legal
End User License Agreement
Effective Date: November 1, 2021
PLEASE READ THIS THREATOLOGY END USER LICENSE AGREEMENT CAREFULLY. THIS IS AN IMPORTANT LEGALLY BINDING AGREEMENT.
This Agreement is entered into between Threatology, Inc. (“Threatology”, “SnapAttack”, “our”, “we” or “us”) and you or any entity or individual you are authorized to represent (collectively “Customer”, “you”, or “your”). All capitalized terms have the meaning defined below in this Agreement or if applicable, in the Order Form.
READ THIS AGREEMENT CAREFULLY BEFORE ACCESSING OUR PLATFORM OR USING OUR SERVICES. YOU MUST AFFIRMATIVELY ACCEPT THIS AGREEMENT BY CLICKING “ACCEPT” DURING REGISTRATION AND, IF APPLICABLE, PAY THE FEES AS SET FORTH IN THE ORDER FORM IN ORDER TO ACCESS OR USE OUR PLATFORM AND USE OUR SERVICES. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, OR IF YOU ACCEPT THE TERMS OF THIS AGREEMENT AND FAIL TO PAY ANY REQUIRED FEES, YOU MAY NOT ACCESS OR USE OUR PLATFORM OR USE OR SERVICES, AND WE RESERVE THE RIGHT TO TERMINATE YOUR USE OF THE PLATFORM AND SERVICES.
1. Definitions
- “Acceptable Use Policy” means the permitted uses of the Applications, guidelines for permitted Customer Content and requirements for compliance with the Digital Millennium Copyright Act (“DMCA”), all as specified on Threatology’s website at https://www.snapattack.com/acceptable-use-policy.
- “Affiliate” of a Party means (a) an entity that owns a controlling interest in such Party, (b) an entity in which such Party owns a controlling interest, or (c) an entity under common control with such Party. As used in this definition, the terms “controlling interest,” and “common control” mean the power to direct or cause the direction of the management and policies through ownership directly or indirectly, of stock, voting rights, contract, or otherwise. An entity shall constitute an Affiliate only for so long as they meet the requirements of the foregoing definition.
- “Agreement” means this EULA together with the applicable Order Form.
- “Analytic” means a search query, code, or other item intended to detect, identify, defuse, prevent, or mitigate a potential Incident.
- “Applications” means one or more Threatology software-as-a-service applications, including Community Edition, Enterprise Edition, and Service Provider Edition as described on the website available at https://www.snapattack.com, and any associated connectors to integrate the applications into on-premises Security Tools. Unless otherwise specified in this Agreement, all references to Applications with respect to Customer, shall mean only those Applications to which Customer subscribes pursuant to the Order Form, or if Customer does not enter into an Order Form with Threatology then “Application” shall refer only to the Community Edition.
- “Attack” means a command, code, or compiled binary that is executed on a computer system with the intent to compromise the confidentiality, integrity, or availability of said system.
- “Authorized User” means an employee or contractor of Customer who is authorized by Customer to access and use the Applications on Customer’s behalf.
- “Confidential Information” means a Disclosing Party’s information disclosed to the Receiving Party that is marked as “confidential” (or with a similar legend) or should reasonably be understood by the receiving Party to be confidential. Confidential Information does not include (a) information that was publicly available (whether for a fee or free) or in the possession of the receiving Party at the time of disclosure to the receiving Party, (b) information that subsequently becomes publicly available (whether for a fee or free) through no fault of the receiving Party, and (c) information that is independently developed with use of and reference to the disclosing Party’s Confidential Information.
- “Content” means any information about an Attack, Analytic, or Threat Information stored in the Applications. Content is further defined as Community Content, Subscription Content, and Customer Content, which has different usage restrictions as outlined in this EULA and the Acceptable Use Policy.
- “Commercial Use” means any activity in which you use our Applications or Services for financial gain. Commercial Use is not permitted under the community or enterprise license, but is permitted with a Subscription under the service provider licenses. See section 2.1 for additional details on licensing.
- “Community Content” means any information received, obtained, or derived from Customer and shared with the community or otherwise publicly available from third-party sources. Community Content is free to create, use, modify, and disseminate. By way of example and not limitation, Community Content is permitted for Internal Use by the Customer, and may be shared or distributed on third-party platforms such as Twitter or Github with attribution back to SnapAttack as the source.
- “Customer Content” means any information received, obtained, or derived from Customer through the Applications including information or data on Customer’s Infrastructure and its security such as Customer’s Threat Information.
- “Detection” means optional collection of Analytic hits by the Application for customers with configured integrations.
- “Disclosing Party” means a Party that discloses its Confidential Information to the Receiving Party for purposes of, or in connection with, and in accordance with this Agreement.
- “Documentation” means the user documentation, user guides and user instructions that we make available with respect to the referenced Application from time to time.
- “Effective Date” means the date specified in the applicable Order Form, except that with respect to the Community Edition, the date shall be the date that you have accepted the terms of this Agreement.
- “EULA” means this Threatology End User License Agreement and all policies, platform and service descriptions and service commitments incorporated from our website by reference herein.
- “Incident” means, without limitation, the successful introduction of or unsuccessful attempt to introduce malicious software such as Malware, bots, trojans, worms, viruses, and spyware; password phishing; cyber-attack; cyber-intrusion; hacking; data breach; unauthorized Infrastructure access; denial of service attack; or other Infrastructure security breach.
- “Infrastructure” means software, hardware, operating systems, computers, electronic storage, networks, systems, equipment, communications systems, databases and data warehouses, devices, and protocols, other systems and devices, and any other electronic or IT components or systems that are vulnerable to cyber exploitation.
- “Internal Use” means access to or use of the applicable Application, solely on the Customer’s behalf and for Customer’s benefit, for Customer’s internal information security purposes, such as improving information security of Customer including by creating a variation of an Attack or improving Detection logic for an Analytic, independent security research, self-paced learning, internal training, or defending Customer’s Infrastructure and posting. By way of example and not limitation, Internal Use does not include access or use: (i) for the benefit of any person or entity other than Customer, (ii) for Commercial Use to provide professional services (e.g., red teaming, threat hunting) to any person or entity other than Customer, or (iii) in any event, for the development of any product or service.
- “Malware” means software that is specifically designed to disrupt, damage, or gain unauthorized access to Infrastructure.
- “Order Form” means that specific purchase order expressly authorized and signed by an authorized executive of Threatology and a person authorized to sign the purchase order on behalf of Customer that is referenced in relation to a specific Application or right granted under this Agreement.
- “Party” means Threatology or Customer, and “Parties” means both Threatology and Customer.
- “Privacy Policy” means Threatology’s privacy policy available at https://www.snapattack.com/privacy-policy.
- “Receiving Party” means a Party that receives the Disclosing Party’s Confidential Information that is disclosed for or in connection with the purposes of and in accordance with this Agreement.
- “Security Tools” mean security software used by Threatology to defend its networks, such as security information and event management (SIEM), endpoint detection and response (EDR), and extended detection and response (XDR).
- “Services” means the services provided by Threatology to Customer in connection with provision of one or more Applications.
- “Subscription” means a paid enterprise or service provider license that grants additional features and functions, and modifies use restrictions of the Application and Content as set forth in the Order Form.
- “Subscription Content” means exclusive Content provided to the Customer after completing the Order Form and obtaining either an enterprise or service provider license. Subscription Content permits Internal Use for any Subscription and Commercial Use for the service provider Subscription. By way of example and not limitation, Subscription Content may not be posted publicly outside of the platform, though it may be shared and disseminated as permitted under Commercial Use.
- “Subscription Period” means the period of time set forth in the applicable Order Form during which Customer is authorized by Threatology to access and use the Application or Service.
- “Third Party” means a person or entity other than the Parties.
- “Threat Information” means Attacks, Malware, Analytics, information regarding vulnerabilities associated with Infrastructure and associated information relevant to detecting, identifying, or understanding the operation of, and defending against Attacks or Malware and the exploitation of the vulnerabilities, and forensic data related to the foregoing and to Incidents.
- “Threatology Intellectual Property” or “Threatology IP” means Threatology proprietary concepts, approaches, methodologies, know how, models, tools, industry information, knowledge, materials, software, inventions, documents, trade secrets, patents, copyrights, trademarks, service marks and other intellectual property owned by Threatology, or licensed to Threatology by its Affiliates, suppliers, vendors, alliance partners, or other Third Parties that (a) existed prior to the Effective Date of this Agreement, (b) are developed or acquired during the performance of the Services, and/or (c) are developed or acquired outside the performance of the Services.
- “Threatology Materials” mean materials comprising or including Threatology IP, including without limitation, reports, playbooks, analyses, or other materials provided by Threatology to Customer under this Agreement, but excluding any Confidential Information and proprietary information of Customer that is incorporated into the materials.
- “Works” have the meaning set forth in Section 3.1.1.
2. Access and Use Rights, Restrictions, Accounts
2.1 License
- Community Edition. Subject to and conditioned on Customer’s compliance with the terms of this Agreement, Threatology hereby grants to Customer a non-exclusive, royalty-free, non-transferable, and non-sublicensable license to use and access the Community Edition and use, adapt and modify the contents of the Community Edition solely for Customer’s Internal Use and in accordance with the Documentation.
- Enterprise Edition. Subject to and conditioned on Customer’s compliance with the terms of this Agreement, and effective upon receipt of corresponding payment on a timely basis as set forth in the Order Form for the Enterprise Edition, Threatology hereby grants to Customer a non-exclusive, royalty-free, non-transferable, and non-sublicensable license to use and access the Enterprise Edition and use, adapt and modify the contents of the Enterprise Edition solely for Customer’s Internal Use and non-commercial purposes in accordance with the Documentation.
- Service Provider Edition. Subject to and conditioned on Customer’s compliance with the terms of this Agreement, and effective upon receipt of corresponding payment on a timely basis as set forth in the Order Form for the Service Provider Edition, Threatology hereby grants to Customer a non-exclusive, royalty-free, non-transferable, and non-sublicensable license to use and access the Service Provider Edition and use, adapt and modify the contents of the Service Provider Edition for Internal Use and Commercial Use (e.g., consulting or providing security services to other companies using the Application and Content) in accordance with the Documentation.
2.2 Acceptable Use. Customer shall abide by Threatology’s Acceptable Use Policy.
2.3 Authorized User Limit. Customer may not permit more Authorized Users to access and use the Applications on Customer’s behalf than the maximum number of Authorized Users identified in the Order Form.
2.4 User Accounts. In order to access or use the Applications, Customer must have Authorized User accounts. Only the single individual user assigned to a user account may access or use the Application. Customer shall not create a false identity or impersonate any person to create user account or attempt to obtain passwords, other account information, or any other private information from any other user of the Application and collect personal information about users, and shall make a reasonable effort to protect its password and to secure resources against unauthorized use of or access to its account. Customer is liable and responsible for all actions and omissions occurring under the Customer’s account for the Application. Customer shall immediately notify Threatology if Customer learns of any unauthorized access or use of Customer’s user account or passwords for an Application. Threatology shall, at its sole discretion, remove or terminate Customer’s user accounts for any breach by Customer of the Agreement or non-compliance with the Acceptable Use Policy.
2.5 Changes. To the extent applicable law or regulation limits Threatology’s ability to provide access to the Applications, as may be determined by Threatology from time to time, Threatology may modify the Applications to comply with applicable law and regulation.
3. Intellectual Property and Data Rights
3.1 Applications, Threatology Materials, and Works. The Parties acknowledge and agree that, as between Customer and Threatology:
- Threatology is the sole and exclusive owner of the Applications, Services, Threatology IP and Threatology Materials, and any deliverables, data, contents, or all other works generated for Customer from the use of the Application or the Services (“Works”). Customer shall have a perpetual, non-transferable, non-exclusive license to use the Works as necessary for Customer’s use of the Application as authorized by this Agreement.
- Threatology Materials incorporate Threatology IP and Confidential Information, and that such Threatology IP and Confidential Information are and shall remain the proprietary and Confidential Information, as applicable, of Threatology.
3.2 Customer Content.
- During the Term, Customer agrees to provide the Customer Content in connection with the use of the Applications and Services, provided Customer properly credits any author for creation or contribution of such content. As between Threatology and Customer, all Customer Content is owned exclusively by Customer. Any Customer Content shall, by default, be shared with other subscribers. Notwithstanding the foregoing, Customer’s using the Enterprise Edition or the Service Provider Edition will have the option to set its Customer Content as private, which would cause the content to be visible only within the Customer’s organization.
- Customer grants to Threatology a non-exclusive, perpetual, fully paid-up license to use, edit, modify, deploy or otherwise exploit Customer Content (excluding any personal data of Customer), including without limitation, the right to de-identify and aggregate Customer Content with data from other customers and sources in order for Threatology to develop, maintain, improve, and market its products (including the Applications), services (including the Services), capabilities, train machine learning models, distribute the aggregated content to other community members and customers or subscribers of Threatology.
- Customer acknowledges and agrees that Threatology may need to engage with certain Third Party vendors in order to provide the Application and Services. Customer consents to Threatology providing such vendors with Customer Content, including identifying Customer by name and the personal data described in Section 4 below, solely in order to allow Threatology to provide the Application and Services to Customer. Customer authorizes Threatology to access Customer’s systems and process and transmit data through the Application in accordance with the Agreement and as necessary for provide the Application and Services, and collect and process the Customer Content.
3.3 Subscription Content. During the Term, Customers using the Enterprise Edition or Service Provider Edition shall have a perpetual, non-transferable, non-exclusive license to use the Subscription Content as necessary for Customer’s use of the Application as authorized by this Agreement. Subscription Content permits Internal Use for any Subscription and Commercial Use for the service provider Subscription. By way of example and not limitation, Subscription Content may not be posted publicly outside of the platform, though it may be shared and disseminated as permitted under Commercial Use. See the Acceptable Use Policy for additional information.
3.4 Customer Suggestions. Customer grants to Threatology a non-exclusive, irrevocable, perpetual, fully paid-up, royalty-free license (with the right to sublicense through multiple tiers) to use or incorporate into Threatology’s business, products (including the Applications), and services (including the Services) any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer relating to the operation and capabilities of Threatology’s products and offerings, including, for example, the Applications and Services.
4. Confidentiality and Data Protection
4.1 A Receiving Party may receive or have access to Confidential Information of the Disclosing Party. A Receiving Party shall not use, communicate or disclose the Disclosing Party’s Confidential Information to a Third Party without the Disclosing Party’s prior, written consent. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own Confidential Information of like kind (but not less than reasonable care).
4.2 A Subscription may:
- cause Customer’s Infrastructure or Security Tools to automatically communicate with Threatology’s servers to deliver the functionality described in the applicable Application’s description or through new features as they are introduced;
- affect preferences or data stored on Customer’s device; and
- collect personal information in accordance with our Privacy Policy and use reasonable measures to protect such information commensurate with the information’s sensitivity. Customer acknowledges and agrees that Threatology may directly and remotely communicate with Customer’s device in order to provide maintenance and technical support, and to collect the following types of information:
- processing times taken by the Applications,
- Customer’s customer identification code, if any, and company name, and
- names, titles, and email addresses of Customer personnel accessing or using the Applications.
- collect security event and Incident data from the Customer’s Infrastructure and Security Tools and use reasonable measures to protect such information commensurate with the information’s sensitivity. Customer acknowledges and agrees that Threatology may directly and remotely communicate with Customer’s Infrastructure and Security Tools in order to provide maintenance and technical support, and to collect the following types of information:
- to deploy and execute Analytics and received Detection data, as configured by the Customer in the Application
- to proactively execute Analytics and receive Detection data, for the purposes of testing and improving Analytics, providing advanced notice of an Incident, and suggesting Analytics and other content to the Customer, if the Customer opts-in to the feature
- to anonymize and share Analytic and Detection data, in accordance with the Privacy Policy
- to deploy and execute Attacks and Malware on authorized Customer’s Infrastructure, as configured by the Customer in the Application
4.3 The information collected under Section 4.2 may be used for the purposes of
- providing the Application and the Services,
- verifying Customer’s authorization to use the Application and Services and compliance with the terms and conditions of this Agreement and the Use Policy including compliance with volume-based or host-based license granted thereunder, to the extent applicable,
- evaluating and improving the performance of the Application and Services,
- preparing statistical analysis (such as the performance and usage of Application and Services),
- planning development roadmaps and product lifecycle strategies,
- issuing alerts and notices to Customer about Incidents and product lifecycle changes related to the Application used by Customer and matters related to Threatology products and services.
4.4 Threatology may also require the Customer’s contact details for the purposes of
- providing technical support,
- billing,
- verifying Customer’s credentials and authorization to use Application and Services,
- issuing license expiry and renewal notices,
- carrying out compliance checks for export and sanction control purposes, and providing account management.
4.5 If the Customer elects to provide to Threatology’s Analytics, Attacks, Malware, Threat Information, or any other materials or information, the Customer shall remove all regulated personally identifiable information, health information, and payment card data prior to submission.
5. Payment
Except for the Community Edition, Customer shall pay Threatology all applicable fees in the amount, by the date and by the method set forth in the applicable Order Form, as well as sale, use and other taxes due on such amounts (other than amounts based on Threatology’s net income). The Community Edition shall be provided to the Customer free at charge, subject to the Customer’s compliance with the terms hereunder.
6. Limited Warranty & Warranty Disclaimers
6.1 Customer Acknowledgement. Customer should not view any conclusion or recommendation provided by Threatology as a direct or indirect guarantee or opinion with respect to any Incidents or other future events or future outcomes. Threatology undertakes no obligation to update any conclusions or recommendations to reflect anticipated or unanticipated events or circumstances after the corresponding Services are completed. Threatology does not guarantee that the Application will identify any or all Incidents, or that Customer will not suffer an Incident. Customer acknowledges that any reliance on the Application or the Services is at Customer’s sole risk and discretion. Threatology and its suppliers are not liable or responsible for any breaches, harm, expense, or other adverse consequence resulting from Customer’s reliance on the Application or the Services.
6.2 Customer Use and Responsibility.
- Compliance with Laws. Customer covenants that Customer shall use all Application and Services in compliance with, and all Customer Content shall be provided to Threatology in conformance with, applicable law and regulation. Threatology shall have no liability to Customer or any Third Party for any loss of use of Infrastructure, information, data, facilities, etc., including, without limitation, Customer Content.
- Export Control. Customer hereby agrees to comply with all export laws and regulations of the U.S. Department of Commerce and all other U.S. and foreign agencies and authorities, including without limitation the Export Administration Regulations of the U.S. Department of Commerce Bureau of Export Administration (as contained in 15 C.F.R. Parts 730 772), and further agrees not to export, or allow the export or re-export of, any Application, Services, or information of Threatology in violation of such laws and/or regulations, or without all required licenses and authorizations.
6.3 Disclaimer. Notwithstanding anything to the contrary in this Agreement, Customer acknowledges and agrees to the following:
- THE PLATFORM AND/OR SERVICES UNDER THIS AGREEMENT ARE PROVIDED “AS IS.” THREATOLOGY AND ITS SUPPLIERS EXPRESSLY DISCLAIM ALL WARRANTIES, REPRESENTATIONS, AND GUARANTEES, WHETHER ORAL OR WRITTEN, IMPLIED OR STATUTORY, WITH REGARD TO THE PLATFORM AND THE SERVICES, INCLUDING WITHOUT LIMITATION ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, NON-INTERFERENCE, AND WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. THREATOLOGY DOES NOT WARRANT THAT (I) THE PLATFORM OR THE SERVICES WILL MEET CUSTOMER’S NEEDS; (II) THE PLATFORM WILL BE ERROR-FREE OR ACCESSIBLE AT ALL TIMES; (III) THE PLATFORM WILL DETECT, PREVENT, OR ENABLE THREATOLOGY AND/OR THE CUSTOMER TO MITIGATE ANY CYBER ATTACKS OR RELATED INCIDENTS; AND/OR (IV) THE USE OR THE RESULTS OF THE USE OF THE PLATFORM WILL BE CORRECT, ACCURATE, TIMELY, OR OTHERWISE RELIABLE. CUSTOMER ACKNOWLEDGES THAT THE PLATFORM HAS NOT BEEN PREPARED TO MEET THE CUSTOMER’S INDIVIDUAL REQUIREMENTS, WHETHER OR NOT SUCH REQUIREMENTS HAVE BEEN COMMUNICATED TO THREATOLOGY. CUSTOMER ASSUMES ALL RESPONSIBILITY FOR USE OF THE PLATFORM.
- THE PLATFORM, SERVICES, THREATOLOGY MATERIALS AND ANY COMPONENTS THEREOF MAY BE PREPARED OR PROVIDED USING OPEN SOURCE MATERIAL. “OPEN SOURCE MATERIAL” IS DEFINED AS PUBLICLY AVAILABLE INFORMATION, INCLUDING WITHOUT RESTRICTION, DATA OR INFORMATION LICENSED BY THREATOLOGY, OR OTHER INFORMATION THAT HAS BEEN OBTAINED BY THREATOLOGY AND WHICH THREATOLOGY IS AUTHORIZED TO USE IN ITS PROCESSES, PLATFORMS, SERVICES, THREATOLOGY MATERIALS, AND ANY COMPONENTS THEREOF. THREATOLOGY MAKES NO GUARANTEE REGARDING THE FITNESS OF OPEN SOURCE MATERIAL FOR THE PURPOSES OF THIS AGREEMENT, NOR CAN IT GUARANTEE THAT OPEN SOURCE MATERIAL IS AVAILABLE OR POSSESSES ADEQUATE QUALITY, ACCURACY, OR QUANTITY FOR THE PLATFORMS, SERVICES, THREATOLOGY MATERIALS AND ANY COMPONENTS THEREOF. THREATOLOGY DOES NOT ASSUME RESPONSIBILITY TO INDEPENDENTLY VERIFY THE ACCURACY, QUALITY, OR COMPLETENESS OF THE OPEN SOURCE MATERIAL. THREATOLOGY WILL NOT BE OBLIGATED TO PROCURE ADDITIONAL INFORMATION OR OPEN SOURCE MATERIAL FROM ANY OTHER SOURCES. THE OPEN SOURCE MATERIAL THAT IS INCORPORATED INTO THE PLATFORM ARE LISTED AT https://www.snapattack.com/open-source-disclosures.
- CUSTOMER IS SOLELY RESPONSIBLE FOR ALL USES OF THE PLATFORMS, SERVICES, THREATOLOGY MATERIALS, AND ANY COMPONENTS THEREOF, AND THE CORRESPONDING CONSEQUENCES AND RESULTS. THREATOLOGY SHALL HAVE NO LIABILITY FOR CLIENT’S USES OF THE PLATFORMS, SERVICES, THREATOLOGY MATERIALS, AND ANY COMPONENTS THEREOF EXCEPT AS EXPRESSLY PROVIDED IN THE AGREEMENT.
7. Limitation of Liability
7.1 DISCLAIMER OF LIABILITY. EXCEPT FOR BREACH OF A PARTY’S OBLIGATIONS OF CONFIDENTIALTY AND WITHOUT LIMITING THE PARTIES’ OBLIGATIONS PURSUANT TO SECTION 8, NEITHER CUSTOMER NOR THREATOLOGY SHALL HAVE ANY LIABILITY UNDER THIS AGREEMENT OR IN CONNECTION WITH THE PLATFORMS, SERVICES, THREATOLOGY MATERIALS, AND ANY COMPONENTS THEREOF FOR CONSEQUENTIAL, INCIDENTAL, OR OTHER INDIRECT DAMAGES OR FOR PUNITIVE DAMAGES, LOSS OF USE, LOSS OF BUSINESS, LOSS DATA OR LOSS PROFITS, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES, AND REGARDLESS OF THE LEGAL THEORY ON WHICH ANY SUCH DAMAGES OR LOSSES MAY BE BASED.
7.2 MONETARY LIMITATION OF LIABILITY. EXCEPT FOR BREACH OF ITS OBLIGATIONS OF CONFIDENTIALTY IN SECTION 4, OR INDEMNITY OBLIGATIONS IN SECTION 8, , THE AGGREGATE LIABILITY OF THREATOLOGY TO CUSTOMER FOR ANY CLAIM RELATED TO THIS AGREEMENT AND THE PLATFORMS, SERVICES, THREATOLOGY MATERIALS, AND ANY COMPONENTS THEREOF SHALL BE LIMITED TO THE AMOUNT OF FEES IN THE AGGREGATE THAT THREATOLOGY ACTUALLY RECEIVES FROM CUSTOMER UNDER THIS AGREEMENT DURING THE IMMEDIATELY PRECEDING THREE (3) MONTHS FROM WHEN THE FIRST CLAIM FOR LIABILITY AROSE.
8. Indemnification
8.1 By Threatology.
- Threatology shall defend any action brought against Customer to the extent it is based on a third party claim that the Applications or Services, when used in accordance with the Documentation and this Agreement and exclusive of any Customer Content provided, directly infringe any valid United States patent issued as of the Effective Date, or any copyright, trademark or trade secret, and Threatology shall pay resulting third party costs and damages to the extent agreed to by Threatology in a settlement or if finally judicially determined by a court of competent jurisdiction to have directly resulted from Threatology’s infringement; provided, however, that the foregoing indemnity is not available to the extent that claims and damages arise from use of the Applications or Services after the end of the applicable Subscription Period or in violation of this Agreement. Threatology may, at its option, make changes to the Application or Services to avoid the infringement or terminate this Agreement and provide a refund of any prepaid fees for the terminated portion of the Subscription Period.
- THE FOREGOING PROVISIONS OF SECTION 8.1.1 STATE THE ENTIRE LIABILITY AND OBLIGATIONS OF THREATOLOGY, AND THE EXCLUSIVE REMEDY OF CUSTOMER, WITH RESPECT TO ANY ACTUAL OR ALLEGED INFRINGEMENT OF ANY PATENT, COPYRIGHT, TRADEMARK, OR OTHER INTELLECTUAL PROPERTY RIGHT, OR MISAPPROPRIATION OF ANY TRADE SECRET, BY ANY PLATFORM OR SERVICE.
8.2 By Customer. Customer shall defend any action brought against Threatology to the extent it is based on a third party claim arising from Customer’s business and any use of the Customer Content received from the Customer, provision of Customer Content to Threatology, Customer’s use of the Applications or Services, or Customer’s breach of Section 2.2, and Customer shall pay resulting third party costs and damages to the extent agreed by Customer in a settlement or if finally judicially determined by a court of competent jurisdiction to have directly resulted from such claims.
8.3 Indemnity Dependencies. The indemnities provided under this Agreement are available only if:
- The indemnitee promptly notifies the indemnitor in writing of any such claim, and
- The indemnitor has sole control of the defense and all settlement negotiations related to such claim, and
- The indemnitee cooperates with the indemnitor, at indemnitor’s request and expense, in defending or settling such claim.
8.4 Indemnitee’s Right to Participate. Nothing herein shall restrict the right of indemnitee to participate in a claim, action or proceeding through its own counsel and at its own expense, except that the indemnitee shall not interfere or adversely affect the defense provided by the indemnitor.
9. Term and Termination
9.1 Term. This Agreement shall be in effect from the Effective Date and continue for the Enterprise Edition and the Service Provider Edition for so long thereafter as Customer has a valid and effective Order Form in place with Threatology; this Agreement shall continue for the Community Edition until terminated as provided below.
9.2 Termination.
- Either Party may terminate this Agreement for:
- the other Party’s material breach of this Agreement in the event that the breach is not cured within thirty (30) days after the breaching Party’s receipt of written notice specifying the breach, or
- a force majeure event that continues for more than fifteen (15) consecutive days in a calendar month.
- Threatology may terminate the Agreement and Services for its convenience by providing thirty (30) days’ prior written notice to the Customer.
- In the event that a Party becomes or is declared insolvent or bankrupt, is the subject of any proceedings relating to its liquidation, insolvency or the appointment of a receiver or similar officer for it, makes an assignment for the benefit of all or substantially all of its creditors, or enters into an agreement for the composition, extension, or readjustment of all or substantially all of its obligations (collectively referred to as an “Insolvency Event”), then the other Party may, by giving written notice thereof, immediately terminate this Agreement.
9.3 Effect of Termination.
- Upon expiration or termination of this Agreement for any reason, (a) Threatology shall be entitled to payment for Applications made available to Customer (including unpaid portions of full Subscription price) and Services rendered and for expenses and obligations incurred in connection with this Agreement prior to the effective date of termination and (b) Customer shall cease all use of the Application and/or the Services, and delete all Threatology Materials.
- Upon termination by Threatology for Customer’s uncured breach of this Agreement or Insolvency Event, all unpaid Subscription fees, if any, and all taxes and other amounts owed by Customer shall become immediately due and payable in full and shall be paid within thirty (30) days of the effective date of such termination.
- All fees shall be non-refundable, except for any pre-paid fees for Applications or Services not yet delivered at the effective date of termination where Threatology has terminated for convenience.
- Sections 1 (Definitions), 3 (Intellectual Property and Data Rights), 4 (Confidentiality and Data Protection), 6.3 (Disclaimer), 7 (Limitation of Liability), 8 (Indemnification), 9.3 (Effect of Termination)-9.4 (Customer Content After Termination) and 10 (Miscellaneous) shall survive the expiration or termination of this Agreement according to their terms.
- Termination will be in addition to, and not in lieu of, any equitable remedies available to a Party. Neither Party shall incur any liability whatsoever for any damage, loss, or expense of any kind suffered or incurred by the other Party arising from or incident to any suspension or termination expressly authorized by this Agreement or any expiration in accordance with this Agreement, whether or not the first Party is aware of any such damage, loss or expenses.
9.4 Private Customer Content After Termination. Upon expiration or termination of this Agreement, Threatology shall maintain all Customer Content in Threatology’s vendors’ systems, Threatology’s systems, or otherwise in Threatology’s possession or under its control unless otherwise expressly agreed in this Agreement or in a writing by the Parties, even if Customer has designated Customer Content as private pursuant to Section 3.2.1.
10. Miscellaneous
10.1 Independent Contractor and Subcontractors. Threatology is an independent contractor and not an agent or representative of Customer. No employee of Threatology shall be deemed an employee of Customer. Except as otherwise expressly agreed, Customer will have no direct control over Threatology or its employees. Threatology may engage additional support from an Affiliate or a subcontractor without notice to or consent of Customer.
10.2 Third Party Hardware and Software. The Application and/or Services may necessitate use of third party hardware, software and/or data products by Customer that are not provided by Threatology as part of the Subscription. Customer shall be solely responsible for obtaining licenses to such third party hardware, software, or data for its own use, subject to any expenses contemplated pursuant to this Agreement.
10.3 No Third Party Beneficiaries. Threatology and Customer agree that this Agreement is intended to be solely for the benefit of the Parties and that no Third Parties shall obtain any direct or indirect benefits from the Agreement, have any claim or be entitled to any remedy under this Agreement, or otherwise in any way be regarded as third party beneficiaries under this Agreement.
10.4 Publicity. Threatology may list Customer as a customer on its website or in marketing materials.
10.5 Assignment. Neither Party may assign its respective rights under this Agreement without the prior written consent of the other Party, except that Threatology may assign this Agreement, without consent, to any successor to or acquirer of Threatology or its cybersecurity business. This Agreement shall be binding on permitted successors and assigns. Any assignment not in accordance with this Section 10.5 shall be null and void.
10.6 Force Majeure. Except with respect to Customer payment obligations hereunder, a Party shall be excused from performance under this Agreement for any period to the extent that the Party is prevented from performing any obligation, in whole or in part, as a result of causes beyond its reasonable control, including without limitation, acts of God, natural disasters, war or other hostilities, labor disputes, civil disturbances, governmental acts, orders or regulations. The periods for performance of Services shall be extended for the periods required to make up the Services not performed because of such a cause.
10.7 U.S. Government Rights. In the event the Customer is any governmental or quasi-governmental agency, subagency or unit of the United States, Customer and Threatology shall enter into a separate government agreement which shall modify and supersede the terms in this Agreement.
10.8 Entire Agreement; Amendments. This EULA, the Order Form, the Acceptable Use Policy and exhibits and attachments to the foregoing and all terms referenced in this EULA, constitute the Agreement which is the entire agreement and understanding between the Parties with respect to the subject matter of this Agreement and merges and supersedes all prior discussions and writings with respect to such subject matter. No modification, alteration or amendment of this Agreement shall be effective unless set forth in writing and signed by the Parties.
10.9 Notice. Any notice permitted or required under this Agreement shall be in writing and shall be delivered in person, by courier, by overnight delivery service, or mailed by certified or registered mail, postage prepaid, return receipt requested, signature required, and shall be deemed received upon verified receipt. and addressed to a person authorized to receive notice at the address specified in the Order Form. If notice is given in person or by courier, it shall be effective upon receipt. If notice is given by overnight delivery service, it shall be effective one (1) business day after deposit with the delivery service, and if notice is given by mail, it shall be effective five (5) business days after deposit in the mail.
10.10 Governing Law and Jurisdiction. This Agreement shall be governed by, and construed in accordance with, the laws of the Commonwealth of Virginia, U.S.A., without giving effect to any choice of law rules and principles that would apply the laws of another jurisdiction. Each Party consents to, and agrees that each Party is subject to, the exclusive jurisdiction of the state and federal courts of the Commonwealth of Virginia with respect to any actions for claims arising under, enforcement of, or breach of this Agreement.
10.11 Order of Precedence. In the event of any conflict between this EULA and the Order Form, this Order Form shall control.
10.12 Severability. In the event that any term or provision of this Agreement shall, for any reason, be held illegal, invalid, or unenforceable under the laws, regulations or ordinances of any federal, state or local government authority to which this Agreement is subject, such term or provision shall be deemed severed from this Agreement, and the remaining terms and provisions will be unaffected.
10.13 Construction. The captions and section and paragraph headings used in this Agreement are inserted for convenience only and shall not affect the meaning or interpretation of this Agreement.