Skip to content
Vigil
Back to Vigil

Legal

End User Licence Agreement & SaaS Terms

Effective 13 May 2026 · Governed by the laws of New South Wales, Australia

Download PDFOpen in new tab

END USER LICENCE AGREEMENT

AND

SOFTWARE AS A SERVICE TERMS AND CONDITIONS

Effective Date: 13/05/2026

This End User Licence Agreement and Terms of Use ("Agreement") governs your access to and use of the Vigil Security platform ("Vigil", "Platform", "we", "us", or "our"), a security awareness and human risk management solution operated by VIGIL TECHNOLOGIES PTY LTD ACN 697 741 692, a company incorporated in New South Wales, Australia.

You are accessing the Platform either directly as a subscribing organisation or at the invitation of your employer or engaging organisation ("Your Organisation") for the purposes of participating in simulated cyberattack exercises, security awareness training, and human risk assessment programs.

By accessing or using the Platform, including by clicking "I Agree", registering for an account, commencing a free trial, or otherwise using any feature of the Platform, you acknowledge that you have read, understood, and agree to be legally bound by this Agreement. If you are accepting this Agreement on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation to these terms. If you do not agree to this Agreement, you must not access or use the Platform. This Agreement is always available at operations@vigilsecurity.io and can be downloaded or printed at any time. When updated, the new version will be posted at the same link with the revised date and version number.

Vigil Security is an Australian cybersecurity platform built for the artificial intelligence attack era. We help organisations protect their people, their greatest vulnerability by simulating real-world cyberattacks, including AI-personalised phishing emails, SMS fraud, voice-cloned executive calls, deepfake video communications, and QR code attacks, and then automatically training employees who fall for them. Every simulation is scored, every employee is risk-rated, and every outcome is mapped to a compliance report your cyber insurer will accept. We are trusted by professional services firms, accounting practices, law firms, and financial advisers across Australia. Vigil Security Pty Ltd is incorporated in New South Wales, Australia, and all customer data is stored exclusively within Australia.

DEFINITIONS

  1. In this Agreement, unless the context otherwise requires, the following expressions shall have the meanings ascribed to them below:

    1. "Agreement" means this End User Licence Agreement and Software as a Service Terms and Conditions, together with any schedules, annexures, or order forms incorporated herein by reference, as amended from time to time in accordance with clause 20.

    2. "Authorised Users" means those individuals who are employees, contractors, or agents of the Customer who are permitted by the Customer to access and use the Platform in accordance with this Agreement and for whom a valid subscription has been obtained.

    3. "Confidential Information" means all information, whether oral, written, electronic, or in any other form, disclosed by one party to the other party that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including but not limited to trade secrets, business plans, financial information, technical data, customer data, software, and the terms of this Agreement.

    4. "Customer" means the entity or individual identified in the relevant account registration, order form, or subscription details who has agreed to these terms and conditions.

    5. "Customer Data" means all data, information, content, and materials uploaded, submitted, or otherwise transmitted to or through the Platform by the Customer or its Authorised Users, including employee personal information used in connection with Simulations.

    6. "Documentation" means the user guides, technical specifications, help materials, and other supporting documentation made available by Vigil to the Customer in connection with the Platform, as updated from time to time.

    7. "Effective Date" means the date on which the Customer first accepts this Agreement by clicking "I Agree", registering for an account, or otherwise accessing the Platform, whichever occurs first.

    8. "Fees" means all amounts payable by the Customer to Vigil in connection with the Platform, as set out in the relevant subscription plan or order form.

    9. "Force Majeure Event" means any circumstance beyond the reasonable control of the affected party, including but not limited to acts of God, pandemic, epidemic, war, civil unrest, terrorism, fire, flood, earthquake, governmental action, labour disputes, or failure of third-party infrastructure.

    10. "Intellectual Property Rights" means all patents, trade marks, service marks, registered designs, copyrights, database rights, moral rights, trade secrets, know-how, and all other intellectual or industrial property rights of any kind, whether registered or unregistered, subsisting anywhere in the world.

    11. "Personal Information" has the meaning given to it under the Privacy Act 1988 (Cth), namely information or an opinion about an identified individual, or an individual who is reasonably identifiable.

    12. "Platform" means the Vigil Security software-as-a-service platform, including all associated tools, features, modules, interfaces, APIs, artificial intelligence components, deepfake simulation technology, voice cloning capabilities, phishing simulation engines, training modules, compliance reporting tools, and all updates, upgrades, or modifications thereto.

    13. "Privacy Act" means the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained therein, as amended or replaced from time to time.

    14. "RBA Cash Rate" means the official cash rate published by the Reserve Bank of Australia at rba.gov.au.

    15. "Simulation" means any simulated cyberattack, phishing exercise, deepfake video, voice-cloned communication, SMS attack, QR code attack, or other security awareness exercise conducted using the Platform.

    16. "Subscription Plan" means the applicable subscription tier selected by the Customer, being Starter, Growth, or Enterprise, as described on the Platform at the time of registration.

    17. "Subscription Term" means the period for which the Customer has subscribed to the Platform, commencing on the Effective Date and continuing until terminated in accordance with this Agreement.

    18. "Subprocessor" means any third party we use to process your data on our behalf.

    19. "Writing" means hand delivery, post, or email. Emails count as received when sent, unless a delivery failure is received within 24 hours.

    20. "Vigil" or "we" or "us" or "our" means VIGIL TECHNOLOGIES PTY LTD ACN 697 741 692, a company incorporated in New South Wales, Australia, with its registered office at 22 Appletree Drive Cherrybrook NSW 2126.

  2. In this Agreement, unless the context otherwise requires:

    1. headings are for convenience only and shall not affect interpretation;

    2. the singular includes the plural and vice versa;

    3. a reference to a statute or statutory provision is a reference to it as amended or re-enacted from time to time;

    4. a reference to "including" or "includes" means including without limitation; and

    5. a reference to "days" means calendar days unless expressly stated otherwise.

GRANT OF LICENCE

  1. Subject to the Customer's full and ongoing compliance with this Agreement, including timely payment of all applicable Fees, Vigil hereby grants to the Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable licence during the Subscription Term to access and use the Platform solely:

    1. for the Customer's internal business purposes;

    2. within the scope of the applicable Subscription Plan;

    3. by the number of Authorised Users permitted under the applicable Subscription Plan; and

    4. in accordance with the Documentation and this Agreement.

  2. The licence granted under clause 2.1 does not include any right to:

    1. copy, reproduce, modify, translate, adapt, or create derivative works of the Platform or any component thereof;

    2. reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code or underlying algorithms of the Platform;

    3. sublicense, resell, transfer, assign, rent, lease, or otherwise make the Platform available to any third party;

    4. frame, mirror, or embed the Platform or any portion thereof on any third-party website or application; or

    5. remove, obscure, or alter any proprietary notices, labels, or branding on or within the Platform.

  3. The Platform is provided as a software-as-a-service solution and is accessed via web browser or such other approved interface as Vigil may specify. No software is installed on the Customer's devices unless expressly authorised by Vigil in writing.

  4. Vigil reserves the right to update, modify, enhance, or discontinue any feature or functionality of the Platform at any time, provided that Vigil will use reasonable endeavours to provide the Customer with advance notice of material changes that may adversely affect the Customer's use of the Platform.

ACCOUNT REGISTRATION AND ACCESS

  1. To access the Platform, the Customer must register for an account and provide accurate, complete, and current information as requested during the registration process. The Customer must promptly update its account information to ensure it remains accurate and complete at all times.

  2. All Authorised Users must be at least 18 years of age. By registering for an account, the Customer confirms that all Authorised Users meet this requirement. Vigil reserves the right to cancel access without notice where this condition is not satisfied.

  3. The Customer is solely responsible for:

    1. maintaining the confidentiality and security of all account credentials, including usernames and passwords;

    2. all activities that occur under its account, whether or not authorised by the Customer;

    3. ensuring that all Authorised Users comply with this Agreement; and

    4. notifying Vigil immediately upon becoming aware of any unauthorised access to or use of the Customer's account.

  4. The Customer must ensure that each set of login credentials is used by only one individual Authorised User. Sharing of credentials between multiple individuals is strictly prohibited.

  5. Vigil reserves the right to suspend or terminate the Customer's account where Vigil reasonably believes that account credentials have been compromised or shared in breach of this Agreement.

  6. The Customer represents and warrants that:

    1. it has the legal capacity and authority to enter into this Agreement;

    2. if entering into this Agreement on behalf of an entity, it has the authority to bind that entity; and

    3. it is not prohibited by any applicable law from using the Platform.

SUBSCRIPTION PLANS AND FEES

  1. The Customer's access to and use of the Platform is subject to payment of the applicable Fees in accordance with the Subscription Plan selected by the Customer at the time of registration or as otherwise agreed in writing between the parties.

  2. All Fees are stated in Australian dollars unless otherwise specified. Vigil reserves the right to charge Fees in an alternative currency as may be specified at the time of purchase.

  3. Unless otherwise stated, all Fees are exclusive of applicable taxes, including goods and services tax (GST) imposed under the A New Tax System (Goods and Services Tax) Act 1999 (Cth). Where GST is applicable, it will be added to the relevant Fee and the Customer shall be responsible for the payment of such GST.

  4. Fees are payable in advance on a monthly or annual basis, as selected by the Customer. Vigil will issue a tax invoice to the Customer in respect of each billing cycle.

  5. The Customer's subscription will automatically renew at the end of each Subscription Term for a further period equal to the preceding Subscription Term unless:

    1. the Customer cancels its subscription at least fourteen (14) days prior to the end of the then-current Subscription Term via the Platform account management portal; or

    2. either party terminates the Agreement in accordance with clause

  6. Where the Customer fails to make any payment by the due date, Vigil reserves the right to:

    1. suspend the Customer's access to the Platform without liability until all outstanding amounts are paid in full;

    2. charge interest on overdue amounts at the RBA Cash Rate plus 8% per year, calculated daily from the due date until full payment is received; and

    3. recover all reasonable costs incurred by Vigil in connection with the collection of overdue amounts.

  7. All Fees paid are non-refundable except as expressly set out in clause 4.8 or as required by applicable law, including the Australian Consumer Law.

  8. In the event that Vigil ceases to provide the Platform entirely without reasonable notice, Vigil will provide a pro-rata refund of pre-paid Fees for the unexpired portion of the Subscription Term.

  9. Vigil reserves the right to amend its Fees from time to time. Vigil will provide the Customer with not less than thirty (30) days written notice prior to any Fee increase. If the Customer does not accept the revised Fees, it may cancel its subscription prior to the commencement of the new billing period. Continued use of the Platform following the effective date of a Fee change constitutes acceptance of the revised Fees.

FREE TRIAL

  1. Vigil may, at its sole discretion, offer a free trial period of thirty (30) days to new customers ("Free Trial"). The Free Trial commences on the date the Customer registers for a free trial account and expires automatically at the end of the thirty (30) day period unless the Customer converts to a paid Subscription Plan.

  2. During the Free Trial:

    1. the Customer's access to the Platform is limited to the features and functionality specified by Vigil at the time of the Free Trial;

    2. no credit card or payment details are required unless the Customer elects to convert to a paid plan; and

    3. all terms and conditions of this Agreement apply to the Customer's use of the Platform during the Free Trial.

  3. Upon expiry of the Free Trial, the Customer's access to the Platform and all associated Customer Data will be suspended unless the Customer converts to a paid Subscription Plan. Vigil will retain Customer Data for a period of thirty (30) days following the expiry of the Free Trial, after which it may be permanently deleted.

  4. Vigil reserves the right to withdraw, modify, or terminate the Free Trial offering at any time without notice.

ACCEPTABLE USE POLICY

  1. The Customer shall use the Platform solely for lawful purposes and in accordance with this Agreement, all applicable laws and regulations, and any guidelines or policies published by Vigil from time to time.

  2. Without limiting the generality of clause 6.1, the Customer must not, and must ensure that its Authorised Users do not:

    1. use the Platform to conduct Simulations targeting individuals who are not employees, contractors, or agents of the Customer or who have not been properly authorised as Authorised Users;

    2. use the Platform or any Simulation content to actually defraud, deceive, harass, intimidate, or cause harm to any individual;

    3. use the deepfake, voice cloning, or AI-generated content features of the Platform outside of the Platform's intended Simulation environment or for any purpose other than legitimate security awareness training within the Customer's organisation;

    4. upload, submit, or transmit through the Platform any content that is unlawful, defamatory, obscene, offensive, discriminatory, or otherwise objectionable;

    5. attempt to gain unauthorised access to the Platform, its infrastructure, or the accounts of other users;

    6. introduce any virus, malware, ransomware, spyware, trojan, worm, or other malicious code into the Platform;

    7. use the Platform in a manner that imposes an unreasonable or disproportionate load on Vigil's infrastructure;

    8. use automated scripts, bots, scrapers, or crawlers to access, monitor, or extract data from the Platform without Vigil's prior written consent;

    9. circumvent, disable, or otherwise interfere with security-related features of the Platform;

    10. use the Platform in violation of any export control laws or sanctions regulations applicable in Australia or any other relevant jurisdiction; or

    11. permit any third party to use the Platform in breach of this Agreement.

  3. The Customer acknowledges that Vigil's Simulation features, including voice cloning and deepfake video generation, are powerful tools that must be used responsibly and solely within the Customer's organisation for legitimate security awareness purposes. The Customer accepts full responsibility for ensuring that Simulations are conducted in compliance with all applicable laws, including but not limited to the Privacy Act, the Surveillance Devices Act 2004 (Cth), Criminal Code Act 1995 (Cth), the Online Safety Act 2021 (Cth), and any applicable state or territory legislation.

  4. Vigil reserves the right, without notice and without liability, to investigate any suspected breach of this clause 6 and to suspend or terminate the Customer's access to the Platform if Vigil reasonably determines that a breach has occurred or is reasonably likely to occur.

EMPLOYEE CONSENT AND WORKPLACE OBLIGATIONS

  1. The Customer acknowledges that Vigil's Platform is designed to simulate cyberattacks and social engineering attacks on employees and may, by its nature, involve the use of deceptive content, including AI-generated voice clones and deepfake video communications that impersonate executives or other individuals.

  2. The Customer represents, warrants, and undertakes that, prior to and during the conduct of any Simulation using the Platform:

    1. the Customer has obtained all necessary consents, authorisations, and approvals required under applicable law, including any relevant workplace legislation, employment contracts, enterprise agreements, awards, or privacy legislation, to conduct Simulations on its employees;

    2. the Customer has implemented appropriate workplace policies governing the use of security awareness testing and simulation exercises, and has communicated the existence of such policies to its employees in a manner consistent with applicable employment laws;

    3. the Customer has taken reasonable steps to ensure that Simulations are conducted in a manner that minimises unnecessary psychological distress to employees; and

    4. where the Customer's employees are located outside of Australia, the Customer has obtained all consents and complied with all applicable local laws governing employee monitoring, surveillance, and data processing in those jurisdictions; and

    5. the Customer has obtained written consent from the person whose voice or face is being used before using any voice cloning or deepfake features. The Customer is fully responsible for any legal claim arising if this consent is not obtained.

  3. Vigil accepts no liability whatsoever for any claims, losses, damages, or proceedings arising from the Customer's failure to comply with its obligations under clause 7.2, or from any employee claim arising in connection with the conduct of a Simulation, including but not limited to claims for harassment, breach of contract, or breach of privacy.

INTELLECTUAL PROPERTY RIGHTS

  1. The Customer acknowledges and agrees that:

    1. all Intellectual Property Rights in and to the Platform, including all underlying software, source code, object code, algorithms, machine learning models, artificial intelligence systems, deepfake technology, voice cloning technology, simulation engines, training content, compliance frameworks, reports, and Documentation, are and shall remain the exclusive property of Vigil or its licensors;

    2. nothing in this Agreement operates to transfer or assign any Intellectual Property Rights in the Platform to the Customer; and

    3. the Customer acquires only the limited licence rights expressly granted in clause 2 and no other rights in or to the Platform.

  2. The Customer retains all Intellectual Property Rights in and to the Customer Data. The Customer grants Vigil a limited, non-exclusive, royalty-free licence to access, process, store, and use the Customer Data solely to the extent necessary to provide the Platform and perform Vigil's obligations under this Agreement.

  3. Vigil shall not use Customer Data for any purpose other than the provision of the Platform and its obligations under this Agreement, including for the purposes of training Vigil's AI models or improving the Platform, without the Customer's prior written consent.

  4. If the Customer provides Vigil with any feedback, suggestions, ideas, or recommendations regarding the Platform ("Feedback"), the Customer grants Vigil a perpetual, irrevocable, royalty-free, worldwide licence to use and incorporate such Feedback into the Platform or any other Vigil product or service without any obligation of confidentiality or compensation to the Customer. However, Vigil will not publicly identify the Customer as the source of any Feedback without the Customer's prior written consent.

  5. The Customer shall promptly notify Vigil in writing upon becoming aware of any actual or suspected infringement of Vigil's Intellectual Property Rights by any third party.

DATA, PRIVACY, AND DATA PROTECTION

  1. Vigil is committed to handling all Personal Information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Vigil's Privacy Policy, which is incorporated into this Agreement by reference, sets out how Vigil collects, uses, stores, and discloses Personal Information in connection with the Platform.

  2. The Customer acknowledges that, in the course of using the Platform, the Customer may upload or make available to Vigil Personal Information of the Customer's employees and other individuals. The Customer warrants that:

    1. it has all necessary authority, consents, and permissions required under applicable law to upload such Personal Information to the Platform and to permit Vigil to process that information in accordance with this Agreement; and

    2. its instructions to Vigil regarding the processing of such Personal Information are lawful and do not require Vigil to breach any applicable data protection law.

  3. Vigil will process Customer Data in accordance with the Customer's reasonable instructions and in compliance with applicable law. Vigil will implement and maintain appropriate technical and organisational security measures to protect Customer Data against unauthorised access, disclosure, alteration, or destruction.

  4. Vigil stores all Customer Data in Australia and will not transfer Customer Data outside of Australia without the Customer's prior written consent, except where required by applicable law.

  5. In the event of a data breach involving Customer Data, Vigil will notify the Customer as soon as practicable and in any event within seventy-two (72) hours of becoming aware of the breach, to the extent required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.

  6. Where Vigil processes Personal Information on behalf of the Customer in its capacity as a data processor, the terms of any applicable Data Processing Agreement entered into between the parties shall apply and shall prevail over this clause 9 to the extent of any inconsistency.

  7. Vigil may collect and use de-identified, aggregated data derived from Customer Data for the purposes of improving the Platform, developing new features, and producing industry benchmarks, provided that such data cannot be used to identify the Customer or any individual.

  8. Vigil maintains a list of Subprocessors who handle Customer Data on its behalf. Vigil will share this list with the Customer upon written request. Vigil will provide the Customer with not less than 14 days written notice before engaging any new Subprocessor. If the Customer has a reasonable objection, the parties will discuss in good faith. If unresolved, the Customer may terminate this Agreement on 30 days written notice.

CONFIDENTIALITY

  1. Each party (the "Receiving Party") undertakes to keep confidential all Confidential Information disclosed to it by the other party (the "Disclosing Party") and to use the Confidential Information of the Disclosing Party solely for the purposes of performing its obligations or exercising its rights under this Agreement.

  2. The Receiving Party may disclose the Disclosing Party's Confidential Information only to those of its employees, contractors, and professional advisers who have a need to know such information for the purposes of this Agreement and who are bound by confidentiality obligations no less protective than those contained in this Agreement.

  3. The obligations in this clause 10 shall not apply to information that:

    1. is or becomes publicly known through no act or omission of the Receiving Party;

    2. was rightfully known to the Receiving Party prior to its disclosure without any obligation of confidentiality;

    3. is rightfully received by the Receiving Party from a third party without restriction on disclosure; or

    4. is required to be disclosed by law, court order, or regulatory authority, provided that the Receiving Party gives the Disclosing Party prompt written notice of such requirement to the extent permitted by law.

  4. The obligations of confidentiality in this clause 10 shall survive termination or expiry of this Agreement for a period of five (5) years.

REPRESENTATIONS AND WARRANTIES

  1. Each party represents and warrants to the other that:

    1. it has full power and authority to enter into, execute, and perform this Agreement;

    2. this Agreement constitutes a legal, valid, and binding obligation of that party; and

    3. the execution and performance of this Agreement does not violate any law, regulation, court order, or agreement to which it is a party.

  2. Vigil warrants that:

    1. it will provide the Platform with reasonable care and skill;

    2. We aim for 99% uptime every month. If we fall short, you are entitled to a credit on that month's fee. A credit of 10% applies where uptime falls between 95% and 99%. A credit of 25% applies where uptime falls between 90% and 95%. A credit of 50% applies where uptime falls below 90%. Credits must be claimed in writing within 30 days of the affected month. This credit is your only remedy for downtime; and

    3. to Vigil's knowledge, the Platform does not infringe the Intellectual Property Rights of any third party.

  3. Except as expressly set out in this Agreement, the Platform is provided on an "as is" and "as available" basis. To the maximum extent permitted by applicable law, Vigil expressly excludes all warranties, representations, conditions, and terms, whether express or implied, statutory or otherwise, including any implied warranty of merchantability, fitness for a particular purpose, accuracy, or non-infringement.

  4. Vigil does not warrant that:

    1. the Platform will be free from errors, defects, or interruptions;

    2. the use of the Platform will prevent any actual cyberattack or security breach;

    3. the compliance reports generated by the Platform will be accepted by any particular cyber insurer, regulator, or third party; or

    4. the Platform will meet all of the Customer's specific requirements.

  5. Nothing in this Agreement excludes, restricts, or modifies any right or remedy, or any guarantee, warranty, or other term or condition, implied or imposed by the Australian Consumer Law (Schedule 2 to the Competition and Consumer Act 2010 (Cth)) that cannot lawfully be excluded or limited.

  6. The Platform uses artificial intelligence technology including voice cloning and deepfake tools. Both parties agree to comply with all current and future laws relating to AI and synthetic media. The Customer is responsible for ensuring that its use of the AI features of the Platform is lawful in all jurisdictions in which it operates.

LIMITATION OF LIABILITY

  1. To the maximum extent permitted by applicable law, including the Australian Consumer Law, Vigil's total aggregate liability to the Customer arising out of or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the total amount of Fees paid by the Customer to Vigil in the twelve (12) month period immediately preceding the date on which the event giving rise to the liability first occurred.

  2. To the maximum extent permitted by applicable law, neither party shall be liable to the other for any:

    1. indirect, consequential, incidental, special, or punitive loss or damage;

    2. loss of profits, revenue, business, anticipated savings, goodwill, or opportunity;

    3. loss or corruption of data or information;

    4. damage to reputation; or

    5. any loss arising from business interruption,

whether or not such loss was foreseeable or the party had been advised of its possibility.

  1. Nothing in this Agreement shall limit or exclude either party's liability for:

    1. death or personal injury caused by its negligence;

    2. fraud or fraudulent misrepresentation; or

    3. any other liability that cannot be excluded by law.

  2. Vigil shall not be liable for any loss, damage, or liability arising from:

    1. the Customer's failure to comply with its obligations under this Agreement, including the obligations set out in clauses 6 and 7;

    2. the Customer's use of the Platform in a manner not authorised by this Agreement or the Documentation;

    3. any breach by the Customer of applicable laws; or

    4. any third-party products, services, or software used in connection with the Platform.

INDEMNIFICATION

  1. The Customer shall indemnify, defend, and hold harmless Vigil and its directors, officers, employees, agents, and contractors (each, an "Indemnified Party") from and against all claims, actions, proceedings, losses, damages, liabilities, costs, and expenses (including reasonable legal fees) ("Claims") arising out of or in connection with:

    1. the Customer's use of the Platform in breach of this Agreement;

    2. the Customer's violation of any applicable law or regulation, including the Privacy Act, in connection with its use of the Platform;

    3. any Simulation conducted by the Customer using the Platform, including any claim by an employee of the Customer arising from such Simulation;

    4. the Customer's breach of any third-party rights, including Intellectual Property Rights; or

    5. any Customer Data uploaded to the Platform, including any claim that such data infringes the rights of a third party.

  2. Vigil shall indemnify and hold harmless the Customer from and against any third-party Claims arising from Vigil's material breach of this Agreement or Vigil's infringement of any third-party Intellectual Property Rights in connection with the Platform, provided that the Customer:

    1. promptly notifies Vigil in writing of any such Claim;

    2. grants Vigil sole control over the defence and settlement of the Claim; and

    3. provides Vigil with all reasonable cooperation and assistance in connection with the defence of the Claim.

THIRD-PARTY SERVICES AND INTEGRATIONS

  1. The Platform may integrate with or rely upon third-party services, applications, and infrastructure providers, including cloud hosting providers, payment processors, artificial intelligence service providers, and analytics tools. Vigil does not represent, warrant, or guarantee the availability, functionality, security, or accuracy of any third-party services.

  2. The Customer's use of any third-party services that are integrated with or accessible through the Platform is governed by the terms and conditions and privacy policies of the respective third-party providers. Vigil accepts no responsibility for the terms, practices, or conduct of any such third parties.

  3. Vigil may change or replace any third-party services used in connection with the Platform without notice, provided that such change does not materially reduce the overall functionality of the Platform.

SUSPENSION OF ACCESS

  1. Without prejudice to any other rights or remedies available to Vigil, Vigil may suspend the Customer's access to the Platform immediately and without prior notice in the event that:

    1. the Customer fails to pay any Fees by the due date and such failure continues for more than seven (7) days after written notice from Vigil;

    2. Vigil reasonably suspects that the Customer's account has been compromised or is being used for fraudulent or unlawful purposes;

    3. the Customer is in material breach of clause 6 (Acceptable Use Policy) or clause 7 (Employee Consent and Workplace Obligations);

    4. the Customer's use of the Platform poses an imminent risk to the security, integrity, or availability of the Platform or the data of other customers; or

    5. Vigil is required to do so by a governmental authority or court order.

  2. Vigil will endeavour to provide the Customer with advance notice of a suspension where it is safe and practicable to do so. Vigil will lift a suspension promptly once the circumstances giving rise to the suspension have been remedied to Vigil's reasonable satisfaction.

  3. Vigil shall not be liable for any loss or damage suffered by the Customer arising from a suspension imposed in accordance with this clause 15.

TERM

  1. This Agreement commences on the Effective Date and continues for the duration of the Subscription Term, unless terminated earlier in accordance with clause 17.

  2. Where the Customer is on a free trial, this Agreement commences on the date the Customer registers for the free trial and continues until the expiry of the free trial period, unless the Customer converts to a paid Subscription Plan, in which case this Agreement continues for the duration of that Subscription Term.

TERMINATION

  1. Either party may terminate this Agreement for convenience by providing not less than thirty (30) days written notice to the other party prior to the end of the then-current Subscription Term.

  2. Either party may terminate this Agreement with immediate effect by written notice to the other party if:

    1. the other party commits a material breach of this Agreement and, where such breach is capable of remedy, fails to remedy the breach within thirty (30) days of receiving written notice specifying the breach and requiring its remedy;

    2. the other party becomes insolvent, is placed into administration, receivership, or liquidation, enters into a deed of company arrangement, makes a composition or arrangement with its creditors generally, or has a controller appointed over all or a material part of its assets; or

    3. the other party ceases or threatens to cease to carry on business.

  3. Vigil may terminate this Agreement immediately by written notice to the Customer if the Customer breaches clause 6 (Acceptable Use Policy) or clause 7 (Employee Consent and Workplace Obligations) and Vigil determines in its reasonable discretion that the breach is not capable of remedy.

  4. Upon expiry or termination of this Agreement for any reason:

    1. the licence granted under clause 2 shall immediately cease;

    2. the Customer must immediately cease all use of the Platform;

    3. each party shall return or destroy the Confidential Information of the other party in accordance with the other party's reasonable instructions;

    4. Vigil will retain Customer Data for a period of 60 days following the date of termination or expiry of this Agreement. The Customer may request the return or deletion of its Customer Data at any time during this period. After 60 days, Vigil may permanently delete all Customer Data without further notice. Enterprise customers may request an extended retention period of up to 90 days by prior written agreement with Vigil.

  5. Termination of this Agreement shall not affect any rights or liabilities of either party accrued prior to the date of termination.

GOVERNING LAW AND DISPUTE RESOLUTION

  1. This Agreement shall be governed by and construed in accordance with the laws of the State of New South Wales, Australia, without regard to its conflict of law provisions.

  2. The parties agree to submit to the exclusive jurisdiction of the courts of New South Wales, Australia in respect of any dispute arising out of or in connection with this Agreement.

  3. Before commencing any legal proceedings, the parties agree to attempt to resolve any dispute arising out of or in connection with this Agreement through good faith negotiation. If the dispute is not resolved within thirty (30) days of one party notifying the other party of the dispute in writing, either party may commence legal proceedings.

  4. Nothing in this clause 18 shall prevent either party from seeking urgent interlocutory or injunctive relief from a court of competent jurisdiction where necessary to protect its rights.

FORCE MAJEURE

  1. Neither party shall be liable for any delay or failure to perform its obligations under this Agreement to the extent that such delay or failure is caused by a Force Majeure Event, provided that the affected party:

    1. promptly notifies the other party in writing of the Force Majeure Event and its expected duration;

    2. uses reasonable endeavours to mitigate the effects of the Force Majeure Event; and

    3. resumes performance as soon as reasonably practicable after the Force Majeure Event has ceased.

  2. If a Force Majeure Event continues for more than sixty (60) consecutive days, either party may terminate this Agreement by written notice without liability, save that the Customer shall be entitled to a pro-rata refund of any pre-paid Fees for the period during which the Platform was unavailable as a result of the Force Majeure Event.

AMENDMENTS TO THIS AGREEMENT

  1. Vigil reserves the right to amend this Agreement from time to time. Vigil will notify the Customer of any material amendments by:

    1. sending an email notification to the email address associated with the Customer's account; and/or

    2. displaying a prominent notice on the Platform.

  2. Amended terms shall take effect thirty (30) days after the date of notification, unless a shorter notice period is required by law or is necessary to address a security or legal risk.

  3. The Customer's continued use of the Platform after the effective date of any amendment constitutes the Customer's acceptance of the amended Agreement. If the Customer does not agree to the amended terms, the Customer must cease using the Platform and may terminate this Agreement in accordance with clause 17.1 prior to the effective date of the amendment.

GENERAL PROVISIONS

Entire Agreement: This Agreement, together with any applicable schedules, annexures, or Data Processing Agreement, constitutes the entire agreement between the parties with respect to its subject matter and supersedes all prior agreements, representations, warranties, negotiations, and understandings of the parties, whether oral or written, relating to that subject matter.

Severability: If any provision of this Agreement is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be severed from this Agreement to the minimum extent necessary, and the remaining provisions shall continue in full force and effect.

Waiver: No failure or delay by either party in exercising any right or remedy under this Agreement shall operate as a waiver of that right or remedy. A waiver of any breach of this Agreement shall not be deemed to be a waiver of any subsequent breach of the same or any other provision.

Relationship of the Parties: Nothing in this Agreement shall be construed to create a partnership, joint venture, employment, or agency relationship between the parties. Each party is an independent contractor.

Notices: All notices, requests, demands, or other comm.unications required or permitted under this Agreement shall be in writing and shall be deemed to have been duly given when delivered by email to the email addresses set out in the parties' respective account details or as otherwise notified in writing. Vigil's designated notice email address is: operations@vigilsecurity.io.

Counterparts: This Agreement may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same instrument. Electronic signatures shall be deemed valid and binding.

Survival: The following clauses shall survive expiry or termination of this Agreement: clause 8 (Intellectual Property Rights), clause 10 (Confidentiality), clause 12 (Limitation of Liability), clause 13 (Indemnification), clause 18 (Governing Law and Dispute Resolution), and any other provision that by its nature is intended to survive termination.

AUSTRALIAN CONSUMER LAW

  1. The Platform comes with guarantees that cannot be excluded under the Australian Consumer Law. For major failures with the Platform, the Customer is entitled to cancel the subscription and receive a refund for the unused portion of the Subscription Term. The Customer is also entitled to be compensated for any other reasonably foreseeable loss or damage resulting from a major failure.

  2. If the Platform has a minor failure, Vigil may choose to give the Customer a free fix instead of a refund.

  3. Nothing in this Agreement is intended to exclude, restrict, or modify any consumer guarantee, right, or remedy conferred upon the Customer by the Australian Consumer Law that cannot lawfully be excluded, restricted, or modified.

CONTACT INFORMATION

For all legal notices, questions regarding this Agreement, or complaints relating to the Platform, the Customer may contact Vigil at:

VIGIL TECHNOLOGIES PTY LTD

Email: operations@vigilsecurity.io

Website: www.vigilsecurity.io

Address: 22 Appletree Drive Cherrybrook NSW 2126.

EXECUTION

  1. By accessing or using the Platform, whether by clicking "I Agree", registering for an account, commencing a free trial, or otherwise, the Customer acknowledges that it has read this Agreement, understands its terms, and agrees to be bound by it.

  2. If this Agreement is being executed as a formal signed document between the parties, the duly authorised representatives of the parties have executed this Agreement as of the date last signed below.

VIGIL TECHNOLOGIES PTY LTD

Signature: ___________________________________

Name: ___________________________________

Title: ___________________________________

Date: ___________________________________

CUSTOMER

Signature: ___________________________________

Name: ___________________________________

Title: ___________________________________

Organisation: _________________________________

Date: ___________________________________

SCHEDULE 1 - SUBSCRIPTION PLANS

The following Subscription Plans are available as at the Effective Date of this Agreement. Vigil reserves the right to amend, replace, or discontinue any Subscription Plan upon thirty (30) days written notice to existing subscribers.

Starter Plan

The Starter Plan is available for organisations with up to twenty-five (25) employees. It includes email phishing simulations, SMS phishing simulations, voice call simulations, QR code attack simulations, live risk scores per employee, automatic training assignment upon simulation failure, interactive training lessons and quizzes, and a compliance PDF covering Essential Eight, ISO 27001, and the Australian Privacy Act. Email support is provided.

Growth Plan

The Growth Plan is available for organisations with up to two hundred (200) employees and includes all features of the Starter Plan, together with deepfake video email simulations, voice-cloned executive call simulations, live deepfake video call simulations, AI-personalised phishing with Claude, custom attack briefs, AI-generated personalised training videos, department benchmarking, escalation alerts for high-risk employees, and priority support.

Enterprise Plan

The Enterprise Plan is designed for managed service providers and organisations with complex compliance requirements. It includes unlimited employees and all features of the Growth Plan, together with custom compliance mapping, API access, a multi-tenant MSP console, white-label branding, single sign-on and SCIM provisioning, a service level agreement guarantee, and a dedicated customer success manager. Pricing is custom and subject to a separate written agreement between the parties.

SCHEDULE 2 - DEFINITIONS OF KEY REGULATORY FRAMEWORKS

The following regulatory frameworks are referenced in this Agreement and in Vigil's compliance reporting features. This Schedule is for general information only and is not legal advice. These frameworks change over time. We recommend you get independent legal advice about your specific compliance obligations. Our compliance reports are a helpful tool but are not a substitute for a formal legal review.

Australian Privacy Act 1988 (Cth) and Australian Privacy Principles

The Privacy Act 1988 (Cth) is the principal legislation governing the handling of Personal Information by Australian government agencies and organisations with an annual turnover exceeding three million dollars (AUD $3,000,000), as well as certain other organisations. The Australian Privacy Principles set out standards for the collection, use, disclosure, storage, and security of Personal Information.

Essential Eight

The Essential Eight is a cybersecurity framework developed by the Australian Signals Directorate comprising eight mitigation strategies designed to protect organisations against a range of cyber threats. Vigil's compliance reports include mapping to the Essential Eight framework.

ISO 27001

ISO/IEC 27001 is an international standard for information security management systems. Vigil's compliance reports include mapping to ISO 27001 controls relevant to security awareness and human risk management.

SOC 2

SOC 2 is a reporting framework developed by the American Institute of Certified Public Accountants covering security, availability, processing integrity, confidentiality, and privacy. Vigil is in the process of completing its SOC 2 certification.