Product-Specific Terms

Last revised: August 22, 2025

These Product-Specific Terms (the “PSTs”) apply to the products specified below. They supplement the Vanta Master Subscription Agreement available at https://www.vanta.com/terms or other such written agreement executed by Customer and Vanta for the purchase of Vanta’s products and services (the “Agreement”), as well as any other agreements to which the PSTs are attached. By executing an Order Form or another agreement that references the PSTs, or by accessing or using any of the products described in the PSTs, Customer is accepting all of the applicable terms and conditions set forth herein. All capitalized terms not defined in the PSTs have the meanings set forth in the Agreement (or if not defined in the Agreement, in the Master Subscription Agreement located at https://www.vanta.com/terms). Vanta may update the PSTs from time to time by posting the updated version to https://www.vanta.com/legal/product-specific-terms.

‍

Section 1. Continuous Monitoring.

‍‍

1.1. Continuous Monitoring Data.

‍

1.1.1. “Continuous Monitoring Data” is the proprietary data that Vanta generates and makes available to Customer as part of Continuous Monitoring features. Subject to the Agreement, Vanta hereby grants Customer the right to access and use Continuous Monitoring Data solely for Customer’s internal business purposes in connection with the Services.

‍

1.2. Restrictions.

‍

1.2.1. Customer acknowledges and agrees that Continuous Monitoring Data, and any derivatives thereof, is considered “Services Information” for purposes of the Agreement and is understood to be Vanta Confidential Information. Customer will not (i) remove Continuous Monitoring Data from the Services except as explicitly permitted by any applicable documentation provided to Customer, (ii) copy, distribute, publish, or publicly display Continuous Monitoring Data, or (iii) use Continuous Monitoring Data in a way that is unlawful, defamatory, or harassing.

‍

Section 2. XBOW Services Integration.

‍

2.1. Generally. The XBOW Services consist of XBOW penetration testing services (the “Tests”) made available to Customer via an integration with the Vanta Services, provided in exchange for credits (the “XBOW Credits”). Customer’s purchase of XBOW Credits and use of the XBOW Services, including Tests, is subject to the Agreement and the PSTs set forth in this Section 2.

‍

2.2. Time-Limited Credit Term. When Customer purchases XBOW Credits, Customer receives a time-limited single-use right to use the XBOW Credits to run Tests. XBOW Credits will be valid for up to one year (the “Credit Term”) unless the applicable Order or Order Form explicitly states otherwise, provided that the Credit Term will in all cases automatically end upon the termination or expiration of Customer’s Vanta subscription. Unused XBOW Credits will expire at the end of the applicable Credit Term and cannot be rolled over or refunded.

‍

2.3. Use of Credits.

‍

2.3.1. Credits and Endpoints. The number of XBOW Credits necessary to run a Test depends on the estimated number of terminal URL paths identified by the XBOW Services (each, an “Endpoint”), with one XBOW Credit required for each Endpoint included in the Test. Customer must have the required number of XBOW Credits in order to run a Test. If Customer has more XBOW Credits than required to run a Test, the unused balance of XBOW Credits will remain valid for the duration of the applicable Credit Term.

‍

2.3.2. Testing Period. Customer may initiate and run Tests from the Services. Customer may have the right to re-run a Test within a defined period (e.g., two weeks) following the first initiation of the Test solely to the extent set forth in the documentation.

‍

2.4. Third Party Services.

‍

2.4.1. XBOW’s Terms. Customer acknowledges and agrees that the XBOW Services, including any access to and use of XBOW’s API as integrated with the Services, are Third Party Services and that Customer’s use of the XBOW Services is governed by and subject to the terms and conditions set forth at xbow.com/eula and xbow.com/dpa (the “XBOW Terms”).

‍

2.4.2. Authorization to Transfer Data. Customer hereby authorizes Vanta to transfer Customer Information, Customer Account Data, and Usage Data to XBOW solely in connection with Customer’s use of the XBOW Services and acknowledges that XBOW’s processing of such data is governed by the XBOW Terms.

‍

2.5. Customer Responsibilities. Customer represents and warrants that Customer has all necessary authorizations, rights, permissions, and consents to target, scan, monitor, or test the networks, websites, systems, IP addresses, assets, hardware, and/or other electronic or online resources (as applicable) via the XBOW Services.

‍