Terms of Use

This document is a translation of the original French version. In case of any discrepancy or conflict between this English version and the French version, the French version shall prevail.

1. Company Identification

Bastion Technologies (the "Company" or "Bastion Technologies") is a simplified joint-stock company (SAS), registered with the Nanterre Trade and Companies Register under number 921 179 925, with its registered office located at 65 rue de la Croix, 92000 Nanterre, France.

Contact: contact@bastion.tech

2. Services Offered

Bastion Technologies publishes a solution (the "Platform") intended for its business clients (the "Clients") aimed at protecting against cybersecurity risks (the "Services").

3. Contractual Documents

The contractual relationship between the Client and Bastion Technologies is governed, in descending order of priority, by the following documents:

• The Quote:
  • It is established based on the Client's needs.
  • The Client must accept it in writing (including by email) within 30 days of its issuance. This acceptance constitutes acceptance of the Terms of Use in their version in effect on the date of the Quote.
  • In case of conflict, the Quote shall prevail over the Terms of Use.
  • In case of conflict, the most recent Quote shall prevail over older one(s).
• The Terms of Use: They define the terms of use of the Services and the respective obligations of the parties. They are accessible via a direct link at the bottom of the Platform page.

4. Conditions of Access to Services

• (i) The Client is a legal entity acting through a natural person with the power or authorization required to contract on behalf of the Client and for its account.
• (ii) The Client has professional status, understood as any natural or legal person acting for purposes related to their commercial, industrial, artisanal, liberal or agricultural activity, including when acting on behalf of another professional.

5. Terms of Access and Subscription to Services

Registration automatically creates an account in the Client's name (the "Account") which allows access to the Services using their login credentials and password.

Once the Client's Account is created, they may freely create access for users (the "Users") within the limit of the number provided for in the subscribed Services.

The Client is solely responsible for creating access for Users and for their personal use of the Platform.

6. Description of Services

6.1 The Services

The Client acknowledges that the implementation of the Services requires an internet connection and that the quality of the Services depends on this connection, for which Bastion Technologies is not responsible.

The Services to which the Client has subscribed are described in the Quote. Bastion Technologies offers in particular:

• Support for SOC 2, ISO, GDPR certifications, etc.
• An audit of the Client's external surface to identify vulnerabilities and configuration issues resulting in an actionable remediation plan.
• Immediate detection of data leaks and dark web monitoring.
• Cybersecurity training for the Client's employees (interactive chatbot, cyber maturity tests, automated reports, phishing scenario implementation, etc.).
• Web browsing security (proactive threat prevention, continuous monitoring of risky sites, etc.).
• Cloud application protection including continuous attack detection and instant remediation.

The Company reserves the right to offer any other Service. Any request to modify the subscribed Services must be subject to an additional Quote.

6.2 Additional Services

Maintenance

The Client benefits during the duration of the Services from maintenance, including corrective and evolutionary maintenance. In this context, access to the Platform may be limited or suspended. Bastion Technologies makes its best efforts to provide the Client with corrective maintenance to fix any malfunction or bug found on the Platform.

The Client benefits during the duration of the Services from evolutionary maintenance, which Bastion Technologies may carry out automatically and without prior notice, and which includes improvements to Platform functionalities, the addition of new functionalities and/or technical installations used within the Platform.

Hosting

Bastion Technologies provides, under a best-efforts obligation, hosting of the Platform, as well as data produced and/or entered on/through the Platform, through a professional hosting provider, and on servers located within the European Union.

Technical Support

In case of difficulty encountered when using the Services, the Client may contact Bastion Technologies via chat on the Platform or at the following address: support@bastion.tech. The technical support service is available Monday to Friday, excluding public holidays, from 9 AM to 6 PM (CET).

7. Subscription Duration

The Subscription begins on the day of subscription for an initial period indicated in the Quote. The Subscription is automatically renewed for successive periods of the same duration as the initial period (together with the initial period, the "Periods"), from date to date, unless the Subscription is terminated under the conditions of the "Termination of Services" article.

8. Financial Terms

Service Prices

The prices of the Services to which the Client has subscribed are indicated in the Quote. Any Period started is due in full. Bastion Technologies' prices may be revised at any time under the conditions of the "Modification of Terms of Use" article.

Invoicing and Payment Terms

Bastion Technologies sends the Client an invoice per Period by any appropriate means. Payment is made by direct debit upon Subscription, then at each renewal in the case of an annual subscription. Other invoicing and payment terms of the Company may be specified in the Quote.

The Client guarantees Bastion Technologies that they have the necessary authorizations to use this payment method.

Consequences of Late or Non-Payment

In case of non-payment or late payment, Bastion Technologies reserves the right, from the day after the due date shown on the invoice, to:

• Immediately suspend the ongoing Services until full payment of all amounts due.
• Charge late payment interest equal to 3 times the legal interest rate, based on the amount of sums not paid by the due date, and a fixed indemnity of 40 euros for recovery costs.
• Where applicable, declare all amounts owed by the Client immediately due and payable.

9. Intellectual Property Rights

Intellectual Property Rights on the Platform

The Platform is the property of Bastion Technologies, as are the software, infrastructures, databases and content of any kind (texts, images, visuals, music, logos, trademarks, etc.) that it operates. They are protected by all intellectual property rights or database producer rights in force.

The license granted by Bastion Technologies to the Client does not entail any transfer of ownership. The Client and Users benefit from a non-exclusive and non-transferable SaaS license to use the Platform for the duration provided in the "Subscription Duration" article.

Intellectual Property Rights on Deliverables

Hereby, Bastion Technologies assigns to the Client the proprietary copyright that it may hold on any deliverables provided as part of the Services, including files, reports and other documents related to the Certification Audit (the "Deliverables"). However, this assignment does not cover the tools and methods it has developed and uses, or more broadly any element that enabled the provision of the Services, as well as logos and trademarks affixed to the Deliverables.

This assignment is granted to the Client without restriction or reserve, in full ownership, exclusively and definitively, for the entire legal duration of copyright protection, worldwide and for all forms of exploitation known or unknown to date.

The rights thus assigned include:

• The right to reproduce and fix the Deliverables, in whole or in part, in any format, on any medium including paper or digital.
• The right to manufacture, use or publish the Deliverables, in whole or in part.
• The right to adapt, translate, modify, arrange, transform and correct the Deliverables, subject to respect for the author's moral rights.

10. Commercial References

The parties may use their respective names, trademarks and logos and refer to their respective platforms as commercial references during the duration of their contractual relationship and for 3 years thereafter.

11. Client Obligations and Liability

Regarding the Provision of Information

The Client undertakes to provide Bastion Technologies with all information necessary for the subscription and use of the Services.

The Client acknowledges that it is crucial to respect the deadlines communicated by Bastion Technologies in the context of the Services, particularly in the context of the Certification Audit which requires adherence to a certain schedule.

Any delay attributable to the Client in communicating these elements may delay the possible schedule for the provision of Services or make it impossible for Bastion Technologies to complete the Certification Audit.

The Client acknowledges that the Certification Audit does not guarantee the issuance of the related certification, as this largely depends on the Client and the measures taken by them in connection with the certification.

Regarding the Client's Account

The Client:

• Guarantees that the information provided in the form is accurate and undertakes to keep it updated.
• Acknowledges that this information constitutes proof of their identity and binds them upon validation.
• Is responsible for maintaining the confidentiality and security of their login credentials and password; any access to the Platform using these credentials is deemed to have been made by them.

The Client must immediately contact Bastion Technologies if they discover that their Account has been used without their knowledge.

Regarding the Use of Services

The Client is responsible for their use of the Services and any information they share in this context. They are also responsible for the use of the Services and all information shared by Users.

The Client is prohibited from using the Services for purposes other than those for which they were designed, including:

• Engaging in illegal or fraudulent activity.
• Violating public order and good morals.
• Infringing on third parties or their rights in any way.
• Violating any contractual, legislative or regulatory provision.
• Engaging in any activity that interferes with a third party's computer system.

The Client is also prohibited from:

• Copying, modifying or misappropriating any element belonging to Bastion Technologies.
• Adopting any behavior that interferes with or diverts the computer systems of Bastion Technologies.
• Infringing on the financial, commercial or moral rights and interests of Bastion Technologies.
• Marketing, transferring or providing access in any way to the Services or information hosted on the Platform.

The Client indemnifies Bastion Technologies against any claim and/or action that may be brought against it following the violation of any of the Client's obligations.

12. Bastion Technologies Obligations and Liability

Bastion Technologies undertakes to provide the Services with diligence, it being specified that it is bound by a best-efforts obligation. As such, Bastion Technologies guarantees that it holds all intellectual property rights on the Platform and Services.

Regarding Quality of Services

Bastion Technologies makes its best efforts to provide the Client with quality Services. It regularly performs checks to verify the operation and accessibility of its Services.

Bastion Technologies is not responsible for temporary difficulties or impossibilities in accessing its Services due to:

• Circumstances external to its network.
• Failure of equipment, cabling, services or networks not included in its Services.
• Interruption of Services by telecom operators or internet access providers.
• Client intervention, particularly through misconfiguration applied to the Services.
• Force majeure.

Regarding Service Level Guarantee

Bastion Technologies does not offer any service level guarantee for the Platform. However, Bastion Technologies makes its best efforts to maintain access to the Platform 24/7 except in case of scheduled maintenance or force majeure.

Regarding Data Backup

Bastion Technologies makes its best efforts to back up all data produced and/or entered on/through the Platform. Except in cases of proven fault on the part of Bastion Technologies, it is not responsible for any data loss during maintenance operations.

Regarding Data Storage and Security

Bastion Technologies makes its best efforts to ensure data security by implementing infrastructure and Platform protection measures, detection and prevention of malicious acts, and data recovery.

Regarding Subcontracting

Bastion Technologies may use subcontractors in the execution of the Services, who are subject to the same obligations as it. It nevertheless remains solely responsible for the proper execution of the Services to the Client.

13. Limitation of Liability

Bastion Technologies' liability is limited solely to proven direct damages suffered by the Client as a result of using the Services.

With the exception of bodily harm, death and gross negligence, and subject to having issued a claim by registered letter with acknowledgment of receipt within one month of the occurrence of the damage, Bastion Technologies' liability may not be engaged for an amount exceeding the amounts it has received for the provision of its Services.

Bastion Technologies is only bound by a best-efforts obligation in the context of providing the Services, excluding any obligation of result. In the context of the Certification Audit, the Client acknowledges and accepts that the Services constitute assistance in their certification requests and that the use of the Services in no way guarantees obtaining these certifications.

14. Admissible Evidence

Evidence may be established by any means. The Client is informed that messages exchanged through the Platform as well as data collected on the Platform and Bastion Technologies' computer equipment constitute one of the admissible forms of evidence, particularly to demonstrate the reality of the Services provided and the calculation of their price.

15. Personal Data

General Provisions

The parties undertake, each for their part, to comply with all legal and regulatory obligations incumbent upon them regarding the protection of personal data, including Law 78-17 of January 6, 1978 in its latest amended version known as the Data Protection Act and EU Regulation 2016/679 of the European Parliament and Council of April 27, 2016 (together the "Applicable Regulations").

For more information about the processing carried out by Bastion Technologies, the Client is invited to review the Privacy Policy.

Data Processing as Processor

In the context of the Services, Bastion Technologies processes personal data as a processor within the meaning of the Applicable Regulations on behalf of the Client. The Client acts as data controller within the meaning of the Applicable Regulations.

Processing Characteristics

Purposes: Provision of Services in accordance with these Terms of Use.

Nature of operations: Collection, recording, organization, storage, consultation, use, communication by transmission, anonymization, deletion or destruction.

Types of data processed:

• Identification data (surname, first name, photograph)
• Contact details (email addresses, phone number)
• Professional data (company, position)
• Data related to training and awareness of cybersecurity risks
• Connection and browsing data (date and time of connection, IP address, location, device, browser, operating system)

Categories of data subjects: Employees, collaborators of the Client.

Processing duration: Duration of the commercial relationship between Bastion Technologies and the Client.

Authorized Sub-processors

Bastion Technologies Obligations

• Data processing: Bastion Technologies undertakes to process personal data only for the purposes listed and in accordance with the Client's documented instructions.
• Security and confidentiality: Bastion Technologies undertakes to implement appropriate technical and organizational measures to ensure the security and integrity of personal data.
• Breach notification: Bastion Technologies undertakes to notify the Client of any personal data breach as soon as possible after becoming aware of it.
• Data fate: Bastion Technologies undertakes, at its choice, to delete personal data at the end of use of the Services or to return it to the Client.

Client Obligations

The Client undertakes to:

• Provide Bastion Technologies with relevant and necessary personal data, excluding any "special category" data within the meaning of the Applicable Regulations, unless appropriately justified.
• Collect under their responsibility, lawfully, fairly and transparently, the personal data they provide to Bastion Technologies.
• Maintain a record of processing activities and comply with the principles of the Applicable Regulations.

16. Force Majeure

Bastion Technologies cannot be held responsible for failures or delays in the performance of its contractual obligations due to force majeure occurring during its relationship with the Client, as defined in Article 1218 of the French Civil Code.

If Bastion Technologies is prevented from performing its obligations due to force majeure, it must inform the Client by registered letter with acknowledgment of receipt. Obligations are suspended upon receipt of the letter and must be resumed within a reasonable time after the cessation of the force majeure event.

17. Termination of Services

The Subscription must be terminated no later than 30 days before the end of the current Period, by:

• The Client, by sending Bastion Technologies a request to the address: support@bastion.tech.
• Bastion Technologies, by sending an email to the Client.

Any Period started is due in full.

It is the Client's responsibility to download all documents accessible on the Platform before the end date of the Services. Bastion Technologies cannot be held responsible for the deletion of these documents from that date.

The Client no longer has access to their Account from the end of the Services.

18. Sanctions for Breach

The following constitute essential obligations with respect to the Client (the "Essential Obligations"):

• Payment of the price.
• Provision of information necessary for the Certification Audit in accordance with the schedule set by Bastion Technologies.
• Not providing erroneous or incomplete information to Bastion Technologies.
• Respecting usual rules of politeness and courtesy in exchanges with Bastion Technologies.
• Not using the Services for a third party.
• Not engaging in illegal, fraudulent activities or activities that infringe on the rights or security of third parties.
• Breach of public order or violation of laws and regulations in force.

In case of breach of any of these Essential Obligations, Bastion Technologies may:

• Suspend or terminate the Client's access to the Services.
• Publish on the Platform any information message that Bastion Technologies deems useful.
• Notify any competent authority, cooperate with it and provide all useful information.
• Take any legal action.

In case of breach of any obligation other than an Essential Obligation, Bastion Technologies will request by any useful written means that the Client remedy the breach within a maximum period of 15 calendar days. The Services will end at the end of this period if the breach is not remedied. The end of the Services results in the deletion of the Client's Account.

19. Modification of Terms of Use

Bastion Technologies may modify its Terms of Use at any time and will inform the Client by any written means (including by email) at least 30 calendar days before they come into effect.

The modified Terms of Use are applicable upon renewal of the Client's Subscription. If the Client does not accept these modifications, they must terminate their Subscription according to the terms provided in the "Termination of Services" article. If the Client uses the Services after the entry into force of the modified Terms of Use, Bastion Technologies considers that the Client has accepted them.

20. Language

The French language shall prevail in case of any contradiction or dispute regarding the meaning of a term or provision. This English version is provided for convenience only.

21. Applicable Law and Jurisdiction

These Terms of Use are governed by French law. In case of dispute between the Client and Bastion Technologies, and failing amicable agreement within 2 months of the first notification, the dispute shall be submitted to the exclusive jurisdiction of the courts of Paris (France), except for mandatory provisions to the contrary.