Terms of Service
Last updated: April 2026
These terms of service (hereinafter "Terms") govern access to and use of the nophi.sh platform (hereinafter "the Platform"), published by NXT Initiative SAS (hereinafter "nophi.sh", "we"). By accessing the Platform or subscribing to our services, you accept these Terms in their entirety.
1. Publisher and Hosting
The Platform is published by: NXT Initiative SAS Share capital: €2,000 Registered office: 106 Rue de Patay, 75013 Paris, France RCS Paris B 818 451 114 — SIREN: 818 451 114 VAT number: FR17818451114 Publication director: Grégoire Mougeolle, President Contact: contact@nophi.sh The Platform is hosted in France by NXT Initiative SAS on ISO 27001-certified infrastructure.
2. Definitions
"Client": any legal entity subscribing to the Platform. "User": any individual authorized by the Client to access the Platform. "Platform": all services accessible via nophi.sh, including phishing simulation, automated training, and the AI email verification assistant. "Subscription": the service agreement for the Platform, according to the selected plan. "Data": personal and professional data processed in connection with the use of the Platform.
3. Service Description
nophi.sh is a phishing simulation and cybersecurity awareness platform for businesses. It provides: — Email phishing simulations with customizable scenarios — Automated micro-training awareness modules (3 minutes) — An AI email verification assistant for suspicious emails (verdict in 30 seconds) — Risk scoring dashboard and analytics — Compliance reporting (NIS2, ISO 27001, DORA) The AI assistant is a verification tool. It analyzes and provides a verdict on emails forwarded by employees. It does not autonomously block or filter any emails.
4. Registration and Account
Access to the Platform requires creating an account. The Client is responsible for: — The accuracy of information provided during registration — The confidentiality of login credentials — Creating and managing user accounts within the limit authorized by their subscription — All activity carried out from their account Exceeding the authorized number of users requires a subscription upgrade. nophi.sh reserves the right to suspend or terminate an account in case of inaccurate information or fraudulent use.
5. Subscriptions and Free Trial
nophi.sh offers several subscription plans (Starter, Pro, Enterprise) with monthly or annual billing. A 14-day free trial is available on the Pro plan. At the end of the trial, the subscription is automatically activated unless cancelled before the trial period ends. Subscriptions renew automatically at each billing cycle. For annual subscriptions, cancellation must be notified at least 30 days before the renewal date.
6. Pricing and Payment
Applicable prices are those displayed on the Platform's pricing page at the time of subscription. Prices are shown excluding taxes; applicable VAT is added at invoicing. Payment is made by SEPA direct debit or credit card via our payment provider Mollie. The Client must maintain a valid payment method for the duration of the subscription. Invoices are due within 30 days. In case of late payment, late payment interest at the ECB base rate plus 10 percentage points shall apply automatically, along with a flat-rate recovery fee of €40, in accordance with French Commercial Code articles L.441-10 and D.441-5. nophi.sh reserves the right to modify its pricing. Any modification will be notified to the Client and will take effect at the next billing cycle.
7. Acceptable Use
The Client and its Users agree to use the Platform in accordance with its intended purpose and applicable laws. The following are prohibited: — Using the Platform for actual phishing or fraudulent activities — Sending simulations to individuals outside the Client's organization — Any attempt at reverse engineering, decompilation, or source code extraction — Using bots, scripts, or automated tools to access the Platform — Any action intended to overload, disrupt, or compromise the infrastructure — Introducing malware or harmful code — Reselling, sublicensing, or making the Platform available to third parties Any breach of these obligations may result in immediate access suspension, without prejudice to legal proceedings.
8. Intellectual Property
The Platform, its source code, content (simulation scenarios, training materials, text, images, logos), and features are the exclusive property of NXT Initiative SAS and are protected by intellectual property law. The subscription grants the Client a non-exclusive, non-transferable right to access the Platform for the duration of the subscription. No license to the source code or intellectual property is granted. Feedback, suggestions, or comments provided by the Client may be freely used by nophi.sh for service improvement, without compensation or attribution.
9. Data Protection
The Client acts as data controller for its employees' data. nophi.sh acts as data processor within the meaning of the GDPR. Data processing is detailed in our privacy policy and, where applicable, in the data processing agreement (DPA) available upon request at contact@nophi.sh. Data is hosted in France on ISO 27001-certified infrastructure. No data is transferred outside of France. In case of a data breach, nophi.sh commits to notifying the Client within 48 hours of discovering the incident.
10. nophi.sh Obligations
nophi.sh commits to: — Providing a service consistent with the description and advertised features — Implementing reasonable means to ensure Platform availability — Informing the Client promptly in case of scheduled maintenance or incidents — Maintaining and updating the Platform (updates included in the subscription) — Processing personal data in accordance with the GDPR and applicable regulations Platform availability is provided on a best-effort basis, unless a specific service level agreement (SLA) is agreed upon as part of an Enterprise subscription.
11. Limitation of Liability
nophi.sh shall not be liable for indirect, incidental, or consequential damages resulting from the use or inability to use the Platform, including data loss, lost profits, or business interruption. The total liability of nophi.sh under these Terms is limited to the amounts actually paid by the Client during the 12 months preceding the event giving rise to the claim. These limitations do not apply in cases of gross negligence, wilful misconduct, or breach of mandatory legal obligations, particularly regarding personal data protection.
12. Force Majeure
Neither party shall be held liable for failure to perform its obligations in the event of force majeure, as defined by Article 1218 of the French Civil Code, including but not limited to: natural disaster, fire, pandemic, large-scale cyberattack, telecommunications network failure, or governmental or regulatory action. The affected party must notify the other party promptly and implement reasonable efforts to mitigate consequences. If the situation persists beyond 30 days, either party may terminate the contract without penalty.
13. Termination
In case of material breach by either party, the other party may terminate the contract after formal notice remains without effect for 30 days. In case of egregious violation (fraud, infrastructure attack, illegal activity), nophi.sh reserves the right to terminate access immediately without notice. If the Client terminates, no refund will be issued for the remaining period of the current subscription. If nophi.sh terminates for reasons not attributable to the Client, a pro-rata refund will be issued. Upon termination, the Client's data will be retained for 30 days and then deleted, unless a legal obligation requires otherwise.
14. Governing Law and Jurisdiction
These Terms are governed by French law. In case of dispute, the parties agree to seek an amicable resolution for 30 days from notification of the disagreement. Failing amicable resolution, the dispute shall be submitted to the exclusive jurisdiction of the Paris Commercial Court (Tribunal de commerce de Paris).
15. Amendments
nophi.sh reserves the right to amend these Terms. Amendments will be notified to the Client by email or via the Platform and will take effect at the next billing cycle. Continued use of the Platform after notification constitutes acceptance of the new terms. In case of disagreement, the Client may cancel their subscription before the amendments take effect.
16. General Provisions
If any provision of these Terms is declared null or unenforceable, the remaining provisions shall remain in full force and effect. Failure by nophi.sh to exercise a right or to act upon a breach shall not constitute a waiver of that right. These Terms constitute the entire agreement between the parties and supersede all prior agreements, whether written or oral, relating to their subject matter.
17. Contact
For any questions regarding these terms: NXT Initiative SAS 106 Rue de Patay, 75013 Paris, France Email: contact@nophi.sh