Download As PDF

ThreatWorx Subscription Agreement

 

By subscribing to the Threatworx platform (the “Software”) provided by Threatwatch Inc. (the “Company”), hosted on Threat watch’s Cloud platforms (the “Cloud Platform”, “Services”) or on-premises (“Self-Hosting”, “Services”), you (the “Customer”, “Licensee”) are agreeing to be bound by the following terms and conditions (the “Agreement”).

  1. Definitions.

The following definitions apply in this Agreement:

Authorized Service Recipients: means the Group Undertakings of Licensee from time to time.

COMPANY AND LICENSEE HEREBY AGREE AS FOLLOWS:

  1. Software & Services.  
    1. Software.  Subject to Licensee’s full and ongoing compliance with the terms and conditions of this Agreement, including payment of any applicable Fee, Company grants to Licensee a limited, nonexclusive, and revocable license for Licensee and its Authorized Service Recipients to use the Software, which shall be hosted by Company, during the Subscription Term, solely for the purpose of allowing Licensee personnel and the personnel of and its Authorized Service Recipients to access and use the Software for monitoring the security and vulnerability of Licensee’s and its Authorized Service Recipients’ network and software assets.
    2. Services.  The Software includes an access key (“Key”) to enable the Software to access the Services, and subject to Licensee’s full and going compliance with the terms and conditions of this Agreement, including payment of any applicable Fee, Company authorizes Licensee and its Authorized Service Recipients to access and use the Services during the Subscription Term solely for their internal business purposes, including to obtain updates to Company’s index of vulnerability tracking data in connection with Licensee’s licensed use of the Software.  
    3. Restrictions.  Licensee or its Authorized Service Recipients may not reproduce, distribute, publicly display, or publicly perform the Materials in whole or in part, or use or make the Software or Services available to any third party or use the Software or Services on behalf of any third party, on a “service bureau” or otherwise.  Except, and solely to the extent that such a restriction is impermissible under applicable law or any applicable third party license, Licensee or its Authorized Service Recipients may not (a) decompile, reverse engineer, or otherwise access or attempt to access the source code for the Software or Services; or (b) interfere with or circumvent any feature of the Software or Services. 
  2. Support. For so long as Licensee is current with its payment of the Fees, Company shall provide Licensee and its Authorized Service Recipients the support services specified in Exhibit B to this Agreement (“Support”). Licensee and its Authorized Service Recipients shall document and promptly report all significant or recurring errors or malfunctions, and Company’s obligations to provide Support are subject to the foregoing requirement. Licensee and its Authorized Service Recipients shall carry out any reasonable procedures provided by Company to Licensee or its Authorized Service Recipients for the rectification of errors or malfunctions within a reasonable time after such procedures have been provided by Company. In the event that Licensee or its Authorized Service Recipients desire additional onsite support or other professional services beyond the Support, additional fees may apply (including reasonable travel and lodging expenses agreed in writing in advance by Licensee), to be mutually agreed in writing prior to the performance of any such additional support or professional services.
  3. Ownership; Feedback.
    1. Ownership.  As between Licensee and Company, Company retains all right, title and interest in the Materials and all software, content, information, and data contained, embodied, implemented or incorporated therein, including all applicable patent, copyright, trade secret, trademark, or other intellectual property rights of any kind or nature arising under the laws of any jurisdiction, including any so-called “moral rights” (collectively “Intellectual Property Rights”).  Except for the limited permission to install and use the Materials, Company retains all rights to the Materials, and nothing herein shall be deemed or interpreted to grant or imply any transfer or license of any Intellectual Property Rights of Company. All materials, content and data supplied by Licensee or an Authorized Service Recipient shall, at all times, be and remain the exclusive property of Licensee or Authorized Service Recipient (as applicable), but shall be held by Company in safe custody at its own risk and maintained and kept in good condition by Company until returned to Licensee or Authorized Service Recipient (as applicable).
    2. Generation of Reports.  In connection with Licensee’s and its Authorized Service Recipients’ use of the Materials, certain information regarding the Licensee’s and its Authorized Service Recipients’ use of the Materials will be generated, including the following (collectively “Reports”).
      1. Results.  The Software may provide certain details on which network and software assets the Software determines may pose a security threat or vulnerability, which will generally be available to Licensee and its Authorized Service Recipients in summary form.
      2. Diagnostic.  The Software also generates a variety of reporting, analytics, metrics, logs, and other information associated with the raw data analysis, and the basis for making determinations on which network and software assets the Software determines may pose a security threat or vulnerability, which underlying information may not be directly available to Licensee or its Authorized Service Recipients.
    3. Access and Use of Reports.  Company may have access to Reports, and/or may obtain Reports from Licensee upon written request in connection with provision of support, and Licensee agrees to reasonably cooperate with Company in delivering such Reports. Reports will be deemed to constitute Feedback for the purposes of Section 4.d), below.
    4. Feedback.  Licensee may from time to time, but is not obligated to, provide Company with information and feedback regarding the features and performance of the Materials (including proposed features, modifications, improvements, or enhancements), as well as information regarding any and all failures, errors, deficiencies, or other malfunctions in the Materials along with any associated error messages (collectively, the “Feedback”). Licensee acknowledges that Company may need access to Feedback for the purposes of providing support, and may be required to provide Feedback for this purpose as requested in writing by Company.
    5. Audit.  Company may, from time to time, monitor and audit the use of Software and Services by Licensee, to ensure it in compliance with the limits set forth in Exhibit A. Company reserves the right to terminate this agreement if use of Software and Services is determined to be non-compliant with the terms and limits set forth in Exhibit A.
  4. Confidentiality.
    1. “Confidential Information” of a party means any confidential or proprietary knowledge, information, materials, or trade secrets in which such party has rights, disclosed to the other party (“Receiving Party”), and which either party would reasonably expect or consider to be confidential or proprietary information, including but not limited to, information regarding business methods, products, services, finances, customers and potential customers, suppliers, pricing and rates, costs, expenses, marketing, technologies, properties, specifications, personnel, or organization, in various media, including but not limited to, oral, written, and electronic data form.  Without limiting the generality of the foregoing, Company’s Confidential Information includes all Materials and any and all technical information related thereto, and any Feedback.
    2. Confidentiality.  During the Subscription Term and until such time Confidential Information becomes subject to an exception set forth in Section 5.e), each Receiving Party:  (i) shall treat as strictly confidential all Confidential Information disclosed by the other party (the “Disclosing Party”); (ii) shall not disclose, disseminate, distribute, or transfer such Confidential Information to any third party other than Receiving Party’s or an Authorized Service Recipient’s personnel (as applicable) with a need to know such information for the purposes of this Agreement and who are bound by written obligations of confidentiality no less restrictive than the terms of this Agreement without the express written consent of Disclosing Party; (iii) shall not use such Confidential Information except solely for the purpose of its performance under this Agreement; and (iv) shall protect the Confidential Information by using at least the same degree of care as the Receiving Party uses to protect its own confidential information of like nature to prevent any unauthorized access, use, dissemination, or publication of such Confidential Information, but in no event less than reasonable care.  The Receiving Party shall promptly notify the Disclosing Party in writing it becomes aware of any unauthorized access, use, dissemination, or publication of such Confidential Information.
    3. Exceptions.  Confidential Information does not include information which as evidenced in writing by the Receiving Party:  (i) is known to the Receiving Party or later received from a third party, in each case without any confidentiality restriction; or (ii) is publicly known or becomes publicly known and made generally available through no wrongful act of the Receiving Party.
    4. Compelled Disclosure.  Upon prior written notice (to the extent legally permissible) to the Disclosing Party, the Receiving Party may disclose Disclosing Party’s Confidential Information to the extent required by law, regulation, or other judicial or governmental body requirement to be disclosed.  The Receiving Party agrees to assist the Disclosing Party (at the Disclosing Party’s expense) in all proper ways to limit or prevent the disclosure of such Confidential Information, and to obtain confidential treatment for any information so disclosed.  
    5. Return of Materials.  Subject to Section 6 below, the Receiving Party will return or destroy (at the Disclosing Party’s election) all Confidential Information (including all copies) received from the Disclosing Party within its possession, custody, or control promptly upon termination or expiration of this Agreement.  At the request of the Disclosing Party, after such return or destruction, the Receiving Party shall certify in writing that such return or destruction has been accomplished.
  5. Term and Termination.  
    1. In the event that either Party fails to fulfill any of its obligations arising herein, and if such breach has not been remedied within 30 calendar days from the written notice of such breach, this Agreement may be terminated immediately by the non-breaching Party.
    2. Further, Company may terminate the Agreement immediately in the event the Customer fails to pay the applicable fees for the Services within 21 days following the due date specified on the corresponding invoice, and after minimum 3 reminders.
    3. Effect of Termination. Upon termination of this Agreement for any reason, (i) Licensee’s and its Authorized Service Recipients’ access and use of the Services will immediately cease, and Company may disable the Key; (ii) Licensee and its Authorized Service Recipients shall have 60 days to continue to access and use the Software, including any Data obtained therein and/or Reports generated thereon up until the date of such Termination (the “Exit Period”), and (iii) Sections 4 through 12 survive expiration or termination of this Agreement for any reason. For clarity, unless otherwise agreed to in writing by the parties, Licensee or its Authorized Service Recipients shall not have the right to access or use the Services during the Exit Period and thereafter.  
  6. Third Party Software.  The Materials made available together with certain third party software components, which are licensed under separate terms.  Information regarding such software and the applicable terms is available in license files which are aggregated into a file named NOTICE in the technical documentation provided electronically for the Materials.  Nothing herein is intended, nor shall be deemed or interpreted, to limit or restrict any rights Licensee or its Authorized Service Recipients may have under such separate terms.
  7. Representations & Warranties; Disclaimer.
    1. Mutual Warranties.  Each party represents and warrants to the other that: (i) this Agreement has been duly executed and delivered and constitutes a valid and binding agreement enforceable against such party in accordance with its terms; and (ii) the execution, delivery, and performance of this Agreement does not violate any other agreement to which it is a party or by which it is otherwise bound.
    2. By Company. Company represents and warrants that: (a) it will provide the Services with reasonable care, skill and diligence in accordance with generally recognized commercial best practices in a professional manner consistent with applicable industry standards; (b) the Services and all other work performed by Company pursuant to this Agreement will be performed with due diligence and speed using staff who are competent and skilled and experienced in the subjects and matters which relate to the services they are to provide; (c) it has the right to perform the Services for Licensee and its Authorized Service Recipients in accordance with this Agreement; (d) the Software and Services will conform with all descriptions and specifications provided to Licensee by Company; (e) the Software and Services will be free from defects; (f) the Software and Services are delivered free from viruses and other malicious code; (g) it shall use the latest versions of anti-virus software available rom an industry accepted anti-virus software vendor to check for and delete malicious software from the Software and Services. 
    3. By Licensee. Licensee represents and warrants that: (a) Licensee and Authorized Service Recipients (as applicable) have the necessary rights and permissions or approvals to use and to permit the use of any Licensee or Authorized Service Recipient data uploaded to the Software or Services; and (b) all Licensee and Authorized Service Recipient personnel accessing and using the Software and Services have the right to access the information and data made accessible to them by Licensee through the Software and Services.
    4. Personal data. To the extent that either party receives personal data under the Agreement, the parties agree to comply with their obligations under applicable data protection legislation, including but not limited to, the Data Protection Act 1998, as may be amended or superseded from time to time. To the extent Company receives personal data under this Agreement, Company confirms that it is compliant with the EU-US Privacy Shield in this regard.
    5. THE FOREGOING WARRANTIES SHALL BE THE PARTIES’ EXCLUSIVE WARRANTIES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH ABOVE, THE MATERIALS (INCLUDING, WITHOUT LIMITATION, THE SOFTWARE AND SERVICES) ARE PROVIDED ON AN “AS IS” BASIS WITHOUT WARRANTY OF ANY KIND, AND COMPANY AND ITS SUPPLIERS AND LICENSORS HEREBY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AVAILABILITY, OR RESULTS.  COMPANY DOES NOT WARRANT THAT THE MATERIALS WILL BE WITHOUT FAULTS, OR WILL BE COMPLETE, ACCURATE, OR UP TO DATE, OR PREVENT, MINIMIZE, OR MITIGATE ANY INTRUSION OR OTHER UNAUTHORIZED ACCESS OR USE OF LICENSEE’S SYSTEMS OR DATA.
  8. Indemnity.
    1. Company shall, at Licensee’s request, defend or, at its option, settle any third party claim, suit or proceeding (“Claim”) brought against Licensee alleging that the use of the Software or Services by Licensee in accordance with this Agreement infringes or misappropriates any intellectual property right.  Company agrees to pay, subject to the limitations set forth below, any final judgment entered against Licensee, as a result of such infringement, in any such Claim defended by Company; provided that Licensee provides Company with (i) prompt written notice of such Claim; and (ii) available information and assistance, at Company’s expense, to settle and/or defend any such Claim.
    2. In the event any such Claim is brought or threatened, or, in Company’s opinion, a Claim is likely to be brought, Company may, at its sole option and expense:  (i) procure for Licensee and its Authorized Service Recipient the right to continue to use the Software or Services, as applicable; (ii) modify or amend the Software or Services, as applicable, or replace the same with non-infringing services that do not materially impair the functionality of the Software or Services, as applicable; or (iii) if either of the foregoing is not feasible on commercially reasonable terms, terminate this Agreement and refund on a pro-rata basis any prepaid fees, and upon such termination, Licensee and its Authorized Service Recipient will immediately cease all use of the Software and Services, subject to the Exit Period described in Section 6. 
    3. Company shall have no obligation to Licensee under Section 9.a) to the extent a Claim arises solely from (i) Licensee’s breach of this Agreement; (ii) use of the Software or Services in combination with any products, services, data, software, hardware or business process not contemplated by this Agreement, if the alleged infringement would not have occurred absent such combination; or (iii) Licensee’s systems or data. 
  9. Limitation of Liability.  EXCEPT WITH RESPECT TO LIABILITY FOR BREACH OF CONFIDENTIALITY OBLIGATIONS, BREACH OF INTELLECTUAL PROPERTY RIGHTS, BREACH OF DATA PROTECTION OBLIGATIONS, OR VIOLATIONS OF THE LICENSES GRANTED HEREIN, UNDER NO CIRCUMSTANCES, INCLUDING NEGLIGENCE (EXCEPT IN RESPECT OF DEATH OR PERSONAL INJURY CAUSED BY THAT PARTY’S NEGLIGENCE), WILL LICENSEE OR COMPANY BE LIABLE TO THE OTHER HEREUNDER FOR ANY INDIRECT, INCIDENTAL, EXEMPLARY, PUNITIVE, RELIANCE, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING WITHOUT LIMITATION ANY LOSS OF BUSINESS, LOSS OF USE, LOST PROFIT, LOSS OF DATA, OR DAMAGE TO NETWORKS OR EQUIPMENT.  THE FOREGOING LIMITATION APPLIES WHETHER OR NOT THE OTHER PARTY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES AND IRRESPECTIVE OF THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY HEREIN. EXCEPT WITH RESPECT TO LIABILITY FOR BREACH OF CONFIDENTIALITY OBLIGATIONS, BREACH OF INTELLECTUAL PROPERTY RIGHTS, BREACH OF DATA PROTECTION OBLIGATIONS, OR VIOLATIONS OF THE LICENSES GRANTED HEREIN, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, EXCEED THE AMOUNTS PAID BY LICENSEE FOR THE SERVICES DURING THE ONE (1) YEAR PERIOD IMMEDIATELY PRECEDING THE DATE THE CAUSE OF ACTION AROSE.

THE PARTIES ACKNOWLEDGE THAT COMPANY’S ABILITY TO OFFER THE MATERIALS TO LICENSEE HEREUNDER IS BASED ON THE ABOVE LIMITATIONS, AND THAT THE LIMITATIONS IN THIS SECTION REPRESENT A REASONABLE ALLOCATION OF RISK FOR THE PARTIES.

  1. Miscellaneous.  The Agreement, including all Exhibits hereto, will be governed by and construed in accordance with the laws of state of California, without giving effect to any principles of conflicts of law, and any dispute arising hereunder shall be subject to the exclusive jurisdiction of the courts located in the state of California.  This Agreement, and any rights and licenses granted hereunder, may be transferred or assigned by Licensee with the written consent of Company (not to be unreasonably withheld), may be assigned by Company with the written consent of Licensee (not to be unreasonably withheld)and any assignment in violation of the foregoing will be void. Notwithstanding the foregoing, Licensee may assign, novate or otherwise transfer this Agreement in its entirety without the consent of Company to any affiliate, or in connection with a merger, acquisition, corporate reorganization or sale of all or substantially all of its assets. Subject to the foregoing, this Agreement will be binding upon the parties’ respective successors and permitted assigns.  This Agreement constitutes the entire agreement between Licensee and Company with respect to the Software, Services, and Materials.  No amendment or modification hereof will be valid or binding upon either party unless made in writing and signed by the authorized representatives of both parties.  In the event that a portion of this Agreement is held unenforceable, the unenforceable portion will be construed in accordance with applicable law as nearly as possible to reflect the original intentions of the parties, and the remainder of the Agreement will remain in full force and effect.  In the event of a conflict between the terms of this Agreement and an Exhibit attached hereto, the terms of such Exhibit shall govern. Failure to strictly enforce any provision of this Agreement will not be construed as a waiver of any provision or right, and waiver by either party of a breach of any provision of this Agreement or the failure by either party to exercise any right hereunder shall not operate or be construed as a waiver of any subsequent breach of that right or as a waiver of any other right.

 

 

EXHIBIT A

Support

  1. Liaison.  Licensee’s technical liaison to communicate with Company with respect to the resolution of technical problems is _________________________ (the “Liaison”), who shall complete reasonable training with Company to enable the Liaison to train users and correct problems caused by user error, assist users with the resolution of known issues, and obtain sufficient information from user’s to adequately report problems to Company.  Licensee may change such liaison from time to time at reasonable intervals upon written notice to Company and completion of applicable training by the successor Liaison.  Company will not be obligated to respond or provide support to any person other than the designated liaison.
  2. Support Hours and Methods.  Company shall use commercially reasonable efforts to provide email and phone support to Licensee’s Liaison during regular business hours, M-F 9 a.m. to 5 p.m. Pacific Time.  Problems may be reported any time, however, Company will not be obligated to assign work after business hours (9 a.m. to 5 p.m. Pacific Time) to problems that are not classified as Priority 1/ASAP. ForPriority 1 – ASAP issues, ThreatWorx would provide necessary support outside of standard business hours.
  3. Holidays.  Company observes the following holidays: New Year’s Day, Martin Luther King Day, Presidents Day, Memorial Day, Independence Day, Labor Day, Thanksgiving Day, Christmas Eve Day, and Christmas Day.
  4. Priority.  Upon receiving a call or request, Company will classify and prioritize the problem according to the following criteria (it being understood that in the event that Company completes a workaround that relegates the applicable problem to a lower priority level, the service levels applicable to that lower priority level will apply going forward):
Priority Description Response Time Target Resolution Time
Priority 0/ – ASAP The issue renders the mission critical real time processing features and functionalities of the Services completely unavailable, unresponsive, or inoperable, and there is no workaround. 4 hours ( Outside of standard business hours ) 1 business day
Priority 1 Process cannot complete and there is no workaround, but the condition does not interrupt all functions of the Services.   1 business day 10 business days
Priority 2 Process cannot complete, but there is a workaround that allows Licensee to use the Services.   2 business days 15 business days
Priority 3 This priority addresses “cosmetic” type calls with no financial or processing impact. 5 business days One month
  1. Onsite Support; Additional Services. Onsite support for product training or any other purpose can be provided if needed. There will not be any additional cost for such onsite support except reasonable travel / lodging expenses that have been agreed by Licensee in writing in advance. In the event that Licensee desires additional onsite support, additional integrations or customizations, or other professional services, additional fees may apply, to be mutually agreed in writing prior to the performance of such additional support or professional services.
  2. Service Credits. If Company fails to provide the Services in accordance with Section 8.b) of the Agreement, or as otherwise specified in the Agreement (“Services Failure”), Company shall credit Licensee’s account with service credits (“Service Credits”) to be applied as a credit against Licensee’s next billing period as follows:
Services Failure Service Credits
1 hours to 2 hours 1 day prorated monthly subscription fees
> 2 hours to 24 hours 1 day prorated monthly subscription fees

 

Such Service Credits are a non-exclusive remedy for Customer, and Licensee acknowledges that Customer may claim such other remedies as may be available to it under this Agreement or otherwise at law. To receive a Service Credit, Licensee must submit a detailed written request for a Service Credit to Licensee’s designated account manager or the Company support team within ten business days after the end of the billing cycle in which the incident occurred. Upon receipt of a Service Credit request, Company shall have 30 days to review the request and to validate the information provided. If, Company determines in good faith that the applicable incident constitutes a Services Failure, then Company will apply such Service Credits to Licensee’s immediately succeeding billing period.  Upon any termination or expiration of the Agreement, Licensee shall not receive a refund for any unused Service Credits.