Privacy

Secuvant, LLC is aware of the privacy concerns of its customers. Our policy for collecting and using personal information is detailed below.

Policies

Secuvant’s policy in relation to information collected through registration, testing, and/or any other means is to respect and protect the privacy and confidentiality of our users. Secuvant does not disclose, rent, or sell email addresses, security test results, or any other information that we may receive to any third party, unless:

  • Specifically requested by the customer;
  • Requested or required by applicable credit card associations, or credit card processors with which Secuvant has a contractual agreement;
  • In response to duly authorized information requests of governmental authorities or where required by law;
  • In connection with any legal proceedings where disclosure of such data has been requested or required; or
  • To an agent of Secuvant acting on behalf of Secuvant (e.g., for database hosting, data processing or mailing services). In this case, Secuvant will make certain that the agent complies with the Safe Harbor Privacy Principles (as defined below) and our commitments in this policy.

Secuvant may use the information and data submitted by users and customers for any other purposes related to Secuvant’s business that are compatible with the purposes for which your information was collected by Secuvant, including, but not limited to, conducting market research, improving its products and services, sending surveys, and notifying customers of product upgrades and updates, new products, special offers, seminars and conventions and any other changes within Secuvant that may affect customers and users.

Secuvant believes in protecting your privacy. When we collect personal information from you on our website, we comply with the U.S.-EU Safe Harbor Framework and U.S.-Swiss Safe Harbor Framework regarding the collection, use and retention of personal data from the European Union and the Safe Harbor Privacy Principles published by the U.S. Department of Commerce (the "Safe Harbor Privacy Principles"). For more information about the Safe Harbor Privacy Principles, please visit the U.S. Department of Commerce's Website at http://export.gov/safeharbor/. These are our promises to you:

  • We'll collect only as much personal information as we need for specific, identified purposes, and we won't use it for other purposes without obtaining your consent.
  • We'll keep your personal information only as long as we need it for the purposes for which we collected it, or as permitted by law.
  • We'll take appropriate steps to make sure the personal information in our records is accurate.
  • We'll provide ways for you to access your personal information, as required by law, so you can correct inaccuracies.
  • We'll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.
  • Except as described in this policy, we won't share your personal information with third parties without your consent.
  • If we transfer your personal information to another country, we'll take appropriate measures to protect your privacy and the personal information we transfer.
  • We'll regularly review how we're meeting these privacy promises, and we'll provide an independent way to resolve complaints about our privacy practices. If a complaint or dispute cannot be resolved through our internal process, we agree to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities to resolve.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the Safe Harbor Privacy Principles. We will post any revised policy on this website.

Terms Of Use

The following Terms of Use apply to all products and services provided by Secuvant, LLC

Important

Users are strictly forbidden to use Secuvant, LLC to perform security tests on computers, servers, or devices that they do not have permission or authorization to test. If you use a third party hosting service, you must notify the service and receive permission for Secuvant to perform security testing. You agree to hold Secuvant harmless for any failure to obtain any necessary permission.

Enrollment

This Agreement is between you the customer ("Customer") and Secuvant, LLC, a Utah Limited Liability corporation ("Secuvant"), relating to the Secuvant Compliance and Data Security Programs and Services, including but not limited to PCI, HIPAA, GLBA, Assurance, etc. ("Services"). By accessing and using the Secuvant website you agree to be bound by these Terms of Use. Customer hereby requests Secuvant to perform security testing services as outlined in the Secuvant invoice previously generated by you ("Invoice"), as well as any additional services Customer subsequently requests, pursuant to the terms of this Agreement. Customer assumes sole responsibility and liability for any problems or liabilities arising out of any failure to provide Secuvant with all of Customer's IP addresses and/or domain names that should be tested. Secuvant has the right to change the Services and its prices at any time; Secuvant will use good faith efforts to notify Customer of such changes via email or other written notice.

Intellectual Property

Secuvant will provide Customer with written or online reports, data, policies, templates, checklists, and other materials (collectively, "Materials") in connection with the Services. You agree that all intellectual property rights in the Materials, including trade secrets, copyrights, patents and trademarks, are exclusively owned by Secuvant and its licensors. Customer shall hold in confidence all Materials marked as "confidential" and shall use the Materials solely for the purposes for which they are disclosed. All Materials are licensed to Customer only for its own use and Customer does not have any rights to copy, distribute or make derivative works of the Materials without the prior written authorization of Secuvant. Dissemination, distribution, copying or use of the Materials in whole or in part by a Secuvant competitor or their agents is strictly prohibited.

Payment

Customer agrees to pay all charges for the Services provided to Customer, unless Customer's acquirer, payment processor, or other entity has entered into an agreement with Secuvant to pay for those services. If Customer's acquirer, processor or other entity has an agreement with Secuvant to pay for the Services, then this section may not apply to Customer. If you have provided Secuvant with credit card information ("Card Information"), you authorize Secuvant to charge the price of the Services, as provided in the Invoice, using the Card Information. If you are purchasing online Compliance services, you also authorize Secuvant to automatically charge the price of Services for each renewal term of this Agreement using the Card Information. You agree to give Secuvant prompt notice of any changes to the Card Information.

Term

The term of this Agreement is for one year. If you are purchasing online Compliance services, this Agreement shall automatically renew for successive one-year terms. However, only Customer or Secuvant may terminate this Agreement at any time upon written notice, with or without cause. Customer agrees that Secuvant may contact Customer in furtherance of the automatic renewal of the Services.

Accuracy of Information

Customer's compliance depends entirely upon the accuracy of information provided to Secuvant by Customer. Customer agrees that if Customer provides incomplete or inaccurate information this will affect Customer's compliance status, and Secuvant will not be held liable for any damages incurred as a result of incomplete or inaccurate information provided by customer. A scan result from Secuvant only indicates the compliance status of the systems that Secuvant has scanned and does not represent Customer's overall compliance status with the PCI Data Security Standards. Customer also agrees to give Secuvant prompt notice if any information affecting data security previously provided to Secuvant has changed, is changing or will change. You authorize Secuvant to contact you through email, phone or fax to notify you of changes in your compliance or Services. Customer understands and agrees that any threat designated as a false positive by Customer is done at Customer's own risk. In no event shall Secuvant be liable for any damages incurred by Customer as a result of Customer's designation of a threat as a false positive.

Warranties

DUE TO THE NATURE OF THE COMPUTER SECURITY BUSINESS, NO SECURITY COMPANY CAN GUARANTEE THAT IT WILL DETECT EVERY VULNERABILITY OR SECURITY PROBLEM. SECUVANT PROVIDES ITS SERVICES ON AN "AS IS" BASIS AND WITHOUT ANY WARRANTIES WHATSOEVER. SECUVANT DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO ITS SERVICES, MATERIALS AND PRODUCTS. SECUVANT DOES NOT WARRANT THAT THE SERVICES WILL DETECT EVERY VULNERABILITY ON YOUR SYSTEM, OR THAT SECUVANT’S VULNERABILITY ASSESSMENTS, SUGGESTED SOLUTIONS OR ADVICE WILL BE ERROR-FREE OR COMPLETE. CUSTOMER AGREES THAT SECUVANT SHALL NOT BE RESPONSIBLE OR LIABLE FOR THE ACCURACY OR USEFULNESS OF ANY INFORMATION PROVIDED BY IT, OR FOR ANY USE OF SUCH INFORMATION.

Limitation of Liability

IN NO EVENT SHALL SECUVANT OR ITS AGENTS BE LIABLE FOR ANY LOST PROFITS OR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES WHATSOEVER WITH RESPECT TO ITS SERVICES, MATERIALS AND PRODUCTS, EVEN IF SECUVANT HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY EVENT, SECUVANT’S TOTAL LIABILITY FOR ANY CLAIM OR DAMAGE SHALL NOT EXCEED THE FEES YOU HAVE PAID TO SECUVANT.

General

Secuvant reserves the right to modify these Terms of Use at any time without notice. These Terms of Use constitute a contract between you and Secuvant and are governed by Utah substantive law; provided, however, that if Customer's primary place of business is in any country other than the United States, the laws of such country shall govern this Agreement. Secuvant may seek to enforce this Agreement in the courts of Utah or where Customer is situated. If suit is brought in a Utah court, Customer agrees that such court shall have jurisdiction over the subject matter and personal jurisdiction over it to decide the suit. This is the sole agreement between the parties concerning its subject matter. If any term of this Agreement is found void or unenforceable, all other terms shall remain in full force and effect. You may not assign this Agreement without Secuvant’s written consent. Secuvant and Customer agree to the terms of the Privacy Policy posted on the Secuvant.com website with respect to the use and protection of Customer's data.

None of the information contained within our service, or within the content Secuvant makes available through our service, should be regarded as Legal Advice. The distribution and publication of our service, and the content made available with our service, does not create an attorney-client relationship between You and Secuvant.

Secuvant reserves the right to modify or terminate the Services and the Site or to terminate Your access to the Services and Site, in whole or in part, at any time.

Refund Policy

Refunds for the unused portion of services may be obtained by contacting the Account Renewals team at Secuvant. Refunds will be processed within 5 business days.

Secuvant owns and operates the servers that host this website. Contact information for Secuvant may be obtained by clicking the "Contact Us" link at the top of any page.

Additional Terms For Assurance Program

The following Terms of Use apply to the liability coverage program offered as part of the Secuvant Assurance Program by Secuvant, LLC

Breach Protection

The following Terms of Use apply only to merchants who are participating in the Secuvant Assurance Program ("Program"). Merchants who have applied for and have paid additional consideration for participation in the Program are referred to as "Participating Merchants." Ancillary to the products and services provided in the Program, Secuvant is also providing Participating Merchants up to $100,000 (the "Program Limit") of breach protection. Subject to the terms and limitations described more fully below and in the Summary of Benefits for the Assurance Program, the breach protection portion of the Program provides reimbursement for the following costs and expenses actually incurred by you in connection with a data security event:

(1) All reasonable card association assessments, forensic audit expenses, card replacement expenses, and post event services expenses resulting from a data security event occurring and reported to Higginbotham while such Participating Merchant is enrolled in the Program; and

(2) Any regulatory penalty and regulatory event expenses resulting from a regulatory action commenced and reported to Higginbotham while such Participating Merchant is enrolled in the Program.

Backed by an Insurance Policy

The Program is backed by an insurance policy (the "Policy") from Chartis Specialty Insurance Company ("Chartis"), an insurance company subsidiary of Chartis, Inc. You are not an "insured" or beneficiary under the Policy and nothing in this Agreement creates a relationship between you and Chartis (or any other Chartis affiliate). Neither Chartis nor Secuvant is providing you with insurance pursuant to this Agreement. Higginbotham & Associates ("Higginbotham"), an insurance brokerage firm, acts as the claim and payment processor under the Program.

Reporting Claims

The Program provides benefits to you only if you provide a timely and complete report of a data security event or regulatory action as soon as you become aware of such event or action. You will need to provide details on the data security event or regulatory action including, but not limited to: a complete description of the data security event or regulatory action, all documents relating to the data security event or regulatory action and any other pertinent information requested by or on behalf of Secuvant. To report a data security event or regulatory action under the Program, contact: assurance_claims@Secuvant.com.

Liability Limitations

CUSTOMER ASSUMES SOLE RESPONSIBILITY AND LIABILITY FOR MAKING TIMELY AND COMPLETE CLAIMS UNDER THE PROGRAM, PROVIDING NECESSARY OR REQUESTED DATA AND INFORMATION, AND OTHERWISE COMPLYING WITH THE TERMS AND CONDITIONS SET FORTH IN THE PROGRAM. SECUVANT SHALL HAVE NO LIABILITY TO ANY PARTICIPATING MERCHANT UNDER THE PROGRAM IN THE EVENT, AND TO THE FULLEST EXTENT, THAT CHARTIS DENIES COVERAGE UNDER THE POLICY FOR ANY GIVEN DATA SECURITY EVENT OR REGULATORY ACTION. SECUVANT’S DUTY TO PROVIDE PAYMENTS TO ANY PARTICIPATING MERCHANT FOR COSTS ARISING FROM ANY DATA SECURITY EVENT OR REGULATORY ACTION UNDER THE PROGRAM WILL BE MADE ONLY AFTER, AND TO THE EXTENT THAT, SECUVANT RECEIVES PAYMENT FROM CHARTIS UNDER THE POLICY.

THE PROGRAM LIMIT IS THE MOST ANY PARTICIPATING MERCHANT CAN RECOVER FOR EACH MERCHANT IDENTIFICATION NUMBER DURING A TWELVE (12) MONTH PERIOD FOR ANY OR ALL SUCH COSTS OR EXPENSES, COMBINED, AND REGARDLESS OF THE NUMBER OF DATA SECURITY EVENTS DISCOVERED OR REGULATORY ACTIONS TAKEN.

Scanning Abuse

Secuvant, LLC, is a PCI Approved Scanning Vendor under certificate number 3707-01-08 and performs security assessment scans within the guidelines of the PCI data security initiative.

Scanners

It is important to allow Secuvant security scanners to have the same level of network access to your Internet-connected devices that you provide to the rest of the world under normal circumstances. Users of Secuvant scanning services are encouraged to add rules to their firewalls and inform their ISPs or hosting providers that security assessment scans may originate from the scanning locations listed in the table below. Ensuring that traffic from Secuvant scanners does not get blocked ensures maximum accuracy of the security assessments, which leads to better security. If you have any questions, please contact Secuvant Technical Support.