Product-Specific Terms
Last revised: August 22, 2025
These Product-Specific Terms (the “PSTs”) apply to the products specified below. They supplement the Vanta Master Subscription Agreement available at https://www.vanta.com/terms or other such written agreement executed by Customer and Vanta for the purchase of Vanta’s products and services (the “Agreement”), as well as any other agreements to which the PSTs are attached. By executing an Order Form or another agreement that references the PSTs, or by accessing or using any of the products described in the PSTs, Customer is accepting all of the applicable terms and conditions set forth herein. All capitalized terms not defined in the PSTs have the meanings set forth in the Agreement (or if not defined in the Agreement, in the Master Subscription Agreement located at https://www.vanta.com/terms). Vanta may update the PSTs from time to time by posting the updated version to https://www.vanta.com/legal/product-specific-terms.
Section 1. Continuous Monitoring.
1.1. Continuous Monitoring Data.
1.1.1. “Continuous Monitoring Data” is the proprietary data that Vanta generates and makes available to Customer as part of Continuous Monitoring features. Subject to the Agreement, Vanta hereby grants Customer the right to access and use Continuous Monitoring Data solely for Customer’s internal business purposes in connection with the Services.
1.2. Restrictions.
1.2.1. Customer acknowledges and agrees that Continuous Monitoring Data, and any derivatives thereof, is considered “Services Information” for purposes of the Agreement and is understood to be Vanta Confidential Information. Customer will not (i) remove Continuous Monitoring Data from the Services except as explicitly permitted by any applicable documentation provided to Customer, (ii) copy, distribute, publish, or publicly display Continuous Monitoring Data, or (iii) use Continuous Monitoring Data in a way that is unlawful, defamatory, or harassing.
Section 2. XBOW Services Integration.
2.1. Generally. The XBOW Services consist of XBOW penetration testing services (the “Tests”) made available to Customer via an integration with the Vanta Services. Customer’s purchase of Tests and use of the XBOW Services is subject to the Agreement and the PSTs set forth in this Section 2.
2.2. Time-Limited Credit Term. When Customer purchases a Test, Customer receives a time-limited single-use right to use such Test. Tests are valid for up to one year (the “Test Term”) unless the applicable Order or Order Form explicitly states otherwise, provided that the Test Term will in all cases automatically end upon the termination or expiration of Customer’s Vanta subscription. Unused Tests will expire at the end of the applicable Test Term and cannot be rolled over or refunded.
2.3. Use of Tests.
2.3.1. Tests, Applications, and Eligibility. Each individual Test is valid for one Customer application. The ability to successfully run and complete a Test depends on technical eligibility criteria including but not limited to those set forth in the Vanta Services and the XBOW Services. Customer acknowledges and agrees that it may not be possible to successfully run and complete a Test if their application does not meet such criteria.
2.3.2. Testing Period. Customer may initiate Tests from the Vanta Services, thereby launching the Test in the XBOW Services. Customer may have the right to re-run a Test within a defined period (e.g., two weeks) following the first initiation of the Test solely to the extent set forth in the documentation.
2.4. Third Party Services.
2.4.1. XBOW’s Terms. Customer acknowledges and agrees that the XBOW Services, including any access to and use of XBOW’s API as integrated with the Services, are Third Party Services and that Customer’s use of the XBOW Services is governed by and subject to the terms and conditions set forth at xbow.com/eula and xbow.com/dpa (the “XBOW Terms”).
2.4.2. Authorization to Transfer Data. Customer hereby authorizes Vanta to transfer Customer Information, Customer Account Data, and Usage Data to XBOW solely in connection with Customer’s use of the XBOW Services and acknowledges that XBOW’s processing of such data is governed by the XBOW Terms.
2.5. Customer Responsibilities. Customer represents and warrants that Customer has all necessary authorizations, rights, permissions, and consents to target, scan, monitor, or test the networks, websites, systems, IP addresses, assets, hardware, and/or other electronic or online resources (as applicable) via the XBOW Services.
