Cofense Protect Terms of Use

Last Updated: May 10, 2022

We are excited You are ordering Cofense Protect™! Please read on to understand the terms that
govern Your use of and access to the Cofense Protect subscription services, including any
additional subscription or other products referenced in these Terms of Use (the "Services").
References to product names may be updated from time to time. As used herein, "You" or
"Your" refers to the business, government or entity ordering and accessing the Services. "We",
"Us", or "Our" refers to Cofense Inc. We or You may be referred to individually as a
"Party," or collectively as the "Parties."

Access to the Services for Your own internal use will be governed by the CUSTOMER TERMS
OF USE (the "Customer Agreement"). Access to the Services to provide managed security
services to third party end customers (where You have been authorized to do so by Us) will be
governed by the MSSP SERVICES TERMS OF USE (the "MSSP Agreement").

PLEASE NOTE THE CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT, AS
APPLICABLE, GOVERNS ACCESS TO THE SERVICES PROVIDED BY US UNLESS YOU
(OR THE BUSINESS, GOVERNMENT OR ENTITY YOU REPRESENT) HAVE
EXECUTED A SEPARATE WRITTEN AGREEMENT WITH US GOVERNING SUCH
SERVICES. PLEASE READ THESE ACCEPTANCE TERMS AND THE APPLICABLE
CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT CAREFULLY. CLICKING ON
THE “YES” OR “I ACCEPT” BUTTON (OR OTHER BUTTON OR MECHANISM
DESIGNED TO ACKNOWLEDGE AGREEMENT TO THE TERMS OF THESE
AGREEMENTS) OR ACCESSING OR USING THE SERVICES CONSTITUTES
ACCEPTANCE OF THE CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT, AS
APPLICABLE. WITHOUT LIMITING THE FOREGOING, YOU ACKNOWLEDGE THAT
YOUR SUBMISSION OF AN ORDER AND/OR ORDER FORM FOR THE SERVICES
CONSTITUTES AN ACCEPTANCE OF THE CUSTOMER AGREEMENT AND/OR MSSP
AGREEMENT, AS APPLICABLE, AND THAT ALL FUTURE ORDERS FOR THE
SERVICES FOLLOWING YOUR ACCEPTANCE OF THE APPLICABLE AGREEMENT
WILL BE GOVERNED BY THE TERMS OF THE APPLICBLE AGREEMENT.

IF YOU AGREE TO THE CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT ON
BEHALF OF A BUSINESS, GOVERNMENT, OR OTHER ENTITY, YOU REPRESENT
AND WARRANT THAT YOU HAVE THE POWER AND AUTHORITY TO BIND SUCH
BUSINESS, GOVERNMENT, OR OTHER ENTITY TO THE AGREEMENT, AND YOUR
AGREEMENT TO THESE APPLICABLE TERMS WILL BE TREATED AS THE
AGREEMENT OF SUCH BUSINESS, GOVERNMENT, OR OTHER ENTITY.

IF YOU ARE UNWILLING TO AGREE TO THE CUSTOMER AGREEMENT AND/OR
MSSP AGREEMENT, AS APPLICBLE, OR YOU DO NOT HAVE THE RIGHT, POWER
AND AUTHORITY TO ACT ON BEHALF OF AND BIND SUCH BUSINESS,
GOVERNMENT, OR OTHER ENTITY TO THESE AGREEMENTS, DO NOT CLICK ON
THE BUTTON AND DO NOT ACCESS, OR OTHERWISE USE THE SERVICES.

IF YOU RECEIVE THE SERVICES THROUGH ONE OF OUR AUTHORIZED RESELLERS,
PARTNERS OR DISTRIBUTORS (COLLECTIVELY, “AUTHORIZED PARTNER”), ALL
FEES AND OTHER PROCUREMENT AND DELIVERY TERMS WILL BE AGREED
BETWEEN YOU AND THE AUTHORIZED PARTNER; HOWEVER, THE TERMS SET
FORTH IN THE APPLICABLE CUSTOMER AGREEMENT AND/OR MSSP AGREEMENT
REGARDING YOUR USE OF THE SERVICES REMAIN APPLICABLE. FOR
CLARIFICATION, YOUR AGREEMENT WITH THE AUTHORIZED PARTNER IS
BETWEEN YOU AND THE AUTHORIZED PARTNER ONLY AND SUCH AGREEMENT
IS NOT BINDING ON US.

IF YOU DO NOT AGREE TO ALL OF THE FOLLOWING, YOU MAY NOT USE OR
ACCESS THE SERVICES IN ANY MANNER.

THE CUSTOMER AGREEMENT OR MSSP AGREEMENT MAY NEED TO CHANGE
ALONG WITH THE SERVICES. WE RESERVE THE RIGHT TO CHANGE THE
APPLICABLE AGREEMENT AT ANY TIME, BUT IF WE DO, WE WILL BRING IT TO
YOUR ATTENTION BY PLACING A NOTICE ON OUR WEBSITE, AND/OR BY
SENDING YOU AN EMAIL, AND/OR BY SOME OTHER MEANS. WE FURTHER
RESERVE THE RIGHT TO MODIFY THE SERVICES AT ANY TIME WITHOUT NOTICE
TO YOU.

IF YOU DON’T AGREE WITH THE CHANGES TO THE APPLICABLE AGREEMENT,
YOU ARE FREE TO REJECT IT; UNFORTUNATELY, THAT MEANS YOU WILL NO
LONGER BE ABLE TO USE THE SERVICES. IF YOU USE THE SERVICES IN ANY WAY
AFTER A CHANGE TO THE APPLICABLE AGREEMENT IS EFFECTIVE, THAT MEANS
YOU AGREE TO ALL OF THE CHANGES.

ALL OF THE DEFINED TERMS USED ABOVE ARE HEREBY INCORPORATED INTO
THE CUSTOMER AGREEMENT AND MSSP AGREEMENT.

CUSTOMER TERMS OF USE

Where You are ordering the Services for Your own internal use, the terms of the
following Customer Agreement apply.

Definitions

"Authorized Users" means Your authorized employees, agents or independent contractors with
an assigned unique email address (i) who may access the Services; and/or (ii) whose email
accounts are being used with the Services.

"Customer Data" means the information submitted or provided by You and Your Authorized
Users for use with the Services.

"Our IP" means all of Our proprietary materials, including without limitation, the Services, Our
Confidential Information, APIs, software, threat intelligence and threat indicators, intelligence
alerts and reports, and/or investigation tools, Aggregate Data, Documentation, proprietary
processes and methods, and any of Our templates and/or forms.

"Documentation" means the Services user manuals provided by Us to Our customers (which
may be in electronic format), as amended from time to time by Us.

"Intellectual Property Rights" means copyrights (including, without limitation, the exclusive
right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted
work), trademark rights (including, without limitation, trade names, trademarks, service marks,
and trade dress), patent rights (including, without limitation, the exclusive right to make, use and
sell), trade secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights,
goodwill and all other intellectual property rights as may exist now and/or hereafter come into
existence and all renewals and extensions thereof.

"Order" means (i) a quotation, proposal, or pricing offer issued to You by Us that is signed by
both Parties or to which You have confirmed acceptance in writing ("Quote"), (ii) a written
purchase order or similar ordering document, signed or submitted by You and accepted by Us,
under which You agree to purchase the Services (“Purchase Order”), or (iii) a quotation,
proposal, or pricing offer issued by Us to You at the time of the sign-up for an evaluation or
provided by Us to You after the evaluation sign up and prior to the end of Your evaluation
described in Section 2 of this Customer Agreement (Evaluations and Beta Products), which You
will be deemed to have accepted if You do not provide Us notice of cancellation prior to the end
of the evaluation period and the Parties have not otherwise not agreed to a Quote or Purchase
Order. It is agreed that all Orders for the Services will incorporate the terms of this Customer
Agreement, whether expressly referenced or not, and will only be accepted subject to the terms
of this Customer Agreement. The terms and conditions of this Customer Agreement will govern
all Orders, and any additional or different terms in an Order are deemed void and of no effect
unless such additional or different terms are agreed upon by the Parties in writing. For clarity,
acceptance by Us of Your purchase order or similar ordering document will not be deemed an
acceptance of any conflicting or additional terms and conditions.

Evaluations and Beta Products

If We provide the Services, along with any other related materials and documentation for
Your evaluation purposes, then We grant You a limited, nontransferable, non-assignable,
non-sublicensable right to use the Services, subject to the terms of this Customer Agreement
and any other limitations communicated to You. You may use the Services for Your own
internal evaluation purposes from the date in which You access the Services, until the
expiration date We provide You, or, if no expiration date is provided, for a period of up to
thirty (30) days from the date of first accessing the Services. We may extend your evaluation
in our sole discretion. If You do not provide Us notice to cancel Your evaluation prior to the
expiration of the applicable evaluation period, Your subscription to the Services will
automatically begin upon expiration of the evaluation period, subject to and governed by this
Customer Agreement, and You will be deemed to have accepted the quotation or proposal
provided by Us at the time of the evaluation sign-up or provided by Us to You after the
evaluation sign up and prior to the end of Your evaluation, and We will charge You at the
pricing stated therein unless the Parties have agreed to a Quote or Purchase Order. If You
cancel before the end of Your evaluation, You will not be charged. Any continued access or
use of the Services after the evaluation period remains subject to the Customer Agreement.
Your eligibility for a free evaluation offer is determined solely by Us and Your access to any
free evaluation offer is provided at Our sole discretion. The Services are provided to You
"AS-IS", and to the extent permitted by applicable law, We disclaim all indemnities and
warranties relating to the evaluation, express or implied, including but not limited to any
warranties against infringement of third-party rights, merchantability, and fitness for a
particular purpose. You acknowledge that the Services are Our intellectual property. At the
end of the evaluation period, all evaluation licenses granted herein will automatically
terminate and You will delete or return any of Our Confidential Information in Your
possession and provide written certification of such destruction or return in writing to Us.
You understand that We may disable access to the Services automatically at the end of the
evaluation period, without notice to You. This Section will take precedence over any
contradictory language in this Customer Agreement as it relates to an evaluation.
Beta Products. We make no warranties regarding the performance of beta or pre-release
products ("Beta Products"). You understand and acknowledge that Beta Products are Our IP
and are being provided as a “Beta” version and made available on an "As Is" or "As
Available" basis. The Beta Products may contain bugs, errors, and other problems. YOU
ASSUME ALL RISKS AND ALL COSTS ASSOCIATED WITH YOUR USE OF THE
BETA PRODUCTS. In addition, we are not obligated to provide any maintenance, technical,
or other support for the Beta Products. Notwithstanding anything to the contrary herein, Our
entire liability arising out of or related to the Beta Products will not exceed US $100. Access
to Beta Products may be subject to different or additional terms provided with the Beta
Products.

Ordering and Services Term

We will provide the Services set forth in Orders pursuant and subject to this Customer
Agreement. The term of the Services is specified in the applicable Order or, if no period of time
for the Services is specified, for a period of one (1) month from the date in which access to the
Services was made available to You ("Initial Services Term"). Unless otherwise stated on the
Order, the Services will automatically renew after its Initial Services Term for additional periods
equal in length to the Initial Services Term (each, a “Renewal Services Term” and together with
the Initial Services Term, the "Services Term"), unless either Party notifies the other of its
intention not to renew the Services at least thirty (30) days prior to the expiration of the then-
current Services Term. In the event You add additional Authorized Users during the Services
Term, You will be billed for the additional Authorized Users at the pricing set forth in the
applicable Order. For the duration of the applicable Services Term set forth in the applicable
Order and in accordance with the terms of this Customer Agreement, We grant You a non-
exclusive, non-transferable, non-assignable right to access the Services, including the applicable
Documentation and Our IP associated with the Services, for Your internal use only. You
acknowledge that We have no delivery obligation and will not ship copies of software as part of
the Services. If You are purchasing a subscription to the simulation training module in
conjunction with Cofense Protect, the terms set forth in Schedule 1 will govern your
subscription. If You are purchasing a subscription to Cofense Reporter™ in conjunction with
Cofense Protect, the terms set forth in Schedule 2 will govern Your subscription to Cofense Reporter™.

Paying for the Services

You will pay the fees for the Services set forth in the applicable Order and the renewals thereof
("Fees"). All Fees will be fully billed in advance, unless otherwise agreed by the Parties in
writing. You may cancel Your Services at any time, but no refunds will be issued for Fees due.
Fees are exclusive of all tariffs, duties or taxes imposed or levied by any government or
governmental agency, including without limitation, federal, state and local sales, use, value
added or other similar taxes (collectively, "Taxes") and You are responsible for paying all Taxes
applicable to the Services. In the event We are obligated to collect and pay indirect Taxes for the
Fees, You agree to pay any indirect Taxes that may be added to the payment of any outstanding
Fees and will be reflected in the invoice or subsequently invoiced if the Fees were previously
paid. You will reimburse Us for any and all expenses incurred by Us so long as such expenses
are directly attributable to the Services provided to You. You agree to pay all Fees, in full, within
thirty (30) days. If You fail to make any payment when due, then interest at a rate of one and
one-half percent (1.5%) per month will accrue on such unpaid, undisputed amounts, calculated
from the date the payment was originally due. Credit card payments may incur additional fees. If
You dispute any invoice, You will promptly notify Us of the disputed amount, but in no event
later than the date payment is due, with an explanation of the reasons therefor. In the event of
non-payment or any action at law or in equity necessary to enforce or interpret the terms of this
Customer Agreement for non-payment, You agree to pay all of Our reasonable attorneys’ fees
and collection costs and expenses associated with the collection of such debt, to the fullest extent
permitted by applicable law.

Using the Services

Your log-in to the Services is via the Google or Microsoft Office 365 accounts. We use
Google or Microsoft Office 365 permissions granted to Us by You, to provide You the
Services.
You (i) are responsible for the use of the Services by You and Your Authorized Users in
compliance with this Customer Agreement, including any applicable exhibits, addenda,
Documentation and applicable laws and government regulations; (ii) are responsible for all
activity relating to Your account, including without limitation ensuring that all usernames
and passwords for the Services are kept secure and confidential at all times; (iii) are
responsible for the accuracy, quality and legality of Your Data, including the lawful use and
transmission of Your Data provided by You and Your Authorized Users in connection with
the Services; (iv) will obtain all rights, permissions or consents from Authorized Users and
other of Your personnel that are necessary to grant the rights and licenses in this Customer
Agreement; and (iv) will use commercially reasonable efforts to prevent unauthorized access
to or use of Our IP and Services, and will notify Us promptly of such unauthorized use.
You may only designate Authorized User’s email addresses with Internet domain names that
You own or are authorized by the Internet domain name owner to use for the purposes
contemplated herein. You acknowledge and agree that the maximum number of Authorized
Users will not exceed the number of Authorized Users You ordered.
You represent, warrant, and agree that You will not submit Customer Data or otherwise use
the Services or interact with the Services in a manner that:
1. Infringes or violates the intellectual property rights or any other rights of anyone
2. Violates any law or regulation, including any applicable export control laws;
3. Is harmful, fraudulent, deceptive, threatening, harassing, defamatory, obscene, or
  otherwise objectionable;
4. Jeopardizes the security of Your account or anyone else’s (such as allowing
  someone else to log in to the Services as You);
5. Attempts, in any manner, to obtain the password, account, or other security
  information from any other user;
6. Violates the security of any computer network, or cracks any passwords or security
  encryption codes;
7. Runs Maillist, Listserv, any form of auto-responder or “spam” on the Services, or
  any processes that run or are activated while You are not logged into the Services,
  or that otherwise interfere with the proper working of the Services (including by
  placing an unreasonable load on the Services’ infrastructure);
8. "Crawls," "scrapes," or "spiders" any page, data, or portion of or relating to the
  Services (through use of manual or automated means);
9. Copies or stores any significant portion of the Services;
10. Stores or transmit infringing, libelous, or otherwise unlawful or tortious material,
  or stores or transmits material in violation of third-party privacy or other rights;
  and
11. Decompiles, reverse engineers, or otherwise attempts to obtain the source code or
  underlying ideas or information of or relating to the Services.
A violation of any of the foregoing is grounds for termination of Your right to use or access the
Services.
You may use "Third-Party Products" (as such term is defined in this paragraph) in
combination with the Services, provided, however that We do not make any representations
and warranties or covenants of any nature or kind with respect to any Third Party Products,
nor will We have any liability for any damages that You may directly or indirectly incur or
suffer as result of or arising from Your use of any Third Party Product in combination with
the Services. You further acknowledge and agree that it is subject to a third party’s respective
terms and conditions with respect to the use of any Third-Party Products. “Third-Party
Products” means any third-party products authorized by Us and selected by You, for use in
combination with the Services. You acknowledge and agree that any data, including personal
information, You provide when using the Third-Party Products may be collected, stored,
processed and transferred by the applicable third party provider in accordance with that third
party provider’s privacy policy and You represent and warrant that You have obtained any
required consent by the Authorized Users and any applicable regulatory body to do the
foregoing.

Termination

We may terminate (or suspend access to) Your use of the Services or Your account for any
breach of this Customer Agreement. We have the sole right to decide whether You are in
violation of any of the restrictions set forth in this Customer Agreement. Account termination
may result in deletion of any Customer Data associated with Your account. You may
terminate this Customer Agreement if We commit a material breach and fail to remedy such
breach within thirty (30) days of being notified by You of such breach ("Cure Period").
If We terminate this Customer Agreement due to Your material breach, We will not refund
any amounts to You. If You terminate the Services for Our material breach, You will receive
a refund for the remainder of the then-current term for such Services; provided that You will
not be entitled to any refund if You are also in breach of the Customer Agreement at the time
of such termination. If You terminate the Services other than for Our material breach, You
will not receive a refund or credit of any fees already paid or due to Us and, if applicable, all
outstanding Services fees will accelerate and become immediately due and payable.
Upon termination of the Services for any reason, all access rights and licenses granted herein
will immediately terminate.

Confidentiality and Privacy

"Confidential Information" means any non-public, confidential, or proprietary information of
a disclosing Party ("Discloser") that should reasonably be understood by the receiving Party
("Recipient") to be confidential because of (i) legends or other markings; (ii) the
circumstances of disclosure; or (iii) the nature of the information, which may be disclosed
either directly or indirectly, in writing, visual, orally or by inspection of tangible objects
(including without limitation documents, prototypes, samples, products, software, product
specifications and white papers) or other means. Confidential Information includes but is not
limited to technology and technical information, promotional and marketing activities,
inventions, finances and financial plans, customers, business and product plans, know-how,
source code, data, algorithms, methods and processes, trade secrets, designs, techniques,
analyses, models, strategies and objectives, and any third-party information that Discloser is
otherwise obligated to keep confidential.
Recipient will: (i) not use any Confidential Information for any purpose except to evaluate
and engage in discussions concerning a potential business relationship between the Parties
and/or to fulfill its obligations under this Customer Agreement; (ii) use at least the same
degree of care as Recipient uses to protect its own confidential information from unauthorized
use, access or disclosure, but in no event less than a reasonable degree of care; (iii) limit
disclosure of Confidential Information to those persons within Recipient’s organization who
have a need to know and who have previously agreed in writing, prior to the receipt of
Confidential Information, to be bound by confidentiality obligations similar to those set forth
in this Customer Agreement; (iv) not disclose any Confidential Information to third parties
without Discloser's prior written consent; (v) not copy, reverse engineer, disassemble, create
any works from, or decompile any prototypes, software or other tangible objects which
embody Discloser's Confidential Information; and (vi) comply with, and obtain all required
authorizations arising from, all U.S. and other applicable export control laws or regulations.
Any reproduction of Confidential Information requires Discloser's prior written consent and
will remain the property of Discloser. Any reproductions will contain any and all notices of
confidentiality contained on the original Confidential Information.
The foregoing confidentiality obligations will not apply to information that Recipient can
demonstrate: (i) is publicly known and made generally available through no improper action
or inaction of Recipient; (ii) was already in the possession of, or known by Recipient prior to
the time of disclosure by Discloser through no fault or breach of this Customer Agreement by
Recipient; (iii) was rightfully obtained by, or disclosed to, Recipient from a third party
without any obligation to maintain the Confidential Information as proprietary or confidential;
or (iv) is independently developed by Recipient without use of or reference to Discloser's
Confidential Information. Recipient may disclose Confidential Information to the extent such
disclosure is required to comply with applicable law or a valid order or requirement of a
governmental or regulatory agency or court of competent jurisdiction, provided that Recipient
(a) restricts such disclosure to the maximum extent legally permissible; (b) notifies Discloser
as soon as practicable of any such requirement to the extent such provision of prior notice
is permitted by applicable law; and (c) that subject to such disclosure, such disclosed materials
will in all respects remain subject to the restrictions set forth in this Customer Agreement
Within thirty (30) days of the termination of this Customer Agreement or upon Discloser's
written request, Recipient will promptly, at Recipient’s election, destroy or return all of
Discloser's Confidential Information in Recipient’s possession or in the possession of any
representative of Recipient; provided, however, that Recipient will not, in connection with the
foregoing obligations, be required to delete Confidential Information held electronically in
archive or back-up systems, and such Confidential Information will in all respects remain
subject to the restrictions set forth in this Customer Agreement. Upon Discloser's written
request, Recipient will provide a certification, signed by an officer of Recipient, as to the
destruction or return of Discloser's Confidential Information.
Discloser retains all right, title and interest to its Confidential Information. Recipient
acknowledges that the disclosure of Confidential Information may cause irreparable injury to
Discloser. Discloser will, therefore, be entitled to seek injunctive relief upon a disclosure or
threatened disclosure of any Confidential Information, without a requirement that Discloser
prove irreparable harm and without the posting of a bond. This provision will not in any way
limit such other remedies as may be available to Discloser at law or in equity. ALL
CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.” DISCLOSER MAKES NO
WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
COMPLETENESS OR PERFORMANCE.
You will ensure that: (i) You are entitled to transfer any relevant personal data to Us so that
We may lawfully use, process and transfer the personal data on Your behalf and in accordance
with this Customer Agreement; and (ii) the relevant third parties have been informed of, and
have given their consent to, such use, processing, and transfer as required by all applicable
data protection laws. You represent and warrant that You have obtained all necessary rights,
permissions, or consents from Authorized Users and any applicable regulatory body prior to
using the Services to comply with applicable laws and regulations, including, without
limitation, the EU General Data Protection Regulation 2016/679, the Wiretap Act 1979 of the
State of Israel, and the Protection of Privacy Regulations (Information Security) 2017 of the
State of Israel. We will process personal information in connection with the use of the
Services in accordance with the Privacy Policy, available at https://cyberfish.io/privacy
("Privacy Policy").
We will: (i) process personal data in compliance with and subject to this Customer Agreement
and any lawful and reasonable instructions received from You that are consistent with this
Customer Agreement; (ii) not use or process or permit any of Our subcontractors to use or
process, any personal data except to the extent necessary to perform Our obligations under
this Customer Agreement; (iii) implement and maintain adequate and reasonable technical and
organizational safeguards designed to protect against the unauthorized or accidental access,
loss, alteration, disclosure or destruction of personal data in Our possession or control; (iv)
ensure that we have appropriate procedures in place designed to comply with applicable data
protection laws and will take all reasonable steps to ensure that persons employed by Us, and
other persons engaged Our place of work, comply with applicable data privacy laws and
regulations.
We may process or otherwise transfer personal data in or to any country outside the European
Economic Area or any country not deemed adequate by the European Commission pursuant to
applicable data protection laws to the extent necessary for the provision of the Services. If
required, We will enter into the EU Standard Contractual Clauses as approved by the
European Commission for ensuring an adequate level of data protection in respect of the
personal data that will be processed or transferred.
We will not sell, process, retain, disclose, or use (i) for a commercial purpose or (ii) outside of
the direct business relationship between the Parties, any Customer Data that, under the
California Consumer Privacy Act ("CCPA") constitutes "personal information" ("CA
Personal Information"), except to provide the Services or as permitted by CCPA.
Notwithstanding anything in this Customer Agreement, the Parties acknowledge and agree
that Our access to CA Personal Information or any other Customer Data does not constitute
part of the consideration exchanged by the Parties in respect of this Customer Agreement.

Intellectual Property

Intellectual Property Rights in Our IP belong exclusively to Us or Our licensors. You
acknowledge and agree that You will not (and will not allow any third party), in whole or in
part, to directly or indirectly: (i) disassemble, decompile, reverse compile, reverse engineer
or attempt to discover any source code or underlying ideas or algorithms of any of Our IP
(except to the limited extent that applicable law prohibits reverse engineering restrictions
solely for interoperability purposes), (ii) sell, resell, distribute, sublicense or otherwise
transfer, Our IP, or make the functionality of Our IP available to any other party through any
means (unless We have provided prior written consent), or (iii) reproduce, alter, modify or
create derivatives of Our IP (unless as expressly permitted in this Customer Agreement). You
will maintain the copyright notice and any other notices that appear on Our IP, including any
interfaces related to the Services.
You acknowledge and agree that You will not (and will not allow any third party), in whole or
in part, to directly or indirectly: (i) disassemble, decompile, reverse compile, reverse engineer
or attempt to discover any source code or underlying ideas or algorithms of any of Our IP
(except to the limited extent that applicable law prohibits reverse engineering restrictions
solely for interoperability purposes), (ii) sell, resell, distribute, sublicense or otherwise
transfer Our IP, or make the functionality of Our IP available to any other party through any
means (unless We have provided prior written consent), or (iii) reproduce, alter, modify or
create derivatives of Our IP (unless as expressly permitted in this Customer Agreement). You
will maintain the copyright notice and any other notices that appear on Our IP, including any
interfaces related to the Services.
We own all Intellectual Property Rights in and to Aggregate Data, and may use, reproduce,
sell, publicize or otherwise exploit Aggregate Data in any way, in Our sole discretion.
"Aggregate Data" refers to Customer Data that is de-identified (stripped of any information
used to identify You, including personal data). Aggregate Data will also include statistical
information related to the use and performance of the Services, provided that such statistical
information is de-identified. You grant to Us a worldwide, perpetual, irrevocable, royalty-free,
fully paid-up license to use and exploit any suggestion, enhancement request,
recommendation, correction or other feedback ("Feedback") provided by You or Your
Authorized Users relating to the Services. Feedback will not include Confidential Information.
We acknowledge that You own all right, title, and interest in and to Customer Data (excluding
Aggregate Data). You grant to Us the worldwide right to use, access, host, copy, transmit,
modify and display Customer Data, as reasonably necessary for Us to perform Our obligations
in accordance with this Customer Agreement. We may disclose Customer Data to Our third-
party contractors and service providers (including cloud service providers) to the extent
necessary to provide the Services in accordance with this Customer Agreement; provided that
such third-party contractors and service providers are bound by confidentiality obligations
similar to the provisions of this Customer Agreement. You acknowledge and agree We may
use Customer Data to provide and improve our products and services.
U.S. Government Restricted Rights. Our IP Services are "commercial items", "commercial
computer software" and "commercial computer software documentation," pursuant to DFARS
Section 227.7202 and FAR Sections 12.211-12.212, as applicable. All Our IP and Services
are and were developed solely at private expense and the use of Our IP and Services by the
United States Government are governed solely by this Customer Agreement and are
prohibited except to the extent expressly permitted by this Customer Agreement.

Warranty Disclaimer and Indemnity

We expressly disclaim any Customer Data which You have generated for use with the Services,
and You agree to indemnify, hold harmless and, at Our option, to defend Us, Our officers,
directors, employees, affiliates contractors and agents from and against any losses, liabilities,
damages, costs and expenses (including reasonable attorneys’ fees) incurred as a result of a) any
alleged or actual violations of any third party rights arising out of the Customer Data, including
without limitation claims related to the unauthorized disclosure or exposure of personal data or
other private information, failure to obtain required consents, claims that the Customer Data
infringes a third party right, and b) claims arising from Customer's use of the Services in
violation of this Customer Agreement. THE SERVICES ARE PROVIDED ON AN "AS IS"
BASIS WITHOUT ANY WARRANTY WHATSOEVER AND WE EXPRESSLY DISCLAIM,
TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, ALL
WARRANTIES, EXPRESS, IMPLIED AND STATUTORY, INCLUDING WITHOUT
LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, ACCURACY, NONINFRINGEMENT, OR ARISING FROM
COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE. WE ALSO MAKE NO
WARRANTY REGARDING NONINTERRUPTION OF USE OR FREEDOM FROM BUGS,
AND MAKE NO WARRANTY THAT THE SERVICES WILL BE ERROR-FREE. WE DO
NOT GUARANTEE ANY SPECIFIC RESULTS FROM USING THE SERVICES.

Limitation of Liability

TO THE FULLEST EXTENT ALLOWED BY APPLICABLE LAW, UNDER NO
CIRCUMSTANCES AND UNDER NO LEGAL THEORY (INCLUDING, WITHOUT
LIMITATION, TORT, CONTRACT, STRICT LIABILITY, OR OTHERWISE) SHALL WE
(OR OUR LICENSORS OR SUPPLIERS) BE LIABLE TO YOU OR TO ANY OTHER
PERSON FOR (A) SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY
DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO ANY LOST PROFITS
LOST SAVINGS, LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF
INFORMATION, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF
CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE,
WHETHER OR NOT WE WERE ADVISED OF THE POSSIBILITY OF SUCH LOSS OR
DAMAGES OR (B) ANY AMOUNT, IN THE AGGREGATE, IN EXCESS OF THE
GREATER OF (I) $100 OR (II) THE AMOUNTS PAID BY YOU TO US FOR THE
SERVICES DURING THE TWELVE (12) MONTHS PRIOR TO THE FIRST EVENT
GIVING RISE TO SUCH LIABILITY.

THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN WILL APPLY ONLY TO
THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, AND NOTHING
HEREIN PURPORTS TO LIMIT EITHER PARTY’S LIABILITY IN A MANNER THAT
WOULD BE UNENFORCEABLE OR VOID AS AGAINST PUBLIC POLICY IN THE
APPLICABLE JURISDICTION.

Miscellaneous

This Customer Agreement is governed by and construed in accordance with the laws of the
State of Delaware and the United States without regard to conflicts of laws provisions
thereof, and without regard to the United Nations Convention on the International Sale of
Goods. The Parties agree that the Uniform Computer Information Transactions Act or any
version thereof, adopted by any state, in any form, will not apply to this Customer
Agreement.
Any assignment of this Customer Agreement by You to another party, including any transfer
by operation of law or otherwise, without the other Party's prior written consent (which
consent will not be unreasonably withheld) will be null and void; provided, however, that
You may assign this Customer Agreement without consent, to an affiliate or in connection
with any merger, asset purchase or sale, stock purchase or sale or similar change of control
transaction.
We may use subcontractors in the performance of Our obligations. We will disclose
subcontractors having access to Customer Data upon Your written request.
The provisions of the following Sections and all accrued payment obligations will survive the
termination of this Customer Agreement: Section 4 (Paying for the Services), Section 7
(Confidentiality and Privacy), Section 8 (Intellectual Property), Section 9 (Warranty
Disclaimer and Indemnity), Section 10 (Limitation of Liability), and Section 11
(Miscellaneous).
Each Party acknowledges that it is familiar with and understands the provisions of applicable
anti-corruption laws, including but not limited to FCPA or UKBA, and agrees not to violate or
knowingly let anyone such laws. You agree that no payment You make will constitute a bribe,
influence payment, kickback, rebate, or other payment that would violate applicable anti-
corruption or anti-bribery laws. You agree that at Our request, You will furnish Us a
certification signed by Your authorized representative verifying that the Services are being
used in accordance with this Customer Agreement.
This Customer Agreement constitutes the complete and entire agreement between the Parties
with respect to the Services. It replaces and supersedes any prior agreements, oral or written,
between the Parties concerning the subject matter hereof. We hereby reject and deem deleted
any additional or different terms or conditions that You present, including, but not limited to,
any terms or conditions contained or referenced in any purchase order, acceptance, or
acknowledgement. No amendment to this Customer Agreement will be effective unless it is
in writing and signed by the authorized representatives of each Party. With the exception of
Your obligation to make payments due and payable to Us, neither Party will be considered to
be in breach or default of this Customer Agreement as a result of its delay or failure to
perform its obligations herein when such delay or failure arises out of causes beyond the
reasonable control of the Party whose performance has been affected. Nothing in this
Customer Agreement will benefit or create any right or cause of action in or on behalf of any
person or entity other than the Parties. The failure of a Party to exercise or enforce any right
or provision of this Customer Agreement will not constitute a waiver of such right or
provision. If any provision of this Customer Agreement is held to be invalid or
unenforceable, the remaining provisions of this Customer Agreement will remain in full force
and effect.

COFENSE SAT SUBSCRIPTION SCHEDULE 1

In addition to the terms of the Customer Agreement, the following terms apply to the simulation training module and twelve (12) courses, Cofense SAT.

For the duration of the applicable Services Term set forth in the applicable Order and in
accordance with the terms of the Customer Agreement, Cofense grants to You a non-
exclusive, non-transferable, non-assignable right to access Cofense SAT, including
the applicable Documentation and Our IP, for Your internal use only.
You acknowledge that Cofense has no delivery obligation and will not ship copies of
software as part of Cofense SAT.
You are responsible for its Authorized Users’ compliance with the Customer Agreement,
this Schedule and the Acceptable Use Policy Addendum.
You acknowledge and agree that the maximum number of Authorized Users will not
exceed the number of Authorized Users set forth in the applicable Order, and You may
only use Cofense SAT with Authorized Users of Cofense Protect. You
may add additional Authorized Users during the Services Term, at the same pricing as set
forth in the applicable Order, pro-rated for the portion of the Services Term remaining at
the time. You will provide Us with a primary contact person who will approve requests
for new administrators. Notwithstanding anything in the Customer Agreement to the
contrary, any breach by You and its Authorized Users of this Section will result in the
immediate suspension or termination of You and Your Authorized Users’ access to Cofense SAT.
You may only designate Authorized User’s email addresses with Internet domain names
that You own or is authorized by the Internet domain name owner to use for the purposes
contemplated herein.

ACCEPTABLE USE POLICY ADDENDUM

By using the simulation training module, you are agreeing to this Acceptable Use Policy
Addendum (this "Policy"). Please read this carefully.

Capitalized terms used below but not defined in this Policy will have the meaning set forth in the
Customer Agreement. You and Your Authorized Users must promptly notify Us of any actual or
suspected illegal or unauthorized activity or a security breach involving the simulation training
module. You and Your Authorized Users may not:

disseminate material that is abusive, obscene, pornographic, defamatory, harassing,
grossly offensive, vulgar, threatening, or malicious;
disseminate materials that would constitute an infringement upon the patents, copyrights,
trademarks, trade secrets or other intellectual property rights of others;
use the simulation training module for any illegal purpose, or in violation of any laws;
disseminate materials that would give rise to liability under the Computer Fraud and
Abuse Act;
commit fraud or engage in other misleading or deceptive activities;
upload to, or transmit from the simulation training module any viruses, worms, defects,
Trojan horses, time-bombs, malware, spyware, or any other computer code of a
destructive or interruptive nature;
share the simulation training module and any of Our IP and Confidential Information
with any third-parties, except as expressly authorized in advance by Us in writing;
use the simulation training module and Our IP in any way to provide services to any
third-party;
disassemble, decompile, reverse compile, reverse engineer or attempt to discover any
source code or underlying ideas or algorithms of the simulation training module and Our
IP (except to the limited extent that applicable law prohibits reverse engineering
restrictions solely for interoperability purposes);
sell, resell, distribute, sublicense or otherwise transfer, the simulation training module
and Our IP, or make the functionality of the simulation training module available to any
other party through any means (unless We have provided prior written consent); and
reproduce, alter, modify or create derivatives of Our IP (unless as expressly permitted in
the Customer Agreement).

Authorized Users must comply with any Intellectual Property Rights asserted in Our IP provided
to You for the purposes of using with the simulation training module. Authorized Users will
maintain and not remove or obscure any proprietary notices on Our IP.

Remedies. Violation of this Policy may result in civil or criminal liability, and We may, in
addition to any other remedy that We may have at law or in equity, terminate any permission for
You and any Authorized User to access the simulation training module or immediately remove
the offending material. In addition, We may investigate incidents that are contrary to this Policy.

We reserve the right to update and modify this Policy at any time from time-to-time. Continued
use of the simulation training module by You and Your Authorized Users after such update or
modification will indicate Your acceptance of the updates and/or modifications to this Policy.

COFENSE REPORTER SUBSCRIPTION
SCHEDULE 2

In addition to the terms of the Customer Agreement, the following terms apply to Cofense Reporter^TM.

For the duration of the applicable Services Term set forth in the applicable Order and in
accordance with the terms of the Customer Agreement, We grant to You a non-exclusive,
non-transferable, non-assignable right to access the applicable version of Cofense Reporter,
including the applicable Documentation, for Your internal use only. You acknowledge that
We have no delivery obligation and will not ship copies of software as part of Cofense
Reporter. You are responsible for Your Authorized Users’ compliance with the Customer
Agreement and this Schedule. Authorized User-initiated Cofense Reporter reports must be
sent to a mailbox owned by You or authorized mailbox. You acknowledge and agree that We
may store Customer Data from Cofense Reporter in the United States.

MSSP SERVICES TERMS OF USE

Where You are ordering the Services to manage them as part of Your managed
security services program for Applicable Customers (as defined below) ("MSSP
Services"), You acknowledge You must be authorized by Us prior to providing the
MSSP Services to Applicable Customers, and You may only use the MSSP
Services as a managed security service provider to Applicable Customers pursuant
to this MSSP Agreement. If You are separately ordering the Services for Your
internal use, then such use will be separately governed by the Customer
Agreement. Capitalized terms used but not defined in this MSSP Agreement will
have the same meanings set forth in the Customer Agreement.

Definitions

"Applicable Customers" means those customers located in the Territory(ies) for which We have
given You prior written approval for You to provide MSSP Services

"Applicable Customer Data" means the information submitted or provided by Applicable
Customers for use with the Services.

"Authorized Users" means (i) Your authorized employees, agents or independent contractors with
an assigned unique email address, who may access or provide the Services to the Applicable
Customers; and/or (ii) employees and personnel of Applicable Customers whose email accounts
are being used with the Services.

"Intellectual Property Rights" means copyrights (including, without limitation, the exclusive right
to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work),
trademark rights (including, without limitation, trade names, trademarks, service marks, and trade
dress), patent rights (including, without limitation, the exclusive right to make, use and sell), trade
secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights, goodwill and
all other intellectual property rights as may exist now and/or hereafter come into existence, and all
renewals and extensions thereof, of any state, country or jurisdiction.

"Order Form" means (i) a quotation, proposal, or pricing offer issued to You by Us that is signed
by both Parties or to which You have confirmed acceptance in writing, (ii) a quotation, proposal,
or pricing offer issued by Us to You at the time of the sign-up for an evaluation described in
Section 2(d) of this MSSP Agreement, which You will be deemed to have accepted if You do not
provide Us notice of cancellation prior to the end of the evaluation period, or (iii) a written
purchase order or similar ordering document, signed or submitted by You and accepted by Us,
under which You agree to purchase a license to the Services to provide MSSP Services under this
Agreement. It is agreed that all Order Forms for the Services will incorporate the terms of this
MSSP Agreement, whether expressly referenced or not, and will only be accepted subject to the
terms of this MSSP Agreement. The terms and conditions of this MSSP Agreement will govern
all Order Forms, and any additional or different terms in an Order Form are deemed void and of
no effect unless such additional or different terms are agreed upon by the Parties in writing. For
clarity, acceptance by Us of Your purchase order or similar ordering document will not be deemed
an acceptance of any conflicting or additional terms and conditions.

"Territory(ies)" means the territories We authorize You to provide the MSSP Services. You may only provide the MSSP Services in those territories where We have provided our prior written authorization. Notwithstanding the foregoing, You will not provide the MSSP Services in the following Territories: North Korea, Iran, Syria, Lebanon, Cuba, Sudan, and Crimea Region of Ukraine.

MSSP Partner Program

Subject to the terms and conditions set forth herein, You may provide MSSP Services to
Applicable Customers for the Services.
For purposes of providing MSSP Services to Applicable Customers, You will purchase the
licenses in Your own name at the prices set forth in the applicable Order Form. In addition to any
other information to be provided to Us by You in an Order Form, You will provide the name of
the Applicable Customer (along with any other information We reasonably request).
You will market and promote the MSSP Services in the Territory(ies). You may also
market, at Your own expense, and resell licenses to the Services to Your customers for their direct
use, subject always to the customer accepting the Customer Agreement to govern their use of the
Services, in the Territory(ies) only upon Our prior written approval in each instance, and You will
always comply with all applicable laws and regulations reselling the Services.
If We provide the Services, along with any other related materials and documentation for
Your Applicable Customer’s evaluation purposes, then We grant a limited, nontransferable, non-
assignable, non-sublicensable right to use the Services for the Applicable Customer, subject to the
terms of this MSSP Agreement and any other limitations communicated to You. You may use the
Services for Your Applicable Customer’s own internal evaluation purposes from the date in which
You access the Services for the Applicable Customer, until the expiration date We provide You,
or, if no expiration date is provided, for a period of up to fourteen (14) days from the date of first
deploying the Services for the Applicable Customer. If You do not provide Us notice to cancel the
evaluation for the Applicable Customer prior to the expiration of the applicable evaluation period,
Your subscription to the Services for the Applicable Customer will automatically begin upon
expiration of the evaluation period, subject to and governed by this MSSP Agreement, and You
will be deemed to have accepted the quotation or proposal provided at the time of the evaluation
sign-up, and We will charge You at the pricing stated therein. If You cancel the evaluation for the
Applicable Customer before the end of the applicable evaluation period, You will not be charged.
Your eligibility for a free evaluation offer for each Applicable Customer is determined solely by
Us and Your access to any free evaluation offer is provided at Our sole discretion. The Services
are provided to You “AS-IS”, and to the extent permitted by applicable law, We disclaim all
indemnities and warranties relating to the evaluation, express or implied, including but not limited
to any warranties against infringement of third-party rights, merchantability, and fitness for a
particular purpose. You acknowledge that the Services are Our intellectual property. At the end of
the applicable evaluation period, all evaluation licenses granted herein will automatically terminate
and You will delete or return any of Our Confidential Information in Your possession related to
the evaluation and provide written certification of such destruction or return in writing to Us. You
understand that We may disable access to the Services for each evaluation automatically at the end
of the evaluation period, without notice to You. This Section will take precedence over any
contradictory language in this MSSP Agreement as it relates to an evaluation.
You will pay the fees for the Services set forth in the applicable Order Form and the
renewals thereof ("Fees"). All Fees will be fully billed in advance, unless otherwise agreed by the
Parties in writing. Fees are exclusive of all tariffs, duties or taxes imposed or levied by any
government or governmental agency, including without limitation, federal, state and local sales,
use, value added or other similar taxes (collectively, “Taxes”) and You are responsible for paying
all Taxes applicable to the Services. In the event We are obligated to collect and pay indirect Taxes
for the Fees, You agree to pay any indirect Taxes that may be added to the payment of any
outstanding Fees and will be reflected in the invoice or subsequently invoiced if the Fees were
previously paid. You will reimburse Us for any and all expenses incurred by Us so long as such
expenses are directly attributable to the Services provided to You. You agree to pay all Fees, in
full, within thirty (30) days. If You fail to make any payment when due, then interest at a rate of
one and one-half percent (1.5%) per month will accrue on such unpaid, undisputed amounts,
calculated from the date the payment was originally due. Credit card payments may incur
additional fees. If You dispute any invoice, You will promptly notify Us of the disputed amount,
but in no event later than the date payment is due, with an explanation of the reasons therefor. In
the event of non-payment or any action at law or in equity necessary to enforce or interpret the
terms of this MSSP Agreement for non-payment, You agree to pay all of Our reasonable attorneys'
fees and collection costs and expenses associated with the collection of such debt, to the fullest
extent permitted by applicable law.
For each Order Form, we will provide the Services pursuant and subject to this MSSP
Agreement. The term of the Services for the Applicable Customer is specified in the applicable
Order Form or, if no period of time for the Services is specified, for a period of one (1) month
from the date in which access to the Services was made available to You ("Initial Services Term").
Unless otherwise stated on the Order Form, the Services will automatically renew after its Initial
Services Term for additional periods equal in length to the Initial Services Term (each, a "Renewal
Services Term" and together with the Initial Services Term, the "Services Term"), unless either
Party notifies the other of its intention not to renew the Services at least thirty (30) days prior to
the expiration of the then-current Services Term. In the event You add additional Authorized Users
for the Applicable Customer during the Services Term, You will be billed for the additional
Authorized Users at the pricing set forth in the applicable Order Form. For the duration of the
applicable Services Term and in accordance with the terms of this MSSP Agreement, We grant
You a non-exclusive, non-transferable, non-assignable right to access the Services, including the
applicable Documentation and Our IP associated with the Services, solely for the provision of the
MSSP Services to the Applicable Customer. You acknowledge that We have no delivery
obligation and will not ship copies of software as part of the Services. For the duration of the
applicable Services Term, We grant You a non-exclusive, revocable, non-transferable, non-
assignable right to access the Services, including the applicable Documentation and any other of
Our IP provided with respect to this MSSP Agreement, for Your provision of MSSP Services to
Applicable Customers.

Applicable Customer Restrictions

You may only use the license purchased pursuant to the Agreement for the Services with only One
Applicable Customer. For clarification, pricing will be based on the number of employees and/or
email addresses with respect to an Applicable Customer, unless otherwise agreed by the Parties in
writing in the applicable Order Form. You may not use one license to provide MSSP Services to
multiple Applicable Customers. The license for the Services will be provided and used in
accordance with the terms of the Customer Agreement, except that the prohibition of using the
Services with third parties in the Customer Agreement will not be applicable to the extent You are
providing the Services to Applicable Customers in compliance with this Agreement and You are
not permitted to use the MSSP Services for Your internal use as part of Your order of the MSSP
Services. Under no circumstances may You use a single license for multiple Applicable Customers.

Term and Termination

We may terminate this MSSP Agreement and Your license to provide MSSP Services upon
ninety (30) days' prior written notice for Our convenience.
We may, in our sole and absolute discretion, immediately terminate this MSSP Agreement or
an individual license, or suspend Your access to the Services in connection with any actual,
alleged or suspected: (i) breach of confidentiality obligations and license or use restrictions
set forth in the Customer Agreement and this MSSP Agreement, (ii) direct or indirect
technical or security issues or problems caused by or relating to You or an Applicable
Customer, (iii) violations of applicable law. A Party may otherwise terminate this MSSP
Agreement if the other Party commits a material breach, and fails to remedy such breach
within thirty (30) days of being notified by the non-breaching Party of such breach. If We
terminate this MSSP Agreement due to Your material breach, We will not refund any
amounts to You.
Upon termination or expiration of this MSSP Agreement: (a) You will promptly return to Us
all materials related to us in Your possession, and You will cease representing yourself as
one of Our authorized MSSP partners; (b) all licenses granted hereunder will terminate; and
(c) each Party will cease using, return or destroy, at the sole election of the other Party, all
Confidential Information of such other Party relating to this MSSP Agreement, and You will
cease using any of Our IP (as defined in the Customer Agreement).

Your Responsibilities

Prior to providing the MSSP Services to Applicable Customers, You will, upon request,
successfully complete and pass the Managed Security Services Provider Program
certification training for the MSSP Services. If at any time, We find that You are not
providing MSSP Services up to Our standards, We may suspend this MSSP Agreement
immediately and require that You attend additional training, as reasonably necessary.
You must follow Our reasonable instructions regarding use of the Services and training.
You will complete any due diligence questionnaires We request from time to time.
In providing the MSSP Services, You will comply with the Acceptable Use Policy
attached hereto as Exhibit A.
You (i) are responsible for the use of the Services and Our IP by Your personnel
(including Authorized Users) and the Applicable Customer in compliance with this
MSSP Agreement, including any applicable exhibits, addenda, Documentation and
applicable laws and government regulations; (ii) are responsible for the accuracy, quality
and legality of Applicable Customer Data, including the lawful use and transmission of
Applicable Customer Data provided by Applicable Customer and any Authorized Users
in connection with the Services; (iii) will obtain all rights, permissions or consents from
Authorized Users and other Applicable Customer personnel that are necessary to grant Us
the rights and licenses in this MSSP Agreement; and (iv) will use commercially
reasonable efforts to prevent unauthorized access to or use of Our IP and Services, and
will notify Us promptly of such unauthorized use.
You will ensure that: (i) You and the Applicable Customer are entitled to transfer the
relevant personal data to You and Us so that the Parties may lawfully use, process and
transfer the personal data on the Applicable Customer’s behalf and in accordance with
this MSSP Agreement; and (ii) the relevant third parties have been informed of, and have
given their consent to, such use, processing, and transfer as required by all applicable
data protection laws. You may only use Authorized User’s email addresses with Internet
domain names that are authorized by the Internet domain name owner to use for the
purposes contemplated herein.
You agree that at Our request, You will furnish Us a certification signed by Your
authorized representative verifying that the Services are being used in accordance with
this MSSP Agreement.

Applicable Customers

We may reject Your request to provide MSSP Services to a potential Applicable Customer
at any time for any reason, without incurring any liability to You and/or Applicable
Customer.
The Parties acknowledge that You will have Your own agreements with the Applicable
Customers pursuant to which You will provide MSSP Services to the Applicable
Customers. You acknowledge and agree that We will not be a party to the contract between
You and the Applicable Customer and, further, that We will not be liable to You or to
Applicable Customer in respect of any claims made by the Applicable Customers under
contract between You and the Applicable Customer.
Prior to providing MSSP Services for each Applicable Customer, We may request a letter of
acknowledgment in place executed between Us and the Applicable Customer.

Intellectual Property

Any documentation, materials, intelligence, and any other proprietary information provided
by Us, or on Our behalf, in connection with the MSSP Services are also Our IP, to which We
own all Intellectual Property Rights. Notwithstanding anything in the Customer Agreement
to the contrary, You will use Our IP under this MSSP Agreement solely for the purposes of
providing MSSP Services to Applicable Customers. You will not modify any documentation
We provide without Our prior written permission each time. We will automatically own and
have title to any derivative works based on Our IP.
You understand, acknowledge and agree that We own all Intellectual Property Rights in and
to Aggregate Data, and may use, reproduce, sell, publicize or otherwise exploit Aggregate
Data in any way, in Our sole discretion. “Aggregate Data” refers to Applicable Customer
Data that is de-identified (stripped of any information used to identify Applicable Customer,
including personal data). Aggregate Data will include data identified through the Services as
malicious and also include statistical information related to the use and performance of the
Services, provided that such information is de-identified. You grant Us a worldwide,
perpetual, irrevocable, royalty-free, fully paid-up license to use and exploit any suggestion,
enhancement request, recommendation, correction or other feedback (“Feedback”) You
provide relating to the Services. Feedback will not include Confidential Information. You
will provide Us with all threat intelligence learned and collected with the use of the Services
and such threat intelligence will not include Confidential Information.
You acknowledge and agree that the maximum number of Authorized Users will not exceed
the number of Authorized Users set forth in the applicable Order Form. At the beginning of
the applicable Services Term, You will designate and allocate the Authorized Users on behalf
of the Applicable Customer. The Parties acknowledge and agree that Authorized Users may
not be reassigned or replaced (except for those designated by You to act as administrators)
prior to the expiration of the applicable Services Term. Any breach by You and Your
Authorized Users of this Section may, in Our sole discretion, result in the immediate
suspension or termination of You and Your Authorized Users’ access to the Services and or
termination of this MSSP Agreement.
You may not enter into new license agreements for the Services with customers who already
have direct agreements in place with Us

Confidentiality

"Confidential Information" means all non-public information, whether written, electronic,
oral or graphic, that a disclosing party ("Discloser") may disclose or reveal to the receiving
party ("Recipient"), that is either (i) identified as confidential at the time of disclosure by
Discloser, or (ii) disclosed under circumstances that would indicate to a reasonable person
that the information should be treated as confidential by Recipient. Confidential Information
includes, but is not limited to, technical or business information, pricing, financial plans and
records, marketing plans, research, present and proposed products, trade secrets, know how,
processes, intelligence, computer software programs, software tools and descriptions of
functions and features of software, source code, information regarding customers and
suppliers, employees and affiliates, and methods for systems integration, company systems or
software.
Recipient will maintain all Confidential Information of the Discloser in strict confidence.
Except as provided in this MSSP Agreement, the Recipient will not use Confidential
Information of the Discloser, except to perform or otherwise fulfill the purpose of this MSSP
Agreement or disclose it in any manner to any third party without the prior express written
consent of the Discloser. Recipient will restrict access to, and use of, Confidential
Information of the Discloser to those employees and agents of Recipient’s organization with
a need to use the information to perform under or otherwise fulfill the purpose of this MSSP
Agreement. Recipient will use the same degree of care in handling and safeguarding
Confidential Information that it uses in handling and safeguarding its own Confidential
Information, and in any case not less than reasonable care. Before disclosing any
Confidential Information to its officers or employees, Recipient will subject such officers and
employees to an obligation of confidentiality no less stringent than that by which Recipient is
bound.
The obligations set forth in the subsection above will not apply to information which is:
(i) already known to or otherwise in the possession of the Recipient at the time of disclosure
and which was not so known or received in violation of any confidentiality obligation;
(ii) publicly available or otherwise in the public domain prior to disclosure by the Recipient;
(iii) rightfully obtained by the Recipient from any third party without restriction and without
breach of any confidentiality obligation by such third party; or (iv) developed by the
Recipient without reference to the Discloser’s Confidential Information and independent of
any disclosure hereunder, as evidenced by written records.
Each Party may disclose Confidential Information to the limited extent necessary to comply
with the order of a court or administrative body of competent jurisdiction or a government
agency, provided that the Recipient will notify the Discloser prior to such disclosure, if
permissible, and will cooperate with the Discloser if the Discloser elects to legally contest,
request confidential treatment of, or otherwise avoid such disclosure.

Warranty and Indemnification

You represent and warrant that You will not (i) make or publish any false or misleading
representations, warranties, or guarantees on Our behalf or Our suppliers, or (ii) make any
representations warranties, or guarantees with respect to Us, the Services or any of Our
obligations that are inconsistent with the terms of this MSSP Agreement.
You agree to indemnify, defend and hold Us, and Our affiliates, directors and officers,
employees and agents harmless from any and all claims and/or demands, including
reasonable attorneys’ fees, made by any third party arising out of or related to Your and/or
Authorized Users’ alleged or actual use or misuse of the Services and Our IP, including
without limitation: (a) claims related to the unauthorized disclosure or exposure of personal
data or other private information, violations of any third party rights, and failure to obtain
required consents for Us to provide the Services under this MSSP Agreement; (b) claims that
You are infringing on any third party intellectual property or data privacy right; (c) a breach
of the Acceptable Use Policy; or (d) claims arising from Your use of the Services in violation
of the Customer Agreement or this MSSP Agreement. Further, You will indemnify Us, Our
employees, officers, directors, affiliates, independent contractors, and agents against any
claim made by an Applicable Customer against Us arising in connection with the MSSP
Services or the contract between the You and the Applicable Customer.

Limitation of Liability

Data Privacy and Compliance

You will (i) comply with all applicable legal requirements regarding privacy and data
protection; and (ii) provide sufficient notice to, and obtain sufficient consent and
authorization from, Applicable Customers and any other party providing personal data to
You and Us to permit the processing of the data by You, Us, and either Party’s respective
affiliates, subsidiaries, and service providers as contemplated by this MSSP Agreement.
You will comply with all applicable export controls, trade sanctions, and import laws and
regulations in Your use of the Services, including without limitation the regulations of the
U.S. Commerce Department’s Bureau of Industry and Security ("BIS") and the U.S.
Treasury Department’s Office of Foreign Assets Control ("OFAC") (collectively, "Export
Control Laws"). You will not, directly or indirectly, export or re-export, or knowingly permit
the export or re-export of any of the Services, without any required government
authorization, to any person, or entity (i) located or resident in any country or territory that is
subject to comprehensive U.S. trade sanctions or other significant trade restrictions
(including without limitation, Cuba, Iran, North Korea, Sudan, Syria, and the Crimea region
of Ukraine) ("Sanctioned Countries"); or (ii) identified on any U.S. government restricted
party lists (including the Specially Designated Nationals and Blocked Persons List, Foreign
Sanctions Evaders List, and Sectoral Sanctions Identifications List, administered by OFAC,
and the Denied Party List, Entity List and Unverified List, administered by BIS) ("Restricted
Party Lists"). You represent and warrant that You are not (i) a citizen of, or located in, a
Sanctioned Country, or (ii) identified on, or more than 50 percent (50%) owned or controlled
by one or more persons or entities identified on, a Restricted Party List.
Each Party acknowledges that it is familiar with and understands the provisions of the U.S.
Foreign Corrupt Practices Act of 1977, as amended (the "FCPA") and the U.K. Bribery Act
of 2010 ("UKBA") and agrees not to violate or knowingly let anyone violate the FCPA,
UKBA, or any other applicable anti-corruption laws. You agree that no payment You make
will constitute a bribe, influence payment, kickback, rebate, or other payment that violates
the FCPA, the UKBA, or any other applicable anti-corruption or anti-bribery laws.
You will perform Your obligations hereunder in compliance with Our applicable rules,
policies and regulations ("Policies"), now in effect or hereafter amended or established by Us
from time to time. You will require Your employees, agents or consultants performing
services directly in connection with this MSSP Agreement to comply with such Policies and
will be responsible for any violation of such Policies by Your employees, agents or
consultants.
You will comply with all applicable laws and regulations with respect to Your use of the
Services. You will obtain all licenses and approvals required under and will otherwise
comply with all laws of the Territory(ies) governing the importation, management, marketing
or distribution of the Services into and throughout the Territory(ies) and will pay (and
reimburse Us if it is required to pay) all related governmental charges and related expenses.
You will (i) comply with all applicable legal requirements regarding privacy and data
protection; and (ii) provide sufficient notice to, and obtain sufficient consent and
authorization from Applicable Customers and any other party providing personal data to You
and Us to permit the processing of the data by You, Us, and each Party’s respective affiliates,
subsidiaries, and service providers as contemplated by this MSSP Agreement. You
understand that We may be required to disclose certain information received in connection
with this this MSSP Agreement (including, for example, the names of Applicable Customers
and details of security incidents observed) to government authorities as required by
applicable laws. You will ensure that each Applicable Customers understands and agrees to
comply with this provision.

Insurance

You will maintain commercial property, casualty, errors and omissions, and liability insurance in
amounts customary for businesses operating in Your industry and for the provision of the
Services. All liability and errors and omissions insurance will designate Us as an additional
insured. All such insurance must be primary and require the issuer to respond and pay prior to
any other available coverage. You agree that You and anyone claiming by, through, under, or on
Your behalf will have no claim, right of action, or right of subrogation against Us based on any
loss or liability insured against under the foregoing insurance. You will provide Us with
certificates or adequate proof of the foregoing insurance within thirty (30) days of request and
thereafter promptly each year after renewal. Such insurance policies or endorsements will entitle
Us to receive notice at least thirty (30) days prior to any cancellation (including for nonrenewal)
or change.

Audits

You will provide Us reports (within 15 days of requests) and such reports will provide the
following information: (i) details about the Applicable Customers, including Applicable
Customer name and address; (ii) the number of licenses and Authorized Users being used in
connection with the Services for each Applicable Customer; and (iii) any other information We
request. We will have the right to audit Your MSSP Services activities (including Your use of
the Services and information provided in any reports) to ensure compliance with this MSSP
Agreement and You will provide Us with access and information as We may request in
connection with such audits.

Miscellaneous Provisions

Nothing in this MSSP Agreement will be construed as limiting Our appointment of other
managed security service providers, dealers, licensees or agents in any way, or limiting Our
other marketing or distribution activities in any way or granting similar rights as those set out
herein to any other party in any way.
In making and performing this MSSP Agreement, the Parties have acted, and will act,
always, as independent contractors, and, except as expressly set forth in this MSSP
Agreement or any exhibits, nothing contained in this MSSP Agreement or any exhibits will
be construed or implied to create an agency, partnership or employer and employee
relationship between them. Except as expressly set forth in this MSSP Agreement, at no time
will either Party make commitments or incur any charges or expenses for, or in the name of,
or act as agent of the other Party.
You will not assign Your rights (by operation of law or otherwise) or delegate Your
obligations under this MSSP Agreement without Our prior written consent, and, absent such
consent, such assignment or delegation by You will be null, void and of no effect. This
Agreement will be binding upon and inure to the benefit of each Party and their successors
and permitted assigns.
This Agreement and the rights and obligations of the Parties hereunder and thereunder, will
be construed in accordance with, and will be governed by, the laws of the Commonwealth of
Virginia, without giving effect to its conflict of laws principles. The United Nations
Convention on Contracts for the International Sale of Goods does not apply to this MSSP
Agreement.
This Agreement may not be amended or modified except in a writing duly executed by
authorized representatives of both Parties. If any term or provision of this MSSP Agreement
is determined by a court of competent jurisdiction to be illegal, invalid, or unenforceable, the
legality, validity, or enforceability of the remainder of this MSSP Agreement will not thereby
be affected, and this MSSP Agreement will be deemed amended to the extent necessary to
delete such provision. The waiver by either Party of a breach of any provision of this MSSP
Agreement will not operate or be construed as a waiver of the same or any other breach by
that Party, whether prior or subsequent. Any waiver under this MSSP Agreement must be in
writing and signed by an authorized representative of the waiving Party. In the event of a
contractual dispute arising out of or relating to payment obligations of a Party, the Party
prevailing in such dispute will be entitled to collect from the other Party all costs of
collection in such dispute, including reasonable attorneys' fees.
Except with respect to payment obligations, if a Party is prevented or delayed in performance
of its obligations under this MSSP Agreement as a result of circumstances beyond such
Party's reasonable control, including, without limitation, war, terrorist act, riot, fires, floods,
epidemics, or failure of public utilities or public transportation systems, such failure or delay
will not be deemed to constitute a material breach of this MSSP Agreement, but such
obligation will remain in full force and effect and will be performed or satisfied as soon as
reasonably practicable after the termination of the relevant circumstances causing such
failure or delay. The terms set out in the Customer Agreement incorporated herein along
with the terms set out in the MSSP Agreement will be considered as one agreement, to be
read together and constituting the applicable terms in respect of Your usage of the Services
for providing MSSP Services to Your Applicable Customers and supersedes all prior
agreements, representations, negotiations, or other understandings of the Parties with respect
to such subject matter, whether written or oral. In the event of any conflict between this
MSSP Agreement and any Order Form, the terms of this MSSP Agreement will govern
and control.
With respect to U.S. government Applicable Customers, Our IP, including the Services, are
"commercial items", "commercial computer software" and "commercial computer software
documentation," pursuant to DFARS Section 227.7202 and FAR Sections 12.211-12.212, as
applicable. All Our IP, including the Services are and were developed solely at private
expense and the use of Our IP, including the Services, by the United States Government are
governed solely by this MSSP Agreement and are prohibited except to the extent expressly
permitted by this MSSP Agreement.
The provisions of Section 7, Section 8, and Sections 10 through 14, as well as any
obligations to pay any amounts due and outstanding hereunder, will survive termination of
this MSSP Agreement.

EXHIBIT A

ACCEPTABLE USE POLICY

When providing MSSP Services to Applicable Customers, You will comply with this Acceptable Use
Policy (this "AUP"). You and Your Authorized Users must promptly notify Us of any actual or suspected
illegal or unauthorized activity or a security breach involving the Services. You are responsible for Your
Authorized Users’ compliance with the MSSP Agreement and this AUP.

You and Your Authorized Users may not:

transmit unlawful materials, e-mail or information;
transmit harassing, threatening or abusive materials, e-mail or information;
transmit defamatory, libelous, slanderous or scandalous materials, e-mail or information;
transmit obscene, pornographic, profane or otherwise objectionable information of any kind;
transmit materials, e-mail or information that would constitute an infringement upon the patents,
copyrights, trademarks, trade secrets or other intellectual property rights of others;
transmit materials constituting or encouraging conduct that would constitute a criminal offence, give rise to civil liability, or otherwise violate any local, state, national or international law, including without limitation, the U.S. export control laws and regulations;
transmit materials that would give rise to liability under the Computer Fraud and Abuse Act;
use the Services to commit fraud or engage in other misleading or deceptive activities;
upload to, or transmit from the Services any viruses, worms, defects, Trojan horses, time-bombs,
malware, spyware, or any other computer code of a destructive or interruptive nature other than
any of the foregoing contained in the emails or links provided by the Applicable Customer to You
for the purpose of analyzing the emails and links for malicious content as part of the Services;
share the Services and any of Our IP and Our Confidential Information with any third-parties,
except as permitted by this MSSP Agreement or expressly authorized in advance by Us in writing;
use the Services and Our IP in any way to provide services to any third-party except to the
Applicable Customer in accordance with this MSSP Agreement;
disassemble, decompile, reverse compile, reverse engineer or attempt to discover any source code
or underlying ideas or algorithms of the Services and any of Our IP (except to the limited extent
that applicable law prohibits reverse engineering restrictions solely for interoperability purposes);
sell, resell, distribute, sublicense or otherwise transfer, the Services and any of Our IP, or make the
functionality of the Services available to any other party through any means (unless We have
provided prior written consent); and
reproduce, alter, modify or create derivatives of Our IP (unless as expressly permitted in the MSSP
Agreement).

Authorized Users must comply with any of Our Intellectual Property Rights asserted in Our IP provided to You for the purposes of using with the Services. Authorized Users will maintain and not remove or obscure any proprietary notices on Our IP.

Remedies. Violation of this AUP may result in civil or criminal liability, and We may, in addition to any other remedy that We may have at law or in equity, terminate any permission for You and any Authorized User to access the Services or immediately remove the offending material. In addition, We may investigate incidents that are contrary to this AUP.

We reserve the right to update and modify this AUP at any time from time-to-time. Your continued use of the Services and Your Authorized Users after such update or modification will indicate Your acceptance of the updates and/or modifications to this AUP.