Terms and Conditions for Operating the Sensor ("Agreement")

By deploying and running the AttackPod software ("Sensor") provided by NetWatch ("Controller"), you ("Processor") agree to the following terms and conditions. These terms govern the processing of data collected through the Sensor in compliance with the General Data Protection Regulation (GDPR).

1. Definitions

1.1. Personal Data: Any information related to an identified or identifiable natural person as defined under GDPR Article 4(1).
1.2. Processing: Any operation or set of operations performed on Personal Data as defined under GDPR Article 4(2).
1.3. Data Subject: Any individual whose Personal Data is processed under this Agreement.
1.4. Sensor: The software provided by the Controller for collecting and forwarding data related to SSH brute-force login attempts.

2. Acceptance of Terms

By downloading, installing, configuring, or running the Sensor, you acknowledge and agree to be bound by this Agreement. If you do not agree, you must not deploy or operate the Sensor.

3. Purpose of Data Processing

3.1. The Processor agrees to process Personal Data collected by the Sensor solely for the following purposes:
Collecting data related to unauthorized SSH login attempts, including IP addresses, timestamps, and attempted usernames.
Forwarding this data to the Controller for analysis, reporting, and cybersecurity purposes.
3.2. The Processor acknowledges that the data is processed to enhance cybersecurity, mitigate brute-force attacks, and report malicious systems to relevant entities.

4. Obligations of the Processor

By operating the Sensor, the Processor agrees to:
4.1. Process Personal Data only as instructed by the Controller and outlined in this Agreement.
4.2. Maintain confidentiality of all data processed.
4.3. Implement technical and organizational measures to ensure the security of Personal Data, including:
Securing the Sensor software against unauthorized access.
Avoiding modifications that may compromise data security.
4.4. Notify the Controller immediately in case of:
A data breach,Unauthorized access or tampering with the Sensor.
4.5. Not share, transfer, or use the data collected for any purpose other than forwarding it to the Controller.

5. Obligations of the Controller

The Controller agrees to:
5.1. Process the data received from the Processor in compliance with GDPR and this Agreement.
5.2. Ensure transparency by providing information to Data Subjects if required.
5.3. Implement appropriate safeguards to protect the received data from unauthorized access or misuse.

6. Data Minimization

6.1. The Processor shall ensure that only the minimum necessary Personal Data is collected, limited to:
IP addresses,
Timestamps,
Attempted usernames,
Attempted passwords.
6.2. The Processor shall not store data locally beyond what is required for the Sensor’s functioning.

7. Term and Termination

7.1. This Agreement remains in effect for as long as the Processor operates the Sensor.
7.2. The Processor may terminate their participation at any time by ceasing to operate the Sensor.
7.3. The Controller reserves the right to terminate this Agreement if the Processor violates its terms.

8. Liability

8.1. The Processor shall be liable for any breaches of this Agreement or Applicable Data Protection Laws caused by their failure to comply with their obligations. 8.2. The Controller shall not be liable for any unauthorized use of the Sensor or data outside its intended purpose.

9. Governing Law

This Agreement shall be governed by the laws of Germany, and any disputes shall be subject to the exclusive jurisdiction of the courts of Germany.

10. Modifications

The Controller reserves the right to update these terms and conditions. Any changes will be communicated through the NetWatch website and take effect upon publication.