Other Policies

Quick Navigation

Data Processing AgreementMarketplace TermsExpert AgreementEnterprise AgreementSecurity Policy

Data Processing Agreement

Last Updated: December 27, 2024

This Data Processing Agreement ("DPA") forms part of the agreements between ThreatX ("Processor" or "Company") and its clients ("Controller" or "Client") regarding the processing of personal data in accordance with Indian data protection laws, including the Digital Personal Data Protection Act and Information Technology Act, 2000.

Quick Navigation

DefinitionsRoles and ResponsibilitiesProcessing ScopeSecurity MeasuresData TransfersSubprocessingAudits and ComplianceIncident ManagementData Subject RightsTermination and Data ReturnGoverning LawContact Information

Last Updated: December 27, 2024

This DPA shall be governed by and construed in accordance with the laws of India. Any disputes arising from or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts in [City], India.

1. Definitions

  • "Personal Data": Any information relating to an identified or identifiable natural person ("Data Subject") as defined under applicable Indian data protection laws.
  • "Processing": Any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or erasure.
  • "Data Subject": An identified or identifiable natural person to whom the Personal Data relates.
  • "Data Protection Laws": All applicable laws relating to data protection in India, including:
    • Digital Personal Data Protection Act
    • Information Technology Act, 2000
    • Information Technology Rules, 2011
    • CERT-In directions and guidelines
  • "Security Incident": Any unauthorized or unlawful access, disclosure, alteration, loss, or destruction of Personal Data.

2. Roles and Responsibilities

2.1 Controller Obligations

  • Ensure lawful basis for processing
  • Provide documented instructions for processing
  • Ensure accuracy and quality of Personal Data
  • Respond to Data Subject requests
  • Maintain records of processing activities
  • Conduct impact assessments when required

2.2 Processor Obligations

  • Process data only on documented instructions
  • Implement appropriate security measures
  • Assist Controller with Data Subject requests
  • Maintain processing records
  • Support security audits and assessments
  • Report security incidents promptly

3. Processing Scope

3.1 Categories of Data

Personal Data

  • Contact information
  • Professional details
  • Account credentials
  • Usage data
  • IP addresses

Sensitive Data

  • Security incident details
  • System access logs
  • Authentication data
  • Network information

3.2 Processing Activities

  • Threat detection and analysis
  • Security incident response
  • User authentication and authorization
  • Platform functionality provision
  • Analytics and reporting
  • Service improvement

4. Security Measures

4.1 Technical Measures

  • Encryption at rest and in transit
  • Access control and authentication
  • Network security controls
  • Monitoring and logging
  • Backup and recovery systems

4.2 Organizational Measures

  • Security awareness training
  • Access management procedures
  • Incident response plans
  • Regular security assessments
  • Documentation and policies

4.3 Compliance Controls

  • CERT-In compliance measures
  • Audit logging for 180 days
  • Synchronization with NTP servers
  • Regular vulnerability assessments
  • Security testing procedures

5. Data Transfers

5.1 Cross-Border Transfers

  • Compliance with data localization requirements
  • Transfer impact assessments
  • Standard contractual clauses
  • Transfer restrictions and safeguards

5.2 Transfer Mechanisms

  • Data mirroring requirements
  • Encryption standards
  • Access controls
  • Audit trails

6. Subprocessing

6.1 Subprocessor Management

  • Authorization requirements
  • Due diligence procedures
  • Contractual obligations
  • Ongoing monitoring

Current Authorized Subprocessors:

ServiceLocationPurpose
Cloud InfrastructureIndiaPlatform Hosting
Analytics ProviderIndiaUsage Analytics

7. Audits and Compliance

7.1 Audit Rights

The Controller has the right to audit the compliance of the Processor with this DPA, subject to the following conditions:

  • Thirty (30) days written notice required for regular audits
  • Immediate audit rights in case of security incidents
  • Audits conducted during normal business hours
  • Auditor qualifications and confidentiality requirements
  • Cost allocation between parties

7.2 Compliance Documentation

  • Regular compliance reports
  • Security certifications and attestations
  • Data protection impact assessments
  • Processing activity records
  • Technical and organizational measures documentation

7.3 Regulatory Cooperation

  • Support for regulatory inquiries
  • Assistance with compliance demonstrations
  • Cooperation with data protection authorities
  • Notification of regulatory changes

8. Incident Management

8.1 Incident Response Process

The Processor shall maintain and follow an incident response plan that complies with CERT-In guidelines and includes:

  • Incident detection and classification
  • Internal escalation procedures
  • 6-hour notification requirement for cybersecurity incidents
  • Investigation and containment measures
  • Recovery and remediation steps

8.2 Notification Requirements

Incident LevelNotification TimelineRequired Information
CriticalWithin 6 hoursFull incident details
HighWithin 24 hoursInitial assessment
Medium/LowWithin 72 hoursSummary report

9. Data Subject Rights

9.1 Rights Support

The Processor shall assist the Controller in fulfilling its obligations to respond to Data Subject requests, including:

  • Right to access personal data
  • Right to correction of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability

9.2 Response Procedures

  • Technical measures to identify relevant data
  • Process for verifying Data Subject identity
  • Response timelines and formats
  • Documentation requirements
  • Coordination with Controller

10. Termination and Data Return

10.1 Data Return

  • Return of all Personal Data upon termination
  • Secure data transfer procedures
  • Data format and documentation
  • Verification of complete transfer

10.2 Data Deletion

  • Secure deletion procedures
  • Retention of legally required data
  • Certification of deletion
  • Subprocessor deletion verification

11. Governing Law

This DPA shall be governed by and construed in accordance with the laws of India, specifically:

  • Information Technology Act, 2000
  • Digital Personal Data Protection Act
  • Information Technology Rules, 2011
  • CERT-In directions and guidelines

Any disputes arising from or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts in [City], India.

Contact Information

For questions about this agreement:

Data Protection Officer

Email: dpo@threatx.com

Phone: [Indian Contact Number]

Address: [Registered Office Address in India]

Marketplace Terms

Last Updated: December 27, 2024

Quick Navigation

IntroductionService Provider TermsClient TermsService QualityTransactionsReviews and RatingsDispute ResolutionPlatform RulesIntellectual PropertyLiability

The ThreatX Marketplace ("Marketplace") is a platform connecting cybersecurity experts ("Service Providers") with organizations and individuals seeking cybersecurity services ("Clients"). These terms govern all marketplace activities and are binding on all users.

1. Introduction

The ThreatX Marketplace ("Marketplace") is a platform connecting cybersecurity experts ("Service Providers") with organizations and individuals seeking cybersecurity services ("Clients"). These terms govern all marketplace activities and are binding on all users.

1.1 Marketplace Overview

  • Expert cybersecurity consulting services
  • Security assessment and audit services
  • Incident response support
  • Security training and education
  • Custom security solutions

1.2 Applicability

These terms apply in conjunction with our general Terms of Service, Privacy Policy, and other platform agreements. For cybersecurity services, they operate under the framework of Indian Information Technology laws and cybersecurity regulations.

2. Service Provider Terms

2.1 Eligibility Requirements

Professional Qualifications

  • Minimum 5 years of cybersecurity experience
  • Relevant certifications (CISSP, CEH, etc.)
  • Verified professional background
  • Clean security record

Legal Requirements

  • Valid business registration in India
  • Professional liability insurance
  • Compliance with IT Act regulations
  • Tax registration details

2.2 Service Listings

  • Accurate service descriptions required
  • Clear pricing and delivery terms
  • Scope of service limitations
  • Response time commitments
  • Required disclaimers and warnings

2.3 Service Provider Obligations

RequirementDescriptionTimeline
Response TimeInitial client inquiriesWithin 4 hours
Status UpdatesProject progress reportsDaily/Weekly
DocumentationService delivery reportsWithin 24 hours

3. Client Terms

3.1 Client Responsibilities

  • Accurate project requirements
  • Timely communication
  • Required access and information
  • Payment obligations
  • Feedback and reviews

3.2 Client Rights

  • Service quality guarantees
  • Confidentiality protection
  • Dispute resolution access
  • Refund eligibility
  • Support services access

4. Service Quality Standards

4.1 Quality Requirements

Technical Standards

  • Industry best practices
  • Current security standards
  • Documentation quality
  • Testing requirements

Service Standards

  • Communication clarity
  • Response times
  • Progress updates
  • Support availability

4.2 Quality Monitoring

  • Regular service audits
  • Client feedback analysis
  • Performance metrics
  • Improvement requirements

5. Transactions

5.1 Payment Terms

All transactions are processed in Indian Rupees (INR) through our secure payment system:

  • Secure payment processing
  • Escrow service for large projects
  • Milestone-based payments
  • Service fee structure
  • Refund policies

5.2 Pricing Guidelines

  • Transparent pricing required
  • No hidden charges allowed
  • Clear payment schedules
  • Tax implications

5.3 Service Fees

Service TypePlatform FeePayment Schedule
Standard Services10%On completion
Premium Services15%Milestone-based
Emergency Services20%Upfront

6. Reviews and Ratings

6.1 Review Guidelines

  • Reviews must be based on actual service experiences
  • Objective evaluation criteria required
  • No personal attacks or inappropriate content
  • Verifiable service details must be included
  • Confidential information must be excluded

6.2 Rating System

Rating Categories

  • Technical Expertise (1-5 stars)
  • Communication (1-5 stars)
  • Timeliness (1-5 stars)
  • Value for Money (1-5 stars)
  • Overall Satisfaction (1-5 stars)

6.3 Review Moderation

  • All reviews subject to moderation
  • Appeal process for disputed reviews
  • Right to remove violating content
  • Review verification procedures

7. Platform Rules

7.1 Code of Conduct

  • Professional behavior requirements
  • Communication standards
  • Confidentiality obligations
  • Ethical guidelines
  • Non-discrimination policies

7.2 Prohibited Activities

  • Misrepresentation of qualifications
  • Unauthorized data collection
  • Harassment or inappropriate behavior
  • False or misleading information
  • Violation of platform security

7.3 Enforcement

  • Warning system for violations
  • Account suspension procedures
  • Appeals process
  • Permanent ban criteria

8. Intellectual Property

8.1 Ownership Rights

  • Service deliverables ownership
  • Pre-existing IP rights
  • Platform content rights
  • License terms

8.2 IP Protection

  • Confidentiality requirements
  • Non-disclosure obligations
  • Usage restrictions
  • IP infringement procedures

9. Liability and Indemnification

9.1 Platform Liability

The role of ThreatX as a marketplace platform and the limits of our liability:

  • Facilitation of services only
  • No guarantee of service outcomes
  • Limitation of liability amounts
  • Force majeure provisions

9.2 Service Provider Liability

  • Professional liability requirements
  • Insurance obligations
  • Indemnification of platform
  • Client damages responsibility

9.3 Client Liability

  • Payment obligations
  • Accurate information provision
  • Cooperation requirements
  • Resource access responsibilities

Contact Information:
Email: marketplace@threatx.com
Phone: [Indian Contact Number]
Support Hours: 24/7
Address: [Registered Office Address in India]

Expert Agreement

Last Updated: December 27, 2024

This Expert Service Agreement ("Agreement") governs the relationship between ThreatX ("Platform") and cybersecurity professionals ("Expert") offering services via the Platform. By registering as an Expert, you agree to the following terms in full:

  • 1. Professional Qualifications: You represent that you hold any necessary licenses, certifications (e.g., CISSP, CEH, OSCP), or credentials required to offer cybersecurity services in India. You agree to maintain up-to-date qualifications and abide by relevant laws and regulations.
  • 2. Code of Conduct: You will adhere to ethical and professional standards, refrain from engaging in malicious, dishonest, or fraudulent behavior, and comply with the ThreatX Platform Rules.
  • 3. Service Delivery: You will deliver all contracted services in a professional, timely manner and in accordance with industry best practices. You agree to maintain clear communication with Clients and promptly address their questions or concerns.
  • 4. Fees and Payments: You authorize ThreatX to collect payments from Clients on your behalf and to deduct any applicable platform fees, commissions, or taxes before remitting funds to you. You acknowledge that final payouts are subject to the payment schedule outlined in the Marketplace Terms.
  • 5. Confidentiality and Data Protection: You agree to keep all Client information confidential, including personal data, security assessments, and intellectual property, in compliance with the ThreatX Data Processing Agreement and applicable Indian data protection laws.
  • 6. Warranties and Indemnification: You warrant that your services will not infringe any third-party rights or violate any law. You agree to indemnify and hold ThreatX harmless for any claims, damages, or losses arising from your breach of this Agreement or from your negligence or willful misconduct.
  • 7. Termination: ThreatX may suspend or terminate your Expert account if you breach this Agreement, fail to meet platform standards, or engage in misconduct. You may also terminate your participation by providing written notice; however, any ongoing service obligations must be honored.
  • 8. Governing Law and Dispute Resolution: This Agreement shall be governed by Indian law, and any disputes shall be resolved in the courts of [City], India. You agree to first attempt amicable resolution of disputes before proceeding to legal action.

Enterprise Agreement

Last Updated: December 27, 2024

This Enterprise Agreement ("Agreement") governs the relationship between ThreatX ("Platform") and enterprise clients ("Enterprise Client") who engage in enterprise-level cybersecurity services or subscriptions through the Platform. By entering into this Agreement, both parties agree to the following terms:

  • 1. Scope of Services: ThreatX shall provide dedicated support, priority access to experts, and custom cybersecurity solutions as per the applicable Statement of Work ("SOW") or service order form. The SOW details specific deliverables, timelines, and performance metrics.
  • 2. Service-Level Agreements (SLAs): ThreatX will use commercially reasonable efforts to meet the response and resolution times set out in the SLA document. Failure to meet SLAs may entitle the Enterprise Client to service credits, as defined in the SOW.
  • 3. Confidentiality and Non-Disclosure: Both parties agree to safeguard each other's confidential information. Additional NDAs may be executed if required for highly sensitive data or specialized engagements.
  • 4. Billing and Payment Terms: Enterprise Clients will be invoiced according to the rates and payment schedules specified in the SOW. Late payments may incur interest charges, and ThreatX reserves the right to suspend or terminate services if invoices remain unpaid beyond agreed grace periods.
  • 5. Termination: Either party may terminate this Agreement for material breach if such breach is not cured within thirty (30) days of notice. Upon termination, the Enterprise Client will pay for all services rendered up to the termination date. All licenses and rights granted will terminate immediately.
  • 6. Liability and Indemnification: ThreatX's liability is limited as stated in the general Terms of Service. The Enterprise Client agrees to indemnify ThreatX for any losses resulting from the Client's misuse of the Platform or breach of this Agreement.
  • 7. Governing Law and Dispute Resolution: This Agreement is governed by Indian law. Any disputes shall be resolved under the exclusive jurisdiction of the courts of [City], India. Both parties agree to attempt an amicable resolution before initiating legal proceedings.

Security Policy

Last Updated: December 27, 2024

ThreatX is committed to maintaining a robust security posture across its platform. This Security Policy outlines the measures we take to protect data, systems, and user information, in line with Indian cybersecurity regulations (including the Information Technology Act, 2000, CERT-In guidelines, etc.).

1. Access Control

  • Role-based access control enforced for all systems
  • Multi-factor authentication for critical administrative access

2. Data Encryption

  • Data encrypted at rest with AES-256
  • Transport Layer Security (TLS) 1.2 or higher for data in transit

3. Network Security

  • Firewalls and intrusion detection/prevention systems in place
  • Regular vulnerability assessments and penetration testing

4. Logging and Monitoring

  • System logs retained for at least 180 days per CERT-In requirements
  • 24/7 monitoring for anomalies and threats

5. Incident Response

  • Documented incident response plan aligned with CERT-In guidelines
  • Mandatory 6-hour notification for critical cyber incidents

6. Business Continuity and Disaster Recovery

  • Regular backups stored securely, with geographic redundancy
  • Routine disaster recovery drills and testing

ThreatX reserves the right to update this Security Policy to address evolving threats and new regulatory requirements. By using our Platform, you acknowledge and accept these security measures.

Stay in the loop