Terms & Conditions
DownloadEffective Date: 15 May 2025 · Version 1.0 · Ref: SAUP-15052025-110
Purpose
This policy aims to define the permitted and prohibited activities for all users of CEREBRA's Cybersecurity Learning Management System (LMS) — Infoshield — and Phishing Simulation Platform — PhishGuard. Its purpose is to:
- Protect the confidentiality, integrity, and availability of the Services.
- Ensure that all activities align with legal, regulatory (including Saudi NCA directives and PDPL requirements), and ethical standards.
- Provide clear rules to prevent misuse, abuse, and unintended harm.
The requirements in this policy are aligned with the cybersecurity requirements issued by the National Cybersecurity Authority (NCA) in addition to other related cybersecurity legal and regulatory requirements.
Scope
This Acceptable Use Policy ("AUP") applies to all:
- Customers (organizations subscribing to the Services)
- End-Users (employees, trainees, administrators, assessors)
- Third-party Contractors and Researchers
- Any other person or system accessing or interacting with the Services, APIs, or associated documentation
— whether accessed in the Kingdom of Saudi Arabia or internationally.
Definitions
- Service: The Infoshield LMS or PhishGuard Phishing Simulation platforms, including all web, mobile, API, integrations, and supporting infrastructure.
- Customer: An organization subscribing to the Service.
- End-User: An individual accessing the Service on behalf of a customer (e.g., employees, trainees, administrators).
- User Content: Data uploaded, submitted, or generated by Customers or End-Users (e.g., course materials, phishing templates, reports).
- Simulation: A controlled phishing campaign sent to End-Users as part of training exercises.
- Malware: Software or code designed to perform unauthorized or harmful actions, including viruses, worms, trojans, ransomware, spyware, adware, bots, and rootkits.
Policy Statements
General Requirements
- All users must comply with CEREBRA's Terms of Service, Privacy Policy, and Data Processing Agreement.
- Users must only access features, data and configurations for which they hold explicit authorization.
- All User Content must respect intellectual-property rights and must not violate any applicable law.
- Report any suspected unauthorized access or misuse immediately to support@cerebra.sa.
- All access and activity on the Services may be logged and monitored for compliance and security purposes.
- By accessing or using the Services, Users acknowledge that they have read, understood, and agree to abide by this AUP.
Infoshield Platform Use
Users may use the Services solely to:
- Deliver, enroll in and complete cybersecurity awareness and technical training courses.
- Upload, store and manage custom learning content, provided it does not infringe on third-party rights.
- Generate performance reports and analytics within their subscription-defined timeline and scope.
Users must not:
- Upload malware samples, exploit code, or any content intended to facilitate unauthorized access.
- Upload offensive, extremist, or otherwise illegal content as defined under Saudi or applicable international law.
- Use or process personal data beyond lawful and explicitly authorized business purposes, as governed by PDPL or equivalent regulations.
PhishGuard Platform Use
Users may use the Service solely to:
- Run phishing simulations against End-Users within your own organization or designated test accounts with documented consent.
- Conduct campaigns whose scope, timing, and content have been pre-approved by your internal compliance or HR teams.
- Use only approved templates or content you are authorized to distribute.
Users must not:
- Launch simulations against third-party domains, personal email addresses, or public users.
- Disclose campaign results outside authorized stakeholders or use them for punitive measures without an established HR policy.
Security Testing & Vulnerability Disclosure
No unauthorized scanning, penetration testing or red-team activities against the Services or infrastructure is allowed unless written pre-approval is granted by CEREBRA. We support responsible disclosure and commit not to pursue legal action against researchers who follow our Responsible Disclosure Guidelines in good faith.
Researchers discovering vulnerabilities must submit them via support@cerebra.sa.
General Prohibited Use
Under no circumstances shall Users engage in:
- Any activity that is illegal under Saudi law or applicable international law.
- Unauthorized vulnerability scanning, penetration testing, or red-team exercises.
- Decompiling, disassembling, reverse-engineering or otherwise attempting to derive source code.
- Initiating or facilitating DoS/DDoS attacks, brute-force login attempts, or any activity that degrades service performance.
- Transmitting or storing malware, viruses, trojans, spyware, worms, ransomware or other harmful code.
- Uploading content intended to compromise user endpoints or networks.
- Sending unsolicited bulk emails, messages or phishing links outside of authorized simulation campaigns.
- Harassing, abusive or discriminatory communications targeting any individual or group.
- Sharing credentials or session tokens with unauthorized parties.