.svg)
.svg)
Security & Privacy
Legal Documents
In Picus, your privacy is protected in an open and transparent manner. Also, the use of our website and services are subject to terms and conditions, which are bounded by legal agreements. Below, you can find all related legal documents.
1. INTRODUCTION
This Privacy Policy applies to Picus Security, Inc. and its Affiliates listed in Section 10 (“Picus,” “us,” “we,” or “our”).
Picus is committed to protecting and respecting your personal information and privacy. This Policy outlines and is limited to the personal data processing practices carried out through the use of our Websites (www.picussecurity.com and app.picussecurity.com), our Services (as described below), and any other electronic communications networks by Picus.
Please read this Policy carefully to understand how and why we collect, process, and use your information.
By using our Website and Services, you agree to this Privacy Policy.
2. COLLECTION OF YOUR PERSONAL INFORMATION
Personal Data is any information that directly or indirectly identifies a natural person. We will ask for your consent when we need information that personally identifies you (personal information) or allows us to contact you to provide a service or carry out a transaction that you have requested, such as receiving information about Picus Security products and services, ordering email newsletters, joining a limited-access site or service, or purchasing, downloading and/or registering Picus Security products.
The channels and types of personal information we may collect, including but not limited to, are listed below:
Information you directly provide to us:
a. Free-trial: Under your free-trial requests, we may collect your first name, last name, company name, company email, and country information.
b. Account: We may collect our customers’ company email addresses when logging into our online platform.
c. Demo Request: Under your demo requests, we may collect your first name, last name, company email address, company name, phone number (optional), and country information.
d. Contacting us: When you make inquiries, such as scheduling a demo, learning about pricing, or upgrading a product, we may collect your first name, last name, company email, company name, job title, country, phone number (optional) information and any descriptive message you submit to facilitate your inquiry.
e. Job application: We receive your job applications through a third-party platform. If you apply for a job at Picus, we may collect your full name, email, resume/CV, phone (optional), current company (optional), LinkedIn Profile (optional), and any other optional information submitted within your application.
f. Partner account & User application: Under our partner program, we may collect your corporate email address.
g. Picus Technology Alliances Partner Program application: Under our Technology Alliances Partner Program (TAP), we may collect your first name, last name, work email, and role.
h. Picus Technology Alliances Team meeting request: For meeting requests with the Picus Technology Alliances Team, we may collect your first name, last name, and email address.
i. Blog: If you subscribe to our blog, we may collect your company email address.
j. Purple Academy by Picus: If you wish to obtain a service from Purple Academy, we may collect your full name, company email address, company, country, and job title information.
k. Webinars, Case Studies & Reports: For webinars, case studies, and reports requests, we may collect your company email address.
l. Exclusive Reports: Under exclusive report requests, we may collect your full name, company email address, title, company name, and country information.
We may also collect your personal data such as your first name, last name, and email address when you follow us on social media, attend our events, or correspond with us by phone, email, social media, or otherwise.
Information from your visits to our website:
Our website enables us to communicate with you about us, our products, and our services. Even if you do not login with an account, we may automatically collect certain information each time you visit our website. This may include the name of the Internet Service Provider, Internet Protocol (IP) address, date and time of access browser type and version, time zone setting, operating system and platform, pages accessed, and the Internet address of the website from which you linked directly to our website. This information is mainly used to provide access to our website, improve the webpage view, and adapt to device settings and language. We also use this information to analyze trends and to improve our website and online services.
We process such personal data pursuant to Article 6(b) of the GDPR, as it is necessary to respond to your inquiry. For more details about automatically collected information about your visit to our website, please see our Cookie Policy.
Information from other resources:
We may also collect your personal information indirectly from third party sources such as business partners, advertising networks, payment and delivery services as well as public records, such as social media platforms and industry associations. Please note that, in such cases, we strive to ensure that these parties adhere to privacy standards consistent with ours; however, we do not have any liability or responsibility over their use, storage, and disclosure of your personal information, as governed by their own privacy policies.
3. USE AND CONTROL OF YOUR PERSONAL INFORMATION
The purposes and processes for processing personal data by Picus vary according to the category of the individual (i.e. customer, potential customer, visitor, employee candidate, etc.) and the type of personal data.
Consistent with applicable law and choices that may be available to you, we may use your personal information for purposes, including but not limited to:
-
Fulfilling contractual obligations and providing requested information, products, and services;
-
Personalizing your experience on our website and services and customizing content;
-
Carrying out marketing activities, as per your preferences and active consent where applicable;
-
Responding to inquiries and requests, and capturing related data;
-
Administering, operating, optimizing, and improving the quality of our website, products, services, and operations;
-
Notifying you of changes to our company, products, services, terms of use and conditions;
-
Communicating about products or services you requested;
-
Maintaining a secure environment by detecting, investigating, and preventing fraudulent or illegal activities;
-
Complying with legal requirements and standards.
We will send you information according to the preferences submitted via our online forms and in accordance with any consent you have actively given, where applicable. You may change these preferences and/or withdraw your consent at any time.
Based on your consent, we may send emails informing you of issues related to a product or service you requested or confirming you requested a product or service, such as invoices and confirmations. We may also occasionally communicate with you regarding our products, services, news, and events. You have the option not to receive this information. You can unsubscribe at any time by following the instructions at the bottom of our promotional emails.
Except as otherwise described in this statement, the personal information you provide on the Website will not be shared outside of Picus Security and its controlled subsidiaries and affiliates without your permission.
4. COOKIES
Cookies are text files placed on users' computers by visited websites. They can be used by web servers to identify and track users as they navigate different pages on a website and to identify users returning to a website.
We use cookies on our Websites www.picussecurity.com and app.picussecurity.com, to determine visitor preferences, facilitate user requests, improve website experiences, keep our services secure, and conduct online behavioral advertising.
For more detailed information, including cookie types and administration, please visit our Cookie Policy.
5. SECURITY, STORAGE AND TRANSFER OF YOUR PERSONAL INFORMATION
In Picus, we implement technical and administrative measures to protect your personal data and prevent any unauthorized access, disclosure, use, and modification. We use industry standard technologies, operational security methods, and cyber security products for the protection of collected personal data. In this context, we regularly review and validate the adequacy and effectiveness of our security controls, tools, and procedures to maintain a secure environment. Please note that no security measures are fully-secure or impenetrable. For more information, please see our Corporate Practices.
All systems related to Picus products are cloud based. As a globally operated company, the destination where we store or transfer your personal information may be different from the country in which the data was collected. Regardless of the country that we transfer, store, or process your data, we will take reasonable steps to ensure that your data is treated securely and in accordance with this Policy.
6. RETENTION OF YOUR PERSONAL INFORMATION
Picus retains personal information only for the period necessary to fulfill the purposes for which they were collected and, thereafter, for a reasonable period to meet audit, contractual, or legal obligations or where we have a legitimate interest in retaining it. In this context, retention periods for each type of personal data are determined, and if there is no reason to keep certain personal data, it is destroyed in accordance with the current legislation.
Adequate technical and administrative measures have been implemented within our Information Security Management System to ensure secure storage and destruction of personal information.
7. YOUR RIGHTS
We respect your privacy. If you wish to exercise your privacy and data subject rights subject to applicable law such as GDPR, CCPA, or KVKK, please fill out the initial request form here so that we can provide you the appropriate data subject request form depending on the legal source of your request.
8. CHILDREN AND SENSITIVE DATA
a. Children: Our Website, application, and services are intended for business use and we do not expect them to be of any interest to minors. We do not knowingly or intentionally collect personal data from anyone under 16 years of age.
b. Sensitive data: We do not collect or receive any sensitive categories of personal data. Also, we ask you to not send or disclose any sensitive personal information to us directly or through our products and services.
9. CONTACT US
If you have questions or concerns about this Policy or its implementation, please contact us by email at privacy@picussecurity.com.
10. AFFILIATES
Picus Security, Inc.; Picus Bilişim Güvenlik Ticaret A.Ş.; Picus Security US, LLC.
11. CHANGES TO THIS PRIVACY POLICY
We review this Privacy Policy regularly and may change it to reflect our product and service updates, corporate practices, regulatory requirements, or other purposes.
We encourage you to frequently check this page as we always display the latest modification date on this Policy. When required under applicable law and/or the change is significant, we will also notify you by using other means, such as email.
Last Updated: 01.11.2024
1. INTRODUCTION
Picus Security Inc., along with its affiliates, Picus Bilişim Güvenlik Tic. A.Ş. and Picus Security US, LLC (“Picus Security” or “Company”), collect personal data for various purposes via cookies through our websites www.picussecurity.com and app.picussecurity.com (“Websites”). This Cookie Policy explains what cookies are, how we use them, and how you can manage your preferences. For more information on how we collect, store, and use your personal data, please refer to our Privacy Policy.
Please note that this policy may be updated from time to time to reflect changes in our Websites, applicable laws, regulatory requirements, or company practices.
2. WHAT ARE COOKIES?
Cookies are small text files that are placed on your device by websites you visit. They are widely used to make websites work more efficiently, to enhance user experience, and to provide information to the website owners. Cookies typically contain information such as a unique identifier that a website uses to recognize your device on subsequent visits.
They are commonly used on our Websites and most other websites to ensure that they function effectively according to the preferences of visitors and to provide detailed information to the administrators of the respective websites.
3. WHY DO WE USE COOKIES?
We mainly use cookies to:
-
Recognize your device and remember your preferences when you visit our Websites,
-
Facilitate and improve your experience on our Websites,
-
Analyze website usage and improve usability,
-
Manage the administration of our Websites,
-
Conduct online behavioral advertising activities.
Cookies typically do not contain information that directly identifies you, such as your name or contact details. However, they may contain unique identifiers or other data that, when combined with other information we collect, could be used to recognize or remember you across different sessions or websites. This allows us to personalize your experience on our Websites by remembering your preferences, recognizing you on future visits, and tailoring content to your interests.
4. TYPES OF COOKIES AND THEIR USE PURPOSES
Our Websites may place and access certain cookies on your web browser. We have carefully chosen these cookies and have taken steps to ensure that your privacy and personal data are protected and respected at all times.
Cookies, depending on who implements them, can be categorized as follows:
a. First-party cookies: These cookies are issued by our Websites and are only used within our domain to provide a better user experience.
b. Third-party cookies: These cookies are issued by third parties to provide services on our Websites and are placed from different domains.
When you use our Websites, you may also receive third-party cookies from our service providers. These third-party cookies may be used for the following purposes:
-
Tracking your browsing behavior across multiple websites
-
Building a profile of your web surfing habits
-
Targeting advertisements that may be of particular interest to you
We use both third-party cookies and our cookies to show you personalized ads on various websites. This practice, known as "retargeting", is based on your clicks, the pages you browse on our Websites, the products you view, and the advertisements that are shown to you. We also use cookies as part of our online marketing campaigns to understand how users interact with our Websites after seeing online ads, including those displayed on third-party websites. You can delete these cookies from your browser at any time.
For more information on how these third-party companies collect and use information on our behalf, please refer to the privacy policies listed in Table 1 below.
5. COOKIES ON OUR WEBSITES
The categories of cookies we use on our Websites include:
Necessary: These cookies are necessary for the website to function and cannot be switched off in our systems.
Analytics/Targeting: These non-essential cookies help us to understand how visitors engage with the website. These cookies are mainly used to collect information and report site usage statistics without personally identifying individual visitors.
Advertisement: These cookies are used to make our ads more engaging and relevant to site visitors.
Functionality: These cookies are optional for the website to function. They are usually set in response to information provided to the website to personalize and optimize your experience as well as remember your chat history.
When you visit our Websites and/or log in to our Platform (app.picussecurity.com), we may send you cookies related to the following web analytics, targeting, and advertisement services:
Table 1: Advertisement, Analytics/Targeting Cookies Used on our Websites
|
Service Provider |
Website |
Purpose |
Type of cookie |
Related Privacy Policies |
|
Google Analytics, Google Tag Manager |
www.picussecurity.comapp.picussecurity.com |
Analytics/Targeting |
First-party |
|
|
Hubspot |
www.picussecurity.com |
Analytics/Targeting |
First-party |
Hubspot Privacy Policy, Cookies set in a visitor's browser by HubSpot |
|
Hotjar |
www.picussecurity.comapp.picussecurity.com |
Analytics/Targeting |
First-party |
|
|
Heap |
app.picussecurity.com |
Analytics/Targeting |
First-party |
|
|
|
www.picussecurity.com |
Advertisement, Analytics/Targeting |
Third-party |
|
|
Poptin |
www.picussecurity.com |
Analytics/Targeting |
First-party |
|
|
New Relic |
app.picussecurity.com |
Analytics/Targeting |
Third-party |
|
|
Sentry |
app.picussecurity.com |
Analytics/Targeting |
Third-party |
|
|
Youtube |
www.picussecurity.com |
Advertisement |
Third-party |
|
|
|
www.picussecurity.com |
Advertisement |
Third-party |
|
|
Visitor Queue |
www.picussecurity.com |
Analytics/Targeting |
Third-party |
|
|
6Sense |
www.picussecurity.com |
Analytics/Targeting |
Third-party |
|
|
Userguiding |
app.picussecurity.com |
Analytics/Targeting |
First-party |
These cookies are not integral to the functioning of our site, and your use and experience of our site will not be impaired by blocking or deleting them. However, certain features of our site may not function fully or as intended.
Our Websites use Google Analytics, an analysis service of Google Inc. ("Google"). On the other hand, Google Analytics uses cookies to enable the analysis of website usage. The information generated by cookies about the use of the website is transmitted to and stored on a Google server in the USA. Upon the instruction of the operator of this website, Google uses this information to prepare reports to evaluate your use and provide related services. The IP address transmitted from your browser within the framework of Google Analytics is not combined with other data from Google. If you do not want these cookies to be stored, you can adjust your settings accordingly in your browser.
In addition, our website (www.picussecurity.com) may also use Google AdWords and double-click cookies for statistical purposes.
If you think we have missed a cookie, please let us know by sending an email to security@picussecurity.com.
6. HOW TO CONTROL COOKIES
You have the right to choose whether to accept or reject cookies. When you first visit our website, you will see a cookie consent banner, which allows you to opt-in or opt-out of specific types of cookies. You can also opt-out of specific cookies as well. Please note that blocking specific types of cookies may negatively impact your experience on the site and limit the services we are able to provide.
You can also change your browser settings to delete existing cookies or prevent new cookies from being placed on your device. Please note that deleting or blocking certain types of cookies may negatively impact your experience on the site and limit the services we are able to provide.
To opt-out of Google Analytics tracking, you can install and activate the plug-in provided by Google.
7. FURTHER INFORMATION ON COOKIES
To learn more about cookies, including how to see which cookies have been set and how to manage and delete them, you can visit the following websites: All About Cookies, About Cookies, Your Choices Online, and Cookie Database.
8. CONTACT
If you have any questions about our use of cookies, please contact us at security@picussecurity.com
Last Updated: 02.09.2024
Picus SUBSCRIPTION Agreement
IMPORTANT – CAREFULLY READ ALL THE TERMS AND CONDITIONS OF THIS PICUS SUBSCRIPTION AGREEMENT (THE “AGREEMENT”). BY SIGNING AN ORDER FORM INCORPORATING THIS AGREEMENT, CLICKING “I ACCEPT”, CLICKING “CREATE”, PROCEEDING WITH THE INSTALLATION AND/OR ACCESS AND USE OF THE PICUS SOLUTIONS, OR USING THE PICUS SOLUTIONS AS AN AUTHORIZED REPRESENTATIVE OF YOUR COMPANY NAMED ON THE APPLICABLE ORDER FORM ON WHOSE BEHALF YOU INSTALL AND/OR USE THE PICUS SOLUTIONS, YOU ARE INDICATING THAT YOU HAVE READ, UNDERSTOOD, AND ACCEPT THIS AGREEMENT WITH PICUS (AS DEFINED BELOW). IF YOU DO NOT AGREE WITH ALL OF THE TERMS OF THIS AGREEMENT, DO NOT INSTALL, COPY, OR OTHERWISE USE THE PICUS SOLUTIONS. THE EFFECTIVE DATE OF THIS AGREEMENT SHALL BE THE DATE THAT YOU SIGN AN ORDER FORM WITH PICUS OR OTHERWISE ACCEPT THIS AGREEMENT.
1. DEFINITIONS. Capitalized terms used in this AGREEMENT shall have the meaning given to them in Schedule 1: Definitions, attached hereto.
2. ORDERS.
2.1. Formation. This AGREEMENT governs the overall relationship of the parties in relation to Customer’s use of the Picus Solutions. Customer is not permitted to use the Picus Solutions until it has recorded its consent to this AGREEMENT via a signed Order Form referencing this Agreement or an electronic acceptance of this Agreement. Each executed Order Form creates a separate Agreement between Picus and Customer. Upon Picus’ written acceptance of the Order Form, Picus or its Partner (as defined below) shall provide Customer with a license certificate evidencing the purchase of the Picus Solutions.
2.2. Informal. Provision of the Picus Solutions, Support, or any other products or services provided by Picus or its Affiliates to Customer or its Affiliates is governed by this AGREEMENT unless otherwise agreed in writing by the parties.
2.3. Affiliate Orders. If an Order Form incorporating this AGREEMENT is executed by an Affiliate of either party, the terms “Customer” and “Picus”, as used in this AGREEMENT, shall be read to mean the applicable Customer Affiliate and/or Picus Affiliate that executed the applicable Order Form.
2.4. Orders through Partners. If Customer purchases the Picus Solutions from or through an authorized distributor, reseller, or managed services provider (each a “Partner”), Customer’s and its Users’ access to and use of the Picus Solutions will be governed by this AGREEMENT. Instead of Customer paying Fees to Picus, Customer will pay applicable amounts to the Partner as agreed upon between Customer and Partner, and Partner will pay Picus the Fees set forth in the applicable Partner Order (defined below). Customer’s order details (e.g., scope of use including Permitted Capacity, Subscription Term, and Fees) will be as stated in the order form placed by Partner with Picus on Customer’s behalf (“Partner Order”). Partner is responsible for the accuracy of such Partner Order. Picus may suspend or terminate Customer’s rights to access and use the Picus Solutions if it does not receive the corresponding payment from Partner. This AGREEMENT is directly between Picus and Customer and governs all use of the Picus Solutions by Customer and its Users. Partners are not authorized to modify this AGREEMENT or make any promises, representations, warranties, or commitments on Picus’s behalf, and Picus is not bound by any obligations to Customer other than as set forth in this AGREEMENT. Picus is not a party to (or responsible under) any separate agreement between Customer and Partner and is not responsible for any Partner’s acts, omissions, products, or services. The amount paid or payable by Partner to Picus for Customer’s use of the Picus Solution under this Agreement will be deemed the amount paid by and due from Customer to Picus under this AGREEMENT.
3. PICUS SOLUTIONS.
3.1. License Grant. Subject to Customer’s compliance with the terms and conditions of the Agreement, including payment of all applicable fees, Picus hereby grants to Customer for its internal business purposes a limited, non-sublicensable, non-exclusive, non-transferable, worldwide license, solely during the Subscription Term or Trial Period, as applicable and as set forth in the Order Form, to:
(a) either:
(i) install, execute, and use, or permit Users to install, execute, and use, in object code form only, the Software on Customer-provided infrastructure; or
(ii) access and use the Cloud Service; and
(b) reproduce and use a reasonable number of copies of the Documentation for use with the Picus Solutions.
(c) shall ensure that use of the Picus Platform is subject to the restrictions and limitations contained in this Agreement, including the export control law requirements.
Picus shall own and retain all right, title, and interest in the Picus Solutions and all intellectual property rights inherent therein, including – without limitation – all changes or improvements requested or suggested by Customer, notwithstanding any use of terms such as "purchase", "sale", or the like within this Agreement. Customer agrees that its use of the Picus Solutions will be solely to facilitate satisfaction of its obligations under this Agreement. Should Customer use the Picus Solutions for any other purpose (including Customer's internal or production use), Customer agrees to report such use to Picus, to pay the applicable fee (on a pro-rata basis) for any past use, and to enter into an agreement to purchase a license for the Picus Solutions. Any unauthorized use of the Picus Solutions will be deemed to be a material breach of this Agreement.
3.2. Control Systems.
(a) Upon execution of this Agreement and subject to the terms outlined in this Agreement, Customer may use the Picus Solutions to test the defensive capabilities of the Control Systems that the Picus Solutions are designed to test. The Picus Solutions may not cover all of Customer’s identified Control Systems, and Picus may unilaterally add or remove different Control Systems categories provided by the Picus Solutions.
(b) Customer authorizes Picus to perform Security Validation tests on Control Systems specified by Customer. Picus will provide Customer with the results of any Security Validation tests automatically via the Picus Solutions user interface. The Picus Solutions aim at revealing which threats identified by Customer are blocked and not blocked by the Control Systems used in Customer’s different digital environments, and Customer acknowledges that Security Validation test results may differ for the same security control technology in use in different environments. Picus shall not be held liable if the Picus Solutions fail to discover certain security or configuration shortcomings on the target Control Systems and shall not become subject to any claim and request (including but not limited to compensation, damage, loss, or reimbursement) related to any such failure.
3.3. Trial Versions and Beta Features.
3.3.1. Beta Features. Beta Features may be subject to additional beta terms as provided by Picus from time to time. Picus may, in its sole discretion: (i) cease providing Beta Features at any time; or (ii) cease providing Beta Features free of charge and require Customer to purchase such features for continued use as part of the Picus Solutions. Customer will not attempt to circumvent, dismantle, or otherwise interfere with any time-control disabling functionality in any Beta Feature that causes the Beta Feature to cease functioning.
3.3.2. Trial Versions. Picus may provide the Trial Version free of charge for a time period of two weeks days or such longer period as may be granted by Picus (“Trial Period”). Picus may extend the Trial Period in its sole and exclusive discretion. Picus may immediately terminate Customer’s access to and use of the Trial Version at any time. Picus will have no liability under the Agreement arising out of or related to any use of a Trial Version by Customer or any End User or the deletion of any data generated during the Trial Period. Any use of a Trial Version is solely at Customer’s own risk and may be subject to additional requirements as specified by Picus. Picus is not obligated to provide Support for any Trial Version, and all Trial Versions are provided as-is without warranty. Customer agrees to use the Trial Version in a non-production environment.
3.4. Support. Picus will provide Customer with Support for the Picus Solutions. Customer may obtain Support from Picus by logging a support request in the Picus support portal (currently available at the following URL: https://support.picussecurity.com/) or by sending a support request to the TAC (Technical Assistance Center) team.
3.5. Compliance with Laws. In performing its duties hereunder and in any of its dealings with respect to the Picus Solutions, Customer will comply with all applicable international, national, state, regional, and local laws and regulations, including data protection, data privacy, export control, and anti-corruption laws. Picus shall not be responsible for Customer’s compliance with applicable laws. With respect to any Customer Information, the parties acknowledge that, under the EU General Data Protection Regulation (“GDPR”) and applicable personal data protection law, Picus is a data controller for Customer Information and will maintain and otherwise Process such Personal Information according to their own policies and procedures. Without limiting anything else in this Section 3, Customer represents and warrants that it (i) has all necessary rights and authorizations to disclose, transfer, provide, or cause to be disclosed, transferred or provided such Customer Information; (ii) will provide any required notice to and obtain any required consent from Customer and other third parties to the transfer to and Processing by Picus of such Customer Information. Picus will Process such Customer Information as part of its provision of the Picus Solution and any related Support and maintenance activities and services, and as otherwise stated in Picus Privacy Policy as may be updated from time to time by Picus. A current version of which is located here: https://www.picussecurity.com/trust-center/privacy-security
4. ADDITIONAL CUSTOMER RESPONSIBILITIES.
Customer: (i) must keep its passwords secure and confidential and use industry-standard password management practices; (ii) is solely responsible for the Content and all activity conducted through its account within the Picus Solutions; (iii) must use commercially reasonable efforts to prevent unauthorized access to its account and notify Picus promptly of any such unauthorized access; (iv) may use the Picus Solution only in accordance with the Documentation and applicable law; (v) is responsible for its Users’ compliance with the terms of the Agreement; and (vi) must not exceed the Permitted Capacity (defined below).
5. FEES AND PAYMENT.
5.1. Subscription Fees. Fees are due and payable as set forth on the Order Form. Unless otherwise stated on an Order Form, Customer shall timely pay all fees within thirty (30) days of the date of invoice. Payment obligations are non-cancelable, and fees paid are non-refundable. All payments shall be made in the currency stated on the Order Form. Picus may charge interest on overdue amounts at the lesser of 1.5% per month or the maximum legal rate and may charge Customer for any cost or expense arising out of collection efforts. Except as provided below in Subsection 5.2 (Permitted Capacity), there will be no fee increases during Customer’s Subscription Term; however, Customer’s fees are subject to increase upon renewal (including any auto-renewal) following expiration of the then-current Subscription Term.
5.2. Permitted Capacity. Customer understands that its right to use the Picus Solutions is limited by the Permitted Capacity purchased. Customer and its Affiliate's combined use may in no event exceed the Permitted Capacity authorized under the applicable Order. The Permitted Capacity may be defined during the registration process or on an Order Form. Customer may submit a request to increase Permitted Capacity at any time, and, upon execution of an Order Form, Customer will pay fees due for such increase at a prorated amount for the remainder of Customer’s then-current Subscription Term. Any Order Form for such an increase will renew concurrently with Customer’s then-current Subscription Term for a period equal to Customer’s initial Subscription Term.
5.3. Taxes. All fees are exclusive of Taxes (as defined below), and Customer shall pay or reimburse Picus for all Taxes arising out of transactions contemplated by this Agreement. If Customer is required to withhold any Tax for payments due, Customer shall gross up its payments to Picus so that Picus receives sums due in full, free of any deductions. As reasonably requested, Customer will provide documentation to Picus showing that Taxes have been paid to the relevant taxing authority. “Tax(es)” means any sales, VAT, use, withholding, or other taxes (other than taxes on Picus’s income), export and import fees, customs duties and similar charges imposed by any government or other authority. Customer hereby confirms that Picus can rely on the name and address that Customer provides to Picus when Customer agrees to the fees or in connection with Customer’s payment method as being the place of supply for sales tax and income tax purposes or as being the place of supply for VAT purposes where Customer has established its business.
6. CONFIDENTIAL INFORMATION.
As used in this Agreement, “Confidential Information” means any nonpublic information or materials disclosed under this Agreement by either party to the other party, either directly or indirectly, in writing, orally, or by inspection of tangible objects, which the disclosing party clearly identifies as confidential or proprietary. Picus’s Confidential Information includes the Picus Solutions and any information or materials relating to the Picus Solutions (including pricing), or otherwise. Confidential Information may also include confidential or proprietary information disclosed to a disclosing party by a third party.
The receiving party will: (i) hold the disclosing party’s Confidential Information in confidence and use reasonable care to protect the same; (ii) restrict disclosure of such Confidential Information to those employees or agents with a need to know such information and who are under a duty of confidentiality respecting the protection of Confidential Information substantially similar to those of this Agreement; and (iii) use Confidential Information only for the purposes for which it was disclosed, unless otherwise set forth in this Agreement. The restrictions will not apply to Confidential Information, excluding Personal Data, to the extent it: (i) is (or through no fault of the recipient, has become) generally available to the public; (ii) was lawfully received by the receiving party from a third party without such restrictions; (iii) was known to the receiving party without such restrictions prior to receipt from the disclosing party; or (iv) was independently developed by the receiving party without breach of this Agreement or access to or use of the disclosing party’s Confidential Information.
The receiving party may disclose Confidential Information to the extent the disclosure is required by law, regulation, or judicial order, provided that the receiving party will provide to the disclosing party prompt notice, where permitted, of such order and will take reasonable steps to contest or limit the steps of any required disclosure. The parties agree that, in addition to any other relief to which the non-breaching party may be entitled, any material breach of this Section 6 will cause irreparable injury and the non-breaching party may seek injunctive relief in a court of competent jurisdiction without the need of posting bond.
7. RESTRICTIONS. Except as expressly set forth in the Agreement, and to the maximum extent permitted by applicable law, Customer will not (and will not allow any third party to): (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive the structure of the Picus Solutions or the source code from the Picus Solutions; (ii) download or export the threat or attack libraries/codes from Picus Solutions; (iii) distribute, license, sublicense, assign, transfer, provide, lease, lend, rent, disclose, use for timesharing or service bureau purposes, or otherwise use for the benefit of any third party the Picus Solutions (iv) use or access the Picus Solutions in order to build a similar or competitive product or service or to disclose to any third party any benchmarking or comparative study involving the Picus Solutions; (v) modify, adapt, translate, or create derivative works of the Picus Solutions or Documentation; (vi) remove, alter, or obscure in any way any proprietary rights notices (including copyright notices) of Picus or its suppliers on or within the Picus Solutions or Documentation; or (vi) use the Picus Solutions on any hardware or other system not owned by Customer.
8. TERM AND TERMINATION.
8.1. Subscription Term. Subject to the termination rights set forth herein, the term of this AGREEMENT will commence on the Effective Date and will continue as long as the Picus Solutions is being provided to Customer under an Order Form. Unless otherwise agreed in the Order Form, the Subscription Term stated on an Order Form will automatically renew for successive terms of 12 months each unless either party gives the other party written notices of non-renewal not less than 45 calendar days before the expiration of the then-current Subscription Term.
8.2. Termination for Material Breach. Customer may terminate this Agreement immediately without further notice if Picus materially breaches its obligations under the Agreement and does not remedy such breach within 30 calendar days of receiving written notice of such breach from Customer. Picus may terminate an affected Order Form, all Order Forms, or the Agreement in place between Picus and Customer immediately without further notice if Customer materially breaches its obligations under the Agreement and does not remedy such breach within 30 calendar days of receiving written notice of such breach from Picus.
8.3. Termination for Dissolution, Bankruptcy. Subject to applicable law, either party may immediately terminate the AGREEMENT and/or any Order Form on written notice if the other party enters compulsory or voluntary liquidation or reorganization, enters into an assignment for the benefit of the creditors, ceases to carry on business, or takes or suffers any similar action which the other party reasonably believes means that it may be unable to pay its debts.
8.4. Parties’ Rights After Expiration or Termination. Expiration or termination of all or part of the Agreement shall not affect any accrued rights, remedies, obligations, or liabilities of the parties. Nothing in this Agreement shall constitute a waiver or limitation of any rights that Picus may have under applicable law. Customer may only use the Picus Solutions during the period for which Customer has paid the subscription fee.
8.5. Upon the Termination of an Applicable Order Form. Upon termination of an applicable Order Form: (i) the licenses granted under the Order Form for the Picus Solutions will immediately terminate, and Customer and its Users will immediately cease use of the Picus Solutions; (ii) Picus’s obligations to provide Support will immediately terminate; (iii) in the event of a termination for Customer’s breach of the Agreement, Customer will pay to Picus the full amount of any outstanding fees due hereunder; (iv) in the event of a termination for Picus’s breach of the Agreement, Picus will refund to customer the pro-rata amount of any prepaid but unused fees; (v) for Cloud Service Customers, Customer may request that Picus delete the Content belonging to Customer; and (vi) on Customer’s request, Picus will destroy, anonymize, inaccessible, or return all Customer Confidential Information in its possession or control and will not make or retain any copies of such information in any form, except that Picus may retain one archival copy of such information solely to ensure compliance with the Agreement; in the context of statistical/benchmark result analyzes that cannot be directly linked to the Customer or as required by applicable law or regulation.
8.6. Customer Acknowledgment. CUSTOMER ACKNOWLEDGES AND AGREES THAT THE PICUS SOLUTIONS MAY CONTAIN DISABLING CODE THAT (EITHER AUTOMATICALLY OR AT PICUS’S CONTROL) WILL RENDER THE PICUS SOLUTIONS (AND RELATED DATA) UNUSABLE UPON TERMINATION OR CUSTOMER’S BREACH OF THE AGREEMENT AND FAILURE TO CURE WITHIN 30 DAYS OF RECEIVING NOTICE OF SUCH BREACH FROM PICUS.
8.7. Survival. Sections 3 (Picus Solutions), 4 (Additional Customer Responsibilities), 5 (Fees a Payment), 6 (Confidential Information), 7 (Restrictions), 8 (Term and Termination), 9 (Proprietary Rights), 12 (Indemnification), 13 (Limitation on Liability), and 19 (Miscellaneous) shall survive any termination or expiration of this Agreement, along with any other provisions which by their express terms do survive or by their nature should survive.
9. PROPRIETARY RIGHTS. The Picus Solutions, Picus Content, and Picus Marks are licensed, not sold, under the terms of this Agreement. Use of “purchase” in conjunction with licenses under this Agreement does not imply a transfer of ownership. Except for the limited rights expressly granted by Picus to Customer under this Agreement, Customer acknowledges and agrees that all right, title, and interest in and to all copyrights, trademarks, patents, trade secrets, intellectual property (including without limitation algorithms, business processes, improvements, enhancements, modifications, derivative works, and information collected and analyzed in connection with the Picus Solutions), and other proprietary rights arising out of or relating to the Picus Solutions, Picus Content, and Picus Marks, and the provision of each, belong exclusively to Picus or its suppliers or licensors. All right, title, and interest in and to content which may be accessed through the Picus Solutions is the property of the respective owner and may be protected by applicable intellectual property laws and treaties. The Picus Solutions may include software products licensed from third parties ("Third Party Components”). Licensors of any Third Party Components shall have no obligations or liability to Customer under this Agreement but are third-party beneficiaries of this Agreement. All rights not expressly granted to Customer under this Agreement are reserved by Picus, and this Agreement does not grant any implied rights to the Picus Solutions, Picus Content, Picus Marks, or Third Party Components.
10. DATA SECURITY AND PRIVACY.
10.1. Content. Customer-owned Content remains the property of Customer. Customer represents and warrants to Picus that Customer has provided all required notices and has obtained all required licenses, permissions, and consents regarding Content for use within the Picus Solution. Customer grants Picus a perpetual, transferrable, worldwide, fully paid, royalty-free right and license to use the Content in accordance with this Agreement.
For the purposes of this Agreement, Customer Content includes data generated, provided, or collected during customer interactions with the Picus Platform, including but not limited to simulation and analytics results, as well as data gathered from customer actions through Picus products and services. Picus retains simulation run data, as part of Content data, for a limited duration in accordance with its data retention policies. Data exceeding this period will be deleted as part of routine data management. The security requirements stated in Section 10 constitute the sole contractual obligations of Picus regarding the handling, use, and security of Customer Content.
10.2. Data Security Measures and Data Processing Addendum.
(a) Security Measures. Picus (i) implements and maintains reasonable security measures appropriate to the nature of the Content including, without limitation, technical, physical, administrative, and organizational controls designed to maintain the confidentiality, security, availability, and integrity of Content; (ii) implements and maintains industry standard systems and procedures for detecting, preventing, responding to attacks, intrusions, or other systems failures and regularly tests or otherwise monitors the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designates an employee or employees to coordinate implementation and maintenance of its security measures (as defined below); and (iv) identifies reasonably foreseeable internal and external risks to the security, confidentiality, availability, and integrity of Content that could result in the unauthorized disclosure, access, misuse, alteration, destruction, or other compromise of such information.
(b) Data Processing Agreement. When legally required, the parties agree to comply with the terms of Picus’s Data Processing Agreement (the “DPA”); and also Policies that are presently found at the following URL: https://www.picussecurity.com/trust-center/ as may be periodically updated by Picus.
(c) Customer User Information. With respect to any User Information, the parties acknowledge that, under the terms of the DPA, Picus is a data processor for End User Information and will maintain and otherwise Process such Personal Information according to its own policies, procedures, and DPA requirements. Without limiting anything else in this Section, Customer represents and warrants that it (i) has all necessary rights and authorizations to disclose, transfer, provide, or cause to be disclosed, transferred, or provided, such User Information; (ii) will provide any required notice to and obtain any required consent from Users and other third parties to the transfer to and Processing by Picus of such User Information. Picus will Process such User Information as part of its provision of the Picus Solutions and any related Support services and as otherwise stated in Picus Privacy Policy, as may be updated regularly by Picus (the current version of which is located here: https://www.Picussecurity.com/trust-center/).
10.3. Statistical Data. Picus may utilize Content and other data, results, and analytics (“Statistical Data”) to improve the Picus Solutions for marketing and product improvement purposes and to manage its license models. To the extent used for external marketing purposes, Statistical Data will be aggregated and anonymized and will not identify Customer, its Users, or any natural person.
10.4. Cookies. Whenever Customer or Users interact with the Picus Solutions or Picus websites, Picus automatically receives and records some technical and usage information on its server logs from the browser or device, which may include user activities, IP address, and the type of browser and/or device being used to access the Picus Solutions or Picus websites, as further described in the Cookies Policy (the current version of which is located here: https://www.picussecurity.com/trust-center/).
11. WARRANTY AND DISCLAIMERS.
11.1. Picus Warranty.
(a) Picus warrants that for the duration of the Term: (i) it will not materially decrease the overall security of the Picus Solutions; (ii) it will not materially decrease the overall functionality of the Picus Solutions; (iii) the Picus Solutions will perform substantially in conformance with the Documentation; (iv) Picus will maintain all necessary licenses, consents, and permissions for performance of its obligations under the Agreement; and (v) it uses commercially reasonable efforts consistent with industry standards to regularly scan for and remove any Malware from the Picus Solutions. Customer acknowledges that the foregoing is null and void to the extent the Picus Solutions: (i) fail to conform with this warranty because of Customer’s use with any third-party hardware or software other than as authorized by Picus in the Documentation; (ii) are used other than in accordance with its published Documentation; or (iii) are used in breach of the Agreement. If the Picus Solutions do not conform with the warranties stated in this Subsection 11.1(a), then Customer’s sole remedy, and Picus entire liability, is to correct the non-conformance promptly.
(b) Availability SLA. Picus warrants that it will maintain the availability of the Cloud Service as provided in the Availability SLA attached hereto as Schedule 2.
11.2. Customer Warranty. Customer warrants that it has the full right, power, and authority to consent to the use the Picus Solutions to perform the Security Validation tests of the Control Systems set as target systems by Customer or its representatives.
11.3. Picus Warranty Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, THE PICUS SOLUTIONS, PICUS CONTENT, PICUS MARKS, SUPPORT, AND ALL OTHER PRODUCTS AND SERVICES PROVIDED HEREUNDER OR MADE AVAILABLE UNDER THIS AGREEMENT, INCLUDING THIRD PARTY HOSTED SERVICES OR SOFTWARE (COLLECTIVELY, FOR THE PURPOSES OF THIS PARAGRAPH, “PRODUCTS”), ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, PICUS DISCLAIMS AND EXCLUDES ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, SECURITY, LOSS OR CORRUPTION OF DATA, CONTINUITY, OR ABSENCE OF DEFECT RELATING TO THE PRODUCTS OR THE RESULTS OF THE SAME. PICUS DOES NOT WARRANT THAT THE PRODUCTS, INCLUDING ANY SPECIFICATIONS OR FUNCTIONS CONTAINED IN THEM, WILL MEET END USERS’ REQUIREMENTS, THAT THE PRODUCTS WILL BE ERROR-FREE, OR THAT DEFECTS IN THE PRODUCTS WILL BE CORRECTED.
12. INDEMNIFICATION
12.1. By Picus. Subject to Subsection 12.3 (Process), Picus will, at its cost and expense, indemnify and hold Customer harmless from any third party claim brought against Customer alleging that Customer’s authorized use of the Picus Solutions provided by Picus to Customer pursuant to this Agreement infringes or misappropriates any U.S. patent, copyright, trademark, trade secret, or other intellectual property rights of a third party, provided: (i) Customer’s use of the Picus Solutions complies with this Agreement; (ii) the infringement or misappropriation is not caused by modification or alteration of the Picus Solutions or Documentation; (iii) the infringement or misappropriation was not caused by a combination or use of the Picus Solutions with products or software not supplied by Picus; and/or (iv) the infringement or misappropriation is not caused by Customer’s negligence or willful misconduct. This Section states Picus’s entire liability (and shall be Customer’s sole and exclusive remedy) with respect to indemnification by Picus to Customer. If a claim under this Section occurs, or in Picus’s opinion appears reasonably likely to occur, then Picus may at its expense and in its sole discretion: (i) modify the Picus Solutions to become non-infringing; (ii) procure the necessary rights to allow Customer to continue using the Picus Solutions; (iii) replace the Picus Solutions with a functional equivalent; or (iv) if neither (i) through (iii) are commercially practicable, terminate the Picus Solutions and refund any prepaid and unused fees.
12.2. By Customer. Subject to Subsection 12.3, Customer will, at its cost and expense, indemnify, defend, and hold Picus and its directors and employees harmless from and against any and all losses arising from or in connection with (a) the performance of its obligations under this Agreement or a breach of this Agreement; (b) any allegation that Customer infringed upon or misappropriated any patent, copyright, trademark, or other intellectual property right of a third party; (c) any allegation that Customer infringed upon or misappropriated any Picus intellectual property; or (d) the gross negligence or willful misconduct of Customer.
12.3. Process. If the indemnified party receives notice of a claim that is covered by this Section 12, the indemnified party shall give the indemnifying party prompt written notice such claim, provided that failure to give prompt notice shall not relieve a party of its obligations under this Section unless such failure materially prejudices the claim. The indemnifying party shall be allowed to solely conduct the defense of the matter, including choosing legal counsel to defend the claim, provided that the choice is reasonable and is communicated to the indemnified party in advance. The indemnified party shall comply with the indemnifying party’s reasonable requests for assistance and cooperation in the defense of the claim. The indemnifying party may not settle the claim without the indemnified party’s consent, which may not be unreasonably withheld, delayed, or conditioned.
13. LIMITATION OF LIABILITY.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL PICUS, ITS AFFILIATES, OR ITS OR THEIR DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS HAVE ANY LIABILITY, CONTINGENT OR OTHERWISE, FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, STATUTORY, OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS, LOST OR CORRUPTED DATA, LOSS OF GOODWILL, WORK STOPPAGE, EQUIPMENT FAILURE OR MALFUNCTION, PROPERTY DAMAGE, OR ANY OTHER ECONOMIC DAMAGES OR LOSSES ARISING OUT OF OR RELATING TO THIS AGREEMENT, THE PICUS SOLUTIONS, PICUS CONTENT, PICUS MARKS, OR ANY OTHER PRODUCTS OR SERVICES PROVIDED HEREUNDER, EVEN IF THEY HAVE BEEN ADVISED OF THE POSSIBILITY THEREOF, AND REGARDLESS OF THE LEGAL OR EQUITABLE THEORY (CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, INDEMNITY, OR OTHERWISE) UPON WHICH ANY SUCH LIABILITY IS BASED.
THE AGGREGATE LIABILITY OF PICUS, ITS AFFILIATES, AND ITS DIRECTORS, EMPLOYEES, LICENSORS, SUPPLIERS, AND AGENTS SHALL BE LIMITED TO DAMAGES NOT TO EXCEED THE TOTAL AMOUNT PAYABLE OR PAID TO PICUS UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO THE CLAIM.
14. FUTURE FUNCTIONALITY. Customer agrees that it has not relied on the availability of any future functionality of the Picus Solutions or any other future product or service in executing the Agreement. Customer acknowledges that information provided by Picus regarding future functionality should not be relied upon to make a purchase decision.
15. GOVERNMENT LICENSES. For purposes of sales to government entities in the United States, the Picus Solutions and the accompanying Documentation are deemed to be “commercial computer software” and “commercial computer software documentation”, respectively, pursuant to DFARS Section 227.7202 and FAR Section 12.212(b), as applicable. Any use, modification, reproduction, release, performing, displaying, or disclosure of the Picus Solutions or the accompanying Documentation by or for the U.S. Government will be governed solely by the terms and conditions of the Agreement, in conjunction with statutes, regulations, and the terms of the GSA Schedule, if applicable.
16. EXPORT COMPLIANCE AND ANTI-CORRUPTION.
16.1. In performing its duties hereunder and in any of its dealings with respect to the Picus Solutions, Customer acknowledges that the Picus Solutions and relevant software components are subject to applicable laws in the United States, the United Kingdom, the Republic of Türkiye, and the laws of the European Union, including export laws. Customer shall comply with applicable export and import laws and regulations for the jurisdiction in which the Picus Solutions will be imported and/or exported. Customer shall not export the Picus Solutions or any relevant software components to any individual, entity, or country prohibited by applicable law or regulation. Customer shall not permit Users to access or use any Picus Solutions in a U.S. or other applicable jurisdiction embargoed country or in violation of any U.S. or other applicable export law or regulation. Customer is responsible, at its own expense, for any local government permits, licenses, or approvals required for importing and/or exporting the Software.
16.2. Customer represents and warrants that it is not: (i) located in, under the control of, or a national or resident of Cuba, North Korea, Iran, Syria, Sudan, or any other sanctioned or embargoed country under the applicable laws and regulations mentioned in Subsection 16.1, or (ii) on the U.S Treasury Department list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List.
16.3. Customer warrants and agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any Picus employee or agent in connection with the Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction.
16.4. If Customer learns of any violation of the above restriction, Customer will promptly notify the Picus legal department at legal@picussecurity.com.
16.5. Customer’s failure to comply with any term of this Section 16 will constitute a material breach of the Agreement and will entitle Picus to immediately terminate the Agreement without notice in addition to any other remedy available at law or equity.
16.6. Customer represents and warrants that it is in compliance with all applicable anti-corruption laws, and that it has not and will not violate any anti-corruption law, including but not limited to the United States Foreign Corrupt Practices Act, the United Kingdom Bribery Act, and any applicable local anti-corruption laws.
Without limiting the foregoing, Customer represents and warrants that it, and its employees, agents, and representatives have not and will not, directly or indirectly, offer, pay, give, promise, or authorize the payment of any money, gift, or anything of value to: (i) any officer, employee or person acting in an official capacity for any government department, agency or instrumentality, including state-owned or state-controlled companies, and public international organizations, as well as a political party or official thereof or candidate for political office (“Government Official”), or (ii) any person while Customer knows or has reason to know that all or a portion of such money, gift, or thing of value will be offered, paid or given, directly or indirectly, to any Government Official, for the purpose of (1) influencing an act or decision of the Government Official in his or her official capacity, (2) inducing the Government Official to do or omit to do any act in violation of the lawful duty of such official, (3) securing an improper advantage, or (4) inducing the Government Official to use his influence to affect, or influence any act or decision of a government or instrumentality, in order to assist Picus or any of its affiliates in obtaining or retaining business. Customer agrees that should it learn or have reason to know of any payment or transfer (or any offer or promise to pay or transfer) in connection with this Agreement or Picus’ business that would violate applicable anti-corruption laws, it must immediately provide Picus with written notice.
17. AUDITS. Customer will keep and maintain written records and accounts regarding Customer’s use of the Picus Solutions and compliance with this Agreement. Picus, or a third-party certified public accounting firm designated by Picus, shall have the right upon fifteen (15) days written notice to Customer to conduct an inspection and audit of all relevant facilities and records of Customer. Such audit shall be conducted during regular business hours at Customer’s offices and in such a manner as not to interfere with Customer’s normal business activities. In no event shall audits be conducted hereunder more frequently than once every 6 months. Any such audit shall be conducted at Picus’s expense; provided, however, that if the audit reveals that Customer has failed to comply with any material term of this Agreement, Customer shall pay all reasonable costs and expenses incurred by Picus in conducting the audit.
18. PICUS SOLUTIONS LIFECYCLE.
18.1. Picus has no obligation to provide Support for any version of the Picus Solutions other than the most current and previous minor release (“Current Version”). Picus shall have no liability for damages resulting from or in connection with Customer’s failure to install and/or use a Current Version. Picus may, in its sole and exclusive discretion, discontinue Support for and retire a non-Current Version (“End of Life”). Picus may publicly post (on its website) a notice of End of Life, including the last date of general commercial availability of the affected version of the Picus Solutions and the timeline for discontinuing Support.
18.2. Due to operation of law, regulation, or to comply with reasonable security standards (e.g., patching a known vulnerability), Picus may require Customer to update to the most current version of the Picus Solution (“Emergency Update”). Picus will clearly communicate the need for usage the Current Versions and any such Emergency Updates. Picus shall have no liability for damages resulting from or in connection with Customer’s failure to implement an Emergency Update or usage of the non-Current Versions.
19. MISCELLANEOUS.
19.1. Publicity. Customer agrees that Picus may publicly disclose that it is providing the Picus Solutions to Customer and may use Customer’s name and logo to identify Customer in promotional materials, including press releases, provided that Picus does not state or imply that Customer endorses the Picus Solutions.
19.2. Feedback. To the extent Customer or any User provides suggestions or feedback to Picus regarding the functioning, features, or other characteristics of the Picus Solutions, Documentation, or other materials or services provided or made available by Picus (“Feedback”), Customer hereby grants Picus a perpetual, irrevocable, non-exclusive, royalty-free, fully-paid, fully-transferable, worldwide license (with rights to sublicense through multiple tiers of sublicensees) to Picus to use and exploit such Feedback in any manner for the purpose of improving and continuing the development of the Picus Solutions.
19.3. Order of Precedence. Any ambiguity, conflict, or inconsistency between documents comprising the Agreement shall be resolved in the following order of precedence: (i) the AGREEMENT; (ii) any document or URL incorporated into the AGREEMENT; and (iii) the Order Form. Any and all additional or conflicting terms provided by Customer, whether in a purchase order, an alternative license agreement, or otherwise, shall be void and shall have no effect.
19.4. Irreparable Harm. Any breach by a party to the Agreement or any violation of the other party’s Intellectual Property Rights or Confidential Information could cause irreparable injury or harm to the other party. The other party may seek a court order to stop any breach or avoid any future breach of the Agreement.
19.5. Assignment. The Agreement may not be assigned by either party without the prior written approval of the other party, such approval not to be unreasonably withheld, except in connection with: (i) a merger, consolidation, or similar transaction involving (directly or indirectly) a party; (ii) a sale or other disposition of all or substantially all of the assets of a party; or (iii) any other form of combination or reorganization involving (directly or indirectly) such party. Any purported assignment in violation of this Subsection shall be null and void and have no effect.
19.6. Force Majeure. Picus will not be liable for any delay or failure to perform obligations under this Agreement due to any cause beyond its reasonable control, including: acts of God; labor disputes; industrial disturbances; systematic electrical, telecommunications, or other utility failures; earthquakes, storms, or other elements of nature; blockages; embargoes; riots; acts or orders of government; acts of terrorism; war; or any other cause beyond its reasonable control if Picus makes reasonable efforts to perform (“Force Majeure Event”). The Party exposed to force majeure that prevents the fulfillment of its obligations arising from the Agreement immediately notifies the other Party in writing. In this case, the obligations of the Parties are postponed until the end of the force majeure and fulfilled by the Parties as soon as possible following the end of the force majeure. In case the force majeure lasts longer than 30 (thirty) days, the Parties may decide to terminate this Agreement. In order to avoid any doubt, force majeure provisions will not apply in the performance of money debts.
19.7. Relationship of the Parties. Each party is an independent contractor of the other under the Agreement, and nothing in the Agreement shall be construed to create a partnership, joint venture, agency relationship, fiduciary relationship, or any other arrangement related to sharing of profits and losses. Each party is responsible for its own expenses in meeting its obligations under the Agreement. Each party agrees that it has the full power and authority to enter into the Agreement and to carry out the actions contemplated herein.
19.8. Notices. Any notices required under this Agreement will be in writing and will be delivered by electronic mail, personal delivery (with a copy by email), or certified or registered mail (return receipt requested and with a copy by email) to the applicable notice address of the other party as set forth on the signature page below (or to such other notice address that a party may designate by at least ten (10) days’ prior written notice to the other party).
19.9. Waiver and Enforceability. The delay or failure of either party to exercise any right provided in this Agreement shall not be deemed a waiver of that right, nor will any partial exercise of any right or power hereunder preclude further exercises. If any provision of this Agreement is held to be unenforceable, illegal, or void, that shall not affect the enforceability of the remaining provisions. The Parties further agree that the unenforceable provision(s) shall be deemed replaced by a provision(s) that is binding and enforceable and that differs as little as possible from the unenforceable provision(s), with considerations of the object and purpose of this Agreement.
19.10. Governing Law.
(a) If the Customer resides within the United States. The validity, interpretation, and enforcement of this Agreement shall be governed by and construed in accordance with the laws of the State of Delaware of the United States, without regard to any conflict of law provisions, except that the United Nations Convention on the International Sale of Goods and the provisions of the Uniform Computer Information Transactions Act shall not apply to this Agreement. Customer hereby consents to the exclusive jurisdiction of the state and federal courts in Dover, Delaware. Customer hereby waives all rights to trial by jury with respect to any dispute arising out of or relating to this Agreement or the Picus Solutions, Picus Marks, or Picus Content. If Customer has any claim arising out of or relating to this Agreement or the Picus Solutions, Picus Marks, or Picus Content, Customer must bring the claim in an appropriate court as set forth in this Section within two (2) years after Customer’s right to bring the claim accrued. If Picus brings litigation against Customer regarding this Agreement or the Picus Solutions, Picus Marks, or Picus Content, in addition to any other relief to which Picus may be entitled, Picus shall be entitled to recover reasonable attorneys’ fees, expenses, and costs of litigation. If this Agreement is translated into a language other than English and there are conflicts between the translations of this Agreement, Customer agrees that the English version of this Agreement shall prevail and control.
(b) If the Customer resides outside the United States. In the event of any dispute, claim, question, or disagreement arising from or relating to this agreement or the breach thereof, the parties hereto shall use their best efforts to settle the dispute, claim, question, or disagreement. To this effect, they shall consult and negotiate with each other in good faith and, recognizing their mutual interests, attempt to reach a just and equitable solution satisfactory to both parties. If they do not reach such solution within a period of thirty (30) days, then, upon notice by either party to the other, the dispute shall be finally settled under the Rules of Arbitration (the “Rules”) of the International Chamber of Commerce (“ICC”) by three (3) arbitrators designated by the Parties. Each Party shall designate one arbitrator. The third arbitrator shall be designated by the two arbitrators designated by the Parties. If either Party fails to designate an arbitrator within thirty (30) days after the filing of the Dispute with the ICC, such arbitrator shall be appointed in the manner prescribed by the Rules. An arbitration proceeding hereunder shall be conducted in Zurich, Switzerland and shall be conducted in the English language. The decision or award of the arbitrators shall be in writing and is final and binding on both Parties. The arbitration panel shall award the prevailing Party its attorneys’ fees and costs, arbitration administrative fees, panel member fees and costs, and any other costs associated with the arbitration, the enforcement of any arbitration award and the costs and attorney’s fees involved in obtaining specific performance of an award; provided, however, that if the claims or defenses are granted in part and rejected in part, the arbitration panel shall proportionately allocate between the Parties those arbitration expenses in accordance with the outcomes; provided, further, that the attorney’s fees and costs of enforcing a specific performance arbitral award shall always be paid by the non-enforcing Party, unless the applicable action was determined to be without merit by final, non-appealable decision. The arbitration panel may only award damages as provided for under the terms of this Agreement and in no event may punitive, consequential, or special damages be awarded. In the event of any conflict between the Rules and any provision of this Agreement, this Agreement shall govern.
19.11. No Protected Health Information. Customer expressly acknowledge and agree that it shall neither submit to the Picus Solutions, nor use the Picus Solutions to store, maintain, process, or transmit, any data or information that constitutes protected health information as defined under the Health Insurance Portability and Accountability Act of 1996, as amended and supplemented (“HIPAA”), or otherwise use the Picus Solutions in any manner that would require Picus or the Picus Solutions to be compliant with HIPAA. Customer acknowledges and agrees that Picus shall have no liability to Customer for any such data or information. Customer further acknowledges and agrees that neither Picus or its Affiliates are acting on behalf of Customer as a Business Associate (as defined under HIPAA). Picus may immediately and upon notice suspend all or portion of Customer’s access to the Picus Solutions (without any liability to Customer in connection with such suspension), if Picus has a good faith belief that Customer has breached this paragraph.
19.12. Translations Other Than English. The English language version of this Agreement and any documents exchanged pursuant to this Agreement shall be controlling in all respects. Any translations of this Agreement into a language other than English shall have no legal effect and are for the convenience of the parties only.
19.13. No Amendment or Modification. Except as Picus is otherwise permitted to do so under this Agreement, this Agreement shall not be amended or modified except in a writing signed by authorized representatives of each party.
19.14. Cumulative Rights. Picus’s rights and remedies set forth in this Agreement are cumulative and are not intended to be exhaustive.
19.15. Headings. Paragraph headings are for convenience and shall have no effect on interpretation.
19.16. Execution in Counterparts. This Agreement and Order Forms may be executed in counterparts, each of which shall be deemed an original and all of which shall constitute one and the same instrument and Agreement between the parties. The parties may exchange signature pages by delivering a signed, scanned copy by email or via an electronic signature tool such as Adobe Signature, DocuSign, and such copy shall be effective to bind the parties.
19.17. Third Party Rights. Other than as expressly provided herein, this Agreement does not create any rights for any person who is not a party to it, and no person not a party to this Agreement may enforce any of its terms or rely on an exclusion or limitation contained in it.
19.18. Changes to these terms. Picus reserve the right to modify, update, or discontinue the Services and Agreement, or any part of them, at our discretion. The revised Agreement shall become effective upon such publishing or notification to the Customer. Customer will always find the latest version of these Agreement at https://www.picussecurity.com/trust-center/privacy-security. Any continued use by Customer of the Services following publication or notification of revised Agreement shall constitute Customer’s acceptance to the revised Agreement.
19.19. Schedules. All Schedules annexed hereto or referred to herein are hereby incorporated in and made a part of this Agreement as if set forth in full herein.
Schedule 1: Definitions
“Affiliates” means an entity that then is directly or indirectly controlled by, is under common control with, or controls that party, and here “Control” means an ownership, voting, or similar interest representing 50% or more of the total interests then outstanding of that entity.
“Agreement” means the applicable Order Form and this AGREEMENT (including any terms incorporated by reference in the AGREEMENT) which govern the provision of the Picus Solutions and Support provided to Customer or the Customer’s Affiliate.
“Beta Feature(s)” means any Picus Solutions feature that is identified by Picus, including via the applicable Picus Solutions user interface or via other communications to Customer, as “Beta”, “Alpha”, “Experimental”, “Limited Release” or “Pre-Release” or that is otherwise identified by Picus as unsupported.
“Business Days” means Monday through Friday, excluding public holidays in the country whose laws govern the Agreement.
“Cloud Service” means the Picus proprietary software as a service provided for use over the internet and any and all modified, updated, or enhanced versions thereof that Picus may provide to Customer or its Users.
“Content” means data gathered through use of the Picus Solutions or provided for use with the Picus Solutions, wheresoever stored.
“Control Systems” means cybersecurity prevention technologies such as endpoint protection software systems (such as endpoint antivirus, host-based intrusion prevention systems, endpoint detection and response, and other solutions that may be considered as endpoint protection software), secure email gateway, data-leakage or loss systems, network intrusion prevention systems, next-generation firewall systems, secure web gateway systems, and other similar prevention technologies.
“Documentation” means the operating instructions, user manuals, product specifications, “read-me” files, and other documentation that Picus makes available to Customer in hard copy or electronic form for the Picus Solutions, including any modified, updated, or enhanced versions of such documentation.
“Intellectual Property Rights” means all intellectual property rights, including copyrights, trademarks, service marks, trade secrets, patents, patent applications, moral rights, and all other proprietary rights, whether registered or unregistered.
“Malware” means software programs designed to damage or do other unwanted actions on a computer system, including viruses, worms, Trojan Horses, and spyware.
“Order Form” means an order form or other ordering document entered into between Customer and Picus or a Picus Affiliate for Customer’s purchase of the Picus Solutions or other services from Picus.
“Permitted Capacity” means the number of “Security Testing” delivered, term, Picus Agents, threat samples, or other license metrics set forth in the delivery of the service.
“Personal Data” means any information that can be used to identify an individual as that term is defined under Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”) and under Regulations listed in the Picus Data Processing Addendum.
“Picus” means Picus Security Inc. (1401 Pennsylvania Avenue Unit 105 Suite 104, Wilmington, DE 19806) and its affiliates Picus Bilisim Guvenlik Tic. A.S. (Hacettepe Teknokent, Üniversiteler Mah. 1596. Cad. 1. Ar-Ge 97/12 Beytepe, Çankaya/ Ankara, Türkiye) and Picus Security US, LLC (3001 North Rocky Point Drive East Suite 200 Tampa, FL 33607 USA).
“Picus Agent” means the software component provided for the supported Operating Systems that is used to test the security level of the Control Systems when an assessment is executed.
“Picus Marks” means the trademarks and service marks that are specifically approved by Picus.
“Picus Solutions" or “Picus Platform” means the Picus proprietary programs or products made available to Customer as the Software or Cloud Service, including without limitation its features, modules, reports, results, functions, user interfaces, and related Support services (each as defined below), as specified on an Order Form.
“Process” means access, view, create, generate, amend, disclose, export, import, share, transfer (including across national borders), use, delete, store, combine, or any other activity, action, or process performed upon data or information.
“Software” means the Picus proprietary software provided in executable code form and all modified, updated, or enhanced versions thereof that Picus may provide to Customer or its Users.
“Subscription” means a subscription license purchased by Customer to install or access online and use the Picus Solutions and to receive Support during the applicable Subscription Term.
“Subscription Term” means the contract term for Customer’s access and use of the Picus Solutions as set forth on the applicable Order Form.
“Support” means the standard maintenance or support services provided by Picus for the Picus Solutions.
“Trial Version(s)” means any Picus Solutions version that is provided by Picus on a “Trial”, “Evaluation”, or “Proof of Concept” basis whether or not identified as such by Picus on an Order Form.
“Uptime SLA” means the service level commitments applicable to the Cloud Service attached hereto as Schedule 2.
“User(s)” means Customer’s employees, contractors, or agents (including those of Customer’s Affiliates) who are authorized by the Customer to use the Picus Solutions.
Schedule 2: Service Level Agreement
Picus endeavors to provide the best customer experience during the Subscription Term for Customer’s use of the Picus Solutions. As part of its commitment to meeting its customers’ needs, Picus has established the following Service Level Agreements (SLA) to outline the availability and support standards it maintains.
1. Availability SLA. Picus Security shall use best efforts to maintain a minimum availability for its Cloud Services of 99.5% per month for Users logging in and utilizing the dashboard metrics.
2. Support SLA. During the Subscription Term, Picus will provide Support for all incidents within the supported versions of the Service as further detailed in the Support Services Guide made available by Picus Support on request and as may be updated by Picus from time to time. Picus commits to respond to Support requests in accordance with the following table based on the severity levels of reported problems as determined by Picus in its sole discretion:
|
Severity Level |
Definition |
Initial Response Time |
|
High |
An incident that is causing a significant loss of service and no workaround is available |
6 Business Hours |
|
Medium |
An incident that has a partial impact on mission-critical functionality |
8 Business Hours |
|
Low |
An incident that has no impact on Customer business functionality |
16 Business Hours |
The Initial Response Time stated above shall be based on the support hours stated in the Support Services Guide and is calculated as the duration before a qualified Support representative contacts the customer or partner in response to a Support request. All Support requests should be sent via the online ticketing system (https://support.picussecurity.com/) and via email the TAC (Technical Assistance Center) team.
Please note that the above Picus’ SLAs are subject to periodic review and may be updated to reflect the evolving needs of customers and the development of the Picus Solutions. Customer’s continued use of the Picus Solutions following any such update indicates acceptance of the SLAs in effect at that time.
3. Customer Responsibilities. Customer will comply with the following requirements to facilitate Picus’s delivery of Support:
3.1. Customer will use best efforts to ensure that its use of the Picus Solutions does not harm the Customer computer system on which a Picus Agent is installed.
3.2. Customer will provide Picus timely responses and access to accurate and complete information relative to Support requests.
3.3. Customer is responsible for its own data and applications, and Picus will only Provide support for the Picus Solutions.
3.4. Customer will use the current Picus Solutions version. The customer follows Picus who must provide timely communication and guidance in proactive cases, system/product changes, and emergency updates that will affect the operation of Picus solutions and in possible incident management issues.
4. General Exclusions and Limitations.
4.1. Picus has no obligation to provide Support: (i) outside the scope of the AGREEMENT, Order Form, these terms, or for issues arising out of or in connection with the unauthorized use of the Picus Solutions; (ii) if Customer fails to pay all applicable fees when due; (iii) for issues arising out of or in connection with unauthorized third-party products and services or issues arising exclusively from authorized third-party products and services; (iv) for modifications or changes to the Picus Solution not performed, directed, or authorized by Picus; and (v) for any use of the Picus Solutions in violation of this Agreement.
4.2. Customer acknowledges that Support does not include: (i) developing custom scripts, templates, or tests; (ii) Picus interpretation of any results from the Security Validation tests; or (iii) performing installations, configurations, migrations, or upgrades in any Customer environment.
1. AGREEMENT TO TERMS
Definition
For the purposes of these Terms of Use:
-Affiliate means an entity that controls is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.
-Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Picus Security and all its affiliates listed in Section 20.
-Device means any device that can access the Service, such as a computer, a cellphone, or a digital tablet.
-Service refers to the Website.
-Terms of Use (also referred to as "Terms") mean these Terms of Use that form the entire agreement between You and the Company regarding the use of the Service.
-Third-party Social Media Service means any services or content (including data, information, products, or services) provided by a third party that may be displayed, included, or made available by the Service.
-Website refers to PICUS, accessible from (www. picussecurity.com) and (picus.io)
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
These Terms of Use constitute a legally binding agreement made between you, whether personally or on behalf of an entity (“you”) and Picus Security Inc., doing business as PICUS ("PICUS," “we," “us," or “our”), concerning your access to and use of the http://www.picussecurity.com website as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Site”). We are registered in Delaware, United States, and have our registered office at 1401 Pennsylvania Ave Unit 105 STE 104 Wilmington, DE 198063.You agree that by accessing the Site, you have read, understood, and agreed to be bound by all of these Terms of Use. IF YOU DO NOT AGREE WITH ALL OF THESE TERMS OF USE, THEN YOU ARE EXPRESSLY PROHIBITED FROM USING THE SITE AND YOU MUST DISCONTINUE USE IMMEDIATELY.
Supplemental terms and conditions or documents that may be posted on the Site from time to time are hereby expressly incorporated herein by reference. We reserve the right, in our sole discretion, to make changes or modifications to these Terms of Use from time to time. We will alert you about any changes by updating the “Last Updated” date of these Terms of Use, and you waive any right to receive specific notice of each such change. Please ensure that you check the applicable Terms every time you use our Site so that you understand which Terms apply. You will be subject to and will be deemed to have been made aware of and to have accepted the changes in any revised Terms of Use by your continued use of the Site after the date such revised Terms of Use are posted.
The information provided on the Site is not intended for distribution to or use by any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation or which would subject us to any registration requirement within such jurisdiction or country. Accordingly, those persons who choose to access the Site from other locations do so on their own initiative and are solely responsible for compliance with local laws, if and to the extent local laws are applicable.
The Site is not tailored to comply with industry-specific regulations (Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), etc.), so if your interactions would be subjected to such laws, you may not use this Site. You may not use the Site in a way that would violate the Gramm- Leach-Bliley Act (GLBA).
The Site is intended for users who are at least 18 years old. Persons under the age of 18 are not permitted to use or register for the Site.
2. INTELLECTUAL PROPERTY RIGHTS
Unless otherwise indicated, the Site is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, and graphics on the Site (collectively, the “Content”) and the trademarks, service marks, and logos contained therein (the “Marks”) are owned or controlled by us or licensed to us, and are protected by copyright and trademark laws and various other intellectual property rights and unfair competition laws of the United States, international copyright laws, and international conventions. The Content and the Marks are provided on the Site “AS IS” for your information and personal use only. Except as expressly provided in these Terms of Use, no part of the Site and no Content or Marks may be copied, reproduced, aggregated, republished, uploaded, posted, publicly displayed, encoded, translated, transmitted, distributed, sold, licensed, or otherwise exploited for any commercial purpose whatsoever, without our express prior written permission.
Provided that you are eligible to use the Site, you are granted a limited license to access and use the Site and to download or print a copy of any portion of the Content to which you have properly gained access solely for your personal, non-commercial use. We reserve all rights not expressly granted to you in and to the Site, the Content, and the Marks.
3. USER REPRESENTATIONS
By using the Site, you represent and warrant that: (1) all registration information you submit will be true, accurate, current, and complete; (2) you will maintain the accuracy of such information and promptly update such registration information as necessary; (3) you have the legal capacity and you agree to comply with these Terms of Use; (4) you are not a minor in the jurisdiction in which you reside; (5) you will not access the Site through automated or non-human means, whether through a bot, script, or otherwise; (6) you will not use the Site for any illegal or unauthorized purpose; and (7) your use of the Site will not violate any applicable law or regulation.
If you provide any information that is untrue, inaccurate, not current, or incomplete, we have the right to suspend or terminate your account and refuse any and all current or future use of the Site (or any portion thereof).
4. USER REGISTRATION
You may be required to register with the Site. You agree to keep your password confidential and will be responsible for all use of your account and password. We reserve the right to remove, reclaim, or change a username you select if we determine, in our sole discretion, that such username is inappropriate, obscene, or otherwise objectionable.
5. PROHIBITED ACTIVITIES
You may not access or use the Site for any purpose other than that for which we make the Site available. The Site may not be used in connection with any commercial endeavors except those that are specifically endorsed or approved by us.
As a user of the Site, you agree not to:
-Systematically retrieve data or other content from the Site to create or compile, directly or indirectly, a collection, compilation, database, or directory without written permission from us.
-Trick, defraud, or mislead us and other users, especially in any attempt to learn sensitive account information such as user passwords.
-Circumvent, disable, or otherwise interfere with security-related features of the Site, including features that prevent or restrict the use or copying of any Content or enforce limitations on the use of the Site and/or the Content contained therein.
-Disparage, tarnish, or otherwise harm, in our opinion, us and/or the Site.
-Use any information obtained from the Site in order to harass, abuse, or harm another person.
-Make improper use of our support services or submit false reports of abuse or misconduct.
-Use the Site in a manner inconsistent with any applicable laws or regulations.
-Engage in unauthorized framing of or linking to the Site.
-Upload or transmit (or attempt to upload or to transmit) viruses, Trojan horses, or other material, including excessive use of capital letters and spamming (continuous posting of repetitive text), that interferes with any party’s uninterrupted use and enjoyment of the Site or modifies, impairs, disrupts, alters, or interferes with the use, features, functions, operation, or maintenance of the Site.
-Engage in any automated use of the system, such as using scripts to send comments or messages, or using any data mining, robots, or similar data gathering and extraction tools.
-Delete the copyright or other proprietary rights notice from any Content.
-Attempt to impersonate another user or person or use the username of another user.
-Upload or transmit (or attempt to upload or to transmit) any material that acts as a passive or active information collection or transmission mechanism, including without limitation, clear graphics interchange formats (“gifs”), 1×1 pixels, web bugs, cookies, or other similar devices (sometimes referred to as “spyware” or “passive collection mechanisms” or “pcms”).
-Interfere with, disrupt, or create an undue burden on the Site or the networks or services connected to the Site.
-Harass, annoy, intimidate, or threaten any of our employees or agents engaged in providing any portion of the Site to you.
-Attempt to bypass any measures of the Site designed to prevent or restrict access to the Site, or any portion of the Site.
-Copy or adapt the Site’s software, including but not limited to Flash, PHP, HTML, JavaScript, or other code.
-Except as permitted by applicable law, decipher, decompile, disassemble, or reverse engineer any of the software comprising or in any way making up a part of the Site.
-Except as may be the result of the standard search engine or Internet browser usage, use, launch, develop, or distribute any automated system, including without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Site, or using or launching any unauthorized script or other software.
-Use a buying agent or purchasing agent to make purchases on the Site.
-Make any unauthorized use of the Site, including collecting usernames and/or email addresses of users by electronic or other means for the purpose of sending unsolicited email, or creating user accounts by automated means or under false pretenses.
-Use the Site as part of any effort to compete with us or otherwise use the Site and/or the Content for any revenue-generating endeavor or commercial enterprise.
-Use the Site to advertise or offer to sell goods and services.
-Sell or otherwise transfer your profile.
6. USER GENERATED CONTRIBUTIONS
The Site does not offer users to submit or post content. We may provide you with the opportunity to create, submit, post, display, transmit, perform, publish, distribute, or broadcast content and materials to us or on the Site, including but not limited to text, writings, video, audio, photographs, graphics, comments, suggestions, or personal information or other material (collectively, "Contributions"). Contributions may be viewable by other users of the Site and through third-party websites. As such, any Contributions you transmit may be treated in accordance with the Site Privacy Policy. When you create or make available any Contributions, you thereby represent and warrant that:
-The creation, distribution, transmission, public display, or performance, and the accessing, downloading, or copying of your Contributions do not and will not infringe the proprietary rights, including but not limited to the copyright, patent, trademark, trade secret, or moral rights of any third party.
-You are the creator and owner of or have the necessary licenses, rights, consents, releases, and permissions to use and to authorize us, the Site, and other users of the Site to use your Contributions in any manner contemplated by the Site and these Terms of Use.
-You have the written consent, release, and/or permission of each and every identifiable individual person in your Contributions to use the name or likeness of each and every such identifiable individual person to enable inclusion and use of your Contributions in any manner contemplated by the Site and these Terms of Use.
-Your Contributions are not false, inaccurate, or misleading.
-Your Contributions are not unsolicited or unauthorized advertising, promotional materials, pyramid schemes, chain letters, spam, mass mailings, or other forms of solicitation.
-Your Contributions are not obscene, lewd, lascivious, filthy, violent, harassing, libelous, slanderous, or otherwise objectionable (as determined by us). Your Contributions do not ridicule, mock, disparage, intimidate, or abuse anyone.
-Your Contributions are not used to harass or threaten (in the legal sense of those terms) any other person and to promote violence against a specific person or class of people.
-Your Contributions do not violate any applicable law, regulation, or rule.
-Your Contributions do not violate the privacy or publicity rights of any third party.
-Your Contributions do not violate any applicable law concerning child pornography or otherwise intended to protect the health or well-being of minors.
-Your Contributions do not include any offensive comments that are connected to race, national origin, gender, sexual preference, or physical handicap.
Any use of the Site in violation of the foregoing violates these Terms of Use and may result in, among other things, termination or suspension of your rights to use the Site.
7. CONTRIBUTION LICENSE
You and the Site agree that we may access, store, process, and use any information and personal data that you provide following the terms of the Privacy Policy and your choices (including settings).
By submitting suggestions or other feedback regarding the Site, you agree that we can use and share such feedback for any purpose without compensation to you.
We do not assert any ownership over your Contributions. You retain full ownership of all of your Contributions and any intellectual property rights or other proprietary rights associated with your Contributions. We are not liable for any statements or representations in your Contributions provided by you in any area on the Site. You are solely responsible for your Contributions to the Site and you expressly agree to exonerate us from any and all responsibility and to refrain from any legal action against us regarding your Contributions.
8. SUBMISSIONS
You acknowledge and agree that any questions, comments, suggestions, ideas, feedback, or other information regarding the Site ("Submissions") provided by you to us are non-confidential and shall become our sole property. We shall own exclusive rights, including all intellectual property rights, and shall be entitled to the unrestricted use and dissemination of these Submissions for any lawful purpose, commercial or otherwise, without acknowledgment or compensation to you. You hereby waive all moral rights to any such Submissions, and you hereby warrant that any such Submissions are original with you or that you have the right to submit such Submissions. You agree there shall be no recourse against us for any alleged or actual infringement or misappropriation of any proprietary right in your Submissions.
9. SITE MANAGEMENT
We reserve the right, but not the obligation, to: (1) monitor the Site for violations of these Terms of Use; (2) take appropriate legal action against anyone who, in our sole discretion, violates the law or these Terms of Use, including without limitation, reporting such user to law enforcement authorities; (3) in our sole discretion and without limitation, refuse, restrict access to, limit the availability of, or disable (to the extent technologically feasible) any of your Contributions or any portion thereof; (4) in our sole discretion and without limitation, notice, or liability, to remove from the Site or otherwise disable all files and content that are excessive in size or are in any way burdensome to our systems; and (5) otherwise manage the Site in a manner designed to protect our rights and property and to facilitate the proper functioning of the Site.
10. PRIVACY POLICY
We care about data privacy and security. Please review our Privacy
Policy: https://www.picussecurity.com/privacy. By using the Site, you agree to be bound by our Privacy Policy, which is incorporated into these Terms of Use. Please be advised the Site is hosted in the United States. If you access the Site from any other region of the world with laws or other requirements governing personal data collection, use, or disclosure that differ from applicable laws in the United States, then through your continued use of the Site, you are transferring your data to the United States, and you agree to have your data transferred to and processed in the United States.
11. TERM AND TERMINATION
These Terms of Use shall remain in full force and effect while you use the Site. WITHOUT LIMITING ANY OTHER PROVISION OF THESE TERMS OF USE, WE RESERVE THE RIGHT TO, IN OUR SOLE DISCRETION AND WITHOUT NOTICE OR LIABILITY, DENY ACCESS TO AND USE OF THE SITE (INCLUDING BLOCKING CERTAIN IP ADDRESSES), TO ANY PERSON FOR ANY REASON OR FOR NO REASON, INCLUDING WITHOUT LIMITATION FOR BREACH OF ANY REPRESENTATION, WARRANTY, OR COVENANT CONTAINED IN THESE TERMS OF USE OR OF ANY APPLICABLE LAW OR REGULATION. WE MAY TERMINATE YOUR USE OR PARTICIPATION IN THE SITE OR DELETE YOUR ACCOUNT AND ANY CONTENT OR INFORMATION THAT YOU POSTED AT ANY TIME, WITHOUT WARNING, AT OUR SOLE DISCRETION.
If we terminate or suspend your account for any reason, you are prohibited from registering and creating a new account under your name, a fake or borrowed name, or the name of any third party, even if you may be acting on behalf of the third party. In addition to terminating or suspending your account, we reserve the right to take appropriate legal action, including without limitation pursuing civil, criminal, and injunctive redress.
12. MODIFICATIONS AND INTERRUPTIONS
We reserve the right to change, modify, or remove the contents of the Site at any time or for any reason at our sole discretion without notice. However, we have no obligation to update any information on our Site. We also reserve the right to modify or discontinue all or part of the Site without notice at any time. We will not be liable to you or any third party for any modification, price change, suspension, or discontinuance of the Site.
We cannot guarantee the Site will be available at all times. We may experience hardware, software, or other problems or need to perform maintenance related to the Site, resulting in interruptions, delays, or errors. We reserve the right to change, revise, update, suspend, discontinue, or otherwise modify the Site at any time or for any reason without notice to you. You agree that we have no liability whatsoever for any loss, damage, or inconvenience caused by your inability to access or use the Site during any downtime or discontinuance of the Site. Nothing in these Terms of Use will be construed to obligate us to maintain and support the Site or to supply any corrections, updates, or releases in connection therewith.
13. GOVERNING LAW
These Terms of Use and your use of the Site are governed by and construed in accordance with the laws of the State of Delaware applicable to agreements made and to be entirely performed within the State of Delaware, without regard to its conflict of law principles.
14. DISPUTE RESOLUTION
Informal Negotiations
To expedite resolution and control the cost of any dispute, controversy or claim related to these Terms of Use (each "Dispute" and collectively, the “Disputes”) brought by either you or us (individually, a “Party” and collectively, the “Parties”), the Parties agree to first attempt to negotiate any Dispute (except those Disputes expressly provided below) informally for at least thirty (30) days before initiating the arbitration. Such informal negotiations commence upon written notice from one Party to the other Party.
Binding Arbitration
Any dispute arising from the relationships between the Parties to this contract shall be determined by one arbitrator who will be chosen in accordance with the Arbitration and Internal Rules of the European Court of Arbitration being part of the European Centre of Arbitration having its seat in Strasbourg, and which are in force at the time the application for arbitration is filed, and of which adoption of this clause constitutes acceptance. The seat of arbitration shall be London, United Kingdom. The language of the proceedings shall be English. Applicable rules of substantive law shall be the law of the United Kingdom.
Restrictions
The Parties agree that any arbitration shall be limited to the Dispute between the Parties individually. To the full extent permitted by law, (a) no arbitration shall be joined with any other proceeding; (b) there is no right or authority for any Dispute to be arbitrated on a class-action basis or to utilize class action procedures, and (c) there is no right or authority for any Dispute to be brought in a purported representative capacity on behalf of the general public or any other persons.
Exceptions to Informal Negotiations and Arbitration
The Parties agree that the following Disputes are not subject to the above provisions concerning informal negotiations and binding arbitration: (a) any Disputes seeking to enforce or protect, or concerning the validity of, any of the intellectual property rights of a Party; (b) any Dispute related to or arising from, allegations of theft, piracy, invasion of privacy, or unauthorized use; and (c) any claim for injunctive relief. If this provision is found to be illegal or unenforceable, then neither Party will elect to arbitrate any Dispute falling within that portion of this provision found to be illegal or unenforceable, and such Dispute shall be decided by a court of competent jurisdiction within the courts listed for jurisdiction above, and the Parties agree to submit to the personal jurisdiction of that court.
15. CORRECTIONS
There may be information on the Site that contains typographical errors, inaccuracies, or omissions, including descriptions, pricing, availability, and various other information. We reserve the right to correct any errors, inaccuracies, or omissions and to change or update the information on the Site at any time, without prior notice.
16. DISCLAIMER
The Service is provided to You "AS IS" and "AS AVAILABLE" and with all faults and defects without warranty of any kind. To the maximum extent permitted under applicable law, the Company, on its own behalf and on behalf of its Affiliates and its and their respective licensors and service providers, expressly disclaims all warranties, whether express, implied, statutory or otherwise, with respect to the Service, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement, and warranties that may arise out of course of dealing, course of performance, usage or trade practice. Without limitation to the foregoing, the Company provides no warranty or undertaking, and makes no representation of any kind that the Service will meet Your requirements, achieve any intended results, be compatible or work with any other software, applications, systems or services, operate without interruption, meet any performance or reliability standards or be error free or that any errors or defects can or will be corrected.
Without limiting the foregoing, neither the Company nor any of the company's provider makes any representation or warranty of any kind, express or implied: (i) as to the operation or availability of the Service, or the information, content, and materials or products included thereon; (ii) that the Service will be uninterrupted or error-free; (iii) as to the accuracy, reliability, or currency of any information or content provided through the Service; or (iv) that the Service, its servers, the content, or e-mails sent from or on behalf of the Company are free of viruses, scripts, trojan horses, worms, malware, timebombs or other harmful components.
Some jurisdictions do not allow the exclusion of certain types of warranties or limitations on applicable statutory rights of a consumer, so some or all of the above exclusions and limitations may not apply to You. But in such a case the exclusions and limitations set forth in this section shall be applied to the greatest extent enforceable under applicable law.
17. LIMITATIONS OF LIABILITY
IN NO EVENT WILL WE OR OUR DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFIT, LOST REVENUE, LOSS OF DATA, OR OTHER DAMAGES ARISING FROM YOUR USE OF THE SITE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
18. INDEMNIFICATION
You agree to defend, indemnify, and hold us harmless, including our subsidiaries, affiliates, and all of our respective officers, agents, partners, and employees, from and against any loss, damage, liability, claim, or demand, including reasonable attorneys’ fees and expenses, made by any third party due to or arising out of: (1) use of the Site; (2) breach of these Terms of Use; (3) any breach of your representations and warranties set forth in these Terms of Use; (4) your violation of the rights of a third party, including but not limited to intellectual property rights; or (5) any overt harmful act toward any other user of the Site with whom you connected via the Site. Notwithstanding the foregoing, we reserve the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate, at your expense, with our defense of such claims. We will use reasonable efforts to notify you of any such claim, action, or proceeding which is subject to this indemnification upon becoming aware of it.
19. USER DATA
We will maintain certain data that you transmit to the Site for the purpose of managing the performance of the Site, as well as data relating to your use of the Site. Although we perform regular routine backups of data, you are solely responsible for all data that you transmit or that relates to any activity you have undertaken using the Site. You agree that we shall have no liability to you for any loss or corruption of any such data, and you hereby waive any right of action against us arising from any such loss or corruption of such data.
20. AFFILIATES
Picus Bilişim Güvenlik Ticaret A.Ş.; Picus Security, Inc.; Picus Security US, LLC.
21. ELECTRONIC COMMUNICATIONS, TRANSACTIONS, AND SIGNATURES
Visiting the Site, sending us emails, and completing online forms constitute electronic communications. You consent to receive electronic communications, and you agree that all agreements, notices, disclosures, and other communications we provide to you electronically, via email, and on the Site, satisfy any legal requirement that such communication be in writing. YOU HEREBY AGREE TO THE USE OF ELECTRONIC SIGNATURES, CONTRACTS, ORDERS, AND OTHER RECORDS, AND TO ELECTRONIC DELIVERY OF NOTICES, POLICIES, AND RECORDS OF TRANSACTIONS INITIATED OR COMPLETED BY US OR VIA THE SITE. You hereby waive any rights or requirements under any statutes, regulations, rules, ordinances, or other laws in any jurisdiction which require an original signature or delivery or retention of non-electronic records, or to payments or the granting of credits by any means other than electronic means.
22. FOR EUROPEAN UNION (EU) USERS
If You are a European Union consumer, you will benefit from any mandatory provisions of the law of the country in which you are resident in.
23. UNITED STATES LEGAL COMPLIANCE
You represent and warrant that (i) You are not located in a country that is subject to the United States government embargo, or that has been designated by the United States government as a "terrorist supporting" country, and (ii) You are not listed on any United States government list of prohibited or restricted parties.
24. CALIFORNIA USERS AND RESIDENTS
If any complaint with us is not satisfactorily resolved, you can contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834 or by telephone at (800) 952-5210 or (916) 445-1254.
25. MISCELLANEOUS
These Terms of Use and any policies or operating rules posted by us on the Site or in respect to the Site constitute the entire agreement and understanding between you and us. Our failure to exercise or enforce any right or provision of these Terms of Use shall not operate as a waiver of such right or provision. These Terms of Use operate to the fullest extent permissible by law. We may assign any or all of our rights and obligations to others at any time. We shall not be responsible or liable for any loss, damage, delay, or failure to act caused by any cause beyond our reasonable control. If any provision or part of a provision of these Terms of Use is determined to be unlawful, void, or unenforceable, that provision or part of the provision is deemed severable from these Terms of Use and does not affect the validity and enforceability of any remaining provisions. There is no joint venture, partnership, employment, or agency relationship created between you and us as a result of these Terms of Use or use of the Site. You agree that these Terms of Use will not be construed against us by virtue of having drafted them. You hereby waive any and all defenses you may have based on the electronic form of these Terms of Use and the lack of signing by the parties hereto to execute these Terms of Use.
26. CONTACT US
In order to resolve a complaint regarding the Site or to receive further information regarding the use of the Site, please contact us at:
Picus Security Inc.
1401 Pennsylvania Avenue Unit 105 Suite 104, Wilmington, DE 19806
Picus Security Inc. (“Picus” or “Company”), which is a pioneer in violation and attack simulation technologies, serves many institutions and organizations domestically and abroad with its new and integrated approach in the field of information technologies. For the Picus, which works on security services in the field of information technologies, protecting personal data is extremely important.
Picus has set a target to act in accordance with the Personal Data Protection Law ("PDPL") numbered 6698 that is in force in Turkey and with other legal practices accepted in the international arena as well. In this context, this Clarification Text for the Protection and Processing of Personal Data (“Clarification Text”) has been prepared in order to enlighten the relevant persons regarding general conditions regarding how and for what purpose the Personal Data is processed, how they are protected and how long they are stored by Picus, from its customers, potential customers, suppliers, business partners and their employees and officials, visitors, employees, ex-employees and candidate employees, and also to third parties whose personal data is processed for business transactions while maintaining their business relations with Picus.
All the concepts and expressions in this Clarification Text will express the meaning ascribed to them in PDPL and other legislation.
In the event of inconsistency between the KVKK and other relevant legislative provisions and this Clarification Text, the KVKK and other relevant legislative provisions will be applied first. Our company takes the necessary technical and administrative measures to ensure the security of personal data. This text can be changed if deemed necessary according to the current legislation and the practices of our Company. You can access the final version of the text from our website www.picussecurity.com ("Website").
- THE CONDITIONS OF PROCESSING PERSONAL DATA
All personal data processed by Picus are processed in accordance with PDPL and related legislation. In accordance with Article 4 of PDPL, the basic principles to be applied in the processing of your personal data are listed.
The personal data are processed by Picus;
- With the purchase of Picus products and / or services;
- When you offer products or services to Picus;
- When you contact Picus by any means;
- When you request or choose to receive commercial electronic messages we send for marketing;
- When you apply for a job at Picus and / or start working at Picus;
- When you attend our events and organizations organized by Picus and - When you visit our Website
in accordance with the rules determined in this Clarification Text and / or its annexes. Picus complies with the rules stated in the scope of PDPL and the following basic principles:
-Processing in accordance with the law and honesty rule.
-Ensuring that personal data are accurate and up to date when necessary.
-Operation for specific, clear and legitimate purposes.
-Being connected, limited and restrained for the purpose for which they are processed.
-Storage for the period required by the relevant legislation or for the purpose for which they are processed.
Within the scope of the services it provides, Picus processes some commercial, legal and / or personal data regarding its customers, potential customers, suppliers, business partners and their employees and officials, visitors, employees, ex-employees and employee candidates, as well as third parties whose personal data are processed in accordance with their business processes. This data will be protected as the same care that Picus apply to its own data, even if Picus does not specified as a trade secret in accordance with a contract or the applicable legislation, unless it is required by Picus to share with third parties within the scope of the service provided under the contractual relationship, unless otherwise specified in the applicable legislation.
The e-mail addresses, names and surnames, Turkish ID no, identification information, addresses or phone numbers of customers, potential customers, suppliers, business partners and their employees and officials, visitors, employees, ex-employees and employee candidates as well as third parties whose personal data are processed in accordance with their business processes, can be processed by Picus. In addition, via the website, your IP address, the start and end information about your use, the type and scope of your use, and the type of your browser and operating system are also recorded.
In addition to these, if you upload your name and surname, title, phone number, e-mail address, personal messages and similar information to the website through forms available at various locations on the Website, and thus share this information with Picus, we process this information you provide in accordance with your request and for the purposes of the services offered by Picus.
Our website uses Google Analytics, an analysis service of Google Inc. ("Google"). On the other hand, Google Analytics uses “cookies”, that is, text files that are saved on your computer and enable the use of the website to be analyzed. The information generated by cookies about the use of the website is transmitted to and stored on a Google server in the USA. Upon the instruction of the operator of this website, Google uses this information to prepare reports to evaluate your use and to provide related services. The IP address transmitted from your browser within the framework of Google Analytics is not combined with other data of Google. If you do not want these cookies to be stored, you can make settings accordingly in your browser. In addition, our website uses AdWords and double-click-Cookies for statistical purposes. If you do not want these tools to be used, you can disable them by setting them in your browser. However, we would like to state that in this case, you may not be able to use all the functions on the website completely.
We use third-party cookies and our own cookies to show you personalized ads on websites. This is called "retargeting" and aims to base your clicks on the pages you browse on our website, the products you display, and the advertising space shown to you. We also use cookies as part of our online marketing campaigns to see how users interact with our website after online ads are shown, including those on third-party websites. You can delete these cookies from your browser at any time.
Special c personal data is not processed by Picus without the informed explicit consent of the relevant person.
The personal data processed may differ in relation to the products and / or services offered by Picus. Personal data collected orally, in writing or electronically via online or offline means, during the period of use of the products and services offered by Picus, are processed with the consent of the person's before the effective date of Personal Data Protection Law no. 6698 or explicit consent after the effective date of the law, or within the framework of the rules and conditions specified in the Personal Data Protection Law.
BASIC PRINCIPLES FOR PROCESSING OF THE PERSONAL DATA
Personal data is processed on condition that it is required to obtain open consent in accordance with the applicable legislation or without explicit consent, unless explicit consent is required under the applicable legislation, in line with the objectives of the services provided by Picus, in order Picus to continue its activities, to provide better service, to measure and improve the quality of its service, to determine the preferences and needs of our dealers, suppliers, customers and employees, to process and evaluate job applications, to provide communication with people who have a business relationship with our company, to comply with the current legislation, to send bulletins by e-mail and to make notifications.
The personal data will only be collected within the scope of Picus activities, will be used in connection with the purposes of collection, will be stored for the periods required by the processing purposes, will not be processed in excess of the rules and exceptions specified in the current legislation, and in cases where the reasons requiring its processing disappear, with the exception of situations arising from other legislation in force, will be deleted, destroyed or anonymized.
Keeping the personal data accurate and up-to-date is one of our primary goals. For this reason, our Company meets the technical and administrative requirements required to keep personal data accurate and up-to-date.
Only authorized persons can access personal data and unauthorized persons working in our Company and / or having a contractual relationship with our Company are prohibited from accessing personal data. In this context, we would like to state that; Our company takes the necessary measures to ensure the security and confidentiality of personal data.
- TRANSFER OF THE PERSONAL DATA
Transfer of the Personal Data Domestically
Picus is under the responsibility of acting in accordance with primarily art. 8 of PDPL and the decisions and related regulations envisaged in the PDPL and taken by the Board. As a rule, personal data and special categories of data cannot be transferred to other real persons or legal entities by Picus without the explicit consent of the relevant person.
However, in cases foreseen in Articles 5 and 6 of PDPL, transfer is possible without the explicit consent of the relevant person. Picus, in accordance with the conditions stipulated in PDPL and other relevant legislation and by taking the security measures specified in the legislation; can transfer the personal data to third parties unless otherwise arranged in law or other relevant legislation in Turkey.
Transfer of the Personal Data Abroad
Picus can transfer the personal data abroad by processing the personal data in Turkey or to be processed and stored outside of Turkey, in accordance with the conditions foreseen in PDPL and by taking security measures specified in the legislation.
We transfer your personal data abroad by taking the necessary technical and administrative measures, through cloud informatics technology, to take advantage of the opportunities of technology in order to carry out our company activities in the most efficient way and to provide services at world standards.
We work with the above mentioned service providers for the purposes of developing our websites and platforms, increasing the variety of products and services and measuring the user experience according to the preferences of our customers and users. We would like to point out that you should also review the policies of the relevant service providers, as Picus has no responsibility for the policies of the respective service providers for processing personal data.
- RIGHTS OF THE RELEVANT PERSON
Regarding the processing of personal data, according to the definition specified in the legislation, the data controller is Picus Informatics Security trade INC.
In accordance with Article 11 of PDPL, the relevant persons have the right of, by applying to Picus; Learning whether your personal data is processed, requesting information if it is processed, requesting the purpose of processing your personal data and whether it is used in accordance with its purpose, knowing the third party people that the person data is transferred, requesting correction of personal data if it is incomplete or incorrectly processed, requesting the deletion or removal of your personal data, requesting a notification for the third parties to whom their personal data are transferred about the deletion or removal process, objecting to the emergence of a result against you by analyzing your processed personal data exclusively with automated systems, and requesting the compensation of your loss if you are harmed due to illegal processing of personal data.
To use these specified rights arising from the current legislation, you need make a written application to address of the company given below or fill in the Application Form with the registered electronic mail (REM) address, secure electronic signature or mobile signature by adding the following information and documents according to Article 13 of PDPL; Your name and your last name and the signature, if you are a citizen of the Republic of Turkey, your Turkish ID number, if you are not a citizen of Republic of Turkey, your nationality, passport number, if you have, your ID number, your location, or workplace address that is set for notifications, main e-mail address and telephone number that are set for notifications and your demand issues, and other necessary information and documents to be used for identification.
The application made by you or representative authorized person will be evaluated by our Company and concluded free of charge within thirty days.
Application methods and addresses are as follows:
|
Application methods |
The addresses where application can be made |
|
The applicant, can apply by filling out the Application Form with the necessary information and documents that is required to determine his/her identity by coming to the address of Picus Security Inc.. |
www.picussecurity.com |
|
The applicant, him/herself or by a Proxy who is authorized to represent, can apply by filling out the Application Form and sending it to the address of Picus Informatics Security trade INC. through notary or certified mail. |
Üniversiteler Mah. 1596 Cad. Arge 1 No:12 Beytepe 06800 Çankaya/ ANKARA |
|
The applicant can apply with an electronic mail registered with a secure electronic signature. |
picusbilisim@hs01.kep.tr |
Picus Security, Inc. is based in the state of Delaware in the United States. The Website can be accessed from countries around the world. Access to the Website may not be legal by certain persons or in certain jurisdictions. If you access the Website from outside the United States, you do so on your initiative and are responsible for compliance with all laws applicable to you, including local laws. Access to the Website from jurisdictions where the Website or any of its services or products are illegal is prohibited.
You may not access, download, use, or export materials posted to the Website in violation of U.S. export laws or regulations or violation of any other applicable export or import laws or regulations. You agree to comply with all export laws, restrictions, and regulations of any United States or foreign agency or authority.
Without limiting the foregoing, you represent and warrant that you are not located in, and shall not use the Website from, any country that is subject to U.S. export restrictions.
At PICUS, we value transparent and straightforward communication with our customers, partners, and community. For any concerns or issues, please contact us at info@picussecurity.com. Your feedback is crucial, and we are dedicated to addressing grievances quickly and effectively.
Data Subject Requests
In Picus, we respect your data privacy rights. If you want to exercise your data subject rights, please fill out the form here. Upon your submission, we will share the related data subject request form with you, depending on the legal source of your request.
Sub-Processors
Picus engages and uses certain sub-processors to deliver its products and services. These sub-processors are third-party services or entities authorized by Picus to process personal data on behalf of Picus’s customers, in accordance with the Data Processing Agreements (DPA) signed between Picus and each sub-processor. Picus conducts an annual compliance review of its sub-processors as part of its Third Party Risk Management program.
Security Policies and Practices
At Picus, we deeply integrate security into our company culture. Our dedication to safeguarding information and assets is also reflected in the comprehensive set of corporate documents and practices we maintain. Below, you can find a selection of these resources, highlighting the key elements that help us build and maintain a strong, well-tested, and continuously validated security posture.
a) Corporate Security Documents
PICUS ensures that its business processes, products, services, and corporate identity are fully aligned with information security principles and policies. As a leading company in the sector, these assurances are effectively implemented to protect and maintain trust with all stakeholders, including partners, customers, and employees.
PICUS has established an Information Security Management System (ISMS) to maintain the confidentiality, integrity and availability of information. By implementing robust asset and risk management processes, the ISMS provides assurance that risks are effectively addressed and being managed.
The ISMS is integrated into PICUS's corporate processes and overall management structure. Information security processes were taken into account in the design of information systems and controls and scaled in line with the needs of PICUS.
PICUS has targeted the ISO/IEC 27001:2022 in accordance with the scope of ISMS it is applying and can use this standard to demonstrate to internal and external stakeholders the ability of PICUS to meet their information security requirements.
Information Security Policy expresses requirements, definitions, rules, practices, responsibilities and workflows based on business needs and regulated according to relevant laws and standards, in line with and supporting PICUS's corporate business objectives. The information security policy created for this purpose will provide the following basic requirements:
- Supporting business strategy and corporate goals
- To comply with laws, standards and contracts.
- Documenting the ISMS in a way that fulfills the requirements of the ISO/IEC 27001:2013 standard, making it a corporate culture and continuously improving it
- Managing existing and anticipated information security processes, risks and threat environment
- To implement effective risk management to keep the confidentiality, integrity and availability values of all assets and processes within the scope of ISMS belonging to PICUS, especially information assets and business processes, above an acceptable level
- To create information security awareness of PICUS employees, partners and stakeholders with ISMS and inform everyone about Information Security Policy and ISMS practices.
- To ensure information security in PICUS business processes, to increase the quality of its products and services and the efficiency of the processes, thanks to ISMS; provide the necessary assurance to its employees, stakeholders and partners
This policy aims to guide all activities related to information security in PICUS and to reveal information security processes and controls with the support of sub-documents.
Last update: 14.10.2024
The Business Continuity policy has been established in order to operate, manage, measure, and continuously improve the business continuity management system within PICUS, in line with and support the corporate business objectives of PICUS. It refers to definitions, rules, practices, responsibilities, and workflows based on business needs and regulated by relevant laws and standards. This policy is in an active relationship with ISMS, PIMS and IT SMS and aims to progress through common values in necessary process management.
This policy will guide all activities of PICUS related to business continuity and will provide the following basic requirements:
- a) Supporting business strategy and corporate objectives
b) Complying with laws, standards, and contracts
c) Managing existing and anticipated business continuity processes, risks, and threat environment
d) To ensure the continuity of all assets and processes within the scope of PICUS' BCMS, especially information assets and processes.
While PICUS meets business continuity requirements, it has planned, implemented, and regularly controlled the processes necessary to carry out activities that address risks and opportunities. It implements determined plans and exercises to achieve these goals. It retains written information to the point where it is certain that these processes are carried out as planned, reviews the results of undesired changes by controlling the testing and exercises processes, as well as planned changes, and can take new actions if necessary to mitigate negative effects.
Based on the business impact analysis and risk assessment outputs, PICUS has defined business continuity strategies that consider all options before, during and after the disruption and has created the necessary process for implementing the solutions and resource requirements that can select the appropriate ones. In this context, processes, business continuity plans and recovery methods have been established to provide timely warnings to the parties, ensure communication, and provide management and guidance during a disruption. Regular and scheduled exercises and controls are also provided for the approval, verification, testing, testing and updating of business continuity and plans.
PICUS's risk management framework covers the identification, assessment and improvement of business continuity risks. The risk assessment and risk improvement plan define how business continuity risks are controlled along with information security risks. The Information Security Committee is responsible for the management and realization of this plan.
The business continuity policy is reviewed at regular intervals or when significant changes occur by Senior Management in order to measure the operability of the system and is updated as needed to ensure continuous suitability, accuracy, and effectiveness.
This policy is intended to be accessible and understandable to all employees and the target audience, including relevant external parties. All employees and external parties defined in the BCMS are obliged to comply with this policy and the processes supporting this policy.
Last update: 14.10.2024
PICUS, business processes, and customer services are in full compliance with the IT Service Management principle and policy. It is a leading company in its sector, operating effectively against its Stakeholders, Customers, and Employees.
The Service Management Policy has been established to operate, manage, measure, and continuously improve the information technology service management system within PICUS and has been approved by the highest level of management. With this policy, PICUS will provide the following basic requirements to manage its service management purposes and achieve the determined business objectives:
a) Supporting business strategy and corporate goalsb) To comply with laws, standards, and contracts
c) To manage the objectives, processes, and risks of current and anticipated service management,
d) Keeping information technology services operational, managing changes, and using information technology services according to business needs
e) To ensure the success, performance, and quality of all services and processes within the scope of PICUS's IT SMS, in line with the targets
f) Ensuring that all services determined by service catalogs within the scope of IT SMS are provided in accordance with the Service Level Agreements (SLA), their performance is measured and reported; To increase customer satisfaction by providing continuous improvement in line with technological changes and business requirements
g) To manage accessibility and capacity by making the necessary monitoring and to reduce costs by making the right financial and resource management.
The service management policy is reviewed at regular intervals or when significant changes occur in order to measure the operability of the system and services, in order to ensure continuous suitability, accuracy, and effectiveness, and is approved by the Senior Management.
Last Update: 14.10.2024
The purpose of this policy is to explain the basics of use necessary to ensure that all employees pay due attention and care to PICUS Information Security policies and procedures in the processes of using all kinds of communication and information networks and services within the scope of the Management System.
PICUS communication and information systems, including software, enterprise applications, processes, information assets, and hardware such as Internet, e-mail, telephone, pagers, fax, computers, mobile devices, IoT, video-conferencing and mobile phones are intended exclusively for company-related activities.. Any use of these systems that is illegal, causes disruption or inconvenience to other users, violates Picus policies, standards, or rules, or harms the company, its stakeholders, or customers, constitutes a violation of this policy.
This policy requires that:
- Background verification checks on all candidates for employment and contractor roles should be carried out in accordance with relevant laws, regulations, and ethical standards. These checks should be proportional to the business requirements, the classification of the information being accessed, and the associated risk.
- Employees, contractors, and third-party users must agree to and sign the terms and conditions of their employment contract, and comply with acceptable use policies.
- Employees will undergo an onboarding process that familiarizes them with the environments, systems, security requirements, and procedures PICUS has in place. Additionally, employees will receive ongoing security awareness training, which will be audited regularly.
- The offboarding process will include reiterating any responsibilities that remain valid after termination, ensuring all access to Picus systems is revoked, and confirming that all company-owned assets are returned.
- PICUS and its employees will take reasonable measures to ensure no corporate data is transmitted via digital communications such as email or posted on social media outlets.
- PICUS will maintain a list of prohibited activities that will be part of onboarding procedures and have training available if/when the list of those activities changes.
- A fair disciplinary process will be utilized for employees that are suspected of committing breaches of security. Multiple factors will be considered when deciding the response, such as whether or not this was a first offense, training, business contracts, etc., PICUS reserves the right to terminate employees in the case of serious cases of misconduct.
PICUS requires all workforce members to comply with the following general acceptable
usage requirements and procedures, such that:
- All workforce members are primarily considered as remote users and therefore must follow all system access controls and procedures for remote access.
- The use of PICUS computing systems is subject to monitoring by PICUS Security teams.
- Employees may not leave computing devices (including laptops and smart devices) used for business purposes, including company-provided and BYOD devices, unattended in public.
- Device encryption must be enabled for all mobile devices accessing company data, such as whole-disk encryption for all laptops.
- All email messages containing sensitive or confidential data will be encrypted.
- Employees may not post any sensitive or confidential data in public forums, social media, or chat rooms. If a posting is needed to obtain technical support, data must be sanitized to remove any sensitive or confidential information prior to posting.
- All data storage devices and media must be managed according to the PICUS Data Classification specifications and Data Handling procedures.
- Employees may only use photocopiers and other reproduction technology for authorized use.
- Media containing sensitive/classified information should be removed from printers immediately.
- The PIN code function will be used on printers with such capability, so that the originators are the only ones who can get their print-outs and only when physically present at the printer.
The processes within the scope of this policy are followed by the Information Security Director with the support of the relevant process owners. It is reviewed annually by the Information Security Committee, and necessary updates are made and announced to the employees.
Last update: 14.06.2024
The Personal Data Management Policy has been established to define the personal data collection, processing, protection, storage, and destruction rules, management, and practices approved by the Senior Management, and to announce to the employees and relevant external parties.
Protection of personal data is extremely important for PICUS, which provides services to many companies and organizations both locally and around the globe, specializing in security services in the field of information technologies.
PICUS has set itself the goal of acting in accordance with other legal practices, both locally and internationally, regarding the protection of personal data. This policy covers the general conditions regarding how and for what purpose PICUS processes, protects, and for how long the personal data of its customers, suppliers, business partners, and their employees and officials, as well as third parties whose personal data are processed in accordance with business processes while maintaining business relations prepared for the determination. PICUS takes the confidentiality and integrity of its customer data very seriously and strives to assure data is protected from unauthorized access and is available when needed.
Processing of Personal Data
All personal data processed by PICUS are processed in accordance with national and international law. Personal data is processed by PICUS;
- With the purchase of PICUS products and/or services;
- When products or services are offered to PICUS;
- When communicating with PICUS by any means;
- When it is requested or preferred to receive commercial electronic messages sent for marketing;
- When applying for a job at PICUS and/or starting to work at PICUS;
- Production systems that create, receive, store, or transmit PICUS customer data;
- Participating in events and organizations organized by PICUS and
- When visiting the website www.picussecurity.com
PICUS complies with the rules specified within the scope of personal data, within the framework of the following basic principles:
- Legal and Integrity Processing: PICUS acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. In this context, PICUS takes into account the proportionality requirements in the processing of personal data and does not use personal data other than as required for the purpose.
- Ensuring Personal Data Are Accurate and Up-to-Date: PICUS ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights of the persons concerned and their own legitimate interests.
- Processing for Specific, Explicit, and Legitimate Purposes: PICUS clearly and precisely determines the legitimate and lawful purpose of processing personal data. Picus processes personal data as much as necessary and in connection with the products and services it offers.
- Being Related to the Purpose for which they are Processed, Limited and Measured: PICUS processes personal data in a way that is suitable for the realization of the determined purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed.
- Retaining Personal Data for the Period Envisioned in the Relevant Legislation or Required for the Purpose of Processing: PICUS retains personal data only for the period specified in the relevant legislation or required for the purpose for which they are processed. In this context, PICUS first determines whether a period is foreseen for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period. Personal data is deleted, destroyed, or anonymized by Picus in the event that the period expires or the reasons for its processing disappear.
- Data must be handled and protected according to its classification requirements and following approved encryption standards, if applicable.
- Whenever possible, store data of the same classification in a given data repository and avoid mixing sensitive and non-sensitive data in the same repository. Security controls, including authentication, authorization, data encryption, and auditing, should be applied according to the highest classification of data in a given repository.
- Employees shall not have direct administrative access to production data during normal business operations. Exceptions include emergency operations such as forensic analysis and manual disaster recovery.
- All access to Production Systems must be logged.
- All Production Systems must have security monitoring enabled, including activity and file integrity monitoring, vulnerability scanning, and/or malware detection, as applicable.
Personal Data Processing Purposes and Legal Reasons
The purposes and processes of processing personal data processed by PICUS vary according to the category of the person concerned and the type of personal data.
The purposes of processing personal data processed by PICUS are as follows:
- Establishment and management of customer relations
- Management of contract processes with our suppliers and business partners
- Execution of direct marketing processes
- Compliance with legal obligations
- Protection and security of company interests
- Within the scope of marketing activities
- Cookies
- Visitors and closed-circuit camera system (CCTV)
- Employee candidates
Data Protection Implementation and Processes
Customer Data Protection: PICUS products are securely hosted on AWS by default, with data replication across multiple availability zones for redundancy and disaster recovery. On PICUS products, only customer email addresses and Customer attack simulation results are kept and all customer data at rest and in motion are encrypted. Picus only analyzes system usage data anonymously to monitor and improve the quality of the threat library.
Access: PICUS employee access to production is guarded by an approval process and by default is disabled. When access is approved, temporary access is granted that allows access to production. Production access is reviewed by the DevOps team on a case-by-case basis.
Separation: Customer data is logically separated at the database/datastore level using a unique identifier for the customer. All database/datastore queries then include the account identifier.
Monitoring: PICUS uses AWS tools to monitor the entire cloud service operation. If a system failure and alarm is triggered, key personnel are notified by text, chat, and/or email message in order to take appropriate corrective action.
Confidentiality/Non-Disclosure Agreement (NDA): PICUS uses confidentiality or non-disclosure agreements to protect confidential information using legally enforceable terms. NDAs are applicable to both internal and external parties.
Data At Rest: All databases, data stores, and file systems are encrypted according to PICUS’s Encryption Policy.
Data In Transit: Data will only be transferred where strictly necessary for effective business processes. To ensure the safety of data in transit:
- All external data transmission must be encrypted end-to-end using encryption keys managed by PICUS. This includes, but is not limited to, cloud infrastructure and third-party vendors and applications.
- All internet and intranet connections are encrypted and authenticated using a strong protocol, a strong key exchange, and a strong cipher.
Security of Personal Data
PICUS implements necessary administrative and technical measures to safeguard personal data, aligning with the Personal Data Security Guide published by the Personal Data Protection Authority, as well as GDPR requirements. In this context, PICUS has established robust procedures and policies in compliance with ISO 27001 and ISO 27701 standards.
Additionally, necessary privacy notices and explicit consent forms are prepared, and regular audits and monitoring are conducted to ensure ongoing compliance and data protection.
The personal data management policy is reviewed at regular intervals or when significant changes occur and is approved by the Senior Management.
Last update: 14.06.2024
The purpose of this policy is to reveal PICUS's approaches to environmental and energy issues and its management perspective.
As a company that is aware of its responsibility towards environmental values, PICUS believes that it is necessary to leave a livable world to future generations. In order to minimize the consumption of natural resources and to prevent environmental pollution, it takes care to work by setting targets within the framework of continuous improvement.
The PICUS working ecosystem and environment do not require a large infrastructure and energy consumption. Our employees generally work remotely and independently of the location. Within the framework of our activities, processes with waste generation and environmental impact are at a very low level. There is no fixed server room within the PICUS campus and all business activities are carried out through cloud systems. For these reasons, the working environment of PICUS has low energy consumption and very low environmental impacts.
As PICUS, we base all of our activities on reducing waste at its source and recycling as much as possible. In this context, there are separate boxes for the separation of all wastes in the office areas, providing an important gain for our strategy to prevent pollution at its source. These wastes are collected by Hacettepe Teknokent management and processed with the same sensitivity.
All energy-consuming devices and equipment used in the PICUS campus are selected from types and models that comply with the principles of low consumption and energy efficiency and are regularly monitored.
Training and informing our employees about environmental and energy issues is also part of our awareness activities. We expect and encourage all of our employees to act with this awareness on the company campus and in the environments where they work.
With the same approach, PICUS asks its suppliers and service providers to meet their sensitivities in environmental and energy issues. In this context, we adopt as a principle to work with third parties with the lowest environmental impact and closest to green energy principles.
Within the scope of our sustainability strategies, we consider the protection of natural resources and the realization of our activities with minimum environmental impact as one of our main responsibilities. We evaluate our services from a life-long perspective and manage the positive or negative effects we create. All related processes, including this policy, are regularly updated annually and monitored by the senior management.
Last update: 14.08.2024
The Anti-Bribery and Corruption Policy has been established to define the anti-bribery and corruption management, and practices approved by the Senior Management, and to announce to the employees and relevant external parties.
This policy applies to all PICUS employees (full and part-time) and temporary workers (such as consultants or contractors) (together referred to as “employees” in this document) across the company no matter where they are located or what they do. Every person concerned can send their complaints and notifications directly to the Board about the issues covered by the policy.
This policy also provides additional specific information about the anti-corruption laws in Turkey and provides general guidance to compliance with anti-corruption laws in other jurisdictions in which we carry on business.
The People & Culture Unit has primary and day-to-day responsibility for implementing this policy, monitoring its use and effectiveness, dealing with any queries about it, and auditing internal control systems and procedures to ensure they are effective in countering bribery and corruption. In addition, the Operations Unit is responsible for monitoring this policy and updating it at least once a year.
Scope and Implementation
In PICUS, all forms of bribery and corruption are prohibited. Bribery is prohibited when dealing with any person whether they are in the public or private sector and the provisions of this policy are of general application. However, many countries have specific controls regarding dealing with public officials and this policy includes specific requirements in these circumstances.
In summary, it is essential to act in accordance with the actions listed in the following:
- Facilitation Payments and Kickbacks: Facilitation payments are any payments, no matter how small, given to an official to increase the speed at which they do their job. You must avoid any activity that might lead to a facilitation payment or kickback being made or accepted by PICUS or on our behalf, or that might suggest that such a payment will be made or accepted. If you have any suspicions, concerns, or queries regarding a payment, you should raise these with the Legal and Compliance Executive.
- Gifts, Hospitality, and Expenses: PICUS and its employees, as well as third parties acting on its behalf to any external party, are prohibited from accepting and proportioning gifts and hospitality, as well as intangibles (e.g. job offers, investment opportunities, and favors) directly or through another party. The giving and accepting of gifts is allowed if the following requirements are met:
- It is not made with the intention of influencing a third party to obtain or retain business or a business advantage, or to reward the provision or retention of business or a business advantage, or in explicit or implicit exchange for favors or benefits;
- It is given in the company name, not in your name;
- It does not include cash or a cash equivalent (such as gift certificates or vouchers);
- It is appropriate in the circumstances, taking account of the reason for the gift, its timing, and value. For example, giving small gifts to celebrate important days is appropriate.
- It complies with any applicable local law.
- Record-Keeping: All payments and commissions to third parties must:
- be made via bank transfer through the accounts payable system and be fully accounted for;
- keep financial records and have appropriate internal controls in place which will evidence the business reason for making payments to third parties; and
- must be made in accordance with the terms of the contract with the person or company providing the services.
- Distributors and Channel Partners: All third parties should be made aware of the terms of the PICUS Code of Conduct and of their obligations to comply with it. All arrangements with third parties should be subject to clear contractual terms including specific provisions requiring them to comply with minimum standards and procedures in relation to bribery and corruption.
Risk management and Information Security Controls
Risk assessments specific to bribery and corruption shall be conducted as part of PICUS's Information Security Management System (ISMS) and Privacy Information Management System (PIMS) framework. In accordance with the assessment, appropriate controls and measures shall be implemented to mitigate identified bribery and corruption risks.
In addition, access to sensitive information related to bribery investigations and anti-corruption measures shall be strictly controlled and limited to authorized personnel only, in accordance with the principles of least privilege.
Disciplinary Action
PICUS personnel who fail to comply with this policy are subject to disciplinary action and may also be subject to legal punishments if they commit an offense under the law according to the Disciplinary Ordinance.
Last update: 14.06.2024
The purpose of this policy is to define the export control and sanctions compliance, its management and practices approved by the Senior Management, and to announce to the employees and relevant external parties.
This policy applies to all PICUS employees (full and part-time) and temporary workers
(such as consultants or contractors) (together referred to as “employees” in this document) across the company no matter where they are located or what they do. Every person concerned can send their complaints and notifications directly to the Board by e-mail to notification@picussecurity.com about the issues covered by the policy.
A sanction is to be seen as a commercial and financial penalty applied by one or more
countries against a targeted country, group, or individual. The main difference between an embargo and a sanction is that whereas an embargo completely restricts trade, some degree of trade is still possible with a sanctioned country, as long as we comply with the sanction laws. Picus software products and services are subject to the export control and sanctions laws of various countries, including without limitation, the laws of the United States of America, and Türkiye.
To accomplish applicable foreign policy and national security goals, the applicable governmental authority (such as the Department of the Treasury’s Office of Foreign Assets Controls (OFAC) in the USA) administers economic sanctions programs and embargoes for several countries. Certain destinations, organizations, and individuals are subject to trade sanctions, embargoes, and restrictions under applicable law. These sanctions are subject to change, usually involve financial components, and can range from narrow restrictions to broad sanctions and embargoes. It's important that before initiating any transaction with a third party, the relevant website is checked and guidance from the legal department is received.
Scope and Implementation
In PICUS, we are not doing any business in destination restriction, and we are applying end-user restrictions.
Destination Restrictions
To accomplish its obligations under export rules, the first step is to use the principle of “Know Your Customer”: by identifying business partners and their sales to the end user. When we know the business partner and end-user, we can validate its country and its purpose of usage. Our second step is to determine whether there are any red flags. Red flags mean taking into account any abnormal circumstances in a transaction that indicate that the export may be destined for an inappropriate end-user or destination. Included among examples of red flags are orders for items that are inconsistent with the needs of the purchaser, a customer's declining installation, and testing when included in the sales price.
Taking into account overall business risks, Picus Security products and services are not
available for export, reexport, transfer, and/or use in the following sanction countries/regions (subject to change without notice): Cuba, Iran, North Korea, Syria, Crimea Region so-called Donetsk People’s Republic (DNR) / People’s Republic of Luhansk (LNR) regions of Ukraine.
Additionally, transactions with or related to certain destinations that pose an elevated export control or sanctions risk for Picus Security are subject to enhanced due diligence requirements, which may include authorization from the competent authorities.
End-User Restrictions
Picus Security products and services are not available to entities and individuals with whom transactions are prohibited under applicable export control and sanctions laws, including those listed on any applicable sanctioned party lists (e.g., European Union Sanctions List, U.S. Specially Designated National (SDN) lists, U.S. Denied Persons List, BIS Entity List, United Nations Security Council Sanctions).
To define such information and usage purposes we are collecting information from Business Partner and End-User. After all the necessary information regarding the sale is collected, suspicious entities and users are questioned through OFAC and other platforms, and Picus products are not supplied to companies or organizations that have any sanctions on them.
Picus Platform Free Trial Procedure
To initiate a free trial period on the Picus platform, end-users need to complete registration. Registration includes agreeing to the terms of our Privacy Policy and EULA. We are starting with user verification via a few checklists, if they fail on the verification, the account will be blacklisted. In user verification, there are domain, competitor, suspicious domain, personal account, country, and region checks.
The companies to whom goods and services are sold and business partners must comply with the Policy principles and other relevant regulations. Relations with persons and institutions failing to comply with these conditions shall be terminated.
Access to sensitive information related to sanctions and export restrictions investigations shall be strictly controlled and limited to authorized personnel only, following the principles of least privilege. Sensitive information on sanctions and export restrictions incidents and related investigations shall be protected in accordance with established ISMS and PIMS policies to prevent unauthorized access and disclosure.
The Legal and Information Security teams have primary and day-to-day responsibility for implementing this policy, and monitoring its use and effectiveness. In addition, the Operation Unit is responsible for monitoring this policy and updating it at least once a year. We provide relevant compliance training to all employees (online and/or face to face) for their knowledge to be expanded. Training is an important instrument for increasing awareness. Within this scope, the Legal Department designs training programs together with the Information Security which are compulsory for all employees.
b) Corporate Security Practices
An Information Security Director (ISD) leads Picus’s information security and privacy program with a vision of continuous improvement, stronger cybersecurity resilience, broader compliance, and keeping up with the latest technologies. This role includes developing and maintaining security policies, aligning the security strategy with organizational goals, and overseeing incident management. The ISD is also responsible for managing Picus's efforts in information security, business continuity, risk management, auditing, and compliance.
All access requests are managed based on the principle of least privilege. Secure login procedures, including multi-factor authentication (MFA), are implemented. In addition, a stringent password security policy is enforced and a password manager solution is provided for all employees to ensure secure and efficient password management.
At Picus, we implement an effective suite of endpoint security solutions to protect our devices and data. This includes Mobile Device Management (MDM) to enforce security policies on mobile devices, Endpoint Protection Platform (EPP) for antivirus and anti-malware protection, and Endpoint Detection and Response (EDR) for advanced threat detection and incident response. All corporate laptops are encrypted to safeguard sensitive information, and regular updates and patches are applied to ensure systems remain secure. Additionally, we conduct continuous monitoring and logging to detect and respond to any suspicious activities on endpoints promptly.
In Picus systems and platforms, both data in transit and at rest are encrypted using industry-standard algorithms. In addition, special encryptions are used in the SSHv2 protocol to provide secure access to the company cloud servers, where Picus products and systems are hosted.
All systems related to Picus products are cloud-based and have High Availability Architecture in AWS United States, Europe and Middle East data centers. Picus uses redundant RDS instances to ensure full backup recovery of its database. Daily database backups are also taken automatically.
Picus uses a fully encrypted VPN solution as well as HTTPS to communicate with and access its network. All traffic within the network is redirected from HTTP to HTTPS.
Picus operates Secure Development Life Cycle (SDLC) rules based on agility, information security, and secure code development techniques for product and system development, depending on best practices and well-known techniques.
Picus conducts a third-party risk management program and regularly evaluates its vendors through security reviews to minimize associated risks. This ensures that our vendors meet their contractual obligations and comply with applicable legal requirements.
Security and privacy training and awareness programs are conducted for all employees on an annual basis. In addition, regular training sessions as well as secure code training are conducted to Picus developers by field experts.
In addition to conducting internal penetration tests with our Lab teams, Picus also engages with third-party experts for external penetration tests regularly. Recent reports shall only be provided under NDA. To request access to these reports, please reach us at security@picussecurity.com
At Picus, our SIEM solution monitors and analyzes log data from various sources. This proactive approach helps us to quickly identify and respond to potential security threats, ensuring the integrity and confidentiality of our systems and data.
All new employees undergo background checks, including criminal, education, and employment history verification. Additionally, they are required to sign Non-Disclosure and Confidentiality agreements before employment.