General Terms and Conditions of LazyPhish

Owned by Richard Vesely
Last updated: Jul 10, 2024
13 min read

See available languages:

English

Czech

I. Scope

  1. LazyCompany s.r.o., Javorová 413, 250 73 Radonice, Czech Republic (IČO: 098 79 773), registered in the commercial register at the Municipal Court in Prague under No.  C 343965, info@lazyphish.com, (hereinafter referred to as “LazyCompany” or “provider“) provide services in form of testing Phishing Campaigns (specially simulation of fraudulent email and communication and awareness against such attacks) and other services related to verification, improvement and assurance of company defense and protection against Phishing and similar attacks (hereinafter referred to as “LazyPhish Services“ or “Services“).

  2. These Terms and Conditions for LazyPhish Services (hereinafter referred to as “T&C”) govern the rights and obligations of provider and of the customer using LazyPhish Services (hereinafter referred to as “customer”) when registering in LazyPhish Application on address https://app.lazyphish.com/ (hereinafter referred to as “LazyPhish App"), ordering, setting up and using LazyPhish Services and LazyPhish App.

  3. In order to use LazyPhish App, the Customer has to:

    • Conclude a contract for the use of LazyPhish Services with provider via completing registration to LazyPhish App. During the registration of the customer a profile is created in LazyPhish App (hereinafter referred to as “customer profile” or “customer account”).

    • Accept the T&C in full extent during the registration to LazyPhish App by checking the checkbox on registration form.

  4. Actual and valid version of T&C is available on provider web documentation portal: https://lazycompany.atlassian.net/wiki/spaces/LPS/pages/31457281/General+Terms+and+Conditions+of+LazyPhish

  5. Provider also reserves the right to pilot for a limited period of time and/or for a specific market(s) and/or for a specific group of customers new services, functions, interfaces or products ("beta testing") related to LazyPhish Services or LazyPhish App without any notice.

II. LazyPhish App

  1. The customer can access the LazyPhish services through the customer account at LazyPhish App.

  2. Details about available services are provided in LazyPhish documentation: https://lazycompany.atlassian.net/wiki/spaces/LPS/overview.

  3. Provider shall take all possible measures to achieve permanent availability of Services, and in case of failures, undertakes all necessary remedial actions without undue delay. Due to force majeure or due to the necessary maintenance, repairs or other measures on the technical devices of provider or the technical devices of third parties providing data, content, information or transmission capacity it will nevertheless lead to unavoidable temporary failures, interruptions or reduction in the performance (speed) of services. Furthermore, an intensive simultaneous use of services may lead to an impairment of the performance (speed).

III. Order of LazyPhish Services

  1. By the registartion in the LazyPhish App the customer is ordering the basic subscription which is self service and driven by AI (“Lazy AI“).

  2. If the cutomer want to order subscription for higher number of employees that is available in the basic subscription or if the cusotmer want to order additional services the LazyPhish help desk need to be contacted.

IV. Updates, Services and Support

  1. Provider provides email technical support.

  2. Provider is performing a development and update of LazyPhish App.

  3. The purpose of the updates is primarily to adapt the application to the new versions of the programming languages in which the application is written.

  4. The purpose of the development is to add new functionalities to the application. New functions and modules and their assignment for individual subscription types depend on the provider's decision.

  5. The Provider is entitled to limit or suspend the operation of the LazyPhish application for the time strictly necessary to perform the update. The Provider is not responsible for any financial losses of the customer caused by the suspension of the application due to the update.

  6. The provider is not responsible for the issues in relation to connecting the product to any third-party programs.

V. Security

Provider is entitled to take appropriate measures to defend against threats from cyberattacks to safety, life, health, privacy, property, assets and other legal interests of the Customer, third parties or provider itself. These measures may lead to restrictions in provider services. Depending on the severity of the risks and/or significance of the legal interests under threat, temporary blocking of individual or all services may be advisable.

VI. Price

  1. The definition of all functional parameters of each type of subscription is provided in LazyPhish Documentation: Subscriptions and Pricing.

VII. Duration of the contract

  1. The duration of the contract for the provision of LazyPhish services is defined by the existence of an active account in the LazyPhish App.

  2. If the customer and his profile is not assigned to any organization or entity with active subscription of another company or If the customer does not order a subscription of LazyPhish services for his company within thirty (30) days of the expiration of the subscription services according to the last order, the account in the LazyPhish application will be deactivated and the contract for use of LazyPhish services with the customer will be terminated automatically without legal notice.

  3. The Customer will receive email notification 30 days before the expiration of the LazyPhish subscription and 30 day before the account will be deactivated in the LazyPhish application.

VIII. Contract Termination

  1. Termination of the contract can only take place on the basis of mutual written agreement of all parties involved in the contract.

  2. The provider may terminate the contract without giving a reason. The notice period is 2 months and runs from the day following the delivery of the notice to the customer.

  3. The provider reserves the right to transfer the contract regarding the use of LazyPhish services (without changing the contractual provisions in any other respect) to another company; the Customer already provides to provider with his/her consent for this purpose. Provider shall notify the Customer in writing and in advance.

  4. In the event of termination of the contract, the customer is obliged to export and back up all the data, backups and other data uploaded to the LazyPhish application.

IX. User rights, Use of data

  1. The Customer receives the non-exclusive right to use LazyPhish services, the related content and information provided by the services during the period with an active subscription of LazyPhish services. The Customer is not permitted to disclose and/or distribute the content and information acquired through LazyPhish services to third parties.

  2. The Provider shall protect the Customer's personal data and use them, pursuant to prior and express consent given by the Customer, in compliance with the applicable generally binding legal regulations; details for the Customer are given in Information on Personal Data Processing. The Customer grants to the provider the non-exclusive, time-limited, unrestricted, transferable and sub-licensable right to use other data, in particular technical data, which either have no personal reference or whose personal details have been removed (anonymised data). In this context, no personal data will be disclosed and any trace of the anonymised data to the Customer is excluded.

X.  Validation of domains used for Phishing testing campaigns

  1. The customer is entitled to use the LazyPhish application only for the domains of which he is the owner and administrator or for the domains of his customers who are the domain owners and administrators.

  2. Phishing testing campaign is allowed to be performed only on the email addresses hosted on a domain that has been validated by the domain owner/administrator in LazyPhish App. The customer is obliged to perform the domain validation for all domains on which he will run the testing Phishing campaigns.

  3. Domain validation consist of, a validation email sent to the email address provided by the customer that belong to the domain to be validated. Email recipients must actively agree with the domain validation for the usage for testing Phishing campaigns. The customer is obliged to ensure that the recipient of the email is authorised to validate the domain for the stated purpose.

  4. The Provider reserves the right to verify at any time whether the validation for the use of the domain for the purposes of test phishing campaigns is performed by an authorised person with the domain owner registered in the domain registrar.

  5. In case of any suspicious activity or suspicion of domain abuse - use without justified domain validation, the provider reserves the right to immediately temporarily stop all running customer campaigns and other services or block the customer's account entirely until the suspicion is resolved.

XI. Responsibility

  1. The Customer undertakes to ensure that the use of LazyPhish services does not violate the provisions of these T&C, legal requirements, third party rights or moral standards. This shall also apply if he/she grants third parties access to LazyPhish App or LazyPhish services.

  2. The customer must refrain from any misuse of the application; in particular, it may not incorporate the application or any part of it into other websites, whether private or commercial, or distribute them commercially.

  3. In the event of a breach of the obligations set out in this article, the customer is liable for any damage caused to the provider, as well as for damage caused to third parties. This is especially applicable if the customer use the service to send testing phishing emails to email addresses without the permission of the company/domain owner.

  4. The customer must not use the provider products and services to spread Spam and Phishing that could harass the recipient or morally and mentally damage. In the event that the provider is placed on spam lists, ban lists or otherwise restricted or damaged due to unauthorised sending of Spam or Phishing by the customer, the Provider is entitled to charge the customer a contractual penalty in the amount of EUR 4,000 for each violation of the provisions of this contract.

  5. Furthermore, the Provider is not liable for defects or damage, including interruption of service provision and loss or damage of data caused in particular by:

    1. by entering incorrect data into the application by the customer, incorrect procedure of the customer when inserting information or files into the application or incorrect interpretation of the data presented by the service,

    2. by infecting the customer's local network or his computers with computer viruses (spyware, malware, etc.) or a hacker attack or other similar external attack,

    3. damage caused by a malfunction of hardware, operating system, or network, due to damage caused by a malfunction of third-party programs that run concurrently with the supplied software

    4. force majeure, equipment failure, electric power failure, internet connection failure caused by the connection provider or attack on the network by a third party,

    5. incorrect system operation by the customer or as a result of an attack on third-party server due to non-compliance with security standards,

    6. infringement of copyrights, trademark rights, trade name rights and other rights protected by Czech law caused by the customer,

    7. choosing an inappropriate password by the customer or by improper password storage,

    8. third party to whom the customer has given access to the application or services,

    9. not making regular backups properly.

  6. Force majeure is an event beyond the control of the contract parties, such as a state of war, legal restrictions on exports and imports, strikes, sabotage, natural disasters, pandemics and other factors beyond the provider's reasonable discretion or reasonable control which prevents the fulfilment of the concluded contract.

  7. Contract parties are obliged to inform the other party about the occurrence of circumstances that prevents the fulfilment of the concluded contract without undue delay, otherwise it loses the right to claim the consequences of these circumstances. At the end of these circumstances, the party concerned is obliged to immediately inform the other party of the alternative date for contract fulfilment. The Provider shall fulfill the obligation to this paragraph by publishing information on the occurrence / termination of these circumstances on its official product status page.

XII. User Management, Roles and Access

  1. LazyPhish App support user access and role management for organizations. This means that the customer as an owner of organization that he created in the LazyPhish App can also assign an access and role for his organization to another person registered in LazyPhish App (e.g. accounting clerk, procurement, CEO, etc.). For more details about user access and roles see: Roles and Access.

  2. LazyPhish App support also user access and role management for entites. This means that the customer as an owner of organization and Entity that he created in the LazyPhish App can also assign an access and role for his entity to another person registered in LazyPhish App (e.g. the customer's employees, third parties managing the customer's security, etc.). For more details about user access and roles see: Roles and Access.

  3. Roles assigned to another persons for management of organizations or entities may include privileged access rights that enable the assigned person to manage the account completely including billing for organization or starting testing phishing campaigns. Customer is fully responsible for any actions performed by the user that he assigned with role to his organization or entity.

  4. These T&C apply similarly to other users assigned to organization or entity.

XIII. Autorská práva a mlčenlivost

  1. Copyrights, as well as other intellectual property rights, relating to the software products, including manuals, manuals and other documents distributed with the software products, remain with the respective entities as their holders and are not affected by the contract and these conditions.

  2. The customer is not entitled to reproduce the application for the purpose of its distribution, expand or in any way communicate to third parties, rent or lend, unless the provider has given his prior express and written consent.

  3. Customer may not modify, reverse engineer, recompile, convert from the application source code, access the source code, or make the application source code available to a third party.

  4. The customer is also obliged to comply with all restrictions on the use of the software stipulated by law, the contract and these conditions.

  5. Customer may not remove, alter, obscure, or otherwise interfere with any copyrights or other designations of the legal entities located or stored on the Software Products, or any parts, or documentation distributed with the Software Products.

  6. The copyright for the delivered product, accessories and documentation belongs to the respective author. All logos, registered trademarks, trademarks, other brands and product names belong to their respective owners.

  7. The customer shall ensure that third parties will not be informed in any way without the prior written consent of the provider of the scope and performance of the contract and the documents belonging to it. The customer acknowledges that the information is confidential in the sense of § 1730 of the Civil Code.

  8. The Provider is obliged to maintain confidentiality of all material facts obtained in the course of its activities arising from the contract, in particular of the facts that constitute trade secrets and confidential information of the customer.

  9. Without the express permission of the provider, partial or complete copying of the provider's price lists, brochures, photographs, catalogs, technical data, etc. is prohibited. Customers are not entitled fro any rights in case of any errors or inaccurate data contained in these materials.

  10. The subject software as an author's work and the databases included in it enjoy the protection of Act no. No. 121/2000 Sb., Copyright Act and Act. No. 40/2009 Sb., Criminal Code. The customer is entitled to use it only to the extent and in the manner specified by the provider.

  11. In the event of the customer's interference with the provider's copyrights, the provider is entitled to a contractual penalty in the amount of EUR 4,000 (in words, four thousand Euros). The contractual penalty is payable on the basis of a call for payment of the contractual penalty within 15 days from the delivery of the call. The provider's right to compensation for damage caused by the customer's interference with the provider's copyrights against the customer, the payment of the contractual penalty by the customer is not affected.

  12. In addition to the right to a contractual penalty, in the event of customer interference with his copyright, the provider is entitled to copyright law, in particular the right to refrain from further copyright infringement, the right to information on the manner and extent of unauthorized use of software and the right to remove the consequences of copyright, including the provision of reasonable redress and the issuance of any unjust enrichment.

XIV. Personal Data Processing, Cookies and Google Analytics

  1. Information on Personal Data Processing with description of Services, Cookies and Google Analytics are available in the LazyPhish Docuemtnation: Information About Data Processing - LazyPhish.

  2. Provider is using Analytics / Firebase provided by Google, Inc. ("Google"), which uses cookies or other tools integrated into code to analyse how users use LazyPhish web application. Google Analytics/Firebase covers account status and performance monitor, audience summary, active customers and users, user explorer, analytics audience, visitor quality, conversion probability, comparison reports, demographics and interests, user flow report, Adwords reports. More information on processing and utilization and data can be found in Privacy & Terms section on Google Analytics/Firebase website.

  3. Apart from mentioned tools other integral analytical tools of Platforms are used. It may cover status, various information about user behaviour including return rate on the Platform, information about versions of operation system, conversion ratio, comparison reports, demographics and customer reviews. More information on processing and utilization of data on chosen Platform can be found on official websites of the Platform Operator.

  4. Information generated by a cookie about the use of the Website (including your IP address) may be transmitted and stored on servers in the United States. Google will use this information for purposes of evaluation of the use of the Website and creation of reports about such use for its operator and provision of other services related to the activities on the website or app and the use of the Internet in general. Google may also provide this information to third parties, if it is required by the law or if such third parties process this information for Google. For LazyPhish web application you may disable the use cookies on the website as described above or by changing appropriate settings in your browser, but if you do so for all types of cookies, you will not be able to make full use of all the features of the LazyPhish website and LazyPhish App. Detailed information about Cookies are available at Cookies Policy.

XV. Final Provisions

  1. Unless otherwise agreed in a specific contract, all business relations between the provider and the customer are governed by these conditions. The relevant provisions of the Copyright Act and other legal regulations governing the use of computer programs and databases and sanctions for their illegal use are not affected by the contract and these conditions.

  2. The Provider is entitled to change these conditions. The Provider is obliged to publish a new version of the terms and conditions on its website/documentation without undue delay and send notification to the customer's e-mail address. In the event that the customer does not withdraw from the contract within 14 days, it is considered that the customer accepts these modifications of the conditions in full.

  3. Each party is obliged to inform the other party without delay of all facts not stated in the contract that may affect the performance of obligations under the contract.

  4. The customer is not entitled to transfer his rights and obligations under the contract, either in part or in whole.

  5. Should individual provisions of this Agreement be ineffective or become ineffective, the effectiveness of the other provisions shall not be affected. Instead of the invalid provision, provisions shall be applied which, as far as possible, correspond to the economic purpose of the contract while adequately preserving the mutual interests.

  6. The exclusive place of jurisdiction for all claims arising from the contract for the use of LazyPhish services is the general court competent according to the registered office of the provider.

  7. All disputes arising from the contract for the use of LazyPhish services are governed exclusively by the law of the Czech Republic; the application of the United Nations Convention on Contracts for the International Sale of Goods (CISG) is excluded.

  8. These conditions are valid and effective as of July 1, 2024.