These Service-Specific Terms describe your access and use of the Cradlepoint hosted SD-WAN and security services (“NetCloud SASE”). Customer’s subscription is governed by these Service-Specific Terms and the Cradlepoint End User Agreement located at https://cradlepoint.com/legal/ (the “Agreement”). Capitalized terms used in these Service-Specific Terms and not otherwise defined herein have the meaning given to them in the Agreement. Customers must follow the configuration guidance in the technical documents.
- Description of Services
NetCloud SASE is a service delivery platform that enables the Customer to secure, connect, control, and observe any user or thing to any application traffic. Specific services include:- Secure Connect
- SD-WAN
- ZTNA
- Hybrid Mesh Firewall (HMF)
- AIOps
- Virtual Edge
- NetCloud SASE
NetCloud SASE provides the secure data plane and policy enforcement capabilities for Secure Connect to orchestrate agile networks from Cradlepoint routers in sites, vehicles, IoT, and remote workers to digital resources in the cloud, data center, and external sites. NetCloud SASE houses the common engines that power SD-WAN and subsequent security services at the network level. NetCloud SASE is only sold as an add-on to a NetCloud Manager subscription.NetCloud SASE provides connectivity for sites and users. Site connectivity includes an annual data capacity that can be applied to traffic flowing through a NetCloud SASE network. A site connected to a NetCloud SASE network will build a tunnel for each active WAN interface.User connectivity is licensed on a per-user basis and not based on data volume. Customer can monitor the actual usage of NetCloud SASE per-Network data capacity using NetCloud Manager. Customer will be alerted if the available capacity for one or more networks is low. IF CUSTOMER’S ACTUAL DATA USAGE CONSUMPTION EXCEEDS THE TOTAL PURCHASED VOLUME FOR ANY NETWORK BY 10% OR MORE, THEN CRADLEPOINT RESERVES THE RIGHT TO DISABLE CONNECTIVITY TO NETCLOUD SASE FOR THAT NETWORK.
- Secure Connect
VPN infrastructures for securely connecting sites, vehicles, IoT, and remote workers. Secure Connect reduces the attack surface by building undiscoverable network resources.Secure Connect integrates with certain Cradlepoint NetCloud Edge routing and security endpoints to establish encrypted connections through NetCloud SASE, enabling secure access to applications and resources in the cloud or data center. Not all NetCloud Edge routers are compatible with Secure Connect. Secure Connect is included with every NetCloud SASE site license and user license. If Customer does not maintain a NetCloud Manager subscription, Customer will not be able to use Secure Connect. - SD-WAN
SD-WAN delivers a software defined wide area network with a specific focus of optimizing traffic across redundant cellular providers and/or hybrid WANs. SD-WAN provides application, resource, and named resource traffic steering, traffic classification, and an application quality of experience (QoE) dashboard.Secure Connect, which requires NCX or NetCloud SASE, is a pre-requisite for the NCX SD-WAN service. If Customer does not maintain a NetCloud Manager subscription, Customer will not be able to use SD-WAN. SD-WAN licenses are offered on a per-device basis for supported Cradlepoint endpoint devices. - ZTNA
- ZTNA enables identification, assignment, and management of user-to-application access by leveraging policies, identity, and context information to grant users zero trust access to corporate resources. Instead of providing shared access to network segments, connections are defined to corporate resources and are only built upon authentication. ZTNA enables Customer to proactively maintain the security of Customer’s network with continuous verification. Customer defines all policies within the ZTNA service, and all policy decisions to accept or deny access occur within the NetCloud SASE service.
- ZTNA creates networks that apply zero-trust principles with no default network level access and secure data-plane and policy enforcement.
- Secure Connect service is a pre-requisite for the ZTNA service. If Customer does not maintain a NetCloud Manager subscription and either a Secure Connect site license or a Virtual Edge license, Customer will not be able to use ZTNA. ZTNA licenses are offered on a per-user basis for supported Cradlepoint endpoint devices. Cradlepoint may also require that Customer update to a minimum version of NCOS for the Service Gateway and participating endpoint devices.
- CUSTOMER ACKNOWLEDGES THAT SOME COUNTRIES REGULATE USE OF TECHNOLOGIES AND SERVICES THAT MONITOR INDIVIDUALS, WHICH MAY INCLUDE THE USE OF ZTNA. CUSTOMER IS SOLELY RESPONSIBLE FOR COMPLIANCE WITH ANY APPLICABLE LAWS AND REGULATIONS.
- ZTNA contains the Npcap OEM Windows packet capturing software (https://npcap.com) pursuant to a license agreement with Nmap Software LLC. Npcap OEM contains programming code from the Libpcap project (https://www.tcpdump.org) which is Copyright © by the TCPdump Group and its contributors. Npcap also incorporates code from the now-defunct Winpcap software (https://winpcap.org) which is Copyright © Netgroup, Politecnico di Torino, CACE Technologies, and the Regents of the University of California. In addition, Npcap contains an ieee80211_radiotap.h header file which is Copyright © David Young. Full license text and details for these 3rd party components are available in the Npcap-Third-Party-Open-Source.pdf file included with this program and/or available at https://npcap.com/src/docs/Npcap-Third-Party-Open-Source.pdf.
- Hybrid Mesh Firewall (HMF)
HMF is a centralized security policy management, enforcement, and monitoring solution for distributed enterprises. It includes application-aware policy using deep packet inspection, web filtering, and reputation services (to block or allow certain applications and web domains based on acceptable use policies and web reputation score), and threat management that offers continuous inspection for zero-trust traffic flows. Secure Connect is a pre-requisite for the HMF service. If the Customer does not maintain a NetCloud Manager subscription and a Secure Connect license, the Customer will not be able to use HMF. HMF licenses are offered on a per-device basis for supported Cradlepoint endpoint devices. Cradlepoint may also require that Customer update to a minimum version of NCOS for the Service Gateway and participating endpoint devices. Customer defines all policies within the HMF service, and all policy decisions to accept or deny access occur within the NetCloud SASE service. - AIOps
AIOps, together with other Services, leverages machine learning to assist the Customer in managing its network by using machine learning models to analyze network usage in real time and provide insights and metrics to Customer. AIOps is designed to give Customer insights about its network, but not to make decisions for Customer. AIOps is not a substitute for competent, human-led network management, and is intended only as part of the decision-making process used by Customer to manage its network in light of Customer’s various network needs and goals. By agreeing to the Agreement and using Services including AIOps, Customer acknowledges that Cradlepoint may use Cradlepoint Data and/or Customer Data for the purpose of the provision of AIOps solutions to Customer, including processing in machine learning model instances specific to Customer for the improvement of Customer’s Services, and Customer instructs Cradlepoint to process its Customer Data for such purpose. Customer further agrees to the use of all such data (in anonymized form only) by Cradlepoint for purposes of improving the Services generally and training machine learning models (including large language models and similar models) for general use and provision by Cradlepoint. The features of AIOps are constantly evolving and may be changed by Cradlepoint at any time, even if such change results in reduced functionality. By using or accessing the Services, Customer hereby grants to Cradlepoint, its Affiliates, and applicable licensors and service providers a worldwide, royalty-free, non-exclusive, irrevocable, sublicensable, limited right and license as necessary to carry out the actions set forth in this Section 7.AIOps also includes the AI NetCloud Assistant (ANA). ANA leverages AI technology (some provided by third parties) to provide Customer with basic technical assistance in the configuration and administration of certain Cradlepoint networking products (the “Purpose”). Customer acknowledges that, even if interactions with ANA may be perceived to be human-like, ANA is a chatbot which may at various times use generative AI such as large language models or similar technologies to generate its Outputs (as defined below) to Customer. Customer acknowledges and agrees that ANA may give different responses based on different prompts from Customer, including based on the tone and mood of Customer’s inputs. Customer acknowledges and accepts that ANA is not an agent of Cradlepoint and has no authority to bind Cradlepoint legally or contractually, and Customer shall not construe this Agreement to provide otherwise under any legal theory. Customer shall not input any personally identifiable data or Customer confidential information into the ANA Services. Customer acknowledges that generative AI technologies such as large language models are known to produce incorrect or biased information (sometimes referred to as “hallucinations”) and that such hallucinations may be present in Outputs. Customer shall not use ANA for any purpose other than the Purpose. Customer shall not engage in “jailbreaking,” “prompt engineering,” non-natural language inputs, or any other activity that may be expected to cause ANA to provide Outputs outside the scope of the Purpose. Customer understands that, in addition to being a breach of these terms, such activities may result in Outputs that are incorrect or even harmful to Customer’s network, and Customer accepts full responsibility for all such Outputs and misuse of ANA. Customer hereby acknowledges and accepts the statements regarding ANA set forth in this paragraph for all ANA chat sessions and usage instances.All text and other outputs generated or outputted by ANA (the “Outputs”) shall, as between the parties hereto, be owned by Cradlepoint. Cradlepoint hereby grants Customer, under all copyrights owned and licensable by Cradlepoint, a non-sublicensable, non-transferrable, global (except to the extent this Agreement or another agreement between Customer and Cradlepoint limits Customer’s use of the Services to one or more territories, in which case this license shall be limited to such territories), non-exclusive, limited copyright license to use the Outputs only with regard to the Purpose. Cradlepoint makes no representation about the ownership of the Outputs. All inputs to ANA from Customer are considered Customer Content.
NO WARRANTY FOR ANA SERVICES OR OUTPUTS. TO THE MAXIMUM EXTENT PERMITTED UNDER LAW (A) THE ANA SERVICES AND OUTPUTS ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND; AND (B) CRADLEPOINT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, RELATING TO THIRD-PARTY PRODUCTS OR SERVICES, INCLUDING THIRD-PARTY INTERFACES OR LARGE LANGUAGE MODELS, THAT MAY BE INCLUDED IN ANA. CRADLEPOINT EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE WITH REGARD TO THE OUPUTS AND ANA SERVICES, AS WELL AS ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING OR PERFORMANCE, OR TRADE USE. CRADLEPOINT DOES NOT WARRANT, AND DISCLAIMS THAT, THE ANA SERVICES OR OUTPUTS ARE ACCURATE, COMPLETE OR ERROR-FREE OR THAT THEIR USE WILL BE UNINTERRUPTED. REFERENCES TO A THIRD PARTY IN THE OUTPUTS MAY NOT MEAN THEY ENDORSE OR ARE OTHERWISE WORKING WITH CRADLEPOINT. CRADLEPOINT DOES NOT PROVIDE HUMAN REVIEW OR VALIDATION OF OUTPUTS, AND CUSTOMER IS RESPONSIBLE FOR REVIEWING AND VALIDATING ALL RECOMMENDATIONS FROM ANA PRIOR TO ACTING ON SUCH RECOMMENDATIONS.
- Virtual Edge
Virtual Edge is a virtual appliance that enables Customer to extend the Secure Connect service to applications that reside in the public cloud. The Virtual Edge license includes a Secure Connect site license and in the case of NetCloud SASE, an annual data capacity that can be applied to traffic flowing through a NetCloud SASE network. - Additional Disclaimer
CUSTOMER IS RESPONSIBLE FOR SECURING ALL ENDPOINTS, CONFIGURING ENCRYPTION OF DATA IN TRANSIT TO CRADLEPOINT AND NETCLOUD SASE, AND DEFINING ALL RULES AND POLICIES WITHIN NETCLOUD SASE. CRADLEPOINT DOES NOT REPRESENT OR WARRANT THAT NETCLOUD SASE WILL GUARANTEE THE SECURITY OF CUSTOMER’S NETWORK AT ALL TIMES. NEW THREATS, MALWARE, AND TECHNIQUES FOR OBTAINING UNAUTHORIZED ACCESS TO A NETWORK, DEVICES, AND DATA MAY DEVELOP AT ANY TIME. IF CUSTOMER USES NETCLOUD SASE TO ACCESS ANY CRIMINAL JUSTICE INFORMATION SERVICES, CUSTOMER RETAINS ALL RESPONSIBILITY TO COMPLY WITH APPLICABLE LAWS, REGULATIONS, AND REQUIREMENTS. - Geographic and Export Restrictions
Some services and features are not available to certain customers in certain countries, depending upon legal and regulatory restrictions relating to the handling of data and customer’s proposed use.