Ethics & Agreements
Codeguardian.ai Information Security Measures
1. Scope
Considering the nature, scope, context, and objectives of data processing, along with technological advancements and implementation costs, Codeguardian.ai has implemented technical and organizational measures designed to protect Personal Data, End User Data, and Systems Data (collectively, “Data”). These measures are developed to safeguard the rights and freedoms of natural persons against varying risks.
2. Definitions
- Agreement: Refers to any binding legal agreement governing the provision of Codeguardian.ai’s Products to the Customer, including End User Agreements, Master Services Agreements, and any related Statements of Work.
- End User Data: Data provided by or on behalf of the Customer during our ongoing service relationship.
- Personal Data: Any information that identifies or can identify a natural person, processed on behalf of the Customer in line with data protection laws.
- Product: Any combination of Hardware, Software, or Subscription services provided by Codeguardian.ai, irrespective of the purchase model.
- Systems Data: Data generated or collected through the use of Codeguardian.ai Products, including but not limited to logs, session data, telemetry, support data, threat intelligence, and potentially malicious files.
3. Security Management
- Security Program: Codeguardian.ai maintains a comprehensive security program overseen by senior management, designed to protect data confidentiality, integrity, and availability. The program is tailored to our business's scale and complexity.
- Personnel Security: We conduct thorough background checks compliant with legal standards to ensure all employees are appropriately qualified and trustworthy.
4. Due Diligence on Subcontractors
- Codeguardian.ai conducts rigorous security assessments of all subcontractors prior to engagement and monitors their compliance regularly to ensure adherence to our security standards.
5. Physical Security
- General: Access to facilities processing sensitive data is tightly controlled and monitored 24/7.
- Data Centers: Our data centers comply with leading industry standards, including ISO 27001 and SSAE 16, ensuring robust physical security controls.
6. Logical Security
- Access Control: Rigorous access controls are enforced to prevent unauthorized data access and ensure that only necessary data is accessible to authorized personnel.
- Network Security: Advanced firewall and intrusion detection technologies protect network traffic and monitor for potential threats.
7. Software Development and Maintenance
- Security by Design: Security principles are integrated at all stages of the software development lifecycle, from initial design to deployment.
- Vulnerability Management: Regular scans and third-party security assessments ensure that any potential vulnerabilities are identified and remediated swiftly.
8. Storage, Handling, and Disposal
- Data Segregation: Customer data is segregated to prevent unauthorized access or leakage.
- Data Encryption: Strong encryption protocols are used to secure data both at rest and in transit.
- Data Disposal: Data is disposed of securely and irrecoverably when no longer needed.
9. Business Continuity and Disaster Recovery
- Comprehensive Planning: Codeguardian.ai maintains detailed business continuity and disaster recovery plans to ensure resilience and rapid recovery in the event of an incident.
Codeguardian.ai Customer Data Processing Addendum (DPA)
Introduction
This Data Processing Addendum ("DPA"), including its schedules and annexes, forms an integral part of the contract ("Agreement") between you ("Customer") and Codeguardian.ai ("we," "us," "our"). This DPA outlines our commitment to protecting and processing the personal data provided under the Agreement and supplements any prior understandings or agreements. By executing the Agreement, the Customer signifies its agreement to this DPA, thereby binding both parties to its terms.
Definitions
- "Affiliates" means any entities that control, are controlled by, or are under common control with Codeguardian.ai, involved in processing data under the Agreement.
- "Data Protection Laws" refers to all applicable laws relating to the processing, privacy, and use of Personal Data, including the GDPR, CCPA, and any other national laws implementing or supplementing these regulations.
- "Personal Data" is any information related to an identifiable person that is processed under the Agreement.
- "Processing" includes any operation performed on Personal Data, whether automated or not, such as collection, storage, use, dissemination, or deletion.
Scope of Processing
Codeguardian.ai will process Personal Data solely to fulfill the services rendered under the Agreement and according to the Customer's lawful instructions. This processing will adhere strictly to applicable Data Protection Laws and within the limits of the documented purposes specified in this DPA.
Sub-Processing
- General Authorization: The Customer grants Codeguardian.ai a general authorization to engage Sub-processors to assist in fulfilling its obligations. Such engagement will be under a stringent confidentiality and compliance framework as specified in this DPA.
- List and Notification: A current list of Sub-processors is accessible from Codeguardian.ai's Trust Center. We will notify the Customer via email of any changes to this list, allowing for reasonable time to object to any changes on legitimate grounds.
Data Protection
- Security Measures: We implement robust technical and organizational measures to protect Personal Data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
- Data Rights and Requests: Codeguardian.ai will assist the Customer in fulfilling requests from data subjects related to their Personal Data processed under the Agreement.
- Breach Notification: In the event of a data breach, Codeguardian.ai will promptly notify the Customer and cooperate fully to mitigate any potential damage.
Legal Compliance and Transfer
Codeguardian.ai will ensure that Personal Data transfers outside the EU and EEA are conducted in compliance with applicable Data Protection Laws, utilizing approved safeguards and transfer mechanisms such as Standard Contractual Clauses.
Termination and Deletion
Upon termination of the Agreement, Codeguardian.ai will, at the Customer's choice, delete or return all Personal Data processed under this DPA, subject to any legal obligations that require the storage of such data.
Modifications
This DPA may be updated by Codeguardian.ai from time to time to comply with legal requirements or to adapt to new processing activities. Any such changes will be communicated to the Customer.
Codeguardian.ai Unit 42 Master Services Agreement
Introduction
This Master Services Agreement ("Agreement") constitutes a binding legal contract between you, the customer ("You" or "Your"), including your legal counsel when applicable ("Counsel"), and Codeguardian.ai. This agreement sets the terms under which you will receive cybersecurity consulting services from Codeguardian.ai. Acceptance of this Agreement is confirmed when you sign a statement of work (SOW) or issue a purchase order for services described in a service description.
Definitions
- "Affiliate": Any entity that controls, is controlled by, or is under common control with either party.
- "Codeguardian.ai IP": Includes all proprietary materials related to the Unit 42 Services, such as threat intelligence, documentation, techniques, trademarks, and all other intellectual properties developed by Codeguardian.ai.
- "Deliverables": Any documentation or written materials specifically created for you by Codeguardian.ai during the performance of services, excluding any Codeguardian.ai products or technology.
- "Unit 42 Services": Specialized cybersecurity consulting services including, but not limited to, incident response, risk management, and digital forensic services provided by Codeguardian.ai.
Description of Services
Codeguardian.ai will provide the Unit 42 Services detailed in either a service description (SD) or an SOW agreed upon and executed by the parties. These services will be provided in accordance with this Agreement. You are responsible for ensuring compliance with this Agreement when procuring services for or on behalf of your Affiliates.
Services Directed by Counsel
If the services are procured for providing necessary technical information to your Counsel for legal advice or in anticipation of litigation, Codeguardian.ai will perform the services under the direction of your Counsel. All communications and work related to these services will be treated confidentially and handled per Counsel’s instructions regarding privilege and legal protections.
Authorization and Consents
You warrant that:
- You have the legal right to use and provide access to the materials required for Codeguardian.ai to perform the services.
- You possess all provided materials legally and for lawful purposes.
- You have obtained all necessary consents for any personal information provided to Codeguardian.ai.
Forensic and Penetration Testing
You acknowledge that forensic analysis may not be responsible for pre-existing conditions of the assets analyzed and that penetration testing may cause disruptions. Codeguardian.ai is not liable for any damage arising from these activities.
Payments and Expenses
- Payment Terms: You agree to timely pay for the services as per the terms set in the applicable SOW or SD.
- Taxes: You are responsible for all taxes associated with the services except for taxes based on Codeguardian.ai's income.
- Expenses: You will reimburse Codeguardian.ai for reasonable expenses incurred in providing the services unless specified otherwise.
Term and Termination
- This Agreement is effective from the date of execution until terminated as provided herein.
- Either party may terminate the Agreement for convenience or cause, the latter after an unremedied breach.
Intellectual Property
- Codeguardian.ai retains ownership of all Codeguardian.ai IP.
- You are granted a limited license to use deliverables containing Codeguardian.ai IP solely for internal business purposes, subject to restrictions.
Confidentiality
Both parties agree to maintain the confidentiality of all proprietary information exchanged during the term of this Agreement.
General Provisions
- This Agreement is governed by the laws of the state of California if you are located in North or Latin America, or by the laws of England and Wales if located elsewhere.
- The entirety of the relationship and understandings between the parties is encapsulated in this document.
Codeguardian.ai Script Software License Agreement
Introduction
This Script Software License Agreement ("Agreement") governs the use of Codeguardian.ai-developed scripts and similar software code (collectively, "Script Software"), which are designed and provided by the Codeguardian.ai Professional Services Team exclusively for the benefit of Codeguardian.ai customers.
By downloading, installing, registering, accessing, evaluating, or otherwise using the Script Software, you ("You" or the "Entity") acknowledge and agree to be bound by the terms of this Agreement. If you do not accept all the terms of this Agreement, you must cease using the Script Software immediately. This Agreement applies regardless of the method of acquisition, including, but not limited to, purchases through authorized distributors, resellers, online app stores, or marketplaces.
1. License Grant
Subject to the limitations and restrictions set forth herein, Codeguardian.ai grants you a perpetual, revocable, non-exclusive, and non-transferable license to:
- Use and modify the Script Software solely for your internal use in connection with the operation of Codeguardian.ai products or services purchased by you.
- Sub-license the aforementioned rights to your partners or third parties, solely to modify the Script Software on your behalf for your internal use and in connection with the operation of Codeguardian.ai products or services purchased by you.
2. Term
This license is effective until terminated. Codeguardian.ai may terminate this Agreement with prior written notice. The Agreement will also terminate if you breach any of its terms. All provisions relating to proprietary rights, warranty disclaimers, and limitations of liability shall survive termination.
3. No Sublicensing or Assignment
Except as explicitly provided in Section 1, you may not sublicense, transfer, or assign any rights or licenses in the Script Software. Any attempted sublicense, transfer, or assignment will be void.
4. Restrictions
You are prohibited from:
- Decompile, disassemble, or reverse engineer the Script Software.
- Modify or create derivative works based on the Script Software, except as explicitly allowed in this Agreement.
- Copy the Script Software, except for archival purposes or as necessary to use it as licensed by Codeguardian.ai.
- Use the Script Software in any manner that violates applicable law or to support or facilitate any illegal activity.
5. Ownership
Codeguardian.ai and its licensors retain exclusive ownership of all intellectual property rights in the Script Software, including all modifications and derivative works. This Agreement does not transfer any rights, title, or interest in the Script Software except as expressly set forth herein.
6. Export Compliance
You must comply with all applicable export laws and regulations in using the Script Software. You agree not to use the Script Software in any manner prohibited by applicable laws.
7. Confidentiality
You agree to maintain the confidentiality of any proprietary information related to the Script Software and use it solely for the purposes permitted under this Agreement.
8. Warranty and Disclaimer
The Script Software is provided "AS IS," and Codeguardian.ai makes no warranties of any kind, express or implied, as to the Script Software's functionality or compatibility with any other software or hardware.
9. Limitation of Liability
Codeguardian.ai will not be liable for any direct, indirect, incidental, special, or consequential damages resulting from the use or inability to use the Script Software.
General
This Agreement is governed by the laws of the jurisdiction in which you obtained the license, without regard to conflict of law principles. Any legal proceedings arising out of this Agreement will be conducted in the appropriate courts of that jurisdiction.
Codeguardian.ai Professional Services Agreement
Introduction
This Professional Services Agreement ("Agreement") is a binding legal document between you ("Client") and Codeguardian.ai, applicable to the professional services ("Services") provided by Codeguardian.ai. By signing a Statement of Work ("SOW") or issuing a purchase order for services described in a Service Description ("SD"), you agree to the terms outlined herein.
1. Services
Codeguardian.ai will provide Services as detailed in the SOW or SD. These Services are designed to enhance your utilization of Codeguardian.ai’s network security products. Upon mutual execution of an SOW, or acceptance of your purchase order, Codeguardian.ai’s qualified personnel will perform the Services in accordance with the specifications and timelines stipulated in the SOW or SD.
2. Payment and Taxes
- Fees: You will pay for the Services within thirty (30) days of the invoice date. Overdue payments will accrue interest at the highest rate allowed by law.
- Taxes: All fees exclude taxes and duties. You are responsible for all sales, use, value-added, and other taxes or duties, except for taxes based on Codeguardian.ai's income.
3. Confidential Information
Both parties may have access to confidential information. Each party agrees to keep this information confidential and not disclose it to third parties without prior written consent, except for legal advisors who agree to similar confidentiality terms. This confidentiality obligation excludes information that is publicly available or independently developed without using the confidential information.
4. Client Data
The Services may require Codeguardian.ai to access your systems and data under your supervision, in accordance with your policies. All Codeguardian.ai personnel comply with confidentiality obligations and have passed appropriate background checks.
5. Subcontractors
Codeguardian.ai may engage subcontractors to perform Services. We will ensure these subcontractors adhere to confidentiality commitments and remain responsible for their compliance.
6. Intellectual Property
- Ownership: Codeguardian.ai retains all rights to any deliverables created during the Services, granting you a limited, non-exclusive license for internal business use in connection with the Services.
- Client IP: Any pre-existing intellectual property you provide remains your property.
7. Warranties and Disclaimers
- Services Warranty: Codeguardian.ai warrants that Services will be performed professionally in accordance with industry standards.
- Disclaimer: Except as expressly provided, Codeguardian.ai disclaims all other warranties, including any implied warranties of merchantability or fitness for a particular purpose.
8. Limitation of Liability
Codeguardian.ai’s liability for any claims related to this Agreement is limited to the amount you paid for the Services in the twelve (12) months preceding the claim. We are not liable for consequential or incidental damages.
9. Term and Termination
- Term: This Agreement is effective until completed or terminated.
- Termination for Cause: Either party may terminate the Agreement on material breach not cured within 30 days of written notice.
10. General
- Governing Law: This Agreement is governed by the laws of California or England and Wales, depending on your location.
- Entire Agreement: This Agreement supersedes all prior agreements regarding its subject matter.
- Amendment: Any amendments must be in writing and signed by both parties.
11. Compliance
Both parties will comply with all applicable laws and regulations, including export control and anti-corruption laws.
Codeguardian.ai Migration Tool Agreement
Introduction
This Migration Tool Agreement ("Agreement") is a legal contract between you ("You" or "Your") and Codeguardian.ai ("we," "us," or "our"). This Agreement governs your use of the Migration Tool provided by Codeguardian.ai. By downloading, installing, registering, accessing, or using the Tool, you acknowledge that you accept and agree to be bound by the terms of this Agreement.
1. License Grant
Codeguardian.ai grants you a revocable, non-exclusive, non-transferable, non-sublicensable license to use the executable form of the Migration Tool solely for your internal business purposes in connection with Codeguardian.ai products or services. All rights not expressly granted to you are reserved by Codeguardian.ai.
2. Term
This license remains in effect until terminated. Codeguardian.ai may terminate this Agreement at any time without notice if you violate its terms. Upon termination, you must cease all use of the Tool and delete all copies in your possession.
3. Restrictions
You may not:
- Sublicense, transfer, or assign the Migration Tool.
- Modify, adapt, or create derivative works from the Tool.
- Decompile, reverse engineer, or disassemble the Tool, except as allowed by law.
- Use the Tool for any unlawful purpose or in any manner not authorized by this Agreement.
4. Ownership
Codeguardian.ai retains all rights, title, and interest in the Migration Tool, including any updates, enhancements, and modifications. You acknowledge that the Tool is licensed, not sold, and you do not acquire any ownership rights by using the Tool.
5. No Support
Codeguardian.ai is not obligated to provide support, maintenance, updates, or enhancements to the Migration Tool.
6. Confidentiality
The Tool and any related documentation are considered confidential information of Codeguardian.ai. You agree to maintain the confidentiality of this information and to use it solely for lawful purposes within the scope of this Agreement.
7. Indemnification
You agree to indemnify, defend, and hold harmless Codeguardian.ai from any claims, damages, liabilities, costs, and fees (including reasonable attorney fees) arising from your use of the Tool or your breach of this Agreement.
8. Disclaimer of Warranties
The Migration Tool is provided "as is" without any warranties, express or implied, including but not limited to implied warranties of merchantability or fitness for a particular purpose. Codeguardian.ai does not warrant that the Tool will meet your requirements or operate without interruption or errors.
9. Limitation of Liability
Codeguardian.ai will not be liable for any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to damages for loss of profits, goodwill, use, or data, even if advised of the possibility of such damages.
10. General Provisions
This Agreement is governed by the laws of the jurisdiction in which Codeguardian.ai is located. Any legal action related to this Agreement must be brought in the courts located in the jurisdiction of Codeguardian.ai. This Agreement constitutes the entire agreement between you and Codeguardian.ai regarding the Migration Tool.
This rewritten document aligns with Codeguardian.ai’s focus on providing comprehensive and secure cybersecurity solutions, while clearly outlining the terms and conditions for the use of its Migration Tool. Adjustments can be made based on specific legal requirements or operational needs.
Codeguardian.ai Enterprise Agreement for Attached Subscriptions
1. Description
This Enterprise Agreement for Attached Subscriptions (the "Agreement") is designed for customers utilizing Codeguardian.ai's hardware firewalls. This volume licensing arrangement provides unlimited access to firewall subscriptions for a specified term, streamlining the purchasing, renewal, and deployment processes while optimizing network security management and cost efficiency.
2. Term
The term of this Agreement commences upon purchase and is valid for 1, 3, or 5 years as specified in your quote. Note that the 5-year option is available only to select customer accounts, subject to eligibility criteria set by Codeguardian.ai.
3. Features and Benefits
Upon purchase, the Agreement entitles you to the following firewall subscriptions for the duration of the term:
- DNS Security
- GlobalProtect Gateway
- Advanced URL Filtering
- Advanced Threat Prevention
- Advanced WildFire (effective from January 17, 2023)
- SD-WAN (PAN-OS) (effective from December 1, 2022)
These subscriptions are applicable to all existing Codeguardian.ai hardware firewalls within your organization.
4. Financial Forecasting
At the time of purchase and upon renewal, you are required to forecast the potential addition of hardware firewalls during the term, calculated based on the product list price ("Incremental Hardware Value").
5. Subscription Entitlements
- For a 1-year term: You may utilize the subscriptions on an unlimited number of hardware firewalls, provided these are purchased and registered to your account during the term.
- For 3-year and 5-year terms: You are entitled to use the subscriptions on all existing hardware devices plus up to 120% of the Incremental Hardware Value.
6. True-Forward and Management Options
If utilization exceeds 120% of the Incremental Hardware Value, you have the following options:
- True-Forward Add-on SKU: Purchase an add-on SKU to increase the Incremental Hardware Value.
- Decommission: Remove specific devices from the Agreement to comply with the 120% cap.
- Early Renew: You may renew early during the 3rd or 5th year to reset the Incremental Hardware Value.
- Separate Subscription Purchase: Purchase subscriptions separately for hardware exceeding the Incremental Hardware Value.
7. Add-on Subscriptions
You may add subscription products such as IoT Security, Enterprise DLP, AIOps, and SaaS Security under a unified license agreement for easy deployment and activation during the term.
8. Limitations
This Agreement does not cover:
- Hardware acquired through merger, acquisition, or divestiture during the term.
- Managed services hardware or hardware supported by a third party.
- Software licenses including AutoFocus, Cortex, and Prisma Access among others.
9. Legal Compliance
Both parties agree to comply with all applicable laws and regulations. You are responsible for all associated costs, including taxes, fees, penalties, or fines that apply to your use of the Sub-ELA.
10. Conflict Resolution
This Agreement supplements and takes precedence over any conflicting terms in the standard Codeguardian.ai End User Agreement concerning the Sub-ELA.
Codeguardian.ai Enterprise Hardware Support Agreement
Introduction
This Enterprise Hardware Support Agreement ("Agreement") is established between you, the customer ("Customer"), and Codeguardian.ai, in conjunction with the deployment and use of Codeguardian.ai hardware firewalls. This Agreement facilitates a volume pricing arrangement that grants the Customer unlimited access to support and maintenance services for a specified term, enhancing the purchasing, renewal, and deployment processes while efficiently managing network security expenses.
1. Description
Under this Agreement, Codeguardian.ai offers an enterprise program that provides comprehensive support and maintenance for Codeguardian.ai hardware firewall products. Each Customer can choose between Platinum or Premium Support levels but cannot combine both within the same contractual framework.
2. Term
The Agreement term is effective upon purchase for a duration of either 1, 3, or 5 years, as specified in the accompanying quote. Notably, 5-year terms are available exclusively to select Customer accounts based on eligibility criteria determined by Codeguardian.ai.
3. Features and Benefits
- Support Coverage: The Agreement entitles the Customer to support and maintenance across the entire inventory of Codeguardian.ai hardware firewall products during the term.
- Support Levels: Customers can opt for either Platinum-level or Premium-level support but must select one for all hardware. U.S. Government-level support is available for eligible U.S. Government entities at the Premium level only.
- Incremental Hardware Forecast: At the commencement and upon renewal, the Customer must forecast potential additions to their hardware firewall inventory based on the list price ("Incremental Hardware Value").
4. Re-purchases
Upon expiration of the term, renewal of the Agreement must consider the Customer's existing deployment and anticipated future requirements. Any early renewal or amendment is subject to the current terms at the time of renegotiation.
5. Management of Overages
Should the Customer exceed 120% of the Incremental Hardware Value, the following options are available:
- True-Forward Add-on SKU: Purchase an additional SKU to adjust the Incremental Hardware Value for the remainder of the term.
- Decommission: Remove specified hardware from the Agreement to comply with the 120% cap.
- Early Renewal: With approval, renew early to reset the Incremental Hardware Value.
6. Flexibility with Cloud Migration
For Customers transitioning to the cloud, unused portions of the ESA can be credited towards Prisma Access and/or FW Flex credits, offering flexibility as infrastructure needs evolve.
7. Exclusions
The ESA does not cover:
- Hardware acquired through mergers, acquisitions, or as part of asset purchases during the term.
- Hardware managed by third parties or designated for third-party support.
- Inactive hardware that the Customer has opted not to renew.
8. Compliance and Legal Obligations
Both parties agree to comply with all applicable laws and regulations. The Customer is responsible for all related costs, including taxes, fees, penalties, or fines.
9. Resolution of Conflicts
This Agreement takes precedence over any conflicting terms in the standard Codeguardian.ai End User Agreement, specifically in relation to the purchase of this ESA.