Terms and Conditions
Blackpanda Incident Response One (IR-1)
Coverage begins when your receive your Confirmation Email and continues for the term specified in your Confirmation Email (the “IR-1 Term”). The IR-1 Term is the period of time in which your IR-1 is in effect.
The “Confirmation Email” is an email notification from Blackpanda expressly confirming that your IR-1 is active. Please note that our Confirmation Email does not refer to any email notifications from any other third parties in relation to the IR-1. THE CONFIRMATION EMAIL IS ONLY SENT AFTER YOU HAVE REGISTERED YOUR IR-1 WITH US. PLEASE REFER TO SECTION 1 BELOW IF YOU HAVE NOT COMPLETED YOUR REGISTRATION.
You can find the price of your IR-1 on the original sales receipt as provided by Blackpanda or our partner resellers and distributors.
1.2 By registering and using IR-1, you unconditionally accept and agree to be bound by these Terms of Service. Blackpanda may change these Terms of Service from time to time. If you do not agree to these Terms, you shall immediately stop using IR-1.
1.3 These Terms of Service only govern the relationship between us and you. The dealings between you and any other third party are not governed by these Terms of Service.
1.4 If you are registering for a IR-1 on behalf of a corporate entity or another individual (the “Principal”), you represent and warrant that you have been validly authorized to (a) register for the IR-1 on behalf of the Principal, and (b) agree to and bind the Principal to these Terms of Service. You shall ensure that the Principal complies with all the terms and conditions in these Terms. Any breach of these Terms by a Principal shall be deemed to be a breach by you of these Terms. Any reference to “you” or “your” as used in these Terms shall include any and all Principals.
1.5 In order to complete the registration process, you will require the following information:
(a) Details of your business;
(b) Your business email address. If you do not have any, please provide your personal email address. It is important that you provide to us your business email address as we will use this to determine your apex domain name which is used or integral to your business. By understanding your apex domain name, we are able to respond more quickly and better understand your business needs, cyber infrastructure and risks in the event you notify us of a Cyber Security Incident;
(c) Any subdomain or ancillary domain names which your business may also use. Examples of a such domain names would include domain names which you used to (but no longer) host your business website or email addresses at;
(d) If you have obtained your IR-1 from any of our partners, you may receive a Registration Code or Order Number which is a unique code which will be provided to you by our partners. This is a code you will use to complete the registration process.
1.6 You should receive the Confirmation Email immediately after a successful submission of your registration. If you have not received your Confirmation Email within this time period or have difficulties in the registration process, please reach out to us at https://ir1.blackpanda.com/pages/contact-us.
1.7 Beta Registration
(a) Our IR-1 product and platform is currently launched in a Closed Beta with our key partners. This means that our IR-1 is not open for direct purchase but only through our key partners. This does not affect or compromise our commitment and service standards under our obligations under these Terms of Service.
(b) Under these Terms of Service, you may only register one (1) domain name per IR-1 subscription. However, at this stage of our IR-1 Closed Beta phase, If you have obtained more than one IR-1 (or Registration Code and/or Order Number) from the same or multiple key partners, we will provide you with additional Activation Credits for the same apex domain name. This may result in technical difficulties under our IR-1 Platform. Please allow us time to reflect this on our IR-1 Platform and to provide the additional Confirmation Email(s).
(c) We understand and anticipate that the registration procedure may have unnecessary technical delays during our Closed Beta phase. We also understand that this may unfairly impact the commencement of your IR-1 Term. Our commitment is therefore to provide you with your Confirmation Email at the earliest possible and always as set out in Section 1.6. In the event the registration process was not properly or accurately completed, we will assist you to rectify the submitted data as a matter of goodwill and in good faith in the event you suffer a Qualifying Cyber Security Incident.
(a) Blackpanda shall provide you with “Cyber Security Incident Response Services” in the event you suffer a Qualifying Cyber Security Incident and use your Activation Credit.
• A “Qualifying Cyber Security Incident” is a Cyber Security Incident that must meet of the following criteria:
— This Cyber Security Incident has resulted in the unauthorized access of at least one of your Endpoints. An Endpoint is any physical or virtual computing device or computing environment that communicates with a network to which it is connected.
— This Cyber Security Incident occurs during, is discovered by you during, and is informed to Blackpanda during your IR-1 Term.
— This Cyber Security Incident does not arise as a result of, or under substantially similar circumstances to, a previous Cyber Security Incident or Qualifying Cyber Security Incident that Blackpanda has responded to whether arising under IR-1 or as part of any of our other services that we offer. In other words, this Qualifying Cyber Security Incident should not be a Cyber Security Incident which we have previously advised you on or have handled for you unless we agree to do so.
— The Cyber Security Incident would fall under one of the following categories or descriptions: basic web application(s) attacks, denial-of-service attacks but specifically not distributed denial-of-service attacks (DDOS), system intrusion, business email compromise, malware, or ransomware.
• Your “Activation Credit” is a single-use credit for you to provide to use in the event you require Blackpanda to respond to a Qualifying Cyber Security Incident. It cannot be used for a Cyber Security Incident which does not meet the qualifying criteria above. The Activation Credit is deemed used when you submit a valid notification to us. We will refund any Activation Credit(s) used for a Cyber Security Incident which is not a Qualifying Cyber Security Incident.
(b) Blackpanda shall also provide you with preferential rates for any of our cyber security technical and consultancy services. These services can be used as prehabilitation or preventative measures. These services can also be used if you have utilized all Activation Credit(s) or for a Cyber Security Incident which is not a Qualifying Cyber Security Incident. Please complete the form here if you wish to engage us for such services.
3. Our Cyber Security Incident Response Services
If during the IR-1 Term you submit a valid notification to Blackpanda that you have experienced a Qualifying Cyber Security Incident, we shall provide to you with the following Cyber Security Incident Response Services to identify, contain and report on the damage and loss you may have suffered following the Cyber Security Incident. These services are SUBJECT ALWAYS to our (a) reasonable availability at the time of your report; and (b) our professional opinion and expertise on a proportionate response of the Cyber Security Incident.
(a) Cyber Security Incident Triage Services:
A Blackpanda cyber incident response specialist shall triage the Qualifying Cyber Security Incident, providing a preliminary classification of the incident based on industry standards. Our current practice (which may change from time to time) is to utilize the US National Institute of Standards and Technology (NIST) as updated from time to time.
We will provide you with a general plan of action and recommendations for handling the Qualifying Cyber Security Incident based on our professional assessment and triage.
(b) Cyber Security Containment Services:
In certain occasions, the Cyber Security Incident may still be active. This means that there is continued unauthorized access of at least one of your Endpoints. Our ability to identify and assist with such Active incidents will depend on your cooperation and our ability to access your information systems and networks in a timely manner.
We will use our reasonable efforts to respond and contain an Active Cyber Security Incident. Due to the nature of Active Cyber Security Incidents, we are unable to warrant that we are able to respond to or contain the Active Cyber Security Incident completely or even at all. This is because not all Active Cyber Security Incidents are the same.
(c) Basic Remediation Advisory Services:
We will also provide you with recommendations and basic advice which you can take on board to improve the vulnerability which gave rise to the Cyber Security Incident. However, depending on the vulnerability which caused the Cyber Security Incident – not all proposed steps are remediable without additional cost and expense (whether for further professional services and analysis or as a result of additional requirements you may not have). Where possible, we will highlight these costs and expenses and use our reasonable efforts to advise you. We will not incur any costs and expenses without your express consent to do so. It is important for you to consider and understand Section 4(a) below.
(a) Remediation Services: Remediation occurs when we identify vulnerabilities within your system or data and provide a corrective action plan and take steps to resolve the vulnerability. This would also include a schedule for resolving the vulnerability and allows for appropriate testing. Under the IR-1, we only offer basic advice. We do not offer action plans nor take any steps or implement any changes on your behalf on your systems and Endpoints.
(b) Recovery Services: Cyber Security recovery addresses the steps your business will take to reconstitute or recover assets which may have been damaged, compromised or lost after a Cyber Security Incident.
(c) Restoration of Business Operation Services: Restoration refers to our development of plans for your implementation for the restoration in a timely manner of any capabilities or services that are impaired due to a Cyber Security Incident. This is sometimes referred to as “recovery” by other industry experts, such as the US National Institute of Standards and Technology (NIST).
The reason we do not provide the above is because IR-1 is packaged and developed as an entry-level cyber security solution for small-to-medium businesses and enterprises. We believe all businesses should have the benefit of cyber security experts. Our IR-1 Cyber Security Incident Response Services are to provide a baseline solution for your business. We may advise that further investigation and services are required for the Cyber Security Incident which are not provided under the IR-1. In such scenarios, you are entitled to our preferential rates (see Section 2(b) above) for these services.
Blackpanda specifically DOES NOT warrant that the IR-1 is sufficient for any legal, regulatory and/or compliance obligations applicable to you under the relevant laws that arise in the event of a Cyber Security Incident. Among other reasons, this is because there are many types of Cyber Security Incidents, and all our clients’ businesses differ. We advise all our clients in the event of a Cyber Security Incident to obtain legal advice as to its legal and/or compliance obligations under the applicable laws.
You must, upon request, present your Confirmation Email and any of the following (where applicable): (i) sales receipt for IR-1, (ii) notification email from our partners confirming your IR-1 Registration Code or Order Number. These requests are, among other reasons, to verify the identity of your representatives.
6.1 Our Tests: As part of the IR-1 platform, Blackpanda may from time to time conduct security and vulnerability scans or such continuous monitoring of your Endpoints and attack surfaces. These are “Tests”. A Test may include, among other things, information gathering, crawling, fingerprinting, fuzz testing, deploying of test scripts and introducing other non-intrusive penetration tests.The results of such Tests will be kept in accordance with Section 11.4.
An attack surface is your apex domains and subdomains, including other domains and IP-addresses such domains point to, and all associated information, such as but not limited to DNS records, open ports and applications and services run on them. These attack surfaces are where an attacker can try to enter, cause an effect on, or extract data from your systems.
6.2 Your Consent
You acknowledge that by registering to our IR-1 platform, the purpose of such Tests are to, as applicable, monitor and strengthen the security of your Internet-facing assets and/or strengthen the security of your Attack Surface. Accordingly, we may, when performing a Test, among other things, perform crawling, fuzz testing, authenticated testing, deploy test script, and introduce other non-intrusive penetration tests for the limited purpose of revealing security vulnerabilities in your Endpoints (“Purpose”). You agree and acknowledge that the provision of the Tests in accordance with these Terms may lead to detrimental impact on your Endpoints. By registering your IR-1, you are responsible for the initiation of all Tests and the outcome of the Tests and for any inconveniences, interruptions or other negative consequences thereof.
7.1 Your Cooperation:
To receive service or support under the Plan, you agree to (i) provide your Registration Code or Order Number (as the case may be and at our discretion) and a copy of the original proof of purchase of the IR-1, (ii) provide information about the symptoms and causes of the issues with the Cyber Security Incident and the affected Endpoints (iii) respond to requests for information needed to diagnose or service the Endpoint, and (iv) to adhere to any reasonable requests and instructions we may provide to you in our professional discretion and expertise. You agree that you shall or procure any third parties to provide all reasonable access requested by Blackpanda to the relevant Endpoints in order to perform the Cyber Security Incident Response Services. You further agree that our ability to provide our Cyber Security Incident Response Services in an effective and/or timely manner shall depend on your adherence to this Section 7.1.
7.2 General Warranties:
(a) You agree that your registration of the IR-1, your agreement to these Terms of Service, and your performance of your obligations under these Terms of Service will not and are not likely to (i) result in a breach of, or give any third party a right to terminate or modify or result in the creation of any encumbrance under any agreement, license or other legal instrument or (ii) result in a breach of any applicable laws, order, judgment or decree of any court, government agency or regulatory body to which you are a party or your assets are bound.
(b) You agree that except as expressly provided under these Terms of Service or the other terms and conditions referenced herein, there are no conditions, warranties or other terms binding on you and us with respect to the services contemplated under these Terms of Service. Any condition, warranty or other term in this regard that might otherwise be implied or incorporated under these Terms of Service whether by the applicable laws or otherwise is, to the maximum extent permitted by applicable laws, excluded from these Terms of Service.
7.3 Specific Warranties relating to AML and Economic Sanctions
(a) You confirm that you and your respective officers, employees and agents (where applicable) have conducted your business in accordance with all applicable laws and regulations including (anti-bribery laws, anti-money laundering laws and economic sanctions) and there is no law, statute, order, decree or judgment of any court, government agency or regulatory body outstanding against you and/or your respective officers, employees and/or agents. You further confirm that there are no investigations, actions, suits or proceedings against you in relation to anti-bribery laws, anti-money laundering laws and economic sanctions.
(b) You confirm that you, your respective officers, employees and/or agents are not sanctioned persons.
(c) If Blackpanda in its reasonable discretion is of the view that you are in breach of Sections 7.3
7.4 Your Use
You shall, and shall procure that your Affiliates shall, (a) obtain all necessary authorizations, approvals and permissions for use of IR-1 in relation to the relevant Endpoints; (b) use IR-1 in full compliance with these Terms; (c) use IR-1 in accordance with all applicable laws and government regulations (including any local laws to which you are subject); (d) not make IR-1 available to any unauthorized third party, and promptly inform Blackpanda in the event of any suspected unauthorized access to or use of IR-1; (e) not create or attempt to create any substitute service or service similar to IR-1, by use of, reference to or access to, IR-1 or any of Blackpanda’s Intellectual Property Rights; (f) not sell, lend out, lease, transfer, assign, sublicense, distribute or permit access or use of IR-1, or any part thereof, to any third party without our prior written approval; (g) not interfere with, or disrupt the integrity or performance of IR-1 or any third party data contained therein; (h) not attempt to gain unauthorized access to IR-1 or its related systems or networks; and (i) not decompile, disassemble, or reverse-engineer the software included in the IR-1, subject to what follows from applicable law.
7.5 Your Indemnity
(a) You expressly agree and acknowledge that in the course of our Cyber Security Incident Response Services, Blackpanda is reliant on your obligations, representations and warranties set out in this Section 7 to ensure that among others, we are not perpetuating wrongful acts.
(b) You agree to promptly indemnify, defend and hold harmless Blackpanda and its officers, employees and agents (“Blackpanda Personnel”) from any and all losses incurred by Blackpanda or Blackpanda Personnel arising directly or indirectly from or in connection with or relating to breach of (i) Sections 6 to 7.4, (ii) fraud, (iii) wilful misconduct or (iv) wilful negligence by you.
To the maximum extent permitted by applicable laws, the limit of Blackpanda and any Blackpanda Personnel’s liability to you and any subsequent owner arising under this IR-1 and/or these Terms of Service shall not exceed the original price paid for the IR-1 (whether by you or a third party).
Blackpanda specifically DOES NOT warrant that (i) it will be able to repair or replace the Endpoints without risk to or loss of programs or data, (ii) it will maintain the confidentiality of data, or (iii) the operation of the Endpoint will be uninterrupted or error-free.
10.2 All Intellectual Property Rights subsisting in, and relating to or arising out of IR-1 and Cyber Security Incident Response Services, including all software, technology and content, are owned by and vest in Blackpanda and/or its licensors, including all developments and enhancements made to the aforementioned. You acknowledge and agree that no rights, title, or interest in or to IR-1 or the Cyber Security Incident Response Services or any related Blackpanda Intellectual Property Rights are assigned or transferred to you under these Terms.
10.3 The Test results generated under the Agreement are your data and shall be owned by you, however excluding any Blackpanda or open-sourced Intellectual Property Rights included therein (including but not limited to software, copyrighted works, know-how and trade secrets, such as attack vectors and payloads). You may only use such Intellectual Property Rights for the purpose of handling any identified security gaps in your Endpoints.
10.4 You grant to Blackpanda a non-exclusive, sub-licensable, royalty-free, worldwide, perpetual and irrevocable license to freely use any data generated as a result of your use of IR-1 and the Cyber Security Incident Response Services, in anonymized and aggregated form only, for commercial purposes including sharing with any third parties, provided that your confidentiality is maintained, and such material is disclosed in a form which is not capable of being reverse engineered.
10.5 If you submit feedback about IR-1 or Cyber Security Incident Response Services to Blackpanda, including comments and ideas on how to improve the foregoing, all such feedback will constitute confidential information of Blackpandae and will be the sole and exclusive property of Blackpanda. You hereby irrevocably assign and transfer to Blackpand all your rights, title and interest in and to all feedback including all Intellectual Property Rights therein.
11.2 Blackpanda is not responsible or liable for any failures or delays in performing our obligations under these Terms of Service or the IR-1 that are due to events outside of our reasonable control. Such events specifically include (but are not limited to) acts of war and terrorism and any cyber operations carried out in the course of war or terrorism. These would include cyber operations that have been attributable to a state or terrorist group (or those acting on their behalf) by reputable sources or where there is reasonable evidence to imply such attribution. Reputable sources include but are not limited to the defending or victim state or industry leading open source intelligence sources such as the US National Institute of Standards and Technology (NIST).
11.3 You agree that any information or data provided to Blackpanda under the registration process of the IR-1 is not confidential or proprietary to you. Further and/or separate to the foregoing, you agree that Blackpanda may collect and process data on your behalf when we provide our Cyber Security Incident Response Services. This may include transferring your data to affiliated companies or service providers. Notwithstanding the generality of the foregoing, our use of data (and any personal data) is further detailed in and shall always be in accordance with our Customer Privacy and Data Policy found here.
11.4 We have security measures, which should protect your data against unauthorized access or disclosure as well as unlawful destruction. You will be responsible for the instructions you give to us regarding the processing of data in the event of a Cyber Security Incident, and Blackpanda will seek to comply with those instructions as reasonably necessary for the performance of our services and obligations under these Terms of Service and the IR-1.
11.5 These Terms of Service and the other terms and conditions referred to herein, and the Confirmation Email, shall prevail over any conflicting, additional, or other terms of any purchase order or other document, and constitute yours and our entire understanding with respect to the IR-1.
11.6 Blackpanda is not obligated to renew the IR-1. If Blackpanda does offer to renew the IR-1, Blackpanda reserves the right to determine the price and terms of such renewal.
(a) If you are domiciled in and/or are a corporation validly incorporated under the laws of Japan:
These Terms of Service and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the laws of Japan.
(b) In all other circumstances:
These Terms of Service and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in accordance with the laws of the Republic of Singapore. You also agree that the courts of Singapore shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms of Service or the IR-1.