Terms of Use SEKOIA.IO

v3 - November 2022

These Terms of Use are entered by and between SEKOIA.IO, a French simplified joint-stock company with registered office at 18 – 20 place de la Madeleine – 75 008 Paris, enrolled in the Trade and Companies Register under the number 913 174 744 (hereinafter “SEKOIA.IO”) and any person or entity which is allowed to use the Platform (hereinafter the “User”). The “Platform” refers to the service and the content of the cyber threat intelligence plateform provided by SEKOIA.IO under the Customer Agreement (as defined below).

By checking the appropriate box, the User hereby consents to enter into these Terms of Use (hereinafter the “Terms of Use” or the “ToU”). The User therefore undertakes to adhere to all of the terms of these Terms of Use with respect to the use of the Services.
Purpose

SEKOIA.IO or one of its distributors has concluded a contract with the legal entity of which the User is a part (the “Customer”) to allow him/her access to the Platform (hereinafter the “Customer Agreement”), under the conditions specified in the said agreement.

The purpose of these ToU is to specify the terms and conditions under which SEKOIA.IO allows User to access and use the Platform for its intended purpose, which the User expressly accepts.
Duration, modification and validity

These ToU are effective from the moment the User accepts them and last for the duration of its use of the Platform.

SEKOIA.IO reserves the right to modify the ToU at any time, in particular to reflect changes in the laws or regulations in force, or changes in the Platform. This modification is subject to notification to the User at least fifteen (15) days prior to their entry into force. By continuing to use the Platform, the User accepts the new version of the ToU.

The use of the Platform by the User may be terminated in the event of the expiration or termination of the Customer Agreement, or the failure of the User to comply with the latest ToU or Customer Agreement.
Access and use of the Platform

The Platform is accessible in Software as a Service (SaaS) mode via the web portal (hereinafter the “Site”) as well as by APIs or other means allowing integration with third-party systems, if authorized by the Customer Agreement.

The User acknowledges and agrees that it is entitled to use the Platform only following the Customer Agreement. In order to access and use the Platform, the User agrees to comply with these ToU and the Customer Agreement.

The Platform is accessible through the internet URL https://app.sekoia.io and requires the use of personal identifiers provided by SEKOIA.IO.

The User agrees:

    To connect to the Platform, according to the terms and conditions determined in the Customer Agreement, only with the personal and confidential password that has been assigned (hereinafter the “Password“) ;

    To keep its Password confidential and to inform SEKOIA.IO without delay of any theft or loss of its Code by e-mail to the following address: support@sekoia.io ; 

The User and the Customer are responsible for the consequences resulting from the communication of the personal identifiers, including the Password, to any third party to the ToU, without prejudice to SEKOIA.IO’s right to claim damages for any loss suffered as a result.

Any access made with a User's credentials will be deemed to have been made by that User and will also bind the Customer. The User and the Customer will then be liable to SEKOIA.IO for their actions, regardless of the type of contractual relationship existing or not between the Customer and its Users.

SEKOIA.IO does not provide the necessary material (computers, Internet connection, etc.) to connect to the Platform. Therefore, it is up to the Customer or the User (depending on the relationship between them) to ensure that they have the material means to connect to the Platform and to use it.
Proof

In application of the provisions of the French Civil Code, it is expressly agreed between the Parties that the digital data recorded on the information systems, environments of SEKOIA.IO and more broadly on the Platform and kept in reasonable conditions of security, will be considered as providing proof of any instruction, order, payment, use of map&match by the User or the Customer if they are produced in the context of a litigation procedure or otherwise.

These computer records shall be admissible under the same conditions and with the same evidentiary force as any document that would be established, received or kept in writing and shall be considered as evidence between SEKOIA.IO, the Users and the Customer.
Documentation

SEKOIA.IO provides the User with information related to the Platform and its use (hereinafter the « Documentation »).

The User acknowledges it has read and understood the Documentation and its possible updates and to use the Platform in accordance with the provisions of the latter.

The Documentation is made to help the User and provide him a first assistance for a suited service. If the Customer does not take the Documentation in consideration for its own purposes, SEKOIA.IO will not be reliable for unsuitable service and the underlyingunderlyning consequences (not working operations, operational mistakes, team fatigue, alert overload…)

The Service is deemed to be made available to the User « as is » without being subject to specific adaptation measures.

It is therefore the responsibility of the User to verify the suitability of the Service for its needs and to take all necessary precautions.

Any warranty is excluded in case of (i) abnormal and/or improper use of the Service (ii) combination of the Service with another product resulting in infringement of the rights of SEKOIA.IO or a third party, or (iii) intervention of a third party not authorized by SEKOIA.IO for repair or correction.
Intellectual Property

SEKOIA.IO owns or is vested with all the intellectual property rights to the Platform (the service and the content of the cyber threat intelligence, any additional services and the Site).

The User undertakes to respect the rights of SEKOIA.IO and may not, under any circumstances, apart from the use of the Platform in accordance with the ToU and the Customer Agreement, reproduce, represent, modify, transmit, publish, adapt, in any form whatsoever, by any means whatsoever, or exploit in any way whatsoever, the Platform without the prior written authorization of SEKOIA.IO.

The User agrees:

    To use the Platform exclusively for the needs of the Customer, excluding any commercial use and/or for the benefit of third parties (except if provided for in the Customer Agreement);

    To be subject to obligations guaranteeing respect for the confidentiality of the information and data to which it may have access by using the Platform;

    To use the Platform in accordance with its Documentation and to not request support assistance unless the answer does not already exist in the Documentation;

    To use the Platform only for a lawful purpose;

    To consent to give its feedback on SEKOIA.IO if invited to do so;

    Not to damage the rights and/or image and/or reputation of SEKOIA.IO ;

    Not to reconstitute or attempt to reconstitute, from the information appearing on the Platform, including the Site, an Internet site and/or software intended to offer to third parties, directly or indirectly, free of charge or against payment, the same or a comparable service, and/or to disseminate or sell, in any manner whatsoever, information for the purpose of assisting a third party to reconstitute, in whole or in part, such the Platform or an equivalent site, such a software or an equivalent software 

Unless otherwise stated, the elements accessible on the Platform such as databases, management tools, texts and more generally all information made available to the User are the full, complete and exclusive property of SEKOIA.IO.

The User shall not, in particular :

    Copy or reproduce, decompile, in whole or in part the Platform by any means and in any form ;

    Use the Platform other than in accordance with the strictly interpreted stipulations of these ToU ;

    Use automated tools or request API endpoints more than necessary for operational purposes;

    Proceed to total, substantial or repeated extractions, by temporary or permanent transfer, or to use by making available to the public, all or part in quantitative or qualitative terms of the Platform and other databases visible on the Platform, whether for commercial or other purpose ;

    Extract or use repeatedly and systematically all or part of the information visible on the Platform or, when such operation clearly exceeds a normal use of the service provided by SEKOIA.IO ;

    Exploit, commercialize or distribute any element of the Platform, in particular the information visible on the Platform and any other database ;

    Use software or manual processes to copy the Platform or to store or collect information on these pages without SEKOIA.IO's express prior written consent ;

    Use devices or software to disrupt or attempt to disrupt the proper functioning of the Platform ; or implement actions that would impose a disproportionate burden on its infrastructure. 

Support

Throughout the duration of the Subscription, SEKOIA.IO may provideprovides the User with a technical support service in case of difficulty in accessing the Platform (depending on Customer Agreement).

If applicable, this service is available by email (support@sekoia.io) or via the dedicated portal (support.sekoia.io). The User's requests will be answered as soon as possible from Monday to Friday (except public holidays in France) from 9:00 am to 7:00 pm (Paris time, France). SEKOIA.IO shall use its best efforts to process the User's request, without further guarantee.
Maintenance

Some maintenance activities can be observed from the Customer or User experience. These maintenance periods may be notified to the Customer when planned. During the maintenance periods, the Customer or User might not expect the Platform to be delivered entirely.
Liability

Failure by the User to comply with the above points shall entitle SEKOIA.IO to close the User's account without notice, compensation or indemnity of any kind.

SEKOIA.IO reserves the right to take legal action against the User.

The Platform and any other software made available by SEKOIA.IO are only technological tools for which the User and the Customer are solely responsible for the use, in compliance with applicable regulations, of the Customer Agreement and these ToU.

SEKOIA.IO shall in no event be liable for any indirect damages suffered by Users or the Customer as a result of using the Platform. In addition, SEKOIA.IO shall not be liable for acts (i) resulting from an act or negligence of the User or the Customer or (ii) which do not comply with the applicable regulations and/or the ToU.
Processing carried out by SEKOIA.IO as data controller

The Personal Data collected by SEKOIA.IO within the Platform are the following:

    Professional contact data for the purpose of monitoring the commercial relationship and relations with the users: identifier, name, surname, professional contact details; on the basis of the execution of the present ToU.

    Management of the SEKOIA.IO newsletter mailing (if the user has registered to receive it).

    Monitoring and traffic data for the purpose of improving the Platform: consumption of the Service, unique ID of the user, monitoring of the navigation; based on the legitimate interest of SEKOIA.IO to know the use of the Platform in order to improve its products.

    Intercom Cookies, which are activated in the sole case of User’s request to reach SEKOIA.IO’s support team by a videocall. Intercom references Messenger cookies as described below ;

    Details on Intercom Cookies

    Cookie name
    	

    Default duration
    	

    Description

    intercom-id-[app_id]
    	

    9 months
    	

    Anonymous visitor identifier cookie. As people visit your site they get this cookie.

    intercom-session-[app_id]

    	

    1 week (from each log-in)
    	

    Identifier for each unique browser session. The user can access their conversations and have data communicated on logged out pages for 1 week, as long as the session isn't intentionally terminated with `Intercom('shutdown');`, which usually happens on logout. Anonymous visitor identifier cookie. As people visit your site they get this cookie.

    intercom-device-id-[app_id]
    	

    9 months
    	

    Identifier for each unique device.

    Gainsight Cookies, which are activated in the sole case of User’s feedback on its use of the Platform.
    Details on Gainsight Cookies

    Cookie name
    	

    Default duration
    	

    Description

    apt.sid
    	

    30 minutes
    	

    The purpose of this cookie is to allow persistent session ID tracking under the top-level domain of the product and is used as a reference ID to the active session.

    apt.uid
    	

    1 year
    	

    The purpose of this cookie is to allow persistent ID tracking under the top-level domain of the product and is used as a reference ID to the user entity.

    Sleekplan Cookies, which are used in the sole case of User’s notification on latest releases.
    Details on Sleekplan Cookies

    Cookie name
    	

    Default duration
    	

    Description

    _sleek_session
    	

    30 minutes
    	

    Listing of the notifications seen by a user

Personal Data is kept in accordance with the maximum period provided for by the applicable regulations, and more specifically:

    For the duration of the contractual relationship plus the legal limitation period for professional contact data;

    For the duration of the contractual relationship plus two years for tracking and traffic data;

    Until the User unsubscribes from the newsletter (via the unsubscribe link integrated into the newsletters);

    Until the withdrawal of the user’s consent and a maximum of thirteen (13) months for cookies.

Data recipients

Personal data may be viewed by employees of SEKOIA.IO, supervisory and similar bodies (including our statutory auditors), and by our partners delivering MSSP activities for the benefit of the Customer strictly in respect of the purposes that SEKOIA.IO presented.

In this regard, we emphasise that we have strict data security provisions in place with our subcontracting data processors, in accordance with Article 28 of the GDPR, including stipulations for the security objectives that must be met.

We endeavour to limit data traffic sent outside the European Union.

However, a certain number of our service providers are the cause of data transfers outside the EU. Data transfers to such service providers are governed, in accordance with the European Parliament’s General Data Protection Regulation (GDPR), by the EU’s standard contract clauses.
Rights on Personal Data.

The User has the following rights regarding to the processing of his/her Personal Data:

    The right to access his/her Personal Data and to request the rectification of any data that should turn out to be inaccurate.

    The User may also request the erasure of his/her Personal Data provided that it is no longer necessary for SEKOIA.IO to keep it.

    The right to oppose the processing of his/her Personal Data or request a limitation of such processing, unless the processing is necessary to respond to User’s requests or provide the Platform.

    Where the processing of his/her Personal Data is based on his/her consent, User may withdraw this consent at any point in time. Withdrawal of User's consent will not affect the lawfulness of any processing already carried out.

    User may moreover exercise his/her right to portability, i.e. to obtain, in a structured and machine-readable form, the Personal Data that User provided to SEKOIA.IO directly on the basis of User's consent or on the basis of a contract with SEKOIA.IO, provided that such processing is automated.

    User may also let SEKOIA.IO know his/her instructions regarding the preservation, erasure and disclosure of his/her Personal Data after User's death and modify these directives at any point in time. 

To exercise these rights, please contact our DPO:

    Postal address: SEKOIA.IO, DPO Office, 18-20 Pl. de la Madeleine, 75008 Paris

    Or use the email address: dpo@sekoia.io

If you consider that your rights have not been adequately respected, you are entitled to lodge a complaint with the French data protection authority (CNIL – Commission Nationale de l’Informatique et des Libertés).
General Provisions

Non-waiver. The fact that SEKOIA.IO does not avail itself at a time of any of the clauses of the present ToU, shall not constitute a waiver of the right to avail itself of these same clauses at a later date.

Interpretation. If any provision of the ToU is found to be invalid, unwritten, unenforceable, or otherwise irrelevant by reason of any applicable law or any final court decision, such provision shall be deemed unwritten and shall not affect the validity of the ToU nor the remaining provisions.

Relations with User. User has no authority or authorization to bind SEKOIA.IO in any way. None of the provisions of the ToU shall be construed as creating, between the User and SEKOIA.IO, an agent or employee-employer relationship, a mandate, or an affiliate.

Force majeure. SEKOIA.IO shall not be liable to the User in case of non-performance of its obligations resulting from a case of force majeure. It is expressly agreed that the events of force majeure are those considered as such by the French Civil Code and the French jurisprudence.

Applicable law. The interpretation, validity and performance of these ToU are subject to French law.

Competent Jurisdiction. Any dispute that may arise from the interpretation or execution of these ToU will be submitted to the competent French jurisdiction.