EULA

NOTHREAT LIMITED
END-USER LICENSE AGREEMENT (EULA)

Version 2.0 | Effective Date: 09/04/2026

1.     NOTHREAT

END-USER LICENSE AGREEMENT

Nothreat CTEM Platform · Nothreat CyberEcho · Nothreat ThreatShield · Nothreat Insights Portal · Nothreat AI Analyzer

Version 2.0 | Effective Date: 09/04/2026 | Replaces all prior versions

This End-User License Agreement («Agreement» or «EULA») is entered into between:

NOTHREAT LIMITED («Provider»), incorporated in England and Wales (Company No. 14997798), 307 Euston Road, London, NW1 3AD, United Kingdom; and

the individual or legal entity that installs, accesses, or uses the NOTHREAT Platform («User»), having obtained access through a Provider-authorised Distributor or Reseller.

BY INSTALLING, ACCESSING, OR USING NOTHREAT, USER CONFIRMS THAT IT HAS READ, UNDERSTOOD, AND AGREES TO BE BOUND BY THIS AGREEMENT. IF USER DOES NOT AGREE, USER MUST NOT INSTALL OR USE NOTHREAT.

2. DEFINITIONS

In this Agreement, the following terms have the meanings set out below:

«NOTHREAT» / «Platform» — the NOTHREAT CTEM Platform, including NOTHREAT CyberEcho (Cloned Device Traps), NOTHREAT ThreatShield, Insight dashboards, AI reports, alerts, APIs, and all associated modules, features, and Updates.

«License» — the limited, non-exclusive, non-transferable right to use NOTHREAT granted under Section 3.

«Subscription Term» — the period for which User has purchased access, as specified in the Order.

«Authorised Users» — employees or contractors of User authorised to access NOTHREAT, up to the number specified in the Order.

«Updates» — patches, bug fixes, security updates, and new versions made available by Provider.

«Intellectual Property Rights» — all patents, copyrights, trademarks, trade secrets, know-how, and all other IP rights throughout the world.

«Confidential Information» — as defined in Section 11.

«Personal Data» — information relating to an identified or identifiable natural person under applicable data protection laws, including UK GDPR.

«Incident» — a reproducible failure of NOTHREAT to operate substantially in conformance with its Documentation.

«Distributor» — a NOTHREAT-authorised distributor holding a written Distributor Agreement with Provider.

«Reseller» — a sub-reseller or channel partner authorised by the Distributor to resell access to NOTHREAT.

«Territory» — the country or countries in which User is authorised to use NOTHREAT, as specified in the Order.

«Order» — the order form, purchase order, or equivalent commercial document through which User purchased the License.

«Documentation» — technical end-user documentation made available by Provider. Marketing materials are not Documentation.

3. GRANT OF LICENSE

3.1 License Grant

Subject to User's compliance with this Agreement and payment of all fees, Provider grants User a limited, non-exclusive, non-sublicensable, non-transferable License to access and use NOTHREAT during the Subscription Term, solely for User's internal business purposes:

Scope: up to the number of Authorised Users specified in the Order (default: ten (10));

Functionality: CTEM dashboard, CyberEcho traps, ThreatShield feed, standard reporting, and incident alerts — all as per Order;

Territory: worldwide unless otherwise restricted in the Order;

Updates: at Provider's discretion during the Subscription Term.

3.2 Order Form Controls

Specific scope, user limits, feature entitlements, and commercial terms are defined in the Order. If the Order and this EULA conflict, the Order prevails for commercial terms; this EULA prevails for all other matters.

3.3 Licensed, Not Sold

NOTHREAT is licensed, not sold. Provider retains all ownership rights. User acquires no ownership rights under this Agreement.

4. USE RESTRICTIONS

User shall not, and shall not permit any third party to:

decompile, reverse engineer, or attempt to derive the source code of NOTHREAT;

use NOTHREAT for any unlawful, fraudulent, or harmful purpose;

interfere with or disrupt the integrity or performance of NOTHREAT or Provider's systems;

circumvent any security, access controls, or licensing mechanisms;

modify, adapt, or create derivative works based on NOTHREAT;

remove or obscure any copyright or proprietary notices;

use NOTHREAT in hazardous environments where failure could cause death, serious injury, or significant property damage.

access all or any part of NOTHREAT in order to build a product or service which competes with NOTHREAT.

Licensee sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make NOTHREAT available to any third party (except as is expressly permitted under the terms of this Agreement)

attempt to obtain, or assist third parties in obtaining, access to NOTHREAT, other than as provided under section 3.

5. INTELLECTUAL PROPERTY

Ownership

User acknowledges and agrees that Provider and/or its licensors own all intellectual property rights in the Platform. Except as expressly stated herein, this Agreement does not grant User any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Platform.

IP Indemnification by Provider

If a third party claims that NOTHREAT, used in accordance with this Agreement, infringes any patent, copyright, or trademark, Provider shall: (i) defend User at Provider's expense; and (ii) pay damages awarded in a final judgment or Provider-approved settlement.

This obligation requires User to: (i) notify Provider in writing within 14 days; (ii) give Provider full control over defence and settlement; and (iii) provide reasonable assistance. No obligation arises from claims caused by User's unauthorised modification, combination with unapproved products, or use of an outdated version.

Upon an infringement claim, Provider may: obtain the right for User to continue using NOTHREAT; modify NOTHREAT to be non-infringing; or terminate the subscription and refund pro-rated fees. THIS IS USER'S SOLE

6. REMEDY FOR THIRD-PARTY IP CLAIMS.

IP Indemnification by User

User shall indemnify Provider against claims arising from: (i) User's breach of this Agreement; (ii) use of NOTHREAT in violation of applicable law; or (iii) User's negligence or wilful misconduct.

Notification of Infringements

If User discovers any suspected infringement of Provider's IP Rights by a third party, User shall promptly notify Provider in writing.

7. WORK PRODUCT AND FEEDBACK

Feedback or suggestions User provides regarding NOTHREAT shall be non-proprietary and non-confidential. Provider may use such feedback for any purpose without compensation.

Reports, analyses, and outputs generated by NOTHREAT based on User's data remain User's property. Provider does not claim ownership of User's data or derived outputs.

8. FEES AND PAYMENTS

8.1 Subscription Terms

NOTHREAT is provided on an annual subscription (12 months), auto-renewing on each anniversary of the commencement of the Term (“Renewal Date”) unless User gives written notice of non-renewal at least 30 calendar days before the Renewal Date.

8.2 Payment Terms

All fees are due in advance at the start of each billing cycle;

Payment is due within five (5) banking days of invoice date;

Payments in USD (or currency agreed in the Order) via bank transfer or authorised gateway;

All fees exclude applicable taxes, duties, or levies — User's responsibility.

8.3 Late Payment

If payment is not received within five (5) banking days, Provider may: (i) charge 1.5% per month on the outstanding amount; (ii) suspend access; and/or (iii) terminate after 14 days' written notice.

8.4 Price Changes

Provider may increase fees upon [45] days' prior written notice. Increases apply to renewal periods only. Continued use after a price change constitutes acceptance.

Cancellation and Refunds

No refunds for partial months or unused periods. Cancellation only at end of a billing cycle. Early termination incurs a fee equal to 50% of remaining subscription fees.

8.5 Channel Transactions

Where User purchased NOTHREAT through a Reseller or Distributor, commercial terms (pricing, payment, invoicing) are governed by the User–Reseller/Distributor agreement. Provider bears no liability for channel commercial disputes. Provider's EULA obligations to User remain unaffected.

Audit rights

NOTHREAT may audit compliance with license limits includes seat limits, API limits, data ingestion.

9. SUPPORT AND SERVICE LEVEL AGREEMENT

9.1 Support Inclusion

Standard Support Services are included in the subscription fee, available only during active subscription periods. Support ceases upon termination or suspension.

9.2 Support Scope (Included)

Online knowledge base and documentation;

Email and ticket-based support;

Priority incident management per SLA below;

Regular security updates, patches, and quarterly feature updates;

Standard onboarding materials and training guides.

9.3 Service Level Agreement — Incident Response

Exclusions from Standard Support

Custom development or bespoke feature requests;

On-site consultancy or professional services;

Integration with third-party systems (unless certified by Provider);

Data migration or configuration beyond standard setup;

Emergency out-of-hours support (available as a paid add-on).

10. DATA COLLECTION AND USE

Data Collected by NOTHREAT

Provider may collect and process the following categories of data:

User account data: names, email addresses, roles, contact information;

Device and network data: IP addresses, device identifiers, OS versions, network traffic metadata;

Threat intelligence data: indicators of compromise, threat actor information, vulnerability scan results;

CyberEcho trap data: connection attempts, credential inputs, behavioural patterns from Cloned Device Traps;

ThreatShield data: threat feeds, signature data, alert metadata;

Usage data: feature usage patterns, dashboard interactions, report generation records;

Log data: access logs, audit trails, security event logs.

10.1 Purpose

Provider uses collected data to: (i) deliver and operate NOTHREAT; (ii) detect and respond to threats on an aggregated, anonymised basis; (iii) improve NOTHREAT; and (iv) fulfil obligations under this Agreement.

Personal Data and UK GDPR

Personal Data is governed by Provider's Privacy Policy and, where applicable, the Data Processing Addendum (DPA). Provider acts as data processor and processes Personal Data only per User's instructions. User confirms it has obtained all necessary consents under UK GDPR and local laws of the Territory.

Data Deletion and Export

Upon termination, Provider retains User data for 30 days, then deletes it unless law requires longer retention. User may request data export by written request before deletion.

11. CONFIDENTIALITY

11.1 Definition

"Confidential Information" means all non-public information which a party ("Discloser") designates as confidential, or which the other party ("Recipient") knows or reasonably should know to be confidential. This includes: NOTHREAT source code, architecture, security methodologies, pricing, business plans, customer data, technical documentation, and the terms of this Agreement.

Confidential Information excludes information that: (i) becomes public without breach by Recipient; (ii) was already in Recipient's possession without confidentiality obligation; (iii) is independently developed by Recipient; (iv) is lawfully obtained from a third party without restriction; or (v) constitutes anonymised, aggregated metric data.

11.2 Obligations

Recipient shall: (i) hold Confidential Information in strict confidence; (ii) use it only for the purposes of this Agreement;

(iii) not disclose it to any third party except employees, contractors, legal advisors, and accountants with a legitimate need to know and bound by equivalent obligations; and (iv) apply at least the same care as it applies to its own confidential information of similar sensitivity.

11.3 Legally Required Disclosure

Recipient may disclose Confidential Information to the extent required by law or court order, provided it gives Discloser prompt prior written notice and cooperates in seeking a protective order.

Return or Destruction

Upon written request or termination, Recipient shall promptly return or destroy all Confidential Information and certify such destruction in writing. One archival copy may be retained solely to determine ongoing obligations.

11.4 Equitable Relief

Breach of this Section may cause irreparable harm for which monetary damages are inadequate. Either party may seek injunctive relief without posting a bond.

11.5 Survival

Obligations under Section 11 survive termination for three (3) years.

12. WARRANTIES AND DISCLAIMERS

12.1 Provider Warranty

Provider warrants that, during the Subscription Term, NOTHREAT used in accordance with this Agreement will operate substantially without material Incidents and will not contain malicious code at time of delivery.

Remedy for Incidents

For Incidents reported during the Subscription Term, Provider shall: (i) use commercially reasonable efforts to provide a workaround or correction; or (ii) terminate access and refund pre-paid fees pro-rated for the remaining Term. This is User's exclusive remedy for breach of the Section 12.1 warranty.

12.2 Disclaimer

EXCEPT AS SET OUT IN SECTION 12.1, NOTHREAT IS PROVIDED "AS IS" AND "AS AVAILABLE". PROVIDER DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. PROVIDER DOES NOT WARRANT THAT NOTHREAT WILL BE UNINTERRUPTED, ERROR-FREE, OR MEET USER'S SPECIFIC REQUIREMENTS.

12.3 No Security Guarantee

USER ACKNOWLEDGES THAT NOTHREAT IS A RISK-REDUCTION TOOL AND DOES NOT GUARANTEE DETECTION OR PREVENTION OF ALL CYBER THREATS. PROVIDER IS NOT RESPONSIBLE FOR SECURITY INCIDENTS THAT OCCUR NOTWITHSTANDING USE OF NOTHREAT.

13. LIMITATION OF LIABILITY

13.1 Cap on Liability

Except as expressly and specifically provided in this Agreement:

User assumes sole responsibility for results obtained from the use of Nothreat by User, and for actions arising from such use. Provider shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to Provider by the User in connection with the Platform, or any acts or omissions of  other User personnel, or any third parties;

all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this Agreement; and

the Platform is provided to the Customer on an "as is" basis.

13.2 Nothing in this Agreement excludes the liability of Provider:

for death or personal injury caused by Provider's negligence; or

for fraud or fraudulent misrepresentation.

13.3 Subject to clause 13.1 and clause 13.2:

Provider shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this Agreement; and

Provider's total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited to the total value of the fee paid by User in connection with the provision to it of the Platform during the 12 months immediately preceding the date on which the claim arose (where applicable), or in the case where no such fee was paid, the value that would normally have been payable at the price advertised by the Provider for the equivalent Services (i.e. the “list price”).

13.4 Exceptions

These limitations do not apply to: (i) breach of confidentiality obligations (Section 11); (ii) Provider's IP indemnification (Section 6); (iii) death or personal injury caused by Provider's negligence; or (iv) fraud or fraudulent misrepresentation.

14. UPDATES AND MODIFICATIONS

Provider may provide Updates at its discretion, which may be applied automatically. Provider will give at least 14 days' advance notice of material functionality changes, except for security updates, which may be immediate.

Provider shall not materially reduce core functionality during the Subscription Term without offering User the option to terminate with a pro-rated refund.

15. EXPORT CONTROL AND SANCTIONS

User shall not export, re-export, or make NOTHREAT available to any country, entity, or individual in violation of applicable export control and sanctions laws, including those of the United Kingdom (HM Treasury), European Union, and United States (OFAC).

User represents it is not located in, nor a national of, any embargoed or sanctioned country, and is not on any restricted or denied parties list.

16. FORCE MAJEURE

Neither party is liable for failure or delay caused by circumstances beyond its reasonable control, including: acts of God, war, terrorism, government actions, pandemic, internet or telecommunications outages, power failures, or labour disputes ("Force Majeure Event").

The affected party shall notify the other promptly if a Force Majeure Event continues for more than 60 days and in such circumstances  User may terminate and receive a pro-rated refund for the unused Subscription Term. Payment obligations are not excused by Force Majeure.

17. TERMINATION

Termination by User

User may terminate by: (i) ceasing use of NOTHREAT; and (ii) providing written notice at least 30 days before the next renewal date. No refund is available except as provided in Sections 12.1, 14, or 16.

Termination by Provider

Provider may terminate upon written notice if: (i) which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 14 days after being notified in writing to do so; (ii) User fails to pay and does not remedy within 14 days; (iii) any distress or execution is levied on User’s property or if User has a receiver, administrator, administrative receiver or manager appointed over the whole or any part of its assets, becomes insolvent, compounds or makes any arrangement with its creditors, commits any act of bankruptcy, is wound up or goes into liquidation or is unable to pay its debts as they fall due, or if the other party suffers any analogous proceedings under English law or any applicable foreign law; or (iv) User suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business

Effects of Termination

Upon termination: (i) all License rights immediately cease; (ii) User must stop all use and delete all installations; (iii) User may request data export within 30 days, after which Provider may delete User data; and (iv) all accrued payment obligations remain due.

17.1 Survival

Sections 2, 5, 7, 11, 12.2, 12.3, 13, 15, 17, 15.1, 18, and 19 survive termination.

18. CLICK-WRAP ACCEPTANCE

Methods of Acceptance

Checkbox: during registration or first login, checking «I have read and agree to the EULA»;

Button: clicking «I Agree» or «Accept» after being presented with this Agreement;

Login Acceptance: continued use after a published EULA update constitutes acceptance.

18.1 Acceptance Records

Provider shall maintain records of each acceptance: timestamp, IP address, EULA version, and method. Such records shall be admissible as evidence of agreement.

18.2 Updated Agreement

Users will be notified of updates by email and in-app notification at least 30 days before changes take effect. Users who decline updated terms will have read-only access for 14 days, after which access is suspended.

18.3 Authorised Acceptance

By accepting, User represents it has authority to bind itself or its organisation. Users must be at least 18 years of age or have appropriate authorisation.

19. GOVERNING LAW AND DISPUTE RESOLUTION

19.1 Governing Law

This Agreement is governed by the laws of England and Wales. The UN Convention on Contracts for the International Sale of Goods does not apply.

19.2 Dispute Resolution

In the event of any dispute, the parties shall first attempt good faith negotiation for 30 days. If unresolved, either party may submit the dispute to the exclusive jurisdiction of the courts of England and Wales.

20. MISCELLANEOUS

20.1 Entire Agreement

This Agreement together with the applicable Order constitutes the entire agreement between the parties and supersedes all prior agreements relating to its subject matter.

20.2 Amendments

Provider may update this EULA in accordance with Section 18.2. The latest version will be posted at: https://nothreat.io/eula. User may not amend this Agreement unilaterally.

20.3 Assignment

User may not assign this Agreement without Provider's prior written consent. Provider may assign to any affiliate or successor in connection with a merger, acquisition, or asset sale.

20.4 Severability

If any provision is held void or unenforceable, the remaining provisions continue in full force.

20.5 Waiver

No failure or delay in exercising any right or remedy shall operate as a waiver.

20.6 Notices

All notices shall be in writing to: legal@nothreat.com or 307 Euston Road, London, NW1 3AD, United Kingdom. Notices to User are sent to the email address on record.

20.7 No Third-Party Beneficiaries

This Agreement creates no rights for Distributors, Resellers, or other third parties. Distributors and Resellers are independent commercial intermediaries, not agents or guarantors of Provider's obligations.

Relationship of the Parties

The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, employment, or agency relationship.

21. ACCEPTANCE

By clicking «I Agree», installing, or accessing NOTHREAT, User acknowledges that it has read, understood, and agrees to be bound by this End-User License Agreement.

22. PROVIDER: NOTHREAT LIMITED

307 Euston Road, London, NW1 3AD, United Kingdom Contact: Nothreat Legal Team | Email: legal@nothreat.com

23. USER: Use-to-Accept Mechanism

By using Nothreat software, the user accepts that they have read and agree to the EULA.

NOTHREAT LIMITED | EULA v2.0 | England & Wales | © 2026 Nothreat Limited. All Rights Reserved.