PacketWatch General Terms and Conditions

 

Last updated: June 3, 2026

Please read carefully: The individual accepting these Terms and Conditions on behalf of a company or other legal entity ("Client" or "you") represents and warrants that the individual has full authority to bind Client to this Agreement. Unless Client has another valid written agreement governing the purchase and use of PacketWatch Offerings, these Terms and Conditions govern the provision and use of PacketWatch Offerings. By accepting these Terms and Conditions (for example, by signing an Order Form, Master Services Agreement ("MSA"), Quote, or Statement of Work ("SOW"), or otherwise placing an order), Client enters into a binding agreement with WGM Associates LLC d/b/a PacketWatch, an Arizona limited liability company, on behalf of itself and any affiliates performing under this Agreement (collectively, "PacketWatch"). These Terms and Conditions are effective as of the earlier of (a) the date Client accepts them or (b) the date stated in the applicable Order, MSA, or SOW.

These Terms and Conditions cover all PacketWatch Offerings, but provisions regarding specific Offerings apply only to the extent Client has purchased, accessed, or used such Offerings.

1. Definitions

The following definitions apply to this Agreement:

  • Affiliate: any entity that a party directly or indirectly controls, is controlled by, or is under common control with.
  • Agreement: these PacketWatch Terms and Conditions together with each Order.
  • API: an application program (or programming) interface.
  • Client Contractor Services: products, services, or content developed or provided by Client Contractors related to the Offerings.
  • Client Contractor: any individual or entity (other than a PacketWatch Competitor) that accesses or uses a Product solely on behalf of Client for Internal Use and is bound by confidentiality obligations.
  • Client: the entity accepting this Agreement and, as applicable, any Client Affiliate that places an Order, uses or accesses an Offering, or benefits from the Client’s use of an Offering.
  • Documentation: PacketWatch end-user technical documentation included in the applicable Offering.
  • Endpoint: any physical or virtual device (e.g., computer, server, laptop, mobile, container, virtual machine image).
  • Error: a reproducible failure of a Product to perform in substantial conformity with its Documentation.
  • Internal Use: access or use solely for Client’s and its Affiliates’ internal information security purposes, by their employees and permitted Client Contractors, and not for the benefit of third parties or for product/service development.
  • Network: the physical or wireless devices providing connection between Endpoints and third-party services, including connectivity to the Internet.
  • Offerings: Products, Product-Related Services, and Professional Services.
  • Order: any ordering document (including an SOW) accepted by PacketWatch that identifies the Offerings ordered, quantities, pricing, Subscription/Order Term, and related ordering details.
  • PacketWatch Competitor: a person or entity that develops, distributes, or commercializes internet security products or services competitive with PacketWatch.
  • PacketWatch Data: data generated by the PacketWatch Offerings (including correlative/contextual data and detections) and excluding Client Data.
  • PacketWatch Equipment: any hardware provided to Client in connection with Professional Services and specified in an SOW.
  • PacketWatch Tool: any PacketWatch proprietary software, hardware, or tool used to perform Professional Services, as specified in an SOW.
  • Product-Related Services: services sold with Products, including managed services (such as managed detection and response, managed threat hunting, monitoring, and threat intelligence), installation services, technical support, and training.
  • Product: PacketWatch cloud-based software or other products ordered by Client, including accompanying APIs, PacketWatch Data, Documentation, and Updates.
  • Professional Services: professional services performed by PacketWatch under an SOW (e.g., incident response, investigation, forensics, tabletop exercises, penetration tests).
  • Services: Product-Related Services and Professional Services.
  • Statement of Work (SOW): a mutually executed document describing Professional Services, deliverables, fees, and expenses.
  • Subscription/Order Term: the period during which Client may use Products/Product-Related Services or Professional Services may be performed.
  • Updates: corrections, updates, upgrades, patches, or other modifications made available by PacketWatch.

 

2. Affiliates, Orders and Payment

2.1 Affiliates. Any Affiliate of Client or Sponsoring Partner purchasing hereunder, using or accessing any Offering hereunder, or benefiting from the Client’s use of an Offering will be bound by and comply with this Agreement. The Client remains responsible for its Affiliates’ acts and omissions unless an Affiliate enters into its own separate terms with PacketWatch.

2.2 Orders. Only the transaction-specific terms stated in an Order, including the Offerings ordered, quantities, pricing, payment terms, Subscription/Order Term, and billing and provisioning contacts, apply to that Order. Any pre-printed or conflicting terms in a Client purchase order or similar document are excluded. An Order supersedes conflicting terms of this Agreement only if it expressly identifies the provisions to be superseded, and then only for the Offerings covered by that Order. Orders are non-cancellable. All Orders, and PacketWatch’s obligations and liabilities with respect to them, are governed by this Agreement.

2.3 Payment and Taxes. As applicable, either Sponsoring Partner on behalf of Client or Client shall pay the fees for Offerings as set forth in the applicable Order. Unless otherwise stated on an Order, invoices are due within 30 days of receipt. Except as expressly provided, all fees are non-refundable. Fees exclude taxes; Client is responsible for applicable sales, use, VAT, withholding, and other taxes (excluding taxes on PacketWatch’s income).

 

3. Access & Use Rights

3.1 Evaluation. If PacketWatch approves use of a Product for evaluation (an “Evaluation Product”), the terms applicable to Products apply, except: (i) evaluation duration is as agreed and either party may terminate at any time on notice; (ii) Evaluation Products are provided “AS IS” without warranties or support; and (iii) use is limited to Internal Use by Client employees.

3.2 Access & Use Rights. Subject to this Agreement and payment of applicable fees, PacketWatch grants Client a non-exclusive, non-transferable (except as expressly permitted), non-sublicensable license to access and use the Products in accordance with Documentation solely for Internal Use during the applicable Subscription/Order Term, and only up to the quantities purchased. If a Product includes a downloadable object-code component (“Software Component”), Client may install and run multiple copies solely for Internal Use up to the licensed quantity. If PacketWatch provides PacketWatch Tools for Professional Services, Client may use such Tools solely for Internal Use for the period authorized in the applicable Order.

3.3 Restrictions. Client will not, and will not permit any other person to: (i) allow a PacketWatch Competitor to use or view any Offering; (ii) modify, translate, or create derivative works of any Offering; (iii) sublicense, distribute, or transfer any Offering except as expressly permitted; (iv) allow any third party to access or use any Offering other than permitted Client Contractors; (v) frame, mirror, or create public links to Offering content; (vi) reverse engineer, decompile, disassemble, circumvent functions, or attempt unauthorized access; (vii) use any Offering to compromise another party’s security or to develop malware, unauthorized surveillance tools, exfiltration capabilities, ransomware, or destructive code; (viii) remove proprietary notices; (ix) perform stress tests or competitive benchmarking, or publish performance data, except for Client’s Internal Use comparisons; (x) use APIs except as permitted by this Agreement; or (xi) encourage or assist any third party to do any of the foregoing. Client is responsible for ensuring that its use of the Offerings complies with laws directly applicable to Client.

3.4 Installation and User Accounts. PacketWatch is not responsible for installing Products unless Client purchases applicable Product-Related Services. For Products requiring user accounts, only the assigned individual may use a user account. Client is responsible for all activity under Client and Client Contractor accounts and must notify PacketWatch if it becomes aware of unauthorized access.

3.5 Malware Samples. If PacketWatch makes malware samples available, Client accesses and uses them at its own risk and should not download or access samples on production systems. Client will use samples solely for Internal Use and not for unlawful purposes. PacketWatch is not liable for loss or damage caused by malware samples due to Client’s access or use.

3.6 Third Party Software. PacketWatch Products may include third-party software, including open-source software. Where required, PacketWatch will provide applicable notices and attributions.

3.7 Ownership & Feedback. Offerings are licensed, not sold. PacketWatch retains all rights, title, and interest (including intellectual property rights) in and to the Offerings and PacketWatch Tools. Client feedback and suggestions are non-confidential and may be used by PacketWatch for any purpose without compensation, provided Client will not be identified publicly as the source.

 

4. Client Contractors

4.1 Authorization. Client authorizes PacketWatch to give Client Contractors the rights and privileges to the Offerings necessary to enable and provide for Client’s use and receipt of the Client Contractor Services. If Client revokes this authorization, Client is responsible for taking the actions necessary to revoke such access and use to the extent the Offerings permit. If Client requires PacketWatch assistance, Client must contact PacketWatch Support with written notice at support@packetwatch.com and PacketWatch will disable the Client Contractor’s access within a reasonable period of time and in any event within 72 hours of receipt of such notice.

4.2 Disclaimer. Client Contractors are subject to this Agreement while using the Offerings on Client’s behalf, and Client remains responsible for their acts and omissions. Any breach by a Client Contractor is a breach by Client. PacketWatch may make Client Contractor Services available (for example, through an online directory, catalog, store, or marketplace). Client Contractor Services are not required for use of the Offerings. Offerings may include features (including APIs) designed to interface with or provide data to Client Contractor Services. PacketWatch is not responsible or liable for losses arising out of a Client Contractor’s actions or inactions, including disclosure, transfer, modification, or deletion of Client Data. PacketWatch does not control, monitor, maintain, or support Client Contractor Services, disclaims all warranties and obligations related to them, and cannot guarantee their continued availability. If Client Contractor Services become unavailable, PacketWatch has no obligation to provide any refund, credit, or compensation related to the Offerings.

4.3 Restrictions on Client Contractors. Client shall not give or allow Client Contractors access to, or use of, intelligence reports provided to Client or made accessible in the Products. For clarity, nothing herein prevents Client from using intelligence products for Client’s Internal Use.

 

5. Professional Services

5.1 Fees. Professional Services will commence on a mutually agreed date. Estimates for time-and-material Professional Services are estimates only and not guaranteed completion times. Fixed-fee Professional Services are limited to the scope stated in the applicable Order.

5.2 Ownership of Deliverables. Professional Services do not constitute “works for hire” or similar terms where intellectual property transfers upon performance. The primary deliverable is a report of PacketWatch’s findings, recommendations, and adversary information. Client owns the copy of the report delivered to Client (“Deliverable”), subject to PacketWatch’s ownership of PacketWatch Materials. PacketWatch exclusively owns any software (object or source code), flow charts, algorithms, documentation, adversary information, report templates, know-how, inventions, techniques, models, trademarks, ideas, and other works and materials developed by PacketWatch in connection with Professional Services (collectively, “PacketWatch Materials”). PacketWatch Materials do not include Client Confidential Information or other Client-provided materials or data. Upon full payment and to the extent PacketWatch Materials are incorporated into Deliverables, Client receives a perpetual, non-transferable (except as expressly permitted), nonexclusive license to use PacketWatch Materials solely as part of the Deliverables for Client’s Internal Use.

 

6. Data Security and Privacy

Data security and privacy terms are set forth in Exhibit A (Data Security and Privacy Schedule), which forms part of this Agreement. Exhibit A describes how PacketWatch handles Client Data and related information in connection with the Offerings, including technical safeguards and each party’s responsibilities.

 

7. Confidentiality

7.1 Definitions. In connection with this Agreement, each party (the "Recipient") may receive Confidential Information of the other party (the "Discloser") or of third parties to whom the Discloser owes a duty of confidentiality. "Confidential Information" means non-public information, in any form and regardless of how acquired, that the Discloser designates as confidential or that reasonably should be understood to be confidential based on the nature of the information and the circumstances of disclosure. Confidential Information does not include information that: (i) becomes public through no breach by the Recipient; (ii) was known to the Recipient without confidentiality restrictions before receipt from the Discloser; (iii) is independently developed by the Recipient without use of the Discloser’s Confidential Information; or (iv) is rightfully received from a third party without confidentiality obligations.

7.2 Restrictions on Use. Except as permitted in Section 7.3, Recipient will hold Discloser’s Confidential Information in strict confidence and not disclose it to any third party other than its employees, contractors (including counsel, accountants, and financial advisors), Affiliates, and their representatives who need to know it and are bound by obligations no less protective than these terms. Recipient will not use Discloser’s Confidential Information for any purpose other than as set forth in this Agreement and will use at least reasonable care to protect it. Within 72 hours of becoming aware of unauthorized use or disclosure of Discloser’s Confidential Information while in Recipient’s control, Recipient will notify Discloser.

7.3 Exceptions. Recipient may disclose Discloser’s Confidential Information to the extent required by law, regulation, subpoena, court order, regulatory report, audit, inquiry, or regulator request. To the extent legally permitted, Recipient will provide prompt notice prior to disclosure and a reasonable opportunity for Discloser to seek confidential treatment or a protective order. If Recipient is legally required to disclose Confidential Information as part of (x) a legal proceeding where Discloser is a party but Recipient is not, or (y) a government or regulatory investigation of Discloser, Discloser will pay Recipient’s reasonable out-of-pocket legal fees and costs of compiling and producing the information.

7.4 Destruction. Upon Discloser’s written request, Recipient will use commercially reasonable efforts to destroy Confidential Information and copies/extracts. Recipient may retain Confidential Information that (i) must be kept under a retention policy or applicable law/professional standards/court/regulator requirements, or (ii) exists in routine electronic backups/archives, provided retained information remains subject to this Agreement. Upon request, Recipient will confirm destruction in writing.

7.5 Equitable Relief. Each party acknowledges that breach of this Section 7 may cause irreparable harm, and injunctive relief may be available in addition to other remedies without posting a bond.

 

8. Warranties & Disclaimer

8.1 No Warranty for Pre-Production Versions. Any pre-production feature or version provided to Client is experimental and provided “AS IS” without warranty, and creates no obligation for PacketWatch to continue to develop, support, or provide it. Client agrees its purchase is not contingent on future functionality.

8.2 Product Warranty. If Client has purchased a Product, PacketWatch warrants during the applicable Subscription/Order Term that: (i) the Product will operate without Error; and (ii) PacketWatch has used industry-standard techniques to prevent the Product, at the time of delivery, from injecting malicious code into Client Endpoints where installed. Client must notify PacketWatch of warranty claims during the Subscription/Order Term. Client’s sole remedy is for PacketWatch to: (a) provide a workaround or correction; or (b) terminate access to the nonconforming Product and refund prepaid fees prorated for the unused term. PacketWatch has no obligation for Errors reported after the Subscription/Order Term.

8.3 Services Warranty. PacketWatch warrants it will perform Services in a professional and workmanlike manner consistent with generally accepted industry standards. Client must notify PacketWatch of warranty claims during performance or within 30 days after completion. Client’s sole remedy is for PacketWatch to (a) re-perform nonconforming Services or (b) refund the portion of fees attributable to the nonconforming Services.

8.4 Exclusions. Warranties do not apply if the Product/Service: (i) is modified other than by PacketWatch; (ii) is not installed/used/maintained in accordance with this Agreement or Documentation; or (iii) is nonconforming due to failure to use an Update. References to third-party websites/links are provided for convenience only.

8.5 No Guarantee. CLIENT ACKNOWLEDGES THAT PACKETWATCH DOES NOT GUARANTEE IT WILL FIND OR DISCOVER ALL THREATS, VULNERABILITIES, MALWARE, OR MALICIOUS SOFTWARE IN CLIENT SYSTEMS, AND CLIENT WILL NOT HOLD PACKETWATCH RESPONSIBLE THEREFOR.

8.6 Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES IN THIS SECTION 8, PACKETWATCH DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. THERE IS NO WARRANTY THAT OFFERINGS WILL BE ERROR-FREE OR UNINTERRUPTED OR WILL MEET CLIENT’S NEEDS. OFFERINGS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED FOR HAZARDOUS ENVIRONMENTS WHERE FAILURE COULD RESULT IN DEATH, SEVERE INJURY, OR PROPERTY DAMAGE. CLIENT IS RESPONSIBLE FOR SAFE USE IN SUCH APPLICATIONS. PACKETWATCH DOES NOT WARRANT THIRD-PARTY PRODUCTS OR SERVICES.

8.7 Additional Terms That May Apply. See Exhibit B for additional warranties that may apply to certain international Clients, if applicable to an Order.

 

9. Indemnification

9.1 PacketWatch’s Obligation. PacketWatch will, at its expense: (i) defend and/or settle any third-party claim alleging an Offering infringes that party’s intellectual property rights, and (ii) pay any settlement amounts and damages awarded by a court, provided Client: (a) gives prompt notice; (b) permits PacketWatch to control the defense/settlement (PacketWatch will not settle requiring Client to admit liability without Client’s consent); and (c) provides reasonable assistance at PacketWatch’s expense. Client may participate in the defense at its own expense.

9.2 Remedies. If a covered claim occurs or is likely, PacketWatch may: (i) procure the right for Client to continue using the Offering; (ii) modify or replace the Offering to be non-infringing; or (iii) if neither is commercially practicable, terminate access to the affected portion and refund prepaid unused fees prorated for the unused term.

9.3 Exclusions. PacketWatch has no obligation if the claim arises from: (i) Client modifications not made by PacketWatch; (ii) combination/use with third-party software/hardware/process/firmware/data to the extent the claim is based on that combination; (iii) Client’s continued use after notice or after receiving a modified version; (iv) failure to use according to Documentation; or (v) use outside the scope of rights granted.

9.4 Exclusive Remedy. THE REMEDIES IN THIS SECTION 9 ARE CLIENT’S SOLE AND EXCLUSIVE REMEDIES, AND PACKETWATCH’S ENTIRE LIABILITY, FOR ANY INTELLECTUAL PROPERTY INFRINGEMENT CLAIMS.

 

10. Limitation of Liability

10.1 TO THE MAXIMUM EXTENT PERMITTED BY LAW, EXCEPT FOR (A) AMOUNTS PAID OR PAYABLE TO THIRD PARTIES UNDER SECTION 9 (INDEMNIFICATION), (B) CLIENT’S PAYMENT OBLIGATIONS, OR (C) A PARTY’S INFRINGEMENT OR MISAPPROPRIATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, NEITHER PARTY WILL BE LIABLE FOR LOST PROFITS, REVENUE, SAVINGS, BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR AMOUNTS EXCEEDING THE TOTAL FEES PAID OR PAYABLE TO PACKETWATCH FOR THE RELEVANT OFFERING DURING ITS SUBSCRIPTION/ORDER TERM. THESE LIMITATIONS APPLY EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE. MULTIPLE CLAIMS DO NOT EXPAND THESE LIMITATIONS.

10.2 Additional or Different Terms That May Apply. See Exhibit B for additional or different liability terms that may apply to certain international Clients, if applicable to an Order.

 

11. Compliance with Laws

Each party will comply with U.S. federal, state, local, and non-U.S. laws directly applicable to it in performing this Agreement, including export/import and anti-corruption laws. Client acknowledges the Offerings may not be used, transferred, exported, or re-exported to regions subject to U.S. and/or EU embargoes or comprehensive sanctions (“Embargoed Countries”) or to prohibited parties (including those on U.S. Treasury Specially Designated Nationals lists or U.S. Commerce denial lists) (“Designated Nationals”) without required authorizations. Client represents it is not located in, controlled by, or a national/resident of an Embargoed Country or a Designated National. PacketWatch represents it is not located in, controlled by, or a national/resident of an Embargoed Country or a Designated National.

 

12. U.S. Government End-Users

12.1 Commercial Items. For acquisitions by or for the U.S. government and its prime contractors/subcontractors (“Government Users”), the Products, PacketWatch Tools, and Documentation are “commercial items” and are licensed consistent with FAR 12.211 and 12.212 and DFARS 227.7202-1 through 227.7202-4, unless inconsistent with applicable federal law.

12.2 Disputes with the U.S. Government. If this Agreement fails to meet the Government’s needs or is inconsistent with federal law and the parties cannot reach mutually acceptable terms, the Government agrees to terminate its use of the Offerings. In disputes with the U.S. Government, the governing law/venue clause in Section 14.3 will not apply; disputes will be resolved under federal procurement law and the Contract Disputes Act.

12.3 Precedence. This Section 12 supersedes any other clause addressing government rights in the Offerings, software, or technical data under this Agreement.

 

13. Term; Suspension and Termination; Renewal

This Agreement remains effective until terminated in accordance with this Section 13 or as otherwise specified herein.

13.1 Suspension and Termination. PacketWatch may immediately suspend Client’s access to or use of the Offerings if: (i) PacketWatch believes there is a significant threat to security, integrity, functionality, or availability of the Offerings or related content/data/applications; (ii) Client or its users breach Section 3.3 (Restrictions); or (iii) Client fails to pay undisputed fees when due. PacketWatch will use commercially reasonable efforts to provide notice and, if applicable, an opportunity to cure before suspension. Either party may terminate this Agreement upon 30 days’ written notice of a material breach unless cured within the notice period. Prior to termination and subject to this Agreement, Client may access and download Client Data available under purchased Products and retention periods in a supported format.

13.2 Renewal. Unless an Order states otherwise and where permitted by law, upon expiration of the initial term this Agreement will automatically renew for three successive terms unless either party gives notice of non-renewal at least 30 days before the end of the then-current term. During any renewal term, terms remain the same as immediately prior, and fees may increase by up to 5% per annum during the renewal term. If timely notice of non-renewal is provided, the Agreement terminates at the end of the then-current term unless earlier terminated.

 

14. General

14.1 Entire Agreement. This Agreement is the entire agreement between Client and PacketWatch with respect to its subject matter and supersedes all prior or contemporaneous proposals, agreements, understandings, and communications relating to that subject matter. If Client has a fully executed PacketWatch Limited Warranty Agreement for PacketWatch Platform – Enterprise Edition (or its successor), that agreement stands alone and is not superseded by this Agreement. Terms contained in procurement portals or in documents not issued by PacketWatch do not apply.

14.2 Assignment. Neither party may assign this Agreement without the other party’s prior written consent, except to an Affiliate in a corporate reorganization or in connection with a merger, acquisition, or sale of substantially all assets. Any prohibited assignment is void. Subject to the foregoing, this Agreement binds and benefits successors and permitted assigns.

14.3 Governing Law; Venue. This Agreement is governed by the laws of the State of Arizona, excluding its conflict-of-law rules. The parties submit to the exclusive jurisdiction and venue of the state and federal courts located in Maricopa County, Arizona. The Uniform Computer Information Transactions Act and the U.N. Convention on Contracts for the International Sale of Goods do not apply. Either party may seek relief in any court of competent jurisdiction as necessary to protect its intellectual property rights and, in PacketWatch’s case, to recover amounts due.

14.4 Permission to List Client. Unless Client directs otherwise by emailing legal@packetwatch.com, Client agrees PacketWatch may display Client’s company name and/or logo as a PacketWatch client in a manner that does not suggest endorsement of any specific product or service.

14.5 Independent Contractors; No Third-Party Rights. The parties are independent contractors. This Agreement does not create a partnership, joint venture, employment, franchise, or agency relationship. No third party has rights under this Agreement.

14.6 Waiver, Severability & Amendments. Failure to enforce a provision is not a waiver. If a provision is held unenforceable, it will be enforced to the maximum extent permissible and the remainder will remain in effect. Amendments or waivers must be in writing signed by both parties.

14.7 Force Majeure. Neither party is liable for failure to perform (other than payment obligations) due to causes beyond its reasonable control, including acts of God, government actions, fires, floods, earthquakes, storms, communication outages, power failures, labor issues, or similar events not preventable with reasonable care. The affected party will use commercially reasonable efforts to notify the other party.

14.8 Notices. Legal notices must be in writing and sent to the addresses stated in the applicable Order. They are effective: (i) upon personal delivery; (ii) on the reported delivery date if sent by a recognized overnight courier; or (iii) five business days after mailing by registered or certified mail (ten days for international mail). Order-processing documents, including Orders, purchase orders, confirmations, and invoices, are not legal notices and may be delivered electronically in the ordinary course.

 

Exhibit A: Data Security and Privacy Schedule

 

1. Definitions

  • PacketWatch Systems: computer systems hosting the PacketWatch Platform.
  • Client Data: data generated by Client Endpoints and collected by the Products and/or PacketWatch Tools and sent to PacketWatch Systems. Client Data is Client’s Confidential Information and is handled under Section 7 (Confidentiality) and this Exhibit A.
  • Execution Profile/Metric Data: machine-generated data/metadata (e.g., tasks, file execution, commands, resources, network telemetry, scripts, and processes) that Client provides or that is collected/discovered in providing Offerings, excluding information that identifies Client or (to the extent it includes) Personal Data.
  • Personal Data: information provided by Client to PacketWatch or collected by PacketWatch from Client that identifies or is linkable by PacketWatch to a natural person, including where applicable law defines it as Personal Data.
  • Privacy and Security Laws: U.S. federal, state, local, and non-U.S. laws directly applicable to PacketWatch that regulate privacy or security of Personal Data.
  • Security Breach: unauthorized access to or acquisition of Client Data or Personal Data stored on PacketWatch Systems that compromises such data.
  • Threat Actor Data: potentially malicious code/files, URLs, DNS data, network telemetry, commands, processes/techniques, metadata, or related information that Client provides or that is collected/discovered during Offerings, excluding information that identifies Client or (to the extent it includes) Personal Data.

 

2. PacketWatch Platform

The PacketWatch Platform may use content collected from clients, partners, and others to help protect all clients against suspicious and potentially destructive activity. PacketWatch Products are designed to detect, identify, and respond to intrusions by collecting and analyzing data such as network data, packets/PCAPs, logs, machine event data, executed scripts, code, system files, command-and-control beacons, login information, binaries, tasks, resource information, commands, protocol identifiers, URLs, and related metadata. Client determines what data, including any Personal Data, exists on its systems and networks and what is made available to PacketWatch through the Offerings. PacketWatch may use such data to: (i) analyze, characterize, attribute, warn of, and respond to threats against Client and other clients; (ii) analyze trends and performance; (iii) improve and develop PacketWatch Offerings and enhance cybersecurity, including by developing, training, and improving detections and automated analytics, including machine learning models, using security artifacts and metadata collected through the Offerings; and (iv) enable permitted integrations. This improvement and model-training use is a core part of the Offerings and is not optional. Where feasible, PacketWatch uses derived, de-identified, or aggregated technical data for these purposes and does not identify Client or Client’s Personal Data to other clients. For clarity, PacketWatch does not disclose raw Client security artifacts between clients, and cross-client outputs are limited to derived indicators and similar threat intelligence outputs. PacketWatch does not use the contents of private communications for these purposes unless that content is separately provided under contract for support or analysis. Neither Execution Profile/Metric Data nor Threat Actor Data are Client Data or Client’s Confidential Information.

 

3. Processing Personal Data

Provisioning/Use of Offerings. Personal Data may be collected and used during provisioning and use of the Offerings to deliver, operate, maintain, support, secure, and improve the Offerings; administer the Agreement and the parties’ business relationship; communicate about requests, contracts, renewals, security notices, and administrative matters; comply with law; act in accordance with Client’s written instructions; or otherwise as contemplated by this Agreement. To the extent PacketWatch processes Personal Data on Client’s behalf as part of the Offerings, including customer-controlled data made available for support, monitoring, investigation, analysis, or other contracted services, PacketWatch will handle that information in accordance with this Agreement, any applicable Order or DPA, and applicable law. Client authorizes PacketWatch to collect, use, store, and transfer Personal Data that Client provides to PacketWatch as described in this Agreement.

Application telemetry and crash reports. Certain Offerings generate technical and usage telemetry (such as performance diagnostics, feature usage, and crash reports) to help maintain reliability and security and to improve the Offerings. In addition, the Offerings may collect security artifacts and related technical metadata (for example, hashes, indicators, and detection telemetry) as part of providing security functionality. PacketWatch may use these categories of information to improve the Offerings, including developing, training, and improving automated analytics (such as machine learning models). This use is a core part of the Offerings and is not optional. Where feasible, PacketWatch uses derived, de-identified, or aggregated technical data for service improvement and does not identify Client or Client Personal Data to other clients. PacketWatch does not disclose raw Client security artifacts between clients, and cross-client outputs are limited to derived indicators and similar threat intelligence outputs. PacketWatch does not use the contents of private communications for these purposes unless that content is separately provided under contract for support or analysis.

Suspicious/Unknown File Analysis. While using certain Offerings, Client may have the option to submit files or other information for security analysis and response or to improve reliability and enhance cybersecurity, such as when submitting crash reports or investigating suspicious files. In some cases, submitted files may contain Personal Data for which Client is responsible.

 

4. Compliance with Privacy and Information Security Requirements

Compliance with Laws. PacketWatch will comply with applicable Privacy and Security Laws directly applicable to PacketWatch in connection with its processing of Personal Data under this Agreement. PacketWatch’s then-current Privacy Policy describes its general privacy practices. If a Data Protection Addendum (DPA) is required for a particular Order (for example, where applicable law requires additional contractual terms for processing Personal Data), PacketWatch will provide a DPA on request.

International transfers. PacketWatch is based in the United States and does not maintain an office in the European Union. Client acknowledges that Personal Data processed in connection with the Offerings may be transferred to and processed in the United States and other countries where PacketWatch or its service providers operate, subject to appropriate safeguards as required by applicable law.

Safeguards. PacketWatch will maintain appropriate technical and organizational safeguards, commensurate with the sensitivity of Client Data and Personal Data processed on Client’s behalf, designed to protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access and to preserve the security, confidentiality, and integrity of that data. Those safeguards will substantially conform to a recognized control framework, such as CIS Controls or NIST.

 

5. Client Obligations

Client (and its Affiliates) represents and warrants that: (i) it owns or has rights to, and controls, the systems where Products/Tools are installed or investigated; (ii) to the extent required by applicable law, it has authorized PacketWatch to access systems and process/transmit data as necessary to provide the Offerings; (iii) it has a lawful basis for PacketWatch to investigate systems and process Client Data and Personal Data; (iv) it is authorized to instruct PacketWatch to carry out the Offerings; and (v) it has made necessary disclosures, obtained necessary consents, and secured required authorizations to permit processing and international transfer of Client Data and Personal Data to PacketWatch.

 

Exhibit B: Additional Terms for Certain International Clients

This Exhibit B is included as a placeholder for additional or different terms (including warranties and limitation of liability variations) that may apply to certain international Clients, as referenced in Sections 8.7 and 10.2.

Applicability. Exhibit B applies only if and to the extent it is expressly incorporated into an Order, SOW, MSA, or other transaction document executed by PacketWatch that identifies the applicable country/jurisdiction and the specific terms that apply. If Exhibit B is not expressly incorporated, it does not apply.