Skip to content

Whistic Terms of Service

May 10, 2024

These Terms of Service govern your access and use of this website, and any affiliated websites, features, services, mobile applications, products, software and other services, or any portion thereof (collectively, the “Whistic Technology”), including any of the foregoing purchased, accessed or subscribed for in connection with these Terms of Service (together with the Whistic Technology, the “Services”), owned or controlled by Whistic, Inc., a Delaware corporation, and/or its affiliated companies (“Whistic”).

The Whistic Services include a platform for assessing, publishing, and sharing information relating to the security and compliance of a company, such as information regarding a company’s security controls and procedures, audits, certifications, security assessment questionnaires, answers to such questionnaires, and other documents, information and materials uploaded, posted, imported or stored through Customers’ use of the Services (all of the foregoing, including Customer Data (as defined below), is referred to in these Terms of Service as “Content”). 

The publishing and sharing functionality included in the Services may be used by Customers (as defined below) to provide other third-party users of the Services (“Other Whistic Users”) with access to certain Content, generally in a selective manner as further described within the Services. The sharing of Content as described herein is typically (but not only) accomplished by sharing Content via a Whistic Profile. In addition, the Services may provide Customers with the ability to publish certain Content to the Whistic Trust Catalog (which will enable Other Whistic Users to access such Content), to remove certain Content that Customer previously published to the Whistic Trust Catalog, and to publish certain Content to third-party websites operated by Whistic partners. Customers may choose not to share certain Content with Other Whistic Users via the Services, and they may also elect to require approval before such Content is shared. Whistic does not (i) publish or share your Content on your behalf without your having approved such publishing or sharing, or (ii) display your Content on the Services without your permission. Section 4 of these Terms of Service sets forth certain terms and license rights with respect to Content, which are required in order for Whistic to be able to provide the Services.

Whistic has three different types of customers depending on the Whistic Services being purchased, accessed or subscribed for in connection with this Agreement:

Free Users,” who are customers who have registered for free accounts (such as vendors or service providers registering in response to an inquiry from a third party or users registering to review a Whistic Profile of a company you are evaluating). The scope of Services provided and accessible to Free Users is limited to those services and access rights made available by Whistic to such Free User from time to time.

Subscribers,” who are customers that have subscribed for paid services from Whistic or through an authorized Whistic reseller in one or more order forms or other agreements (each, an “Order Form”). The scope of Services provided and accessible to Subscribers is limited to those services and access rights set forth on the applicable Order Form. In the event of any discrepancy between these Terms of Service and the terms of the Order Form, the terms of the Order Form shall govern.

"Authorized Users" are individual users who have been authorized to access the Services on behalf of a Subscriber or Free User. The scope of Services for Authorized Users is governed in the same manner and to the same extent as the Subscriber or Free User (as applicable) on whose behalf such Authorized User is accessing the Services.   

Free Users, Subscribers, and Authorized Users are referred to in these Terms of Service (whether they be an individual, company, business, corporation, or other entity) as “Customers.” Regardless of what type of Customer you are, these Terms of Service along with any Order Form (collectively, this “Agreement”), create a legal agreement directly between you and Whistic and explain the rules governing your use of the Services. If you are accepting this Agreement on behalf of a company, business, corporation, or other entity, you and the applicable company, business, corporation, or other entity each represent and warrant that you have the authority to bind such entity to this Agreement, in which case the term “Customer” will refer to such entity. Whistic and Customer are each referred to herein as a “Party” and together as the “Parties.”


1. Scope of Service; Term

1.1. During the Term (as defined below) Whistic grants Customer and its Authorized Users a limited, non-exclusive, non-transferable (except in accordance with Section 9.3) license to access and use the Services for Customer’s own internal business purposes in accordance with the terms of this Agreement. Additionally, Whistic may agree to provide Customer (a) certain implementation services to assist with Customer’s usage of the Services (“Implementation Services”), or (b) professional services, in each case, as agreed to between the Parties and set forth in an Order Form or other separate agreement or addendum between the Parties, and which shall be governed by these Terms of Service. With respect to Subscribers, Whistic will use commercially reasonable efforts to provide the Services to each Subscriber in accordance with Whistic’s then-current Service Level Agreement and Support Terms (the current version of which is set forth at Whistic will use commercially reasonable efforts to notify Subscriber if the Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance.

1.2. Whistic reserves all rights not expressly granted in and to the Services.

1.3. As a condition of Customer’s use of and access to the Services, Customer agrees not to use the Services for any unlawful purpose or in any way that violates this Agreement. Any use of the Services in violation of this Agreement may result in, among other things, termination or suspension of Customer’s account and ability to use the Services. Customer may not engage in any of the following prohibited activities: (a) directly or indirectly, reverse engineer, decompile, disassemble, separate or otherwise attempt to discover or derive the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services (“Software”); (b) copy, distribute, convey, or disclose any part of the Services in any medium, including without limitation by any automated or non-automated “scraping”; (c) collect or harvest any personally identifiable information (“PII"), including account names, from the Services; (d) modify, adapt, translate, or create derivative works based on the Services or the Software; (e) transfer, sell, lease, syndicate, subsyndicate, lend, or use the Services or any Software for cobranding, timesharing or service bureau purposes or otherwise for the benefit of a third party; (f) use any automated system, including without limitation “robots,” “spiders,” “offline readers,” etc., to access the Services, or access any content or features of the Services through any technology or means other than those provided or authorized by the Services; (g) transmit spam, chain letters, or other unsolicited email; (h) intentionally or knowingly engage in any activity that interferes with or disrupts the Services or servers or networks connected to the Services; (i) remove, deface, obscure, or alter any proprietary notices or labels; (j) intentionally or knowingly use the Services in any manner in violation of any applicable laws or regulations; (k) attempt to interfere with, compromise the system integrity or security, or decipher any transmissions to or from the servers running the Services; upload invalid data, viruses, worms, or other software agents through the Services; bypass the measures Whistic may use to prevent or restrict access to the Services, including without limitation features that prevent or restrict use or copying of any content or features or enforce limitations on use of the Services or the content or features therein; (l) impersonate another person or otherwise misrepresenting Customer’s affiliation with a person or entity, conducting fraud, hiding or attempting to hide Customer’s identity; or (m) access, distribute, or use for any commercial purposes any part of the Services or any services or materials available through the Services.

1.4. The “Term” of Customer’s use of the Services shall be: (a) for Subscribers: the Order Form Term (as defined below); and (b) for Free Users: for so long as such Free User continues to use or otherwise access the Services or until Whistic discontinues Free User’s use of the Services for any reason. With respect to an Order Form, the “Order Form Term” means, except as otherwise expressly set forth in such Order Form, and except as otherwise earlier terminated in accordance with these Terms, (i) the period commencing on the effective date set forth in such Order Form and continuing for the initial term set forth therein (the “Order Form Initial Term”), and (ii) additional successive renewal terms (each, a “Order Form Renewal Term”), as mutually agreed to by the Parties in a new or revised Order Form. In the case of Subscribers, either Whistic or Subscriber may terminate this Agreement for cause if the other Party materially breaches this Agreement, and such breach remains uncured within fifteen (15) days after receipt of written notice. If Subscriber terminates this Agreement for cause in accordance with the foregoing subsection, Whistic will promptly refund to Subscriber any prepaid Fees, prorated for the unused portion of the Term. Without limiting the foregoing, Whistic may suspend or limit Subscriber’s access to or use of the Service if Subscriber’s account is more than thirty (30) days past due.

1.5. Upon the termination or expiration of this Agreement, (a) all rights and licenses granted by Whistic to Customer shall immediately cease (except as set forth in this Section 1.5) and (b) unless mutually agreed upon by the Parties to do otherwise, Whistic will make all Customer Data (as defined below) available to Customer for electronic retrieval for a period of thirty (30) days, after which Whistic will permanently delete stored Customer Data in Whistic’s possession or control following a written request from such Customer to do so; provided, however, Whistic may retain copies of Customer Data: (i) in order to comply with applicable law, regulation or professional standards; (ii) on servers or back-up sources if such Customer Data is deleted from local hard drives and no attempt is made to recover such Customer Data from such servers or back-up sources, and/or (iii) as set forth in Section 4.2.

1.6. Customer is entirely responsible for maintaining the confidentiality of its password and account. Furthermore, Customer is entirely responsible for any and all activities that occur under its account. Customer agrees to notify Whistic immediately of any known or suspected unauthorized use of its username and password or any other breach of security. Customer, and not Whistic, will be liable for any loss that Customer, Whistic and any other party may incur as a result of someone else using Customer’s username, password, or account, only in the event and to the extent that such use is either permitted by Customer or is a result of Customer’s failure to maintain the confidentiality of Customer’s password and account information. Customer may not use anyone else’s account at any time, without the written permission of the account holder. Customer’s account is unique to Customer and may not be transferred to any third party.

1.7. The Whistic Technology and the Services may be modified by Whistic at its discretion from time to time (provided that solely with respect to Subscribers, such modifications will provide reasonably comparable levels of support and functionality). With respect to Free Users, Whistic: (a) reserves the right to withdraw or amend the Whistic Technology, and any of the Services or material Whistic provides on the Whistic Technology, in its sole discretion without notice; (b) will not be liable if, for any reason, all or any part of the Whistic Technology is unavailable at any time or for any period; and (c) may from time to time restrict access to some parts of the Whistic Technology, or the entire Whistic Technology. 

1.8. Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like.

2. Account Registration

2.1. Prior to using the Services, Free Users and Authorized Users must complete the account registration process by providing Whistic with current, complete, and accurate information as prompted by the applicable registration form. Free User and Authorized User agree to register only once using a single username and agree it will not (a) register on behalf of another person; (b) register under the name of another person or under a fictional name or alias; (c) choose a username that constitutes or suggests an impersonation of any other person (real or fictitious) or entity or that Free User or Authorized User is a representative of an entity when it is not, or that is offensive; (d) choose a username for the purposes of deceiving or misleading users and/or Whistic as to Free User’s or Authorized User’s true identity; or (e) choose a username that incorporates a solicitation. Free User and Authorized User agree to maintain and update any account registration information to keep it true, accurate, current and complete. If any information provided by Free User or Authorized User is untrue, inaccurate, not current, incomplete, or otherwise violates the restrictions as set forth above, Whistic has the right to terminate Free User’s or Authorized User’s account and refuse any and all current or future use of the Services. 

3. Subscriber Fees

3.1. Unless Customer is using the Services as a Free User or has purchased the Services via an authorized partner or reseller, Customer will pay Whistic the Service Fee and the Implementation Service Fee (as described in the Order Form) and any other fees for the Services and Implementation Services as set forth herein in accordance with the terms of this Agreement (the “Fees”). Except as otherwise specified herein or in an Order Form, payment obligations to Whistic are non-cancelable and fees paid are non-refundable. Any refunds provided hereunder will be made to the entity that paid the applicable Fees to Whistic and, if applicable, Customer will look solely to the authorized partner or reseller to recover the same. If Customer requires that a purchase order be issued prior to the issuance of any invoice or payment of any Fees, then Customer shall promptly issue all such purchase orders (and any delay in issuing such purchase orders shall not affect the due date of any payments due hereunder). Whistic will commence the Implementation Services, if any, promptly following the execution of the Order Form.

3.2. To the extent that any Order Form sets forth specific payment terms for the Fees, such terms will prevail over any inconsistency with this Section 3.2. Service Fees and any Implementation Service Fee shall be paid within thirty (30) days of the execution of the Order Form. With respect to any annual Fees payable under an Order Form beyond the first year of the applicable Order Form Initial Term (including subsequent years of such Order Form Initial Term, as well as years attributable to Order Form Renewal Terms (if any)), Whistic will automatically bill Customer for the Service Fee at its then-current rate upon thirty (30) days in advance of the start of such year.

3.3. Whistic may periodically review each Subscriber’s usage of the Services to ensure such Subscriber is not exceeding their permitted usage, as applicable (the “Service Capacity”). If a Subscriber is found to be exceeding the Service Capacity, then Whistic will notify Subscriber of the same and provide Subscriber a thirty (30) day period to comply with the Service Capacity. Subscribers may be responsible for additional fees if, following such thirty (30) day notice period, usage of the Services continues to exceed the Service Capacity. In such event, Subscriber shall be billed for such usage and Subscriber agrees to pay the additional fees in the manner provided herein.

3.4. If a Subscriber believes that Whistic (or an authorized partner or reseller, as applicable) has billed Subscriber incorrectly, Subscriber must contact Whistic (or the authorized partner or reseller, as applicable) no later than 60 days after the closing date on the first billing statement in which the error or problem appeared in order to receive an adjustment or credit. Except as otherwise specified in an Order Form between Whistic or the applicable authorized partner or reseller, unpaid amounts will be subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is less, plus all expenses of collection and may result in immediate termination or suspension of the Services. All Fees and other amounts payable under this Agreement are exclusive of taxes and similar assessments.

4. Content; Feedback

4.1 This Section 4 sets forth certain terms and license rights with respect to Content which Whistic requires in order to provide the Services, and which vary depending on the type of Content involved:

Content TypeDefinitionExample Content applicable only to a Customer assessing vendors in WhisticExample Content applicable only to a Customer sharing their Whistic Profile  
Private ContentContent stored in Customer’s own account on the Services in a manner that is viewable by only Customer and/or its Authorized Users.·  Your vendor catalog, which contains your internal notes and decisions you make during your assessments·  Your customer catalog, which contains a record of the Whistic Profiles you shared and who you shared the Profiles with 
Limited Audience ContentContent that Customer decides to publish or share in a manner that Customer-designated Other Whistic Users can view.·  Your custom questionnaires that you invite your vendors to respond to·  The documents and self-assessment questionnaire responses contained in your Whistic Profile that you share with your prospects and customers
Platform ContentContent that Customer decides to publish or share generally on the Services in a manner that can be viewed by more than just a specific set of Customer-designated Other Whistic Users ·  The documents and self-assessment questionnaires contained in your Whistic Profile that you publish to the Trust Catalog
Generally-Accessible ContentContent that Customer decides to publish or share in a manner that can be viewed not only by Other Whistic Users, but also by other third parties and/or on other websites, services or platforms. ·  General identifying information regarding your company (corporate or product name, logo, etc.) and general identifying information regarding your Whistic Profile which you choose to share with other websites or platforms via a Whistic partnership or integration

4.2.  Customer may request that Whistic delete Customer Data as set forth in Section 1.5. However, Customer specifically acknowledges and agrees that, to the extent that Limited Audience Content, Platform Content and Generally-Accessible Content has previously been provided to, or copied or stored by other users, such Content may be retained by Whistic for the purpose of continuing to provide access to such Content to such users (and the licenses set forth herein will continue for so long as such access is provided). Conversely, if you have copied or stored Content that was originally provided by Other Whistic Users into your own Whistic account, Whistic will not delete your own instance of such information without your permission.

4.3.  In furtherance of the foregoing, and notwithstanding anything else, Customer hereby grants Whistic the following licenses:

(a) For all Content, Customer hereby grants Whistic a license to display, perform, translate, modify (for technical purposes, for example, making sure Content is viewable on a mobile device), distribute, retain, reproduce and otherwise act with respect to such Content (collectively, “Use”), in each case to enable Whistic to provide the Services; provided that for clarity, Whistic will not publish, share or display your Content with third parties (including Other Whistic Users) except as set forth below.

(b) For Private Content, Customer also grants Whistic a license to Use such Private Content for the sole purpose of making that Private Content accessible to Customer and its Authorized Users.

(c) For Limited Audience Content, Customer grants Whistic the licenses above, as well as a license to Use such Limited Audience Content for the purpose of making that Limited Audience Content accessible to the Other Whistic Users with whom Customer has decided to share or publish such Limited Audience Content. Also, Customer grants such Other Whistic Users a license to Use that Limited Audience Content as permitted by the functionality of the Services.  

(d) For Platform Content, Customer grants Whistic the licenses above, as well as a license to Use such Platform Content for the purpose of making that Platform Content accessible to all users of the Services. Also, Customer grants all other users of the Services a license to Use that Platform Content as permitted by the functionality of the Services.

(e) For Generally-Accessible Content, Customer grants Whistic the licenses above, as well as a license to Use such Generally-Accessible Content for the purpose of making that Generally-Accessible Content accessible to potential users of the Services, Whistic’s actual and potential business partners, and other third parties, as well as all other rights necessary to use and exercise all rights in that Generally-Accessible Content in connection with the Services and/or otherwise in connection with Whistic’s business. Also, Customer grants all other users of the Services a license to Use that Generally-Accessible Content as permitted by the functionality of the Services. Customer agrees that the licenses granted in this Section 4.3 are royalty-free, sublicensable, irrevocable, and worldwide, and will in each case last for a time period consistent with the applicable license purposes set forth above.  Finally, Customer acknowledges and agrees that Whistic may obtain certain data, information and materials from publicly available sources and from Whistic’s data providers, licensors, and other partners, and that nothing herein shall be deemed to limit Whistic’s ability to use or make available the foregoing.

4.4. Customer is responsible for all Content uploaded, posted or stored through Customer’s use of the Services. Whistic is not responsible for any lost or unrecoverable Content other than as a result of Whistic’s gross negligence or willful misconduct. Although Whistic has no obligation to monitor the Content or Customer’s use of the Services, Whistic may, in its sole discretion, remove any Content, in whole or in part, or prohibit any use of the Services alleged to be unacceptable, undesirable, inappropriate, or in violation of this Agreement.

4.5. From time to time, Whistic may provide opportunities for users to voluntarily submit feedback and ideas for improvements related to the Services. Customer agrees that (a) its feedback and expression of its ideas and/or improvements will automatically become the property of and owned by Whistic; (b) Whistic may use or redistribute Customer’s feedback and its contents for any purpose and in any way and without any restrictions, except that Whistic agrees to keep the name of the Customer associated with such feedback confidential; (c) there is no obligation for Whistic to review any feedback; (d) there is no obligation to keep any feedback confidential; and (e) Whistic shall have no obligation to Customer or contract with Customer, implied or otherwise. By providing feedback or ideas, Customer acknowledges and agrees that Whistic and its designees may create on its own or obtain many submissions that may be similar or identical to the feedback or ideas that Customer submits through the Services or other channels and means. Customer hereby waives any and all claims it may have had, may have, and/or may have in the future, that the submissions accepted, reviewed and/or used by Whistic and its designees may be similar to Customer’s feedback or ideas.

5. Confidentiality; Proprietary Rights

5.1. Each Party (the “Receiving Party”) understands that the other Party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Proprietary Information of Whistic includes non-public information regarding features, functionality and performance of the Services, including without limitation, Whistic’s proprietary CrowdConfidence scoring algorithm.  Proprietary Information of each Customer includes non-public data about that Customer provided by that Customer to Whistic (“Customer Data”), Content, and any data or information derived from Customer’s use of the Services. For the avoidance of doubt, Customer Data does not include Aggregate Data (as defined below) or any data, information or content uploaded by third parties other than Customer. The Receiving Party agrees to take reasonable precautions to protect such Proprietary Information, and, except to use or perform the Services or as otherwise permitted herein, not to use or divulge to any third person any such Proprietary Information; provided, however, the Receiving Party may disclose Proprietary Information to its contractors and/or agents who have a legitimate need to know the Proprietary Information and who are bound by obligations of confidentiality at least as stringent as those contained herein. The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof, or any information that the Receiving Party can document (a) is or becomes generally available to the public through no action of the Receiving Party in violation of this Agreement, (b) was in its possession or known by it prior to receipt from the Disclosing Party, (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party.

5.2. The Parties hereby acknowledge and agree that any breach of or default of a Party’s obligations of confidentiality under this Agreement shall cause damage to the other Party in an amount that is difficult to ascertain.  Accordingly, in addition to any other relief to which a Party may be entitled, the non-defaulting Party shall be entitled, without proof of actual damages, to seek any injunctive relief ordered by any court of competent jurisdiction including, but not limited to, an injunction restraining any violation of the defaulting Party’s obligations of confidentiality hereunder.

5.3. If the Receiving Party or any of its representatives is compelled by applicable law to disclose any Proprietary Information then, to the extent permitted by applicable law, the Receiving Party shall: (a) promptly, and prior to such disclosure, notify the Disclosing Party in writing of such requirement so that the Disclosing Party can seek a protective order or other remedy, or waive its right to confidentiality pursuant to the terms of this Agreement; and (b) provide reasonable assistance to the Disclosing Party, at the Disclosing Party’s sole cost and expense, in opposing such disclosure or seeking a protective order or other limitations on disclosure. If the Disclosing Party waives compliance or, after providing the notice and assistance required under this Section 5.3, the Receiving Party remains required by law to disclose any Proprietary Information, the Receiving Party shall disclose only that portion of the Proprietary Information that, on the advice of the Receiving Party’s legal counsel, the Receiving Party is legally required to disclose and, upon the Disclosing Party’s request, shall use commercially reasonable efforts to obtain assurances from the applicable court or other presiding authority that such Proprietary Information will be afforded confidential treatment. No such compelled disclosure by the Receiving Party will otherwise affect the Receiving Party’s obligations hereunder with respect to the Proprietary Information so disclosed.

5.4. Customer shall own and retain all right, title and interest in and to its Proprietary Information, including the designs, trademarks, service marks, and logos of Customer. Whistic shall own and retain all right, title and interest in and to its Proprietary Information, including (a) the Services and Software, and all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with the Implementation Services or support, (c) all intellectual property rights related to any of the foregoing, and (d) the designs, trademarks, service marks, and logos of Whistic and the Services, whether owned by or licensed to Whistic.  

5.5. Notwithstanding anything to the contrary in this Agreement, Whistic shall have the right (during and after the Term hereof) to use data and information related to Customer’s use of the Services in an aggregate and anonymized manner (“Aggregate Data”) for its internal business purposes to improve and enhance the Services, to compile statistical and performance information, and for other development, diagnostic and corrective purposes in connection with the Services and Whistic’s other offerings. Any rights not expressly granted herein are deemed withheld.

5.6 In addition to the foregoing, with respect to Subscribers only, Whistic will (i) maintain commercially reasonable and appropriate technical and organizational measures designed to secure Customer Data against unauthorized and unlawful loss, access or disclosure, (ii) maintain physical, electronic and procedural safeguards in compliance with applicable privacy laws, including, but not limited to: (a) the maintenance of appropriate safeguards to restrict access to Customer Data to the employees, agents, licensors or service providers of Whistic who need that information to carry out Whistic’s obligations under this Agreement; (b) procedures and practices for safe transmission or transportation of the Customer Data; and (c) the maintenance of appropriate safeguards to prevent the unauthorized access of the Customer Data

6. Warranty and Disclaimer

6.1. Each Party hereby represents, covenants, and warrants that: (a) it shall be in compliance with all applicable laws and regulations during the Term in the performance of this Agreement; (b) it has the full right, power, and authority to enter into this Agreement; (c) the performance of its obligations under this Agreement do not and will not violate any other agreement to which it is a party; and (d) this Agreement constitutes a legal, valid, and binding obligation when agreed to. Customer further represents and warrants that it owns or has the necessary licenses, rights, consents, and permissions to publish and submit the Content and Customer Data. Customer further agrees that the Content and Customer Data it submits to the Services will not contain third party copyrighted material, or material that is subject to other third-party proprietary rights, unless Customer has permission from the rightful owner of the material or Customer is otherwise legally entitled to post the material and to grant Whistic all of the license rights granted herein.

6.2. Customer acknowledges that the Services are controlled and operated by Whistic from the United States. If Customer or any of its authorized users are located outside of the United States and choose to provide information to Whistic via the Services, Whistic will transfer the information, including personal information, to the United States and process it there. Whistic does not represent or warrant that the Services, or any part thereof, are appropriate or available for use in any particular jurisdiction. Customer and its authorized users are subject to United States export controls in connection with the use of the Services and/or services related thereto and are responsible for any violations of such controls, including, without limitation, any United States embargoes or other federal rules and regulations restricting exports.


7. Subscriber Indemnification

7.1. Whistic shall indemnify, defend and hold harmless each Subscriber and each Subscriber’s officers, directors, employees, agents, permitted successors and assigns (each, a “Subscriber Indemnitee”) from and against any and all liabilities, claims, damages, losses and expenses (including reasonable attorneys’ fees) (“Claims”) incurred by Subscriber Indemnitee resulting from an action by a third party (other than an affiliate of Subscriber Indemnitee) which alleges that Subscriber’s use of the Services in accordance with this Agreement infringes or misappropriates such third party’s intellectual property rights. The foregoing obligation does not apply to the extent that the alleged infringement arises from (a) access to or use of the Services in a modified form or in combination with any hardware, system, software, network, or other materials or service not provided by Whistic (to the extent that the combination is the cause of the Claims); (b) any Content, Customer Data, or other information or data provided by Customer, any Authorized User or any other third party where such is the proximate cause of the Claim; (c) any Claims related to Subscriber’s infringement of any third party intellectual property; (d) where Subscriber continues allegedly infringing activity after being notified thereof or after being informed of modifications, upgrades, replacements or enhancements made available to Subscriber by or on behalf of Whistic; or (e) where Subscriber’s use of the Services is not strictly in accordance with this Agreement. If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be, or is believed by Whistic to be infringing, Whistic may, at its option and expense: (a) replace or modify the Services to be non-infringing, provided that such modification or replacement contains substantially similar features and functionality, (b) obtain for Subscriber a license to continue using the Services, or (c) if neither of the foregoing is commercially practicable, terminate this Agreement and Subscriber’s rights hereunder and provide Subscriber a prorated refund of any prepaid, unused Fees for the Services.

7.2. Subscriber shall indemnify, defend, and hold harmless Whistic and Whistic’s officers, directors, employees, agents, permitted successors and assigns (each, a “Whistic Indemnitee”) from and against any Claims incurred by Whistic Indemnitee resulting from an action or claim by a third party (other than an affiliate of Whistic Indemnitee) arising out of or related to: (a) Customer Data, or (b) Subscriber’s violation of Section 1.3, or of any terms of use or similar terms with respect to any Third-Party Sites, Third-Party Links, or Third-Party Content.

7.3. The obligations of the indemnifying party under this Section 7 (the “Indemnifying Party”) shall be conditioned on the other party (the “Indemnified Party”) providing the Indemnifying Party with (i) prompt notice of any claim for which indemnification is sought (provided that a failure to provide prompt notice shall not relieve the Indemnifying Party of its obligations hereunder except to the extent the Indemnifying Party is prejudiced by such failure), (ii) the option to assume sole control of the defense of the claim and all negotiations for any settlement or compromise (provided that (A) the Indemnified Party is entitled to participate in its own defense at its sole expense, and (B) any settlement or compromise cannot obligate Indemnified Party in any manner without Indemnified Party’s prior written consent, which consent will not be unreasonably withheld), and (iii) reasonable assistance in connection with such claim (at the Indemnifying Party’s expense).

7.4. This Section 7 sets forth Subscriber’s sole remedies and Whistic’s sole liability and obligation for any actual, threatened, or alleged Claims that the Services or any subject matter of this Agreement infringes, misappropriates, or otherwise violates any intellectual property rights of any third party.

8. Limitation of Liability



9. Miscellaneous

9.1. Survival. The following Sections of this Agreement will survive the termination or expiration of this Agreement: Section 1.5, 2.1, 3, 4, 5, 6, 7, 8, and 9.

9.2. Severability. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.  

9.3. Assignment. This Agreement is not assignable, transferable or sublicensable by either Party except with the other’s prior written consent; provided, however, that either Party may assign or transfer this Agreement: (a) to an affiliate where (i) the assignee has agreed in writing to be bound by the terms of this Agreement, (ii) the assigning Party remains liable for obligations under this Agreement if the assignee defaults on them, and (iii) the assigning Party has notified the other Party of the assignment, in writing; and (b) in the event of a merger, sale of substantially all of the stock, assets or business, or other reorganization involving the assigning Party, and the non-assigning Party’s prior written consent shall not be required in such instance with the express understanding that in cases where the assigning Party is not the surviving entity, this Agreement will bind the successor in interest to the assigning Party with respect to all obligations hereunder. Any other attempt to transfer or assign is void.

9.4. Force Majeure. In the event that either Party hereto shall be delayed, hindered, or prevented from the performance of any act required hereunder, other than a payment obligation, by reason of strikes, lock-outs, labor troubles, inability to procure materials or services, failure of power, riots, insurrections, war or other reasons of a like nature not the fault of the Party delayed in performing work or doing acts required under the terms of this Agreement, such Party shall immediately provide notice to the other Party of such delay, and performance of such act shall be excused for the period of the delay and the period for the performance of any such act shall be extended for a period equivalent to the period of such delay.

9.5. Entire Agreement. This Agreement is the complete and exclusive statement of the mutual understanding of the Parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement. All waivers and modifications must be in a writing signed by both Parties, except as otherwise provided herein.

9.6. Modification. Whistic may revise and update these Terms of Service from time to time in its sole discretion, provided that Whistic shall notify Customer in writing (including by email) of any changes, which shall be deemed immediately binding unless Customer provides Whistic with written notice within seven (7) days following Customer’s receipt of the initial notice, stating Customer’s objections to such changes, in which case the proposed changes shall be deemed effective only to the extent not objected to by Customer in the written objection. Customer’s continued use of the Services following the posting of revised Terms of Service is acknowledgment that Customer accepts and agrees to the changes. Notwithstanding the foregoing, any changes to the dispute resolution provisions set forth in Section 9.12 will not apply to any disputes for which the Parties have actual notice on or before the date the change is posted on this website. 

9.7. Relationship of the Parties. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Whistic in any respect whatsoever.

9.8. Third-Party Sites. The Services may contain links to third-party advertisers, websites or services (“Third-Party Sites”). Customer acknowledges and agrees that Whistic is not responsible or liable for: (i) the availability or accuracy of such Third-Party Sites, or (ii) the content, products, or resources on or available from such Third-Party Sites. Any Third-Party Sites do not imply any endorsement by Whistic of those websites or services. If Customer decides to access any of the Third-Party Sites linked to the Services, Customer does so entirety at its own risk and subject to the terms and conditions of use for such Third-Party Sites and acknowledges sole responsibility for and assumes all risk arising from its use of any such Third-Party Sites.

9.9. Third-Party Products and Third-Party Content. In connection with the Services, Customer may purchase and have access to or use applications, integrations, software, services, systems, or other products not developed by Whistic (“Third-Party Products”), or data/content derived from such Third-Party Products or arising out of an agreement between Whistic and such third-party, including, but not limited to, PCI DSS Content, as more fully set forth in Section 10 (collectively, “Third-Party Content”). Whistic cannot guarantee that such Third-Party Content will be free of material you may find objectionable or otherwise. Additionally, Whistic does not warrant or support Third-Party Products or Third-Party Content (whether or not these items are designated by Whistic as verified or integrated with the Services) and disclaims any and all responsibility and liability for these items and their access to or integration with the Services, including their modification, deletion, or disclosure. Customer acknowledges and agrees that such Third-Party Products and Third-Party Content constitute the “confidential information” of the owner of such Third-Party Products and Third-Party Content, and as such, Customer agrees to take reasonable precautions to protect such Third-Party Products and Third-Party Content, and not to use (except in connection with the Services or as otherwise permitted by owner in writing) or divulge to any third person any such Third-Party Products or Third-Party Content except to its contractors and/or agents who have a legitimate need to know and who are bound by obligations of confidentiality at least as stringent as those contained herein.

9.10. PCI DSS Content. You acknowledge that the Services incorporate content from the Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures (the “PCI DSS Content”), arranged by Whistic in questionnaire format. The PCI DSS Content is being provided pursuant to the terms of a license agreement between Whistic and PCI Security Standards Council, LLC (“PCI”). Portions of the text provided or made accessible through the Service and/or the questionnaires generated through the Service originate from the Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures (“PCI DSS”), which is owned and published by PCI Security Standards Council, LLC (“PCI”). Such portions (“PCI DSS Content”) are being provided as a courtesy of PCI under license. By accessing or using PCI DSS Content, you expressly agree: (i) not to sell, offer for sale, market, sublicense, distribute, publish, disclose or otherwise make accessible, copy, modify, create derivative works based upon, or use (other than for your own internal review and study purposes) any portion of the PCI DSS Content as provided or accessible through the Services other than for the purpose of using the Services and/or the questionnaires generated through the Services, in each case, in accordance with the Whistic Terms of Service; and (ii) to download a copy of the full Payment Card Industry PCI DSS from PCI’s website at and accept the terms of the applicable PCI DSS license agreement on such website (“PCI DSS License”) prior to using any portion of the PCI DSS Content for any other purpose, including but not limited to for purposes of implementing the PCI DSS. You acknowledge and agree that PCI does not endorse Whistic, the Services, or the methods, procedures, statements, views, opinions or advice contained therein. All references to PCI DSS Content should be read as qualified by the PCI DSS Content as set forth on PCI’s website.

9.11. Notices. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. Any notices to Whistic may be sent to or by mail addressed to 365 S. Garden Grove Lane, Suite 220, Pleasant Grove, UT 84062.

9.12. Governing Law. This Agreement shall be governed by the laws of the State of Delaware without reference to conflict of law principles. Any dispute between the Parties arising out of or related to this Agreement shall be resolved exclusively by JAMS arbitration, which shall be held in Utah or another location mutually agreed upon, and conducted in accordance with the JAMS then in effect. Judgment upon the award rendered shall be final and non-appealable and may be entered in any court having jurisdiction. The prevailing Party shall be entitled to recovery of all its reasonable attorneys’ fees from the other Party in addition to any other award of damages. Both Parties waive any right to participate in any class action involving disputes between the Parties, and the Parties are each waiving the right to a trial by jury. All claims must be brought in the Parties’ individual capacity, and not as a plaintiff or class member in any purported class or representative proceeding, and, unless agreed otherwise by Whistic, the arbitrator may not consolidate more than one person’s claims. This class action waiver is an essential part of this arbitration agreement and may not be severed. If for any reason this class action waiver is found unenforceable, then the entire arbitration agreement will not apply. However, the waiver of the right to trial by jury set forth in this Section 9.12 will remain in full force and effect. CUSTOMER AND WHISTIC AGREE THAT ANY CAUSE OF ACTION ARISING OUT OF OR RELATED TO THE SERVICES OR THIS AGREEMENT MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.

9.13. Copyright Policy. Whistic respects the intellectual property rights of others and expects users of the Services to do the same. Whistic will respond to notices of alleged copyright infringement that comply with applicable law and are properly provided to Whistic’s designated copyright agent (“Copyright Agent”). Whistic’s designated Copyright Agent to receive notifications of claimed infringement is:

Whistic, Inc.
365 S. Garden Grove Lane, Suite 220  
Pleasant Grove, UT 84062 
Attn: Whistic Legal

Get started today

See it in Action!

Schedule a demo today and find out how Whistic’s dual-sided platform can transform your third-party risk assessment process.

Get a Demo

Get Started for Free

Set up your Whistic Basic Profile! In a few short steps, you can centralize all your security documentation, control access, publish and share.

Start Your Profile