This MASTER SERVICES AGREEMENT (the “Agreement”), by and between the entity (“Customer”) named in the FortifyData Order Form (the “Order Form”) and FortifyData, Inc., a Delaware corporation (“FortifyData”), is effective as of the date set forth in the first Order Form between Customer and FortifyData (the “Effective Date”). FortifyData and Customer agree that this Agreement, including all exhibits hereto and all Order Forms, represent the entire agreement between the parties with respect to the subject matter of the Agreement.
By accepting this Agreement, by (1) clicking a box indicating acceptance, (2) executing an Order Form (as defined below) that references this Agreement, or (3) using free services, the Customer agrees to the terms of this Agreement. If the individual accepting this Agreement is accepting on behalf of a company or other legal entity, such individual represents that they have the authority to bind such entity and its affiliates to these terms and conditions, in which case the term “Customer” shall refer to such entity and its affiliates. If the individual accepting this Agreement does not have such authority, or does not agree with these terms and conditions, such individual shall not accept this Agreement and shall not use the Services.
In consideration of FortifyData’s engagement hereunder to perform the services and/or provide the products described herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree to the following terms and conditions:
- From time to time during the term of this Agreement, upon request of the Customer and mutual agreement of FortifyData and Customer in an Order Form (as defined below), FortifyData will use commercially reasonable efforts to provide certain services (“Services”) to the Customer, and the Customer shall acquire such Services from FortifyData, all on the terms and subject to the conditions set forth in this Agreement. The specific details of any Services covered by this Agreement will be expressly agreed by the parties in an Order Form or Quote (each, an “Order Form”). Over the course of the Term of this Agreement, the parties may agree to multiple Order Forms for different Services provided by FortifyData. Each such Order Form will contain a description of the Services to be provided, the price to be paid by the Customer to FortifyData for such Services, the period of performance and such other terms and conditions consistent with this Agreement to which the parties have agreed. Each Order Form shall be binding only upon execution by both parties. Any changes in the scope of an Order Form will be addressed in an amendment to such Order Form signed by both parties.
- Customer shall provide FortifyData with all information relevant to the Services and any reasonable assistance and cooperation as may be required for FortifyData to properly perform the Services. Customer represents and warrants to FortifyData that all such information will be accurate and complete in all material respects. The adequacy of the scope of work of the Services in addressing Customer’s needs is solely Customer’s responsibility. Any timing or fee estimate FortifyData has provided in an Order Form takes into account the agreed-upon level of assistance from Customer and commitment of Customer resources.
- Customer acknowledges and agrees that (i) FortifyData provides one or more software and/or software-as-a-service offerings to assist in assessing and identifying cyber security risks and also separately provides professional services to help address and rectify cyber security risk areas, (ii) such Software and professional services are independent offerings of FortifyData, and (iii) FortifyData’s Software is designed to help identify cyber security risks independent of whether FortifyData provides related professional services to help rectify such risks.
- To the extent any Services in any Order Form consist of professional services that result in or consist of Fortify creating any software or other deliverable pursuant to such professional services (each, a “Deliverable”), each such Deliverable will be considered accepted (“Acceptance”) by Customer (a) when Customer provides FortifyData written notice of acceptance or (b) 10 days after delivery, if Customer has not first provided FortifyData with written notice of rejection. Customer may reject a Deliverable only if it materially deviates from its specifications and requirements listed in the applicable Order Form and only via written notice setting forth the nature of such deviation. In case of such rejection, FortifyData shall correct the deviation and redeliver the Deliverable within 30 days. After redelivery pursuant to the previous sentence, the parties shall again follow the acceptance procedures set forth in this Subsection 1.d. This Subsection 1.d, in conjunction with Customer’s right to terminate for material breach where applicable, sets forth Customer’s only remedy and FortifyData’s only liability for failure of any Deliverable. Upon Acceptance, each Deliverable will constitute an element of the Services and Software, as specified in the applicable SoW, and will thereafter be subject to this Agreement’s terms regarding Services and Software, including without limitation license and indemnity terms. FortifyData retains ownership of all Deliverables, and Customer receives no right, title, or interest in or to Deliverables except as specifically set forth in this Agreement
2. Software License; Restrictions on Use; Support
- To the extent Customer enters into an Order Form with FortifyData for Services that include the use of one or more of FortifyData’s software offerings (collectively the “Software”), FortifyData grants to Customer a limited, non-transferable (except as set forth in Section 12(d)), non-sublicensable right to: (i) access and use the Software during the Order Form Term solely for Customer’s internal business purposes subject to the usage and user restrictions set forth in the Order Form; and (ii) to allow Authorized Users (as defined below) to access and use the Software according to the terms of this Agreement for their individual use. Customer shall not use the Software for, or on behalf of, third parties that are not authorized under this Agreement.
- Except as expressly provided in this Agreement, Customer shall not directly or indirectly: (i) license, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any third party the Software in any way; (ii) modify or make derivative works based upon the Software; (iii) reverse engineer the Software; or (iv) access the Software in order to build a competitive product or service.
- Customer further agrees that it shall not, and shall not permit its Authorized Users to: (i) send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (ii) send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or violative of third party privacy rights; (iii) send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs; (iv) interfere with or disrupt the integrity or performance of the Software or the data contained therein; or (v) attempt to gain unauthorized access to the Software or its related systems or networks.
- Customer is responsible for all activity occurring under Customer’s accounts and the accounts of its Authorized Users and shall comply with all applicable U.S. laws and regulations in connection with the use of the Software, including but not limited to privacy laws and export control laws and regulations. Customer shall: (i) notify FortifyData promptly upon becoming aware of any unauthorized use of any password or account or any other known or suspected breach of security with respect to the Software; (ii) report to FortifyData immediately and use reasonable efforts to stop immediately any copying or distribution or misuse of the Software that becomes known or suspected by Customer or Customer’s users; and (iii) not impersonate another provider user or provide false identity information to gain access to or use the Software.
- To the extent Customer enters into an Order Form with FortifyData for the use of Software (including any Deliverable constituting Software), FortifyData agrees to provide the support and maintenance services and the remedies set forth in Fortify’s standard Service Level Agreement attached as Exhibit A to this Agreement (the “SLA”). Such remedies are Customer’s sole remedy for any failure of the System except as specifically listed in this Agreement, and Customer recognizes and agrees that if the SLA and the other provisions of this Agreement do not list a remedy for a given failure, it has no remedy. Credits issued pursuant to the SLA apply to outstanding or future invoices only and are forfeit upon termination of this Agreement. FortifyData is not required to issue refunds or to make payments against such credits under any circumstances, including without limitation after termination of this Agreement. FortifyData may revise the SLA or the features and functions of the Software at any time, provided no such revision materially reduces features or functionality provided pursuant to any outstanding Order Form.
- Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Software and Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer accounts and the Equipment.
- Customer shall be responsible for engaging directly with any third parties, if applicable, with respect to any cyber risk assessments being performed with respect to such third party via the FortifyData Software platform as part of the Services. If Customer wants FortifyData to engage ay such Customer third parties on Customer’s behalf, Customer shall notify FortifyData in writing of this request and FortifyData may, but shall not be obligated to, engage directly with such third party to perform the applicable Services. FortifyData retains the right to cease provision of Services to any such third party upon request by such applicable third party or upon expiration or termination of FortifyData’s agreement with such third party, and will promptly notify Customer of such termination.
3. Compensation and Payment.
- In consideration for the Services, Customer agrees to compensate FortifyData in accordance with prices (the “Fees”) to be negotiated and agreed to in the Order Form. FortifyData will invoice Customer by electronic mail for the Services and payment will be due upon receipt of such invoice. All prepaid fees shall be non-refundable unless the applicable Order Form is terminated due to the uncured material breach by FortifyData (as set forth in Section 4). Travel expenses incurred by FortifyData in the performance of any Services will be billed separately at FortifyData’s reasonable, actual out of pocket costs. If Customer believes Customer’s invoice is incorrect, Customer must notify FortifyData in writing of any such disputed amount within thirty (30) days of the date of the invoice containing the amount in question to be eligible to receive an adjustment or credit.
- FortifyData reserves the right to modify the Fees applicable to its Services and to introduce new charges. Any modifications or changes to the applicable Fees will not become effective until the next Renewal Order Form Term (defined below). FortifyData shall provide Customer written notice of any increase in Fees or new charges at least thirty (30) days prior to the end of the then current Order Form Term or Renewal Order Form Term. In the event that Customer does not provide notice of termination to FortifyData as described in Section 4 below, such Fee changes shall become effective at the commencement of the next Renewal Order Form Term.
- If any payments are not paid within thirty (30) days of the associated invoice, FortifyData reserves the right to assess interest against any outstanding amount at a rate of 1.5% per month or portion thereof, or the highest amount permitted by law, whichever is higher. If Customer has not paid any sums when due hereunder, FortifyData may, at its option, suspend the Services until such past due sums are paid, regardless of whether or not this Agreement has been terminated.
- The Fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and Customer shall be responsible for payment of all such taxes, levies, or duties, excluding only taxes based solely on FortifyData’s income. If FortifyData has the legal obligation to pay or collect taxes for which Customer is responsible, the appropriate amount shall be invoiced to and paid by Customer unless Customer provides FortifyData with a valid tax exemption certificate authorized by the appropriate taxing authority.
- In the event Customer fails to pay the applicable Fees or expenses when due as set forth in this Agreement, and FortifyData initiates legal enforcement or third-party collection efforts to recover the past-due amounts, Customer agrees to pay all reasonable legal fees and costs incurred by FortifyData.
4. Term and Termination.
- The term of this Agreement shall commence on the Effective Date of the first applicable Order Form and continue until the termination or expiration of the last Order Form in place between the parties, unless this Agreement is earlier terminated by FortifyData or Customer in accordance with Section 4.c.
- Each Order Form will specify a separate term length (each, an “Order Form Term”) applicable to the subscription for each Service being provided under the Order Form. The termination of one Order Form will not terminate this Agreement or any other applicable Order Form unless otherwise specified in such Order Form and unless no other Order Forms remain outstanding. Except as otherwise expressly set forth in an Order Form, subscriptions for Services will automatically renew for additional periods (each, a “Renewal Order Form Term”) equal to the expiring subscription term for such Service or one year (whichever is shorter), unless either party gives the other notice of non-renewal at least 30 days before the end of the relevant subscription term.
- Either Party may terminate an applicable Order Form (and this Agreement if all Order Forms are terminated) for material breach if the breach remains uncured thirty (30) days after written notice specifying the nature of the breach is provided to the non-breaching party.
- Upon termination or cancellation of an Order Form, any licenses granted to the Customer under the applicable Order Form will terminate effective immediately. FortifyData shall reasonably cooperate with the Customer to provide for an orderly wind-down of the Services provided by FortifyData in the Order Form. The following provisions will survive termination or expiration of this Agreement: (i) any obligation of the Customer to pay for Services rendered before termination; (ii) Sections 1, 3, 4, 5, 6, 7, 8, 9, 11, and 12 of this Agreement; and (iii) any other provision of this Agreement that must survive termination to fulfill its essential purpose.
- FortifyData, upon written request from Customer within 30 days of the expiration or termination of this Agreement, will provide all Customer Data (as hereinafter defined) to Customer within 5 business days after such written request. Customer agrees and acknowledges that FortifyData has no obligation to retain Customer Data beyond such 30-day period, and FortifyData will thereafter erase all Customer Data in FortifyData’s possession or control from FortifyData´s systems, subject to FortifyData’s rights in Section 6 to use aggregated, de-identified data.
5. Confidential Information.
- Each party (as a “Receiving Party” hereunder) shall not disclose to any third party, any Confidential Information of the other party (as a “Disclosing Party” hereunder) provided to such Receiving Party in anticipation of, or in connection with the performance of this Agreement. This includes Confidential Information provided to the Receiving Party prior to the effective date of this Agreement. As used herein, the term “Confidential Information” refers to any and all non-public financial, technical, commercial, or other information concerning the business, technology, and/or affairs of the Disclosing Party, including, without limitation, any cost or pricing information, customer information, contractual terms and conditions, marketing or distribution data, business methods or plans. FortifyData’s Confidential Information includes, without limitation, all pricing terms offered to Customer under this Agreement.
- Receiving Party shall not disclose or publicize the Confidential Information without the Disclosing Party’s prior written consent. Receiving Party shall protect the Confidential Information with the same degree of care it uses to protect its own information of a similar nature, but in no event less than reasonable care. The Receiving Party shall not use the Confidential Information for its own benefit or for the benefit of any other person, third-party, firm or corporation except as required in connection with its performance under this Agreement.
- The terms of confidentiality and non-disclosure contained herein shall expire five (5) years from the date of the termination of this Agreement, except for any information that qualifies as a trade secret under applicable law. The parties shall maintain the confidentiality of any trade secret information for so long as the information qualifies as a trade secret.
- The restrictions on disclosure shall not apply to information which was: (i) generally available to the public at the time of disclosure, or later available to the public other than through fault of Receiving Party; (ii) already known to Receiving Party prior to disclosure pursuant to this Agreement, as evidenced by contemporaneously maintained written records; or (iii) obtained at any time lawfully from a third-party not bound by any obligation of confidentiality and under circumstances permitting its use or disclosure to others. Notwithstanding the foregoing, Receiving Party may disclose Confidential Information as required by applicable law or by proper legal or governmental authority. Receiving Party will, if permitted by applicable law, give Disclosing Party prompt notice of any such legal or governmental demand and reasonably cooperate with Disclosing Party in any effort to seek a protective order or otherwise to contest such required disclosure, at Disclosing Party’s expense, and shall disclose only that part of the Confidential Information that Receiving Party is required to disclose.
- Each party acknowledges and agrees that any violation of this Section 5 may cause the Disclosing Party irreparable injury for which the Disclosing Party would have no adequate remedy at law, and that the Disclosing Party shall be entitled to seek preliminary and other injunctive relief against the Receiving Party for any such violation. Such injunctive relief shall be in addition to, and not in limitation of, all other remedies or rights that Disclosing Party shall have at law or in equity.
- Customer acknowledges and agrees that it will not disclose to FortifyData any personal data of EU data subjects (as defined by EU General Data Protection Regulation 2016/679), personal information of California residents (as defined by Cal Civ Code Secs. 1798.100-1798.199), protected health information (as defined by the Health Insurance Portability and Accountability Act and its implementing regulations), third-party credit card or other payment processing information, or other sensitive personal information or information regulated by applicable law, until the parties have mutually agreed to an addendum setting forth each party’s obligations with regard to the collection and use of the protected data.
6. Proprietary Rights; Customer Data
- Proprietary Rights. Unless otherwise expressly set forth in an Order Form, FortifyData retains all Intellectual Property Rights (defined below) in the Software, Services, Deliverables and all underlying technology, as well as any and all suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any other party relating to the Software or Services. Unless otherwise expressly set forth in an Order Form, any Intellectual Property Rights in any Deliverables developed by FortifyData in the course of performing the Services for Customer shall belong exclusively to FortifyData. Moreover, the Intellectual Property Rights in and to any modifications, derivatives and improvements to the Software and/or any Deliverables made by FortifyData and/or Customer shall, and do hereby vest, exclusively in FortifyData. “Intellectual Property Rights” means all intangible, proprietary rights, including, without limitation, copyrights, trade secrets, trademarks, patents, design rights, goodwill, look and feel, and moral rights.
- Suggestions. If Customer provides any suggestions to FortifyData or its affiliates (“Suggestions”), FortifyData will own all right, title, and interest in and to the Suggestions, even if Customer has designated the Suggestions as confidential. FortifyData and its affiliates will be entitled to use the Suggestions without restriction. Customer hereby irrevocably assigns to FortifyData all right, title, and interest in and to the Suggestions.
- Trademarks. The FortifyData name, the FortifyData logo, and the product names associated with FortifyData and its licensors are trademarks of FortifyData or third parties, and no right or license is granted hereby to Customer to use them unless prior written consent is granted by authorized representatives of FortifyData. Customer grants FortifyData the right to use Customer’s name, mark and logo on FortifyData’s website and in FortifyData marketing materials. Without requiring prior Customer approval, Customer agrees that FortifyData may state the fact that Customer is a FortifyData customer (without revealing specifics about the Agreement or the relationship), and Customer agrees to act as a reference account for FortifyData.
- Customer Data. Non-public electronic information and data provided by Customer to FortifyData to enable the provision of the Services and/or Software is herein referred to as “Customer Data”. As between FortifyData and Customer, FortifyData recognizes that Customer possesses and retains all right, title and interest in and to Customer Data, and FortifyData’s use and possession thereof is solely on Customer’s behalf.
Except as provided in this Section 6, FortifyData obtains no rights under the Agreement from Customer or its licensors to Customer Data. Customer consents to FortifyData’s use of Customer Data to provide the Software and Services to Customer and Customer’s end users and third parties with respect to which Customer requests that FortifyData perform Services. FortifyData may disclose Customer Data to provide the Services and Software to Customer and such end users and third parties or to comply with any request of a governmental or regulatory body (including subpoenas or court orders).
Customer is solely responsible for the development, content, operation, maintenance, accuracy and use of Customer Data. Without limiting the generality of the foregoing, Customer is solely responsible for
- any claims relating to Customer Data; and
- properly handling and processing notices sent to Customer (or any of Customer’s affiliates) by any person claiming that Customer Data violates such person’s rights, including notices pursuant to the Digital Millennium Copyright Act.
- Notwithstanding anything in this Agreement to the contrary, FortifyData shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services, Software and related systems and technologies, and FortifyData will be free (during and after the term of this Agreement) to (i) use such information and data to improve and enhance the Services and Software and for other development, diagnostic and corrective purposes in connection with the Services, Software and other FortifyData offerings, and (ii) disclose such data solely in aggregated or other de-identified form in connection with its business. No such disclosure shall mention Customer, Customer’s clients, Customer’s logos or trademarks, or Customer’s identifiable information including but not limited to address, services, or products offered by Customer.
7. Insurance; Indemnification
- Insurance. Each party shall maintain, at its own expense, sufficient insurance coverage to adequately cover such party’s respective obligations under this Agreement. Upon request, and no later than thirty (30) days of a written request therefor, a party shall provide to the other party a copy of its current certificate of insurance evidencing its current insurance coverage.
- Indemnification. Each party (the “Indemnifying party”) shall at its expense protect, defend, and hold harmless the other party and its respective affiliates, directors, officers, employees, agents, licensors, successors and assigns (the “Indemnified party”) from and against any claim, demand, action, suit or proceeding brought by a third party (a “Claim”), arising from or related to (i) any alleged or actual breach by the Indemnifying party of any of its obligations, representations or warranties under this Agreement or violation of applicable law, (ii) with respect to Customer as the Indemnifying party, (a) any alleged or actual use of the Services, Software or any Deliverable by Customer in a manner not authorized by this Agreement or (b) use of Customer Data in accordance with the Agreement, or any other written material, images, logos or other content uploaded to or transmitted through the Software or Services through Customer’s accounts, infringes any United States Intellectual Property Right of a third party; or (iii) with respect to FortifyData as the Indemnifying party, any alleged or actual Claim that Customer’s access and use of the Software or any Deliverable as permitted under this Agreement, infringes any United States Intellectual Property Right of any third party. The Indemnifying party shall have no indemnity obligation with respect to any Claim for such portion of the Claim that arises due to the Indemnified party’s negligence, willful misconduct or breach of this Agreement. With respect to each Claim, the Indemnifying party shall indemnify the Indemnified party from and against any and all damages, judgments, awards, fines, penalties, expenses, and costs (including without limitation attorney’s fees and expenses that are awarded to the third party by a court or other authority), that are assessed by a governmental authority or that are payable to the third party in a settlement made by the Indemnifying party.
- The foregoing obligations of FortifyData do not apply with respect to portions or components of the Services, Software or any Deliverable (i) not supplied by FortifyData, (ii) made in whole or in part in accordance with Customer specifications, (iii) that are modified after delivery by FortifyData by Customer or a third party not approved by FortifyData, (iv) combined with other products, processes or materials where the alleged infringement would not have occurred but for such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of the Software, Deliverables or Services is not in accordance with this Agreement. If, due to a claim of infringement, the Software or Services are held by a court of competent jurisdiction to be or are believed by FortifyData to be infringing, FortifyData may, at its option and expense (a) replace or modify the Software, Deliverable and/or Services to be non-infringing provided that such modification or replacement contains materially equivalent features and functionality, (b) obtain for Customer a license to continue using the Software, Deliverable and/or Services, or (c) if neither of the foregoing is commercially practicable, terminate this Agreement or the applicable Order Form and Customer’s rights hereunder or thereunder, as the case may be, and provide Customer a refund of any prepaid, unused fees for the Software and/or Services.
- The Indemnifying party’s obligations are contingent upon the Indemnified party (a) promptly giving written notice of the Claim to the Indemnifying party once the claim is known; (b) giving the Indemnifying party sole control of the defense and settlement of the Claim (provided that the Indemnifying party may not settle such Claim unless such settlement unconditionally releases the Indemnified party of all liability and does not adversely affect the Indemnified party’s business or service); (c) providing to the Indemnifying party all available information and reasonable assistance; and (d) not compromising or settling such third-party Claim without the Indemnifying party’s approval (such approval not to be unreasonably withheld). THE FOREGOING IS THE INDEMNIFYING PARTY’S SOLE OBLIGATION AND THE INDEMNIFIED PARTY’S EXCLUSIVE REMEDY WITH RESPECT TO THIRD PARTY CLAIMS DESCRIBED IN THIS SECTION.
8. Limitation of Liability
WITHOUT LIMITING THE RIGHTS OF THE PARTIES FOR EQUITABLE RELIEF AND EXCEPT FOR INDEMNIFICATION OBLIGATIONS OF THE PARTIES AND/OR BREACH OF THE CONFIDENTIALITY PROVISIONS IN THIS AGREEMENT AND CUSTOMER’S PAYMENT OBLIGATIONS UNDER THIS AGREEMENT AND EACH ORDER FORM, IN NO EVENT: (a) WILL EITHER PARTY’S LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE FEES ACTUALLY PAID TO FORTIFYDATA BY CLIENT AND/OR PROPERLY DUE FROM CLIENT PURSUANT TO THIS AGREEMENT DURING THE TWELVE MONTH PERIOD IMMEDIATELY PRECEDING THE CLAIM; AND (b) WILL EITHER PARTY BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY OR PUNITIVE DAMAGES OF ANY TYPE OR KIND (INCLUDING LOSS OF REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE), REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, STRICT PRODUCT LIABILITY, OR OTHERWISE AND EVEN IF THE PARTY IS ADVISED IN ADVANCE OF THE POSSIBILITY OF THE DAMAGES IN QUESTION AND SUCH DAMAGES WERE FORESEEABLE, AND EVEN IF A PARTY’S REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE. IF APPLICABLE LAW LIMITS THE APPLICATION OF THE PROVISIONS OF THIS SECTION, EACH PARTY’S LIABILITY WILL BE LIMITED TO THE MAXIMUM EXTENT PERMISSIBLE.
FortifyData may select and engage one or more subcontractors to perform the Services. FortifyData shall have full and complete control of and responsibility for all actions of its agents, affiliates, officers, directors, employees and subcontractors, if any, of FortifyData (collectively, “FortifyData’s Agents”) and none of FortifyData’s Agents shall be, or shall be deemed to be, the agents, affiliates, officers, directors, employees or subcontractors of the Customer for any purpose whatsoever by virtue of this Agreement. FortifyData hereby acknowledges and agrees that FortifyData shall cause each of FortifyData’s Agents who participate in rendering the Services to comply with the terms of this Agreement, and FortifyData shall ultimately be responsible for the performance of the Services.
- Each party represents and warrants to the other that (i) its execution of and performance under this Agreement do not and will not conflict with any other agreement to which the party making the representation is a party, (ii) it is authorized to do business in all jurisdiction(s) in which it has obligations under this Agreement and has obtained all necessary rights, licenses and consents to fully perform under this Agreement.
- Services. FortifyData represents and warrants that (i) the Services will be performed in a professional and workmanlike manner, (ii) the Services will conform in all material respects to the description and requirements of the Services set forth in this Agreement and the applicable Order Form, and (iii) its performance of the Services will be in compliance with all applicable laws.
- Any Software or Deliverable licensed to Customer pursuant to an applicable Order Form shall, under normal use and circumstances during the Order Form Term and/or Renewal Order Form Term as applicable, materially conform to the documentation relating to the Software or Deliverable, if any, provided by FortifyData to Customer and any specifications or requirements expressly provided in the Order Form; provided that in the event the Software or Deliverable does not conform to the specified documentation, specifications, or requirements, Customer’s sole remedy and FortifyData’s sole obligation will be for FortifyData to (i) make reasonable commercial efforts at FortifyData’s sole cost and expense to secure for Customer the right to continue using the Services, Software or Deliverable, as applicable, (ii) correct the non-conformity or replace or modify the Services, Software or Deliverable, as applicable, to make them conforming, or (iii) if FortifyData is unable to correct the non-conformity within ninety (90) days after Customer’s written notice, terminate the applicable Order Form (or that portion of the Order Form relative to the nonconforming feature) and refund to Customer, on a pro rata basis in proportion to the portion of the Order Form Term or Renewal Order Form Term, as the case may be, left after such termination, of any prepaid unused fees under such Order From or with respect to such features of the Services, Software or Deliverable, as applicable.
- Disclaimers. EXCEPT FOR THE EXPRESS WARRANTIES SPECIFIED IN THIS SECTION 10, THE SERVICES ARE PROVIDED “AS IS” AND AS AVAILABLE, AND FORTIFYDATA MAKES NO WARRANTIES, EITHER EXPRESS OR IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, QUIET ENJOYMENT, NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING FORTIFYDATA DOES NOT WARRANT THAT THE SERVICES, SOFTWARE OR ANY DELIVERABLE WILL PERFORM WITHOUT ERROR OR INTERRUPTION OR BE FREE OF HARMFUL COMPONENTS, WILL MEET CUSTOMER’S REQUIREMENTS, OR BE TIMELY OR SECURE, OR THAT ANY CONTENT, INCLUDING CUSTOMER DATA OR ANY THIRD-PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. CUSTOMER WILL NOT HAVE THE RIGHT TO MAKE OR PASS ON ANY REPRESENTATION OR WARRANTY ON BEHALF OF FORTIFYDATA TO ANY THIRD PARTY. FORTIFYDATA IS NOT RESPONSIBLE FOR ANY DECISION MADE OR ACTION TAKEN BY CUSTOMER, AUTHORIZED USERS, END USERS, OR ANY OTHER PERSON, IN RELIANCE UPON THE SERVICES OR MATERIALS.
- Internet Delays. FORTIFYDATA’S SERVICES, SOFTWARE AND DELIVERABLES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. FORTIFYDATA IS NOT RESPONSIBLE FOR DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS NOT CAUSED BY FORTIFYDATA.
11. Independent Contractors
In accordance with the mutual intentions of the Customer and FortifyData, this Agreement establishes between them an independent contractor relationship, and all of the terms and conditions of this Agreement shall be interpreted in light of that relationship. The relationship of the Customer and FortifyData for purposes of this Agreement is completely independent and unrelated to any other relationship that exists or may exist in the future between the parties. This engagement is not exclusive, and nothing in this Agreement shall be construed to preclude (a) the Customer from soliciting or engaging others to act as contractors on behalf of the Customer for similar services or (b) FortifyData from performing similar services for others. This Agreement does not create any employer-employee, agency or partnership relationship or any joint venture. As an independent contractor, FortifyData’s fees and expenses shall be limited to those expressly stated in this Agreement. None of the employees or agents of FortifyData shall be considered employees of the Customer, nor shall FortifyData or any of FortifyData’s employees or agents be entitled to participate in any plans, arrangements or distributions of the Customer pertaining to any benefits provided to regular employees of the Customer. Subject to the terms of this Agreement: (i) FortifyData has the sole and exclusive right to control and direct the manner and means by which FortifyData renders the Services, provided that such manner and means must produce services of a commercially reasonable quality; (ii) FortifyData may perform the duties at any time or pursuant to any schedule, provided that the Services are completed within the time periods (including any interim time periods) indicated within the description of the Services, or otherwise specified by the Customer and agreed to in writing by FortifyData; and (iii) FortifyData shall have no obligation to follow any particular sequence in performing the Services.
- Notices. Notice, demand, or other communication mandated to be given by this Agreement by either party to the other shall be sufficiently given or delivered if it is sent by (i) registered or certified mail, postage prepaid, return receipt requested, (ii) nationally recognized overnight delivery service, (iii) delivered personally, or (iv) sent via electronic mail or facsimile and receipt of such is confirmed by responsive communication. Unless FortifyData is otherwise notified in writing, Customer’s address for notice purposes shall be Customer’s address provided as part of Customer’s billing information. All notices shall be deemed to have been given upon receipt or, if earlier, two (2) business days after being deposited in the mail as required above.
- Amendment. This Agreement may not be amended or modified except through a written agreement executed by authorized representatives of each party.
- No Waiver. Neither party will be deemed to have waived any of its rights under this Agreement by lapse of time or by any statement or representation other than (i) by an authorized representative and (ii) in an explicit written waiver. No waiver of a breach of this Agreement will constitute a waiver of any prior or subsequent breach of this Agreement.
- Assignment & Successors. Neither party shall assign, sell or transfer this Agreement, or its rights or obligations hereunder, without the prior written consent of the other party; provided, however, that either party may assign this Agreement without consent, but with prior written notice, to any of its affiliates or a successor in the event of any sale of all or substantially all of the business of the assigning party whether by sale of assets, merger, reorganization or otherwise. The terms and conditions of this Agreement shall inure to the benefit of and be binding upon the respective successors and assigns of the parties.
- Choice of Law & Jurisdiction. This Agreement will be governed solely by the internal laws of the State of Georgia, without reference to such State’s principles of conflicts of law. The parties consent to the personal and exclusive jurisdiction of the federal and state courts located in Atlanta, Georgia.
- Severability. To the extent permitted by applicable law, the parties hereby waive any provision of law that would render any clause of this Agreement invalid or otherwise unenforceable in any respect. In the event that a provision of this Agreement is held to be invalid or otherwise unenforceable, such provision will be interpreted to fulfill its intended purpose to the maximum extent permitted by applicable law, and the remaining provisions of this Agreement will continue in full force and effect.
- Conflicts among Attachments. If there is any conflict between the provisions of this Agreement and an Order Form, the Order Form will control.
- Force Majeure. Each party shall be excused from its obligations under this Agreement, except for any payment obligations, and shall have no liability for any resulting loss or damage, in the event and to the extent that its performance is delayed or prevented by any circumstance reasonably beyond its control, including, but not limited to, fire, flood, epidemic, pandemic, explosion, act of any government in its sovereign capacity, act of God or of the public enemy, strike, walkout or other labor dispute, and riot or civil disturbance.
- Entire Agreement. This Agreement, including the applicable Order Forms and Exhibits, sets forth the entire agreement of the parties and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to the subject matter hereof. Neither party has relied upon any such prior or contemporaneous communications.
EXHIBIT A: SERVICE LEVEL AGREEMENT
This Service Level Agreement (“SLA”) between FortifyData (“FortifyData”) and Customer is subject to the applicable subscription agreement (“Order Form + Master Subscription Agreement”) between FortifyData and Customer. All defined terms used in this SLA and not defined herein shall have the meaning assigned to them in the subscription agreement. FortifyData shall provide the cyber risk management SaaS platform (“Services”) in connection with the Agreement. This SLA governs FortifyData’s performance and delivery of the Services to Customer.
- “Potential Uptime” means the amount of time in a given month
- “Production Uptime” Production Uptime represents the amount of time in a given month that Customer has the ability to log in or access the Services. Potential Uptime is measured by FortifyData in a given month by the following calculation.
- “Services Interruption Time” is the period of time for which the Services (or any material portion thereof) are unavailable due to issues caused by or attributable to FortifyData. Services Interruption Time does not include Regular Maintenance or Scheduled Maintenance.
- “Regular Maintenance” is the period of time under which the Services may be unavailable for recurring maintenance work. FortifyData attempts to schedule this time when usage of the Services is light across FortifyData’s customer base and therefore, FortifyData shall only conduct Regular Maintenance between the hours of 8PM and 10PM (EST). Regular Maintenance is required in order to maintain system health requirements. FortifyData shall use commercially reasonable efforts to minimize any Regular Maintenance windows to the minimum time necessary to support performance of the Services. Often times, Customer will not experience any Services Interruption Time during periods of Regular Maintenance.
- “Scheduled Maintenance” is the period of time under which the Services may be unavailable for non-recurring maintenance. Scheduled Maintenance is required in order to provide updates to the Services as well as to maintain system health requirements. FortifyData shall provide Customer at least twelve (12) hours advance notice prior to Scheduled Maintenance; provided, however, FortifyData shall endeavor to provide at least twenty-four (24) hours advanced notice for Scheduled Maintenance. FortifyData shall use commercially reasonable efforts to minimize any Scheduled Maintenance windows to the minimum time necessary to support performance of the Services. Often times, Customer will not experience any Services Interruption Time during periods of Emergency Maintenance.
- “Emergency Maintenance” describes maintenance for certain emergency situations, where advance notice may be not be feasible, possible or practical. FortifyData shall use commercially reasonable efforts to minimize any Emergency Maintenance windows to the minimum time necessary to support performance of the Services. Periods of Emergency Maintenance shall be included in Services Interruption Time.
2. Service Levels Commitment
FortifyData commits to provide a 99.7% Production Uptime with respect to the Services during each calendar month of the subscription term.
3. Service Level Credits
If FortifyData fails to perform the Services in accordance with the Service Level Commitment, then Customer may request a Service Level Credit in accordance with this SLA. Service Level Credits shall be Customer’s sole and exclusive remedy for unavailability or performance degradation of the specific Services.
4. Weighting Factor
The “Weighting Factor” for calculation of the Service Level Credit is set forth below and correlates to the relative unavailability of the Service in a given month.
Production Uptime between 99.7% and 100% = 0
Production Uptime between 95.00% and 99.6% = .1
Production Uptime between 90.00% and 94.99% = .15
Production Uptime below 90% = .2
5. Calculation of Service Level Credits
The following equation shall be used to calculate any Service Level Credits:
Service Level Credit (in $) = Weighting Factor multiplied by the monthly fee for applicable Service.
Example: Production Uptime in a given month is 95%. The monthly fee for the Service is $100 (Annual fee for the Hosted Services is $1,200).
Service Level Credit (in $) = (0.1) x $100 = $10.
If Customer has paid in advance for one or more years of the Services, monthly fees will be calculated on a pro rata basis.
- Customer’s breach of, or failure to perform any obligations under, this SLA or the Agreement;
- issues relating to Customer’s environment, internal networks, computer systems, firewalls or Customer’s inability to connect to the internet;
- Force Majeure Events; or
- issues arising from failures, acts or omissions FortifyData’s upstream service providers (i.e. AWS).
In order to receive a Service Level Credit, Customer must request such by emailing FortifyData at firstname.lastname@example.org, within 10 days of the end of the applicable month. If Customer is past due or in default with respect to any payment or any material contractual obligations to FortifyData, Customer is not eligible for any Service Level Credit. Service Level Credits are non-refundable and may only be applied to future upgrades or renewals of the specific FortifyData Services affected.
This Service Level Agreement may be amended by FortifyData in its reasonable discretion but only after providing thirty (30) days’ advance notice. FortifyData may provide such notice either as a note on the screen presented upon logging in to the Services, or by email to the email addressed registered with Customer’s account.
9. Support Terms
- FortifyData will provide technical support to Customer via telephone on weekdays during the hours of 9AM through 5PM EST, with the exclusion of weekends as well as USA national holidays (“Support Hours”)
- FortifyData will provide technical support to Customer via a ticketing system on weekdays with the exclusion of weekends as well as USA national holidays (“Support Hours”).
- Customer agrees to perform tasks as reasonably requested by FortifyData to aid in the resolution of any suspected problems. Prior to contacting FortifyData, Customer will take reasonable steps to verify issues reported by end users and to confirm that issues are associated with the Software and not with Customer’s computing or networking infrastructure.FortifyData will have no obligation to provide support or assistance with respect to any third-party hardware, materials or software.
Customer may initiate a helpdesk ticket during Support Hours by calling:
US: +1 888 396 4110 (Ext. 2) or any time by emailing email@example.com.
FortifyData will use commercially reasonable efforts to respond to all Helpdesk tickets within one (1) business day.