This SaaS Agreement (“Agreement”), dated and effective as of ____ ___, 2020 (the “Effective Date”), is entered into by and between ZibaSec, Inc., a Delaware corporation (“Provider”), and [insert customer legal entity name], a [insert state of formation] [corporation/limited liability company] (“Customer”). Each of Provider and Customer may be referred to as a “Party” and collectively, the “Parties”.
- Provider provides a software-as-a-service (SaaS) platform known as PhishTACO, which is a phishing simulation platform that enables customers to run phishing tests within their organizations that mimic current attacker techniques, thereby enabling those customers to gauge organizational risk from external phishing attacks, provide better training to employees and other users, and measure the effectiveness of their security awareness programs and technical controls.
- Customer desires to engage Provider to provide the Services (as defined below) in accordance with the terms of this Agreement.
- Provider desires to provide the Services in accordance with the terms of this Agreement.
In consideration of the mutual promises and covenants hereinafter set forth, the Parties hereto agree as follows:
For purposes of this Agreement, capitalized terms used herein shall have the meanings set forth in this Section or the meanings otherwise given to them in the main body of this Agreement or its Exhibits:
“Additional Services” means any professional or technical services provided by Provider as set forth in a SOW. Additional Services include, without limitation, any onboarding or implementation services from time to time made available by Provider.
“Applicable Laws” means any applicable law, rule, regulation or other government requirement.
“Authorized Users” means Customer’s employees and agents authorized to access the Services pursuant to the terms of this Agreement.
“Customer Materials” means any data, information, content, documents, files or other materials that Customer, its Authorized Users or its Customer Targets (i) upload, provide, input or transmit to the PhishTACO Platform or (ii) otherwise provide or make available to Provider related to the Services. Customer Materials include, without limitation, any names, email addresses, phone numbers, account information, or other information related to Customer’s Authorized Users and/or Customer Targets, as well as any email or message templates, landing pages or other content or materials that Customer uploads, provides, inputs or transmits to or via the PhishTACO Platform for use in connection with a Phishing Simulation.
“Customer Targets” means the total number of employees, agents or other individuals (as determined based on total number of unique email addresses) that may be the target of a Phishing Simulation being performed by Customer hereunder. The number of Customer Targets licensed by Customer is set forth on Exhibit A.
“Feedback” means any feedback from Customer or its employees, Authorized Users or Customer Targets related to their respective access to and use of the Services and/or participation in a Phishing Simulation, including without limitation, feedback on features or functionality, usability, specifications, architectural diagrams, APIs and related information, software or hardware compatibility, interoperability, performance, bug reports, test results and documentation requirements, and may also include suggestions or ideas for improvements or enhancements to the Services.
“Licensed Results” means the Phishing Simulation Results that do not include any Personal Information or that have been anonymized and/or aggregated so that no Personal Information is included therein.
“Permitted Use” means access to and use of the PhishTACO Platform solely for the purpose of (i) performing Phishing Simulations targeted at the number of Customer Targets set forth on Exhibit A, and (ii) collecting and reviewing data and analytics generated by the PhishTACO Platform related to such Phishing Simulations.
“Personal Information” means data that can be used to identify, contact, or locate a natural person, which may include but is not limited to, name, address, telephone number, e-mail address, online contact information (including, without limitation, an instant messaging user identifier or a screen name that reveals an individual’s e-mail address), account numbers (financial and otherwise), government-issued identifier (including, but not limited to, social security number) and any other data considered personal information or personal data under Applicable Laws (including, in some jurisdictions, IP addresses, and where applicable cookie information and mobile identifiers).
“Phishing Simulation” means a Customer-internal phishing simulation performed using the PhishTACO Platform and targeted at emails, messaging programs and platforms, social media accounts and other communication platforms and technologies, in each case as, and to the extent, supported by Provider from time to time.
“Phishing Simulation Results” means the data, information and results generated in connection with Phishing Simulations.
“Sensitive Information” means information that: (a) relates to an individual’s race or ethnicity, religious beliefs, sexual orientation, medical records, pharmaceutical prescriptions, social security numbers or financial account numbers or (b) is collected from children under the age of 13.
“Services” means, collectively, (a) access to and use of the PhishTACO Platform for the Permitted Use; (b) any Additional Services, and (c) any additional services provided by Provider hereunder.
“PhishTACO Platform” means Provider's proprietary software-as-a-service offering known as PhishTACO, and any related data, APIs, software, technology and/or software and platform specific related services that Provider may provide to Customer from time-to-time pursuant to the terms of this Agreement. For clarity, the PhishTACO Platform may be provided to Customer based on the particular subscription/feature level purchased by Customer, as well as any other special features or functionalities or use limitations specified on Exhibit A or otherwise from time to time offered through the PhishTACO Platform.
- PhishTACO Platform Right to Access and Use. During the Term (as defined below) and subject to the terms and provisions of this Agreement, Provider hereby grants to Customer a non-exclusive, non-transferable right to permit Authorized Users to access and use the PhishTACO Platform solely for the Permitted Use. Exhibit A attached hereto sets forth (i) Customer’s Service subscription level, (ii) the Customer internal organizations/business units within which the Phishing Simulations may be performed, (iii) the number of Customer Targets available to Customer during the Term, (iv) any additional paid PhishTACO Platform features or functionalities Customer shall receive, and (v) any additional Customer use limitations (in addition to restrictions set forth in this Agreement) or permissions.
- Authorized Users. Authorized Users shall be granted access to the PhishTACO Platform for the Permitted Use through issue of user names and passwords provided that such issuance shall only be for up to the number of Authorized User credentials set forth in Exhibit A. Customer shall be responsible for verifying the status of Authorized Users, updating such lists on a regular basis and providing any such lists to Provider upon request. Provider shall have the right to monitor use of the Services and user credentials. Customer and each Authorized User are responsible for maintaining the confidentiality of usernames and passwords. Customer agrees to immediately notify Provider of any unauthorized use of the Services of which Customer becomes aware. Each Authorized User accessing the Services shall be required to have a separate Authorized User account and sharing of accounts or passwords is not permitted.
- Support and Uptime. During the Term and subject to the terms and provisions of this Agreement, Provider shall use commercially reasonable efforts to provide Customer with the following support services for the Services: (i) reasonable telephone and/or e-mail support related to use of the Services from 9am to 5pm Eastern Time at the phone number and email address provided by Provider; (ii) technical support for any material errors or bugs in the Services comprising of (1) workarounds or (2) software patches and fixes for such errors or bugs, once Provider has determined that such error or bug is a fault in the Services; and (iii) any other support service offered to Customer by Provider from time to time which Provider may, at its sole discretion, designate as a support service. Support services shall not include any services related to any errors, bugs or issues resulting from: (a) any alteration or modification to the Services made by any person other than Provider; (b) minor defects in the Services which do not materially affect or impair the use of the Services; (c) any incorrect or improper use of the Services; (d) failure to implement Provider recommendations in respect of any solutions or workarounds to errors previously advised by Provider; (e) errors or problems caused, at least in part, by Customer Materials or any Authorized User or Customer Target inputs; and (f) the use of the Services for any purpose for which it was not designed (collectively “Exclusions”). Additional fees may apply to any services that Provider elects to provide related to the foregoing Exclusions. Provider shall use commercially reasonable efforts to ensure the PhishTACO Platform is available 99% of the time on a monthly basis on business days between the hours of 6am ET and midnight ET, provided however that the Services may be down due to: Exclusions, scheduled down-time for upgrades, repair and regular network maintenance, or other reason outside of Provider's control. Whenever possible, Provider shall perform schedule maintenance at times that minimize inconvenience to Customer. Provider shall use reasonable efforts to ensure that Provider’s servers have sufficient capacity and rate of connectivity to provide the Customer and Authorized Users with reasonable uptime. If the Services fail to operate in substantial conformance with the terms of this Agreement, Customer shall immediately notify Provider, and Provider shall promptly use reasonable efforts to restore access to the Services as soon as possible. Provider acknowledges and agrees that additional service fees shall apply in the event that Customer modifies or otherwise changes any of its Third Party Technology (as defined below) during the Term in a manner that requires Provider to provide any technical or consulting services in order to facilitate use of the Services with any new Third Party Technology.
- Requirements and Restrictions. Except as expressly set forth herein, Customer, its Authorized Users and its Customer Targets shall not: (a) copy the Services; (b) loan, rent, or lease the Services or otherwise transfer or assign the right to use the Services, including but not limited to posting or otherwise making the Services available on the Internet including as a service bureau or application service provider; (c) itself, nor permit or encourage others to, reverse engineer, decompile, decipher, disassemble, translate or otherwise decrypt or discover the source code of all or any portion of the Services; (d) modify, adapt or write or develop any derivative works based on the Services or use the Services in any manner except as expressly provided in this Agreement; (e) interfere with or disrupt the integrity or the operation of the Services; or (f) copy any features, functions, screens, interfaces or graphics of the Services. Under no circumstances shall Customer allow other commercial entities (including, without limitation, Customer’s affiliates (except wholly owned subsidiaries), customers, clients or business partners) to access or use the Services without Provider’s prior written consent. Customer covenants and agrees that it shall: (i) perform those tasks and assume those responsibilities required of it by Provider to provide the Services, including, without limitation, providing Authorized Users with equipment and/or Internet access to access and use the Services; (ii) comply with, and cause its Authorized Users to comply with, all Applicable Laws when using the Services; and (iii) ensure that only Authorized Users use the Services and only as intended and in accordance with the terms of this Agreement and any provided documentation. In addition Customer acknowledges and agrees that the Services may be subject to certain volume limitations and transmission and processing delays based on other customers use of the Services and that the execution of a Phishing Simulation may be delayed (or allocated over multiple days) in Provider’s sole discretion for such period of time as required for other customers to run previously requested Phishing Simulations or as limited by Provider’s third party service providers (e.g. the Services may be limited to 50,000 daily email transmissions, etc.).
- Modifications. Customer acknowledges and agrees that, from time-to-time, portions of, or functionality included in, the Services may be added to, modified, or deleted by Provider and that the Services may change over time. Provider may (but is not required to) expand or enhance the Services by providing additional features in the general course of Provider’s standard development model and offering road map (“Premium Features”). Customer acknowledges and agrees that certain Premium Features may be priced separately in Provider’s sole discretion and may not be included in the Fees set forth in Exhibit C and Customer may be required to pay additional amounts for such Premium Features (provided that all such additional amounts will be mutually agreed upon prior to Customer being charged therefor).
- Third Party Technology. Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, Internet access, desktop or laptop computers or other compatible devices, web browsers, browser extensions, etc. (collectively, “Third Party Technology”). Customer shall also be responsible for maintaining the security of the Third Party Technology, Customer accounts, passwords (including but not limited to administrative and user passwords) and files, and for all uses of any of the Customer accounts or the Third Party Technology with or without Customer’s knowledge or consent. In order for Customer to make full use of the Services, it may be necessary for Customer to use particular Third Party Technology and Customer shall be responsible for procuring and maintaining such Third Party Technology and complying with any requirements related thereto. If Customer is unable to access all or part of the Services because it does not have access to any necessary Third Party Technology, this shall not constitute a breach of this Agreement by Provider and Provider shall not be liable for any loss, damage or expense which may result from Customer’s inability to access the Services.
- Regulatory Compliance; Authority. Customer shall be responsible for compliance with any Applicable Laws related to Customer’s business, operations, activities and offerings (collectively, “Customer Offerings”), including, without limitation, that Customer’s use of the Service comply with all Applicable Laws and that Customer’s interactions with the Customer Targets via the Service complies with all Applicable Laws. Customer hereby covenants and agrees that it has all authority and permissions required to perform the Phishing Simulations and that it has and shall maintain all necessary consents, approvals and permissions (including, without limitation, any internal or employee policies) required for Customer to perform the Phishing Simulations contemplated by this Agreement, including without limitation as applicable to each of the Customer Targets. Without limiting the foregoing, Customer covenants and agrees that each of the Customer Targets has either expressly authorized Customer to perform such Phishing Simulations on Customer Target or such Customer Targets are required by Applicable Law or binding and enforceable Customer policy to be subject to Phishing Simulations.
- Project Management. The Parties shall cooperate in the full and prompt performance of this Agreement, and identify and attempt to resolve any obstacles or problems affecting such performance. As and to the extent set forth in a Statement of Work, the Parties shall hold periodic progress meetings in person or by telephone to discuss the status of the Services being performed thereunder and identify, discuss and resolve any obstacles or other issues encountered or anticipated. The Parties shall endeavor to have appropriate technical staff and other key representatives attend any such progress meetings.
- Customer Responsibilities. Customer agrees that, at all times during the Term, it shall: (i) perform those tasks and assume those responsibilities specified herein and in any applicable Statement of Work; (ii) upon Customer’s request, make available to Provider Customer personnel familiar with Customer’s business requirements related to the Services; and (iii) reasonably cooperate with Service Provider regarding the Services (collectively, the “Customer Responsibilities”). For the avoidance of doubt, Customer acknowledges and agrees that Customer shall be responsible for uploading, providing, inputting and transmitting to the PhishTACO Platform all Customer Materials (including any employee names, email addresses, phone numbers, account information, email or message templates, landing pages, etc.) associated with the Phishing Simulations performed by it hereunder, and such responsibility shall be considered a Customer Responsibility for purposes of this Agreement. Each Statement of Work shall also contain any assumptions of Customer for providing any Additional Services and/or additional responsibilities required of Customer for Customer’s performance of those Additional Services. Customer understands that Provider’s performance is dependent on Customer’s timely and effective satisfaction of Customer Responsibilities hereunder and timely decisions and approvals by Customer. Customer acknowledges that in the event it removes any specific Customer Target from the Services, all information and data related to such Customer Target shall be removed and deleted permanently.
- Platform Rules. Customer acknowledges and agrees that Provider may establish rules of behavior and/or an acceptable use policy or other similar policies or documents that outline how the Services may be used and any Authorized User’s requirements with respect thereto (collectively an “AUP”). This Agreement incorporates by reference the terms of any such AUP as set out on the Provider’s website or as provided to the Customer from time to time and Customer shall ensure that it and its Authorized Users comply with the terms of such AUP. Without limiting the AUP, Customer acknowledges and agrees that it must not, and will ensure each Authorized User does not: (i) use the Services to violate any legal rights of any person or entity in any jurisdiction; (ii) use the Services in relation to crimes such as theft and fraud; (iii) introduce malicious programs (e.g. viruses, worms, trojan horses, e-mail bombs) into the Services or into any Customer or any third party system (except in connection with Phishing Simulations being performed via the PhishTACO Platform in accordance with the terms of this Agreement); (iv) use the Services to make fraudulent offers of goods or services (except in connection with Phishing Simulations being performed via the PhishTACO Platform in accordance with the terms of this Agreement); (v) use the Services to carry out actual security breaches or disruptions of a network; (vi) use the Services with respect to any email domain or service provider other than those domains that Customer owns and/or fully controls and uses for its business operations (e.g. you may not send phishing to gmail addresses, etc.).
Customer acknowledges and agrees and hereby grants Provider any and all rights and licenses to: (i) access, use, process, display and manipulate any Customer Materials and any Provider equipment or Third Party Technology as necessary to provide, improve and monitor the Services; and (ii) display or use, in advertising or otherwise, Customer’s name, logo and trademarks, to provide the Services and to indicate that Customer is or was a customer of Provider. Additionally, Provider may use and Customer hereby grants Provider a fully paid-up, worldwide, perpetual, non-exclusive, irrevocable, sublicenseable right to use, copy, distribute, perform, and create derivative works of and otherwise modify and use the Licensed Results for any purpose, including, without limitation for internal or commercial purposes and for licensing to third parties (e.g. for purposes of providing general customer and industry reporting, and for use in and on the PhishTACO Platform, and in connection with Provider’s research and development activities, developing improvements to the PhishTACO Platform, and other future products developed by Provider, for sharing with industry organizations and their members, etc.). Notwithstanding the foregoing, Provider agrees that it shall only share the Licensed Results with third parties on an anonymized and/or aggregated basis.
Ownership; Customer Materials.
- Provider IP. Customer agrees that the Services and all Feedback is owned by Provider or its licensors, and is protected by U.S. and international intellectual property laws, and that Provider shall solely own and retain all right, title and interest to, including all intellectual property rights in, the PhishTACO Platform, the Services and Feedback. Customer agrees to assign and hereby does assign to Provider all of its right, title and interest in and to the Feedback, including all intellectual property rights therein. The Services and all Feedback shall be deemed the Confidential Information of Provider.
- Customer IP. Provider agrees that the Customer Materials and all Phishing Simulation Results are owned by Customer and is protected by U.S. and international intellectual property laws, and that Customer shall solely own and retain all right, title and interest to, including all intellectual property rights in, the Customer Materials and Phishing Simulation Results, subject to Provider’s license and use rights set forth in this Agreement.
- Customer Materials. Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, appropriateness, and copyright of all Customer Materials, and Provider assumes no responsibility for the deletion, correction, destruction, loss, infringement or failure of the Services to store any Customer Materials or Phishing Simulation Results. Provider reserves the right to establish a maximum amount of memory or other computer storage and a maximum amount of Customer Materials and Phishing Simulation Results that Customer (or its Authorized Users) may store, post, collect or transmit on or through the Services. Provider shall not be required to maintain a backup or copy of any Customer Materials or Phishing Simulation Results and Provider shall have no liability for any loss of Customer Materials or Phishing Simulation Results, whether caused by Provider, Customer, any third party service provider or any third party. Customer shall comply with local, national and international laws and regulations applicable to the transmission or storage of data and other materials and content through the Services. Customer shall be solely responsible for its actions while using the Services and the contents of its transmissions through the Services. Customer is solely responsible for ensuring that it (and its Authorized Users) has all rights necessary to provide the Customer Materials to Provider and the Services. Customer acknowledges and agrees that no transmission or hosting of information, data or content is 100% secure and there remains a possibility that Customer Materials and Phishing Simulation Results may be subject to unauthorized access by hacking, malware, systems breach or other unauthorized method and Provider shall have no liability relating to any such breach or access.
- Personal Information. If, during the course of receiving the Services, Customer sends, shares, delivers, provides or otherwise makes available to Provider any Personal Information from California Consumers (as defined in the DPA), then the terms of the Data Processing Addendum attached hereto as Exhibit D (the “DPA”). Without limiting anything in this Agreement, Customer (on its own behalf and on behalf of each Customer Target) acknowledges, covenants and agrees that (i) Customer may provide, and Provider may receive, certain Personal Information of Customer Targets as related to Customer’s use of the Services (e.g. name and email address) (the “Target Personal Data”); (ii) Provider may access and use any Target Personal Data for the purpose of providing the Services and facilitating the use thereof; (iii) Customer has all rights and licenses to provide the Target Personal Data to Provider hereunder has all; and (iv) in no event shall Customer provide, or shall Provider request, any Sensitive Information under this Agreement related to a Customer Target. All such Target Personal Data solely from California Consumers shall be subject to the DPA. Customer shall not use the Services in connection with any employee, agent or other individual who is a resident of any European Union member (or other country) that has adopted the General Data Protection Regulation (EU) 2016/679 (GDPR) or similar regulations.
- Fees and Payment Terms. Customer agrees to pay Provider the fees and amounts set forth in Exhibit C and/or any SOW with respect to the use of or provision of the Services hereunder. Except as set forth in Exhibit C or as agreed by the Parties in a SOW, Provider shall invoice Customer on a monthly or annual basis and Customer shall pay all such invoices within thirty days. In the event that payment has not been received by within 45 days of the applicable invoice date, then Provider reserves the right to block Customer's access to the PhishTACO Platform until payment is received or services have been terminated according to the terms of this Agreement.
- Taxes. Customer shall be responsible for all taxes associated with Services other than U.S. taxes based on Provider’s net income.
- Audit. Provider shall have the right and authority to monitor Customer's use of the Services electronically to ensure compliance with the terms of this Agreement. In addition, in the event that Provider has a reasonable belief that Customer is not in compliance with the terms of this Agreement, then Provider shall have the right to audit Customer's business, records and systems to ensure compliance with the terms of this Agreement. Provider shall provide ten days notice to Customer and such audit shall not unreasonably interfere with Customer's operations. In the event that a violation of this Agreement is found by Provider and such violation relates to an underpayment of fees, then, in addition to any other rights it may have, Provider shall invoice and Customer shall pay all underpaid fees plus interest at the rate of 1% per month plus the fees of such audit.
This Agreement shall commence on the Effective Date and shall expire on the one (1) year anniversary of the Effective Date (the “Initial Term”). The Agreement shall automatically renew on a yearly basis (each a “Renewal Term” and together with the Initial Term, the “Term”) until a Party gives the other Party at least 90 days notice prior to the end of the then-current Term of its intent to terminate this Agreement. A Party shall have the right to terminate this Agreement immediately (a) if the other Party breaches any material term or provision of this Agreement and such breach remains uncured thirty days after it provides written notice to the breaching Party of such breach, or (b) the other Party terminates its business activities or becomes insolvent, files for bankruptcy, admits in writing its inability to pay debts as they mature, makes an assignment for the benefit of creditors, or becomes subject to direct control of a trustee, receiver or similar authority. Upon termination of this Agreement access to the Services by the Customer and its Authorized Users will be terminated. Sections 6 through 13 shall survive and remain in full force and effect notwithstanding termination of Agreement.
- “Confidential Information” means any information disclosed previously or in the future by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”), either directly or indirectly, in writing, orally or by inspection of tangible objects (including without limitation documents, business plans, source code, software, documentation, specifications, mock ups, financial analyses, marketing plans, customer names, customer lists, customer data, product plans, products, services, inventions, processes, designs, drawings, engineering or hardware configuration information, know-how, trade secrets, or any other proprietary or business information), which is designated as “Confidential,” “Proprietary” or some similar designation, or other information, the confidential or proprietary nature of which is reasonably apparent under the circumstances. Confidential Information shall not, however, include any information which (i) was publicly known and made generally available in the public domain prior to the time of disclosure by the Disclosing Party; (ii) becomes publicly known and made generally available after disclosure by the Disclosing Party to the Receiving Party through no action or inaction of the Receiving Party; (iii) is already in the possession of the Receiving Party at the time of disclosure by the Disclosing Party as shown by the Receiving Party’s files and records immediately prior to the time of disclosure; (iv) is obtained by the Receiving Party from a third party without a breach of such third party’s obligations of confidentiality; or (v) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information, as shown by documents and other competent evidence in the Receiving Party’s possession. Moreover, it shall not be a breach of this Agreement for the Receiving Party to disclose to a court or other governmental body Confidential Information of the Disclosing Party which the Receiving Party is required by law to disclose to such entity, provided that the Receiving Party shall give the Disclosing Party written notice of such requirement prior to disclosure so that the Disclosing Party may seek a protective order or other appropriate relief. The Services shall be considered the Confidential Information of Provider without any further requirement of marking or designation.
- Non-Disclosure and Non-Use. The Receiving Party shall not disclose any Confidential Information of the Disclosing Party to third parties or to the Receiving Party’s employees, except those employees who require the information to perform obligations or exercise rights under this Agreement and who have signed a confidentiality agreement at least as protective of the Confidential Information of the Disclosing Party as this Agreement. The Receiving Party shall not use any Confidential Information of the Disclosing Party for any purpose other than for the purposes contemplated by this Agreement. The Receiving Party shall take all reasonable measures to protect the secrecy of and avoid disclosure and unauthorized use of the Confidential Information of the Disclosing Party. Without limiting the foregoing, the Receiving Party shall exercise the same degree of care to protect Confidential Information of the Disclosing Party as it does to protect its own highly confidential information of like nature, which shall in no event be less than reasonable care. The Receiving Party shall immediately notify the Disclosing Party in the event of any unauthorized use or disclosure of the Disclosing Party’s Confidential Information.
- Provider. Provider shall indemnify, defend and hold harmless Customer and its officers, directors, employees, agents, suppliers and customers from and against any and all third party claims, losses, damages, costs, expenses (including reasonable attorneys’ fees) or liabilities (collectively, “Claims”) relating to, or arising out of, any third party claim alleging that the PhishTACO Platform or any of the Services (but excluding any Customer Materials) infringes, misappropriates or violates the intellectual property rights or proprietary or privacy rights of a third party. Provider will not be responsible for any settlement it does not approve in writing, which approval shall not be unreasonably withheld. The foregoing obligations do not apply with respect to portions or components of the PhishTACO Platform or Services (i) not supplied by Provider, (ii) made in whole or in part in accordance with Customer specifications, (iii) that are modified after delivery by Provider, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s or an Authorized User’s or Customer Target’s use of the PhishTACO Platform or Services is not strictly in accordance with this Agreement and any provided documentation. If, due to a claim of infringement, the PhishTACO Platform or the Services are held by a court of competent jurisdiction to be or are believed by Provider to be infringing, Provider may, at its option and expense (a) replace or modify the PhishTACO Platform or Services to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (b) obtain for Customer a license to continue using the PhishTACO Platform or Services, or (c) if neither of the foregoing is commercially practicable, terminate this Agreement and Customer’s rights hereunder and provide Customer a refund of any prepaid, unused fees for the Services.
- Customer. Customer shall indemnify, defend and hold harmless Provider and its officers, directors, employees, agents, suppliers and customers from and against all Claims relating to, or arising out of, (i) Customer’s use of the Services or any acts or omissions related to use (including, without, limitation, claims by Customer’s employees, agents, Authorized Users, Customer Targets or unintended targets of a Phishing Simulation), (ii) any claims by any party related to Customer’s or an Authorized User’s or Customer Target’s acts, omissions, negligence or otherwise, (iii) any claim alleging that any Customer Materials infringes, misappropriates or violates the intellectual property rights or proprietary or privacy rights of a third party, (iv) any claim alleging that Customer does not have the right to access, use or process the Customer Materials, and (v) any gross negligence, willful misconduct or fraud of Customer, or (vi) any violation of any Applicable Law by Customer.
Limitation of Liability.
PROVIDER SHALL NOT BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, PUNITIVE, SPECIAL, EXEMPLARY OR INDIRECT DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF PROFITS, LOSS OF BUSINESS OPPORTUNITY, LOSS OF DATA OR CONTENT, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF SOURCE MEDIA AND/OR CUSTOMER MATERIALS, OR COSTS OF RECREATING LOST SOURCE MEDIA AND/OR CUSTOMER MATERIALS) ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER UNDER THEORY OF CONTRACT, TORT OR OTHERWISE, AND WHETHER OR NOT SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE TOTAL AGGREGATE AND CUMULATIVE LIABILITY OF PROVIDER ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL BE THE SERVICES FEES OWED BY CUSTOMER TO PROVIDER IN THE THREE MONTHS PRIOR TO SUCH CLAIM. CUSTOMER AND PROVIDER AGREE THAT ANY CAUSE OF ACTION ARISING OUT OF OR RELATED TO THE SERVICES OR THIS AGREEMENT MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES AND OTHERWISE SUCH CAUSE OF ACTION IS PERMANENTLY BARRED.
Disclaimer of Warranties.
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICES ARE PROVIDED TO CUSTOMER “AS IS” “WITH ALL FAULTS” AND WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND. PROVIDER EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, NON-INFRINGEMENT, QUIET-ENJOYMENT, ACCURACY, TITLE AND FITNESS FOR A PARTICULAR PURPOSE. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS AGREEMENT. NO USE OR DISTRIBUTION OF THE SERVICES IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. NO WARRANTIES ARE CREATED BY ANY COURSE OF DEALING BETWEEN THE PARTIES, TRADE USAGE OR INDUSTRY CUSTOM. PROVIDER SPECIFICALLY DISCLAIMS ANY REPRESENTATION AND WARRANTY THAT THE SERVICES WILL BE ERROR FREE OR WILL FUNCTION UNINTERRUPTED, THAT ANY ERRORS OR DEFECTS IN THE SERVICES CAN OR WILL BE CORRECTED, THAT ANY SUCH CORRECTION CAN OR WILL BE MADE IN A TIMELY MANNER, THAT THE SERVICES WILL OPERATE IN THE COMBINATIONS WHICH MAY BE REQUIRED OR WILL PRODUCE THE RESULTS REQUIRED. PROVIDER SPECIFICALLY DENIES ANY RESPONSIBILITY FOR THE ACCURACY OR QUALITY OF THE INFORMATION OBTAINED THROUGH THE SERVICES OR FOR THE TIMELINESS OF REPORTS OR ALERTS BASED ON SUCH INFORMATION. PROVIDER DOES NOT WARRANT THAT THE SERVICE WILL MEET CUSTOMER'S SPECIFIC REQUIREMENTS, AND WE RECOMMEND THAT YOU CHECK AND CONFIRM THE ACCURACY OF ANY INFORMATION YOU OBTAIN FROM THE SERVICES PRIOR TO USING IT OR RELYING ON IT IN WHATEVER FORM. THE SERVICE IS PROVIDED TO CUSTOMER ONLY AS A TOOL TO HELP CUSTOMER MONITOR AND ANALYZE CYBER SECURITY READINESS AGAINST PHISHING ATTACKS AND DOES NOT PROVIDE ANY ACTUAL SECURITY FEATURES OR FUNCTIONALITY TO PROTECT AGAINST PHISHING OR OTHER INTRUSION OR MALICIOUS EVENTS.
The relationship between the Parties is that of independent contractors. This Agreement will not create or be deemed to create any agency, partnership or joint venture between the Parties. Nothing in this Agreement shall preclude Provider from providing services or products of any type to competitors of Customer. This Agreement constitutes the entire agreement between the Parties and supersedes any and all prior agreements and understandings between the Parties, written or oral, not incorporated herein with respect to the subject matter of this Agreement. This Agreement may not be changed unless mutually agreed upon in a writing signed by authorized representatives of both Parties. In the event any provision of this Agreement is found to be legally unenforceable, such unenforceability shall not prevent enforcement of any other provision of this Agreement. This Agreement shall be governed by the laws of the State of Delaware, without giving effect to its principles of conflict of laws. The Parties hereby irrevocably and unconditionally submit to the jurisdiction of state and federal courts in the City and County of Alexandria, Virginia. Neither Party shall assign this Agreement, or assign or delegate any of its rights or obligations pursuant to this Agreement (except as provided herein) without the prior written consent of the other Party. The Parties recognizes that a Party would suffer irreparable harm if the other Party breached its obligations under this Agreement and that monetary damages might not be adequate to compensate the non-breaching Party for any breach hereof. In the event of a breach or attempted breach of any of the provisions herein, the non-breaching Party, in addition to its other remedies, shall be entitled to specific performance and/or injunctive relief in order to enforce performance or prevent any violation of the provisions of this Agreement. If a suit or action is instituted in connection with any claim or controversy arising out of this Agreement, the prevailing Party shall be entitled to recover, in addition to costs, such sums the court may adjudge reasonable as attorneys’ fees. Provider shall not be responsible for any delay or failure in performance of any part of this Agreement to the extent that such delay is caused by reason of acts of God, wars, terrorism, revolution, civil commotion, acts of public enemy, embargo, acts of government in its sovereign capacity, or any other circumstances beyond the reasonable control and not involving any fault or negligence of the Provider. Waiver by any Party of strict performance of any provision of this Agreement must be in writing and signed by the Party adversely affected thereby. Such waiver shall not be a waiver, or prejudice the Party’s right to require strict performance, of the same provision in the future, or of any other provision. This Agreement may be executed in any number of counterparts. There shall be no force or effect to any different terms of any related purchase order or similar form even if signed by the Parties after the date hereof. For the purposes of 11 U.S.C. § 365(n), the Parties acknowvledge and agree that this Agreement constitutes a license grant of intellectual property in software form to Customer by Provider. Customer may not remove or export from the United States or allow the export or re-export of the Services, or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. As defined in FAR section 2.101, the Services and documentation are “commercial items” and according to DFAR section 252.227-7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement. The word “including” or any variation thereof means “including, without limitation” and shall not be construed to limit any general statement that it follows to the specific or similar items or matters immediately following it.