Terms & Conditions

These Terms & Conditions apply to all offers, agreements, subscriptions, and services supplied by SecureTrain B.V. in relation to the SecureTrain website, platform, awareness training content, phishing simulations, onboarding, and related support services.

Definitions

In these Terms:

• SecureTrain, we, us means SecureTrain B.V., registered in the Netherlands.
• Customer, you means the legal entity entering into the agreement with SecureTrain.
• Agreement means the applicable order form, proposal, subscription, statement of work, or other written arrangement under which SecureTrain provides services.
• Platform means the SecureTrain online learning and reporting environment.
• Services means the platform, training content, phishing simulations, workshops, implementation, support, and any related services agreed between the parties.
• End User means an employee, contractor, or other individual authorized by the Customer to use the Services.
• Customer Data means all data submitted to or processed through the Services on behalf of the Customer.

Scope and formation of the agreement

These Terms apply to every offer and Agreement concerning the Services. Any purchasing terms or other general conditions used by the Customer are expressly rejected unless we have accepted them in writing.

Offers from SecureTrain are non-binding unless stated otherwise. An Agreement is formed when a proposal, order form, online subscription, or other offer is accepted by the Customer and confirmed by SecureTrain, or when SecureTrain starts delivering the Services at the Customer’s request.

The Services

SecureTrain provides cybersecurity awareness services, including learning paths, microlearning videos, quizzes, phishing simulations, reporting, and related administrative functionality. We may update, improve, replace, or discontinue elements of the Services as part of normal product development, provided that we do not materially reduce the agreed core functionality without reasonable notice.

Availability and support

We use commercially reasonable efforts to keep the Platform available and secure. Maintenance, emergency work, internet outages, supplier failures, and other events outside our reasonable control may affect availability. Unless explicitly agreed in writing, stated response times, service levels, or delivery dates are targets and not guaranteed deadlines.

Customer responsibilities

The Customer shall provide all cooperation reasonably required for proper delivery of the Services. This includes supplying accurate implementation data, ensuring the Customer’s systems and browsers are suitably maintained, and designating authorized administrators.

• The Customer is responsible for the use of accounts, access credentials, API keys, and administrator permissions under its control.
• The Customer must keep login credentials confidential and notify SecureTrain promptly of any suspected misuse or unauthorized access.
• The Customer is responsible for the legality, accuracy, and appropriateness of Customer Data and of any content it creates or uploads through the Services.

Acceptable use

The Customer and End Users may not use the Services in a way that is unlawful, infringes third-party rights, or interferes with SecureTrain’s systems, customers, or suppliers. In particular, it is not permitted to:

• reverse engineer, decompile, or otherwise attempt to derive source code or underlying technology, except where mandatory law permits this right and it cannot be excluded;
• resell, sublicense, or make the Services available to third parties except as expressly agreed;
• upload malicious code, perform abusive automated requests, or attempt unauthorized access to systems or data;
• use the Services beyond the contracted number of users, seats, or permitted organizational scope.

Phishing simulations and awareness campaigns

If the Agreement includes phishing simulations, social engineering exercises, or comparable awareness activities, the Customer acknowledges that these Services are intended solely for legitimate security-awareness and training purposes within the agreed scope.

• The Customer is responsible for ensuring it has an appropriate internal legal basis and any required internal approvals before activating such campaigns.
• The Customer is responsible for informing End Users where such notice is required by employment, privacy, or works-council rules.
• Email-based simulations may require correct allowlisting or technical configuration by the Customer.
• SecureTrain cannot guarantee that every vulnerability, susceptibility, or behavioral risk will be identified through a simulation or training program.

Intellectual property and customer-created content

All intellectual property rights in the Services, Platform, software, training content, designs, reports, and related materials remain vested in SecureTrain or its licensors. The Customer receives a limited, non-exclusive, non-transferable right to use the Services for its internal business purposes during the agreed term.

The Customer retains rights in its own Customer Data. To the extent necessary to deliver the Services, the Customer grants SecureTrain a limited right to host, process, reproduce, and display Customer Data for the performance of the Agreement.

If the Customer creates phishing emails, landing pages, or other campaign material using the Services, the Customer remains responsible for ensuring that such material does not infringe third-party rights. SecureTrain is not liable for customer-created content or the Customer’s use of brand names, logos, domains, or similar assets in that content.

Privacy and data processing

Where SecureTrain processes personal data on behalf of the Customer, the Customer acts as controller and SecureTrain acts as processor, unless expressly stated otherwise. The parties will comply with applicable privacy laws and, where required, enter into a separate data processing agreement.

Our handling of website and business-contact data is described in our Privacy Policy. The Customer warrants that its use of the Services and the personal data it instructs SecureTrain to process are lawful and do not infringe the rights of third parties.

Fees and payment

Fees are set out in the applicable offer, order form, or subscription plan. Unless agreed otherwise, invoices are payable within 30 days. Objections to an invoice do not suspend the payment obligation, except to the extent clearly justified and promptly raised.

SecureTrain may charge based on the contracted or measured usage model, including subscribed or provisioned users where that model applies. We may adjust pricing on renewal or annually with reasonable prior notice.

Confidentiality

Each party shall keep the other party’s confidential information strictly confidential and use it only for the performance of the Agreement. This obligation does not apply to information that is already public, was lawfully received from a third party without confidentiality restrictions, or was independently developed without use of the disclosed information.

Liability

SecureTrain is liable only for direct damages that are demonstrably caused by an attributable failure under the Agreement and only after it has been given written notice of default and a reasonable opportunity to remedy the issue.

To the fullest extent permitted by law, SecureTrain is not liable for indirect or consequential damages, including loss of profits, loss of savings, reputational harm, business interruption, or loss arising from third-party systems. SecureTrain’s aggregate liability under any Agreement is limited to the fees actually paid by the Customer for the relevant Services during the twelve months preceding the event giving rise to the claim.

Term and termination

The Agreement remains in force for the agreed subscription term or project duration. Either party may terminate the Agreement for material breach if that breach is not cured within a reasonable period after written notice. SecureTrain may suspend access where necessary to protect the security or continuity of the Services, to address unlawful use, or because the Customer remains in payment default after notice.

On termination, the Customer’s right to use the Services ends. Any outstanding payment obligations remain due. Customer Data will be returned or deleted in accordance with the applicable Agreement and data-processing arrangements.

Changes to these Terms

SecureTrain may amend these Terms from time to time. Material changes will be communicated in advance. If a material change has a demonstrable negative effect on the Customer and the parties cannot resolve the issue reasonably, the Customer may terminate the affected Agreement before the updated Terms take effect.

Governing law and disputes

These Terms and all Agreements between the parties are governed exclusively by Dutch law. The courts of Amsterdam, the Netherlands, shall have exclusive jurisdiction over disputes arising out of or in connection with these Terms or the Agreement, unless mandatory law provides otherwise.