MXDR TERMS OF SERVICE
CyberSOC Managed Extended Detection and Response (MXDR)
TERMS OF SERVICE
Effective September 1, 2025
Note: Our updated Terms of Service will take effect on September 1, 2025. The current Terms of Service shall remain in effect and applicable prior to this date.
1. ACCEPTANCE
i. By registering for, accessing, or using Provintell Managed Extended Detection and Response (MXDR) Service (“Service”), you confirm your acceptance of the Terms of Service and your agreement to be a party of this binding contract. If you do not agree, you must refrain from accessing or using any part of our Service.
ii. Acceptance shall be deemed effective upon the earlier of: (a) your first productive use of the Service, including but not limited to platform login, initiation of data ingestion, access to alerts, or generation of reports; or (b) any other use that demonstrates operational engagement with the Service.
iii. You agree to the Terms of Service on behalf of the company or other legal entity for which you are acting (for example, as an employee) or, if there is no company or legal entity, on behalf of yourself as an individual. You represent and warrant that you have the rights and authority to act on behalf of and bind such entity (if any) and yourself. No acceptance shall be valid from any person lacking legal capacity, authorization, or who is prohibited under applicable law.
iv. Acceptance signifies your acknowledgment that the effectiveness and accuracy of the Service depend on timely telemetry delivery, scope declaration and collaboration. Any delays, misconfigurations, or third-party tool disruptions that inhibit service delivery do not negate acceptance or form the basis of any service-level failure.
2. DEFINITIONS
i. “PROVINTELL” means PROVINTELL Technologies Sdn. Bhd. and its affiliates (collectively known as “PROVINTELL”).
ii. “Subscriber” means the entity, organization, or individual that has entered into this Agreement and is purchasing or receiving the Managed Extended Detection and Response (MXDR) Service from PROVINTELL.
iii. “Service Operator” means the Local Reseller or Managed Services Partner with direct business assignation in providing the local customer support and consulting services to the Subscriber.
iv. “Service” refers to the Managed Extended Detection and Response (MXDR) solution provided by PROVINTELL to Subscriber, which includes threat detection, incident response, monitoring, correlation, reporting, and any other cybersecurity functions as defined in the Service scope or order form.
v. “Subscription Term” means the duration during which the Subscriber is entitled to use the Service, including the start and end dates, the scope of Managed Assets, and the applicable Service Level Agreement (SLA) as defined in the order form or subscription document.
vi. “Service Level” refers to the response time, availability commitment, and support provisions outlined in the Service Level Agreement, which governs PROVINTELL’s service obligations toward the Subscriber.
vii. “Managed Asset” means the Subscriber’s information systems, networks, endpoints, cloud environments, or other IT infrastructure components that are onboarded, monitored, or protected under the Service.
viii. “Observation” refers to the actionable threat intelligence information forwarded to Subscriber by CodeRed ASM Service that reports or provides on-line access to the information relating to any suspected and observed cyber security threats such as compromised hosts or vulnerable or open services with respect to the Managed Asset, as collected and filtered from third party threat sources.
ix. “Incident” refers to a confirmed or highly probable security event detected through continuous monitoring or investigation that indicates a breach, attempted intrusion, policy violation, malware infection, unauthorized access, data exfiltration, or other compromise impacting the confidentiality, integrity, or availability of the Managed Asset. Incidents may be escalated to the Subscriber via ticketing, alerting, or direct communication by the MSSP.
x. “Issue” refers to a known or potential security weakness, misconfiguration, or vulnerability identified during proactive vulnerability assessments, configuration audits, or compliance checks. Issues may relate to patching gaps, exposed services, outdated software, or control deficiencies that could elevate risk if not remediated.
xi. “Service Request (SR)” Tickets refer to formal requests submitted by the Subscriber for support related to incident response or compromise assessment, system support and maintenance, security testing and validation, threat mitigation and advisory, account activation, asset information updates, event query and analysis, professional services and service onboarding.
xii. “E-Support IMS System” refers to the Ticketing System used by Threat Responder App for security intelligence, incident management, security risk analysis of the Managed Assets and online customer support to the Subscriber.
xiii. “Threat Responder App” refers to the CodedRed ASM mobile application developed by PROVINTELL to provide mobile alerts, security dashboards, integrated ticketing system and live-chat services to the Subscriber and Service Operator.
xiv. “Subscriber Account” refers to the authenticated user credential assigned to the Subscriber or its authorized personnel for accessing the Threat Responder App.
xv. “Agent Account” refers to the user account used by PROVINTELL business and technical personnel including the Service Operator to login to E-Support IMS System for business support and service delivery operations.
xvi. “Confidential Information” means any non-public, sensitive, or proprietary data, documentation, or material disclosed by either party to the other, whether orally, in writing, electronically, or by visual or physical inspection, and whether marked confidential or not, which a reasonable party would understand to be confidential in nature.
xvii. “Intellectual Property Rights” refers to all forms of intellectual property protections and entitlements under applicable law, including but not limited to patents (including utility models), design rights, copyrights, trademarks, service marks, trade dress, domain names, chip topography rights, proprietary software rights, trade secrets, and any applications, registrations, or moral rights associated therewith, whether existing now or in the future, in any jurisdiction.
xviii. “Deliverable” means software, services and other goods or services specified under the Service.
3. RIGHT TO USE SERVICE
i. Subject to the terms and conditions of this Agreement and the timely payment of applicable Subscription Fees, PROVINTELL grants the Subscriber a limited, non-exclusive, non-transferable, non-sublicensable, and revocable right to access and use the Managed Extended Detection and Response (MXDR) Service solely for the Subscriber’s internal cybersecurity operations and only in relation to the Managed Assets identified and authorized under this Agreement.
ii. The Subscriber is permitted to utilize Observations, Incidents, and Issues reported or made available through the Service for the purpose of threat detection, incident response, risk mitigation, security hardening, and continuous improvement of its cybersecurity posture. The Subscriber retains sole discretion in determining whether and how to act upon such information and shall do so at its own risk and cost.
iii. The Subscriber shall not, and shall not permit any third party to: (a) access or use the Service in any manner not expressly authorized by this Agreement; (b) reverse engineer, decompile, disassemble, or attempt to derive the source code of any part of the Service; (c) reproduce, modify, adapt, publish, sublicense, lease, resell, distribute, or commercially exploit the Service or any portion thereof; (d) interfere with or disrupt the integrity, security, or performance of the Service or its underlying systems; or (e) use the Service in connection with any third-party assets or systems for which the Subscriber lacks lawful control or authorization.
iv. The Subscriber shall ensure that all information provided to PROVINTELL for account creation, asset onboarding, and ongoing service delivery is accurate, current, and complete. PROVINTELL reserves the right to suspend or terminate access to the Service if any material misrepresentation, omission, or breach of use is identified.
v. The Subscriber acknowledges and agrees that access to the Service is contingent upon the proper registration of Subscriber Accounts, the implementation of secure authentication measures (including multi-factor authentication), and the Subscriber’s adherence to acceptable use and security policies communicated by PROVINTELL from time to time.
vi. Subscriber understands that unless expressly agreed in writing, the Service does not include the creation or maintenance of bespoke business use case detection models or anomaly logic unique to internal workflows or operational policies.
vii. PROVINTELL reserves the right to suspend or terminate the Subscriber’s access to the Service, with or without prior notice, if the Subscriber engages in conduct deemed unlawful, fraudulent, abusive, harmful to PROVINTELL’s operations or reputation, or in violation of this Agreement.
viii. Threat Responder App integration with third-party tools is not included in the standard Service. Any such integration shall require a separate agreement under Professional Service.
ix. The right to use the Service shall commence on the date the first Subscriber Account is provisioned and shall continue for the duration of the Subscription Term, unless earlier terminated in accordance with this Agreement. Access will be suspended if renewal is not completed within thirty (30) days after expiry. Subscriber data will be retained for up to twelve (12) months post-expiry, after which it may be permanently deleted.
x. Subscriber may request early deletion of specific data by submitting a formal written request. Deletion is subject to approval and may incur administrative fees.
xi. The Subscriber acknowledges and agrees to be bound by this Agreement and PROVINTELL’s published Privacy Notice, available at https://provintell.com/privacy-notice/, which governs PROVINTELL’s handling of personal data in connection with the Service.
4. RESTRICTION OF USE
i. The Subscriber agrees not to access, use, or permit the use of the Service in any manner that violates applicable laws, regulations, or the rights of third parties. The Service may only be used for lawful purposes and solely in accordance with the scope expressly granted in this Agreement.
ii. The Subscriber shall not (and shall not permit others to): (a) Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service or any underlying software or system; (b) Copy, reproduce, modify, distribute, lease, license, sell, or create derivative works based on the Service or any part thereof; (c) Use the Service to transmit or store any infringing, defamatory, obscene, or otherwise unlawful or tortious material, or to violate the rights of any person or entity; (d) Interfere with or disrupt the integrity or performance of the Service or any data contained therein, including through unauthorized access attempts or security circumvention; (e) Use the Service to perform or assist with any form of unauthorized vulnerability scanning, penetration testing, or other forms of security evaluation without the express written consent of PROVINTELL; (f) Misrepresent identity or impersonate any individual or entity while using the Service.
iii. The Subscriber is strictly prohibited from using the Service to monitor or collect information from any asset or data source for which it does not have clear legal authorization or administrative control.
iv. Any violation of the terms stated in this section may result in immediate suspension or termination of Service without refund, and PROVINTELL reserves the right to pursue any applicable legal remedies.
5. ABOUT MXDR SERVICE
i. The Managed Extended Detection and Response (“MXDR”) Service provided by PROVINTELL Technologies Sdn. Bhd. (“PROVINTELL”) is a fully managed cybersecurity monitoring and incident response solution delivered through PROVINTELL’s 24x7x365 Security Operations Center (“CyberSOC”). This Service is designed to provide advanced threat detection, analytics, incident validation, and coordinated response actions based on continuous telemetry ingestion from Subscriber-designated data sources.
ii. The MXDR Service ingests and analyzes telemetry data across three primary data source categories, collectively forming the basis of security visibility: (a) Workload refers to telemetry derived from application and cloud service infrastructure, including but not limited to: Application firewall logs; Server and endpoint security platforms; and Cloud-based email security systems. (b) Workforce Assets refers to identity-centric and user-related infrastructure, including: Identity and access management systems; Endpoint email management; Patch management solutions; and Vulnerability management platforms. (c) Workplace Assets refers to physical and network infrastructure telemetry, such as: Firewalls; Routers; and Network switches.
iii. The MXDR Service is responsible for identifying and escalating Incidents, which are confirmed or high-confidence security events that may compromise the Subscriber’s environment. Examples of Incidents include unauthorized access, lateral movement, malware infections, and abnormal user activity.
iv. The MXDR Service operates in conjunction with the following integrated service modules: (a) CodeRed ASM Continuous Threat Exposure Management (CTEM), which provides Observations, defined as external-facing threat intelligence findings. These include but are not limited to phishing infrastructure, leaked credentials, dark web mentions and externally exposed misconfigurations associated with the Subscriber’s digital footprint. Brand protection services, including impersonation detection across social media, app stores, and phishing platforms, are not included unless the Subscriber explicitly subscribes to the applicable add-on modules. (b) Vulnerability Management (VM), which delivers Issues, defined as confirmed vulnerabilities, misconfigurations, or externally exposed services affecting the Subscriber’s internet-facing systems. The VM process is conducted every three (3) months and is limited to unauthenticated external assessments unless otherwise agreed in writing.
v. The resulting Incidents, Observations, and Issues are correlated, enriched, and escalated through PROVINTELL’s Threat Responder App and E-Support IMS System, which provide real-time dashboards, secured analyst communications, integrated ticketing, and incident reporting features to support Subscriber response workflows.
vi. The MXDR Service is delivered by PROVINTELL’s certified cybersecurity professionals and powered by proprietary detection logic and industry-leading platforms, including Stellar Cyber Open XDR. The Service delivery conforms to applicable international security standards, including ISO/IEC 27001:2022 and ISO/IEC 27017:2015.
vii. The detailed scope of the MXDR Service, including the number of Managed Assets, service level expectations, telemetry sources, and subscribed modules, shall be governed by the Subscriber’s Subscription Term. The Subscriber shall ensure uninterrupted data flow from all approved workload, workforce, and workplace assets, and shall promptly notify PROVINTELL of any material changes affecting telemetry or service scope.
viii. The effectiveness of MXDR services that rely on third-party telemetry integrations, including endpoint detection and response (EDR) solutions, is contingent on continuous and functional API access. PROVINTELL shall not be responsible for service degradation, alerting delays, or missed detections resulting from API outages, throttling, credential expiry, or data delivery failures originating from such third-party platforms.
ix. Risk classification of incidents and issues is based on industry frameworks and PROVINTELL’s internal threat modelling. Subscriber feedback may be considered, but final determination rests with PROVINTELL.
x. The standard MXDR service is designed to detect and respond to cyber threats based on threat intelligence, behavioural analytics, and risk indicators. Detection of custom internal business logic anomalies (such as process deviations, policy violations, or workflow-specific events) is not included unless explicitly scoped, defined, and subscribed to as part of a separate use case onboarding engagement.
xi. Root Cause Analysis (RCA) and forensic investigation services for critical or high-severity incidents are available through CodeRed-IR services, as detailed in Clause 6.
xii. While PROVINTELL applies commercially reasonable efforts to detect and respond to cyber threats in a timely manner, the Subscriber acknowledges that no cybersecurity service can guarantee complete threat prevention or detection. The Subscriber remains responsible for addressing security gaps resulting from incomplete telemetry, misconfigurations, or failure to remediate known exposures.
xiii. PROVINTELL reserves the right to improve, modify, or enhance the MXDR Service in accordance with industry best practices, threat intelligence trends, or regulatory updates, provided that such changes do not materially degrade the scope or quality of service as committed under the applicable Subscription Term.
6. PROFESSIONAL SERVICE
i. PROVINTELL may provide professional services in support of the MXDR Service (“CodeRed-IR Services”), which include, but are not limited to, root cause analysis (RCA), red teaming, tabletop exercises, phishing assessments, and cybersecurity awareness training.
ii. For all verified critical and high-severity incidents detected through the MXDR Service, the generation and delivery of a Root Cause Analysis (RCA) report shall be delivered exclusively through the CodeRed-IR Service, subject to the applicable CodeRed-IR terms and conditions and associated charges.
iii. The Subscriber shall be responsible for all applicable charges associated with CodeRed-IR Services on a time-and-materials basis, including any pre-approved out-of-pocket expenses reasonably incurred by PROVINTELL in the performance of such services.
iv. For any verified critical or high-severity incident detected under the MXDR Service, PROVINTELL will deliver a Root Cause Analysis (RCA) report through the CodeRed-IR Service framework, forming part of the standard incident response Deliverables.
v. Where included in the Subscriber’s plan or procured as an add-on, PROVINTELL may perform Takedown Services in support of brand protection or threat mitigation. This includes the reporting and facilitation of content removal from malicious websites, impersonation profiles, or fraudulent application listings. The scope, eligibility, and success of such Takedown Service may depend on the policies of third-party platforms and are subject to their respective cooperation.
vi. All takedown activities and their execution timelines are performed on a best-effort basis. PROVINTELL does not warrant the success or timeframes of takedown requests, as these are subject to the discretion of external service providers and platform operators. Further terms applicable to Takedown Services can be found at: https://provintell.com/coderedasm-terms-of-service/
7. ONLINE SERVICE ACCESS AND CUSTOMER SUPPORT
i. Online Service Access (via E-Support IMS System and Threat Responder App). PROVINTELL is responsible for the provisioning, activation, and administration of Subscriber Accounts via the E-Support IMS System in accordance with PROVINTELL’s Privacy Notice. The E-Support IMS System is used internally by PROVINTELL’s technical team for incident tracking and service delivery. Subscriber access may be provisioned when deemed necessary by PROVINTELL for incident tracking or escalation purposes.
ii. Threat Responder App Access. The Threat Responder App, a Progressive Web App (PWA) accessible via desktop and mobile, is made available to Subscribers to view the latest threat status updates, alerts, ticket history, and remediation progress. The Threat Responder App provides a centralized dashboard view with integrated live chat and secure ticketing functionality, offering direct communication between the Subscriber and PROVINTELL’s CyberSOC analysts.
iii. Online Technical Support (via E-Support Service). An internal platform accessed by PROVINTELL personnel (Agent Accounts) for ticket management, service orchestration, SLA enforcement, and incident tracking. Subscriber access to the E-Support IMS System is restricted and may be granted at PROVINTELL’s sole discretion based on operational necessity.
iv. Customer Support Channels. Subscribers may initiate or respond to support engagements using the following channels: Threat Responder App, Email, Instant Messenger, Scheduled Online Meetings (for escalated or review RCA)
v. System Uptime and Availability. PROVINTELL commits to maintaining a minimum system uptime of ninety-six percent (96%) for its Managed Extended Detection and Response (MXDR) service, measured on a monthly basis and excluding scheduled maintenance periods.
vi. Scheduled maintenance activities that may temporarily affect system availability shall be communicated to the Subscriber in advance through official channels. Such maintenance periods shall not be counted as downtime for the purpose of calculating uptime performance.
vii. PROVINTELL will implement reasonable measures to ensure continuous service availability and will promptly notify the Subscriber in the event of any unplanned service interruption, including periodic updates via the Service Request ticket and designated communication platforms.
viii. Weekly Customer Success Meeting. To ensure service alignment and transparent communication, PROVINTELL shall conduct weekly Customer Success Meetings with designated Subscriber stakeholders. The agenda may include incident reviews, ticket status updates, SLA performance, service request updates, and strategic advisory aligned to the Subscriber’s Security Operation Maturity Model SecOps goals.
ix. Incident Tickets are opened and managed by CyberSOC Level 1 Threat Responders based on detection of suspicious or malicious activities.
x. Issue Tickets are triggered by vulnerability scans or misconfiguration detections and handled by Level 2 Threat Analysts or Ethical Hackers.
xi. Ticket Resolution and Closure follow standard SLA commitments and require validation of threat eradication or remediation actions prior to final closure.
xii. Service Level Management. PROVINTELL CyberSOC is operating on 24x7x365 basis to provide the Service to Subscriber based on the following standard response and resolution time.
8. FEES AND TAXES
i. Payment Term. Subscriber shall pay PROVINTELL the Fees as specified in the accepted quotation or payment advice within ten (10) working days. Subscription fees must be paid in the same currency as indicated in the quotation and are exclusive of out-of-pocket expense. PROVINTELL is not responsible for pricing, typographical or other errs in any quotation and reserves the rights to cancel any orders resulting from such errors.
ii. Overdue Payment. If any applicable Fees are overdue, PROVINTELL reserves the right to suspend or automatically terminate the Service to the Subscriber without notice. Late payments may incur monthly interest charges of 1.5% per month or the maximum rate allowable by law, whichever is lower, along with any collection costs, including attorneys’ fees.
iii. Non-Refundable Policy. Fees shall not subject to any right of offset or suspension and all payment are non-cancellable, non-refundable and non-creditable.
iv. Taxes. Subscriber must pay to the relevant taxing authority for all taxes arising for this Serrvice subscription and the taxes should not be deducted from the payment to PROVINTELL.
9. CONFIDENTIALITY
i. PROVINTELL and Subscriber shall hold in confidence any confidential information received from another in connection with the performance of or access to Service. For purposes of PROVINTELL, this includes the identity of Subscriber and Managed Asset.
ii. The confidentiality obligation shall not be applied to any material or information:
a) that is generally available or otherwise public, other than if it is public through a breach of the Subscription or Terms of Service;
b) that the party has received from a third party without any obligation of confidentiality;
c) that was in the possession of the party prior to receipt of the same without any obligation of confidentiality related thereto;
d) that party has independently developed without using material or information received from the other party; or
e) that a party is obliged to disclose pursuant to applicable laws.
iii. All business and personal data, including accounts, finances, transactions, or any communications, shall be kept strictly confidential by PROVINTELL and its Subscriber.
iv. The parties agree not to use Confidential Information for their own benefit or in any way detrimental to the other party.
v. The confidentiality obligations outlined in this section shall survive the expiration or termination of the Service.
10. SUBSCRIPTION TERM AND TERMINATION
i. The right to use Service remains in effect throughout the Subscription term.
ii. Subscription commences on the date of Subscriber Account is available and the Service duration is depending on the type of subscription procured.
iii. Access to the Subscriber Account will be automatically deactivated or suspended if the Subscription is not renewed within thirty (30) days following the service expiry date. Subscriber and Managed Asset information will be permanently deleted from PROVINTELL systems after twelve (12) months from the service expiry date, if not renewed.
iv. Either party may terminate the applicable Subscription and the right to use Service granted therein, if the other party fails to cure a material breach within fourteen (14) days after written notice of such breach, provided that PROVINTELL may terminate the Subscription immediately upon any breach of Section 3 by Subscriber.
v. Additionally, either party may terminate the Service immediately if the other enters into compulsory or voluntary liquidation, ceases to carry on business, or takes or suffers any similar action that the other party reasonably believes will materially impair its performance under the Terms of Service Agreement. Upon termination, PROVINTELL’s obligation to provide Service will immediately terminate and Subscriber shall pay the full amount of any outstanding fees due.
11. EFFECTS OF TERMINATION
i. Upon termination of the Subscriber shall immediately cease using the Service. However, the termination shall not affect the right of Subscriber to continue the use of the delivered Observation.
ii. Termination of the Subscription shall not prevent either party from pursuing all available legal remedies, nor shall such termination relieve Subscriber’s obligation to pay all Fees and any other amounts due that are owed as of the effective date of termination.
iii. All provisions of these Terms, including but not limited to the provisions relating to the ownership of the Service, limitation of liability, disclaimers of warranties, confidentiality, audit and governing law and jurisdiction, shall survive the termination of the Subscription.
12. LIMITATION OF LIABILITY
i. Subscriber agrees that PROVINTELL shall not be liable to the Subscriber or any third party for any loss or damage arising directly or indirectly from the Service, including liability for special, punitive, incidental, pecuniary, or consequential losses, damage to software or data, business interruptions, or loss of profit, revenue, goodwill, or anticipated savings.
ii. Under no circumstances shall PROVINTELL’s liability under the Subscription exceed the Fees paid by Subscriber for the Service under the applicable Subscription.
iii. Subscriber agrees to indemnify and hold PROVINTELL harmless against and from:
a) Any act, omission, breach, non-observance, and non-performance by the Subscriber or its employees, agents, or vendors;
b) Any claim, damage, loss, or expenses due to or resulting from any negligence, wrongful act, or breach of duty on the part of the Subscriber or its employees, agents, or vendors;
c) Any and all claims and proceedings for or on account of infringement of any protected intellectual property rights related to or connected with the Service.
13. DISCLAIMER AND LIMITATION
i. The MXDR Service, including all threat intelligence, incident detection, alerts, reporting, dashboards, and support features, is provided on an “as is” and “as available” basis. PROVINTELL makes no warranties, express, implied, statutory, or otherwise. PROVINTELL specifically disclaims all implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.
ii. PROVINTELL does not warrant that the Service will detect, prevent, or mitigate all security incidents, vulnerabilities, or malicious activity. PROVINTELL does not guarantee that the Subscriber’s information systems will be free from unauthorized access, disruption, or damage. The Subscriber acknowledges and accepts that no cybersecurity service can provide absolute protection and that the Service is intended to support but not to replace the Subscriber’s internal security obligations.
iii. In no event shall PROVINTELL be liable to the Subscriber or any third party for any indirect, incidental, special, consequential, or punitive damages. This includes but is not limited to loss of profits, business interruption, loss of data, or costs of substitute goods or services, even if PROVINTELL has been advised of the possibility of such damages, and regardless of the theory of liability.
iv. The limitations and exclusions stated in this section shall apply to the fullest extent permitted by applicable law and shall survive the expiration or termination of this Agreement.
v. Subscriber acknowledges that data ingestion pipelines and alert forwarding mechanisms may be impacted by third-party systems, including EDR or cloud security platforms, and that PROVINTELL shall not be liable for discrepancies in detection or alert timelines caused by such external dependencies.
14. ASSIGNMENT
i. The Subscriber shall not assign, transfer, or delegate any of its rights or obligations under this Agreement without the prior written consent of PROVINTELL. Any such attempt without prior consent shall be considered null and void.
ii. PROVINTELL shall be entitled to assign or transfer this Agreement, in whole or in part, to any of its affiliated companies or to any third party in connection with a merger, acquisition, corporate restructuring, or transfer of any part of its business or assets, without requiring the consent of the Subscriber.
iii. This Agreement shall be binding upon and inure to the benefit of the parties and their respective permitted successors and assigns.
15. DISPUTE AND APPLICABLE LAW
i. This Agreement and all matters arising out of or in connection with it, including the provision and use of the Service, shall be governed by and construed exclusively in accordance with the laws of Malaysia, without regard to its conflict of laws principles.
ii. Any disputes, claims, or controversies arising out of or relating to this Agreement, including any question regarding its existence, validity, or termination, shall be subject to the exclusive jurisdiction of the courts of Malaysia.
iii. The governing law and dispute resolution provisions in this section shall apply to all claims brought against PROVINTELL in connection with the Service, regardless of the Subscriber’s location, and shall prevail unless mandatory local laws expressly override them.
16. PRIVACY AND DATA PROTECTION
i. Compliance with Privacy Regulations. PROVINTELL is committed to protecting the privacy and personal data of the Subscriber. All personal data collected or processed in connection with the Service shall be handled in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and the Malaysia Personal Data Protection Act (PDPA). PROVINTELL shall not use or disclose such data for marketing, profiling, or advertising purposes.
ii. Data Processing Agreement (DPA). PROVINTELL processes Subscriber’s personal data in accordance with applicable privacy regulations, including the General Data Protection Regulation (GDPR) and Malaysia’s Personal Data Protection Act (PDPA). Data collected during the provision of the Service is only used for the purpose of delivering the MXDR Service and will not be shared with third parties for advertising or marketing purposes.
iii. Data Retention Policy. Subscriber data, including system logs, telemetry, incident records, and account-related information, will be retained for the duration of the Subscription Term and for a period not exceeding twelve (12) months following termination or expiry of the Service. Thereafter, all retained data shall be securely and permanently deleted from PROVINTELL systems, unless retention is required by applicable laws or for legal defense purposes.
iv. Data Access and Confidentiality. Access to personal and Subscriber data is strictly limited to authorized personnel involved in the delivery and support of the Service. All such personnel are subject to confidentiality obligations and appropriate access controls to ensure data integrity and security.
v. In performing takedown services, PROVINTELL may submit domain-related or threat attribution information to relevant external platforms or authorities. No Subscriber PII shall be submitted without prior written authorization.
vi. Security Measures. PROVINTELL implements industry-standard technical and organizational measures to safeguard the confidentiality, integrity, and availability of personal and system data against unauthorized access, disclosure, alteration, or destruction.
17. INTELLECTUAL PROPERTY RIGHTS
i. Ownership of Service. The MXDR Service, including but not limited to its platform, software, scripts, rule logic, dashboards, threat models, documentation, incident playbook, designs, processes, reports, threat intelligence source, and all other materials and technologies provided by or on behalf of PROVINTELL, whether pre-existing, developed independently, or enhanced during the course of service delivery, are and shall remain the sole and exclusive property of PROVINTELL. Such materials may contain proprietary information and trade secrets protected under intellectual property laws, including copyright, trademark, and patent laws.
ii. License to Subscriber. Subject to the terms of this Agreement and full payment of applicable fees, PROVINTELL grants the Subscriber a limited, non-exclusive, non-transferable, and non-sublicensable license to access and use the Service solely for its internal cybersecurity and operational risk management purposes. No other rights are granted, whether expressly or by implication, and all rights not expressly granted herein are reserved by PROVINTELL.
iii. Subscriber Data Ownership and License. The Subscriber retains all ownership rights to its own data and content that is submitted, transmitted, or processed through the Service. However, the Subscriber grants PROVINTELL a non-exclusive, royalty-free, worldwide, and perpetual license to use, process, aggregate, and analyze such data solely for the purpose of delivering the Service, improving system performance, enhancing threat intelligence models, supporting security research, maintaining service quality and for other internal purposes. PROVINTELL shall not share Subscriber data with any third party except as required by law or as necessary for service delivery under confidentiality obligations.
18. VALIDITY OF AND AMENDMENT TO THE TERMS
i. These Terms are valid as of 1 September 2025 and remain in force until further notice.
ii. PROVINTELL is entitled to amend these Terms. PROVINTELL shall notify Subscriber in writing or electronically at least 30 days prior the effective date of the amendment. If the amendment has a material effect on Subscriber, Subscriber shall have the right to terminate the Subscription on the effective date of the amendment by providing PROVINTELL at least 15 days prior written notice, unless the amendment is attributable to changes in legislation or to authority decisions.