PLEASE READ THESE TERMS CAREFULLY BEFORE PROCEEDING
These Customer Terms of Service (“Customer Terms”) govern the terms on which Pistachio AS, reg. no. 929 575 717, Sandakerveien 114A, 0484 Oslo, Norway (“Pistachio”) makes the Pistachio Platform available to customers (“Customer”). These Customer Terms apply to all Customers, whether access is obtained directly from Pistachio or through a Pistachio partner. By signing an Order Form or Special Arrangement referencing these Customer Terms, or by accessing the Pistachio Platform, the individual doing so confirms they have authority to bind the Customer as a legal entity, and that the Customer has read, understood, and accepted these Customer Terms. If you have any questions before accepting, please reach out to us — we are happy to help.
1. DEFINITIONS
| Term | Definition |
|---|---|
| "Data Processing Agreement" | Pistachio's standard data processing agreement governing Pistachio's processing of personal data on behalf of the Customer, available at pistachioapp.com/data-processing-agreement. Where Pistachio has entered into a separate data processing agreement based on the Customer's template, that agreement shall apply in place of the standard form. |
| "Effective Date" | The effective date of the Customer's subscription, as set out in the Order Form or Special Arrangements or, where access is obtained through a Pistachio partner, the effective date agreed between the Customer and that partner. |
| "Initial Term" | The initial subscription period specified in the Order Form or Special Arrangements. |
| "Intellectual Property Rights" | All intellectual property rights worldwide, whether registered or unregistered, including patents, copyright, trademarks, service marks, trade secrets, database rights, design rights, and know-how. |
| "Order Form" | The order form issued by Pistachio as accepted by the Customer, setting out the Products subscribed to, the number of licensed Users, and the applicable fees. |
| "Pistachio Platform" | Pistachio’s cloud platform through which the Products are made available to the Customer and its Users. |
| "Practice" | Pistachio’s automated cybersecurity awareness training software. |
| "Presence" | Pistachio’s AI-driven insider threat detection tool. |
| "Products" | The Pistachio Platform, including Practice, Presence, and any other features and products made available through the Pistachio Platform from time to time. |
| "Renewal Period" | Each period following the Initial Term for which these Customer Terms automatically renew, equal in duration to the Initial Term unless otherwise agreed in the Order Form or Special Arrangements. |
| "Signing Date" | The date on which the Customer signed an Order Form or Special Arrangement referencing these Customer Terms, or, where access is obtained through a Pistachio partner, the date on which the Customer signed or accepted the relevant agreement with that partner. |
| "Special Arrangements" | Any written addendum to the Order Form, or separate agreement signed with the Customer, supplementing or amending these Customer Terms. |
| "Subscription Term" | The Initial Term together with any subsequent Renewal Periods. |
| "Third Party Content" | Any data, information, or content, including trademarks, logos, software, or other Intellectual Property Rights, owned by a third party that is accessed by the Customer’s use of the Pistachio Platform. |
| "Users" | Means the individuals authorised by the Customer to access and use the Products, for whom Customer has purchased a subscription. Users may include employees, independent contractors, and agents of the Customer, provided they are acting on the Customer's behalf and within the scope of these Customer Terms. |
2. USE OF THE PISTACHIO PLATFORM
2.1 License grant. For the duration of the Subscription Term, and subject to the Customer’s compliance with these Customer Terms and any applicable Order Form or Special Arrangements, Pistachio hereby grants the Customer a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Pistachio Platform solely for the Customer’s own internal business purposes, and not for resale, redistribution, or publication. Rights to access and use the Pistachio Platform are licensed, not sold. To the extent the Pistachio Platform incorporates or makes use of third-party software or services, such components are subject to the terms of these Customer Terms and may only be used in connection with the Pistachio Platform and not independently.
2.2 Availability. Pistachio targets 99.9% availability of the Pistachio Platform, measured on a rolling 12-month basis from the Effective Date, excluding planned or emergency maintenance. Pistachio may perform such maintenance at any time and will endeavour to minimise disruption. Pistachio takes reasonable steps to keep the Platform secure, free from harmful components, and to correct major defects promptly. Any liability for interruption, suspension, or unavailability is subject to clause 6.
2.3 Restrictions. Except as expressly set out in these Customer Terms, neither the Customer nor any User may attempt, permit, or enable others to:
- sell, lease, rent, sublicense, copy, or provide access to the Pistachio Platform to any third party;
- use the Pistachio Platform unlawfully or in a way that infringes any third party’s rights, or upload, make available, or share any content that is unlawful, false, fraudulent, harmful, or defamatory;
- scan or test the vulnerability of the Pistachio Platform, or breach, disable, circumvent, or damage any authentication, security measure, or technical restriction;
- reverse engineer, decompile, or otherwise use the Pistachio Platform to develop, test, enhance, or calibrate any model, system, or software similar to any feature of the Pistachio Platform; or
- access or use the Pistachio Platform for purposes of monitoring its availability, performance, or functionality, for benchmarking or competitive intelligence purposes, or on behalf of a direct competitor of Pistachio.
2.4 Account security. The Customer is solely responsible for the security of its account credentials and for all activity under its account. The Customer must notify Pistachio immediately upon becoming aware of any unauthorised access or suspected account breach.
2.5 Platform data use. Pistachio may use data and content processed through the Pistachio Platform to provide and administer the Products, for service delivery purposes including analytics, troubleshooting, security monitoring, and improvement, and in aggregated and anonymised form for benchmarking and product development. For the avoidance of doubt, all personal data is processed solely in accordance with the Data Processing Agreement. The Customer warrants that it has obtained all authorisations required under applicable law before sharing any personal data with Pistachio.
2.6 Customer Data ownership. The Customer retains all right, title, and interest in and to all data processed through or generated within the Pistachio Platform by the Customer or its Users, including employee training records, simulation results, and audit log data processed through Presence. Pistachio will not use Customer data for any purpose beyond those set out in clause 2.5.
2.7 Product modifications. Pistachio may update, adjust, or improve any part of the Pistachio Platform at any time, provided that no such change will materially diminish the service level, material features, or performance already contracted for the duration of the Customer's active subscription.
2.8 Support. Pistachio's customer success team is here to ensure Customers realise the full value of our Products. Customers can reach out at any time through the Pistachio Platform or via the contact details on Pistachio's website.
3. SUBSCRIPTION TERM AND PRICING
3.1 Subscription Term. The Initial Term is as specified in the Order Form or Special Arrangements.
3.2 Renewal. These Customer Terms will automatically renew for successive periods equal to the Initial Term (each a “Renewal Period”), unless the subscription is terminated in accordance with clause 8.1 or otherwise is agreed in the Order Form or Special Arrangements.
3.3 Pricing. The price for the Products is as set out in the applicable Order Form or Special Arrangements.
3.4 Mid-term subscriptions. Where the Customer adds Products or Users during an active Subscription Term, Pistachio will align the new subscription to the existing anniversary date. A pro-rata charge will apply for the period from the activation date to the next anniversary date, after which the full annual fee applies. This ensures all Products are billed together on the same cycle and expire at the same time.
3.5 Invoicing. Unless otherwise stated in the Order Form or Special Arrangements, invoices are issued on the Effective Date and due within fourteen (14) calendar days of issue. Fees are based on licensed Users subscribed to, not actual usage. Invoice disputes must be raised in writing within fourteen (14) days of receipt, though obvious errors may be raised at any time. Pistachio may pass on any fees charged by vendor payment portals required by the Customer.
3.6 Discounts. Unless otherwise stated in the Order Form, any applied discount applies only during the Initial Term and reverts to the undiscounted rate upon renewal.
3.7 Price changes. Unless otherwise stated in the Order Form, Pistachio has the right to update pricing following the Initial Term on at least three (3) months' prior written notice, giving the Customer sufficient time to exercise its right of non-renewal under clause 8.1 before the new pricing takes effect.
3.8 Taxes. All amounts are exclusive of VAT or equivalent taxes. Norwegian VAT applies to Customers registered in Norway. Customers registered outside Norway are not charged VAT by Pistachio but are responsible for any applicable VAT or equivalent taxes in their own jurisdiction.
3.9 Late payment. If the Customer fails to make payment by the agreed time, Pistachio is entitled to: (i) charge interest on any overdue amount at a rate of 2% per month (or the maximum rate permitted by applicable law, whichever is lower); and (ii) suspend the Customer’s access to the Pistachio Platform on written notice until all outstanding amounts are settled.
3.10 Channel partner purchases. Where the Customer acquires access to the Pistachio Platform through a Pistachio partner, all payment-related terms as between the Customer and that partner will be set out in the applicable agreement between them. Any such agreement is solely between the Customer and the partner and shall not be binding upon Pistachio. Pistachio will not intervene in any commercial disputes arising from downstream pricing, credit risk, or invoicing arrangements between the Customer and its partner.
4. INTELLECTUAL PROPERTY
4.1 Ownership. The Customer acknowledges and agrees that all Intellectual Property Rights in the Pistachio Platform are under the sole and exclusive ownership of Pistachio and its licensors, and that nothing in these Customer Terms transfers or grants any rights in any Intellectual Property Rights related to the Pistachio Platform, other than the limited right to access and use the Pistachio Platform in accordance with these Customer Terms. The Customer must notify Pistachio of any infringement of Pistachio’s Intellectual Property Rights that comes to its attention.
4.2 Third Party Content. Pistachio may host Third Party Content accessible through the Pistachio Platform. All Intellectual Property Rights in such Third Party Content remain with their respective owners or licensors.
4.3 IP indemnity. Pistachio agrees to indemnify, defend, and hold harmless the Customer from and against any third-party claim that the use of the Pistachio Platform in accordance with these Customer Terms infringes or misappropriates third-party Intellectual Property Rights. This indemnity does not apply where the alleged infringement results from modifications made by or on behalf of the Customer or use of the Pistachio Platform in a manner not permitted by these Customer Terms.
5. CONFIDENTIALITY
5.1 Obligation of confidence. Pistachio shall hold in strict confidence any information the Customer shares in connection with these Customer Terms that is designated as confidential or that a reasonable person would treat as confidential, and shall not disclose it to any third party or use it for any purpose other than performing its obligations under these Customer Terms, unless required to do so by law or court order.
6. DISCLAIMER AND LIMITATION OF LIABILITY
6.1 Customer responsibility. The Customer is responsible for how the Customers and its licensed Users use the Pistachio Platform and for conclusions drawn from such use. The Products are not a substitute for professional legal, compliance, or security advice.
6.2 Warranties and liability. The Pistachio Platform is provided “as is” and “as available”, without warranties as to accuracy, reliability, or fitness for any particular purpose. Neither Party is liable for loss of profits, business, goodwill, or any indirect or consequential loss. Pistachio’s total liability is limited to the lower of fees paid in the twelve (12) months preceding the claim or NOK 100,000. Nothing in these Customer Terms limits liability for fraud, wilful misconduct, or any liability that cannot be excluded by law.
7. DATA PROTECTION
7.1 Pistachio as processor. Where Pistachio processes personal data on behalf of the Customer, Pistachio acts as a data processor. In such cases, unless a separate data processing agreement has been entered into on the Customer’s own template or as part of a Special Arrangement, Pistachio’s standard Data Processing Agreement applies and is incorporated into these Customer Terms by reference.
7.2 Pistachio as controller. Pistachio processes personal data of the Customer’s authorised contacts for its own business purposes as an independent data controller, including for billing, account management, security, analytics, and legal compliance.
7.3 Privacy Notice. Details of how Pistachio processes personal data in its capacities as processor and controller under clauses 7.1 and 7.2 are set out in Pistachio’s Privacy Notice, available at pistachioapp.com/privacy-notice. The Privacy Notice forms part of these Customer Terms and the Customer is responsible for making its Users aware of it.
7.4 Security measures. Pistachio is ISO/IEC 27001 certified and takes appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or damage.
7.5 Presence notification requirements. Presence is subject to data protection and employment laws that vary by jurisdiction. Prior to activating Presence, the Customer should notify employees that monitoring is taking place and, where required by applicable law, carry out any necessary consultation with employee representatives or works councils. Some jurisdictions may impose additional requirements. Pistachio's customer success team is here to guide the Customer on notification requirements and can assist with communication drafting. The Customer is solely responsible for legal compliance in connection with its use of Presence.
7.6 Breach notification. If either Party becomes aware of a personal data breach affecting the other Party’s data, it must notify the other Party promptly (and within the timeframe required by applicable law) and cooperate in responding to and mitigating the breach.
7.7 Data retention. Pistachio retains data as long as it has a need for its use or to meet regulatory or contractual requirements. Following termination of these Customer Terms, Pistachio will retain: (i) Practice data for twelve (12) months; and (ii) Presence data for sixty (60) days. After these periods, Customer data is permanently deleted.
8. TERM AND TERMINATION
8.1 Term. The Contract Term is governed by clause 3.1 (Subscription Term). The Customer may give written notice of non-renewal at least two (2) months before the end of the then-current term.
8.2 Termination for cause. Either Party may terminate these Customer Terms at any time upon reasonable belief that the other Party has materially breached any provision of these Customer Terms, provided that where the breach is capable of remedy, the terminating Party has given the other Party written notice of the breach and thirty (30) days to remedy it. Either Party may also terminate immediately by written notice if the other Party becomes insolvent, makes an arrangement with creditors, is subject to a formal insolvency process, or ceases to carry on business, or engages in fraud or wilful misconduct.
8.3 Suspension. Pistachio may suspend the Customer’s access to the Pistachio Platform immediately on written notice if Pistachio reasonably believes the Customer is in material breach of these Customer Terms or if continued access poses a risk to security or if the Customer is engaged in conduct that may expose Pistachio to legal liability. Pistachio will notify the Customer of the reasons for suspension and will lift the suspension promptly once relevant circumstances are remedied. Suspension does not limit Pistachio’s right to terminate under clause 8.2.
8.4 Consequences of termination. Upon expiry or termination of these Customer Terms, the Customer’s and its Users’ access to the Pistachio Platform ceases immediately. Pistachio will issue a final invoice for any outstanding amounts. Data retention following termination is governed by clause 7.7 (Data retention).
8.5 Survival. Termination does not affect rights or liabilities that have accrued before the termination date. Clauses 1 (Definitions), 4 (Intellectual Property), 5 (Confidentiality), 6 (Disclaimer and Limitation of Liability), 7 (Data Protection), 8.4 (Consequences of termination), 8.5 (Survival), and 11 (Compliance and Conduct) survive expiry or termination of these Customer Terms.
9. PUBLICITY AND MARKETING
9.1 Reference right. The Customer allows Pistachio to use its name and logo to identify it as a customer, including on our website and in marketing materials. Pistachio will follow any brand guidelines the Customer provides. The Customer may withdraw this permission at any time by written notice.
10. GENERAL PROVISIONS
10.1 Governing law. These Customer Terms are governed by, and construed in accordance with, the laws of Norway.
10.2 Dispute resolution. The Parties will attempt to resolve any dispute in good faith. If a dispute is not resolved within thirty (30) days of written notice, either Party may refer it to the Norwegian courts, with Oslo District Court (Oslo tingrett) as the court of first instance. Notwithstanding the foregoing, Pistachio reserves the right to bring proceedings to recover unpaid amounts before the courts of any jurisdiction in which the Customer has its registered or principal place of business, or in which it operates or holds assets.
10.3 Assignment. Pistachio may transfer its rights and obligations under these Customer Terms in connection with a reorganisation, merger, or sale of all or substantially all of its assets, without affecting the Customer’s rights. The Customer may not transfer or assign its rights or obligations under these Customer Terms without Pistachio’s prior written consent, except in connection with a merger, acquisition, or other transaction involving a change of control of the Customer, provided the transferee agrees to be bound by these Customer Terms.
10.4 Amendments. Pistachio may update these Customer Terms from time to time and will give at least two (2) months’ notice of any material changes (apart from price changes requiring three (3) months’ notice pursuant to clause 3.7), provided that no such change will adversely affect the Customer’s rights during the then-current Subscription Term. Updated terms will apply from the start of the Customer’s next Subscription Term. Customers who do not accept the changes may terminate in accordance with clause 8.2 (Termination for cause). Minor updates such as clarifications or corrections may take effect immediately.
10.5 Severability. If any provision of these Customer Terms is found to be invalid, unenforceable, or illegal, it will be modified to the minimum extent necessary to make it enforceable, or removed if modification is impossible. The remaining provisions continue in full force.
10.6 Notices. Notices under these Customer Terms must be sent by email to the address each Party has on record. Pistachio may also provide notices through the Pistachio Platform, which will be deemed received at the time they are made available in the Customer’s account.
10.7 Force majeure. Neither Party is liable for any delay or failure in performance caused by circumstances beyond its reasonable control, including acts of God, natural disasters, pandemic, war, terrorism, civil unrest, government action, or failure of third-party infrastructure. The affected Party must notify the other promptly and use reasonable efforts to minimise the disruption. Payment obligations are not excused by force majeure.
10.8 Waiver. A failure or delay to exercise a right or remedy does not constitute a waiver. A waiver of one breach does not waive subsequent breaches.
10.9 Entire agreement. These Customer Terms, together with any applicable Order Form and Special Arrangements, constitute the entire agreement between Pistachio and the Customer on their subject matter and supersede all prior discussions and agreements relating to the same subject matter. Where there is any conflict between these Customer Terms and on the other hand any Order Form and/or Special Arrangements, the latter prevail.
11. COMPLIANCE AND CONDUCT
11.1 Export controls and sanctions. The Products are subject to export control and sanctions laws, including those of Norway, the EU, and the United States. The Customer must not use, export, re-export, transfer, or disclose any part of the Products in violation of those laws, and represents that it is not located in, and will not access the Products from, any sanctioned country or territory (including Cuba, Iran, North Korea, Russia, Syria, and sanctioned regions of Ukraine), and that it is not owned or controlled by anyone on any sanctions list. These restrictions extend to all Users accessing the Pistachio Platform on the Customer’s behalf.
11.2 Conduct and culture. Pistachio is committed to fair, inclusive, and respectful dealings with everyone it works with, and expects its Customers to uphold the same standard. In all activities connected to these Customer Terms, each Party undertakes to treat all people with dignity and respect, regardless of race, ethnicity, gender, gender identity, sexual orientation, age, disability, religion, socioeconomic background, or any other characteristic. Neither Party shall engage in, encourage, or tolerate harassment, bullying, intimidation, or discrimination in any form.