TERMS OF SERVICE

This Terms of Service Agreement (the “Agreement”) is entered into by and between HeyHeyLabs (under the name CTIChef.com), with its principal place of business at PO Box 247, Kampen, The Netherlands (“Vendor,” “we,” “us,” or “our”), and the customer entity agreeing to these terms (“Customer,” “you,” or “your”). This Agreement governs your access to and use of Vendor’s proprietary threat intelligence feeds (the “Feed” or “Services”) as further described in your subscription details.

BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE, EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, OR BY ACCESSING OR USING THE FEED (INCLUDING DURING ANY TRIAL PERIOD), YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THESE TERMS AND CONDITIONS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE FEED.

  1. Definitions

    1. “Feed” means the threat intelligence data, including but not limited to STIX2 entities, metadata, rule content, reports, and any associated content or documentation provided by Vendor to Customer under a subscription.
    2. “Order Form” means the ordering document or online order specifying the Services to be provided hereunder that is entered into between Customer and Vendor, including any addenda and supplements thereto.
    3. “Subscription Term” means the period during which Customer is authorized to access and use the Feed, as specified in the Order Form.
    4. “Documentation” means any explanatory materials, in any form, provided by Vendor for use with the Feed.
    5. “Trial Period” means a one-time period, if offered and specified in an Order Form or during the sign-up process, during which Customer may evaluate the Feed, typically for fourteen (14) days.
    6. “Original Rule Licenses” means the open-source or other licenses that may govern specific, original detection rule content aggregated by Vendor from third-party sources.

  2. License grant and restrictions

    1. License Grant. Subject to the terms and conditions of this Agreement and payment of all applicable fees (following any applicable Trial Period), Vendor grants Customer a non-exclusive, non-transferable, non-sublicensable, revocable license during the Subscription Term to access and use the Feed and Documentation solely for Customer’s internal security operations and threat intelligence analysis.
    2. Restrictions. Customer shall not, and shall not permit any third party to:
      1. Resell, distribute, lease, rent, or otherwise make the Feed available to any third party, except as expressly permitted for an OEM license if separately agreed in writing.
      2. Modify, adapt, translate, or create derivative works based on the Feed content, except as necessary for ingestion and internal analysis within Customer’s security tools.
      3. Reverse engineer, decompile, or disassemble any software or systems used by Vendor to deliver the Feed.
      4. Use the Feed to develop a competing product or service.
      5. Remove, alter, or obscure any proprietary notices or labels on or in the Feed or Documentation.
      6. Use the Feed for any illegal, unauthorized, or unethical purpose, or in any manner that infringes upon the rights of any third party.
      7. Publicly disseminate or display the raw Feed content, except for aggregated, anonymized, or derivative insights where the raw Feed data is not directly exposed.
    3. Third-Party Rule Licenses. Customer acknowledges that the Feed aggregates detection rules from various third-party sources, including publicly available repositories. These original rules may be subject to their own Original Rule Licenses. Where Vendor provides the original rule code or content as part of an indicator or observable, Vendor will, where reasonably available, include a reference or link to the applicable Original Rule License. Customer is solely responsible for reviewing, understanding, and complying with the terms of any such Original Rule Licenses when using or actioning the specific rule content. Vendor makes no representations or warranties regarding Original Rule Licenses and disclaims all liability in connection therewith. Vendor’s intellectual property, as defined in Section 6.1, pertains to the compilation, structure, extraction, enrichment, analysis, and delivery of the Feed, not the underlying original rule content itself if governed by a separate Original Rule License.
    4. Trial Period. If a Trial Period is offered, the Feed is provided “AS IS” without any warranty during such Trial Period. All provisions of this Agreement shall apply during the Trial Period, except that Vendor may terminate Customer’s access to the Feed at any time during the Trial Period for any reason without liability. Unless Customer cancels its subscription before the end of the Trial Period in accordance with the cancellation instructions provided by Vendor, the subscription will automatically convert to a paid subscription subject to the fees specified in the Order Form.

  3. Customer responsibilities

    1. Technical Implementation. Customer is solely responsible for the technical implementation, configuration, and maintenance of its own systems required to receive, process, ingest, and act upon the Feed. Vendor is not responsible for any technical issues, errors, or failures arising from Customer’s systems or integration efforts.
    2. Independent Analysis and Action. The Feed is provided for informational purposes only. Customer acknowledges that the Feed may contain data aggregated from various public sources and that intelligence analysis inherently involves uncertainties. Customer is solely responsible for:
      1. Independently verifying and validating the accuracy, completeness, and relevance of any information within the Feed before taking any action.
      2. All decisions, actions, or omissions made by Customer based on or in reliance upon the Feed.
      3. Any consequences, including but not limited to operational disruptions, security incidents, or business impact, resulting from Customer’s use of or reliance on the Feed.
    3. Compliance with Laws and Licenses. Customer shall use the Feed in compliance with all applicable laws, regulations, industry best practices, and any applicable Original Rule Licenses as described in Section 2.3.

  4. Fees and payment

    1. Fees. Customer shall pay all fees specified in the applicable Order Form. Unless otherwise stated on the Order Form, all fees are inclusive of applicable taxes (such as VAT or sales tax) where Vendor is legally obligated to collect such taxes. Fees are non-cancelable and non-refundable, except as expressly stated in this Agreement or during a valid cancellation within a Trial Period.
    2. Payment Terms. Payment terms are as set forth in the Order Form. Unless otherwise stated, all fees are due upon commencement of the paid Subscription Term and upon renewal thereof, or within thirty (30) days from the invoice date if invoiced separately, or as per the automated billing cycle for online subscriptions.
    3. Taxes. While fees are generally stated as inclusive of taxes Vendor collects, Customer remains responsible for any taxes, levies, or duties for which it is legally obligated to account directly to a taxing authority (e.g., use taxes, withholding taxes not covered by Vendor’s collection obligation). If Vendor is required by law to pay or collect any taxes for which Customer is responsible under this section, Customer will pay such taxes to Vendor unless Customer provides Vendor with a timely and valid tax exemption certificate authorized by the appropriate taxing authority.
    4. Support and Consultancy.
      1. Standard Support: Included with the subscription is email-only support. Vendor will use commercially reasonable efforts to respond to support inquiries submitted via the designated email address within five (5) business days during Vendor’s standard business hours (as published by Vendor). Standard support is limited to assistance with Feed access, understanding Feed structure, and basic troubleshooting related to Feed delivery.
      2. Extended Services: Any custom development, consultancy, advanced integration support, dedicated training, or other professional services beyond the scope of Standard Support (“Extended Services”) are not included in the subscription fees. Such Extended Services must be contracted separately under a distinct Statement of Work (SOW) or professional services agreement and will be billed at Vendor’s then-current hourly rates or as otherwise agreed in writing.

  5. Term and termination

    1. Term. This Agreement commences on the date Customer first accepts it (or begins a Trial Period) and continues until all Subscription Terms hereunder have expired or have been terminated. The initial Subscription Term shall begin either (i) immediately following the Trial Period if not canceled, or (ii) on the start date specified in the Order Form if no Trial Period is provided.
    2. Subscription Renewal. Unless otherwise specified in an Order Form, Subscription Terms will automatically renew for additional periods equal to the expiring Subscription Term unless either party gives the other written notice of non-renewal at least thirty (30) days before the end of the relevant Subscription Term. The per-unit pricing during any renewal term will be the same as that during the prior term unless Vendor has given Customer written notice of a pricing increase at least thirty (30) days before the end of such prior term, in which case the pricing increase will be effective upon renewal.
    3. Termination for Cause. Either party may terminate this Agreement for cause if the other party materially breaches this Agreement and fails to cure such breach within thirty (30) days of receiving written notice.
    4. Effect of Termination. Upon termination or expiration of this Agreement or any Subscription Term:
      1. All rights and licenses granted to Customer for the applicable Feed shall immediately cease.
      2. Customer shall immediately cease all use of the Feed and Documentation and, upon Vendor’s request, certify in writing its compliance with this obligation.
      3. Any outstanding payment obligations shall become immediately due.
    5. Survival. Sections 2.2 (Restrictions), 2.3 (Third-Party Rule Licenses), 3 (Customer Responsibilities), 4 (Fees and Payment, for amounts due), 5.4 (Effect of Termination), 5.5 (Survival), 6 (Intellectual Property), 7 (Confidentiality), 8 (Disclaimer of Warranties), 9 (Limitation of Liability), 10 (Indemnification), and 11 (General Provisions) shall survive any termination or expiration of this Agreement.

  6. Intellectual property

    1. Vendor IP. Vendor retains all right, title, and interest, including all intellectual property rights, in and to: (i) the Feed’s structure, format, compilation, organization, and delivery mechanisms; (ii) any metadata, enrichments, classifications, summaries, reports, or other analytical output generated by Vendor and included in or accompanying the Feed (even if derived from or related to third-party rule content); (iii) the Documentation; (iv) Vendor’s underlying technology; and (v) any improvements, modifications, or derivative works of the foregoing created by or for Vendor. The Feed, as a curated and processed compilation with added value, is the valuable intellectual property of Vendor, distinct from any Original Rule Licenses applicable to specific underlying rule content.
    2. Customer Data. Customer retains all right, title, and interest in and to any data or information originating from Customer that is processed using the Feed (“Customer Data”). Vendor shall not use Customer Data except as necessary to provide the Services to Customer.
    3. Feedback. If Customer provides any suggestions, ideas, feedback, or recommendations to Vendor regarding the Feed or Services (“Feedback”), Vendor is free to use, disclose, reproduce, license, or otherwise distribute and exploit such Feedback as it sees fit, entirely without obligation or restriction of any kind on account of intellectual property rights or otherwise.

  7. Confidentiality

    1. Definition. “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Vendor’s Confidential Information includes the non-public aspects of the Feed, its pricing structure, and the Documentation. Customer’s Confidential Information includes Customer Data.
    2. Protection. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) (i) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, to limit access to Confidential Information of the Disclosing Party to those of its and its affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.
    3. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.
    4. Exceptions. Confidential Information does not include information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

  8. Disclaimer of warranties

    1. THE FEED, DOCUMENTATION, AND ALL SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTIES OF ANY KIND. VENDOR AND ITS SUPPLIERS EXPRESSLY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, COMPLETENESS, RELIABILITY, OR UNINTERRUPTED OR ERROR-FREE OPERATION.
    2. VENDOR DOES NOT WARRANT THAT THE FEED WILL BE ACCURATE, COMPLETE, CURRENT, ERROR-FREE, OR THAT DEFECTS WILL BE CORRECTED. CUSTOMER ACKNOWLEDGES THAT THREAT INTELLIGENCE IS INHERENTLY UNCERTAIN, SUBJECT TO CHANGE, AND MAY CONTAIN INACCURACIES, OMISSIONS, OR ERRORS. VENDOR MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE SUITABILITY OF THE FEED FOR CUSTOMER’S REQUIREMENTS.
    3. VENDOR IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR ANY OTHER LOSS OR DAMAGE RESULTING FROM THE TRANSFER OF DATA OVER COMMUNICATIONS NETWORKS AND FACILITIES, INCLUDING THE INTERNET, AND CUSTOMER ACKNOWLEDGES THAT THE FEED MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES.
    4. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY CUSTOMER FROM VENDOR OR THROUGH THE FEED SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT.

  9. Limitation of liability

    1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL VENDOR OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION, COST OF COVER, OR ANY OTHER SIMILAR DAMAGES OR LOSSES, ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE USE OF OR INABILITY TO USE THE FEED, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, OR OTHERWISE), EVEN IF VENDOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    2. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, VENDOR’S AND ITS SUPPLIERS’ TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE FEED, WHETHER IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID BY CUSTOMER TO VENDOR FOR THE FEED DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
    3. THE LIMITATIONS IN THIS SECTION 9 SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY AND REGARDLESS OF THE FORM OF ACTION. CUSTOMER ACKNOWLEDGES THAT THE FEES REFLECT THE ALLOCATION OF RISK SET FORTH IN THIS AGREEMENT AND THAT VENDOR WOULD NOT ENTER INTO THIS AGREEMENT WITHOUT THESE LIMITATIONS ON ITS LIABILITY.

  10. Indemnification

    1. By Customer. Customer shall defend, indemnify, and hold harmless Vendor, its officers, directors, employees, and agents from and against any and all claims, actions, suits, proceedings, losses, liabilities, damages, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to:
      1. Customer’s use of the Feed, including any actions taken or decisions made based on the Feed.
      2. Customer’s breach of this Agreement (including, without limitation, any breach of Section 2.3 regarding Original Rule Licenses) or violation of applicable law.
      3. Any issues, failures, or damages resulting from Customer’s systems, infrastructure, or the integration and processing of the Feed within Customer’s environment.
      4. Any claim that Customer’s use of the Feed (other than as expressly permitted herein) infringes or misappropriates the intellectual property rights of a third party.

  11. General provisions

    1. Governing Law and Jurisdiction. This Agreement shall be governed by and construed in accordance with the laws of the Netherlands, without regard to its conflict of laws principles. Any legal action or proceeding arising under this Agreement will be brought exclusively in the courts located in Amsterdam, The Netherlands and the parties hereby irrevocably consent to the personal jurisdiction and venue therein.
    2. Entire Agreement. This Agreement, including any Order Forms and referenced policies, constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter. In the event of any conflict or inconsistency between the provisions in the body of this Agreement and any Order Form, the terms of the Order Form shall prevail.
    3. Amendment. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by authorized representatives of both parties.
    4. Waiver. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right. A waiver of any default is not a waiver of any subsequent default.
    5. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.
    6. Assignment. Customer may not assign any of its rights or delegate any of its obligations hereunder, whether by operation of law or otherwise, without the prior written consent of Vendor (which consent shall not be unreasonably withheld). Vendor may assign this Agreement in its entirety (including all Order Forms), without consent of Customer, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets.
    7. Force Majeure. Neither party shall be liable for any failure or delay in performance under this Agreement (other than for delay in the payment of money due and payable hereunder) for causes beyond that party’s reasonable control and occurring without that party’s fault or negligence, including, but not limited to, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving such party’s employees), or Internet service provider failures or delays, or denial of service attacks.
    8. Notices. All notices under this Agreement shall be in writing and shall be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by email (to the email addresses specified in the Order Form or an updated email address provided in writing for notice purposes); the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. Notices to Vendor shall be addressed to PO Box 247, Kampen, The Netherlands. Notices to Customer shall be addressed to the address/email on the Order Form.
    9. Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. There are no third-party beneficiaries to this Agreement.
    10. Export Compliance. The Feed and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. Customer shall not permit users to access or use any Service or Content in a U.S.-embargoed country or in violation of any U.S. export law or regulation.