Terms of Service (Community Edition)
1. Nature of these Terms
a) These Terms set out the general terms and conditions applicable to the contractual relationship between the Customer and threatray ag, Aarbergstrasse 46, 2503 Biel, Switzerland (the "Service Provider"). All capitalized terms used in these Terms shall have the meanings given to them in Annex 1.
b) Any use of the Threatray Community Edition (the "Software") by the Customer shall be subject to these Terms, which shall be deemed to have been accepted, and the Agreement to have been concluded, upon the Customer having joined the Threatray Community and accepted these Terms on the web portal available at www.threatray.com/terms-community-edition (the "Subscription").
c) The Service Provider reserves the right to modify these Terms from time to time. It will provide Customer notice of any modification.
2. License
2.1. License Grant
The Service Provider hereby grants Customer a right to use the Software for its own purposes as a SaaS solution hosted by the Service Provider, and subject to the terms and restrictions set forth in Clause 2.2 hereinafter (the "License").
2.2. License Terms and Restrictions
a) The License is a non-exclusive, non-transferable, non-sublicensable right to use the Software as provided (and hosted) by the Service Provider.
b) The License shall begin on the effective date of the Subscription and shall expire upon termination of the Agreement.
c) Customer shall not allow any third parties to access and/or use the Software or otherwise make the Software available to any such third parties or use the Software on behalf of any such third parties without the Service Provider's prior written consent.
d) Customer shall not use any Threatray Data for any purposes other than its own security purposes. While single Threatray Data items may be shared within the security community, the Customer shall not provide any substantial collections of Threatray Data to any third parties or the public.
e) Customer shall not disassemble, decompile, reverse engineer, or attempt to derive the source code of the Software, nor use the Software for the creation of competing products. Any such activities are strictly prohibited and shall be considered a violation of these Terms.
f) Customer's use of the Software may be subject to restrictions as to the number of transactions performed using the Software, which the Service Provider may set at its sole discretion.
g) The Service Provider shall have the right to take any and all measures necessary or useful to prevent or terminate any unauthorized usage by third parties.
3. Services
3.1. Provision of the Software
a) The Service Provider shall provide the Software to Customer as a SaaS solution accessible over the Internet. The Software shall be accessible to Customer in its then current version. The interconnection point (the "Interconnection Point") shall be the interface of the router connecting the data center used by the Service Provider for the hosting of the Software to the Internet. The Service Provider shall not be responsible for the availability of the connection between the Interconnection Point and Customer's network or clients.
b) The Service Provider will operate one (1) shared Instance for all its customers under these Terms.
c) The Service Provider will update the Software to new versions at its discretion and make those updates available to Customer. The Service Provider reserves the right to amend the Software's Reference Manual at any time.
d) The Service Provider shall be free in amending the Software's API at any time. Any amendment of the API making necessary changes in the Customer's Interfaces, and any deprecation of API functionality, shall be announced to the Customer three (3) months in advance. The Customer will then have to update the Customer's Interfaces within such timeframe.
3.2. Support
a) The Service Provider will provide limited support services in the form of:
i) receipt of Incident notices and, at its sole discretion, remedy of Incidents; and
ii) at its sole discretion, response to other questions of the Customer.
b) Incidents may be reported, and questions submitted, by the Customer by using the following communication vectors:
i) Service Provider will make available a ticketing system, which may be operated by a third party, that needs to be used to log all Incidents.
ii) Service Provider reserves the right to change the ticketing system at any time and shall notify Customer prior to any change.
c) All Incident reports shall be accompanied by a reasonably detailed description of the steps leading to the Incident.
3.3. Handling of Customer Data
The Service Provider shall:
a) store Customer Data in the data centers in Switzerland, the EEA, the EU, or the US, at its discretion.
b) The Service Provider may use Customer Data as necessary to perform the Services as well as for its own and any other purpose, it being understood that the Service Provider will further use analytics solutions to analyze the Customer's usage of the Software with the aim of improving the Software.
c) Notwithstanding the foregoing, the Service Provider shall have the right to use any data resulting from the testing, detonation, and analysis actions performed on files uploaded by the Customer to the Software ("Derivative Data") for any purpose, and may share any such data with third parties, it being understood that Derivative Data may contain content of any files uploaded by the Customer.
3.4. Subcontractors
a) The Service Provider may subcontract any part of its Service provision under the Agreement (e.g. by usage of a third party cloud platform vendor) and/or otherwise use third party vendors to render its Services under the Agreement without the prior consent of Customer.
b) The Service Provider shall be and remain wholly liable for the acts and omissions of any subcontractors as if such acts and omissions had been made by the Service Provider.
4. Responsibilities of Customer
a) The creation, operation and maintenance of the Customer-side interfaces to the Software's API (the "Customer's Interfaces") shall be the sole responsibility of the Customer. The Customer shall only use the API as described in the API Documentation.
b) The Customer shall also be solely responsible for any data conversions necessary to integrate the Software with its systems.
c) The Customer shall use the Software solely in accordance with the restrictions set out in these Terms and in accordance with the technical specifications set out in the Reference Manual and the API Documentation.
d) The Customer shall promptly notify the Service Provider after becoming aware of any Incident.
e) The Customer is aware that the Software is a complementary solution for the identification and analysis of Threats and is no replacement for state-of-the-art IT security software, measures and protocols, and the Customer shall be fully responsible for adequately protecting its systems by employing up-to-date security software and implementing adequate security measures and protocols.
f) Furthermore, the Customer shall:
i) provide the Service Provider with such information, co-operation, assistance, facilities and resources as reasonably required and requested by the Service Provider to enable it to perform the Services;
ii) act reasonably and in good faith and give prompt attention to any matter raised by the Service Provider, particularly relating to Customer's obligations and/or the performance of the Services;
iii) implement reasonable and appropriate business continuity and disaster recovery measures to mitigate against any reasonably foreseeable risks;
iv) maintain and be responsible for Customer Data back-up and relevant restoration measures; and
v) notify the Service Provider promptly of any concerns or issues that Customer has with the Services provided by the Service Provider.
5. Data Protection
a) Service Provider shall comply (and cause of its subcontractors to comply, if applicable) with all applicable privacy and data protection laws (collectively, "Applicable Privacy Laws").
b) The Customer shall ensure that the Customer Data does not include any personal data.
6. Intellectual Property
Any and all Intellectual Property Rights pertaining to the Software and to Services performed under the Agreement shall remain the sole property of the Service Provider and/or its third-party service providers.
7. Representations and Warranties
THE SOFTWARE AND THE SERVICES ARE PROVIDED "AS IS" and "AS AVAILABLE", WITHOUT ANY REPRESENTATION OR WARRANTY. ANY IMPLIED OR STATUTORY WARRANTIES SHALL HEREBY BE FULLY EXCLUDED.
8. Limitation of Liability
a) Each Party shall be liable without limitation for any damages arising as a result of gross negligence or intent.
b) The Service Provider shall not be liable for any damages resulting from behavior that is not grossly negligent or intentional, or for misidentification (false positives or false negatives) of Threats or errors in or incompleteness of Threatray Data.
9. Term and Termination
9.1. Term of the Agreement
The Agreement shall enter into force on the date of the Subscription for an indefinite period until terminated in accordance with these Terms.
9.2. Ordinary Termination of the Agreement
Each Party may terminate the Agreement for convenience by at any time by giving written notice (which shall include e-mail) or using the respective functionality provided by the Software.
10. Various Provisions
10.1. Severability
Each provision of these Terms shall be interpreted in such a manner as to be effective and valid under applicable law. The invalidity or unenforceability of any provision of these Terms shall in no way affect the validity or enforceability of any other provision hereof. If any provision of these Terms is determined to be invalid, illegal or unenforceable, the remaining provisions of these Terms remain in full force and effect if both the economic and legal substance of the transactions that are contemplated in these Terms and the Agreement are not affected in any manner adverse to any Party.
10.2. No Waiver
The waiver of a breach of these Terms or the failure of a Party to exercise any right under these Terms shall in no event constitute a waiver as to any other breach, whether similar or dissimilar in nature, or prevent the exercise of any right under these Terms. The failure of either Party to enforce at any time any of the provisions of these Terms shall in no way be construed to be a present or future waiver of such provisions, nor in any way affect the ability of a Party to enforce each and every such provision thereafter.
10.3. Assignment
The Parties shall not assign the Agreement or any of the rights or obligations thereunder to any third party without the prior written consent of the other Party.
10.4. Entire Agreement and Hierarchy
These Terms state the entire agreement of the Parties with respect to the provision of the Services and supersedes and cancels all prior oral or written representations, communications, or agreements between the Parties.
10.5. Amendments
No alteration, amendment, waiver, cancellation or any other change in any term or condition of these Terms shall be valid or binding on either Party unless agreed in writing.
11. Governing Law and Jurisdiction
a) These Terms and the Agreement shall be subject to the ordinary laws of Switzerland excluding their conflict of laws provisions and the United Nations Convention on Contracts for the International Sale of Goods (the Vienna Convention).
b) The ordinary courts in Berne, Switzerland, shall have sole jurisdiction with respect to any and all disputes out of or in connection with these Terms and/or the Agreement.
Annex 1
DEFINITIONS
In these Terms:
"Agreement" means the agreement between the Customer and
"API" means the Software's application programming interfaces provided by the Service Provider for usage by the Customer.
"API Documentation" means the description of the Software's API provided by the Service Provider as part of the web application.
"Customer" means the party entering into the Agreement that is not the Service Provider.
"Customer Data" means all information and data provided by or on behalf of the Customer to the Service Provider by way of using the Software. All Customer Data shall be Confidential Information.
"Customer's Interfaces" has the meaning assigned to such term in Clause 4(a).
"Data Breach" has the meaning assigned to such term in Clause 3.4(e).
"Derivative Data" has the meaning assigned to such term in Clause 3.4(f).
"Force Majeure Event" has the meaning assigned to such term in Clause 10.
"Incident" means any unavailability of the Software and any deviation of the Software's functionality from the functionality described in the Software's Reference Manual and the API Documentation.
"Instance" means an instance of the Software.
"Intellectual Property" means any trademarks, trade names, business names, brand names, domain names, service marks, copyrights, including any performing, author or moral rights, designs, inventions, patents, franchises, formulas, processes, know-how, technology and related goodwill, and any patent applications, patent registrations, issued patents, continuations in part, divisional applications or analogous rights or license rights therefore, and all other intellectual or industrial property.
"Intellectual Property Rights" means any and all rights in and to Intellectual Property.
"Reference Manual" means the technical and user interface documentation of the Software provided by the Service Provider as part of the web application.
"Service Provider" has the meaning assigned to such term in Clause 1(a).
"Services" means any services to be provided by the Service Provider to the Customer under these Terms.
"Software" has the meaning assigned to such term in Clause 1(b).
"Subscription" has the meaning assigned to such term in Clause 1(b).
"Threat" means any harmful software or other system commands of any nature that could pose a threat to an IT system of any kind, including (without limitation) viruses, malware, spyware, scareware, ransomware, bots and trojans.
"Threatray Data" means data generated by or made available by the Software (via its user interface or via the API) to the Customer.
Last updated on 4th of July 2025.