Skip to main content
Conan O’Brien featured in series of 15+ AI security training modules

Terms and policies.

Email Security Product Addendum

Last Updated: 01/05/2026

This Email Security Product Addendum (“Addendum”) supplements and amends the Master Subscription Agreement (“MSA”) between TeamGuard AI, Inc. d/b/a Adaptive Security (“Adaptive”) and the Customer identified on the applicable Adaptive Order Form, on behalf of itself, its Affiliates, and its Authorized Users (collectively, the “Customer”). Capitalized terms not defined herein have the meanings given in the MSA. In the event of any conflict between this Addendum and the MSA, this Addendum shall control. This Addendum sets forth certain terms applicable the Email Security Products (defined below). Additional terms (including fees, usage limits, and subscription term) shall be set forth in one or more Order Forms (as defined in the MSA), which shall supplement this Addendum. To the extent any provision of the MSA conditions rights, obligations, or terms on the existence of an Order Form, this Addendum shall be deemed to satisfy such requirement with respect to the Email Security Products unless and until a separate Order Form is executed for the Email Security Products.

  1. Scope. This Addendum applies to Adaptive’s offering of email data security products and any Adaptive features or services that involve the automated scanning, analysis, or processing of Customer emails (collectively, the “Email Security Products”). Customer acknowledges that the Email Security Products involve the use of artificial intelligence and machine learning technology (collectively, “AI”).
  2. License to Email Security Products. The Email Security Products constitute part of the Platform for all purposes under the MSA. Adaptive hereby grants to Customer during the Email Security Term a non-exclusive, non-transferable, non-assignable (except as otherwise stated in the MSA) and non-sublicensable right and license to access and use the Email Security Products for Customer’s internal business purposes, subject to any usage limits set forth in an applicable Order Form, including to enable those Authorized Users to whom Customer elects to provide access to use the Email Security Products (each such Authorized User, an “Email Security User”). For the avoidance of doubt, the restrictions on Customer’s use of the Platform and Customer’s responsibilities set forth in the MSA apply to Customer’s access to and use of the Email Security Products.
  3. Term and Termination. The term of this Addendum shall commence on the date this Addendum is executed by both Parties and shall continue until the expiration of any Free Access Period (defined below) or any term set forth on an Order Form (“Email Security Term”).
    1. Free Access Period.During any period in which Customer accesses or uses the Email Security Products, as authorized by Adaptive, without having executed an applicable Order Form (“Free Access Period”), Customer may use the Email Security Products on an at-will basis, subject to the terms of this Addendum and the MSA. The Free Access Period shall expire upon the earlier of: (i) the execution of an applicable Order Form, or (ii) written notice of termination by either Party to the other Party.
    2. Order Form Period.Unless otherwise set forth in an applicable Order Form, each Order Form for the Email Security Products shall have an initial subscription term as set forth therein and shall automatically renew for successive periods of equal duration, unless either Party provides written notice of non-renewal to the other Party no fewer than thirty (30) days prior to the end of the then-current term (or such other notice period as may be specified in the applicable Order Form). Each Order Form may be terminated in accordance with the MSA. Upon expiration (including non-renewal) or termination of all applicable Order Forms, Customer’s right to access and use the Email Security Products under such Order Forms shall immediately cease.
  4. Fees. During any Free Access Period, no fees shall be due or payable by Customer for access to or use of the Email Security Products. To the extent an Order Form specifies fees, payment terms, a payment schedule, or other commercial terms for the Email Security Products, such terms shall govern and Customer shall pay all fees in accordance with the MSA and the applicable Order Form.
  5. Email Data Processing. Customer acknowledges and agrees that the Email Security Products will access and process emails sent to, from, or within Customer’s connected email environment, including incoming, outgoing, and internal emails (“Email Data”), including for the purposes of detecting, analyzing, and classifying, and seeking to remediate potential security threats and otherwise providing the Email Security Products. For the avoidance of doubt, Email Data constitutes Customer’s Confidential Information under the MSA and is subject to the confidentiality obligations set forth therein.
  6. Data Use Rights. In addition to the rights granted to Adaptive under the MSA with respect to Customer Information, Customer hereby grants Adaptive a non-exclusive, royalty-free, worldwide license to use Derived Data to:
    1. train, develop, and improve Adaptive’s internal AI models and algorithms;
    2. develop and maintain a global threat intelligence database to identify malicious patterns, sender behaviors, and attack techniques across Adaptive’s customer base; and
    3. improve, enhance, and develop Adaptive’s products and services, including Adaptive’s Platform, systems, tools, general threat intelligence, detection efficacy, protection against emerging threats, Email Security Products, and future security offerings.

For the avoidance of doubt, the license granted in this Section 6 does not extend to Raw Email Data (including email bodies, attachments, or metadata identifying individuals). Adaptive’s use of Raw Email Data is limited solely to providing and supporting the Email Security Products as described in Section 5 and Section 7, and subject to the retention limits in Section 9.

Derived Data” means any data generated by Adaptive’s processing of Email Data — including but not limited to statistical outputs (e.g., word counts or keyword frequency), vector embeddings, classifications and scores, intent-based signals (e.g., tone, urgency, or threat indicators), and other structured metadata (e.g., timestamps or file and link characteristics) — provided that such data does not identify Customer or any individual and cannot reasonably be used to identify Customer or any individual, or to reconstruct the underlying Email Data. For avoidance of doubt, Derived Data is not considered Customer Information.

Email Metadata” means structured data about a user's emails collected by the Email Security Products, including but not limited to: SMTP envelope data, email header fields (including subject lines), IP addresses, message routing paths, timestamps, authentication results (such as SPF, DKIM, and DMARC), and message technical specifications. Email Metadata does not include email body content or attachments.

Malicious Email Data” means Email Data that Adaptive (or the Email Security Products) identifies or reasonably suspects to be malicious, suspicious, fraudulent, or otherwise potentially harmful, including phishing, malware, business email compromise, social engineering, and similar attacks.

“Raw Email Data” means unprocessed Email Data (excluding Malicious Email Data), including email bodies, headers, Email Metadata, and attachments, prior to aggregation, anonymization, or derivation.

  1. Malicious Email Use for Security and Improvement.
    1. Customer acknowledges and agrees that Adaptive may retain, analyze, review, annotate, and otherwise process and use Malicious Email Data as necessary to detect, investigate, remediate, and prevent security threats, and to improve Adaptive’s detection capabilities, including training, developing, and improving Adaptive’s internal AI models and algorithms, and developing threat intelligence, in each case subject to Section 8 of this Addendum.
    2. To the extent any malicious email is subsequently confirmed to be legitimate and not malicious by Customer via marking the email as “Safe” using settings in the Adaptive Security Products (“Re-Classified Email”), Adaptive shall treat such Re-Classified Email as Email Data and Raw Email Data (as appropriate) and restrict such Re-Classified Email from any uses not otherwise provided for herein. Adaptive will use commercially reasonable efforts to implement such changes to email classifications within sixty (60) days. Notwithstanding the foregoing, Customer may, at its sole discretion, elect to permit Adaptive to retain and use Re-Classified Email (including for the purposes described in Section 7(a)) by affirmatively opting in through settings in the Adaptive Security Products. Customer may withdraw such consent at any time through the same settings, and upon withdrawal, Adaptive will cease further use of such Re-Classified Email for purposes beyond those permitted for Email Data and Raw Email Data within sixty (60) days of such withdrawal.
  2. Data Safeguards.
    1. When exercising the rights granted under this Addendum, Adaptive shall:
      1. implement commercially reasonable technical and organizational measures to protect Email Data, including encryption in transit and at rest;
      2. not sell Email Data to third parties;
      3. when using third-party large language model providers, use only services that do not retain Customer data for training purposes (i.e., “zero data retention” providers);
      4. not use Raw Email Data (including email bodies and attachments) for training AI models, except as expressly permitted for Malicious Email Data under Section 7, or as otherwise instructed by Customer pursuant to customer-specific AI model offerings from Adaptive;
      5. limit internal access to Raw Email Data to personnel with a need-to-know basis for providing and supporting the Email Security Products.
    2. Adaptive may use service providers (including hosting, observability, security operations, and support providers) to process Email Data solely to provide and improve the Email Security Products, subject to the terms of this Addendum.
  3. Data Retention.
    1. Derived Data. Adaptive may retain Derived Data after the expiration or termination of the Addendum, subject to applicable Data Protection Laws.
    2. Raw Email Data. Adaptive will delete or de-identify Raw Email Data (including email bodies and attachments, but excluding Malicious Email Data and Email Metadata within fourteen (14) days of processing, unless a longer retention period is required for (i) Adaptive’s customer-specific AI model services requested by Customer; (ii) an active security investigation, or (iii) by applicable law. During the retention period, Raw Email Data will be used solely to provide the Email Security Products and support active security investigations, in each case subject to Section 8 of this Addendum.
    3. Malicious Email Data. Adaptive may retain Malicious Email Data for up to one hundred eighty (180) days following detection to support investigation and improvement of security detections.
    4. Email Metadata. Adaptive may retain Email Metadata for up to one hundred eighty (180) days for security analytics and threat intelligence purposes, after which it will be deleted or de-identified.
  4. Customer Data Deletion Rights.
    1. Deletion Requests. Customer may request deletion of its Raw Email Data, Email Metadata, and/or Malicious Email Data at any time by submitting a written request to Adaptive at the designated contact address (or such other method as Adaptive may provide).
    2. Deletion Timeline. Adaptive will use commercially reasonable efforts to delete the requested data within thirty (30) days of receiving the request, and will provide written confirmation of deletion upon completion.
    3. Exceptions. Adaptive is not required to delete data to the extent that retention is: (i) required by applicable law, regulation, or legal process; (ii) necessary for an active, documented security investigation; or (iii) technically infeasible (e.g., data already incorporated into Derived Data).
    4. Termination. Upon expiration or termination of this Addendum, Adaptive will delete all Raw Email Data, Email Metadata, and Malicious Email Data within sixty (60) days, subject to the exceptions in Section 10(c).
  5. Customer Representations and Obligations.Customer represents, warrants, and covenants that: (a) it has obtained, and shall maintain throughout the Email Security Term, all rights, consents, and authorizations required under applicable laws to access and use the Email Security Products as contemplated by this Addendum, including Adaptive’s processing of any Email Data in connection therewith; (b) it has the legal authority to collect, transmit, and make available Email Data to Adaptive as contemplated by this Addendum, including under all applicable privacy, data protection, and employment laws, rules and regulations; (c) it is solely responsible for providing all required notices to, and obtaining all required consents from, its Email Security Users regarding Customer’s use of the Email Security Products, including the collection and transmission of Email Data; and (d) its use of the Email Security Products shall comply with all applicable laws in each jurisdiction in which the Email Security Products are used or deployed.
  6. Disclaimers Regarding Email Security Products. Customer acknowledges and agrees that the Email Security Products rely on automated detection methodologies, including AI-based classification and risk scoring, which may produce false positives (e.g., incorrectly identifying an email as malicious) or false negatives (e.g., failing to identify actual malicious emails). ADAPTIVE SHALL NOT BE LIABLE FOR ANY LOSSES ARISING OUT OF OR RELATED TO (I) ANY FALSE POSITIVE OR FALSE NEGATIVE OR (II) ANY FAILURE OF THE EMAIL SECURITY PRODUCTS TO DETECT, PREVENT, OR REMEDIATE ANY SECURITY THREAT, MALICIOUS EMAIL, OR DATA EXPOSURE.
  7. Indemnification.Customer shall indemnify, defend, and hold harmless Adaptive and its affiliates, and each of their respective officers, directors, consultants, contractors, agents, attorneys, and employees from and against all Losses arising out of any Action resulting from: (a) Customer’s breach of its representations, warranties or covenants in this Addendum; or (b) Customer’s use of the Email Security Products.
  8. Survival. The licenses granted in this Addendum shall survive termination or expiration of this Addendum solely with respect to Derived Data generated prior to such termination or expiration. In addition, any provisions of this Addendum that by their nature or terms are intended to survive the expiration or termination of this Addendum shall so survive.
  9. General.Except as expressly modified by this Addendum, the MSA remains in full force and effect. In the event of any conflict or inconsistency between this Addendum and any other addendum, program terms, or supplemental agreement governing Customer’s participation in alpha, beta, preview, or early access programs (including any Feature Preview Program Addendum), this Addendum shall control with respect to all matters relating to the provision, operation, and use of the Email Security Products, including any processing, use, retention, and deletion of data in connection therewith. In the event of any conflict or inconsistency among the MSA, this Addendum, and an applicable Order Form for the Email Security Products, the order of precedence shall be: (a) the Order Form, (b) this Addendum, and (c) the MSA, in each case solely to the extent of such conflict or inconsistency. This Addendum may be executed in counterparts.