ACCEPTABLE USE POLICY ADDENDUM
Last Updated: July 14, 2026
Purpose and Scope
This Acceptable Use Policy Addendum (this "Policy") is at all times subject to your contractual agreement governing use of Cofense products (the “Agreement”). The conduct and usage restrictions set forth in this Policy govern access by Customer and its Authorized Users to Cofense PhishMe and the Cofense Command Center, including its features such as the Customization Portal (collectively, the "Services"). Customer and its Authorized Users must promptly notify Cofense of any actual or suspected illegal or unauthorized activity or a security breach involving the Services.
Definitions
The following short-form definitions apply for purposes of this Policy. They are intended as summaries consistent with, and not to narrow, the fuller definitions of these terms that may be set forth in the Agreement; the Agreement’s definitions govern in the event of any conflict.
“Authorized Users” means Customer’s authorized employees, agents, or independent contractors, each assigned a unique email address, who may access or use the Services or send or receive email in connection with the Services.
“Intellectual Property Rights” means all copyright, trademark, patent, trade secret, moral rights, rights of publicity, and other intellectual property rights of any kind, whether now existing or later arising, anywhere in the world.
“Cofense IP” means Cofense’s proprietary materials, including the Services, Cofense’s confidential information, threat intelligence and related tools, documentation, aggregate data (aggregated and de-identified data that cannot be used to identify any individual), and any proprietary processes, methods, templates, or forms.
Prohibited Uses
If Customer creates their own customized simulations using the Services or creates or customizes phishing simulation content using the Customization Portal, including content created or modified using AI-enabled features of the Services (an “AI Feature”), such as uploading images or submitting prompts to generate simulation content, as an interactive computer service, Customer and its Authorized Users may not:
- disseminate material that is abusive, obscene, pornographic, defamatory, harassing, grossly offensive, vulgar, threatening, or malicious;
- disseminate materials that would constitute an infringement upon the patents, copyrights, trademarks, trade secrets or other intellectual property rights of others;
- disseminate materials that would constitute impersonation of any governmental agency, or use an image, name, or likeness of any real, identifiable individual — including an employee, executive, contractor, or other individual within or affiliated with Customer’s organization — without Customer having the lawful right and, where required by applicable law or Customer’s internal policies, appropriate notice or consent to use that individual’s likeness for phishing simulation or security awareness purposes;
- remove any disclaimers from any Cofense IP or materials;
- use third-party logos without prominent disclaimers of trademark ownership, relationship and/or affiliation;
- use the Services for any illegal purpose, or in violation of any laws;
- disseminate materials that would give rise to liability under the Computer Fraud and Abuse Act;
- use the Services to commit fraud or engage in other misleading or deceptive activities;
- upload to, or transmit from, the Services any viruses, worms, defects, Trojan horses, time-bombs, malware, spyware, or any other computer code of a destructive or interruptive nature, or any input, prompt, or file intended to manipulate, exploit, jailbreak, or circumvent the intended functionality, content restrictions, or safety controls of any AI Feature;
- remove any legal disclaimers provided by Cofense that are present on any simulations or educational pages;
- share the Services and any associated Cofense IP and Cofense confidential information with any third-parties, except as expressly authorized in advance by Cofense in writing;
- use the Services and Cofense IP in any way to provide services to any third-party;
- disassemble, decompile, reverse compile, reverse engineer or attempt to discover any source code or underlying ideas or algorithms of the Services and any Cofense IP (except to the limited extent that applicable law prohibits reverse engineering restrictions solely for interoperability purposes);
- sell, resell, distribute, sublicense or otherwise transfer, the Services and any Cofense IP, or make the functionality of the Services available to any other party through any means (unless Cofense has provided prior written consent);
- reproduce, alter, modify or create derivatives of the Cofense IP (unless as expressly permitted in this Agreement);
- upload, submit, or use any image or other content via an AI Feature that Customer does not own or does not have the lawful right to use for the purpose of creating phishing simulation content, regardless of whether the content depicts an employee, a third party, or a public figure; and
- use an AI Feature to generate, or attempt to generate, content unrelated to legitimate security awareness training or phishing simulation purposes.
Intellectual Property Compliance
Authorized Users must comply with any Intellectual Property Rights asserted in any Cofense IP provided to Customer for the purposes of using with the Services. Authorized Users will maintain and not remove or obscure any proprietary notices on Cofense IP.
AI Feature Content
Where Customer uploads an image or submits a prompt to an AI Feature to create or customize simulation content, Customer represents and warrants that (i) it has all necessary rights and, where applicable, internal authorization or consent to use any image or likeness submitted, including images of its own employees or personnel, (ii) it will comply with its own internal policies and applicable law (including any employee privacy, image-use, or workplace consent requirements) when using employee likenesses in simulation content, and (iii) a designated Authorized User will review any AI-generated or AI-modified content prior to its use in a simulation sent to Customer’s employees. Customer is solely responsible for the content it uploads, the prompts it submits, and its decision to deploy any resulting content, subject to Cofense’s right to remove or disable access to content that violates this Policy.
AI Feature Data Use
Cofense will not use Customer-submitted images, prompts, or other content submitted to an AI Feature to train or fine-tune any AI model made available to other customers, except as otherwise disclosed to Customer in writing.
Remedies
Violation of this Policy may result in civil or criminal liability, and Cofense may, in addition to any other remedy that Cofense may have at law or in equity, terminate any permission for Customer and any Authorized User to access the Services or immediately remove the offending material. In addition, Cofense may investigate incidents that are contrary to this Policy.
Trademarks
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.
Changes to this Policy
Cofense reserves the right to update and modify this Policy at any time from time-to-time. Cofense will post the updated Policy at https://cofense.com/legal/aup and revise the date above. Continued use of the Services by Customer and its Authorized Users after such update or modification will indicate Customer’s acceptance of the updates and/or modifications to this Policy.