Immunet Service

Terms of Use Agreement

THIS TERMS OF USE AGREEMENT (“AGREEMENT”) DESCRIBES THE RIGHTS AND RESPONSIBILITIES RELATED TO YOUR USE AND ACCESS OF THE CLOUD SERVICE BETWEEN YOU AND CISCO. BY CLICKING ON ‘AGREE’, ‘INSTALL,’ OR BY USING THE CLOUD SERVICE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE WITH ITS TERMS, DO NOT CLICK ‘AGREE’ OR ‘INSTALL’ AND DO NOT USE THE CLOUD SERVICE. IF YOU ARE LOCATED IN RUSSIA OR CHINA, YOU ARE NOT AUTHORIZED TO USE THE CLOUD SERVICE.

Section 1. Your Use of the Cloud Service

Your Use of the Cloud Service and Cisco Content. You may use the Cloud Service solely for your personal use in accordance with this Agreement and the Documentation. You are responsible for the accuracy and quality of Your Data, the means by which You acquired Your Data and Your use of Your Data with our Cloud Service. You will not (i) interfere with the Cloud Service, other customers’ access to the Cloud Service, or with the security of the Cloud Service; (ii) sell, resell, or distribute the Cloud Service; (iii) make the Cloud Service available to third parties as a managed or network provisioned service; (iv) use the Cloud Service in a way that causes an unusual spike and negatively impacts the operating capability of the Cloud Service; or (v) attack or disrupt the Cloud Service, including denial of service (DoS), unauthorized access, monitoring or crawling, or distribution of malware (including but not limited to viruses, Trojan horses, worms, time bombs, spyware, adware, or cancelbots). If Your use of the Cloud Service requires or permits You to use any Cisco Content, You may only use such Cisco Content with the Cloud Service and with third-party products or service offerings that Cisco has identified as compatible with the Cloud Service.
You are responsible for Your Data. Cisco does not endorse and has no control over what You submit through the Cloud Service. You are responsible for Your Data submitted to, or created in the Cloud Service. You represent that all account information You provide is accurate and will be kept up-to-date. In addition, You will use reasonable means to protect Your account information, passwords and other login credentials for the Cloud Service, and promptly notify Cisco of any known or suspected unauthorized use of or access to Your account.
Support. Technical support for the Cloud Service is limited to the forum support available at www.immunet.com. Should You submit technical support questions or comments to Cisco via the forum, You acknowledge and agree Cisco may edit and post those questions or comments with the response without revealing personal information on Cisco’s forum support web site and that all such questions or comments shall be Cisco’s property.

Section 2. Data Protection, Privacy & Confidential Information

How we use Your data. Cisco processes and uses Personal Data and Your Data to deliver, analyze, support and improve the Cloud Service and as otherwise permitted in this Agreement, Schedule 1 and Cisco’s Privacy Statement. Cisco will maintain appropriate administrative, physical and technical safeguards, which are designed to protect the security, confidentiality and integrity of Personal Data and Your Data processed by Cisco. With the exception of any Personal Data submitted to the Cisco as part of Your use and/or access to the Cloud Service, Your Data will be treated as non-confidential by Cisco. Cisco may share Personal Data and Your Data with third party service providers consistent with Cisco’s Privacy Statement in order to assist in providing and improving the Cloud Service as described in Schedule 1 below Cisco contracts only with third party service providers that can provide the same level of data protection and information security that You expect from Cisco.
Telemetry Data. Cisco may process Telemetry Data to deliver, enhance, improve, customize, support, and/or analyze the Cloud Service and other Cisco offerings and otherwise freely use Telemetry Data that does not identify You. In some cases, You can only opt out of the Telemetry Data collection by uninstalling or disabling the Cloud Service; but You may have the ability to configure the Cloud Service to limit the Telemetry Data collected.
International Data Transfers. Cisco may process and store Your Data and Personal Data outside of the country where it was collected. Cisco will only transfer Personal Data consistent with applicable law. To the extent Cisco processes any Personal Data from the EEA or Switzerland on Your behalf, we will do so in a manner consistent with the relevant EU- or Swiss-US Privacy Shield Principles or successor frameworks (“Principles”) (see www.commerce.gov/privacyshield). Where Cisco transfers Personal Data from an APEC Member Economy on behalf of You, Cisco will process such Personal Data in a manner consistent with the APEC Cross Border Privacy Rules Systems requirements (“CBPRs”) (see www.cbprs.org) to the extent the requirements are applicable to Cisco’s processing of such data. If Cisco is unable to provide at least the same level of protection as required by the Principles or CBPRs, Cisco will promptly notify You and cease processing.

Section 3. Ownership and Software Licensing Rights

What You Own. You retain ownership in all intellectual property rights to Your Data.
What We Own. Cisco and its licensors retain ownership in all intellectual property rights to Cisco Content, the Cloud Service and its underlying technology, software, patents, know-how and associated documentation, in whole or in part, including all improvements, enhancements, modifications, and derivative works. You authorize Cisco to use feedback and ideas You provide in connection with Your use of the Cloud Service for any purpose without further obligation to You.
Software License & Restrictions. To use the Cloud Service, You may be required to download and install Cisco software (“Software”). Cisco grants you a limited, non-exclusive, non-sublicensable and non-transferable license to use the Software solely as required to use the Cloud Service. The Software may contain code that is subject to its own license terms. You may not and may not allow a third party to modify, reverse engineer, decompile, or otherwise attempt to derive the source code for the Software, or create derivative works of the Software except as legally permitted for interoperability purposes. You will not extract Cisco Content from the Software, or provide Cisco Content to a third party.

Section 4. Warranties, Disclaimers and Limitation of Liability

DISCLAIMER. THE CLOUD SERVICE, SOFTWARE, CISCO CONTENT AND ALL DOCUMENTATION PROVIDED BY CISCO HEREUNDER ARE PROVIDED “AS IS” AND “WITH ALL FAULTS,” AND CISCO EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND OR NATURE, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF OPERABILITY, CONDITION, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, QUIET ENJOYMENT, VALUE, ACCURACY OF DATA, OR QUALITY, AS WELL AS ANY WARRANTIES OF MERCHANTABILITY, SYSTEM INTEGRATION, WORKMANSHIP, SUITABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR THE ABSENCE OF ANY DEFECTS THEREIN, WHETHER LATENT OR PATENT. NO WARRANTY IS MADE BY CISCO ON THE BASIS OF TRADE USAGE, COURSE OF DEALING OR COURSE OF TRADE. CISCO DOES NOT WARRANT THAT THE CLOUD SERVICE, SOFTWARE, CISCO CONTENT OR THE DOCUMENTATION PROVIDED UNDER THIS AGREEMENT WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION THEREOF WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL ERRORS WILL BE CORRECTED. CISCO DOES NOT GUARANTEE THAT THE CLOUD SERVICE WILL DETECT OR REVEAL ALL MALWARE, CORRUPT FILES OR VIRUSES ON YOUR ENDPOINT DUE TO THE CONTINUAL DEVELOPMENT OF NEW TECHNIQUES FOR INTRUDING UPON AND ATTACKING FILES, NETWORKS AND ENDPOINTS. CISCO DOES NOT WARRANT THAT THE CLOUD SERVICE WILL PROTECT YOUR FILES, NETWORK OR ENDPOINTS FROM ALL MALWARE, VIRUSES OR THIRD-PARTY MALICIOUS ATTACKS. YOU ACKNOWLEDGE THAT CISCO’S OBLIGATIONS UNDER THIS AGREEMENT ARE FOR YOUR BENEFIT ONLY.
LIMITATION OF LIABILITY IN NO EVENT WILL CISCO BE LIABLE FOR (I) INDIRECT, INCIDENTAL, EXEMPLARY, SPECIAL OR CONSEQUENTIAL DAMAGES; (II) LOSS OR CORRUPTION OF DATA OR INTERRUPTED OR LOSS OF BUSINESS; (III) LOSS OF REVENUES, PROFITS, GOODWILL OR ANTICIPATED SALES OR SAVINGS OR (IV) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION). THIS LIMITATION OF LIABILITY APPLIES WHETHER THE CLAIMS ARE IN WARRANTY, CONTRACT, TORT, INFRINGEMENT, OR OTHERWISE, EVEN IF EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL CISCO’S AGGREGATE LIABILITY TO YOU OR ANY THIRD PARTY ARISING OUT OF THIS AGREEMENT, THE CLOUD SERVICE, SOFTWARE, CISCO CONTENT AND/OR THE DOCUMENTATION EXCEED FIFTY U.S. DOLLARS ($50.00USD). CERTAIN LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MIGHT HAVE ADDITIONAL RIGHTS.

Section 5. Term and Termination

You may terminate the Cloud Service by simply discontinuing Your use of the Cloud Service and uninstalling the Software. Cisco may terminate your access to all or any part of the free Cloud Service and Software at any time, with or without cause and with or without notice. The following sections survive the expiration or termination of this Agreement: Sections 2, 3, 4, the last sentence of Section 5, Sections 6 and 7, and Schedule 1.

Section 6. General Provisions

Assignment and Subcontracting. We may assign any of our rights or delegate any of our obligations under this Agreement in our sole discretion. We may also subcontract the performance of the Cloud Service to third parties. Any such subcontract will not relieve Cisco of any of its obligations under this Agreement. You may not assign this Agreement without the prior written consent of Cisco.
Modifications. As our business evolves, we may modify this Agreement and Your continued use of the Cloud Service will be deemed Your acceptance of the modified Agreement.
Export. Cisco’s on-premise Software, Cloud Services, products, technology and services are subject to local and extraterritorial export control laws and regulations. You and Cisco each will comply with such laws and regulations governing use, export, re-export, and transfer of such on-premise Software, Cloud Services, products and technology and will obtain all required local and extraterritorial authorizations, permits or licenses. Specific export information may be found at: http://tools.cisco.com/legal/export/pepd/Search.do.
Compliance with Laws. Cisco will comply with all applicable laws when providing the Cloud Service. We may restrict the availability of the Cloud Service in any particular location or modify or discontinue Cloud Service features to comply with applicable laws and regulations. You will comply with all applicable laws and regulations related to Your receipt and use of the Cloud Service. You must ensure You have the right to use all features of the Cloud Service in Your jurisdiction. Cisco may also share information as necessary to comply with laws and subject to Cisco’s policy on law enforcement requests found at http://www.cisco.com/c/en/us/about/trust-transparency-center/validation/report.html.

Governing Law and Venue. The Agreement, and any disputes arising out of or related hereto, will be governed exclusively by the applicable governing law below, based on Your primary domicile address and without regard to conflicts of laws rules or the United Nations Convention on the International Sale of Goods. The courts located in the applicable venue below will have exclusive jurisdiction to adjudicate any dispute arising out of or relating to the Agreement or its formation, interpretation or enforcement. Each party hereby consents and submits to the exclusive jurisdiction of such courts. Regardless of the below governing law, either party may seek interim injunctive relief in any court of appropriate jurisdiction with respect to any alleged breach of its intellectual property or proprietary rights.

Your Primary Domicile Address	Governing Law	Jurisdiction and Venue
United States, Latin America or the Caribbean	State of California, United States of America	Superior Court of California, County of Santa Clara and Federal Courts of the Northern District of California
Canada	Province of Ontario, Canada	Courts of the Province of Ontario
Europe (excluding Italy), Middle East, Africa, Asia (excluding Japan and China), Oceania (excluding Australia)	Laws of England*	English Courts
Japan	Laws of Japan	Tokyo District Court of Japan
Australia	Laws of the State of New South Wales	State and Federal Courts of New South Wales
Italy	Laws of Italy	Court of Milan
China	Laws of the People’s Republic of China	Hong Kong International Arbitration Center
All other countries or territories	State of California	State and Federal Courts of California

*Where the governing law is the laws of England, no person who is not a party to this Agreement shall be entitled to enforce or take the benefit of any of its terms under the Contracts (Rights of Third Parties) Act 1999.

Notification. Cisco may provide You with notice via email, regular mail and/or postings on the www.immunet.com website or any other website used as part of the Cloud Service. Notices to Cisco should be sent to Cisco Systems, Office of General Counsel, 170 Tasman Drive, San Jose, CA 95134.
Force Majeure. Neither of us will be responsible for failure of performance due to a Force Majeure Event.
Reservation of Rights. Failure to enforce any right under this Agreement will not waive that right.
Severability. If any term of this Agreement is not enforceable, this will not affect any other terms in this Agreement.
Complete Agreement. This Agreement is the complete agreement between the parties concerning the Cloud Service and supersedes all prior or contemporaneous communications, understandings or agreements (whether written or oral) regarding this subject matter. The parties agree that the English version of this Agreement will govern in the event of a conflict between it and any version translated into another language.

Section 7. Definitions

“Cisco” “we,” “our” or “us” means Cisco Systems, Inc. or its applicable affiliate.
“Cisco Content” means any Cisco-provided content or data including, but not limited to, geographic and domain information, rules, signatures, threat intelligence or other threat data feeds, suspicious URLs and IP address data feeds.
“Cloud Service” means the Cisco hosted software-as-a-service offering made available for free at www.immunet.com.
“Documentation” means the Cisco user or technical manuals, training materials, specifications, privacy data sheets, or other information applicable to the Cloud Service.
“Force Majeure Event” means an event beyond the affected party’s reasonable control, including accidents, severe weather events, acts of God, actions of any government agency, epidemic, pandemic, acts of terrorism, or the stability or availability of the Internet or a portion thereof.
“Personal Data” means any information that can be used to identify You or another individual and may include name, address, email address, phone number, login information (account number and password), marketing preferences, social media account information, or payment card number.
“Telemetry Data” means all information and data that the Cloud Service generates in connection with Your use, including but not limited to, network policy, log and configuration information; threat intelligence data, URLs, metadata or net flow data; origin and nature of malware; the types of software or applications installed on a network or an endpoint; information about the devices connected to a network; information generated by sensors, devices and machinery; information related to the usage, origin of use, traffic patterns or behavior of the users of a network or Cloud Service; and information relating to the existence of cookies, web beacons, and other similar applications.
“You” or “Your” means the individual using and/or accessing the Cloud Service.
“Your Data” means all information and data that You provide or transfer to Cisco or that the Cloud Services collects from You or Your system(s) in connection with Your use of the Cloud Service or Software. Your Data does not include Telemetry Data.

Schedule 1: Personal Data Privacy.

A. Personal Data Processing:

Personal Data Category	Types of Personal Data	Purpose of Processing
Registration Information	Name Address Email Address User ID	Creating an account Data collected is for product enablement, product use notifications, training and support only
Operational Data	Any data related to a device including but not limited to: Username, all physical characteristics of the hardware on which an application is running, including but not limited to name of device, installed applications, hard drive space used/available, memory available.	Data collected for: Product usage Cisco global threat intelligence research
File Activity and File Metadata	Any data related to file activity or file metadata including but not limited to: file name, file path, cryptographic hash, fuzzy hash, machine learning fingerprint	Customer configurable*. This feature is enabled at default, but the customer can opt-out. When enabled, the function of this feature is to provide endpoint security. Data collected for: Product usage Cisco global threat intelligence research
Network Metadata	Any data related to the network including but not limited to: Network Host Data (IP address, host, query, string, port) Local URL, MAC Address, IP address; Remote URL, MAC address, IP address	Customer configurable. The function of this feature is to provide endpoint security. Data Collected for: Product usage (e.g., Computer Management, Device Flow Correlation in Device Trajectory and Retrospective Security). Cisco global threat intelligence research
User Name	User Name	Customer configurable*. This feature is enabled at default, but the customer can opt-out. When enables, the function of this feature is to provide endpoint security. Data collected for: Product usage (e.g., Events and Device Trajectory). Cisco global threat intelligence research
File Analysis Data	Any data related to or included in entire files, captured as unstructured data	Customer configurable*. The customer must “opt-in”. When this feature is enabled, the function of this feature is to provide endpoint security. Data collected for: Product usage (E.g. File Repository and File Analysis). Cisco global threat intelligence research.

*Reducing the amount of information sent to the Cloud Service may limit some of the product functionality available to the You.

B. Cross Border Transfers:

The Cloud Service leverages third party cloud hosting providers to provide services globally, as follows:

Data Center	Description	Location of Data Center
Amazon Web Services (AWS) North America Cloud	The infrastructure for the Cloud Service runs on Amazon Web Services (AWS) in a single region in the United States	United States
Zayo North America Co-location Facility	North American cloud data backup to Cisco approved co-location hosting facility in the United States
Equinix Co-location Facilities	Global threat intelligence cloud co-location facilities with locations in the United States
Vazata Co-location Facility	Global threat intelligence cloud co-location facility located in the United States

C. Access Control:

Personal Data Category	Who has access	Purpose of the access
Registration Information	Cisco Employees – Cisco Secure Endpoint Operations and Support staff only	Security administration and operations. Creating an account and validating license entitlements and general product support and operations.
Operational Data, File Activity and File Metadata, Network Metadata, Username, File Analysis Data	Cisco Employees – Cisco Secure Endpoint Operations and Support staff, Cisco global threat intelligence research teams	Providing Security analytics and forensics for product usage; global threat intelligence research.

D. Data Retention and Deletion:

Personal Data Category	Retention Period	Reason for Retention
Registration Information	Indefinitely*	Creating an account, product enablement, product use notifications, training and support
Operational Data, File Activity and File Metadata, Network Metadata, Customer Username	30 days Indefinitely* (events, audit logs)	Reporting purposes Global threat intelligence research
File Analysis Data	Indefinitely*	Mining and global threat intelligence research

*Note: When You terminate Your Cloud Service subscription or this Agreement and/or cease using the Cloud Service, You can specifically request that Your data be purged from Cisco’s datastores and backups by emailing privacy@cisco.com

E. Personal Data Security

Personal Data Category	Type of Encryption
Registration Information, Operational Data, File Activity and File Metadata, Network Metadata, Username, File Analysis Data	Encrypted in transit Data at rest is stored un-encrypted with strict access control.

F. Third Party Sub-Processors

Cisco partners with service providers who contract to provide the same level of data protection and information security that you can expect from Cisco. A current list of sub-processors for the Cloud Service is below:

Sub-processor	Personal Data	Service Type	Location of Data Center
Amazon Web Services (AWS);	Customer contact information for product administration Customer Filenames and File path names Customer Network Host Data and Endpoint System Address for product function/operation Customer Username for product function/operation Any data contained in files sent for analysis	The Cloud Service leverages cloud technology to provide improved malware protection capabilities. Amazon Web Services Cloud helps provide a global service footprint, security assurance, service elasticity and resilience to the Cloud Service.	United States

G. Breach and Incident Notification Processes

The Data Protection & Privacy team within Cisco’s Security & Trust Organization coordinates the Data Incident Response Process and manages the enterprise-wide response to data-centric incidents. The Incident Commander directs and coordinates Cisco’s response, leveraging diverse teams including the Cisco Product Security Incident Response Team (PSIRT), the Cisco Security Incident Response Team (CSIRT), and the Advanced Security Initiatives Group (ASIG).

PSIRT manages the receipt, investigation, and public reporting of security vulnerabilities related to Cisco products and networks. The team works with Customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks. The Cisco Security Center details the process for reporting security incidents.

The Cisco Notification Service allows Customers to subscribe and receive important Cisco product and technology information, including Cisco security advisories for critical and high severity security vulnerabilities. This service allows Customers to choose the timing of notifications, and the notification delivery method (email message or RSS feed). The level of access is determined by the subscriber's relationship with Cisco. If you have questions or concerns about any product or security notifications, contact your Cisco sales representative.

H. Certifications and Compliance with Privacy Laws.

The Security and Trust Organization and Cisco Legal provide risk and compliance management and consultation services to help drive security and regulatory compliance into the design of Cisco products and services. Cisco and its underlying processes are designed to meet Cisco’s obligations under the EU General Data Protection Regulation and other privacy laws around the world.

Cisco leverages the following privacy transfer mechanisms related to the lawful use of data across jurisdictions:

For more general information and FAQs related to Cisco’s Security Compliance Program and Cisco’s GDPR readiness please visit The Cisco Trust Center.