This Master Subscription Agreement governs customer’s acquisition and use of the FortifyData Services.
If a customer registers for a free trial of FortifyData services or for free services, the applicable provisions of this agreement will also govern that free trial or those free services.
By accepting this agreement, by (1) clicking a box indicating acceptance, (2) executing an order form that references this agreement, or (3) using free services, the customer agrees to the terms of this agreement. If the individual accepting this agreement is accepting on behalf of a company or other legal entity, such individual represents that they have the authority to bind such entity and its affiliates to these terms and conditions, in which case the term “customer” shall refer to such entity and its affiliates. If the individual accepting this agreement does not have such authority, or does not agree with these terms and conditions, such individual must not accept this agreement and may not use the services.
FortifyData’s direct competitors are prohibited from accessing the Services, except with FortifyData’s prior written consent.
- SAAS SERVICES AND SUPPORT
1.1 “Software” means the proprietary, online, subscription-based software of FortifyData and its third-party software licensors that enables businesses to identify, assess, remediate, and monitor their cyber risk posture.
1.2 Subject to the terms of this Subscription Agreement, FortifyData will use commercially reasonable efforts to provide Customer the services ordered in Order Form, including the Software, (herein referred to as the “Services”). As part of the registration process, Customer will identify an administrative user name and password for Customer’s FortifyData account. FortifyData reserves the right to refuse registration of or cancel passwords it deems inappropriate.
1.3 FortifyData will provide technical support via telephone and/or email on weekdays during the hours of 9:00 am through 5:00 pm Eastern Standard time, with the exclusion of weekends and Federal Holidays (“Support Hours”).
Customer may initiate a helpdesk ticket during Support Hours by calling 888-396- 4110 Ext 2 or any time by emailing firstname.lastname@example.org. FortifyData will use commercially reasonable efforts to respond to all Helpdesk tickets within one (1) business day.
- RESTRICTIONS AND RESPONSIBILITIES
2.1 Customer will not, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services (“Software”); modify, translate, or create derivative works based on the Services or any Software (except to the extent expressly permitted by FortifyData or authorized within the Services); use the Services or any Software for time sharing or service bureau purposes or otherwise for the benefit of a third; or remove any proprietary notices or labels.
2.2 Further, Customer may not remove or export from the United States or allow the export or re-export of the Services, Software or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority.
2.3 Customer shall only use the Services only in compliance with this Subscription Agreement and all applicable laws and regulations. Customer is responsible and liable for all uses of the Services resulting from access provided by Customer or provided to its authorized users or other Parties at Customer’s direction, directly or indirectly, whether such access or use is permitted by or in violation of this Subscription Agreement. Although FortifyData has no obligation to monitor Customer’s use of the Services, FortifyData may do so and may prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing.
2.4 Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer account or the Equipment with or without Customer’s knowledge or consent.
2.5 User subscriptions cannot be shared or used by more than one individual user but Customer shall have the right to deactivate user-id’s of one authorized user and, for no additional charge, request FortifyData to activate a new user-id of the same type for another Authorized User for the balance of the then current contract term. At all times, Customer shall not permit user-id sharing.
2.6 Customer shall be responsible for engaging its third-parties, if warranted/applicable, about the assessments being performed via the FortifyData platform. If Customer wants FortifyData to engage its third-parties on the Customer’s behalf, Customer will need to explicitly notify FortifyData of this request. FortifyData has the right to cease provision of the services to a third-party upon request by the third-party.
3.1 Each Party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Confidential Information” of the Disclosing Party).
As used herein, Confidential Information means all confidential and proprietary information of a Disclosing Party disclosed to the Receiving Party, whether orally, in writing or electronically, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the terms and conditions of this Subscription Agreement (including pricing), Customer Data [defined below in Section 4], business and marketing plans, screenshots and non-public information regarding features, functionality, and performance of the Software, product designs, and business processes. Confidential Information shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the other party; (ii) was known to a party prior to its disclosure by the other party without breach of any obligation owed to the other party; (iii) was independently developed by a party without breach of any obligation owed to the other party; or (iv) is received from a third party without breach of any obligation owed to the other party.3.2 The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Confidential Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information after three (3) years following the disclosure thereof or any information that the Receiving Party can document (a) is or becomes generally available to the public, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party or (e) is required to be disclosed by law.
3.3 Notwithstanding anything to the contrary, FortifyData shall have the right collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom), and FortifyData will be free (during and after the term hereof) to (i) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other FortifyData offerings, and (ii) disclose such data solely in aggregate or other de-identified form in connection with its business. No rights or licenses are granted except as expressly set forth herein. No such disclosure shall mention Customer, Customer’s clients, Customer’s logos or trademarks, or customer’s identifiable information including but not limited to address, services, or products offered by Customer.
- DATA PROTECTION
4.1 Non-public data provided by Customer to FortifyData to enable the provision of the Services is hereby referred to as “Customer Data”. Customer shall always own Customer Data.
4.2 FortifyData shall maintain and handle Customer Data with commercially reasonable physical, electronic, and procedural safeguards to protect and preserve the confidentiality and security of Customer Data (including personal information) in accordance with applicable data protection legislative requirements.
- PAYMENT OF FEES
5.1 Customer will pay FortifyData the then applicable fees described in the Order Form for the Services in accordance with the terms therein (the “Fees”). FortifyData reserves the right to change the Fees or applicable charges and to institute new charges and Fees at the end of a Subscription Term upon thirty (30) days prior notice to Customer (which may be sent by email). Notwithstanding anything to the contrary contained in this agreement, in the event that FortifyData changes the Fees or applicable charges, Customer, at Customer’s sole discretion, may terminate the agreement in accordance with Section 6.2 and shall not have to pay any additional fees beyond the fees listed in the most recent duly executed Order Form, signed by Customer. If Customer believes that FortifyData has billed Customer incorrectly, Customer must contact FortifyData no later than 60 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to FortifyData’s customer support department.
5.2 FortifyData shall issue an invoice for the Services to the Customer via electronic mail, in which case, full payment for invoices issued must be received by FortifyData within thirty (30) days of receipt. Unpaid and undisputed amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Services. Customer shall be held responsible for payment of all undisputed portions of an invoice as described in this Section. Customer shall be responsible for all taxes associated with Services other than taxes based on FortifyData’s net income.
- TERM AND TERMINATION
6.1 Term; Termination. This Agreement begins on the Effective Date and, unless earlier terminated as set forth below, will continue while an Order Form is in effect between the Parties. “Subscription Term” means the time period specified in an Order Form during which the Services are available. With regard to each Order Form, if this Subscription Agreement has not terminated early, the Subscription Term will renew automatically on the Subscription Term anniversary. Either Party may terminate this Subscription Agreement (or any Order Form) upon the other Party’s material breach that remains uncured for thirty (30) days following notice of such breach, except that in the event of a breach of Section 3 (Restrictions and Responsibilities) or Section 4 (Confidentiality), the cure period is five (5) days. FortifyData reserves the right to modify, or discontinue offering, any component of the Services effective at the conclusion of Customer’s then- current Subscription Term.
6.2 Termination for Convenience. Customer may choose to terminate this Subscription Agreement (or any Order Form) for any reason by providing the other Party at least thirty (30) days notice in writing [email acceptable]. If Customer terminates as described above, then Customer shall pay FortifyData the fees owed for the applicable Order Form(s) within thirty (30) days of the date of termination.
6.3 Effect of Termination. Upon expiration or earlier termination of this Subscription Agreement or applicable Order Form, Customer shall discontinue use of the Services and FortifyData, upon request, will provide all Customer Data to Customer within 30 days of expiration or termination of the Subscription Agreement. After said period, Customer agrees and acknowledges that FortifyData has no obligation to retain Customer Data and FortifyData will purge all non-publicly accessible Customer Data from FortifyData´s systems.
- WARRANTY DISCLAIMER
EXCEPT AS EXPLICITLY SET FORTH IN THIS SUBSCRIPTION AGREEMENT, FORTIFYDATA DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES AND IMPLEMENTATION SERVICES ARE PROVIDED “AS IS” AND FORTIFYDATA DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
- INTELLECTUAL PROPERTY OWNERSHIP
FortifyData alone (and its licensors, where applicable) shall own all right, title and interest, including all related intellectual property rights, in and to the Services, the Software and underlying technology, and any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any other party relating to the Services. This Subscription Agreement, including applicable supporting order forms, constitute a transaction for the Services; however, this Agreement does not convey to Customer any rights of ownership in or related to the Services, Software or the intellectual property rights owned by FortifyData and its licensors, where applicable. The FortifyData name, the FortifyData logo, and the product names associated with FortifyData and its licensors are trademarks of FortifyData or third Parties, and no right or license is granted to use them unless prior written consent is granted by authorized representatives of FortifyData.
9.1 Customer hereby agrees to indemnify and hold harmless FortifyData against damages, losses, liabilities, settlements, and expenses (including without limitation costs and attorneys’ fees) to the extent any third party claim or action arises from (i) Customer’s unauthorized use of the Services or Customer´s breach of this Subscription Agreement; or (ii) Customer´s use of the Software, either directly or at Customer’s discretion, to perform cybersecurity risk assessments of the computing resources pertaining to Customer or a third party; (iii) Customer´s use of the Services in combination with data, software, hardware, equipment or technology not provided by FortifyData or authorized by FortifyData in writing; or (iv) Customer´s modifications to the Services not performed by FortifyData.
9.2 FortifyData shall indemnify, defend, and hold Customer harmless from liability to third Parties resulting from infringement by the Services of any United States patent or any copyright or misappropriation of any trade secret, provided that Customer promptly notifies FortifyData in writing of the claim, reasonably cooperates with FortifyData, and allows FortifyData sole authority to control the defense and gives FortifyData the opportunity to assume sole control over defense and settlement of the claim. Neither party will be responsible for any settlement it does not approve in writing. The foregoing obligations do not apply with respect to portions or components of the Services (i) not supplied by FortifyData, (ii) made in whole or in part in accordance with Customer specifications, (iii) that are modified after delivery by FortifyData, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of the Service is not strictly in accordance with this Subscription Agreement. If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by FortifyData to be infringing, FortifyData may, at its option and expense (a) replace or modify the Service to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (b) obtain for Customer a license to continue using the Service, or (c) if neither of the foregoing is commercially practicable, terminate this Subscription Agreement and Customer’s rights hereunder and provide Customer a refund of any prepaid, unused fees for the Services.
- LIMITATION OF LIABILITY
IN NO EVENT WILL EITHER PARTY BE LIABLE UNDER OR IN CONNECTION WITH THIS SUBSCRIPTION AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (A) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (B) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (C) LOSS OF GOODWILL OR REPUTATION; (D) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (E) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER PROVIDER WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE.
IN NO EVENT WILL FORTIFYDATA´S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS SUBSCRIPTION AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING INDEMNIFICATION OBLIGATIONS, BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE EXCEED TWO TIMES THE TOTAL AMOUNTS PAID TO FORTIFYDATA UNDER THIS AGREEMENT IN THE YEAR PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
11. 1 If any provision of this Subscription Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Subscription Agreement will otherwise remain in full force and effect and enforceable.
11.2 Neither Party shall indirectly or directly sell, transfer, assign, convey, pledge, encumber or otherwise dispose of this Agreement without the prior written consent of the other Party, which consent will not be unreasonably withheld. Notwithstanding the foregoing, either Party may, without prior written consent of the other Party, assign or transfer this Agreement as part of a corporate reorganization, consolidation, merger or sale of substantially all assets or stock, provided the successor entity assumes all of the assigning Party’s obligations hereunder. Any assignments contrary to this Section 12.2 will be void and of no effect. This Subscription Agreement is binding upon and inure to the benefit of the Parties and their respective permitted successors and assigns.
11.3 This Subscription Agreement is the complete and exclusive statement of the mutual understanding of the Parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both Parties, except as otherwise provided herein.
11.4 No agency, partnership, joint venture, or employment is created as a result of this Subscription Agreement and Customer does not have any authority of any kind to bind FortifyData in any respect whatsoever.
11.5 In any action or proceeding to enforce rights under this Subscription Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees.
11.6 All notices under this Subscription Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested.
11.7 Disputes; Mediation; Binding Arbitration; Governing Law; Emergency Relief. All claims and disputes arising under or relating to this Subscription Agreement between the Parties shall first be resolved by mediation with written notice to the other party of its intent to mediate. In the event that mediation does not resolve the dispute within forty- five (45) days of said notice, all claims and disputes arising under or relating to this Subscription Agreement are to be settled by binding arbitration under Georgia law in Cobb County, Georgia unless another location is mutually agreeable to the Parties. The arbitration shall be conducted on a confidential basis pursuant to the Commercial Arbitration Rules of the American Arbitration Association (AAA). Any decision or award as a result of any such arbitration proceeding shall be in writing and shall provide an explanation for all conclusions of law and fact and shall include the assessment of costs, expenses, and reasonable
11.8 All sections of this Subscription Agreement which by their nature should survive termination will survive termination.