APPENDIX R-1 – SAAS TERM OF SERVICE (“TOS”)
a. “Authorized User” means employees, consultants, contractors, and agents (i) who are authorized to access and use the SaaS under the rights granted to an AT&T Customer, as applicable, pursuant to this TOS and applicable Order and (ii) for whom a unique id and password to access to the SaaS has been provisioned pursuant to this TOS and applicable Order.
b. “SaaS” means the proprietary online cyber risk management solution of FortifyData that enables businesses to identify, assess, remediate, and monitor their cyber risk posture.
2. TOS Acceptance. Prior to any Authorized Users accessing and using the SaaS, each AT&T Customer must agree to this TOS. FortifyData will not provision access if this TOS has not been accepted by the prospective user.
3. SaaS Responsibilities & Restrictions.
a. FortifyData shall provide an Authorized User access to the SaaS in accordance with this TOS and the applicable Order. As part of the registration process, AT&T or the AT&T Customer (as applicable) shall identify an administrative user name and password for each Authorized User. FortifyData reserves the right to refuse registration of or cancel passwords it deems inappropriate.
b. All Authorized Users shall not, directly or indirectly, reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the SaaS or any software, documentation or data related to the SaaS; modify, translate, or create derivative works based on the Software (except to the extent expressly permitted by FortifyData or authorized in an Order and this TOS); use the SaaS for time-sharing or service bureau purposes or otherwise for the benefit of a third party; or remove any proprietary notices or labels.
c. All Authorized Users shall only use the SaaS in compliance with this TOS and all applicable laws and regulations. AT&T Customer is responsible and liable for all uses of the SaaS resulting from access provided to their respective Authorized Users and other parties at direction of AT&T or the AT&T Customer, directly or indirectly, whether such access or use is permitted by or in violation of the TOS.
d. Authorized User accounts cannot be shared or used by more than one individual user but AT&T and AT&T Customers, as applicable, shall have the right to deactivate user-id’s of one Authorized User and, for no additional charge, may activate a new user-id as needed.
e. AT&T Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the SaaS, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). AT&T Customer shall also be responsible for maintaining the security of the Equipment, Authorized User names, passwords (including but not limited to administrative and user passwords) and files, and for all uses of an Authorized User account or the Equipment with or without knowledge or consent of AT&T Customer.
f. AT&T Customer may not remove or export from the United States or allow the export or re-export of the SaaS or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. As defined in FAR section 2.101, the SaaS and documentation are “commercial items” and according to DFAR section 252.227‑7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this TOS and the applicable Order and will be prohibited except to the extent expressly permitted.
4. FortifyData’s Use Of Data. FortifyData shall have the right to collect and analyze publicly available data and other information relating to the provision, use and performance of various aspects of the SaaS and related systems and technologies, and FortifyData will be free to use such information and data to improve and enhance the SaaS and for other development, diagnostic, and corrective purposes in connection with the SaaS.
5. WARRANTY DISCLAIMER. AS IT RELATES TO AT&T CUSTOMERS, FORTIFYDATA DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
6. FortifyData’s Terms of Service. FortifyData shall have the right to revise these Terms of Service from time to time provided that no such revisions may materially degrade the rights of AT&T Customers or the obligations of FortifyData’s described in the Terms of Service. When FortifyData makes changes, it will post them here. Customer may wish to check this section from time to time because Customer’s use of the SaaS following any changes indicates Customer’s agreement to be bound by those modifications.