Breach Plan Connect -

Posted: October 3rd, 2025

Effective Date: October 3rd, 2025

Welcome, and thank you for using Breach Plan Connect® (hereafter, “BPC”). The following Terms of Service ("Terms") cover your use and access to our Software-as-a-Service (SaaS) hosted incident response services, software, and Web sites (collectively, “Services”). If you reside anywhere throughout the world, your agreement is with Network Standard Corp (incorporated in the Commonwealth of Pennsylvania USA), doing business as NetDiligence. Our Privacy Policy explains how we collect and use your information while our Acceptable Use Policy outlines your responsibilities when using our Services. By using our Services, you're agreeing to be bound by these Terms, and by extension, our corporate Privacy Policy and Acceptable Use Policy. If you're using our Services for an organization, you're agreeing to these Terms on behalf of that organization.

Your BPC Record Data & BPC Platform Management Data

When you use BPC, you may be providing and storing important information (“BPC Record Data”) that reflects your organization’s incident response plan (“IRP”) procedures, employee roles, vendor contacts, and significant details relating to information security incidents or privacy data breach events that have impacted your organization. BPC Record Data that you personally add/upload/create belongs to your organization as a corporate (not personal) information asset. These Terms don't give us any rights to your BPC Record Data except for the limited rights described below that enable us to offer the Services.

Regarding ‘Insured Access’ BPC Program Subscribers: If you have received complimentary access to Breach Plan Connect through your Cyber Insurance Carrier as part of the “Insured Access” Program, your use of BPC is specifically dependent upon our sharing of your limited contact information and limited elements of your BPC usage with your participating Cyber Insurance Carrier, and a supporting program vendors. If you do NOT consent to share this information with these key partners, you may not use BPC within the context of the Insured Access Program. Please let us know immediately (at support@breachplanconnect.com) of your non-acceptance of the Insured Access Program requirements so that we can terminate your account and remove any populated data up to that point. We would be delighted to offer your organization a separate individual BPC subscription at a discounted rate via direct invoicing to your organization. For more details on the Insured Access Program, please see the Insured access tab.

We recognize that certain data you disclose to us, including BPC Record Data, may be confidential or proprietary (meaning information that is marked as “confidential”, “proprietary” or by similar marking, or information which, given the nature of the information and circumstances of its disclosure, would reasonably be understood to be confidential). We agree that we will protect your confidential information using the same standard of care and diligence that we use to protect our own confidential information.

Some of the Services facilitate contact with vendors that you have chosen to populate (either from among those that we publish or that you provide) in your BPC Record Data as a necessary function of the BPC environment. In such cases where the intended operation of BPC features incorporates contact with such vendors, you grant us permission to initiate such contact on your behalf.

Beyond that, you also grant us permission to host and store your BPC Record Data in appropriate venues and ways that reflect contemporary information security protection standards. As of the “Effective Date” listed at the top of this Terms document, all BPC Record Data is hosted at Amazon Web Services Elastic Compute Cloud (“AWS EC2”) (please see: https://aws.amazon.com/ec2/?nc2=h_prod_fs_ec2), for which we seek and confirm evidence of current SSAE 18 / SOC 2 compliance on an ongoing basis as a condition of continued use of their hosting services. Our Service Level Agreement (“SLA”) terms for availability of the Services map exactly to those provided by AWS EC2, which, as of the Effective Date of this Terms of Service document, is currently set at 99.99%.

You grant us permission to actively manage the BPC environment – including your BPC Record Data – to facilitate 24x7x365 access, data integrity, protection against accidental/malicious disclosure, and compliance with any legal or regulatory requirements that may be imposed upon NetDiligence as a condition of providing continued Services. Your permission in these cases extends to our affiliates and trusted third parties who assist us in providing the Services.

Finally, you grant us permission to utilize your BPC Record Data – along with that of all BPC clients – to generate aggregated user data statistics, patterns and trends that can help us improve the effectiveness of the Services, as well as for external research purposes within the cyber insurance industry. We guarantee that all such use will rely upon de-identification of such BCP Data so that it cannot be traced back to you, your account, your organization, or any element of your specific activities within the BPC platform.

Apart from your BPC Record Data, NetDiligence requires the creation, use and storage of critical operational information that facilitates the functioning of the BPC platform. We designate such information as BPC Platform Management Data. BPC Platform Management Data may include – among other examples - tokens and IDs that uniquely identify client devices that are utilized in furtherance of the mobile application elements of the BPC service. In addition to being necessary for the proper operation of the mobile application for functions such as push notifications and other valued features, such data will be recorded and maintained within system/application logging data/files within the NetDiligence environment. BPC Platform Management Data will be subject to contemporary record retention policies. Sharing of BPC Platform Management Data outside of NetDiligence and its technology support partners is prohibited unless: (a) compelled under request by legal authorities, (b) as a required element of any cyber security breach investigation that implicates the BPC service, and/or (c) as previously described for participants in the Carrier-paid “Insured Access” Program.

Your Responsibilities

You are responsible for your conduct within the BPC platform. Your BPC Record Data and all activities undertaken by you within the BPC platform must comply with our Acceptable Use Policy. While you are licensed to broadly utilize the Services in managing your organization’s incident response plan (IRP) requirements and capabilities, much of the content we provide may be protected by others' intellectual property rights. Except for those tasks explicitly related to your IRP roles and functions, please don't copy or download such content for the purpose of reselling it or otherwise distributing it to unlicensed individuals or organizations. We value our intellectual property and that belonging to our partners, and will work diligently to ensure that it is not stolen, abused, or dissipated without recourse against those who would undertake such actions.

If we have reasonable reason to do so, we may review your conduct and content (including BPC Records) for compliance with these Terms and our Acceptable Use Policy. With that said, we have no obligation to do so. We aren't responsible for the veracity or legality of the content you provide. If we are requested by governmental authorities or opposing counsel in a legal action to remove BPC Records or supply them to an appropriate governmental body under penalty of a lawfully obtained warrant or subpoena, we will review our options and take legally appropriate/required action – which, unless prohibited by law, will include notice to your organization in a manner and time consistent with the conditions present - and regulatory requirements - associated with any such event

Help us keep you informed and your BPC Record Data protected. Safeguard your password (and multi-factor authentication access) to the Services, and keep your account information current. Don't share your account credentials or give others access to your account. Our BPC platform authorizes you (or your organizational administrator) to create and distribute BPC accounts to all appropriate stakeholders within your IRP program.

You may use our Services only as permitted by applicable law, including export control laws and regulations. Finally, our Services are not intended for, and may not be used by, people under the age of 13. By using our Services, you are representing to us that you're over 13 years of age.

Software and Mobile Apps

Some of our Services allow you to download client software ("Software") which may update automatically. So long as you comply with these Terms, we give you a limited, nonexclusive, nontransferable, revocable license to use the Software, solely to access the Services. To the extent any component of the Software may be offered under an open source license, we'll make that license available to you and the provisions of that license may expressly override some of these Terms. Unless the following restrictions are prohibited by law, you agree not to reverse engineer or decompile the Services, attempt to do so, or assist anyone in doing so.

If you are utilizing our Services via mobile-based applications (“Apps”) provided through either the Apple or Android Stores, respectively, you are legally bound to do so in a manner that is fully compliant with their rules for such use on their respective device platforms. Such rules operate in addition to – and not in place of – the rules for use of the Software set by NetDiligence.

Beta Services

We sometimes release products and features that we are still testing and evaluating (“Beta Services”). Those Beta Services have been marked beta, preview, early access, or evaluation (or with words or phrases with similar meanings) and may not be as reliable as existing BPC Services, so please keep that in mind. If you have any doubts whatsoever, do not attempt to utilize beta versions of our Services. We totally understand that running beta versions are not for everyone – and we hope that you do too. Without your explicit request/approval, we will never port your account and BPC Record Data for live production use within a Beta Services version of BPC.

Reiterating The Importance Of Our Intellectual Property Rights And Those Of Our Partners

The Services are protected by copyright, trademark, and other US and foreign laws. These intellectual property rights belong to NetDiligence, as well as to many of our partners. These Terms don't grant you any right, title or interest in the Services, our partners’ content in the Services, NetDiligence trademarks, logos and other brand features. We welcome feedback, but note that we may use comments or suggestions without any compensation or credit recognition obligation to you.

Copyright, Trademark, and Intellectual Property Protection

We respect the intellectual property of others and ask that you do too. We respond to notices of alleged copyright, trademark, and intellectual property infringement if they comply with the law, and such notices should be reported using our Copyright Policy. We reserve the right to delete or disable content alleged to be infringing and terminate accounts of repeat infringers. Our designated agent for notice of alleged copyright infringement on the Services is:

Copyright Agent
Network Standard Corporation, d/b/a NetDiligence
P.O. Box 204
Gladwyne, PA 19035
management@netdiligence.com

Subscription Payments For Breach Plan Connect (BPC)

Breach Plan Connect (BPC) is provided to you on a subscription-only basis, and your continued use of BPC and all included Services is conditioned upon continued payment of annual subscription fees. If you are an individual retail subscriber to BPC, you will be notified in advance of subscription renewal terms and then current pricing at least 30 days prior to the scheduled end-date of your current subscription. If renewal payments are not made and cleared by the scheduled end-date, NetDiligence may elect in its discretion to suspend or delete your account and its contents – but not before giving you 30-day advance written notice of cancellation, in order to provide you with a full opportunity to retrieve a copy of your BPC Record Data. If an “auto-renew” payment option is available, we will automatically renew your subscription against the payment card information you have kept on file, subject to your prior cancellation of your subscription. You are responsible for all applicable taxes, and we'll charge tax when required to do so. Some countries have mandatory local laws regarding your cancellation rights, and this paragraph doesn't override these laws. For purposes of tax obligations within different global geographies and jurisdictions, BPC is a service that originates exclusively within the United States of America.

If your BPC account has been provided to you by a third party – such as a cyber insurance policy carrier – on your behalf, your continued access to the Services are subject to the terms imposed upon you by said third party in conformance with an established license relationship that they maintain with NetDiligence.

Annual subscription fees for BPC are generally not refundable, and are provided only in cases where required by law. In our discretion, we may elect to offer refunds for unusual or hardship circumstances.

We may change the fees in effect at the time of your next annual renewal, but will give you advance notice at least 30 days ahead of these changes via a message to the email address associated with your account.

Termination

You're free to stop using our Services at any time. We reserve the right to suspend or terminate your access to the Services with notice to you if:

(a) you're in breach of these Terms,
(b) you're using the Services in a manner that violates applicable law, and/or would cause a real risk of harm or loss to us or other users, or
(c) you have not paid your annual subscription renewal and your current subscription end-date has been reached.

We'll provide you with reasonable advance notice (which in no case will be less than 30 days) via the email address associated with your account to remedy the activity that prompted us to contact you and give you the opportunity to export your BPC Record Data from our Services. If after such notice you fail to take the steps we ask of you, we reserve the right to terminate or suspend your access to the Services.

We won't provide notice before termination where:

(a) you're in material breach of these Terms, and where such breach may risk a technical compromise risk of the BPC platform or subject us to potential legal liability for failure to take prudent remediation steps, or (b) we're otherwise prohibited from doing so by law.

You may terminate the Services if we are in breach of these Terms and fail to cure such breach within 30 days of your notifying us of such breach. In such a case, we will give a full opportunity to export your BPC Record Data from our platform, and provide you with a pro-rata refund of fees associated with the remaining time on your annual subscription.

Discontinuation of Services

We may decide to discontinue the Services in response to unforeseen circumstances beyond NetDiligence’s control or to comply with a legal requirement. If we do so, we'll give you reasonable prior notice so that you can export your BPC Record Data from our systems. If we discontinue Services in this way before the end of any fixed or minimum term you have paid us for, we'll refund the portion of the fees you have pre-paid but haven't received Services for.

Services "AS IS"

We strive to provide great Services, but there are certain things that we can't guarantee. TO THE FULLEST EXTENT PERMITTED BY LAW, AND EXCEPT AS SET FORTH IN THIS AGREEMENT, NETDILIGENCE AND ITS AFFILIATES, SUPPLIERS AND DISTRIBUTORS MAKE NO WARRANTIES, EITHER EXPRESS OR IMPLIED, ABOUT THE SERVICES. THE SERVICES ARE PROVIDED "AS IS." WE ALSO DISCLAIM ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. Some places don't allow the disclaimers in this paragraph, so they may not apply to you.

Notwithstanding the above, we represent and warrant that the Services will be: (a) provided in a good and workmanlike manner, (b) in accordance with all applicable laws, and (c) through the implementation of commercially reasonable technical, administrative and physical security measures to ensure the availability, confidentiality, and integrity of the Services.

Limitation of Liability

IN NO EVENT SHALL NETDILIGENCE (OR ANY AFFILIATE PARTY) BE LIABLE FOR ANY ACT, ERROR OR OMISSION BY ANY VENDOR, LOSS OF PROFITS, LOSS OF USE, LOSS OF DATA, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES OR INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH OR ARISING OUT OF THIS AGREEMENT, HOWEVER CAUSED, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT OR OTHERWISE), AND WHETHER OR NOT THE POSSIBILITY OF SUCH DAMAGES HAS BEEN DISCLOSED TO THE PARTIES IN ADVANCE OR COULD HAVE BEEN REASONABLY FORESEEN BY SUCH PARTIES. NETDILIGENCE’S (AND/OR ANY OF THEIR AFFILIATE’S) TOTAL LIABILITY ON ANY CLAIM, LOSS OR LIABILITY ARISING OUT OF OR CONNECTED WITH THESE TERMS - WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY - SHALL NOT EXCEED THE FEES PAID BY YOU DURING THE CURRENT SUBSCRIPTION PERIOD.

WE DON'T EXCLUDE OR LIMIT OUR LIABILITY TO YOU WHERE IT WOULD BE ILLEGAL TO DO SO—THIS INCLUDES ANY LIABILITY FOR NETDILIGENCE’S OR ITS AFFILIATES' FRAUD OR FRAUDULENT MISREPRESENTATION IN PROVIDING THE SERVICES. IN COUNTRIES WHERE THE FOLLOWING TYPES OF EXCLUSIONS AREN'T ALLOWED, WE'RE RESPONSIBLE TO YOU ONLY FOR LOSSES AND DAMAGES THAT ARE A REASONABLY FORESEEABLE RESULT OF OUR FAILURE TO USE REASONABLE CARE AND SKILL OR OUR BREACH OF OUR CONTRACT WITH YOU. THIS PARAGRAPH DOESN'T AFFECT CONSUMER RIGHTS THAT CAN'T BE WAIVED OR LIMITED BY ANY CONTRACT OR AGREEMENT.

Resolving Disputes

We want to address your concerns without needing a formal legal case. Before filing a claim against NetDiligence, you agree to try to resolve the dispute informally by contacting management@netdiligence.com. We'll try to resolve the dispute informally by contacting you via email. If a dispute is not resolved within 30 days of submission, you or NetDiligence may bring a formal proceeding. You and NetDiligence agree that any judicial proceeding to resolve claims relating to these Terms or the Services will be brought in the Federal or State courts of Philadelphia, Commonwealth of Pennsylvania. Both you and NetDiligence consent to venue and personal jurisdiction in such courts. If you reside in a country (for example, European Union member states) with laws that give consumers the right to bring disputes in their local courts, this paragraph doesn't affect those requirements.

Controlling Law

These Terms will be governed by Pennsylvania law, unless local laws mandate an alternative choice.

Entire Agreement

These Terms constitute the entire agreement between you and NetDiligence with respect to the subject matter of these Terms, and supersede and replace any other prior or contemporaneous agreements, or terms and conditions applicable to the subject matter of these Terms. These Terms create no third party beneficiary rights (except as noted above in the case of the Carrier-paid “Insured Access” Program).

Waiver, Severability & Assignment

NetDiligence's failure to enforce a provision is not a waiver of its right to do so later. If a provision is found unenforceable, the remaining provisions of the Terms will remain in full effect and an enforceable term will be substituted reflecting our intent as closely as possible. You may not assign any of your rights under these Terms, except to a successor in interest via the legal acquisition of your organization, who in turn agrees to be bound by the Terms without further modification. NetDiligence may assign its rights to any of its affiliates or subsidiaries, or to any successor in interest of any business associated with the Services.

Modifications

We may revise these Terms from time to time to better reflect:

(a) changes to the law,
(b) new regulatory requirements, or
(c) improvements or enhancements made to our Services.

If an update affects your use of the Services or your legal rights as a user of our Services, we'll notify you prior to the update's effective date by sending an email to the email address associated with your account or via an in-product notification. These updated terms will be effective no less than 30 days from when we notify you.

If you don't agree to the updates we make, please cancel your account before they become effective. Where applicable, we'll offer you a prorated refund based on the amounts you have prepaid for Services and your account cancellation date. By continuing to use or access the Services after the updates come into effect, you agree to be bound by the revised Terms.

Posted: October 3rd, 2025

Effective Date: October 3rd, 2025

NetDiligence services, such as eRiskHub^®, Breach Plan Connect™, and QuietAudit^®, are used by a variety of clients in many different types of settings, and we are grateful for your support. As a condition of benefitting from these offerings, we trust you to use our services responsibly.

You agree not to misuse NetDiligence services ("Services") or help anyone else to do so. For example, you must not even try to do any of the following in connection with the Services:

probe, scan, or test the vulnerability of any system or network;
breach or otherwise circumvent any security or authentication measures;
access, tamper with, or use non-public areas or parts of the Services, or shared areas of the Services you haven't been invited to;
interfere with or disrupt any user, host, or network, for example by sending a virus, overloading, flooding, spamming, or mail-bombing any part of the Services;
access, search, or create accounts for the Services by any means other than our publicly supported interfaces (for example, "scraping" or creating accounts in bulk);
send unsolicited communications, promotions or advertisements, or spam;
send altered, deceptive or false source-identifying information, including "spoofing" or "phishing";
promote or advertise products or services other than your own without appropriate authorization;
abuse referrals or promotions to get more storage space than deserved;
circumvent storage space limits;
sell or publicly redistribute the Services unless specifically authorized to do so;
publish or share materials that are unlawfully pornographic or indecent, or that contain extreme acts of violence;
advocate bigotry or hatred against any person or group of people based on their race, religion, ethnicity, sex, gender identity, sexual preference, disability, or impairment;
violate local, State, or Federal/National laws in any way, including storing, publishing or sharing material that's fraudulent, defamatory, or misleading; or
violate the privacy or infringe the rights of others.

Posted: October 3rd, 2025

Effective Date: October 3rd, 2025

NetDiligence respects the intellectual property rights of others and expects its users to do the same. In accordance with the Digital Millennium Copyright Act of 1998 (and as amended/referenced in later years), the text of which may be found on the updated U.S. Copyright Office website at https://www.copyright.gov/dmca/. NetDiligence will respond expeditiously to claims of copyright infringement committed using the NetDiligence services ("Services") if such claims are reported to NetDiligence's Designated Copyright Agent identified in the sample notice below.

If you are a copyright owner, authorized to act on behalf of one, or authorized to act under any exclusive right under copyright, please report alleged copyright infringements taking place on or through the Site by completing the following DMCA Notice of Alleged Infringement and delivering it to NetDiligence's Designated Copyright Agent. Upon receipt of Notice as described below, NetDiligence will take whatever action, in its sole discretion, it deems appropriate, including removal of the challenged content from the Site.

DMCA Notice of Alleged Infringement (“Notice”)

Identify the copyrighted work that you claim has been infringed, or - if multiple copyrighted works are covered by this Notice - you may provide a representative list of the copyrighted works that you claim have been infringed.
Identify the material or link you claim is infringing (or the subject of infringing activity) and to which access is to be disabled, including at a minimum, if applicable, the URL of the link shown on the Site or the exact location where such material may be found.
Provide your company affiliation (if applicable), mailing address, telephone number, and, if available, email address.
Include both of the following statements in the body of the Notice:
- “I hereby state that I have a good faith belief that the disputed use of the copyrighted material is not authorized by the copyright owner, its agent, or the law (e.g., as a fair use).”
- “I hereby state that the information in this Notice is accurate and, under penalty of perjury, that I am the owner, or authorized to act on behalf of, the owner, of the copyright or of an exclusive right under the copyright that is allegedly infringed.”
Provide your full legal name and your electronic or physical signature.

Deliver this Notice, with all items completed, via U.S. Mail, to NetDiligence's Designated Copyright Agent:

Posted: October 3rd, 2025

Effective Date: October 3rd, 2025

Thanks for using NetDiligence services, such as eRiskHub^®, Breach Plan Connect^®, and QuietAudit^®. Here we describe how we collect, use and handle your information when you use our Web sites, software and services ("Services").

What & Why

We collect and use the following information to provide, improve and protect our Services:

We collect, and associate with your account, information like your name, email address, phone number, payment info (via our secure payment processor), physical corporate address, and account activity. Some of our services let you access your accounts and your information with other service providers.

Our Services are designed to make it simple for you to manage/improve your organization's overall cyber risk profile, including via participation in applications (such as Breach Plan Connect™ that allow you to provide and store data (such as Breach Plan Connect™ records) and access same across multiple devices. To make that possible, we safely store, process, and transmit your encrypted data, as well as information related to it. This related information can be things like your organizational contact data that makes it easier to collaborate with other members of your organization and vendors who work with us to support our Services and your utilization of them. Our Services, where appropriate, can provide you with different options for minimally sharing your data.

We collect information related to how you use the Services, including actions you take in your account. This helps us provide you with improved features over time. In addition, we use de-identified data from our users for cyber risk-related research purposes in aggregated formats so that individual data elements cannot be traced back to their original owners.

We may also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.

We may use technologies like session cookies and pixel tags to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services.

With Whom

We may share information as discussed below, but we won't sell it to advertisers or other third parties.

NetDiligence uses certain trusted third parties (for example, providers of customer support and IT services) to help us provide, improve, protect, and promote our Services. These third parties may access your information seldomly and only to perform tasks on our behalf in compliance with this Privacy Policy, and we'll remain responsible for their handling of your information per our instructions.

Our Services display information like your name, profile picture, and email address to other users in places like your Breach Plan Connect (BPC) user profile and incident response plan documentation. When you further rely upon nomination of supporting incident response and legal vendors within Breach Plan Connect or other Services as elements within your overall BPC Data Record, we may notify the selected vendors – including specifically in cases where your BPC Data Record implicates contact with them to help you address/resolve incident investigation, remediation, and prevention requirements. Under the Terms of Service for the Insured Access Program, we may additionally share additional data with participating Partners in that specific Program (please see the Insured Access tab for additional details).

If you are the designated account administrator for an organization, such as with our Breach Plan Connect service, you are deemed responsible for the creation and management of additional user accounts within your organizational subscription. This means that you are expected – along with NetDiligence – to guard against the unauthorized exposure of user account credentials within the context of your organization's ongoing subscription activities.

We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of any NetDiligence Service or our users; or (d) protect NetDiligence's intellectual property rights (and/or those of our supporting partners).

How

We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe, and may bring these added features to your attention whenever they have been integrated into the platforms of Breach Plan Connect™ or any of our other Services.

We'll retain information you store on our Services for as long as we need it to provide you the Services. If you delete your account, we'll also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements. You can access your profile information by logging on to your account, and we provide mechanisms for updating same within Breach Plan Connect™ and all of our Services.

Where

To provide you with the Services, we may store, process and transmit information in the United States and locations around the world - including those outside your country. Information may also be stored locally on the devices you use to access the Services.

Changes

If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you.

Contact

Have questions or concerns about NetDiligence, our Services and privacy? Contact us at management@netdiligence.com

Posted: October 3rd, 2025

Effective Date: October 3rd, 2025

These Insured Access Program Terms (“Program Terms”) describe participation in the NetDiligence^® Breach Plan Connect™ (“BPC”) Insured Access Program (the “Program”).

1) Overview

The Program enables eligible cyber insurance policyholders (“Policyholders”) to use BPC with support arranged by their participating cyber insurance carrier (“Carrier”). Carriers may engage a variety of Program Partners to support Policyholders’ readiness—such as breach coach law firms, DFIR providers, credit/ID monitoring providers, notification vendors, and related incident-response specialists. The aim is to help Policyholders stand up and maintain a practical incident response plan (“IRP”) in BPC.

2) Eligibility & Enrollment

Eligibility. Participation is offered at the Carrier’s discretion to its Policyholders that meet the Carrier’s criteria.
Enrollment. If invited, a Policyholder enrolls using instructions provided by the Carrier or NetDiligence.

3) Program Benefit (Subscription)

No-cost while covered. The Policyholder’s BPC subscription is no-cost for as long as they remain a Policyholder with the participating Carrier and the Carrier continues this Program.
If coverage changes. If a Policyholder leaves the Carrier (or otherwise ceases to be covered by that Carrier) and wishes to keep BPC, the subscription will convert to a Policyholder-paid plan at then-current rates (discounts may be offered at NetDiligence’s discretion).
If the Carrier ends the Program. If the participating Carrier does not renew or discontinues the Program, NetDiligence will provide reasonable notice. The Policyholder may (a) convert to a Policyholder-paid plan, or (b) discontinue BPC.
Notice. NetDiligence will provide reasonable advance notice of any required action or change in billing status.

4) Roles & Responsibilities

NetDiligence. Provides the BPC platform and general product support.
Carrier & Program Partners. May offer guidance to help the Policyholder establish and maintain their IRP. They are independent from NetDiligence and are responsible for their own services.
Policyholder. Owns its IRP content and is responsible for accuracy, updates, and access controls within its BPC account.

5) Program Partners in Your IRP

Pre-positioned contacts. To streamline response workflows, the Carrier may request that contact information for certain Program Partners be pre-positioned in the Policyholder’s BPC account (e.g., hotline numbers or engagement emails).
Your choice of vendors. The Policyholder may add, remove, or replace vendors in BPC at any time. Vendor changes may affect coverage or claims processes; consult your Carrier before making changes.

6) Limited Data Disclosures for Program Administration

To support readiness and coordination, limited account metadata may be shared with the participating Carrier and/or Program Partners, strictly for Program administration and response preparedness. This may include:

The Policyholder’s designated BPC primary contact (e.g., Internal Breach Manager name and business contact details);
The Policyholder’s selected vendors by category as listed in BPC; and
The “Last Updated” timestamp for the Policyholder’s IRP in BPC.

No IRP content, uploaded documents, or incident details are shared by NetDiligence under the Program unless the Policyholder initiates sharing, provides written authorization, or sharing is required by law.

7) Security, Availability, and Support

NetDiligence operates BPC with commercially reasonable security and availability practices and provides standard product support. Any readiness assistance from Carriers or Program Partners is separate from NetDiligence’s platform support.

8) Appropriate Use

Policyholders must use BPC in a lawful and responsible manner, refrain from misuse or abuse of the service, and avoid storing or transmitting content they lack rights to use.

9) Changes, Suspension, and Termination

NetDiligence may update the Program or these Program Terms from time to time. The Carrier or NetDiligence may suspend or end a Policyholder’s participation for misuse or failure to meet participation criteria. Material changes to participation status (including billing changes) will be communicated with reasonable notice.

10) Independent Services; No Legal Advice

Program Partners are independent from NetDiligence and are solely responsible for their services. Nothing in the Program or BPC constitutes legal advice; Policyholders should consult their own counsel and Carrier regarding coverage, panel requirements, and vendor approvals.

11) Contact

Questions about the Program: support@breachplanconnect.com
Coverage, eligibility, or claim questions: contact your Carrier.