service with any hardware or software not supplied by us or not identified by us in writing as compatible with the Service; (iii) interruptions or delays in providing the service resulting from telecommunications or internet service provider failures outside of our datacenter as measured by our third party website availability monitoring provider; and (iv) any interruption or unavailability resulting from the misuse, improper use, alteration, or damage of the Service.
"Service Uptime" means (total hours in calendar month - unscheduled maintenance which causes unavailability - Priority 1 issue durations - scheduled maintenance - Excluded) / (total hours in calendar month - scheduled maintenance - Excluded) X 100%.
3.5.1 We will use commercially reasonable efforts to meet a Service Uptime of 99.95% for our Service in a given calendar month. All availability calculations will be based on our system records. Notwithstanding anything to the contrary in this Agreement, as Customer's sole and exclusive remedy for failure to meet availability or support commitments, in the event there are two (2) or more consecutive calendar months during which the Service Uptime falls below 99.95% in a given calendar month, Customer will be entitled to receive a credit equal to the pro-rated amount of fees applicable to the downtime as measured within two (2) or more consecutive calendar months during which the Service Uptime fell below 99.95%, which credit shall be applied against an invoice or charge for the following renewal Subscription Term, provided Customer requests such credit within twenty (20) days of the end of the relevant calendar month. Notwithstanding anything to the contrary in the Agreement or this section, this Section 3.5 does not apply to our Free Services.

3.6 Limits/Acceptable Use. You agree not to misuse the Service or to help anyone else do so. Limits or restrictions on use of the Service are outlined below. These limits are organized into several categories based on the product or Service used.
General – the following limits apply to all products and the Service.
  • You will report any compromised account to PhishingBox.
  • You will not share authentication credentials with others.
  • You will not manipulate the system to bypass account restrictions, such as the number of emails, users, or courses listed in your Order.
  • You will not send unsolicited communications, promotions, advertisements, or spam.
  • You will not sell the Service unless specifically authorized to do so.
  • You will not violate the law in any way, including storing, publishing or sharing material that is fraudulent, defamatory, infringing, or misleading.
  • You will not violate the privacy or infringe the rights of others.
Product or Feature Specific Limits - These limits related to specific features or products within the Services.
Phishing Simulator
  • You will not test any entity for which you do not have authority to test.
  • You will not include any sensitive or non-public information within emails or landing pages.
  • You agree that we may stop any phishing campaigns or tests if there are complaints of use from third parties, whenever PhishingBox determines at its own discretion that it either agrees with the basis of the complaint or determines the most expedient solution is to stop the phishing campaigns or tests which are the basis of the complaint. PhishingBox may need to stop any phishing campaigns or tests receiving such complaints of use from third parties before we can notify you. PhishingBox agrees to provide you notice of any such known complaints of use within 72 hours. PhishingBox will make efforts to advise and assist you in removing any objectionable content which form the basis of any complaints of use from third parties.
PhishingBox’s Application Programming Interface (API):
  • You will not disclose or provide the PhishingBox APIs or access credentials to any person or entity other than to your employees or independent contractors, provided (1) such employees or independent contractors enter into an agreement with you at least as protective of as this Agreement, and (2) you hereby agree to be responsible for any breaches of such agreements by such employees or independent contractors.
  • You will not use the PhishingBox API (i) for any illegal purposes, (ii) in any manner which would violate this Agreement, (iii) to breach any laws or regulations regarding privacy or data protection, (iv) to violate the rights of third parties, or (v) expose PhishingBox to legal liability.
  • You will not use any PhishingBox API in any manner that, as determined by PhishingBox in its reasonable discretion, constitutes abusive usage.
  • You will not (i) interfere with, or disrupt, the Service and related servers or networks, (ii) disobey any requirements, procedures, policies or regulations of networks connected to the Service, or (iii) transmit any viruses, worms, defects, Trojan horses, or any items of a destructive nature through your use of the PhishingBox API;
  • You will not engage in any activity that interferes with, disrupts, harms, damages, or accesses in an unauthorized manner PhishingBox’s servers, security, networks, data, applications, or the Service.
  • You will not circumvent technological measures intended to prevent direct database access.
  • You will not bypass PhishingBox API restrictions for any reason, including automating administrative functions of the Service.
3.7 Prohibited and Unauthorized Use.
You will not use the Service in any way that violates for any purpose or in any manner that is unlawful or prohibited by this Agreement.

You will NOT use the Service if you are legally prohibited from receiving or using the Service under the laws of the country in which you are located or from which you access or use the Service.

The Service is only for use by individuals who are at least 18 years old. Individuals under 18 years old are not allowed to use the Service nor are you allowed to include information of any such persons within your account. You agree not to use the Service to send phishing campaigns or tests to Targets that do not meet this age minimum.
3.8 Customer Support.
If you pay us a Fee for our Services, the following support is included at no additional cost.
3.8.1 Phone Support.
Phone support for is available daily from 9:00AM to 5:00PM ET (Eastern Time) Monday through Friday, excluding U.S. federal holidays.
3.8.2 Email and In-app Support.
Email and in-app responses are provided during phone support hours only. We attempt to respond to email and in-app support questions within one (1) business day; in practice, our responses are generally even faster. We do not promise or guarantee any specific response time. We may limit or deny your access to support if we determine, in our reasonable discretion, that you are acting, or have acted, in a way that results or has resulted in misuse of support or abuse of PhishingBox representatives.
3.8.3 Support Limitations.
Issues resulting from your use of API's, including third-party API’s, may be outside the scope of support. Should we determine needed support is outside of our standard support, we will notify you about your options, which may include support options for an additional charge.
3.9 Free Trial. If you register for a free trial, we will make the applicable Service available to you on a trial basis free of charge until the earlier of (a) the end of the free trial period (if not terminated earlier) or (b) the start date of your paid subscription. Unless you purchase a subscription to the applicable Service before the end of the free trial, all of your data in the Service may be permanently deleted at the end of the trial, and we will not recover it. If we include additional terms and conditions on the trial registration web page, those will apply as well.
3.10 Legacy Products. If you have a legacy product, some of the features and limits that apply to that product may be different than those that appear in this Agreement. If you have legacy products, we may choose to move you to our then-current products at any time. If you determine that you are using a legacy product and would like to upgrade to a current version, you may be required to execute a new Order.
4.1 Subscription Fees. The Subscription Fee will remain fixed during the initial term of your subscription unless (i) you exceed your Targets allocation, (ii) you upgrade products or base packages, (iii) you subscribe to additional features or products, including additional Targets, or (iv) otherwise agreed in your Order.
4.2. Billing Disputes. You must notify PhishingBox in writing of any disputed charges within thirty (30) days of receiving an invoice. PhishingBox will attempt to resolve all disputes within thirty (30) days of being notified of a dispute. To the extent PhishingBox determines, at its sole discretion, that a billing adjustment is warranted, your account will be credited accordingly. If you fail to notify PhishingBox of a billing dispute as noted above, you waive all rights to bring any claim regarding the disputed charges.

4.3 Downgrades. You may downgrade your products and/or base packages upon no less than thirty (30) days written notice prior to the next renewal anniversary of an applicable Order.

4.4 Fee Adjustments at Renewal. Upon renewal, we may increase your fees up to our then-current list price set for the Service. If you do not agree to this increase, either party can choose to terminate your subscription at the end of your then-current term by giving the notice required in Section 5.2 (Notice of Non-Renewal).

4.5 Payment by Credit Card. If you are paying by credit card, you authorize us to charge your credit card or bank account for all fees payable during the Subscription Term. You further authorize us to use a third party to process payments, and consent to the disclosure of your payment information to such third party.

4.6 Payment Against Invoice. All amounts invoiced are due and payable within thirty (30) days from the date of the invoice, unless otherwise specified in the Order.

4.7 Payment Information. You will make commercially reasonable efforts to keep your contact information and billing information up to date. All payment obligations are non-cancelable and all amounts paid are non-refundable, except as specifically provided for in this Agreement. All fees are due and payable in advance throughout the Subscription Term. If you are a Solutions Provider that purchases on behalf of a client, you agree to be responsible for the Order and to guarantee payment of all fees.

4.8 Sales Tax. All fees are exclusive of taxes, which we will charge as applicable. You agree to pay any taxes applicable to your use of the Service and performance of Professional Services. You shall have no liability for any taxes based upon our gross revenues or net income. If you are located in the European Union, all fees are exclusive of any VAT, and you represent that you are registered for VAT purposes in your member state. At our request, you will provide us with the VAT registration number under which you are registered in your member state. If you do not provide us with a VAT registration number prior to your transaction being processed, we will not issue refunds or credits for any VAT that was charged. If you are subject to GST, all fees are exclusive of GST.

4.9 Withholding Tax. If you are required to deduct or withhold tax from payment of your invoice, you may deduct this amount from the applicable Subscription Fee due to the extent it is due and payable as assessed withholding tax required under laws that apply to you (the “Deduction Amount”).

You will not be required to repay the Deduction Amount to us, provided that you present us with a valid tax receipt verifying payment of the Deduction Amount to the relevant tax authority within ninety (90) days from the date of the invoice. If you do not provide this tax receipt within the specified time period, then all fees, inclusive of the Deduction Amount, will be immediately due and payable, and failure to pay these fees may result in your account being suspended or terminated for non-payment.
5.1 Term and Renewal. Your initial subscription period will be specified in your Order, and, unless otherwise specified in your Order, your subscription will automatically renew.
5.2 Notice of Non-Renewal. Each party agrees to give the other no less than ninety (90) days written notice in advance of the then current expiration date if it does not wish to renew an Order.
5.3 Termination for Convenience. You may choose to cancel your subscription early at your convenience provided that, we will not provide any refunds of prepaid fees or unused Subscription Fees, and you will promptly pay all unpaid fees due through the end of the Subscription Term. See Section 5.2 (Notice of Non-Renewal) for information on how to cancel your subscription.
5.4 Termination for Cause. Either party may terminate this Agreement for cause, as to any or all Services: (i) upon written notice to the other party of a material breach if such breach remains uncured after thirty (30) days, or (ii) immediately, if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, cessation of business, liquidation or assignment for the benefit of creditors.
We may also terminate this Agreement for cause on thirty (30) days’ notice if we determine that you are acting, or have acted, in a way that has or may negatively reflect on or affect us, our prospects, or our customers.

5.5 Suspension
5.5.1 Suspension for Prohibited Acts
We may suspend any User’s access to any or all Services without notice for use of the Service in a way that violates applicable local, state, federal, or foreign laws or regulations or the terms of this Agreement. We agree to notify you if this action becomes necessary.
5.5.2 Suspension for Non-Payment
We will provide you with notice of non-payment of any amount due. Unless the full amount has been paid, we may suspend your access to any or all of the Services ten (10) days after such notice. We will not suspend the Service if you are disputing reasonably and in good faith disputing any charge(s) and are actively cooperating to resolve the dispute. If a Service is suspended for non-payment, we may charge a re-activation fee to reinstate the Service.
5.5.3 Suspension for Present Harm
We may, with electronic or telephonic notice to you, suspend all or any access to the Service if any of the following result from your use of the Service:
(i) Being subjected to denial-of-service attacks or other disruptive activity
(ii) Being used to engage in denial-of-service attacks or other disruptive activity
(iii) Creating a security vulnerability for the Service
(iv) Consuming excessive bandwidth as determined by us
(v) Causing harm to us
We will try to limit suspension of the Service to the affected portion of the Service and promptly resolve the issues causing its suspension. Nothing in this clause limits our right to terminate for cause as outlined above, if we determine that you are acting, or have acted, in a way that has or may negatively reflect on or affect us, our prospects, or our customers.
5.5.4 Suspension and Termination of Free Services
We may suspend, limit, or terminate the Free Services for any reason at any time without advanced notice.
5.6 Effect of Termination or Expiration. Upon termination or expiration of this Agreement, you will stop all use of the Service. If you terminate this Agreement for cause, we will promptly refund any prepaid but unused fees covering use of the Service after termination. If we terminate this Agreement for cause, you will promptly pay all unpaid fees due through the end of the Subscription Term. Fees are otherwise non-refundable.
6.1 Customer’s Proprietary Rights. You own and retain all rights to the Customer Materials and Customer Data. This Agreement does not grant us any ownership rights to Customer Materials and Customer Data. You grant permission to us and our licensors to use the Customer Materials and Customer Data only as necessary to provide the Service and Professional Services to you and as otherwise permitted by this Agreement. If you are using the Service or receiving Professional Services on behalf of another party, then you represent and warrant that you have all sufficient and necessary rights and permissions to do so.
6.2 Limits on PhishingBox. We will not use, or allow anyone else to use, Customer Data to contact any individual or company except as you direct or otherwise permit. We will use Customer Data only in order to provide the Service and Consulting Services to you and only as permitted by applicable law and this Agreement.
6.3 Data Privacy. Our data privacy practices, including deletion practices related to privacy, are outlined in our Privacy Policy, available at https://www.phishingbox.com/privacy.
6.4 Data Protection. PhishingBox will maintain an information security program to prevent unauthorized access to your non-public information. We maintain a trust center to outline our key security controls, compliance practices, and other key information. This information is available at https://www.phishingbox.com/resources/trust-center.
6.4.1 Breach Notification. PhishingBox will take immediate action to remedy any known security breaches to the Service. In addition, PhishingBox will notify you within 72 hours of any known or suspected disclosure of your Confidential Information.
6.5 Customer Data Transfers. We and our Affiliates may transfer Customer Data (including Personal Data) to the United States in connection with the Service. To the extent we process Personal Data from the European Economic Area, the United Kingdom and/or Switzerland, or Personal Data that is subject to the protection of European data protection laws, PhishingBox agrees to abide by and process EU Data in compliance with the SCCs in the form set out in Annex C of our SCC document.
6.6 Retention, Deletion and Retrieval of Customer Data. For active accounts, we will retain all data within our system unless such data is deleted by Customer. For data that is deleted by Customer, such data may remain on backup or archivable media for some time. For inactive accounts, data may be removed after a period of inactivity.
7.1 This Agreement governs access to and use of the Service, and you are not granted a license to any software. The Service and Professional Services are protected by intellectual property laws and, as such, they belong to and are the property of us or our licensors (if any). You agree not to copy, rent, lease, sell, distribute, or create derivative works based on PhishingBox Content, the Service, or the Professional Services in whole or in part, by any means, except as expressly authorized in writing by us.
7.1.1 Our trademarks include, but aren’t limited to, those listed at https://www.phishingbox.com/trademarks (which we may update at any time without notice to you) and you may not use any of these without our prior written permission. You may only use these trademarks or logos for promotional purposes to identify yourself as a customer of the Services, provided you do not attempt to claim any ownership of the marks by incorporating any of them within your names or offerings and you abide by the guidelines outlined in https://www.phishingbox.com/company/branding.
7.2 We encourage our customers to comment on the Service or Professional Services, provide suggestions for improvements, and vote on suggestions. You agree that all such comments and suggestions will be non-confidential and that we own all rights to use and incorporate them into the Service or Professional Services, without payment or attribution to you.

You are solely responsible for Customer Data and Customer Materials. You represent and warrant that you own or have permission to use all intellectual property rights (such as copyright and trademark rights) in the Customer Data and Customer Materials. You grant us and our Affiliates a worldwide, irrevocable, royalty-free, nonexclusive, sublicensable license to use, reproduce, create derivative works of, distribute, publicly perform, publicly display, transfer, transmit, distribute, and publish Customer Materials and subsequent versions of Customer Materials for the purposes of (i) displaying templates to our customers on the Service, (ii) distributing and/or facilitating distribution of messages that contain Customer Materials either electronically or via other media, (iii) marketing the Service or any other product or service, and/or (iv) storing Customer Materials in a database accessible by others, for a charge or for no charge. This license shall apply to the distribution and the storage of Customer Materials in any form, medium, or technology now known or later developed, including print publication.

You acknowledge that we are not responsible or liable to you or to any third party for the content or accuracy of Customer Data and Customer Materials. We do not control the communications, information or files uploaded by Users on the Service. You may be exposed to content that you find offensive, indecent, or objectionable, or that is inaccurate, and you bear all risks associated with using that content. You understand that we have no obligation to monitor any areas of the Service through which Users can post Customer Materials. However, at any time we may screen, edit, move, delete, and/or refuse to accept any Customer Materials (from you or other customers) that in our judgment violate these terms or are otherwise objectionable, whether for legal or other reasons. This may include removing any content from the Service at any time, and we will not be liable for that removal.

8.1 The Receiving Party will: (i) protect the confidentiality of the Confidential Information of the Disclosing Party using the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind, but in no event less than reasonable care, (ii) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, (iii) not disclose Confidential Information of the Disclosing Party to any third party (except those third party service providers used by us to provide some or all elements of the Service or Professional Services and except for any Solutions Provider bound by confidentiality obligations), and (iv) limit access to Confidential Information of the Disclosing Party to those of its and its affiliates' employees, contractors and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.
8.2 The Receiving Party may disclose Confidential Information of the Disclosing Party if required to do so under any federal, state, or local law, statute, rule or regulation, subpoena or legal process; provided, however, that (i) the Receiving Party will provide the Disclosing Party with prompt notice of any request that it disclose Confidential Information, sufficient to allow the Disclosing Party to object to the request and/or seek an appropriate protective order or, if such notice is prohibited by law, the Receiving Party will disclose the minimum amount of Confidential Information required to be disclosed under the applicable legal mandate; and (ii) in no event will the Receiving Party disclose Confidential Information to a party other than a government agency except under a valid order from a court having jurisdiction requiring the specific disclosure.
You grant us the right to add your name and company logo to our customer list and website. You can opt-out of this by notifying us at [email protected].
You will indemnify, defend and hold us and our Affiliates harmless, at your expense, against any third-party claim, suit, action, or proceeding (each, an "Action") brought against us (and our officers, directors, employees, agents, service providers, licensors, and affiliates) by a third party not affiliated with us or our Affiliates to the extent that such Action is based upon or arises out of:
(a) unauthorized or illegal use of the Service by you, Users, or your Affiliates,
(b) you, Users, or your Affiliates' noncompliance with or breach of this Agreement,
(c) your, Users’, or your Affiliates’ submission of Customer Data or Customer Materials, or any use we or our customers make of it that is consistent with this Agreement,
(d) you, Users, or your Affiliates' use of Third-Party Products, or
(e) the unauthorized use of the Service by any other person using your User information.
We will: notify you in writing within thirty (30) days of our becoming aware of any such claim; give you sole control of the defense or settlement of such a claim; and provide you (at your expense) with information and assistance reasonably requested by you to handle the defense or settlement of the claim. You will not accept any settlement that (i) imposes an obligation on us; (ii) requires us to make an admission; or (iii) imposes liability not covered by these indemnifications or places restrictions on us without our prior written consent.



11.4 Third Party Products.
12.1 Amendment; No Waiver. We may modify any part or all of the Agreement by posting a revised version at https://www.phishingbox.com/terms. The revised version will become effective and binding the next business day after it is posted. We will provide you notice of this revision by email or in-app notification.

If you do not agree with a modification to the Agreement, you must notify us in writing within thirty (30) days after we send notice of the revision. If you give us this notice, then your subscription will continue to be governed by the terms and conditions of the Agreement prior to modification until your next renewal date, after which the current terms posted at www.phishingbox.com/terms will apply. However, if we can no longer reasonably provide the subscription to you under the terms prior to modification (for example, if the modifications are required by law or result from general product changes), then the Agreement and/or affected Services will terminate upon our notice to you and we will promptly refund any prepaid but unused fees covering use of the Service after termination.

No delay in exercising any right or remedy or failure to object will be a waiver of such right or remedy or any other right or remedy. A waiver on one occasion will not be a waiver of any right or remedy on any future occasion.

12.2 Force Majeure. Neither party will be responsible for failure or delay of performance if caused by an act of war, hostility, or sabotage; act of God; electrical, internet, or telecommunication outage that is not caused by the obligated party; pandemic; government restrictions; or other event outside the reasonable control of the obligated party. Each party will use reasonable efforts to mitigate the effect of a force majeure event.

12.3 Actions Permitted. Except for actions for nonpayment or breach of a party’s proprietary rights, no action, regardless of form, arising out of or relating to this Agreement may be brought by either party more than one (1) year after the cause of action has occurred.

12.4 Relationship of the Parties. You and we agree that no joint venture, partnership, employment, or agency relationship exists between us.

12.5 Third Party Sites and Products. Third-Party Sites and Products are not under our control. Third-Party Sites and Products are provided to you only as a convenience, and the availability of any Third-Party Site or Product does not mean we endorse, support or warrant the Third-Party Site or Product.

12.6 Compliance with Laws. We will comply with all U.S. state and federal laws (where applicable) in our provision of the Service, the Professional Services, and our processing of Customer Data. We reserve the right at all times to disclose any information as necessary to satisfy any law, regulation, legal process or governmental request.

You will comply with all laws in your use of the Service and Consulting Services, including any applicable export laws.

You will comply with the sanctions programs administered by the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury in your use and receipt of the Service and Professional Services.

You will not directly or indirectly export, re-export, or transfer the Service or Professional Services to prohibited countries or individuals or permit use of the Service or Professional Services by prohibited countries or individuals.

12.7 Severability. If any part of this Agreement or an Order is determined to be invalid or unenforceable by applicable law, then the invalid or unenforceable provision will be deemed superseded by a valid, enforceable provision that most closely matches the intent of the original provision and the remainder of this Agreement will continue in effect.

12.8 Arbitration. All disputes, claims and/or controversies, including but not limited to billing disputes, matters of construction, interpretation and/or enforcement, arising out of or in any way connected to this Agreement shall be submitted for final and binding resolution to a single arbitrator selected in accordance with the rules of the American Arbitration Association. The arbitration shall take place in Lexington, Kentucky. The award rendered by the arbitrator may be entered as a judgment in any court of competent jurisdiction. The cost of the arbitration and the attorneys' fees of the prevailing party shall be assessed against the party against whom the award is rendered.

12.9 Notices.
Each party giving or making any notice, request, demand, or other communication required or permitted by this agreement shall give that notice in writing and use one of the following types of delivery: personal delivery, mail (registered or certified, postage prepaid, return-receipt requested), nationally recognized overnight courier (fees prepaid), or electronic mail.
For Customer: The address maintained with the PhishingBox system for any administrator level user.
For PhishingBox:
PhishingBox LLC
400 East Vine Street, Suite 301
Lexington, KY 40507
[email protected]
12.10 Language. All communications and notices to be made or given pursuant to this Agreement shall be in the English language. We might make versions of this Agreement available in languages other than English. If we do, the English version of this Agreement will govern our relationship and the translated version is provided for convenience only and will not be interpreted to modify the English version of this Agreement.

12.11 Entire Agreement. This Agreement (including each Order), along with our Privacy Policy at https://www.phishingbox.com/privacy-policy is the entire agreement between us for the Service and Professional Services and supersedes all other proposals and agreements, whether electronic, oral or written, between us. Our obligations are not contingent on the delivery of any future functionality or features of the Service or dependent on any oral or written public comments made by us regarding future functionality or features of the Service.

12.12 Purchase Orders. We object to and reject any additional or different terms proposed by you, including those contained in your purchase order, acceptance or website.

12.13 Assignment. You will not assign or transfer this Agreement without our prior written consent, except that you may assign this Agreement to a successor by reason of merger, reorganization, sale of all or substantially all of your assets, change of control or operation of law, provided such successor is not a competitor of ours. We may assign this Agreement to an Affiliate, or in the event of a merger, reorganization, sale of all or substantially all of our assets, change of control or operation of law.

12.14 No Third-Party Beneficiaries. Nothing in this Agreement, express or implied, is intended to or will confer upon any third-party person or entity any right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.

12.15 Contract for Services. This Agreement is a contract for the provision of services and not a contract for the sale of goods. The provisions of the Uniform Commercial Code (UCC), the Uniform Computer Information Transaction Act (UCITA), or any substantially similar legislation as may be enacted, will not apply to this Agreement. If you are located outside of the territory of the United States, the parties agree that the United Nations Convention on Contracts for the International Sale of Goods will not govern this Agreement or the rights and obligations of the parties under this Agreement.

12.16 Governing Law. This Agreement is governed by the laws of the United States and the Commonwealth of Kentucky, without reference to conflict of laws principles.

12.17 Authority. Each party represents and warrants to the other that it has full power and authority to enter into this Agreement and that it is binding upon such party and enforceable in accordance with its terms. Each party further warrants and represents that it has the authority to secure its Affiliates’ compliance with the terms of this Agreement.

12.18 Survival. The following sections will survive the expiration or termination of this Agreement: Section 2 (Definitions), Section 4 (Fees), Section 5.5.4 (Suspension and Termination of Free Services), Section 5.6 (Effect of Termination or Expiration), Section 6.1 (Customer’s Proprietary Rights), Section 7 (Intellectual Property), Section 8 (Confidentiality), Section 9 (Publicity), Section 10 (Indemnification), Section 11 (Disclaimers; Limitations of Liability), and Section 12 (Miscellaneous).
12.19 Precedence. In the event of a conflict between the terms of the Agreement and an Order, the terms of the Order shall control, but only as to that Order.
12.20 Anti-Bribery.
12.20.1 PhishingBox warrants that PhishingBox and its subcontractors are familiar with and knowledgeable about all relevant laws, rules regulations, decrees, federal, state and local, which are now applicable to the Agreement and any Services performed in connection herewith, including without limitation, those pertaining to health, safety, security, and environmental protection (hereinafter sometimes referred to as the "Laws"), and PhishingBox warrants that in conducting the Services hereunder it will comply with all such Laws.
12.20.2 PhishingBox shall not pay any fee, commission, rebate, or other value to or for the benefit of any governmental official having jurisdiction over the Services, if such payment would be inconsistent with or penalized by the Laws and regulations of the United States.
12.20.3 PhishingBox and Customer each agree and undertake to the other that in connection with this Agreement and the transactions contemplated by this Agreement, they will each respectively comply with all applicable Laws, rules, regulations, decrees and/or official governmental orders of the United States relating to anti-bribery and anti-money laundering.
12.20.4 PhishingBox agrees, undertakes and confirms that its employees, officers, directors, agents, representatives and subcontractors have not, in connection with the transactions contemplated by this Agreement or in connection with any other business transactions involving the Customer made, offered or promised to make, and will not make, offer, or promise to make, any payment or other transfer of anything of value, including without limitation the provision of any service, gift or entertainment, directly or indirectly to: (i) any government official (including directors, officers and employees of government-owned and government-controlled companies and public international organizations); (ii) any director, officer, employee representative or agent of the Customer; (iii) any political party, official of a political party, or candidate for public office; (iv) an agent or intermediary for payment to any of the foregoing; or (v) any other person for the purpose of obtaining or influencing the award of or carrying out this Agreement, if, and to the extent that to do so is or would be in violation of or inconsistent with the anti-bribery or anti-money laundering Laws of any relevant jurisdiction, including, without limitation, the U.S. Foreign Corrupt Practices Act, and, if applicable, the U.K. Anti-Terrorism, Crime and Security Act 2001 and successor legislation, the applicable country legislation implementing the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.
For the purpose of this Section 12.20, the term "government official" shall mean any director, officer or employee of any government or any department, agency or instrumentality thereof, and/or of any enterprise in which a government owns an interest, and/or of any public international organization. This term also includes any person acting in any official, administrative or judicial capacity for or on behalf of any such government or department, agency, instrumentality, company, or public international organization.
12.20.5 PhishingBox agrees and undertakes that, in connection with this Agreement, and in connection with any other business transactions involving Customer in the United States and United Kingdom, if applicable, PhishingBox and its Affiliates have and will apply effective disclosure controls and procedures; have and will maintain books, records, and accounts which, in reasonable detail, accurately and fairly reflect the transactions undertaken and the disposition of assets; and have and will maintain an internal accounting controls system that is sufficient to ensure the proper authorization, recording and reporting of all transactions and to provide reasonable assurance that violations of the anticorruption Laws of the applicable jurisdictions will be prevented, detected and deterred.
12.20.6 In the event that Customer has any basis for a good faith belief that PhishingBox may not be in compliance with the undertakings and/or requirements set forth in this Section 12.20, Customer shall advise PhishingBox in writing of its good faith belief, and PhishingBox shall cooperate fully with any and all inquiries undertaken by or on behalf of Customer in connection therewith, including the provision by PhishingBox of personnel and supporting documents and affidavits if reasonably deemed necessary by Customer.
12.20.7 Subject to the requirements of this Section 12.20 and without prejudice to any other rights or remedies Customer may have hereunder or at law (including, as applicable, the right to damages for breach of Agreement), Customer shall have the right to terminate this Agreement with immediate effect if Customer reasonably believes in good faith that any of the foregoing agreements, undertakings or requirements set forth in this Section 20.20 have not been complied with or fulfilled by PhishingBox; PROVIDED, HOWEVER, that Customer shall have provided PhishingBox with written notice of its intention to terminate the Agreement under the provisions of this Section 12.20, together with a summary of the reasons therefore, and that PhishingBox has been unable within five (5) business days of delivery of such notice to provide Customer with evidence that demonstrates, to Customer’s reasonable satisfaction, that PhishingBox has not failed to comply with or fulfill any of the foregoing agreements, undertakings or requirements.
12.20.8 PhishingBox hereby warrants and represents to Customer that it provides annual training to its employees on detection and prevention of corruption and business ethics. PhishingBox has controls in place to avoid conflicts of interests that could result from personal relationships between any of the owners or key personnel of PhishingBox or their relatives and a government official.

In witness whereof, the parties hereto have caused this Agreement to be executed by their duly authorized representatives.