Last Updated: April 20, 2025
Welcome to Nexsecure! These Terms of Service (“Terms”) govern your access to and use of the Nexsecure security awareness training platform and associated services (“Service”). By signing an order, creating an account, or using the Service, you (the “Customer”) agree to be bound by these Terms. If you are accepting on behalf of a company or other legal entity, you represent that you have the authority to bind that entity to these Terms. Do not use the Service if you do not agree with these Terms. Nexsecure and Customer are each referred to as a “Party,” and together as the “Parties.”
The Service is intended for businesses and organizations. You must be of legal age (18 years or older) and legally capable of entering into contracts to use the Service. The Service is not for personal, family, or household use, and is not directed to children under 18. Customer represents and warrants that it and its users meet these eligibility requirements and that all registration information provided is accurate and up-to-date.
To access the Service, Customer will create an account and designate an administrator (“Account Admin”). The Account Admin can invite or manage Customer’s authorized end users (e.g. employees, contractors) (“Authorized Users”). Customer is responsible for safeguarding account credentials and for all activities under its account. Share credentials only with Authorized Users on a need-to-know basis and notify Nexsecure immediately of any unauthorized access or security breach. Nexsecure may require multi-factor authentication or other security measures for account access.
All use of the Service by Customer’s Authorized Users must comply with these Terms. Customer is liable for its Authorized Users’ actions and omissions on the platform. Customer shall ensure that each Authorized User only uses the Service for Customer’s internal business purposes and in accordance with Section 5 (Acceptable Use). The Account Admin is responsible for assigning appropriate access permissions to Authorized Users and promptly removing access for any individuals who should no longer have it (e.g., upon termination of employment).
Customer understands that the Account Admin will have the ability to configure the Service for Customer’s organization, including launching simulated phishing or smishing campaigns, assigning training modules, and viewing user performance. By designating an Account Admin and using the Service, Customer consents to Nexsecure acting on the instructions and inputs of that Admin as if they were from Customer. Nexsecure will not be responsible for internal management of the account (such as adding/removing users or obtaining any necessary user consents); those are Customer’s responsibilities, unless you choose to upgrade to a higher service level.
Nexsecure provides an online platform for security awareness training, which may include an interactive dashboard, phishing email and SMS (smishing) simulation tools, video-based e-learning modules, AI-generated threat content for training purposes, analytics and reporting, and related features (“Platform” or “Service”). The Service is delivered as a cloud-based software-as-a-service (SaaS), hosted on Amazon Web Services (AWS) cloud infrastructure.
Subject to Customer’s compliance with these Terms and payment of all applicable fees, Nexsecure grants Customer a limited, non-exclusive, non-transferable license during the subscription term to access and use the Service (and to permit its Authorized Users to access and use the Service) solely for Customer’s internal security awareness training purposes. This license allows use of Nexsecure’s training content, software, and documentation only as explicitly permitted by these Terms. All rights not expressly granted to Customers are reserved by Nexsecure and its licensors.
Customer’s access is limited to the features, modules, and number of Authorized Users (or “seats”) specified in Customer’s subscription plan or order form (“Order”). For example, if Customer has purchased a plan for 100 users or a specific feature tier, Customer shall not allow more than 100 individuals to use the Service and shall not access features not included in its plan. Do not exceed the usage quantities or limits in your Order. Nexsecure may monitor usage, and if Customer exceeds its purchased limits, Nexsecure reserves the right to bill for the overage or require an upgrade to the appropriate plan.
If Customer is using a free trial, beta, or other evaluation version of the Service (“Trial Service”), such use is permitted only for the period and purposes communicated by Nexsecure. Trial Service is provided “as is” without warranties (see Section 11) and may be subject to reduced or different functionality, usage limits, or support, at Nexsecure’s discretion. Nexsecure may terminate or suspend a Trial Service at any time. ANY DATA Customer enters into a Trial Service may be lost upon termination unless Customer exports it beforehand or converts to a paid subscription.
Nexsecure may continually improve and update the Service. Customers acknowledge that features and functionality of the Service may change over time. Material changes to the Terms will be handled as described in Section 13.3 (Modification of Terms). Nexsecure will use reasonable efforts to notify customers (e.g., via the dashboard or email) about major updates or feature changes.
“Customer Data” means any data, information, or content that Customer or its Authorized Users input, upload, or transmit to the Service. This includes, for example, employee information (names, emails, phone numbers), organizational units, or any custom training content Customer provides. Customer retains ownership of all Customer Data. Except as set forth in this Agreement, Nexsecure obtains no ownership rights in Customer Data.
Customer hereby grants Nexsecure and its subcontractors a license to host, store, process, and transmit Customer Data as necessary to provide the Service and support to Customer. Nexsecure will only use Customer Data to fulfill its obligations to deliver the Service, to provide technical support, and as otherwise permitted by these Terms or by law. Nexsecure will not disclose Customer Data to third parties except: (a) as Customer directs, (b) as described in our Privacy Policy or Data Processing Addendum (if applicable), or (c) as required by law (in which case we will, if legally permitted, give Customer notice and an opportunity to object). Nexsecure does not sell Customer Data or use it for marketing or advertising.
The Parties agree to comply with all applicable data protection and privacy
laws in connection with the Service. Nexsecure’s Privacy Policy explains how
we collect and handle personal information within the Service. In general,
for any personal data of Customer’s end users provided to Nexsecure,
Customer is the data controller (or equivalent) and Nexsecure is a data
processor/service provider. This means Customer is responsible for having
proper authority or consent to disclose that personal data to Nexsecure for
the intended purpose. Customer represents and warrants that it has obtained
all necessary consents or notices for Nexsecure to process any personal data
of Authorized Users or training recipients under applicable laws (for
example, satisfying requirements of laws such as the California Consumer
Privacy Act (CCPA) or GDPR where applicable). If required by law, Customer
will inform its employees and users that their personal data will be used in
the Service and may be transferred to Nexsecure.
Nexsecure will process personal data only as instructed by Customer and in
accordance with our Data Processing Addendum (DPA), which is hereby
incorporated by reference for Customers subject to GDPR or similar laws.
Among other things, Nexsecure will implement appropriate technical and
organizational measures to protect personal data, will assist Customer in
fulfilling data subject rights requests received under CCPA or other laws,
and will notify Customer of any data breaches involving Customer Data as
required by law.
Customer agrees not to use the Service to store or transmit highly sensitive personal information that is not necessary for the Service. Prohibited data types include (except where Nexsecure has expressly agreed in writing): government-issued identification numbers, financial account or payment card information, personal health or medical records (PHI as defined under HIPAA), or any information subject to special regulatory protection (such as health information, financial records, biometric data, or information about children). Nexsecure provides security awareness training (including HIPAA-themed training content for healthcare organizations), but the platform is not designed to process actual patient health records or payment card transactions. If Customer is a regulated entity (e.g., a healthcare provider or financial institution) and requires Nexsecure to handle any regulated personal data, Customer must notify Nexsecure and enter into any additional agreements required by law (such as a Business Associate Agreement for HIPAA) before uploading such data. Nexsecure reserves the right to delete or anonymize any sensitive data accidentally uploaded in violation of this clause, and Nexsecure shall have no liability arising from Customer’s input of prohibited data.
Nexsecure uses Amazon Web Services (AWS) and other reputable cloud service providers to host the Platform and Customer Data. We maintain administrative, physical, and technical safeguards designed to protect the security, confidentiality, and integrity of Customer Data. Such measures include encryption of data in transit (TLS) and at rest, network firewalls, access controls, vulnerability management, and regular backups. Nexsecure’s security program adheres to industry standards (including SOC 2 and ISO 27001 principles) to ensure a high level of protection. Customer is responsible for safeguarding its account credentials and for configuring the Service (to the extent options are available) in a secure manner (e.g., enforcing strong passwords for its users). While Nexsecure employs robust security, Customer acknowledges that no service can be guaranteed 100% secure and Customer uses the Service at its own risk. Nexsecure will promptly inform Customer of any Security Breach that we become aware of which affects Customer Data, and will provide information and cooperation reasonably required for Customer to comply with any breach notification obligations.
During the subscription term, Customer may access and export its Customer Data at any time. Upon termination or expiration of Customer’s subscription, Nexsecure will retain Customer Data for 60 days (the “Retention Period”) to allow Customer to retrieve any needed information. After the Retention Period, Nexsecure will delete or render unreadable all remaining Customer Data in its production systems, except for limited data that may be required to be retained for legal or compliance purposes (which remains subject to the confidentiality and security obligations herein). It is Customer’s responsibility to export or back up any Customer Data it wishes to keep before the Retention Period ends. Nexsecure shall not be liable for any deletion of Customer Data as provided in this section.
Customer and its Authorized Users must use the Service responsibly and in accordance with the following acceptable use requirements (“Acceptable Use Policy” or “AUP”). Any violation of this Section 5 is grounds for suspension or termination of Service (see Section 12).
When using Nexsecure, you agree NOT to:
By adhering to this Acceptable Use Policy, you help us maintain a safe and effective training environment for all users. Nexsecure may suspend the Service (in whole or part) without advance notice if we believe, in our reasonable judgment, that it’s urgently necessary to protect the Service or others from significant harm (for example, stopping a sudden attack, or halting a misuse that poses legal risk). We will inform Customer as soon as practicable and work with you in good faith to resolve the issue. Repeated or serious violations of the above rules may result in termination of your account per Section 12.
As part of the Service, Nexsecure provides a library of security awareness training content and tools (“Nexsecure Content”). This includes, for example: training videos, tutorial episodes, quizzes, games, phishing email templates, fake login pages, newsletters, infographics, and any AI-generated threat simulation content created by the Platform. All Nexsecure Content, and all software, know-how, and technology used to provide the Service, are the property of Nexsecure or its licensors. These are protected by intellectual property laws (copyright, trademark, etc.). Customer does not acquire any ownership rights in the Service or Nexsecure Content. Rather, during the subscription term, Nexsecure grants Customer a limited license to use the Nexsecure Content for its internal training purposes, as part of the Service.
Subject to these Terms, Customer may access, stream, and use the Nexsecure Content included in its subscription with its Authorized Users. For example, Customer’s employees may watch our training videos, and Customer’s administrators may send out Nexsecure-provided phishing templates to those employees as simulations. This license is non-exclusive, non-transferable, and revocable upon termination. Customer and its users may not download or copy Nexsecure Content except as enabled by the Service interface or expressly permitted by Nexsecure. If certain content (such as posters or infographics) are made available for download, you may download and use those internally but must not remove Nexsecure branding or copyright notices. All Nexsecure Content is to be used “as is” for training; you may not modify it to create derivative works, publicly display it outside your organization, or commercialize it in any way.
To protect Nexsecure’s intellectual property, Customer agrees not to do any of the following:
Nexsecure may utilize artificial intelligence to generate simulated phishing emails or other dynamic content as part of the Service. Such AI-generated content is considered part of Nexsecure Content and is provided solely for training and simulation. Nexsecure strives to ensure this content is effective and appropriate, but Customer acknowledges that automatically generated messages may not be perfect. Customer is responsible for reviewing and vetting any AI-generated phishing templates or messages that it deploys to its users. Nexsecure disclaims liability for any unintended or problematic text that might be generated by algorithms, and will promptly address any issues if notified. All AI-generated content is subject to the same use restrictions: it’s for internal training use only, and not to be published or used for actual attacks or any purpose outside the scope of the Service.
If Customer or its users provide Nexsecure with suggestions, ideas, feedback, or recommendations for the Service (“Feedback”), Nexsecure may use such Feedback without obligation. Customer hereby grants Nexsecure a royalty-free, worldwide, transferable, sublicensable license to incorporate and use any Feedback in our products or services. Feedback is not considered Customer Confidential Information and may be used by Nexsecure to improve the Service.
Customer may upload or create its own training materials or data on the Platform (for example, adding a custom policy document, or creating a phishing email template from scratch, or inputting company-specific information). Any content that Customer or its Authorized Users provide to the Service (other than account registration info, which is covered as Customer Data) will be deemed “Customer Content.” Customer retains all ownership and intellectual property rights in Customer Content. Nexsecure does not claim ownership of your Content. However, by using the Service, Customer grants Nexsecure a limited license to host, reproduce, display, and distribute Customer Content as needed to provide the Service to Customer. For example, if you upload your company’s security policy PDF to our training portal for employees to read, you give us the right to store that PDF and show it to your users on the portal.
Customer is solely responsible for the legality, reliability, and appropriateness of all Customer Content. Customer represents and warrants that it has obtained all necessary rights, permissions, or licenses for any content it uploads (for instance, if you upload an image or document, you either own it or have the right to use it in this context). Customer Content must not infringe any third-party rights or violate any laws. Nexsecure does not pre-screen Customer Content, but reserves the right to remove or disable access to any Customer Content that we believe violates these Terms or law, or that may pose harm (we will attempt to notify Customer if this occurs).
As noted in Section 4.4, Customer Content should not include sensitive personal or regulated data unless necessary. Also, Customer should not upload any content that is excessively large or not related to security training (the Service is not a general file storage service). Nexsecure may impose reasonable limits on storage or types of files to ensure performance of the Service.
Upon termination of Service, Nexsecure will make Customer Content available for export along with other Customer Data during the Retention Period (60 days). After that, Nexsecure will delete Customer Content in the same manner as other Customer Data (see Section 4.6). If Customer requires assistance extracting certain custom content (like training records or custom lessons) upon termination, Nexsecure will reasonably assist (fees may apply if it’s an extensive request).
Customer acknowledges that as part of providing the Service, Nexsecure will send certain communications to Customer and its users. There are a few categories of communications:
Customer consents (and has obtained consent from its users as needed) to receive these Service-related communications. Emails from the Service will typically come from a Nexsecure-controlled domain or a Customer-configurable domain, and SMS will come from Nexsecure’s number or short code with identification in the message when appropriate. These are not marketing messages but integral to using the Service.
Nexsecure and Customer shall each comply with applicable communication laws for any emails or texts sent via the Service. Nexsecure maintains systems in line with the CAN-SPAM Act for commercial emails and will honor any opt-out requests it directly receives from email recipients. (Note: Because phishing simulation emails are meant to mimic malicious emails, they generally do not include standard unsubscribe links; therefore, it is crucial that Customer only sends them to intended internal recipients and not the general public.) Customer agrees that it will only send simulation emails or training texts to individuals who are legally permitted to receive them – typically, Customer’s employees or contractors using their work contact information. If any recipient exercises a legal right to opt out or stop receiving such communications (for example, an employee requests not to receive texts on their personal phone), Customer is responsible for honoring that request in how it uses the Service. Nexsecure will provide tools or settings to assist (such as allowing certain users to be excluded from SMS campaigns if needed).
Customer is responsible for deciding whether and how to inform its Authorized Users about the training program and simulated attacks. Some organizations choose to notify users at hire or periodically that “You may be contacted as part of security training exercises (phishing simulations, etc.).” Others may obtain written consent. While Nexsecure leaves this to Customer’s discretion, Customer agrees to do so as required by any applicable laws or workplace policies. If an Authorized User directly contacts Nexsecure to complain or opt out of communications, Nexsecure will inform Customer and follow Customer’s direction (to the extent consistent with law) since Customer is the one administering the training.
Any legal notices or communications required under this Agreement (for example, notice of material changes to terms, breach notifications, or suspension notices) will be sent to the Customer’s designated contact(s), which may include the Account Admin’s email. Customer is responsible for keeping its contact information current. Notices will be deemed received when sent to the last provided email address of Customer (or immediately when posted within the Service interface for Customer).
Customer agrees to pay all fees specified in the Order or pricing plan for the chosen subscription (e.g., annual subscription fee based on number of users, or monthly fees, etc.). All fees are payable in the currency and on the schedule stated in the Order. Unless otherwise stated, payments are due net 30 days from invoice date. Nexsecure may charge interest on overdue amounts at the rate of 1.5% per month (or the highest rate allowed by law, if lower), from the due date until paid.
Fees are exclusive of any taxes, levies, or duties. Customer is responsible for any applicable taxes (e.g., sales, use, VAT, GST) on the Services, other than taxes on Nexsecure’s income. If Customer is tax-exempt, it shall provide Nexsecure with a valid exemption certificate.
If specified in the Order, subscriptions will automatically renew for additional terms (e.g., one year) unless either Party gives notice of non-renewal at least 30 days before the current term ends. Subscription fees for each renewal term may be adjusted as per our then-current pricing, but Nexsecure will notify Customer of any increase at least 45 days prior to renewal. Customer can opt out of auto-renewal by notifying Nexsecure in writing (email is sufficient).
If Customer’s account is overdue on payment, Nexsecure reserves the right to suspend access to the Service provided that Nexsecure has given a prior written warning (email acceptable) of at least 10 days. Suspension will be lifted promptly once the account is brought current. Continued non-payment may result in termination for breach pursuant to Section 12.2. Customer will remain responsible for fees incurred for Services up to the date of suspension or termination.
“Confidential Information” means any business or technical information disclosed by one Party (“Discloser”) to the other (“Recipient”) that is identified as confidential or proprietary, or that should reasonably be understood to be confidential given the nature of the information and the context of disclosure. For clarity: Customer Confidential Information includes Customer Data and Customer’s non-public business plans; Nexsecure Confidential Information includes the Service software, documentation, pricing, and any non-public reports or security information.
Recipient shall use the same degree of care to protect Discloser’s Confidential Information as it uses to protect its own confidential info, but not less than a reasonable standard of care. Recipient will not use Confidential Information except to exercise its rights or perform its obligations under these Terms. Recipient will not disclose Confidential Information to any third party except to its affiliates, contractors, or advisors who need to know it for the permitted purpose and are bound by confidentiality obligations at least as protective as these Terms. Recipient is responsible for any breaches of confidentiality by those third parties.
Confidential Information does not include information that: (a) is or becomes publicly available without breach by Recipient; (b) was known to Recipient prior to disclosure by Discloser without confidentiality obligation; (c) is obtained by Recipient from a third party not under an obligation of confidence; or (d) is independently developed by Recipient without use of Discloser’s info.
If Recipient is legally compelled (by subpoena, court order, or regulation) to disclose Confidential Information, it shall provide prompt notice to Discloser (if legally allowed) and reasonably cooperate with any attempt by Discloser to seek a protective order or other appropriate remedy. If disclosure is still required, Recipient will disclose only the minimum amount of information necessary to comply with the requirement.
Upon Discloser’s request or upon termination of the Agreement, Recipient will return or destroy Discloser’s Confidential Information, provided that Recipient may retain copies as required by law or automated backups, in which case the confidentiality obligations hereunder continue to apply.
Nexsecure provides the Service and all related content “AS IS” and “AS AVAILABLE,” without any warranties of any kind. To the maximum extent permitted by law, Nexsecure disclaims all warranties, express or implied, including implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement. Nexsecure does not guarantee that: (a) the Service will be uninterrupted, error-free, or completely secure; (b) training content or simulations will meet Customer’s specific needs or expectations; (c) any security incidents will be prevented by using the Service; or (d) errors or defects will be corrected.
Customer acknowledges that security awareness training (including phishing simulations) is intended to reduce, but cannot eliminate, the risk of human error or security breaches. Nexsecure makes no warranty or guarantee that Customer or its users will not experience any cybersecurity incidents or that the training will result in any particular outcome (such as a specific percentage improvement in phishing click rates). All content provided is for educational purposes – it is not legal, accounting, or other professional advice. For example, while we offer HIPAA training modules, we are not a law firm and we do not warrant that using our Service will fulfill any legal or regulatory training requirements for Customer’s industry. Customer should consult its own advisors for guidance on compliance and cybersecurity practices.
The Service may integrate or interoperate with third-party services or software (for example, an API to connect to Customer’s HR system, or the use of an email gateway, or browser extensions for certain features). Nexsecure is not responsible for any third-party services or content that are outside of our control. We do not warrant or support third-party products even if the Service links to them or uses them. Any third-party services are governed by the terms of those third parties, and Customer is responsible for complying with those terms if it chooses to use the integrations.
Some content or features may also rely on third-party data (e.g., threat intelligence feeds, public blacklists, AI models provided by third parties). Nexsecure will use reasonable care in selecting third-party inputs but provides no warranty for the accuracy or reliability of third-party data or services.
From time to time, Nexsecure may offer early access to new features or beta services. Those are provided “as is” and solely for evaluation, and may not be as reliable or available as the main Service. We’ll identify beta or pilot features clearly, and your use of them is at your discretion.
In summary, Customer uses the Service at its own risk. Nexsecure’s warranties are limited to those expressly stated in this Agreement. No advice or information obtained from Nexsecure or through the Service shall create any warranty not expressly stated in these Terms.
This Agreement starts when Customer first accepts it and continues for as long as Customer has an active subscription or account with Nexsecure. Each subscription term will be as specified in the Order (e.g., one year, unless terminated earlier). If auto-renewal is enabled, the Agreement continues through each renewal term until terminated.
Either Party may elect not to renew a subscription by providing at least 30 days’ notice prior to the end of the current term. Additionally, Customer may terminate the Agreement for convenience by cancelling its subscription (through the interface or by written notice to Nexsecure), but (unless otherwise required by law or explicitly stated in a refund policy) Customer will not be entitled to any refund of prepaid fees for the then-current term except in Nexsecure’s discretion.
Either Party may terminate this Agreement for cause if the other Party materially breaches these Terms and fails to cure such breach within 30 days after receiving written notice detailing the breach. However, Nexsecure may terminate the Agreement (or the applicable Order) on 10 days’ notice for Customer’s failure to pay fees when due, if not cured within that notice period. There is no cure period for a breach that by its nature cannot be cured (for example, if Customer violates Section 5 in a way that causes irreparable harm, we may terminate immediately upon notice).
As noted in Section 5, Nexsecure may suspend the Service or Customer’s account immediately in order to prevent harm, fraud, or illegal activity, or if required by law. Nexsecure will lift any such suspension when the issue is resolved. Suspension of the Service for non-payment is also permitted after notice (see Section 9.4).
Upon termination or expiration of the Agreement or an Order: (a) Customer’s rights to access or use the Service will cease (Nexsecure will disable the account at the effective termination date); (b) each Party will return or, if requested, destroy the other Party’s Confidential Information in its possession (subject to Section 10.5 retention rights); (c) Customer shall promptly pay any outstanding fees for the remaining term (if Customer terminated for Nexsecure’s breach, we will refund any prepaid fees for the period after termination; otherwise, if Nexsecure terminates for Customer’s breach, no refund is due and any unpaid fees for the term become immediately due).
Customer’s export rights and data deletion are described in Section 4.6 – Nexsecure will make Customer Data available for 60 days so Customer can retrieve it, after which Nexsecure will securely delete stored Customer Data. Customer is responsible for downloading any training certificates or records it may need for compliance before the account is closed or during the 60-day window.
After termination, users will no longer be able to log in, and any scheduled phishing campaigns or emails will be canceled. Customer must immediately discontinue all use of Nexsecure Content, and destroy any copies of Nexsecure’s training materials or documentation that are not publicly available. If Customer had installed any Nexsecure software components (for example, an Outlook plugin or a training video file), Customer should uninstall or delete those. At Nexsecure’s request, an officer of Customer will certify in writing that all Nexsecure Content has been removed from Customer’s systems.
Any terms that by their nature should survive termination will survive, including payment obligations (for amounts accrued), confidentiality (Section 10), warranty disclaimers (Section 11), liability limitations (Section 13), and any license restrictions or obligations to destroy content.
Termination does not relieve either Party from liability for breaches occurring prior to termination. If the Agreement is terminated, Sections 4.2, 4.5, and 4.6 (with respect to Nexsecure’s post-termination handling of data) also survive.
To the fullest extent permitted by law, each Party’s total liability arising out of or related to this Agreement (for any and all claims) is limited to the amount actually paid or payable by Customer to Nexsecure in the twelve (12) months immediately preceding the event giving rise to the claim. If no fees were paid (for example, use of a free trial), Nexsecure’s liability is limited to $100. This limitation applies regardless of the theory of liability (contract, tort, negligence, strict liability, etc.).
Neither Party will be liable to the other for any indirect, incidental, special, consequential, punitive, or exemplary damages, or for any loss of profits, revenue, goodwill, or data, even if the Party knew or should have known such damages were possible. This exclusion includes any losses caused by a cybersecurity breach or incident occurring to Customer, or any end-user dissatisfaction, that might not have occurred had they not used the Service (Customer acknowledges the Service is a preventative/educational tool, not a guarantee against incidents).
For example, Nexsecure is not liable for: business interruption costs, costs of procuring substitute services, reputational harm, loss of business opportunities, or claims by third parties (except as provided in Section 13.4 below). Some jurisdictions do not allow exclusion of certain damages, so to that extent, this exclusion may not apply and liability for those damages is limited to the smallest amount allowable by law.
The limitations in Sections 13.1 and 13.2 do not apply to: (a) a Party’s willful misconduct or gross negligence; (b) Customer’s obligation to pay fees due; (c) breaches of confidentiality (Section 10) or violation of the other Party’s intellectual property rights (including Customer’s misuse of Nexsecure’s content beyond the license granted); or (d) amounts payable to third parties under an indemnification claim in Section 13.4. In no event will either Party’s aggregate liability for the exceptions (a)–(d) exceed two times the liability cap set forth in Section 13.1, except for willful misconduct which shall have no cap (but only if a court of competent jurisdiction determines that unlimited liability is required by law for that misconduct).
By Nexsecure (IP Infringement): Nexsecure agrees to defend Customer against any third-party claim alleging that the Nexsecure Service (specifically, the software or Nexsecure Content as provided by Nexsecure) infringes a U.S. patent, copyright, or trademark, or misappropriates a third party’s trade secrets, and to indemnify (pay) any final court-awarded damages or settlements approved by Nexsecure, provided that Customer: (i) promptly notifies Nexsecure of the claim; (ii) gives Nexsecure sole control of the defense and settlement of the claim; and (iii) provides Nexsecure with all information and assistance reasonably requested. Nexsecure will not settle any claim in a manner that requires Customer to admit liability or pay any money without Customer’s consent (not to be unreasonably withheld). If the Service is found to infringe, Nexsecure may, at its option, obtain the right for Customer to continue using it, or modify or replace the infringing part, or if those options are not commercially feasible, terminate the Service and refund any prepaid fees for the remaining term. Nexsecure has no obligation for any claim to the extent it arises from: Customer’s misuse or modification of the Service, combination of the Service with other products not provided by Nexsecure, or use of a version of the Service after we’ve provided a newer non-infringing version. This section states Customer’s exclusive remedy for any intellectual property infringement by the Service.
By Customer: Customer shall defend and indemnify Nexsecure against any third-party claims, damages, or expenses (including reasonable attorneys’ fees) arising out of or related to: (a) Customer’s or an Authorized User’s use of the Service in violation of these Terms or applicable law (for example, sending phishing simulations to individuals who had not consented, resulting in a privacy complaint; or using the Service to harass someone, etc.); (b) any Customer Content or data Customer provides that infringes or violates the rights of any third party (such as uploading material without permission, or violating privacy rights of an individual by uploading their data without consent); or (c) Customer’s gross negligence or willful misconduct. Nexsecure will: (i) promptly notify Customer of the claim (reasonably prompt notice such that Customer isn’t materially prejudiced); (ii) allow Customer to control the defense and settlement (with Nexsecure having the right to participate with counsel at its own expense); and (iii) provide necessary cooperation. Customer will not settle any claim that imposes liability or obligations on Nexsecure without Nexsecure’s prior written consent.
Each Party agrees to comply with all laws and regulations applicable to its provision or use of the Service. This includes (but is not limited to) data privacy laws (as discussed in Section 4.3), anti-spam and communications laws (Section 8.2), and any employment or labor laws relevant to implementing security training in the workplace.
The Service, including any software and technical data, may be subject to U.S. export control and economic sanctions laws. Customer represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports. Customer shall not permit Users to access or use the Service in a U.S.-embargoed country or region (currently, for example, North Korea, Iran, Cuba, Syria, Crimea, etc.), or in violation of any U.S. export law or regulation. Specifically, Customer will not export or re-export any part of the Service to individuals or entities on restricted-party lists (such as the U.S. Treasury Department’s list of Specially Designated Nationals or the Commerce Department’s Entity List). Customer shall also ensure that no Customer Content or data uploaded to the Service is subject to the International Traffic in Arms Regulations (ITAR) or other export-controlled classification that would require special handling. Nexsecure may suspend or terminate the Service immediately if Customer is in breach of U.S. export laws.
Customer has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value in connection with this Agreement. Both Parties shall comply with applicable anti-bribery and anti-corruption laws (such as the U.S. Foreign Corrupt Practices Act). Any violation of this section is a material breach.
Customer is solely responsible for determining the Service’s suitability for its business and for complying with any regulations in its industry. For example, if Customer is a financial institution under GLBA, or a healthcare provider under HIPAA, Customer should ensure that use of the Service aligns with those requirements. Nexsecure provides tools to facilitate compliance training (e.g., modules on HIPAA or PCI-DSS), but the ultimate compliance responsibility lies with Customer. If a government or industry regulation requires that Customer conduct certain training or obtain certifications, Customer must evaluate whether the Nexsecure content meets those standards or if supplementary measures are needed. Nexsecure makes no representation that use of the Service alone will satisfy any legal obligations of Customer.
These Terms (including any referenced documents such as an Order, Privacy Policy, and Data Processing Addendum) constitute the entire agreement between Customer and Nexsecure regarding the Service, and supersede all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter. In the event of a conflict, an Order will prevail over these Terms, and these Terms will prevail over any Privacy Policy (with respect to business terms). Any Customer purchase order or other document that purports to modify or supplement these Terms shall be void (any additional or conflicting terms on a PO are rejected and will not apply).
Nexsecure may update or modify these Terms from time to time. In case of a material change, Nexsecure will notify Customer (via email or through the Service). The updated Terms will become effective at the start of Customer’s next subscription term or 30 days after notice, whichever is sooner. If Customer does not agree to a material modification, it may terminate the Service by providing written notice within that 30-day period and receive a prorated refund of any prepaid fees for the terminated portion. Continued use of the Service after the effective date of the updated Terms constitutes acceptance of the changes. Except as otherwise provided in this section, no amendment or waiver of any provision of these Terms will be effective unless in writing and signed by both Parties.
This Agreement is governed by the laws of the State of Delaware, USA, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply. Jurisdiction: The state and federal courts located in Delaware shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement. Each Party consents to the personal jurisdiction of these courts. However, Nexsecure may seek injunctive relief in any jurisdiction to stop unauthorized use or infringement of its intellectual property.
The Parties agree to attempt in good faith to resolve any dispute informally before resorting to litigation. If a dispute arises, the concerned executives will meet (virtually or in person) to discuss and hopefully resolve the issue. If they cannot resolve it within 30 days, either Party may proceed to court. (Optional: The Parties may agree to mediation or arbitration, but unless specifically stated in an Order, disputes will be resolved in court as stated above.)
Neither Party will be liable for any delay or failure to perform its obligations (except payment obligations) due to causes beyond its reasonable control, such as acts of God, natural disasters, war, terrorism, civil unrest, epidemics or pandemics, labor shortages or strikes, electrical or internet outages not caused by the obligated Party, or governmental action. The affected Party shall give prompt notice to the other and make reasonable efforts to resume performance as soon as possible. If a force majeure event continues for more than 60 days, either Party may terminate the affected Order upon written notice.
The failure of either Party to enforce any right or provision of these Terms shall not constitute a waiver of future enforcement of that right or provision. The waiver of any breach or default shall not be a waiver of any subsequent breach or default.
If any provision of these Terms is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision will be enforced to the maximum extent permissible, and the remaining provisions of the Agreement will remain in full force and effect. The Parties will, in good faith, negotiate a valid and enforceable provision that is as similar as possible to the unenforceable provision.
Customer may not assign or transfer this Agreement (or any rights or obligations hereunder) to any third party without Nexsecure’s prior written consent, except in connection with a merger, acquisition, or sale of all or substantially all of Customer’s assets and provided the assignee agrees in writing to be bound by these Terms and is not a competitor of Nexsecure. Nexsecure may assign this Agreement freely to an affiliate or in connection with a merger, reorganization, or sale of assets. Any attempted assignment in violation of this section is void. These Terms shall bind and inure to the benefit of the Parties, their successors, and permitted assigns.
The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties. Neither Party has the authority to bind the other or incur obligations on the other’s behalf without express written consent.
Customer permits Nexsecure to include Customer’s name and logo in a list of Nexsecure’s customers on Nexsecure’s website or marketing materials. Nexsecure will abide by any brand usage guidelines provided by Customer. Customer can revoke this permission by notifying Nexsecure in writing, after which Nexsecure will remove Customer’s name/logo in future publications.
Except as otherwise specified in these Terms, all notices under this Agreement shall be in writing and will be deemed given: (a) when delivered personally; (b) when sent by email (with confirmation of transmission or read receipt) – provided, however, that for an issue of termination or an indemnifiable claim, a copy should also be sent by postal mail; or (c) one business day after being sent via a reputable overnight courier service. Notices to Customer may be sent to the email or physical address on file for the Account Admin. Notices to Nexsecure should be sent to Support@nexsecure.us.
The section headings in these Terms are for convenience only and have no legal effect. “Including” and similar words shall be interpreted as “including without limitation.” These Terms shall not be construed against the drafter.
If these Terms are ever to be physically signed, they may be executed in counterparts and delivered electronically. However, in most cases, acceptance is online. Customer’s electronic acceptance, or use of the Service, is intended by the Parties to authenticate this Agreement and to have the same force and effect as a manual signature.
By using or continuing to use Nexsecure’s Service, you confirm that you have read and understood these Terms of Service and agree to abide by them.
For any questions about these Terms, please contact Nexsecure at Support@nexsecure.us.