Cofense Protect Terms of Use

Last Updated: May 10, 2022

We are excited You are ordering Cofense Protect™! Please read on to understand the terms that
govern Your use of and access to the Cofense Protect subscription services, including any
additional subscription or other products referenced in these Terms of Use (the "Services").
References to product names may be updated from time to time. As used herein, "You" or
"Your" refers to the business, government or entity ordering and accessing the Services. "We",
"Us", or "Our" refers to Cofense Inc. We or You may be referred to individually as a
"Party," or collectively as the "Parties."

Access to the Services for Your own internal use will be governed by the CUSTOMER TERMS
OF USE (the "Customer Agreement"). Access to the Services to provide managed security
services to third party end customers (where You have been authorized to do so by Us) will be
governed by the MSSP SERVICES TERMS OF USE (the "MSSP Agreement").

PLEASE NOTE THE CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT, AS
APPLICABLE, GOVERNS ACCESS TO THE SERVICES PROVIDED BY US UNLESS YOU
(OR THE BUSINESS, GOVERNMENT OR ENTITY YOU REPRESENT) HAVE
EXECUTED A SEPARATE WRITTEN AGREEMENT WITH US GOVERNING SUCH
SERVICES. PLEASE READ THESE ACCEPTANCE TERMS AND THE APPLICABLE
CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT CAREFULLY. CLICKING ON
THE “YES” OR “I ACCEPT” BUTTON (OR OTHER BUTTON OR MECHANISM
DESIGNED TO ACKNOWLEDGE AGREEMENT TO THE TERMS OF THESE
AGREEMENTS) OR ACCESSING OR USING THE SERVICES CONSTITUTES
ACCEPTANCE OF THE CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT, AS
APPLICABLE. WITHOUT LIMITING THE FOREGOING, YOU ACKNOWLEDGE THAT
YOUR SUBMISSION OF AN ORDER AND/OR ORDER FORM FOR THE SERVICES
CONSTITUTES AN ACCEPTANCE OF THE CUSTOMER AGREEMENT AND/OR MSSP
AGREEMENT, AS APPLICABLE, AND THAT ALL FUTURE ORDERS FOR THE
SERVICES FOLLOWING YOUR ACCEPTANCE OF THE APPLICABLE AGREEMENT
WILL BE GOVERNED BY THE TERMS OF THE APPLICBLE AGREEMENT.

IF YOU AGREE TO THE CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT ON
BEHALF OF A BUSINESS, GOVERNMENT, OR OTHER ENTITY, YOU REPRESENT
AND WARRANT THAT YOU HAVE THE POWER AND AUTHORITY TO BIND SUCH
BUSINESS, GOVERNMENT, OR OTHER ENTITY TO THE AGREEMENT, AND YOUR
AGREEMENT TO THESE APPLICABLE TERMS WILL BE TREATED AS THE
AGREEMENT OF SUCH BUSINESS, GOVERNMENT, OR OTHER ENTITY.

IF YOU ARE UNWILLING TO AGREE TO THE CUSTOMER AGREEMENT AND/OR
MSSP AGREEMENT, AS APPLICBLE, OR YOU DO NOT HAVE THE RIGHT, POWER
AND AUTHORITY TO ACT ON BEHALF OF AND BIND SUCH BUSINESS,
GOVERNMENT, OR OTHER ENTITY TO THESE AGREEMENTS, DO NOT CLICK ON
THE BUTTON AND DO NOT ACCESS, OR OTHERWISE USE THE SERVICES.

IF YOU RECEIVE THE SERVICES THROUGH ONE OF OUR AUTHORIZED RESELLERS,
PARTNERS OR DISTRIBUTORS (COLLECTIVELY, “AUTHORIZED PARTNER”), ALL
FEES AND OTHER PROCUREMENT AND DELIVERY TERMS WILL BE AGREED
BETWEEN YOU AND THE AUTHORIZED PARTNER; HOWEVER, THE TERMS SET
FORTH IN THE APPLICABLE CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT
REGARDING YOUR USE OF THE SERVICES REMAIN APPLICABLE. FOR
CLARIFICATION, YOUR AGREEMENT WITH THE AUTHORIZED PARTNER IS
BETWEEN YOU AND THE AUTHORIZED PARTNER ONLY AND SUCH AGREEMENT
IS NOT BINDING ON US.

IF YOU DO NOT AGREE TO ALL OF THE FOLLOWING, YOU MAY NOT USE OR
ACCESS THE SERVICES IN ANY MANNER.

THE CUSTOMER AGREEMENT OR MSSP AGREEMENT MAY NEED TO CHANGE
ALONG WITH THE SERVICES. WE RESERVE THE RIGHT TO CHANGE THE
APPLICABLE AGREEMENT AT ANY TIME, BUT IF WE DO, WE WILL BRING IT TO
YOUR ATTENTION BY PLACING A NOTICE ON OUR WEBSITE, AND/OR BY
SENDING YOU AN EMAIL, AND/OR BY SOME OTHER MEANS. WE FURTHER
RESERVE THE RIGHT TO MODIFY THE SERVICES AT ANY TIME WITHOUT NOTICE
TO YOU.

IF YOU DON’T AGREE WITH THE CHANGES TO THE APPLICABLE AGREEMENT,
YOU ARE FREE TO REJECT IT; UNFORTUNATELY, THAT MEANS YOU WILL NO
LONGER BE ABLE TO USE THE SERVICES. IF YOU USE THE SERVICES IN ANY WAY
AFTER A CHANGE TO THE APPLICABLE AGREEMENT IS EFFECTIVE, THAT MEANS
YOU AGREE TO ALL OF THE CHANGES.

ALL OF THE DEFINED TERMS USED ABOVE ARE HEREBY INCORPORATED INTO
THE CUSTOMER AGREEMENT AND MSSP AGREEMENT.

CUSTOMER TERMS OF USE

Where You are ordering the Services for Your own internal use, the terms of the
following Customer Agreement apply.

  1. Definitions

"Authorized Users" means Your authorized employees, agents or independent contractors with
an assigned unique email address (i) who may access the Services; and/or (ii) whose email
accounts are being used with the Services.

"Customer Data" means the information submitted or provided by You and Your Authorized
Users for use with the Services.

"Our IP" means all of Our proprietary materials, including without limitation, the Services, Our
Confidential Information, APIs, software, threat intelligence and threat indicators, intelligence
alerts and reports, and/or investigation tools, Aggregate Data, Documentation, proprietary
processes and methods, and any of Our templates and/or forms.

"Documentation" means the Services user manuals provided by Us to Our customers (which
may be in electronic format), as amended from time to time by Us.

"Intellectual Property Rights" means copyrights (including, without limitation, the exclusive
right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted
work), trademark rights (including, without limitation, trade names, trademarks, service marks,
and trade dress), patent rights (including, without limitation, the exclusive right to make, use and
sell), trade secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights,
goodwill and all other intellectual property rights as may exist now and/or hereafter come into
existence and all renewals and extensions thereof.

"Order" means (i) a quotation, proposal, or pricing offer issued to You by Us that is signed by
both Parties or to which You have confirmed acceptance in writing ("Quote"), (ii) a written
purchase order or similar ordering document, signed or submitted by You and accepted by Us,
under which You agree to purchase the Services (“Purchase Order”), or (iii) a quotation,
proposal, or pricing offer issued by Us to You at the time of the sign-up for an evaluation or
provided by Us to You after the evaluation sign up and prior to the end of Your evaluation
described in Section 2 of this Customer Agreement (Evaluations and Beta Products), which You
will be deemed to have accepted if You do not provide Us notice of cancellation prior to the end
of the evaluation period and the Parties have not otherwise not agreed to a Quote or Purchase
Order. It is agreed that all Orders for the Services will incorporate the terms of this Customer
Agreement, whether expressly referenced or not, and will only be accepted subject to the terms
of this Customer Agreement. The terms and conditions of this Customer Agreement will govern
all Orders, and any additional or different terms in an Order are deemed void and of no effect
unless such additional or different terms are agreed upon by the Parties in writing. For clarity,
acceptance by Us of Your purchase order or similar ordering document will not be deemed an
acceptance of any conflicting or additional terms and conditions.

  1. Evaluations and Beta Products
  1. If We provide the Services, along with any other related materials and documentation for
    Your evaluation purposes, then We grant You a limited, nontransferable, non-assignable,
    non-sublicensable right to use the Services, subject to the terms of this Customer Agreement
    and any other limitations communicated to You. You may use the Services for Your own
    internal evaluation purposes from the date in which You access the Services, until the
    expiration date We provide You, or, if no expiration date is provided, for a period of up to
    thirty (30) days from the date of first accessing the Services. We may extend your evaluation
    in our sole discretion. If You do not provide Us notice to cancel Your evaluation prior to the
    expiration of the applicable evaluation period, Your subscription to the Services will
    automatically begin upon expiration of the evaluation period, subject to and governed by this
    Customer Agreement, and You will be deemed to have accepted the quotation or proposal
    provided by Us at the time of the evaluation sign-up or provided by Us to You after the
    evaluation sign up and prior to the end of Your evaluation, and We will charge You at the
    pricing stated therein unless the Parties have agreed to a Quote or Purchase Order. If You
    cancel before the end of Your evaluation, You will not be charged. Any continued access or
    use of the Services after the evaluation period remains subject to the Customer Agreement.
    Your eligibility for a free evaluation offer is determined solely by Us and Your access to any
    free evaluation offer is provided at Our sole discretion. The Services are provided to You
    "AS-IS", and to the extent permitted by applicable law, We disclaim all indemnities and
    warranties relating to the evaluation, express or implied, including but not limited to any
    warranties against infringement of third-party rights, merchantability, and fitness for a
    particular purpose. You acknowledge that the Services are Our intellectual property. At the
    end of the evaluation period, all evaluation licenses granted herein will automatically
    terminate and You will delete or return any of Our Confidential Information in Your
    possession and provide written certification of such destruction or return in writing to Us.
    You understand that We may disable access to the Services automatically at the end of the
    evaluation period, without notice to You. This Section will take precedence over any
    contradictory language in this Customer Agreement as it relates to an evaluation.
  2. Beta Products. We make no warranties regarding the performance of beta or pre-release
    products ("Beta Products"). You understand and acknowledge that Beta Products are Our IP
    and are being provided as a “Beta” version and made available on an "As Is" or "As
    Available" basis. The Beta Products may contain bugs, errors, and other problems. YOU
    ASSUME ALL RISKS AND ALL COSTS ASSOCIATED WITH YOUR USE OF THE
    BETA PRODUCTS. In addition, we are not obligated to provide any maintenance, technical,
    or other support for the Beta Products. Notwithstanding anything to the contrary herein, Our
    entire liability arising out of or related to the Beta Products will not exceed US $100. Access
    to Beta Products may be subject to different or additional terms provided with the Beta
    Products.
  1. Ordering and Services Term

We will provide the Services set forth in Orders pursuant and subject to this Customer
Agreement. The term of the Services is specified in the applicable Order or, if no period of time
for the Services is specified, for a period of one (1) month from the date in which access to the
Services was made available to You ("Initial Services Term"). Unless otherwise stated on the
Order, the Services will automatically renew after its Initial Services Term for additional periods
equal in length to the Initial Services Term (each, a “Renewal Services Term” and together with
the Initial Services Term, the "Services Term"), unless either Party notifies the other of its
intention not to renew the Services at least thirty (30) days prior to the expiration of the then-
current Services Term. In the event You add additional Authorized Users during the Services
Term, You will be billed for the additional Authorized Users at the pricing set forth in the
applicable Order. For the duration of the applicable Services Term set forth in the applicable
Order and in accordance with the terms of this Customer Agreement, We grant You a non-
exclusive, non-transferable, non-assignable right to access the Services, including the applicable
Documentation and Our IP associated with the Services, for Your internal use only. You
acknowledge that We have no delivery obligation and will not ship copies of software as part of
the Services. If You are purchasing a subscription to the simulation training module in
conjunction with Cofense Protect, the terms set forth in Schedule 1 will govern your
subscription. If You are purchasing a subscription to Cofense Reporter™ in conjunction with
Cofense Protect, the terms set forth in Schedule 2 will govern Your subscription to Cofense Reporter™.

  1. Paying for the Services

You will pay the fees for the Services set forth in the applicable Order and the renewals thereof
("Fees"). All Fees will be fully billed in advance, unless otherwise agreed by the Parties in
writing. You may cancel Your Services at any time, but no refunds will be issued for Fees due.
Fees are exclusive of all tariffs, duties or taxes imposed or levied by any government or
governmental agency, including without limitation, federal, state and local sales, use, value
added or other similar taxes (collectively, "Taxes") and You are responsible for paying all Taxes
applicable to the Services. In the event We are obligated to collect and pay indirect Taxes for the
Fees, You agree to pay any indirect Taxes that may be added to the payment of any outstanding
Fees and will be reflected in the invoice or subsequently invoiced if the Fees were previously
paid. You will reimburse Us for any and all expenses incurred by Us so long as such expenses
are directly attributable to the Services provided to You. You agree to pay all Fees, in full, within
thirty (30) days. If You fail to make any payment when due, then interest at a rate of one and
one-half percent (1.5%) per month will accrue on such unpaid, undisputed amounts, calculated
from the date the payment was originally due. Credit card payments may incur additional fees. If
You dispute any invoice, You will promptly notify Us of the disputed amount, but in no event
later than the date payment is due, with an explanation of the reasons therefor. In the event of
non-payment or any action at law or in equity necessary to enforce or interpret the terms of this
Customer Agreement for non-payment, You agree to pay all of Our reasonable attorneys’ fees
and collection costs and expenses associated with the collection of such debt, to the fullest extent
permitted by applicable law.

  1. Using the Services
  1. Your log-in to the Services is via the Google or Microsoft Office 365 accounts. We use
    Google or Microsoft Office 365 permissions granted to Us by You, to provide You the
    Services.
  2. You (i) are responsible for the use of the Services by You and Your Authorized Users in
    compliance with this Customer Agreement, including any applicable exhibits, addenda,
    Documentation and applicable laws and government regulations; (ii) are responsible for all
    activity relating to Your account, including without limitation ensuring that all usernames
    and passwords for the Services are kept secure and confidential at all times; (iii) are
    responsible for the accuracy, quality and legality of Your Data, including the lawful use and
    transmission of Your Data provided by You and Your Authorized Users in connection with
    the Services; (iv) will obtain all rights, permissions or consents from Authorized Users and
    other of Your personnel that are necessary to grant the rights and licenses in this Customer
    Agreement; and (iv) will use commercially reasonable efforts to prevent unauthorized access
    to or use of Our IP and Services, and will notify Us promptly of such unauthorized use.
  3. You may only designate Authorized User’s email addresses with Internet domain names that
    You own or are authorized by the Internet domain name owner to use for the purposes
    contemplated herein. You acknowledge and agree that the maximum number of Authorized
    Users will not exceed the number of Authorized Users You ordered.
  4. You represent, warrant, and agree that You will not submit Customer Data or otherwise use
    the Services or interact with the Services in a manner that:
    1. Infringes or violates the intellectual property rights or any other rights of anyone
    2. Violates any law or regulation, including any applicable export control laws;
    3. Is harmful, fraudulent, deceptive, threatening, harassing, defamatory, obscene, or
      otherwise objectionable;
    4. Jeopardizes the security of Your account or anyone else’s (such as allowing
      someone else to log in to the Services as You);
    5. Attempts, in any manner, to obtain the password, account, or other security
      information from any other user;
    6. Violates the security of any computer network, or cracks any passwords or security
      encryption codes;
    7. Runs Maillist, Listserv, any form of auto-responder or “spam” on the Services, or
      any processes that run or are activated while You are not logged into the Services,
      or that otherwise interfere with the proper working of the Services (including by
      placing an unreasonable load on the Services’ infrastructure);
    8. "Crawls," "scrapes," or "spiders" any page, data, or portion of or relating to the
      Services (through use of manual or automated means);
    9. Copies or stores any significant portion of the Services;
    10. Stores or transmit infringing, libelous, or otherwise unlawful or tortious material,
      or stores or transmits material in violation of third-party privacy or other rights;
      and
    11. Decompiles, reverse engineers, or otherwise attempts to obtain the source code or
      underlying ideas or information of or relating to the Services.
    A violation of any of the foregoing is grounds for termination of Your right to use or access the
    Services.
  5. You may use "Third-Party Products" (as such term is defined in this paragraph) in
    combination with the Services, provided, however that We do not make any representations
    and warranties or covenants of any nature or kind with respect to any Third Party Products,
    nor will We have any liability for any damages that You may directly or indirectly incur or
    suffer as result of or arising from Your use of any Third Party Product in combination with
    the Services. You further acknowledge and agree that it is subject to a third party’s respective
    terms and conditions with respect to the use of any Third-Party Products. “Third-Party
    Products” means any third-party products authorized by Us and selected by You, for use in
    combination with the Services. You acknowledge and agree that any data, including personal
    information, You provide when using the Third-Party Products may be collected, stored,
    processed and transferred by the applicable third party provider in accordance with that third
    party provider’s privacy policy and You represent and warrant that You have obtained any
    required consent by the Authorized Users and any applicable regulatory body to do the
    foregoing.
  1. Termination
  1. We may terminate (or suspend access to) Your use of the Services or Your account for any
    breach of this Customer Agreement. We have the sole right to decide whether You are in
    violation of any of the restrictions set forth in this Customer Agreement. Account termination
    may result in deletion of any Customer Data associated with Your account. You may
    terminate this Customer Agreement if We commit a material breach and fail to remedy such
    breach within thirty (30) days of being notified by You of such breach ("Cure Period").
  2. If We terminate this Customer Agreement due to Your material breach, We will not refund
    any amounts to You. If You terminate the Services for Our material breach, You will receive
    a refund for the remainder of the then-current term for such Services; provided that You will
    not be entitled to any refund if You are also in breach of the Customer Agreement at the time
    of such termination. If You terminate the Services other than for Our material breach, You
    will not receive a refund or credit of any fees already paid or due to Us and, if applicable, all
    outstanding Services fees will accelerate and become immediately due and payable.
  3. Upon termination of the Services for any reason, all access rights and licenses granted herein
    will immediately terminate.
  1. Confidentiality and Privacy
  1. "Confidential Information" means any non-public, confidential, or proprietary information of
    a disclosing Party ("Discloser") that should reasonably be understood by the receiving Party
    ("Recipient") to be confidential because of (i) legends or other markings; (ii) the
    circumstances of disclosure; or (iii) the nature of the information, which may be disclosed
    either directly or indirectly, in writing, visual, orally or by inspection of tangible objects
    (including without limitation documents, prototypes, samples, products, software, product
    specifications and white papers) or other means. Confidential Information includes but is not
    limited to technology and technical information, promotional and marketing activities,
    inventions, finances and financial plans, customers, business and product plans, know-how,
    source code, data, algorithms, methods and processes, trade secrets, designs, techniques,
    analyses, models, strategies and objectives, and any third-party information that Discloser is
    otherwise obligated to keep confidential.
  2. Recipient will: (i) not use any Confidential Information for any purpose except to evaluate
    and engage in discussions concerning a potential business relationship between the Parties
    and/or to fulfill its obligations under this Customer Agreement; (ii) use at least the same
    degree of care as Recipient uses to protect its own confidential information from unauthorized
    use, access or disclosure, but in no event less than a reasonable degree of care; (iii) limit
    disclosure of Confidential Information to those persons within Recipient’s organization who
    have a need to know and who have previously agreed in writing, prior to the receipt of
    Confidential Information, to be bound by confidentiality obligations similar to those set forth
    in this Customer Agreement; (iv) not disclose any Confidential Information to third parties
    without Discloser's prior written consent; (v) not copy, reverse engineer, disassemble, create
    any works from, or decompile any prototypes, software or other tangible objects which
    embody Discloser's Confidential Information; and (vi) comply with, and obtain all required
    authorizations arising from, all U.S. and other applicable export control laws or regulations.
    Any reproduction of Confidential Information requires Discloser's prior written consent and
    will remain the property of Discloser. Any reproductions will contain any and all notices of
    confidentiality contained on the original Confidential Information.
  3. The foregoing confidentiality obligations will not apply to information that Recipient can
    demonstrate: (i) is publicly known and made generally available through no improper action
    or inaction of Recipient; (ii) was already in the possession of, or known by Recipient prior to
    the time of disclosure by Discloser through no fault or breach of this Customer Agreement by
    Recipient; (iii) was rightfully obtained by, or disclosed to, Recipient from a third party
    without any obligation to maintain the Confidential Information as proprietary or confidential;
    or (iv) is independently developed by Recipient without use of or reference to Discloser's
    Confidential Information. Recipient may disclose Confidential Information to the extent such
    disclosure is required to comply with applicable law or a valid order or requirement of a
    governmental or regulatory agency or court of competent jurisdiction, provided that Recipient
    (a) restricts such disclosure to the maximum extent legally permissible; (b) notifies Discloser
    as soon as practicable of any such requirement to the extent such provision of prior notice
    is permitted by applicable law; and (c) that subject to such disclosure, such disclosed materials
    will in all respects remain subject to the restrictions set forth in this Customer Agreement
  4. Within thirty (30) days of the termination of this Customer Agreement or upon Discloser's
    written request, Recipient will promptly, at Recipient’s election, destroy or return all of
    Discloser's Confidential Information in Recipient’s possession or in the possession of any
    representative of Recipient; provided, however, that Recipient will not, in connection with the
    foregoing obligations, be required to delete Confidential Information held electronically in
    archive or back-up systems, and such Confidential Information will in all respects remain
    subject to the restrictions set forth in this Customer Agreement. Upon Discloser's written
    request, Recipient will provide a certification, signed by an officer of Recipient, as to the
    destruction or return of Discloser's Confidential Information.
  5. Discloser retains all right, title and interest to its Confidential Information. Recipient
    acknowledges that the disclosure of Confidential Information may cause irreparable injury to
    Discloser. Discloser will, therefore, be entitled to seek injunctive relief upon a disclosure or
    threatened disclosure of any Confidential Information, without a requirement that Discloser
    prove irreparable harm and without the posting of a bond. This provision will not in any way
    limit such other remedies as may be available to Discloser at law or in equity. ALL
    CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.” DISCLOSER MAKES NO
    WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
    COMPLETENESS OR PERFORMANCE.
  6. You will ensure that: (i) You are entitled to transfer any relevant personal data to Us so that
    We may lawfully use, process and transfer the personal data on Your behalf and in accordance
    with this Customer Agreement; and (ii) the relevant third parties have been informed of, and
    have given their consent to, such use, processing, and transfer as required by all applicable
    data protection laws. You represent and warrant that You have obtained all necessary rights,
    permissions, or consents from Authorized Users and any applicable regulatory body prior to
    using the Services to comply with applicable laws and regulations, including, without
    limitation, the EU General Data Protection Regulation 2016/679, the Wiretap Act 1979 of the
    State of Israel, and the Protection of Privacy Regulations (Information Security) 2017 of the
    State of Israel. We will process personal information in connection with the use of the
    Services in accordance with the Privacy Policy, available at https://cyberfish.io/privacy
    ("Privacy Policy").
  7. We will: (i) process personal data in compliance with and subject to this Customer Agreement
    and any lawful and reasonable instructions received from You that are consistent with this
    Customer Agreement; (ii) not use or process or permit any of Our subcontractors to use or
    process, any personal data except to the extent necessary to perform Our obligations under
    this Customer Agreement; (iii) implement and maintain adequate and reasonable technical and
    organizational safeguards designed to protect against the unauthorized or accidental access,
    loss, alteration, disclosure or destruction of personal data in Our possession or control; (iv)
    ensure that we have appropriate procedures in place designed to comply with applicable data
    protection laws and will take all reasonable steps to ensure that persons employed by Us, and
    other persons engaged Our place of work, comply with applicable data privacy laws and
    regulations.
  8. We may process or otherwise transfer personal data in or to any country outside the European
    Economic Area or any country not deemed adequate by the European Commission pursuant to
    applicable data protection laws to the extent necessary for the provision of the Services. If
    required, We will enter into the EU Standard Contractual Clauses as approved by the
    European Commission for ensuring an adequate level of data protection in respect of the
    personal data that will be processed or transferred.
  9. We will not sell, process, retain, disclose, or use (i) for a commercial purpose or (ii) outside of
    the direct business relationship between the Parties, any Customer Data that, under the
    California Consumer Privacy Act ("CCPA") constitutes "personal information" ("CA
    Personal Information"), except to provide the Services or as permitted by CCPA.
    Notwithstanding anything in this Customer Agreement, the Parties acknowledge and agree
    that Our access to CA Personal Information or any other Customer Data does not constitute
    part of the consideration exchanged by the Parties in respect of this Customer Agreement.
  1. Intellectual Property
  1. Intellectual Property Rights in Our IP belong exclusively to Us or Our licensors. You
    acknowledge and agree that You will not (and will not allow any third party), in whole or in
    part, to directly or indirectly: (i) disassemble, decompile, reverse compile, reverse engineer
    or attempt to discover any source code or underlying ideas or algorithms of any of Our IP
    (except to the limited extent that applicable law prohibits reverse engineering restrictions
    solely for interoperability purposes), (ii) sell, resell, distribute, sublicense or otherwise
    transfer, Our IP, or make the functionality of Our IP available to any other party through any
    means (unless We have provided prior written consent), or (iii) reproduce, alter, modify or
    create derivatives of Our IP (unless as expressly permitted in this Customer Agreement). You
    will maintain the copyright notice and any other notices that appear on Our IP, including any
    interfaces related to the Services.
  2. You acknowledge and agree that You will not (and will not allow any third party), in whole or
    in part, to directly or indirectly: (i) disassemble, decompile, reverse compile, reverse engineer
    or attempt to discover any source code or underlying ideas or algorithms of any of Our IP
    (except to the limited extent that applicable law prohibits reverse engineering restrictions
    solely for interoperability purposes), (ii) sell, resell, distribute, sublicense or otherwise
    transfer Our IP, or make the functionality of Our IP available to any other party through any
    means (unless We have provided prior written consent), or (iii) reproduce, alter, modify or
    create derivatives of Our IP (unless as expressly permitted in this Customer Agreement). You
    will maintain the copyright notice and any other notices that appear on Our IP, including any
    interfaces related to the Services.
  3. We own all Intellectual Property Rights in and to Aggregate Data, and may use, reproduce,
    sell, publicize or otherwise exploit Aggregate Data in any way, in Our sole discretion.
    "Aggregate Data" refers to Customer Data that is de-identified (stripped of any information
    used to identify You, including personal data). Aggregate Data will also include statistical
    information related to the use and performance of the Services, provided that such statistical
    information is de-identified. You grant to Us a worldwide, perpetual, irrevocable, royalty-free,
    fully paid-up license to use and exploit any suggestion, enhancement request,
    recommendation, correction or other feedback ("Feedback") provided by You or Your
    Authorized Users relating to the Services. Feedback will not include Confidential Information.
  4. We acknowledge that You own all right, title, and interest in and to Customer Data (excluding
    Aggregate Data). You grant to Us the worldwide right to use, access, host, copy, transmit,
    modify and display Customer Data, as reasonably necessary for Us to perform Our obligations
    in accordance with this Customer Agreement. We may disclose Customer Data to Our third-
    party contractors and service providers (including cloud service providers) to the extent
    necessary to provide the Services in accordance with this Customer Agreement; provided that
    such third-party contractors and service providers are bound by confidentiality obligations
    similar to the provisions of this Customer Agreement. You acknowledge and agree We may
    use Customer Data to provide and improve our products and services.
  5. U.S. Government Restricted Rights. Our IP Services are "commercial items", "commercial
    computer software" and "commercial computer software documentation," pursuant to DFARS
    Section 227.7202 and FAR Sections 12.211-12.212, as applicable. All Our IP and Services
    are and were developed solely at private expense and the use of Our IP and Services by the
    United States Government are governed solely by this Customer Agreement and are
    prohibited except to the extent expressly permitted by this Customer Agreement.
  1. Warranty Disclaimer and Indemnity

We expressly disclaim any Customer Data which You have generated for use with the Services,
and You agree to indemnify, hold harmless and, at Our option, to defend Us, Our officers,
directors, employees, affiliates contractors and agents from and against any losses, liabilities,
damages, costs and expenses (including reasonable attorneys’ fees) incurred as a result of a) any
alleged or actual violations of any third party rights arising out of the Customer Data, including
without limitation claims related to the unauthorized disclosure or exposure of personal data or
other private information, failure to obtain required consents, claims that the Customer Data
infringes a third party right, and b) claims arising from Customer's use of the Services in
violation of this Customer Agreement. THE SERVICES ARE PROVIDED ON AN "AS IS"
BASIS WITHOUT ANY WARRANTY WHATSOEVER AND WE EXPRESSLY DISCLAIM,
TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, ALL
WARRANTIES, EXPRESS, IMPLIED AND STATUTORY, INCLUDING WITHOUT
LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, ACCURACY, NONINFRINGEMENT, OR ARISING FROM
COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. WE ALSO MAKE NO
WARRANTY REGARDING NONINTERRUPTION OF USE OR FREEDOM FROM BUGS,
AND MAKE NO WARRANTY THAT THE SERVICES WILL BE ERROR-FREE. WE DO
NOT GUARANTEE ANY SPECIFIC RESULTS FROM USING THE SERVICES.

  1. Limitation of Liability

TO THE FULLEST EXTENT ALLOWED BY APPLICABLE LAW, UNDER NO
CIRCUMSTANCES AND UNDER NO LEGAL THEORY (INCLUDING, WITHOUT
LIMITATION, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE) SHALL WE
(OR OUR LICENSORS OR SUPPLIERS) BE LIABLE TO YOU OR TO ANY OTHER
PERSON FOR (A) SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY
DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO ANY LOST PROFITS
LOST SAVINGS, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF
INFORMATION, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF
CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE,
WHETHER OR NOT WE WERE ADVISED OF THE POSSIBILITY OF SUCH LOSS OR
DAMAGES OR (B) ANY AMOUNT, IN THE AGGREGATE, IN EXCESS OF THE
GREATER OF (I) $100 OR (II) THE AMOUNTS PAID BY YOU TO US FOR THE
SERVICES DURING THE TWELVE (12) MONTHS PRIOR TO THE FIRST EVENT
GIVING RISE TO SUCH LIABILITY.

THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN WILL APPLY ONLY TO
THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, AND NOTHING
HEREIN PURPORTS TO LIMIT EITHER PARTY’S LIABILITY IN A MANNER THAT
WOULD BE UNENFORCEABLE OR VOID AS AGAINST PUBLIC POLICY IN THE
APPLICABLE JURISDICTION.

  1. Miscellaneous
  1. This Customer Agreement is governed by and construed in accordance with the laws of the
    State of Delaware and the United States without regard to conflicts of laws provisions
    thereof, and without regard to the United Nations Convention on the International Sale of
    Goods. The Parties agree that the Uniform Computer Information Transactions Act or any
    version thereof, adopted by any state, in any form, will not apply to this Customer
    Agreement.
  2. Any assignment of this Customer Agreement by You to another party, including any transfer
    by operation of law or otherwise, without the other Party's prior written consent (which
    consent will not be unreasonably withheld) will be null and void; provided, however, that
    You may assign this Customer Agreement without consent, to an affiliate or in connection
    with any merger, asset purchase or sale, stock purchase or sale or similar change of control
    transaction.
  3. We may use subcontractors in the performance of Our obligations. We will disclose
    subcontractors having access to Customer Data upon Your written request.
  4. The provisions of the following Sections and all accrued payment obligations will survive the
    termination of this Customer Agreement: Section 4 (Paying for the Services), Section 7
    (Confidentiality and Privacy), Section 8 (Intellectual Property), Section 9 (Warranty
    Disclaimer and Indemnity), Section 10 (Limitation of Liability), and Section 11
    (Miscellaneous).
  5. Each Party acknowledges that it is familiar with and understands the provisions of applicable
    anti-corruption laws, including but not limited to FCPA or UKBA, and agrees not to violate or
    knowingly let anyone such laws. You agree that no payment You make will constitute a bribe,
    influence payment, kickback, rebate, or other payment that would violate applicable anti-
    corruption or anti-bribery laws. You agree that at Our request, You will furnish Us a
    certification signed by Your authorized representative verifying that the Services are being
    used in accordance with this Customer Agreement.
  6. This Customer Agreement constitutes the complete and entire agreement between the Parties
    with respect to the Services. It replaces and supersedes any prior agreements, oral or written,
    between the Parties concerning the subject matter hereof. We hereby reject and deem deleted
    any additional or different terms or conditions that You present, including, but not limited to,
    any terms or conditions contained or referenced in any purchase order, acceptance, or
    acknowledgement. No amendment to this Customer Agreement will be effective unless it is
    in writing and signed by the authorized representatives of each Party. With the exception of
    Your obligation to make payments due and payable to Us, neither Party will be considered to
    be in breach or default of this Customer Agreement as a result of its delay or failure to
    perform its obligations herein when such delay or failure arises out of causes beyond the
    reasonable control of the Party whose performance has been affected. Nothing in this
    Customer Agreement will benefit or create any right or cause of action in or on behalf of any
    person or entity other than the Parties. The failure of a Party to exercise or enforce any right
    or provision of this Customer Agreement will not constitute a waiver of such right or
    provision. If any provision of this Customer Agreement is held to be invalid or
    unenforceable, the remaining provisions of this Customer Agreement will remain in full force
    and effect.

COFENSE SAT SUBSCRIPTION SCHEDULE 1

In addition to the terms of the Customer Agreement, the following terms apply to the simulation training module and twelve (12) courses, Cofense SAT.

  1. For the duration of the applicable Services Term set forth in the applicable Order and in
    accordance with the terms of the Customer Agreement, Cofense grants to You a non-
    exclusive, non-transferable, non-assignable right to access Cofense SAT, including
    the applicable Documentation and Our IP, for Your internal use only.
    You acknowledge that Cofense has no delivery obligation and will not ship copies of
    software as part of Cofense SAT.
  2. You are responsible for its Authorized Users’ compliance with the Customer Agreement,
    this Schedule and the Acceptable Use Policy Addendum.
  3. You acknowledge and agree that the maximum number of Authorized Users will not
    exceed the number of Authorized Users set forth in the applicable Order, and You may
    only use Cofense SAT with Authorized Users of Cofense Protect. You
    may add additional Authorized Users during the Services Term, at the same pricing as set
    forth in the applicable Order, pro-rated for the portion of the Services Term remaining at
    the time. You will provide Us with a primary contact person who will approve requests
    for new administrators. Notwithstanding anything in the Customer Agreement to the
    contrary, any breach by You and its Authorized Users of this Section will result in the
    immediate suspension or termination of You and Your Authorized Users’ access to Cofense SAT.
  4. You may only designate Authorized User’s email addresses with Internet domain names
    that You own or is authorized by the Internet domain name owner to use for the purposes
    contemplated herein.

ACCEPTABLE USE POLICY ADDENDUM

By using the simulation training module, you are agreeing to this Acceptable Use Policy
Addendum (this "Policy"). Please read this carefully.

Capitalized terms used below but not defined in this Policy will have the meaning set forth in the
Customer Agreement. You and Your Authorized Users must promptly notify Us of any actual or
suspected illegal or unauthorized activity or a security breach involving the simulation training
module. You and Your Authorized Users may not:

  1. disseminate material that is abusive, obscene, pornographic, defamatory, harassing,
    grossly offensive, vulgar, threatening, or malicious;
  2. disseminate materials that would constitute an infringement upon the patents, copyrights,
    trademarks, trade secrets or other intellectual property rights of others;
  3. use the simulation training module for any illegal purpose, or in violation of any laws;
  4. disseminate materials that would give rise to liability under the Computer Fraud and
    Abuse Act;
  5. commit fraud or engage in other misleading or deceptive activities;
  6. upload to, or transmit from the simulation training module any viruses, worms, defects,
    Trojan horses, time-bombs, malware, spyware, or any other computer code of a
    destructive or interruptive nature;
  7. share the simulation training module and any of Our IP and Confidential Information
    with any third-parties, except as expressly authorized in advance by Us in writing;
  8. use the simulation training module and Our IP in any way to provide services to any
    third-party;
  9. disassemble, decompile, reverse compile, reverse engineer or attempt to discover any
    source code or underlying ideas or algorithms of the simulation training module and Our
    IP (except to the limited extent that applicable law prohibits reverse engineering
    restrictions solely for interoperability purposes);
  10. sell, resell, distribute, sublicense or otherwise transfer, the simulation training module
    and Our IP, or make the functionality of the simulation training module available to any
    other party through any means (unless We have provided prior written consent); and
  11. reproduce, alter, modify or create derivatives of Our IP (unless as expressly permitted in
    the Customer Agreement).

Authorized Users must comply with any Intellectual Property Rights asserted in Our IP provided
to You for the purposes of using with the simulation training module. Authorized Users will
maintain and not remove or obscure any proprietary notices on Our IP.

Remedies. Violation of this Policy may result in civil or criminal liability, and We may, in
addition to any other remedy that We may have at law or in equity, terminate any permission for
You and any Authorized User to access the simulation training module or immediately remove
the offending material. In addition, We may investigate incidents that are contrary to this Policy.

We reserve the right to update and modify this Policy at any time from time-to-time. Continued
use of the simulation training module by You and Your Authorized Users after such update or
modification will indicate Your acceptance of the updates and/or modifications to this Policy.

COFENSE REPORTER SUBSCRIPTION
SCHEDULE 2

In addition to the terms of the Customer Agreement, the following terms apply to Cofense ReporterTM.

  1. For the duration of the applicable Services Term set forth in the applicable Order and in
    accordance with the terms of the Customer Agreement, We grant to You a non-exclusive,
    non-transferable, non-assignable right to access the applicable version of Cofense Reporter,
    including the applicable Documentation, for Your internal use only. You acknowledge that
    We have no delivery obligation and will not ship copies of software as part of Cofense
    Reporter. You are responsible for Your Authorized Users’ compliance with the Customer
    Agreement and this Schedule. Authorized User-initiated Cofense Reporter reports must be
    sent to a mailbox owned by You or authorized mailbox. You acknowledge and agree that We
    may store Customer Data from Cofense Reporter in the United States.

MSSP SERVICES TERMS OF USE

Where You are ordering the Services to manage them as part of Your managed
security services program for Applicable Customers (as defined below) ("MSSP
Services"), You acknowledge You must be authorized by Us prior to providing the
MSSP Services to Applicable Customers, and You may only use the MSSP
Services as a managed security service provider to Applicable Customers pursuant
to this MSSP Agreement. If You are separately ordering the Services for Your
internal use, then such use will be separately governed by the Customer
Agreement. Capitalized terms used but not defined in this MSSP Agreement will
have the same meanings set forth in the Customer Agreement.

  1. Definitions

"Applicable Customers" means those customers located in the Territory(ies) for which We have
given You prior written approval for You to provide MSSP Services

"Applicable Customer Data" means the information submitted or provided by Applicable
Customers for use with the Services.

"Authorized Users" means (i) Your authorized employees, agents or independent contractors with
an assigned unique email address, who may access or provide the Services to the Applicable
Customers; and/or (ii) employees and personnel of Applicable Customers whose email accounts
are being used with the Services.

"Intellectual Property Rights" means copyrights (including, without limitation, the exclusive right
to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work),
trademark rights (including, without limitation, trade names, trademarks, service marks, and trade
dress), patent rights (including, without limitation, the exclusive right to make, use and sell), trade
secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights, goodwill and
all other intellectual property rights as may exist now and/or hereafter come into existence, and all
renewals and extensions thereof, of any state, country or jurisdiction.

"Order Form" means (i) a quotation, proposal, or pricing offer issued to You by Us that is signed
by both Parties or to which You have confirmed acceptance in writing, (ii) a quotation, proposal,
or pricing offer issued by Us to You at the time of the sign-up for an evaluation described in
Section 2(d) of this MSSP Agreement, which You will be deemed to have accepted if You do not
provide Us notice of cancellation prior to the end of the evaluation period, or (iii) a written
purchase order or similar ordering document, signed or submitted by You and accepted by Us,
under which You agree to purchase a license to the Services to provide MSSP Services under this
Agreement. It is agreed that all Order Forms for the Services will incorporate the terms of this
MSSP Agreement, whether expressly referenced or not, and will only be accepted subject to the
terms of this MSSP Agreement. The terms and conditions of this MSSP Agreement will govern
all Order Forms, and any additional or different terms in an Order Form are deemed void and of
no effect unless such additional or different terms are agreed upon by the Parties in writing. For
clarity, acceptance by Us of Your purchase order or similar ordering document will not be deemed
an acceptance of any conflicting or additional terms and conditions.

"Territory(ies)" means the territories We authorize You to provide the MSSP Services. You may only provide the MSSP Services in those territories where We have provided our prior written authorization. Notwithstanding the foregoing, You will not provide the MSSP Services in the following Territories: North Korea, Iran, Syria, Lebanon, Cuba, Sudan, and Crimea Region of Ukraine.

  1. MSSP Partner Program
  1. Subject to the terms and conditions set forth herein, You may provide MSSP Services to
    Applicable Customers for the Services.
  2. For purposes of providing MSSP Services to Applicable Customers, You will purchase the
    licenses in Your own name at the prices set forth in the applicable Order Form. In addition to any
    other information to be provided to Us by You in an Order Form, You will provide the name of
    the Applicable Customer (along with any other information We reasonably request).
  3. You will market and promote the MSSP Services in the Territory(ies). You may also
    market, at Your own expense, and resell licenses to the Services to Your customers for their direct
    use, subject always to the customer accepting the Customer Agreement to govern their use of the
    Services, in the Territory(ies) only upon Our prior written approval in each instance, and You will
    always comply with all applicable laws and regulations reselling the Services.
  4. If We provide the Services, along with any other related materials and documentation for
    Your Applicable Customer’s evaluation purposes, then We grant a limited, nontransferable, non-
    assignable, non-sublicensable right to use the Services for the Applicable Customer, subject to the
    terms of this MSSP Agreement and any other limitations communicated to You. You may use the
    Services for Your Applicable Customer’s own internal evaluation purposes from the date in which
    You access the Services for the Applicable Customer, until the expiration date We provide You,
    or, if no expiration date is provided, for a period of up to fourteen (14) days from the date of first
    deploying the Services for the Applicable Customer. If You do not provide Us notice to cancel the
    evaluation for the Applicable Customer prior to the expiration of the applicable evaluation period,
    Your subscription to the Services for the Applicable Customer will automatically begin upon
    expiration of the evaluation period, subject to and governed by this MSSP Agreement, and You
    will be deemed to have accepted the quotation or proposal provided at the time of the evaluation
    sign-up, and We will charge You at the pricing stated therein. If You cancel the evaluation for the
    Applicable Customer before the end of the applicable evaluation period, You will not be charged.
    Your eligibility for a free evaluation offer for each Applicable Customer is determined solely by
    Us and Your access to any free evaluation offer is provided at Our sole discretion. The Services
    are provided to You “AS-IS”, and to the extent permitted by applicable law, We disclaim all
    indemnities and warranties relating to the evaluation, express or implied, including but not limited
    to any warranties against infringement of third-party rights, merchantability, and fitness for a
    particular purpose. You acknowledge that the Services are Our intellectual property. At the end of
    the applicable evaluation period, all evaluation licenses granted herein will automatically terminate
    and You will delete or return any of Our Confidential Information in Your possession related to
    the evaluation and provide written certification of such destruction or return in writing to Us. You
    understand that We may disable access to the Services for each evaluation automatically at the end
    of the evaluation period, without notice to You. This Section will take precedence over any
    contradictory language in this MSSP Agreement as it relates to an evaluation.
  5. You will pay the fees for the Services set forth in the applicable Order Form and the
    renewals thereof ("Fees"). All Fees will be fully billed in advance, unless otherwise agreed by the
    Parties in writing. Fees are exclusive of all tariffs, duties or taxes imposed or levied by any
    government or governmental agency, including without limitation, federal, state and local sales,
    use, value added or other similar taxes (collectively, “Taxes”) and You are responsible for paying
    all Taxes applicable to the Services. In the event We are obligated to collect and pay indirect Taxes
    for the Fees, You agree to pay any indirect Taxes that may be added to the payment of any
    outstanding Fees and will be reflected in the invoice or subsequently invoiced if the Fees were
    previously paid. You will reimburse Us for any and all expenses incurred by Us so long as such
    expenses are directly attributable to the Services provided to You. You agree to pay all Fees, in
    full, within thirty (30) days. If You fail to make any payment when due, then interest at a rate of
    one and one-half percent (1.5%) per month will accrue on such unpaid, undisputed amounts,
    calculated from the date the payment was originally due. Credit card payments may incur
    additional fees. If You dispute any invoice, You will promptly notify Us of the disputed amount,
    but in no event later than the date payment is due, with an explanation of the reasons therefor. In
    the event of non-payment or any action at law or in equity necessary to enforce or interpret the
    terms of this MSSP Agreement for non-payment, You agree to pay all of Our reasonable attorneys'
    fees and collection costs and expenses associated with the collection of such debt, to the fullest
    extent permitted by applicable law.
  6. For each Order Form, we will provide the Services pursuant and subject to this MSSP
    Agreement. The term of the Services for the Applicable Customer is specified in the applicable
    Order Form or, if no period of time for the Services is specified, for a period of one (1) month
    from the date in which access to the Services was made available to You ("Initial Services Term").
    Unless otherwise stated on the Order Form, the Services will automatically renew after its Initial
    Services Term for additional periods equal in length to the Initial Services Term (each, a "Renewal
    Services Term" and together with the Initial Services Term, the "Services Term"), unless either
    Party notifies the other of its intention not to renew the Services at least thirty (30) days prior to
    the expiration of the then-current Services Term. In the event You add additional Authorized Users
    for the Applicable Customer during the Services Term, You will be billed for the additional
    Authorized Users at the pricing set forth in the applicable Order Form. For the duration of the
    applicable Services Term and in accordance with the terms of this MSSP Agreement, We grant
    You a non-exclusive, non-transferable, non-assignable right to access the Services, including the
    applicable Documentation and Our IP associated with the Services, solely for the provision of the
    MSSP Services to the Applicable Customer. You acknowledge that We have no delivery
    obligation and will not ship copies of software as part of the Services. For the duration of the
    applicable Services Term, We grant You a non-exclusive, revocable, non-transferable, non-
    assignable right to access the Services, including the applicable Documentation and any other of
    Our IP provided with respect to this MSSP Agreement, for Your provision of MSSP Services to
    Applicable Customers.
  1. Applicable Customer Restrictions

You may only use the license purchased pursuant to the Agreement for the Services with only One
Applicable Customer. For clarification, pricing will be based on the number of employees and/or
email addresses with respect to an Applicable Customer, unless otherwise agreed by the Parties in
writing in the applicable Order Form. You may not use one license to provide MSSP Services to
multiple Applicable Customers. The license for the Services will be provided and used in
accordance with the terms of the Customer Agreement, except that the prohibition of using the
Services with third parties in the Customer Agreement will not be applicable to the extent You are
providing the Services to Applicable Customers in compliance with this Agreement and You are
not permitted to use the MSSP Services for Your internal use as part of Your order of the MSSP
Services. Under no circumstances may You use a single license for multiple Applicable Customers.

  1. Term and Termination
  1. We may terminate this MSSP Agreement and Your license to provide MSSP Services upon
    ninety (30) days' prior written notice for Our convenience.
  2. We may, in our sole and absolute discretion, immediately terminate this MSSP Agreement or
    an individual license, or suspend Your access to the Services in connection with any actual,
    alleged or suspected: (i) breach of confidentiality obligations and license or use restrictions
    set forth in the Customer Agreement and this MSSP Agreement, (ii) direct or indirect
    technical or security issues or problems caused by or relating to You or an Applicable
    Customer, (iii) violations of applicable law. A Party may otherwise terminate this MSSP
    Agreement if the other Party commits a material breach, and fails to remedy such breach
    within thirty (30) days of being notified by the non-breaching Party of such breach. If We
    terminate this MSSP Agreement due to Your material breach, We will not refund any
    amounts to You.
  3. Upon termination or expiration of this MSSP Agreement: (a) You will promptly return to Us
    all materials related to us in Your possession, and You will cease representing yourself as
    one of Our authorized MSSP partners; (b) all licenses granted hereunder will terminate; and
    (c) each Party will cease using, return or destroy, at the sole election of the other Party, all
    Confidential Information of such other Party relating to this MSSP Agreement, and You will
    cease using any of Our IP (as defined in the Customer Agreement).
  1. Your Responsibilities
  1. Prior to providing the MSSP Services to Applicable Customers, You will, upon request,
    successfully complete and pass the Managed Security Services Provider Program
    certification training for the MSSP Services. If at any time, We find that You are not
    providing MSSP Services up to Our standards, We may suspend this MSSP Agreement
    immediately and require that You attend additional training, as reasonably necessary.
    You must follow Our reasonable instructions regarding use of the Services and training.
  2. You will complete any due diligence questionnaires We request from time to time.
  3. In providing the MSSP Services, You will comply with the Acceptable Use Policy
    attached hereto as Exhibit A.
  4. You (i) are responsible for the use of the Services and Our IP by Your personnel
    (including Authorized Users) and the Applicable Customer in compliance with this
    MSSP Agreement, including any applicable exhibits, addenda, Documentation and
    applicable laws and government regulations; (ii) are responsible for the accuracy, quality
    and legality of Applicable Customer Data, including the lawful use and transmission of
    Applicable Customer Data provided by Applicable Customer and any Authorized Users
    in connection with the Services; (iii) will obtain all rights, permissions or consents from
    Authorized Users and other Applicable Customer personnel that are necessary to grant Us
    the rights and licenses in this MSSP Agreement; and (iv) will use commercially
    reasonable efforts to prevent unauthorized access to or use of Our IP and Services, and
    will notify Us promptly of such unauthorized use.
  5. You will ensure that: (i) You and the Applicable Customer are entitled to transfer the
    relevant personal data to You and Us so that the Parties may lawfully use, process and
    transfer the personal data on the Applicable Customer’s behalf and in accordance with
    this MSSP Agreement; and (ii) the relevant third parties have been informed of, and have
    given their consent to, such use, processing, and transfer as required by all applicable
    data protection laws. You may only use Authorized User’s email addresses with Internet
    domain names that are authorized by the Internet domain name owner to use for the
    purposes contemplated herein.
  6. You agree that at Our request, You will furnish Us a certification signed by Your
    authorized representative verifying that the Services are being used in accordance with
    this MSSP Agreement.
  1. Applicable Customers
  1. We may reject Your request to provide MSSP Services to a potential Applicable Customer
    at any time for any reason, without incurring any liability to You and/or Applicable
    Customer.
  2. The Parties acknowledge that You will have Your own agreements with the Applicable
    Customers pursuant to which You will provide MSSP Services to the Applicable
    Customers. You acknowledge and agree that We will not be a party to the contract between
    You and the Applicable Customer and, further, that We will not be liable to You or to
    Applicable Customer in respect of any claims made by the Applicable Customers under
    contract between You and the Applicable Customer.
  3. Prior to providing MSSP Services for each Applicable Customer, We may request a letter of
    acknowledgment in place executed between Us and the Applicable Customer.
  1. Intellectual Property
  1. Any documentation, materials, intelligence, and any other proprietary information provided
    by Us, or on Our behalf, in connection with the MSSP Services are also Our IP, to which We
    own all Intellectual Property Rights. Notwithstanding anything in the Customer Agreement
    to the contrary, You will use Our IP under this MSSP Agreement solely for the purposes of
    providing MSSP Services to Applicable Customers. You will not modify any documentation
    We provide without Our prior written permission each time. We will automatically own and
    have title to any derivative works based on Our IP.
  2. You understand, acknowledge and agree that We own all Intellectual Property Rights in and
    to Aggregate Data, and may use, reproduce, sell, publicize or otherwise exploit Aggregate
    Data in any way, in Our sole discretion. “Aggregate Data” refers to Applicable Customer
    Data that is de-identified (stripped of any information used to identify Applicable Customer,
    including personal data). Aggregate Data will include data identified through the Services as
    malicious and also include statistical information related to the use and performance of the
    Services, provided that such information is de-identified. You grant Us a worldwide,
    perpetual, irrevocable, royalty-free, fully paid-up license to use and exploit any suggestion,
    enhancement request, recommendation, correction or other feedback (“Feedback”) You
    provide relating to the Services. Feedback will not include Confidential Information. You
    will provide Us with all threat intelligence learned and collected with the use of the Services
    and such threat intelligence will not include Confidential Information.
  3. You acknowledge and agree that the maximum number of Authorized Users will not exceed
    the number of Authorized Users set forth in the applicable Order Form. At the beginning of
    the applicable Services Term, You will designate and allocate the Authorized Users on behalf
    of the Applicable Customer. The Parties acknowledge and agree that Authorized Users may
    not be reassigned or replaced (except for those designated by You to act as administrators)
    prior to the expiration of the applicable Services Term. Any breach by You and Your
    Authorized Users of this Section may, in Our sole discretion, result in the immediate
    suspension or termination of You and Your Authorized Users’ access to the Services and or
    termination of this MSSP Agreement.
  4. You may not enter into new license agreements for the Services with customers who already
    have direct agreements in place with Us
  1. Confidentiality
  1. "Confidential Information" means all non-public information, whether written, electronic,
    oral or graphic, that a disclosing party ("Discloser") may disclose or reveal to the receiving
    party ("Recipient"), that is either (i) identified as confidential at the time of disclosure by
    Discloser, or (ii) disclosed under circumstances that would indicate to a reasonable person
    that the information should be treated as confidential by Recipient. Confidential Information
    includes, but is not limited to, technical or business information, pricing, financial plans and
    records, marketing plans, research, present and proposed products, trade secrets, know how,
    processes, intelligence, computer software programs, software tools and descriptions of
    functions and features of software, source code, information regarding customers and
    suppliers, employees and affiliates, and methods for systems integration, company systems or
    software.
  2. Recipient will maintain all Confidential Information of the Discloser in strict confidence.
    Except as provided in this MSSP Agreement, the Recipient will not use Confidential
    Information of the Discloser, except to perform or otherwise fulfill the purpose of this MSSP
    Agreement or disclose it in any manner to any third party without the prior express written
    consent of the Discloser. Recipient will restrict access to, and use of, Confidential
    Information of the Discloser to those employees and agents of Recipient’s organization with
    a need to use the information to perform under or otherwise fulfill the purpose of this MSSP
    Agreement. Recipient will use the same degree of care in handling and safeguarding
    Confidential Information that it uses in handling and safeguarding its own Confidential
    Information, and in any case not less than reasonable care. Before disclosing any
    Confidential Information to its officers or employees, Recipient will subject such officers and
    employees to an obligation of confidentiality no less stringent than that by which Recipient is
    bound.
  3. The obligations set forth in the subsection above will not apply to information which is:
    (i) already known to or otherwise in the possession of the Recipient at the time of disclosure
    and which was not so known or received in violation of any confidentiality obligation;
    (ii) publicly available or otherwise in the public domain prior to disclosure by the Recipient;
    (iii) rightfully obtained by the Recipient from any third party without restriction and without
    breach of any confidentiality obligation by such third party; or (iv) developed by the
    Recipient without reference to the Discloser’s Confidential Information and independent of
    any disclosure hereunder, as evidenced by written records.
  4. Each Party may disclose Confidential Information to the limited extent necessary to comply
    with the order of a court or administrative body of competent jurisdiction or a government
    agency, provided that the Recipient will notify the Discloser prior to such disclosure, if
    permissible, and will cooperate with the Discloser if the Discloser elects to legally contest,
    request confidential treatment of, or otherwise avoid such disclosure.
  1. Warranty and Indemnification
  1. You represent and warrant that You will not (i) make or publish any false or misleading
    representations, warranties, or guarantees on Our behalf or Our suppliers, or (ii) make any
    representations warranties, or guarantees with respect to Us, the Services or any of Our
    obligations that are inconsistent with the terms of this MSSP Agreement.
  2. You agree to indemnify, defend and hold Us, and Our affiliates, directors and officers,
    employees and agents harmless from any and all claims and/or demands, including
    reasonable attorneys’ fees, made by any third party arising out of or related to Your and/or
    Authorized Users’ alleged or actual use or misuse of the Services and Our IP, including
    without limitation: (a) claims related to the unauthorized disclosure or exposure of personal
    data or other private information, violations of any third party rights, and failure to obtain
    required consents for Us to provide the Services under this MSSP Agreement; (b) claims that
    You are infringing on any third party intellectual property or data privacy right; (c) a breach
    of the Acceptable Use Policy; or (d) claims arising from Your use of the Services in violation
    of the Customer Agreement or this MSSP Agreement. Further, You will indemnify Us, Our
    employees, officers, directors, affiliates, independent contractors, and agents against any
    claim made by an Applicable Customer against Us arising in connection with the MSSP
    Services or the contract between the You and the Applicable Customer.
  1. Limitation of Liability

TO THE FULLEST EXTENT ALLOWED BY APPLICABLE LAW, UNDER NO
CIRCUMSTANCES AND UNDER NO LEGAL THEORY (INCLUDING, WITHOUT
LIMITATION, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE) SHALL WE
(OR OUR LICENSORS OR SUPPLIERS) BE LIABLE TO YOU OR TO ANY OTHER
PERSON FOR (A) SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY
DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO ANY LOST PROFITS
LOST SAVINGS, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF
INFORMATION, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF
CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE,
WHETHER OR NOT WE WERE ADVISED OF THE POSSIBILITY OF SUCH LOSS OR
DAMAGES OR (B) ANY AMOUNT, IN THE AGGREGATE, IN EXCESS OF THE
GREATER OF (I) $100 OR (II) THE AMOUNTS PAID BY YOU TO US FOR THE
SERVICES DURING THE TWELVE (12) MONTHS PRIOR TO THE FIRST EVENT
GIVING RISE TO SUCH LIABILITY.

THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN WILL APPLY ONLY TO
THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, AND NOTHING
HEREIN PURPORTS TO LIMIT EITHER PARTY’S LIABILITY IN A MANNER THAT
WOULD BE UNENFORCEABLE OR VOID AS AGAINST PUBLIC POLICY IN THE
APPLICABLE JURISDICTION.

  1. Data Privacy and Compliance
  1. You will (i) comply with all applicable legal requirements regarding privacy and data
    protection; and (ii) provide sufficient notice to, and obtain sufficient consent and
    authorization from, Applicable Customers and any other party providing personal data to
    You and Us to permit the processing of the data by You, Us, and either Party’s respective
    affiliates, subsidiaries, and service providers as contemplated by this MSSP Agreement.
  2. You will comply with all applicable export controls, trade sanctions, and import laws and
    regulations in Your use of the Services, including without limitation the regulations of the
    U.S. Commerce Department’s Bureau of Industry and Security ("BIS") and the U.S.
    Treasury Department’s Office of Foreign Assets Control ("OFAC") (collectively, "Export
    Control Laws"). You will not, directly or indirectly, export or re-export, or knowingly permit
    the export or re-export of any of the Services, without any required government
    authorization, to any person, or entity (i) located or resident in any country or territory that is
    subject to comprehensive U.S. trade sanctions or other significant trade restrictions
    (including without limitation, Cuba, Iran, North Korea, Sudan, Syria, and the Crimea region
    of Ukraine) ("Sanctioned Countries"); or (ii) identified on any U.S. government restricted
    party lists (including the Specially Designated Nationals and Blocked Persons List, Foreign
    Sanctions Evaders List, and Sectoral Sanctions Identifications List, administered by OFAC,
    and the Denied Party List, Entity List and Unverified List, administered by BIS) ("Restricted
    Party Lists"). You represent and warrant that You are not (i) a citizen of, or located in, a
    Sanctioned Country, or (ii) identified on, or more than 50 percent (50%) owned or controlled
    by one or more persons or entities identified on, a Restricted Party List.
  3. Each Party acknowledges that it is familiar with and understands the provisions of the U.S.
    Foreign Corrupt Practices Act of 1977, as amended (the "FCPA") and the U.K. Bribery Act
    of 2010 ("UKBA") and agrees not to violate or knowingly let anyone violate the FCPA,
    UKBA, or any other applicable anti-corruption laws. You agree that no payment You make
    will constitute a bribe, influence payment, kickback, rebate, or other payment that violates
    the FCPA, the UKBA, or any other applicable anti-corruption or anti-bribery laws.
  4. You will perform Your obligations hereunder in compliance with Our applicable rules,
    policies and regulations ("Policies"), now in effect or hereafter amended or established by Us
    from time to time. You will require Your employees, agents or consultants performing
    services directly in connection with this MSSP Agreement to comply with such Policies and
    will be responsible for any violation of such Policies by Your employees, agents or
    consultants.
  5. You will comply with all applicable laws and regulations with respect to Your use of the
    Services. You will obtain all licenses and approvals required under and will otherwise
    comply with all laws of the Territory(ies) governing the importation, management, marketing
    or distribution of the Services into and throughout the Territory(ies) and will pay (and
    reimburse Us if it is required to pay) all related governmental charges and related expenses.
    You will (i) comply with all applicable legal requirements regarding privacy and data
    protection; and (ii) provide sufficient notice to, and obtain sufficient consent and
    authorization from Applicable Customers and any other party providing personal data to You
    and Us to permit the processing of the data by You, Us, and each Party’s respective affiliates,
    subsidiaries, and service providers as contemplated by this MSSP Agreement. You
    understand that We may be required to disclose certain information received in connection
    with this this MSSP Agreement (including, for example, the names of Applicable Customers
    and details of security incidents observed) to government authorities as required by
    applicable laws. You will ensure that each Applicable Customers understands and agrees to
    comply with this provision.
  1. Insurance

You will maintain commercial property, casualty, errors and omissions, and liability insurance in
amounts customary for businesses operating in Your industry and for the provision of the
Services. All liability and errors and omissions insurance will designate Us as an additional
insured. All such insurance must be primary and require the issuer to respond and pay prior to
any other available coverage. You agree that You and anyone claiming by, through, under, or on
Your behalf will have no claim, right of action, or right of subrogation against Us based on any
loss or liability insured against under the foregoing insurance. You will provide Us with
certificates or adequate proof of the foregoing insurance within thirty (30) days of request and
thereafter promptly each year after renewal. Such insurance policies or endorsements will entitle
Us to receive notice at least thirty (30) days prior to any cancellation (including for nonrenewal)
or change.

  1. Audits

You will provide Us reports (within 15 days of requests) and such reports will provide the
following information: (i) details about the Applicable Customers, including Applicable
Customer name and address; (ii) the number of licenses and Authorized Users being used in
connection with the Services for each Applicable Customer; and (iii) any other information We
request. We will have the right to audit Your MSSP Services activities (including Your use of
the Services and information provided in any reports) to ensure compliance with this MSSP
Agreement and You will provide Us with access and information as We may request in
connection with such audits.

  1. Miscellaneous Provisions
  1. Nothing in this MSSP Agreement will be construed as limiting Our appointment of other
    managed security service providers, dealers, licensees or agents in any way, or limiting Our
    other marketing or distribution activities in any way or granting similar rights as those set out
    herein to any other party in any way.
  2. In making and performing this MSSP Agreement, the Parties have acted, and will act,
    always, as independent contractors, and, except as expressly set forth in this MSSP
    Agreement or any exhibits, nothing contained in this MSSP Agreement or any exhibits will
    be construed or implied to create an agency, partnership or employer and employee
    relationship between them. Except as expressly set forth in this MSSP Agreement, at no time
    will either Party make commitments or incur any charges or expenses for, or in the name of,
    or act as agent of the other Party.
  3. You will not assign Your rights (by operation of law or otherwise) or delegate Your
    obligations under this MSSP Agreement without Our prior written consent, and, absent such
    consent, such assignment or delegation by You will be null, void and of no effect. This
    Agreement will be binding upon and inure to the benefit of each Party and their successors
    and permitted assigns.
  4. This Agreement and the rights and obligations of the Parties hereunder and thereunder, will
    be construed in accordance with, and will be governed by, the laws of the Commonwealth of
    Virginia, without giving effect to its conflict of laws principles. The United Nations
    Convention on Contracts for the International Sale of Goods does not apply to this MSSP
    Agreement.
  5. This Agreement may not be amended or modified except in a writing duly executed by
    authorized representatives of both Parties. If any term or provision of this MSSP Agreement
    is determined by a court of competent jurisdiction to be illegal, invalid, or unenforceable, the
    legality, validity, or enforceability of the remainder of this MSSP Agreement will not thereby
    be affected, and this MSSP Agreement will be deemed amended to the extent necessary to
    delete such provision. The waiver by either Party of a breach of any provision of this MSSP
    Agreement will not operate or be construed as a waiver of the same or any other breach by
    that Party, whether prior or subsequent. Any waiver under this MSSP Agreement must be in
    writing and signed by an authorized representative of the waiving Party. In the event of a
    contractual dispute arising out of or relating to payment obligations of a Party, the Party
    prevailing in such dispute will be entitled to collect from the other Party all costs of
    collection in such dispute, including reasonable attorneys' fees.
  6. Except with respect to payment obligations, if a Party is prevented or delayed in performance
    of its obligations under this MSSP Agreement as a result of circumstances beyond such
    Party's reasonable control, including, without limitation, war, terrorist act, riot, fires, floods,
    epidemics, or failure of public utilities or public transportation systems, such failure or delay
    will not be deemed to constitute a material breach of this MSSP Agreement, but such
    obligation will remain in full force and effect and will be performed or satisfied as soon as
    reasonably practicable after the termination of the relevant circumstances causing such
    failure or delay. The terms set out in the Customer Agreement incorporated herein along
    with the terms set out in the MSSP Agreement will be considered as one agreement, to be
    read together and constituting the applicable terms in respect of Your usage of the Services
    for providing MSSP Services to Your Applicable Customers and supersedes all prior
    agreements, representations, negotiations, or other understandings of the Parties with respect
    to such subject matter, whether written or oral. In the event of any conflict between this
    MSSP Agreement and any Order Form, the terms of this MSSP Agreement will govern
    and control.
  7. With respect to U.S. government Applicable Customers, Our IP, including the Services, are
    "commercial items", "commercial computer software" and "commercial computer software
    documentation," pursuant to DFARS Section 227.7202 and FAR Sections 12.211-12.212, as
    applicable. All Our IP, including the Services are and were developed solely at private
    expense and the use of Our IP, including the Services, by the United States Government are
    governed solely by this MSSP Agreement and are prohibited except to the extent expressly
    permitted by this MSSP Agreement.
  8. The provisions of Section 7, Section 8, and Sections 10 through 14, as well as any
    obligations to pay any amounts due and outstanding hereunder, will survive termination of
    this MSSP Agreement.

ACCEPTABLE USE POLICY

When providing MSSP Services to Applicable Customers, You will comply with this Acceptable Use
Policy (this "AUP"). You and Your Authorized Users must promptly notify Us of any actual or suspected
illegal or unauthorized activity or a security breach involving the Services. You are responsible for Your
Authorized Users’ compliance with the MSSP Agreement and this AUP.

You and Your Authorized Users may not:

  1. transmit unlawful materials, e-mail or information;
  2. transmit harassing, threatening or abusive materials, e-mail or information;
  3. transmit defamatory, libelous, slanderous or scandalous materials, e-mail or information;
  4. transmit obscene, pornographic, profane or otherwise objectionable information of any kind;
  5. transmit materials, e-mail or information that would constitute an infringement upon the patents,
    copyrights, trademarks, trade secrets or other intellectual property rights of others;
  6. transmit materials constituting or encouraging conduct that would constitute a criminal offence, give rise to civil liability, or otherwise violate any local, state, national or international law, including without limitation, the U.S. export control laws and regulations;
  7. transmit materials that would give rise to liability under the Computer Fraud and Abuse Act;
  8. use the Services to commit fraud or engage in other misleading or deceptive activities;
  9. upload to, or transmit from the Services any viruses, worms, defects, Trojan horses, time-bombs,
    malware, spyware, or any other computer code of a destructive or interruptive nature other than
    any of the foregoing contained in the emails or links provided by the Applicable Customer to You
    for the purpose of analyzing the emails and links for malicious content as part of the Services;
  10. share the Services and any of Our IP and Our Confidential Information with any third-parties,
    except as permitted by this MSSP Agreement or expressly authorized in advance by Us in writing;
  11. use the Services and Our IP in any way to provide services to any third-party except to the
    Applicable Customer in accordance with this MSSP Agreement;
  12. disassemble, decompile, reverse compile, reverse engineer or attempt to discover any source code
    or underlying ideas or algorithms of the Services and any of Our IP (except to the limited extent
    that applicable law prohibits reverse engineering restrictions solely for interoperability purposes);
  13. sell, resell, distribute, sublicense or otherwise transfer, the Services and any of Our IP, or make the
    functionality of the Services available to any other party through any means (unless We have
    provided prior written consent); and
  14. reproduce, alter, modify or create derivatives of Our IP (unless as expressly permitted in the MSSP
    Agreement).

Authorized Users must comply with any of Our Intellectual Property Rights asserted in Our IP provided to You for the purposes of using with the Services. Authorized Users will maintain and not remove or obscure any proprietary notices on Our IP.

Remedies. Violation of this AUP may result in civil or criminal liability, and We may, in addition to any other remedy that We may have at law or in equity, terminate any permission for You and any Authorized User to access the Services or immediately remove the offending material. In addition, We may investigate incidents that are contrary to this AUP.

We reserve the right to update and modify this AUP at any time from time-to-time. Your continued use of the Services and Your Authorized Users after such update or modification will indicate Your acceptance of the updates and/or modifications to this AUP.