BY INDICATING YOUR ACCEPTANCE OF THIS AGREEMENT OR ACCESSING OR USING THE SERVICE, YOU ARE AGREEING TO BE LEGALLY BOUND BY ALL TERMS, CONDITIONS AND NOTICES CONTAINED OR REFERENCED IN THIS AGREEMENT. IF YOU DO NOT AGREE TO THIS AGREEMENT OR ARE UNDER THE AGE OF 18, PLEASE DO NOT USE THE SERVICE.

1 Overview

OpenCVE offers a software-as-a-service solution designed to monitor, prioritize and alert Customer to vulnerabilities that affects Products and Vendors that the Customer subscribed in OpenCVE. These Services include subscriptions to Products and Vendors from OpenCVE database, viewing all the available and known CVE, monitoring and alerting the Customer based on the configurations made in OpenCVE by the Customer.

2 The Service

2.1 Permitted Use

During the Subscription Term, Customer may access and use the Service only for its internal business purposes in accordance with any Scope of Use and the Documentation, the AUP and this Agreement. Exception is made for Customer qualified as Reseller, detailed in Section 19.

2.2 Users

Only Users may access or use the Service. The Service is not intended for and should not be used by anyone under the age of 18. Customer must ensure that all its Users are over 18 years old. Each User must keep login credentials confidential and not share them with anyone else. Customer is responsible for its Users compliance with this Agreement and actions taken through their accounts (excluding misuse of accounts caused by OpenCVE’s breach of this Agreement). Customer will promptly notify OpenCVE if it becomes aware of any compromise of any User login credentials. OpenCVE uses User account information as described in its Privacy Policy, but the Privacy Policy does not apply to Service Data.

2.3 Restrictions

Customer will not (and will not authorize anyone else to) do any of the following:

• provide access to (except for Users), distribute, sell (except for Resellers) or sublicense the Service to a third party,
• use the Service to develop a similar or competing product or service
• reverse engineer, decompile, disassemble or seek to access the source code of non-public products or APIs to the Service, except to the extent expressly permitted by Law (and then only with prior notice to OpenCVE),
• modify or create derivative works of the Service or copy any element of the Service,
• remove or obscure any proprietary notices in the Service,
• publish benchmarks or performance information about the Service,
• interfere with the Service operation, circumvent its access restrictions or conduct any security or vulnerability test of the Service,
• transmit any viruses or other harmful materials to the Service.

3 Support

If Customer has purchased a paid subscription to the Service, unless otherwise specified in an Order, during the Subscription Term, OpenCVE will provide Support by email at the email address provided in the Contract or the one specified for our Service, currently support@opencve.io. OpenCVE will use reasonable efforts to respond to Support requests during business hours. For free or unpaid subscriptions to the Service, please visit our Github Issue page.

4 Data

4.1 Submission of Service Data

Customer controls the types and amounts of Service Data (including what, if any, personal information is included) that are submitted to the Service through Customer’s configuration. Customer is responsible for its configuration and the Service.

4.2 Data Use

Subject to this Agreement, and solely to the extent necessary to provide, maintain and improve the Service and Support to Customer, Customer grants OpenCVE the non-exclusive, worldwide right, during the term of this Agreement, to access, use, process, copy, perform, store and display Service Data. Solely to the extent reformatting Service Data for display in the Service constitutes a modification or derivative work, the foregoing license also includes the right to modify and create derivative works of Service Data. In addition to the rights granted above, OpenCVE may use Non-Identifying Data for Additional Uses. Only to the extent Customer so authorizes via its configuration of the Service, OpenCVE may use other elements of Service Data for Additional Uses; provided, however, that OpenCVE will not disclose any Service Data used in this manner externally unless it has been Aggregated or Anonymized.

Notwithstanding anything to the contrary in the Agreement, OpenCVE may collect and use Usage Data to operate, improve and support the Service and for Additional Uses. OpenCVE will not disclose Usage Data externally, including in benchmarks or reports, unless it has been Aggregated or Anonymized.

4.3 Security

OpenCVE uses reasonable technical and organizational measures designed to protect the Service and Service Data.

4.4 Personal Data

Unless Customer and OpenCVE have entered into a DPA, Customer will not submit any Personal Data to the Service.

4.5 Location

OpenCVE will store Service Data in datacenters located in France.

4.6 Deletion

During the Subscription Term, Customer may delete its Service Data from the Service using deletion features described in the Documentation. After the Subscription Term, OpenCVE will delete Service Data in accordance with its standard schedule and procedures.

5 Customer Obligations

5.1 Generally

Customer is responsible for all Service Data, including its accuracy, and agrees to comply with Laws and the Documentation in using the Service. Customer represents and warrants that it has made all disclosures and has all rights, consents and permissions necessary to use Service Data with the Service and grant OpenCVE the rights in Section 4.2 (Data Use), all without violating or infringing Laws, third-party rights (including intellectual property, publicity or privacy rights) or any terms or privacy policies that apply to Service Data.

5.2 No Sensitive Personal Information

Customer must not use the Service with Sensitive Personal Information. Customer acknowledges that the Service is not intended to meet any legal obligations for these uses. OpenCVE has no liability for Sensitive Personal Information.

6 Suspension of Service

OpenCVE may suspend Customer’s access to the Service and related services:

• if Customer breaches Section 2.3 (Restrictions) or Section 5 (Customer Obligations),
• if Customer’s account is 30 days or more overdue,
• if Customer’s actions risk harm to other customers or the security, availability or integrity of the Service (including by regularly exceeding any applicable rate limits) or,
• if Customer fails to comply with the AUP. Where practicable, OpenCVE will use reasonable efforts to provide Customer with prior notice of the suspension. Once Customer resolves the issue requiring suspension, OpenCVE will promptly restore Customer’s access to the Service in accordance with this Agreement.

7 No Professional Services

OpenCVE does not provide any professional, consulting, work-for-hire, custom development or similar services of any type.

8 Commercial Terms

8.1 Subscription Term

Unless otherwise set forth on the applicable Order, each Subscription Term will automatically renew for an equivalent period unless either party gives the other party notice of non-renewal before the current Subscription Term ends (with respect to Customer, in accordance with Section 8.5 below).

8.2 Fees and Taxes

Fees are as described in each Order. Fees are invoiced on the schedule in the Order. Unless the Order provides otherwise, all fees are due within 30 days of the invoice date. Fees for renewal Subscription Terms are at OpenCVE’s then-current rates, regardless of any discounted pricing in a prior Order. Except as expressly otherwise set forth herein, all fees are non-refundable. All Fees are exclusive of any applicable sales or other taxes or similar fees imposed by any government authority. Customer will:

• pay or reimburse all such taxes and fees (including any interest or penalties), if any, due, based on or measured by amounts payable by Customer under this Agreement (excluding taxes based on OpenCVE’s net income) or,
• furnish OpenCVE with evidence acceptable to the applicable government authority to sustain an exemption therefrom. If Customer is required by Laws to deduct withholding taxes from payments to OpenCVE, Customer will increase the amount payable to OpenCVE as necessary so that after making all required deductions and withholdings, OpenCVE receives and retains (free from any tax liability) an amount equal to the amount it would have received had no such deductions or withholdings been made.

8.3 Payment via Credit Card

If Customer is purchasing the Service via credit card, debit card or other payment card ("Credit Card”), the following terms apply:

By providing Credit Card information and agreeing to purchase the Service, Customer hereby authorizes OpenCVE (or its designee) to automatically charge Customer’s Credit Card on the same date of each calendar month (or the closest prior date, if there are fewer days in a particular month) during the Subscription Term for all fees accrued as of that date (if any) in accordance with the applicable Order. Customer acknowledges and agrees that the amount billed and charged each month may vary depending on Customer’s use of the Service.

Customer acknowledges that for certain Credit Cards, the issuer of Customer’s Credit Card may charge a foreign transaction fee or other charges.

If a payment is not successfully settled due to expiration of a Credit Card, insufficient funds, or otherwise, Customer remains responsible for any amounts not remitted to OpenCVE and OpenCVE may, in its sole discretion, either:

• invoice Customer directly for the deficient amount,
• continue billing the Credit Card once it has been updated by Customer (if applicable) or,
• terminate this Agreement.

Upon any termination, expiration or cancellation of a Subscription Term, OpenCVE will charge Customer’s Credit Card (or invoice Customer directly) for any outstanding fees for Customer’s use of the Service during the Subscription Term, after which OpenCVE will not charge Customer’s Credit Card for any additional fees.

8.4 Cancellation

If Customer does not want to renew a subscription, Customer must cancel its account(s)/subscription(s) from its account settings. An email request to cancel Customer’s account is not considered notice of non-renewal. Any cancellation will take effect only at the end of Customer’s then-current Subscription Term, and Customer will continue to owe all fees (including, if applicable, monthly subscription fees) for the duration of the then-current Subscription Term.

8.5 Upgrades and Downgrades

If Customer upgrades its plan or Scope of Use, we will immediately bill Customer for the applicable subscription fees. Downgrades will go into effect at the end of Customer’s then-current Subscription Term. There will be no refunds or credits for partial months of service, upgrade/downgrade refunds, or refunds for months unused with an open account. Downgrading account(s) may cause the loss of Service Data, features, or capacity of such account(s). We do not accept any liability for such loss.

9 Disclaimers

The Service, Support and all related OpenCVE services are provided "AS IS”. OpenCVE and its suppliers make no other warranties, whether express, implied, statutory or otherwise, including warranties of merchantability, accuracy, fitness for a particular purpose, title or noninfringement. Unless otherwise expressly stated in this Agreement, OpenCVE does not warrant that Customer’s use of the Service will be uninterrupted or error-free, that OpenCVE will review Service Data for accuracy or that it will maintain Service Data without loss. OpenCVE is not liable for delays, failures or problems inherent in use of the Service or the Internet and electronic communications or other systems outside OpenCVE’s control or for use of the Service in High Risk Activities. Customer may have other statutory rights, but any statutorily required warranties will be limited to the shortest legally permitted period.

10 Term and Termination

10.1 Term

This Agreement starts on the Effective Date and continues until expiration, cancellation or termination of all Subscription Terms.

10.2 Termination

Either party may terminate this Agreement (including all Orders) if the other party:

• fails to cure a material breach of this Agreement (including a failure to pay fees) within 30 days after notice,
• ceases operation without a successor, or
• seeks protection under a bankruptcy, receivership, trust deed, creditors’ arrangement, composition or comparable proceeding, or if such a proceeding is instituted against that party and not dismissed within 60 days.

10.3 Effect of Termination

Upon expiration or termination of this Agreement or an Order, Customer’s access to the Service will cease. At the disclosing party’s request upon expiration or termination of this Agreement, the receiving party will delete all the disclosing party’s Confidential Information (excluding Service Data, which is addressed in Section 4.7). Service Data and other Confidential Information may be retained in the receiving party’s standard backups after deletion but will remain subject to this Agreement’s confidentiality restrictions.

10.4 Survival

These Sections survive expiration or termination of this Agreement: 2.3 (Restrictions), 4.2 (Data Use), 5 (Customer Obligations), 8.2 (Fees and Taxes), 8.3 (Payment via Credit Card), 9 (Disclaimers), 10.3 (Effect of Termination), 10.4 (Survival), 11 (Ownership), 12 (Limitations of Liability), 13 (Indemnification), 14 (Confidentiality), 15 (Required Disclosures), 18 (General Terms) and 20 (Definitions). Except where an exclusive remedy is provided, exercising a remedy under this Agreement, including termination, does not limit other remedies a party may have.

11 Ownership

Neither party grants the other any rights or licenses not expressly set out in this Agreement. Except for OpenCVE’s use rights in this Agreement, between the parties Customer retains all intellectual property and other rights in Service Data provided to OpenCVE. Except for Customer’s use rights in this Agreement, OpenCVE and its licensors retain all intellectual property and other rights in the Service and related OpenCVE technology, templates, formats, machine learning or large language models and dashboards, including any modifications or improvements to these items made by OpenCVE. If Customer provides OpenCVE with feedback or suggestions regarding the Service or other OpenCVE offerings, OpenCVE may use the feedback or suggestions without restriction or obligation.

12 Limitations of Liability

12.1 Consequential Damages Waiver

Except for Excluded Claims, neither party (nor its suppliers) will have any liability arising out of or related to this Agreement for any loss of use, lost data, lost profits, failure of security mechanisms, interruption of business or any indirect, special, incidental, reliance or consequential damages of any kind, even if informed of their possibility in advance.

12.2 Liability Cap

Except for Excluded Claims, each party’s (and its suppliers’) entire liability arising out of or related to this Agreement will not exceed in aggregate the amounts paid or payable by Customer to OpenCVE during the prior 12 months under this Agreement.

12.3 Excluded Claims

"Excluded Claims” means:

• Customer’s breach of Sections 2.3 (Restrictions) or 5 (Customer Obligations),
• Customer’s breach of Section 14 (Confidentiality) or
• amounts payable to third parties under the indemnifying party’s obligations in Section 13 (Indemnification).

12.4 Nature of Claims and Failure of Essential Purpose

The waivers and limitations in this Section 12 apply regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy in this Agreement fails of its essential purpose.

13 Indemnification

13.1 Indemnification by Customer

Customer will defend OpenCVE from and against any third-party claim to the extent resulting from Service Data or Customer’s breach or alleged breach of Section 5 (Customer Obligations) and will indemnify and hold harmless OpenCVE against any damages or costs awarded against OpenCVE (including reasonable attorneys’ fees) or agreed in settlement by Customer resulting from the claim.

13.2 Procedures

The indemnifying party’s obligations in this Section 13 are subject to receiving:

• prompt notice of the claim,
• the exclusive right to control and direct the investigation, defense and settlement of the claim,
• all reasonably necessary cooperation of the indemnified party, at the indemnifying party’s expense for reasonable out-of-pocket costs.

The indemnifying party may not settle any claim without the indemnified party’s prior consent if settlement would require the indemnified party to admit fault or take or refrain from taking any action (other than relating to use of the Service, when OpenCVE is the indemnifying party). The indemnified party may participate in a claim with its own counsel at its own expense.

14 Confidentiality

14.1 Definition

"Confidential Information" means information disclosed to the receiving party under this Agreement that is designated by the disclosing party as proprietary or confidential or that should be reasonably understood to be proprietary or confidential due to its nature and the circumstances of its disclosure. OpenCVE’s Confidential Information includes the terms and conditions of this Agreement and any technical or performance information about the Service. Customer’s Confidential Information includes Service Data.

14.2 Obligations

As a receiving party, each party will:

• hold Confidential Information in confidence and not disclose it to third parties except as permitted in this Agreement, including Section 4.2 (Data Use), and
• only use Confidential Information to fulfill its obligations and exercise its rights in this Agreement.

The receiving party may disclose Confidential Information to its employees, agents, contractors and other representatives having a legitimate need to know, provided it remains responsible for their compliance with this Section 14 and they are bound to confidentiality obligations no less protective than this Section 14.

14.3 Exclusions

These confidentiality obligations do not apply to information that the receiving party can document:

• is or becomes public knowledge through no fault of the receiving party,
• it rightfully knew or possessed prior to receipt under this Agreement,
• it rightfully received from a third party without breach of confidentiality obligations, or
• it independently developed without using the disclosing party’s Confidential Information.

14.4 Remedies

Unauthorized use or disclosure of Confidential Information may cause substantial harm for which damages alone are an insufficient remedy. Each party may seek appropriate equitable relief, in addition to other available remedies, for breach or threatened breach of this Section 14.

15 Required Disclosures

Nothing in this Agreement prohibits either party from making disclosures, including of Service Data and other Confidential Information, if required by Law, subpoena or court order, provided (if permitted by Law) it notifies the other party in advance and cooperates in any effort to obtain confidential treatment.

16 No-Charge Products

If Customer receives access to the Service or Service features on a no-charge, free or trial basis or as an alpha, beta or early access offering ("No-Charge Products"), use of such No-Charge Products is permitted only during the period designated by OpenCVE (or if not designated, 30 days). No-Charge Products are optional and either party may terminate No-Charge Products at any time for any reason. No-Charge Products may be inoperable, incomplete or include features that OpenCVE may never release, and their features and performance information are OpenCVE’s Confidential Information. Notwithstanding anything else in this Agreement, OpenCVE provides no warranty, indemnity, service levels or Support for No-Charge Products and its liability for No-Charge Products will be none.

17 Publicity

Neither party may publicly announce this Agreement except with the other party’s prior consent or as required by Laws. However, OpenCVE may include Customer and its trademarks in OpenCVE’s customer lists and promotional materials, issue a press release identifying Customer as a OpenCVE customer, inform other potential customers that Customer is a OpenCVE customer and identify Customer as a customer in other forms of publicity (including, without limitation, case studies, blog posts, OpenCVE’s website and OpenCVE’s Github page), but will cease such use at Customer’s written request.

18 General Terms

18.1 Assignment

Neither party may assign this Agreement without the prior consent of the other party, except that either party may assign this Agreement in connection with a merger, reorganization, acquisition or other transfer of all or substantially all its assets or voting securities (each, a "Change of Control"). If Customer assigns this Agreement in a Change of Control permitted under this Section, Customer will update all necessary details in Customer’s account settings. Any non-permitted assignment is void. This Agreement will bind and inure to the benefit of each party’s permitted successors and assigns.

18.2 Governing Law, Jurisdiction and Venue

This Agreement is governed by the laws of France and by extend the European Union without regard to conflicts of laws provisions and without regard to the United Nations Convention on the International Sale of Goods. The jurisdiction and venue for actions related to this Agreement will be the French state and the local Tribunal of Lille, France. Both parties submit to the personal jurisdiction of those courts.

18.3 Attorneys Fees and Costs

The prevailing party in any action to enforce this Agreement will be entitled to recover its attorneys’ fees and costs in connection with such action.

18.4 Notices

Except as set out in this Agreement, any notice or consent under this Agreement must be in writing and will be deemed given:

• upon receipt if by personal delivery,
• upon receipt if by certified or registered French mail (return receipt requested),
• one day after dispatch if by a commercial overnight delivery service or
• upon delivery if by email.

Either party may update its contact information with notice to the other party. Notices to OpenCVE must be sent to: Amber Security SAS, OpenCVE, Euratechnologies, 165 avenue de Bretagne, 59000 Lille, France (with a copy by email to hello@opencve.io). Notices to Customer will be sent to the address (if any) set forth in the Order or by email to Customer’s email set forth in the Order. OpenCVE may also send notices to Customer through the Service.

18.5 Entire Agreement

This Agreement (which includes all Orders, the Policies and, if applicable, the DPA) is the parties’ entire agreement regarding its subject matter and supersedes any prior or contemporaneous agreements regarding its subject matter. In this Agreement, headings are for convenience only and "including” and similar terms are to be construed without limitation. This Agreement may be executed in counterparts (including electronic copies and PDFs), each of which is deemed an original and which together form one and the same agreement.

18.6 Amendments

Except as otherwise provided herein, any amendments, modifications or supplements to this Agreement must be in writing and signed by each party’s authorized representatives or, as appropriate, agreed through electronic means provided by OpenCVE. Nonetheless, with notice to Customer using reasonable means, OpenCVE may modify the Policies to reflect new features or changing practices, but the modifications will not materially decrease OpenCVE’s overall obligations during a Subscription Term. The terms in any Customer purchase order or business form will not amend or modify this Agreement and are expressly rejected by OpenCVE; any of these Customer documents are for administrative purposes only and have no legal effect.

18.7 Waivers and Severability

Waivers must be signed by the waiving party’s authorized representative and cannot be implied from conduct. If any provision of this Agreement is held invalid, illegal or unenforceable, it will be limited to the minimum extent necessary so the rest of this Agreement remains in effect.

18.8 Force Majeure

Neither party is liable for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) due to events beyond its reasonable control, such as a strike, blockade, war, act of terrorism, pandemic, riot, Internet or utility failures, refusal of government license or natural disaster.

18.9 Subcontractors

OpenCVE may use subcontractors and permit them to exercise OpenCVE’s rights, but OpenCVE remains responsible for their compliance with this Agreement and for its overall performance under this Agreement.

18.10 Independent Contractors

The parties are independent contractors, not agents, partners or joint venturers.

18.11 Export Control

Customer agrees to comply with all relevant French and E.U. export and import Laws in using the Service. Customer:

• represents and warrants that it is not listed on any French or E.U. government list of prohibited or restricted parties or located in (or a national of) a country that is subject to a French or E.U. government embargo or that has been designated by the French or E.U. government as a "terrorist supporting” country,
• agrees not to access or use the Service in violation of any French or E.U. export embargo, prohibition or restriction and,
• will not submit to the Service any information controlled under the French or E.U. International Traffic in Arms Regulations.

18.12 Government End-Users

Elements of the Service are commercial computer software. If the user or licensee of the Service is an agency, department, or other entity of French or E.U. Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Service or any related documentation of any kind, including technical data and manuals, is restricted by the terms of this Agreement. The Service was developed fully at private expense. All other use is prohibited.

19 Purchase from Reseller

If Customer obtained the Service through an authorized reseller of OpenCVE ("Reseller"), the following terms are applicable and will prevail in event of any conflict with any other provisions of this Agreement:

19.1

This Agreement is between OpenCVE and Customer and governs all access and use of the Service by Customer. Resellers are not authorized to modify this Agreement or make any promises or commitments on OpenCVE’s behalf, and OpenCVE is not bound by any obligations to Customer other than as set forth in this Agreement. OpenCVE is not party to (or responsible under) any separate agreement between Customer and Reseller and is not responsible for the Reseller’s acts, omissions, products or services.

19.2

Customer’s order details (e.g., Scope of Use and fees) will be as stated in the Order placed by Reseller with OpenCVE on Customer’s behalf. The Reseller is responsible for the accuracy of such Order.

19.3

The amount paid by Customer to the Reseller will be deemed the amount paid or payable by Customer to OpenCVE under this Agreement for purposes of Section 12 (Limitations of Liability).

19.4

Instead of paying OpenCVE, Customer will pay the applicable amounts to the Reseller, as agreed between Customer and the Reseller. If the Reseller fails to pay OpenCVE the applicable fees for Customer’s use of the Service, OpenCVE reserves the right to terminate the applicable Subscription Term for such Service and all related rights granted hereunder.

19.5

In the event Customer is entitled to a refund under this Agreement, Customer must request such refund through the Reseller. Any request sent directly to OpenCVE may be redirected to the Reseller. OpenCVE will refund any applicable fees to the Reseller and the Reseller will be solely responsible for refunding such fees to Customer, unless otherwise specified by OpenCVE. OpenCVE will have no further liability to Customer in the event the Reseller fails to refund such fees to Customer.

20 Definitions

"Additional Uses" means any legitimate business purposes such as analytics, benchmarking, reporting and developing new products and services.

"Affiliate" means an entity directly or indirectly owned by, controlled by or under common control with a party, where "ownership” means the beneficial ownership of fifty percent (50%) or more of an entity’s voting equity securities or other equivalent voting interests and "control” means the power to direct the management or affairs of an entity.

"Aggregated or Anonymized” means de-identified or aggregated so that it does not individually identify Customer, its Users or any other person, and OpenCVE will not identify Customer as the source of such data.

"AUP” means the Acceptable Use Policy, the current version of which is at https://www.opencve.io/aup.

"Documentation” means OpenCVE’s usage guidelines and standard technical documentation for the Service, the current versions of which are at https://docs.opencve.io.

"DPA” means the Data Protection Addendum, if any, separately executed by the parties in connection with this Agreement.

"European Data Protection Legislation” means the data protection and privacy laws and regulations enacted in Europe and applicable to the Personal Data in question, including as applicable: (a) the GDPR; (b) the Federal Data Protection Act of 19 June 1992 (Switzerland); and/or (c) in respect of the United Kingdom, the Data Protection Act 2018 and any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the United Kingdom leaving the European Union; in each case as may be amended, superseded or replaced from time to time.

"GDPR” means European Union Regulation 2016/679, as may be amended, superseded or replaced from time to time.

"High Risk Activities” means activities where use or failure of the Service could lead to death, personal injury or environmental damage, including life support systems, emergency services, nuclear facilities, autonomous vehicles or air traffic control.

"Laws” means all relevant local, state, federal and international laws, regulations and conventions, including those related to data privacy and data transfer, international communications and export of technical or personal data.

"Non-Identifying Data” means elements of Service Data that by their nature cannot be used to identify Customer or its Users. For avoidance of doubt, Non-Identifying Data will not include any Personal Data, source code, content or attachments.

"Order” has the meaning set forth in the second paragraph of this Agreement.

"Personal Data” means personal data or personal information (as those terms are defined by European Data Protection Legislation).

"Policies” means the Privacy Policy, Acceptable Use Policy or any other OpenCVE policies referenced in or attached to this Agreement.

"Privacy Policy” means the Privacy Policy for the relevant Service, the current versions of which are at https://www.opencve.io/privacy-policy.

"Scope of Use” means any monthly usage quota or seat allowance set forth in an Order.

"Sensitive Personal Information” means any (a) special categories of data enumerated in the GDPR, Article 9(1) or any successor legislation, (b) PHI, (c) credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards (PCI DSS), (d) social security numbers, driver’s license numbers or other government ID numbers or (e) any data similar to the above protected under foreign or domestic laws.

"Service” means OpenCVE’s cloud service identified in the relevant Order or otherwise provided to Customer, as modified from time to time. The Service includes the Documentation.

"Service Data” means data collected that is reported to the Service by the Customers, such as the product, vendors or software, or any other data, content or materials that Customer (including its Users) submits to the Service.

"Subscription Term” means the term for Customer’s use of the Service as identified in an Order.

"Support” means technical support for the Service.

"Usage Data” means technical logs, data and other learnings about Customer’s and its Users’ configuration and use of the Service, such as Vendors and Products information, Subscriptions and Notifications content in use.

"User” means any employee or contractor of Customer or its Affiliates that Customer allows to use the Service on its behalf.