Terms of Use

These Terms of Use govern your access to and use of the RiskSense website at risksense.cloud, the application at app.risksense.cloud, and any related products and services (together, ‘the Service’).

By accessing the Service, signing up for an account, or using any of our products, you agree to be bound by these terms. If you don't agree, don't use the Service.

These terms are between you (and, if you sign up on behalf of an organisation, that organisation) and RiskSense.

RiskSense provides security awareness training, simulated phishing, and post-click coaching for businesses and managed service providers (MSPs). The Service has two main tiers:

• Free training tier — bite-size coaching and training content, accessible by signing up with a work email. The free tier does not deliver simulated phishing to staff inboxes.
• Paid tier — adds AI-generated simulated phishing on a connected Microsoft 365 or Google Workspace tenant, with per-employee reporting. Subject to a separate order form or contract.

We may add, change, suspend, or discontinue features at any time. Where a change materially reduces functionality you've paid for, we'll give you reasonable notice.

To use most of the Service you need an account.

• You must be at least 16 years old, and you must be acting for a business, organisation, or other entity. The Service isn't intended for personal use.
• The information you provide at sign-up (name, email, organisation, role) must be accurate.
• You're responsible for keeping your credentials confidential and for everything done from your account. Tell us immediately at help@risksense.cloud if you think your account has been compromised.
• We may suspend or terminate an account for breach of these terms, suspected abuse, non-payment (for paid tiers), or when required by law.

You agree not to:

• Use the Service to send phishing or training content to anyone outside your own organisation without their employer's permission.
• Use the Service to break the law, infringe someone's rights, or harm anyone.
• Reverse-engineer, decompile, or attempt to extract the source code or models of the Service.
• Scrape, mass-download, or programmatically access the Service in ways the Service isn't designed to be accessed (other than the documented API).
• Use the Service to build a competing product, or to train a model that competes with RiskSense.
• Bypass or interfere with any rate limits, security controls, or access restrictions.
• Upload material that's malicious, infringing, defamatory, or unlawful.
• Probe, scan, or test the vulnerability of the Service without prior written permission (see section 12 for responsible disclosure).

• The free tier is provided as-is, with no SLA, and may be changed or discontinued at any time.
• The free tier creates a training-only account. It does not run simulated phishing on staff inboxes. If you want live phishing, upgrade to the paid tier.
• We may set fair-use limits (number of users, sessions, content volume) and may rate-limit or pause accounts that exceed them.
• Dormant accounts (no sign-in for 12 months) are deleted after a notice period.

If you sign a separate order form, master services agreement, or partner agreement with RiskSense, that agreement governs the paid Service (alongside these terms). Where the order form, MSA, or partner agreement conflicts with these terms, the order form / MSA / partner agreement controls.

Pricing, payment terms, term length, and renewal are set out in the order form. Late payment may result in suspension of the Service.

You retain all rights to the data you and your users put into the Service (‘Customer Data’). You grant RiskSense a worldwide, non-exclusive licence to use Customer Data solely to provide and improve the Service.

How we handle personal information is set out in our Privacy Policy.

You're responsible for ensuring you have the right to put personal information into the Service (consent from your staff where required, lawful basis under GDPR/UK GDPR/local law).

RiskSense and our licensors own the Service, including all software, content, designs, models, trademarks, and Glitch the AI training companion. Nothing in these terms transfers any of those rights to you.

You may use RiskSense's brand assets only as we permit in writing (for example, MSP partners delivering RiskSense under their own brand may use our assets under their partner agreement).

The Service connects with third-party services (Microsoft 365, Google Workspace, your email provider, your authentication provider). Those services are governed by their own terms. We're not responsible for them.

RiskSense provides the Service ‘as is’ and ‘as available’. To the maximum extent permitted by law, we disclaim all express and implied warranties, including warranties of merchantability, fitness for a particular purpose, accuracy, uninterrupted operation, and non-infringement.

Security awareness training and simulated phishing reduce the likelihood of a successful attack. They don't eliminate it. RiskSense doesn't guarantee that any specific incident will be prevented, detected, or successfully responded to.

B2B only. The Service is supplied to businesses for business purposes. By using it you confirm you are acquiring the Service in trade and not as a consumer. The parties agree it is fair and reasonable that the New Zealand Consumer Guarantees Act 1993 does not apply, and you contract out of that Act in full to the maximum extent permitted by section 43 of that Act. Sections 9, 12A, 13, and 14(1) of the New Zealand Fair Trading Act 1986 are also contracted out of to the maximum extent permitted by section 5D of that Act.

To the maximum extent permitted by law, RiskSense excludes all liability to you and your organisation for any loss, damage, cost, or expense of any kind arising out of or in connection with the Service, these terms, or any use or inability to use the Service, whether in contract, tort (including negligence), statute, equity, or otherwise.

Without limiting the exclusion above, RiskSense is not liable for any direct, indirect, incidental, consequential, special, exemplary, or punitive damages, loss of profits, loss of revenue, loss of business, loss of goodwill, loss of data, loss of opportunity, business interruption, or any third-party claims, however arising.

If, despite the exclusion above, any liability of RiskSense is found by a court of competent jurisdiction to be incapable of being excluded, RiskSense's total aggregate liability for all claims (when taken together) is limited to NZD $1.00.

If you think you've found a security issue with the Service, please report it to help@risksense.cloud in good faith. Give us a reasonable opportunity to investigate and fix before disclosing publicly. We won't take legal action against researchers acting in good faith under the standard principles of safe-harbour responsible disclosure.

You can stop using the Service at any time. You can delete a free-tier account from the in-app account settings, or by emailing help@risksense.cloud.

For paid customers, termination is governed by the order form / MSA.

We may suspend or terminate access immediately for material breach of these terms, suspected abuse, security risk, or non-payment.

Sections that by their nature should survive termination (intellectual property, liability, governing law, definitions) will do so.

We'll update these terms from time to time. When we make material changes, we'll update the ‘Last updated’ date at the top and notify you where appropriate. Continued use of the Service after an update means you accept the revised terms.

These terms are governed by the laws of New Zealand. The New Zealand courts have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these terms or the Service, except that we can apply for injunctive relief in any jurisdiction.

We encourage you to contact us first if you have a complaint so we can try to resolve it.

General questions: risksense.cloud/contact

Legal notices: help@risksense.cloud

RiskSense is based in Hamilton, New Zealand.