Obchodné podmienky

Právny text nižšie je autoritatívna anglická verzia.

Last updated: May 8, 2026

1. Agreement and Acceptance

These Terms of Service (the "Terms") are a binding agreement between the customer that creates an account, signs an order, accepts a proposal, uses the Service, or otherwise accesses PhishGun ("Customer", "you", or "your") and Haxoris Labs s. r. o.("Haxoris Labs", "PhishGun", "we", "us", or "our").

PhishGun is a business-to-business security awareness, phishing simulation, email reporting, and related cybersecurity training platform. By using the Service, you confirm that you are acting for an organization, that you have authority to bind that organization, and that the organization agrees to these Terms. If you do not agree, you must not access or use the Service.

If a signed order form, proposal, data processing agreement, security addendum, or other written agreement with us says that it controls over these Terms, that document controls for the conflicting subject matter. For personal data processing terms, the applicable data processing agreement controls over these Terms if there is a conflict.

2. Company Details

Haxoris Labs s. r. o.
Karpatské námestie 7770/10A
Bratislava - mestská časť Rača 831 06
Slovak Republic
IČO: 57 591 954
Registered with the Business Register of the City Court Bratislava III, Section Sro, Insert No. 199032/B
Email: info@phishgun.com

3. Definitions

  • Account means the workspace, tenant, or subscription through which you access the Service.
  • Administrator or User means a person you authorize to access or manage your Account.
  • Authorized Purpose means lawful, authorized security awareness, training, phishing simulation, reporting, and related defensive testing for your own organization or an organization that has given you express written authorization.
  • Campaign means any phishing simulation, training assignment, landing page, reporting workflow, email analysis workflow, or related activity launched, configured, or managed through the Service.
  • Customer Data means data, content, files, participant lists, messages, reports, campaign results, templates, and other materials submitted to or generated through the Service by or for you. Customer Data does not include PhishGun Content.
  • Order means an online checkout, invoice, quote, proposal, statement of work, subscription confirmation, or other ordering document accepted by you and us.
  • Participant means an employee, contractor, user, or other person included by you in a Campaign.
  • PhishGun Content means the Service, software, documentation, templates, training content, designs, workflows, analytics, logos, and other materials we provide or make available.
  • Service means PhishGun websites, dashboards, applications, APIs, integrations, reporting tools, phishing simulation tools, email reporting features, training features, support, and related services.
  • Subscription Term means the subscription, trial, early-access, or renewal period stated in an Order or otherwise made available by us.

4. Access to the Service

Subject to these Terms and the applicable Order, we grant you a limited, non-exclusive, non-transferable, revocable right to access and use the Service during the Subscription Term for the Authorized Purpose. You may allow your Users to access the Service only for your internal business purposes and only in compliance with these Terms.

You are responsible for all activity under your Account, including actions by your Users, employees, contractors, affiliates, consultants, managed service providers, and anyone who accesses the Service using your credentials or systems. You must keep login credentials, API keys, tokens, and integration secrets confidential and notify us promptly of any suspected compromise.

We may update, improve, limit, suspend, discontinue, or modify features from time to time. We will use reasonable efforts to avoid materially reducing core paid functionality during an active Subscription Term, but we may make changes necessary for security, compliance, legal, infrastructure, or product reasons.

5. Authorized Security Use Only

PhishGun may be used only for authorized defensive security awareness and training. You represent and warrant that every Campaign, target list, domain, sender identity, landing page, integration, and system used with the Service is owned by you, controlled by you, or expressly authorized in writing by the relevant organization.

You must not use the Service to conduct real phishing, fraud, extortion, credential theft, malware delivery, spam, harassment, unlawful surveillance, unauthorized social engineering, or testing against any person, organization, domain, inbox, system, or network that you are not authorized to test.

We may require domain verification, proof of authorization, sending limits, identity verification, campaign review, or other safeguards before allowing or continuing a Campaign. We may pause or stop any Campaign that we reasonably believe is unauthorized, unlawful, harmful, abusive, likely to cause complaints, likely to damage our infrastructure or sender reputation, or otherwise inconsistent with these Terms.

6. Customer Compliance Responsibilities

You are solely responsible for ensuring that your use of the Service complies with all laws, regulations, contracts, internal policies, and authorization requirements that apply to you and your Participants. This includes, where applicable, data protection, privacy, employment, labor, electronic communications, anti-spam, telecommunications, cybersecurity, consumer protection, sector-specific, and public-sector rules.

You are responsible for:

  • having a valid legal basis and authorization for each Campaign;
  • providing any required notices to Participants, works councils, unions, customers, regulators, or other stakeholders;
  • obtaining any required consents or approvals before running a Campaign;
  • performing any required risk assessment, data protection impact assessment, or internal approval process;
  • choosing lawful Campaign scope, timing, frequency, targeting, and content;
  • ensuring that sender domains, mailbox permissions, OAuth grants, directory syncs, and email integrations are authorized;
  • ensuring that Campaigns do not collect passwords, MFA codes, payment data, health data, government identifiers, or other sensitive data unless expressly agreed in writing and lawful;
  • handling Participant questions, complaints, employment issues, disciplinary decisions, and internal communications; and
  • ensuring that any use of third-party names, trademarks, logos, brands, or scenarios in simulations is lawful and proportionate for training.

You must not make employment, disciplinary, financial, legal, or similarly significant decisions about a Participant based solely on automated PhishGun outputs unless you have independently determined that doing so is lawful and appropriate.

7. Prohibited Conduct

You must not, and must not allow anyone else to:

  • use the Service outside the Authorized Purpose;
  • send unsolicited commercial email, spam, or unauthorized bulk messages;
  • collect, harvest, store, or attempt to obtain real passwords, MFA codes, payment-card details, secrets, private keys, tokens, or other credentials;
  • upload, transmit, link to, or deliver malware, exploit code, destructive payloads, credential harvesters, or content intended to compromise systems;
  • target third parties, public domains, consumer inboxes, or unaffiliated organizations without written authorization;
  • misrepresent your identity, authorization, or relationship with a target organization;
  • violate any privacy, data protection, employment, intellectual property, publicity, confidentiality, or other third-party right;
  • interfere with, scan, overload, probe, attack, disrupt, or bypass the Service or our infrastructure;
  • reverse engineer, decompile, disassemble, scrape, crawl, copy, benchmark for competitive purposes, or attempt to derive source code or non-public information from the Service;
  • bypass usage limits, seat limits, sending limits, rate limits, technical controls, billing controls, or security features;
  • resell, sublicense, lease, timeshare, or provide access to the Service except as expressly permitted by us in writing;
  • use the Service to train, build, or improve a competing product; or
  • remove or obscure proprietary notices, branding, or legal notices in the Service.

8. Campaign Safety and Email Delivery

You understand that simulated phishing and social-engineering training may cause operational side effects, including help-desk tickets, employee concern, security alerts, mail filtering, blocked messages, delivery failures, domain or sender reputation issues, reports to abuse desks, complaints to regulators, or third-party platform restrictions. You are responsible for planning, approving, communicating, and managing these risks inside your organization.

We do not guarantee email delivery, inbox placement, open-rate tracking, click tracking, participant behavior, reduction of real-world phishing risk, compliance outcomes, or prevention of security incidents. Security tools, mail providers, browser vendors, network filters, identity providers, and user settings may affect Campaign behavior and reporting.

9. Customer Data and Privacy

You retain ownership of Customer Data. You grant us and our subprocessors a worldwide, non-exclusive, royalty-free license to host, process, transmit, display, copy, secure, analyze, and otherwise use Customer Data only as needed to provide, maintain, secure, support, and improve the Service, comply with law, and enforce these Terms.

For personal data that you upload, sync, or generate about Participants, you are normally the controller and we are normally the processor. Our Privacy Policy explains our privacy practices for controller processing, and any applicable data processing agreement governs processor processing.

You represent that you have all rights, permissions, notices, consents, and legal bases necessary for us to process Customer Data as described in these Terms, the Privacy Policy, the applicable data processing agreement, and your configuration of the Service.

We may create aggregated, de-identified, or anonymized information from use of the Service and use it for analytics, security, benchmarking, product improvement, and business purposes, provided it does not identify you, your Users, Participants, or any individual.

10. Integrations and Third-Party Services

The Service may integrate with third-party systems such as Google Workspace, Microsoft 365, identity providers, mail systems, DNS providers, payment processors, CRM tools, analytics, support tools, and security platforms. You are responsible for obtaining and maintaining all third-party accounts, permissions, approvals, configurations, and licenses needed for those integrations.

Third-party services are governed by their own terms and policies. We are not responsible for third-party services, outages, API changes, security incidents, data processing, rate limits, rejected messages, permission changes, or decisions to suspend or terminate your access to those services.

11. AI-Assisted Features

The Service may include AI-assisted or automated features for generating, localizing, classifying, analyzing, or improving security awareness content. Outputs may be incomplete, inaccurate, unsuitable, or require review. You are responsible for reviewing and approving AI-assisted content before use in a Campaign.

You must not submit sensitive, confidential, regulated, or unnecessary personal data into AI-assisted features unless your agreement with us expressly allows it and you have a lawful basis to do so. We do not use Customer participant data to train third-party AI models unless expressly agreed in writing.

12. Fees, Taxes, and Payment

Fees, subscription scope, employee or Participant limits, included features, billing periods, renewal terms, and payment methods are stated in the applicable Order or checkout. Unless an Order states otherwise, fees are due in advance, invoices are payable within fourteen (14) days, and all fees are non-cancellable and non-refundable except where required by law or expressly stated in an Order.

You must provide accurate billing, tax, and contact information and keep it current. Fees are exclusive of VAT, sales, use, withholding, and similar taxes unless stated otherwise. You are responsible for taxes associated with your purchase other than taxes based on our net income.

If payment is overdue, we may charge lawful late-payment interest, suspend access, pause Campaigns, withhold support, or terminate the affected Order after reasonable notice. You remain responsible for all fees incurred before suspension or termination.

13. Renewals, Changes, and Cancellation

Subscriptions renew only as stated in the applicable Order or checkout. If automatic renewal applies, either party may prevent renewal by giving notice before the renewal deadline stated in the Order, or if no deadline is stated, at least thirty (30) days before the end of the then-current Subscription Term.

We may change prices, packaging, limits, or features for a renewal term by giving reasonable notice. If you cancel before the end of a committed Subscription Term, you are not entitled to a refund and must pay any unpaid fees for the remainder of the term unless the applicable Order states otherwise.

14. Free Trials, Early Access, and Beta Features

We may offer free trials, early access, pilots, previews, or beta features. These are provided for evaluation, may be changed or discontinued at any time, may be subject to additional limits, and are provided "as is" without any service-level commitment, warranty, refund, credit, or obligation to continue offering them.

Unless you purchase a paid subscription before the end of a free trial or early-access period, we may suspend access and delete trial data after the period ends. You should export any data you need before the trial or early-access period expires.

15. Support and Managed Services

We provide support as described in the applicable Order or in the support terms made available to you. Unless expressly agreed in writing, we do not guarantee any response time, resolution time, uptime, email deliverability, or support availability.

If we provide managed campaign assistance, onboarding, consulting, or professional services, you remain responsible for authorization, approvals, legal basis, participant notices, Campaign scope, and final approval of Campaign content. Our services are not legal advice, employment advice, compliance certification, or a guarantee that your security awareness program satisfies any law or regulation.

16. Intellectual Property

We and our licensors own all rights, title, and interest in the Service and PhishGun Content, including software, source code, object code, designs, templates, workflows, training materials, documentation, logos, trademarks, analytics, report formats, and know-how. Except for the limited access rights expressly granted in these Terms, no rights are transferred to you.

You retain ownership of Customer Data and customer-created materials. You grant us the rights needed to process those materials to provide the Service. You are responsible for ensuring that Customer Data and customer-created materials do not infringe or violate any third-party rights.

If you provide feedback, ideas, suggestions, or improvement requests, we may use them without restriction or compensation, provided we do not disclose your Confidential Information in doing so.

17. Confidentiality

Each party may receive non-public information from the other party that should reasonably be understood to be confidential, including business, technical, security, product, pricing, Customer Data, credentials, reports, and roadmap information. The receiving party must protect the disclosing party's Confidential Information using reasonable care and may use it only to perform or receive the Service, exercise rights, or comply with these Terms.

Confidential Information does not include information that is public without breach, was already known without confidentiality obligations, is lawfully received from a third party, or is independently developed without use of the disclosing party's Confidential Information. A party may disclose Confidential Information if required by law, provided it gives notice where legally permitted and limits disclosure to what is required.

18. Security

We will maintain reasonable technical and organizational measures designed to protect the Service and Customer Data. You are responsible for securely configuring your Account, managing User access, protecting credentials and integration tokens, limiting administrative privileges, reviewing Campaign settings, and promptly removing access for Users who no longer need it.

You must promptly notify us of any suspected unauthorized access to your Account, leaked credentials, compromised integration, or security incident involving the Service.

19. Suspension

We may suspend or restrict access to the Service, pause Campaigns, disable integrations, or remove content immediately if we reasonably believe that:

  • you breached these Terms or an Order;
  • your use is unauthorized, unlawful, fraudulent, abusive, or harmful;
  • a Campaign may harm Participants, third parties, our infrastructure, deliverability, reputation, or the Service;
  • your Account or integration is compromised or creates a security risk;
  • you exceed usage limits, sending limits, or technical limits;
  • fees are overdue; or
  • suspension is needed to comply with law or a third-party platform requirement.

We will use reasonable efforts to notify you of a suspension unless notice would create risk, violate law, compromise security, or interfere with an investigation. We are not liable for losses caused by a suspension made in good faith under this section.

20. Term and Termination

These Terms start when you first accept them or use the Service and continue until all Orders and access rights have ended. Either party may terminate an Order for material breach if the breach is not cured within thirty (30) days after written notice, unless the breach is incapable of cure or creates immediate legal, security, or operational risk.

We may terminate immediately if you use the Service for unauthorized phishing, credential theft, malware, unlawful activity, or activity that creates material risk to us, the Service, Participants, or third parties.

Upon termination, your right to use the Service ends. You must stop using the Service and pay all outstanding fees. We may delete Customer Data after termination according to our retention practices, the applicable Order, and any data processing agreement. Sections that by their nature should survive termination will survive, including payment obligations, confidentiality, intellectual property, data protection, disclaimers, limitations of liability, indemnities, governing law, and dispute terms.

21. Warranties and Disclaimers

Each party represents that it has authority to enter into these Terms. You additionally represent and warrant that your use of the Service, Customer Data, Campaigns, target lists, sender identities, domains, integrations, and instructions are lawful, authorized, and do not violate third-party rights.

To the maximum extent permitted by law, the Service is provided "as is" and "as available". We disclaim all warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted operation, error-free operation, deliverability, accuracy of analytics, security outcome, compliance outcome, or absence of harmful components.

You understand that PhishGun is a training and awareness tool. It does not replace a security program, legal review, incident response, employee training policy, technical controls, or professional judgment. We do not guarantee that use of the Service will prevent phishing, fraud, compromise, data breach, regulatory action, or other security incidents.

22. Limitation of Liability

To the maximum extent permitted by law, we will not be liable for indirect, incidental, special, consequential, exemplary, punitive, or similar damages, or for loss of profits, revenue, goodwill, reputation, business opportunity, anticipated savings, data, use, security, or business interruption, even if we were advised that such damages were possible.

To the maximum extent permitted by law, our total aggregate liability arising out of or relating to the Service, these Terms, or any Order will not exceed the fees you paid to us for the affected Service in the twelve (12) months before the event giving rise to the claim. For free trials, early access, beta features, or free services, our total aggregate liability will not exceed one hundred euros (EUR 100).

Nothing in these Terms limits liability that cannot be limited under applicable law.

23. Indemnification

You will defend, indemnify, and hold harmless Haxoris Labs, its affiliates, officers, directors, employees, contractors, licensors, suppliers, and subprocessors from and against any claims, damages, fines, penalties, liabilities, losses, settlements, costs, and expenses, including reasonable legal fees, arising out of or related to:

  • your Customer Data, Campaigns, instructions, configurations, templates, target lists, or use of the Service;
  • unauthorized, unlawful, fraudulent, abusive, or prohibited use of the Service;
  • claims by Participants, employees, contractors, unions, works councils, regulators, customers, or third parties related to your Campaigns or use of the Service;
  • your failure to obtain authorization, provide notices, obtain consents, or comply with privacy, employment, electronic communications, anti-spam, or other laws;
  • your collection or attempted collection of credentials, sensitive data, or unnecessary personal data;
  • your infringement or misuse of third-party names, brands, trademarks, copyrights, likenesses, or confidential information;
  • your third-party systems, integrations, domains, mailboxes, sender configurations, or security tools;
  • your breach of these Terms, an Order, or applicable law; or
  • activity under your Account, whether authorized by you or caused by your failure to protect credentials or systems.

We will promptly notify you of indemnified claims, allow you to control the defense where legally and commercially reasonable, and provide reasonable cooperation at your expense. You may not settle a claim in a way that admits fault by us, imposes obligations on us, or affects our rights without our prior written consent.

24. IP Infringement Claims Against the Service

If a third party claims that the Service, as provided by us and used according to these Terms, infringes its intellectual property rights, we may at our option obtain the right for you to continue using the Service, modify the Service, replace the allegedly infringing part, or terminate the affected Service and refund prepaid unused fees for the terminated portion.

We have no obligation for claims arising from Customer Data, customer-created templates, third-party services, your modifications, your unauthorized use, your combination of the Service with other materials, or use after we tell you to stop. This section states your exclusive remedy for intellectual property claims against the Service.

25. Export, Sanctions, and Restricted Use

You must comply with all applicable export control, sanctions, anti-corruption, and restricted-party laws. You must not use the Service if you are located in, organized under the laws of, or ordinarily resident in a jurisdiction subject to applicable sanctions, or if you are listed on an applicable restricted-party list. You must not use the Service for unlawful government surveillance, military targeting, offensive cyber operations, or other prohibited end uses.

26. Publicity

We will not use your name or logo in public marketing materials without your consent unless the applicable Order expressly allows it. You must not use our name, logo, or branding in public statements, press releases, or marketing materials without our prior written consent, except to identify us as your service provider in ordinary procurement, security, or compliance documentation.

27. Notices and Changes to Terms

We may provide notices by email, in-app message, dashboard notice, invoice note, or posting on our website. You must keep your account and billing contact details current.

We may update these Terms from time to time. Updated Terms will apply to new Orders immediately and to existing subscriptions at renewal, unless the change is required sooner for legal, security, or compliance reasons. If a material change substantially harms your rights during an active paid Subscription Term, you may object by notifying us within thirty (30) days after notice of the change, and the prior Terms will apply until the end of the then-current Subscription Term unless continued use is not legally or operationally feasible.

28. Governing Law and Disputes

These Terms and any dispute or claim arising from or relating to them, the Service, or an Order are governed by the laws of the Slovak Republic, without regard to conflict-of-law rules. The courts of the Slovak Republic with jurisdiction over our registered seat will have exclusive jurisdiction, unless mandatory law requires a different venue.

Before starting formal proceedings, the parties will try in good faith to resolve disputes through business escalation for at least thirty (30) days, unless urgent injunctive relief, security action, or preservation of rights is needed.

29. Miscellaneous

You may not assign or transfer these Terms or an Order without our prior written consent, except to a successor in connection with a merger, reorganization, or sale of substantially all assets, provided the successor is not our competitor and agrees to be bound by these Terms. We may assign these Terms in connection with a merger, reorganization, sale of assets, financing, corporate restructuring, or transfer to an affiliate.

Neither party is liable for delay or failure to perform caused by events beyond its reasonable control, including internet or cloud provider failures, labor disputes, war, terrorism, civil unrest, government action, natural disaster, epidemic, power failure, or denial-of-service attacks, except that payment obligations are not excused.

If any provision is unenforceable, the remaining provisions remain in effect and the unenforceable provision will be modified to the minimum extent necessary to make it enforceable. Failure to enforce a provision is not a waiver. These Terms, together with Orders and incorporated documents, are the entire agreement for the Service and replace prior or contemporaneous discussions about the same subject.

30. Contact

Questions about these Terms may be sent to:
Haxoris Labs s. r. o.
Email: info@phishgun.com