TERMS AND CONDITIONS

these terms and conditions are issued by Risk Flow s.r.o., company ID: 178 30 788, with registered office at U Hřbitova 235/25, Kylešovice, 747 06 Opava, file number C 91229, registered at the Regional Court in

(hereinafter referred to as "Terms and Conditions")

I. Introductory provisions

1. The company Risk Flow s.r.o., ID No.: 178 30 788, with registered office at U Hřbitova 235/25, Kylešovice, 747 06 Opava, file number C 91229, registered at the Regional Court in Ostrava (hereinafter referred to as the "Provider") is the operator of the Trickypot application

2. Device m means a hardware Device with integrated software that simulates a vulnerable Device on the network, emulates a suitable environment for cyber-attacks and collects data about network activity; the data collected by the software is sent by the Device to the Trickypot application (hereinafter referred to as "Device")

3. The Trickypot application is software for analysis, management of the Device and management of data on cyber attacks collected through the Device, available in a web interface on the relevant Internet domain established by the Provider, under the terms and conditions agreed in these Terms and Conditions (hereinafter referred to as the "Application").

4. These Terms and Conditions govern the terms and conditions of the purchase of the Device and the use of the Application, in particular the rights and obligations of the Provider and the User under the Purchase Agreement (the "Purchase Agreement") and the Digital Content Service Agreement (the "Service Agreement") (the Purchase Agreement and the Service Agreement are hereinafter collectively referred to as the "Agreements" or separately as the "Agreement").

5. User means any person who enters into contracts or negotiates contracts with the Provider.

6. Remuneration means the purchase price of the Device and the application usage fee.

7. The Provider declares that it has all property rights to the Application. The Agreement also includes the license arrangements for the use of the Application as set out below.

8. The provisions of Sections 2389a to 2389u of Act No. 89/2012 Coll., Civil Code (hereinafter referred to as the "Civil Code") shall not apply and all rights and obligations shall be governed by the Terms and Conditions.

9. These terms and conditions do not govern the rights and obligations arising from the relationship with the consumer.

II. Conclusion of the contract

1. The offer of the Equipment and the provision of application services is for information purposes only and the Provider is not obliged to conclude a contract regarding the Equipment or digital content services; Section 1732(2) of the Civil Code does not apply.

2. The user concludes the contract mainly through the provider's online e-shop.

3. In the event that negotiations take place between the provider and the user regarding the content of the contracts, the final proposal for the conclusion of the contracts is the offer, which the user accepts unreservedly by e-mail confirmation; the first sentence of Section 1740(3) of the Civil Code does not apply.

4. In the event that the user changes the application variant, the amendment amending the service contract is effective upon payment of the fee; in the case of the starter variant, upon conclusion of the amendment.

III. The application and the conditions necessary for its operation

1. The application serves as a tool for managing the Device , analyzing logs, configuring notification channels and evaluating cyber threats detected by the Device . The application gives only recommendations to the users of , the actual risk assessment and taking appropriate action is left to the user.

2. On the website, the provider offers different variants of the application, with each variant differing in the range of functions made available and the amount of the monthly fee. The specific content of each variant is defined in the price list on the provider's website.

3. The application can only be used as a web application, it cannot be downloaded to the User's Device. The application is operated in the SaaS (Software as a Service) system.

4. In order to use the application, the user needs in particular an internet browser and an internet connection with a minimum speed of 5 to 10 Mbps (hereinafter referred to as the "user's digital environment").

5. A prerequisite for the proper functioning of the Application is its proper use, the use of the Device and its connection to the Application in accordance with the instructions, aids and other materials available to the User in the "Documentation" section of the Application (hereinafter referred to as "Instructions"). The User is obliged to familiarize himself with the published materials.

6. The provider hereby informs the user that all documents, analyses, values and other results that are output from the application are only informative, supportive and recommendatory.

7. The Provider undertakes that within the agreed variant of the application the user will be guaranteed 95% availability.

8. The User acknowledges and agrees that the data processed in the Application may be made available to artificial intelligence systems operated by third parties.

IV. Equipment and conditions necessary for its operation

1. The device simulates real, but targeted vulnerable network elements and systems. It is used to monitor, detect and analyse cyber threats.

2. The device does not protect the user's network from cyber threats or prevent cyber attacks.

3. A prerequisite for the proper functioning of the Device is its proper installation and use in accordance with the manual.

4. In the case of the enterprise application variant, the Device can be delivered as a virtual machine and its proper functioning requires the fulfilment of other technical prerequisites in the user environment.

V. Purchase Price and Shipping Equipment

1. The User shall pay the purchase price in accordance with the method chosen when concluding the purchase contract.

2. The user selects the transport method of the Device.

3. If the Provider is to ship the item via a carrier selected by the User, the Equipment is handed over to the User by handing over the Equipment to the selected carrier; Sections 2090 and 2091 of the Civil Code do not apply.

4. In the event that the User chooses the option of picking up the Equipment , the User shall take possession of the Equipment from the Provider within 7 days of being requested to do so. In such case, the Equipment shall be handed over upon receipt of the Equipment or upon expiry of the time limit for collection, whichever is earlier.

5. Upon handing over the Equipment, the risk of damage to the property passes to the user.

6. The Provider undertakes to hand over the Equipment within 60 days from the date of payment of the remuneration.

7. In the case of a purchase with an international element, the delivery of the equipment will be made in accordance with the EX WORKS delivery condition (hereinafter referred to as "EXW") according to the international rules of interpretation of the delivery clauses of INCOTERMS 2020.

VI. Application fee

1. The basic variant of the starter application is provided to the user free of charge at the same time as the purchase of the device.

2. The fee for the use of the application is determined by the price list available on the provider's website, unless otherwise agreed in the service contract.

3. The user pays a fee for the use of the application through the payment gateway in the form of a subscription.

4. The Provider is entitled to unilaterally increase the application fee by e-mail notification. The notification is delivered at the moment of sending. The User is entitled to terminate the service contract until the effective date of the fee increase specified in the notification.

VII. Making the application available

1. The Provider undertakes to make the application available to the User within 60 days from the date of payment of the fee to the Provider. The Application is made available to the User at the moment of handing over the Equipment according to the Purchase Agreement; the license code is handed over to the User together with the Equipment.

2. To activate the application, the user is required to create a user account. The user activates the application by entering the license code.

3. The user is authorised to use the application only through his/her user account. The user is obliged to secure the login data to the user account in a suitable way to ensure its confidentiality. The User shall be liable for unauthorised use of the login data or the user account and for damage caused by unauthorised use to the Provider or other users of the Application. The User is obliged to immediately report the loss, theft or misuse of the login data to the Provider by e-mail.

4. The Provider shall be entitled to deny the User access to the application, in particular if it suspects that the User is using the application in violation of the contract or the legal regulations of the Czech Republic, or if the User provides false information about itself.

Terms of use for the app and device

A. Terms of Use of the Device Software

1. The Provider grants a limited license to use the Device Software. The licence is agreed as non-exclusive.

2. License means an unrestricted right to use the Device Software solely for your own personal and internal business purposes and not for commercial purposes.

3. The user is entitled to modify the software, to interfere with its source code. The user is not authorized to reproduce, distribute, rent, lease, loan, display, disclose to the public or sublicense the software.

B. Terms of use of the app

4. The user is obliged to use the application in accordance with the service agreement. The User may not perform penetration testing, i.e. active attempts to break the security of the application, without the express written consent of the Provider. Furthermore, the user may not use the application for any illegal actions.

5. The user is obliged to inform the persons to whom he/she grants access to the application of the contents of the contract and these terms and conditions and undertakes to ensure, within the meaning of § 1769, second sentence of the Civil Code, that these persons will comply with the contract and the terms and conditions. The User is obliged to compensate the Provider for any damage caused by the breach of the contract or the terms and conditions by these persons.

6. For the use of the application, the provider grants the user a license within the limited scope agreed in this article.

7. The licence is agreed as non-exclusive. The Provider is entitled to narrow the territorial scope of the licence during the term of the licence agreement.

8. License means an unlimited territorial right to use the application exclusively for your own personal and internal business purposes, not for commercial purposes.

9. The user is not entitled to use the application in any way other than as specified in the service agreement, i.e. in particular, the user is not entitled to modify the application, interfere with its source code, reproduce it, distribute it, rent it, lend it, display it, communicate it to the public or grant a sub-license to it.

10. The license fee is included in the application fee.

C. Application Extensions

11. Unless otherwise expressly agreed, the Provider and the User agree that the Provider grants the User a non-exclusive licence to extend the Application according to the User's requirements (in particular by adding new functions or features) (hereinafter referred to as "Extension").

12. Licence in this case means the licence under Part B of this Article. The User is entitled to use the extension only when using the application in the agreed variant.

13. The provider and the user agree that the user will not have access to the extension source code.

IX. Data in the application

1. The user is entitled to export his/her data from the application in MS excel format at any time during the term of the contract; the user acknowledges that the export of data may affect the proper functioning of the application, i.e. the outputs from the application.

2. The user grants the provider consent to access the user interface and data for the purpose of fulfilling the contract, in particular to perform technical support, troubleshooting, etc.

3. The provider is entitled to monitor the functioning of the application, the user's activity and data in the application. By monitoring, the provider does not perform any data export from the user account. The provider is entitled to export and use the data entered into the user account within the catalogue function.

X. Application updates

1. The Provider is entitled to add or remove functions or features of the Application, modify or introduce storage restrictions or other features at any time.

2. The Provider undertakes to provide the User with the updates necessary for the proper functioning of the application.

3. The Provider is entitled to limit the availability of the application for the time necessary to perform updates, maintenance, removal of defects or other reasons necessary for the proper functioning of the application.

XI. Responsibility of the provider

A. Provider's liability for defects and rights arising from defective performance under the service contract

1. The User waives the rights of defective performance from the service contract, the subject of which is the application in the starter variant.

2. The provider is responsible for the proper functioning of the application in accordance with the contract.

3. It is not an application defect if the recommendations, analyses, values, and other results that are output from the application are incorrect or do not correspond to reality.

4. The provider is not liable in particular for defects that:

  • caused by the user himself or through a third party;
  • arise from a breach of contract or terms and conditions by the user;
  • are caused by the user not using the application in accordance with the instructions;
  • defects caused by power outages or other services necessary for the operation of the application, hacker attacks and facts that the provider could not foresee or influence.
  • defects caused by a service or thing supplied by a third party when using the application (internet connection, hardware through which the user accesses the application, server defects, etc.);

5. The defects are divided according to their nature and severity into critical, serious and common, whereby:

  • critical defect means a defect in the application that prevents the application as a whole from functioning or being used;
  • serious defect means a defect in the application that prevents the operation or use of part of the application;
  • ordinary defect means any defect that is not a critical or serious defect.

6. If the application has a defect, the user is entitled to demand:

  • removal of the defect;
  • a reasonable reduction of the fee if the defect cannot be remedied

7. The User is obliged to notify the defects electronically to the Provider's e-mail address [email protected]. The User is obliged to describe the defect and its manifestations in the defect notification. The User is obliged to provide the Provider with assistance in order to assess the defect and, if necessary, to remedy it.

8. The provider is obliged to settle the rights from the defective performance:

  • in case of critical defects within 5 working days;
  • in case of serious defects within 10 working days;;
  • in case of common defects within 30 working days;

from the date the defect was duly pointed out, but only if the pointing out of the defect was justified.

9. In the case of an unjustified criticism of a defect, the Provider shall notify the unjustified criticism of the defect no later than 30 days from the date on which it became aware of the unjustified criticism.

10. The period for the settlement of the right from defective performance is extended by the period of time during which the user was in delay in providing assistance for the settlement of the right from defective performance.

B. Provider's liability for defects and rights arising from defective performance under the purchase contracty

11. Unless otherwise specified below, the provisions of Part A. of this Article shall apply to rights arising from defective performance of the Purchase Contract.

12. The user is obliged to point out obvious defects immediately upon receipt of the equipment.

13. The user is obliged to point out hidden defects to the provider without undue delay after he/she could have discovered them with due care.

14. In the event of a late notice of a defect, the user's rights arising from the defective performance shall be extinguished.

15. If the application has a defect, the user is entitled to demand:

  • removal of the defect;
  • a reasonable discount on the purchase price if the defect cannot be remediedt

16. In order to assess the legitimacy of the rights arising from the defective performance and, if applicable, to settle them, the User is obliged to hand over the Equipment to the Provider at the address of the Provider's premises, see above.

17. The Provider shall settle the rights from the defective performance within 30 days from the date of handing over the Equipment to the Provider, but only if the defect was justified.

C. Provider's responsibility regarding data

18. The Provider is not liable for loss, damage, theft or destruction of the User's data due to reasons lying on the side of the hosting provider, due to breach of contract, hacker attack or other facts that the Provider could not foresee or influence.

19. The user acknowledges that the application operates on the Internet on a server operated by a third party (hosting provider). The user account and data in the application are secured by the login and security features provided by the hosting provider.

D. Liability of the provider for damages

20. The User hereby waives the right to compensation for damages arising from or in connection with the performance of the contract by the Provider; the provisions of Section 2898 of the Civil Code are not affected.

Duration of the contract

A. Purchase contract

1. The contract of sale is terminated

  • a) failure to pay the consideration within 3 days of the date of conclusion of the purchase contract
  • b) by resigning.

2. The User is entitled to withdraw from the Purchase Agreement only if the Provider is in delay in handing over the Equipment for more than 30 days.

3. The Provider is also entitled to withdraw from the Purchase Agreement if the User has used the software included in the Device in violation of the Purchase Agreement.

B. Contract for the provision of services

4. The Service Contract shall be concluded for a period of one month from the date of handover of the Equipment and, in the case of a change of the application variant, from the date of the amendment. The payment of the fee for the next month shall result in an automatic extension for a period of one month; the extension may be repeated.

5. The provider may refuse automatic renewal of the service contract by notifying the user within 7 days of the date of payment of the fee.

6. If the user pays the annual application fee, the contract is concluded for a period of one year from the date of handover of the Equipment and, in the case of a change of the application variant, from the effective date of the amendment.

7. The service contract expires:

  • a) neuhrazením odměny do 3 dnů ode dne uzavření smlouvy o poskytování služeb;
  • b) uplynutím sjednané doby;
  • c) odstoupením;
  • d) dohodou smluvních stran;

8. The User is entitled to withdraw from the contract only if the Provider is in delay in making the application available for more than 30 days.

9. The provider is also entitled to withdraw from the service contract if the user has used the application in violation of the service contract.

XIII. Personal data protection and processing principles

1. Issues related to data protection and the principles of processing personal data in connection with the contract are governed by the Personal Data Processing Policy.

XIV. Other arrangements

1. All communication between the parties will be by application, email or telephone.

2. All documents will be sent to the User at the e-mail address provided by the User when concluding the contract. The Provider shall be served with all documents at the e-mail address provided if it is specified in these Terms and Conditions, or at the e-mail address specified on the Website.

3. The Contract and the rights and obligations arising from and related to it (including rights and obligations arising from breach of this Contract) shall be governed by the law of the Czech Republic, excluding the application of the UN Convention on Contracts for the International Sale of Goods.

4. Disputes arising out of or in connection with this contract shall be heard in the court of the Provider's local jurisdiction.

XV. Final provisions

1. If any provision of the contract is or becomes invalid or ineffective, the invalid provision shall be replaced by a provision whose meaning is as close as possible to the invalid provision. The invalidity or ineffectiveness of one provision shall not affect the validity of the other provisions.

2. The Contract may only be amended in writing; for the purposes of amendments to the Contract, email communication is also considered to be in writing.

3. These terms and conditions shall come into force and effect on 1.5.2025.


In Brno on 1.5.2025