Facebook Tracking
Background image

HOSTED END USER LICENSE AGREEMENT

ATTACKIQ EULA

If you contracted online with AttackIQ before August 21, 2019, or renewed that contract prior to August 21, 2019, your use of the Service will be governed by the previous version of the EULA located at attackiq.com/archive_EULA_August2019. For all other Customers, including any Customers that renew a contract with AttackIQ on or after August 21, 2019 your use of the Service will be governed by the Hosted EULA displayed below.

 

HOSTED END​ USER LICENSE AGREEMENT

PLEASE READ THIS HOSTED END USER LICENSE AGREEMENT CAREFULLY. THE AGREEMENT IS A BINDING CONTRACT FOR THE USE OF THE ATTACKIQ SYSTEM.

BY ACCESSING OR USING THE ATTACKIQ SYSTEM YOU ARE ACCEPTING THE AGREEMENT AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, AUTHORITY AND CAPACITY TO ENTER INTO THE AGREEMENT (ON BEHALF OF YOURSELF OR THE ENTITY THAT YOU REPRESENT). IF YOU DO NOT AGREE TO BE BOUND BY ALL OF THE AGREEMENT THEN DO NOT ACCESS OR USE THE ATTACKIQ SYSTEM.

IF YOU OR THE ENTITY THAT YOU REPRESENT HAS ENTERED INTO A SEPARATE CONTRACT FOR THE USE OF THE ATTACKIQ SYSTEM, THEN THAT SEPARATE CONTRACT, AND NOT THESE TERMS, GOVERNS YOUR USE OF THE ATTACKIQ SYSTEM.

BY CLICKING “I AGREE” YOU ACKNOWLEDGE THAT YOU HAVE READ AND ACCEPT THE AGREEMENT. THE AGREEMENT IS EFFECTIVE AS OF THE DATE THAT YOU CLICK “I AGREE” PRIOR TO COMMENCING USE OF THE ATTACKIQ SYSTEM.

 

Section 1. Agreement; Trial Accounts.

1.1      Agreement. This Hosted End User License Agreement made between Customer and AttackIQ governs the Order Form entered into for the AttackIQ System by Customer and includes Attachments 1 and 2 (collectively, the “Agreement”). This Agreement grants Customer a limited license to use the AttackIQ System and AttackIQ Data.

1.2      Trial Accounts. Unpaid trial accounts are made available for users to test and evaluate the functionality of the AttackIQ System without incurring payment obligations (“Trial Accounts”). All Trial Accounts are provided “AS IS” AND “AS AVAILABLE” WITHOUT ANY WARRANTY OF ANY KIND. ATTACKIQ MAY SUSPEND, TERMINATE, OR DISCONTINUE ALL TRIAL ACCOUNTS AT ANY TIME AND FOR ANY REASON (OR NO REASON).

Section 2. License Grant; Access.

2.1 License Grant. Subject to the terms of this Agreement, AttackIQ grants to Customer a limited, non-exclusive, non-sublicensable, non-transferable license during the Term to: (a) install, reproduce and use the Agent, and use the Documentation and AttackIQ Data solely for the Purpose and (b) enhance and modify the Content Library solely for the Purpose; provided that Customer delivers each modification and enhancement to AttackIQ promptly. Customer may install the Agent on machine endpoints Customer owns or controls, up to the maximum number indicated on the Order Form. Customer may run the maximum number of Content Library scenarios each month indicated on the Order Form. Customer may make a reasonable number of copies of the Documentation for backup and disaster recovery purposes during the Term, provided that Customer also reproduces on such copy any copyright, trademark or other proprietary markings and notices contained in the AttackIQ System.

2.2 Delivery. AttackIQ and Customer agree that the Agent, Documentation and Content Library shall be delivered to Customer only electronically.

2.3 Access. Subject to the terms of this Agreement, AttackIQ will use commercially reasonable efforts to provide access to the Hosted Service according to the Documentation.

2.4 Changes to Hosted Service. AttackIQ may modify, enhance or remove features or functionality of the Hosted Service from time to time. If the changes materially reduce the overall functionality, usability and capability of the Hosted Service, then Customer shall have the right to terminate the Agreement and AttackIQ shall refund Customer any unused pre-paid fees on a pro rata basis for the remaining Term following the effective date of termination by Customer. AttackIQ will issue this refund within thirty (30) days of Customer’s termination of the Agreement.

2.5 System Security. AttackIQ will take commercially reasonable technical and organizational measures designed to secure its computer networks and the AttackIQ System from unauthorized access, use, alteration or disclosure. AttackIQ shall not be liable for unauthorized third-party access to its computer networks or the AttackIQ System, except to the extent caused by AttackIQ’s negligence or willful misconduct.

2.6 Limitations. Customer shall use the AttackIQ System only according to the Documentation, use commercially reasonable efforts to prevent unauthorized access to or use of the AttackIQ System and AttackIQ Data, and promptly notify AttackIQ of any unauthorized access or use of the AttackIQ System or AttackIQ Data. Customer is responsible for each User’s compliance with the Agreement.

2.7 Restrictions. Customer may not use the AttackIQ System or AttackIQ Data in any manner or for any purpose other than the Purpose and as expressly permitted by this Agreement. Customer shall not, and shall not permit or enable any third party to: (a) sublicense, distribute or otherwise grant access to or transfer the AttackIQ System or any AttackIQ Data to any third party (except as permitted in the Subsection entitled Assignment); (b) include Personal Data in Customer Data; (c) except as explicitly permitted in this Agreement, alter, create derivative works of or otherwise modify the AttackIQ System (except to the extent applicable laws specifically prohibit such restriction); (d) use the AttackIQ System or AttackIQ Data to damage or circumvent the security of any other party’s network or data; (e) perform or disclose the results of stress tests or benchmarking testing of the AttackIQ System, provided that Customer may compare the AttackIQ System to other products for its internal purposes; or (f) use the AttackIQ System to build a competitive product or service.

Section 3. AttackIQ System Support and Professional Services.

3.1 Informational Support Services. During the Term, AttackIQ will provide support services about the use and operation of the AttackIQ System by email (support@attackiq.com) (the “Informational Support Services”).

3.2 Professional Services. If AttackIQ provides professional services to Customer, such as implementation or training services, then these professional services will be described in a statement of work signed by the Parties (“SOW”) and attached as an exhibit to this Agreement (the “Professional Services”). AttackIQ is not responsible for installing the Agent(s), or Updates unless Customer purchases installation services from AttackIQ.

3.3 Personal Data. If Customer provides Personal Data to AttackIQ under this Agreement, such as names and email addresses of employees who request Support Services, then AttackIQ will: (a) use the Personal Data solely for the purpose of providing the AttackIQ System and Support Services and Professional Services to Customer; (b) use appropriate technical and organizational measures to protect against unauthorized processing and accidental loss or damage of the Personal Data; and (c) delete the Personal Data after the termination or expiration of this Agreement.

Section 4. Data.

4.1 Customer Data.  Customer is solely responsible for the content of the Customer Data including any claims related to the Customer Data. Subject to the terms of the Agreement, Customer hereby grants to AttackIQ a non-exclusive, royalty-free, worldwide license to, and to permit AttackIQ’s business partners (including but not limited to its hosting partners) to, use, copy, modify, perform and display the Customer Data during the Term, solely for the Purpose.

4.2 AttackIQ Data.  Customer agrees to use the AttackIQ Data solely for the Purpose. Customer shall not provide the AttackIQ Data to any third party, other than as required by law. Customer’s breach of this Subsection shall be a material breach of this Agreement. Customer acknowledges that security vulnerabilities and security threats change constantly and this in turn may result in changes to the AttackIQ Data.

4.3 Data Security and Privacy.

a)      Customer shall maintain appropriate security for the AttackIQ Data, consistent with the security standards Customer uses to protect its Confidential Information.

b)      AttackIQ shall maintain appropriate security for the Customer Data and Personal Data, consistent with the security standards AttackIQ uses to protect its Confidential Information and consistent with industry technical and organizational standards to protect against unauthorized processing and accidental loss or damage of the Customer Data and Personal Data.

c)      AttackIQ shall comply with U.S. and European Union federal, national and state laws related to data privacy in effect where the Personal Data data subject resides, including to the extent applicable, the laws of the European Union member states under the General Data Protection Regulation (“GDPR”).

Section 5. Proprietary Rights, Additional License Grants, Obligations and Restrictions.

5.1 Proprietary Rights.

a) The AttackIQ System and AttackIQ Data are the exclusive property of AttackIQ and constitute valuable intellectual property and proprietary materials of AttackIQ. Subject to the limited rights expressly granted in this Agreement, AttackIQ reserves all right, title and interest in and to the AttackIQ System and AttackIQ Data and all derivative works thereof, including all Intellectual Property Rights. For clarity, AttackIQ owns all enhancements and modifications to the Content Library. No rights are granted to Customer except as expressly set forth in this Agreement.

b)      As between the Parties, the Customer Data and Personal Data are the exclusive property of Customer and constitute valuable intellectual property and proprietary materials of Customer. Subject to the limited rights expressly granted in this Agreement, Customer reserves all right, title and interest in and to the Customer Data and Personal Data, including all Intellectual Property Rights. No rights are granted to AttackIQ except as expressly set forth in this Agreement.

5.2 Feedback. Customer hereby grants to AttackIQ a non-exclusive, royalty-free, irrevocable, perpetual, worldwide, license to use and incorporate into the AttackIQ System suggestions, comments, improvements, ideas or other feedback or materials provided by Customer (the “Feedback”). AttackIQ will exclusively own any improvements or modifications to the AttackIQ System, or both, based on or derived from any Feedback including all Intellectual Property Rights in and to the improvements and modifications.

5.3 Trademarks.  AttackIQ owns all right, title and interest in and to the AttackIQ Marks and any goodwill arising out of the use of the AttackIQ Marks will remain with and belong to AttackIQ. Customer may not copy, imitate or use the AttackIQ Marks without the prior written consent of AttackIQ. Customer shall not remove or destroy any proprietary, trademark or copyright markings or notices placed upon or contained within the AttackIQ System. Customer will not in any way dispute, challenge or contend the validity of the AttackIQ Marks or any trademark, service mark or copyright registration owned by AttackIQ.

Section 6. Payments.

6.1 Amount. In exchange for the right to use the AttackIQ System, and receive the Support Services and Professional Services, Customer agrees to pay the amounts specified in the applicable Order Form and SOW (the “Fee”). The Fee does not include taxes and Customer shall be responsible for all such taxes, levies or duties under associated with this Agreement, other than taxes based on AttackIQ’s net income.

6.2 Payment. The Fee is payable in full, in advance for the Initial Term and any Renewal Term, unless the Order Form or SOW provides otherwise. AttackIQ may impose interest on late payments of undisputed invoices at the lower of 1.5% per month, or the maximum rate allowable by applicable law. Customer’s payment of the Fee is not contingent on the delivery of future functionality. All invoices are payable net thirty (30) days from date of invoice in United States Dollars. Except as explicitly provided in this Agreement, all payments are non-refundable.

6.3 Invoice Disputes. Customer must notify AttackIQ of any invoice dispute within thirty (30) days of the date of the applicable invoice and shall cooperate with AttackIQ in good faith in resolving any such dispute. If the Parties are unable to resolve such dispute within thirty (30) days after Customer’s notice of the dispute each Party shall have the right to seek any remedies it may have under this Agreement, at law or in equity. For clarity, any undisputed amount must be paid in full. AttackIQ may accept any payment in any amount without prejudice to AttackIQ’s right to recover the balance of any amount due or to pursue any other right or remedy. Customer shall pay all of AttackIQ’s reasonable fees, costs and expenses (including reasonable attorneys’ fees) if legal action is required to collect outstanding undisputed balances.

Section 7. Term and Termination; Suspension.

7.1 Term. This Agreement commences on the implementation go-live date listed on the Order Form and shall continue in effect for the initial period listed on the Order Form (the “Initial Term”). Thereafter, this Agreement shall automatically renew for successive periods equal to the Initial Term (each, a “Renewal Term”), unless Customer gives written notice of non-renewal to AttackIQ at least thirty (30) days prior to the end of the Initial Term or the then-current Renewal Term, as applicable. The Initial Term and the Renewal Term(s) (if any) are referred to collectively as the “Term”.

7.2 Termination for Material Breach.  If either Party materially breaches any term of this Agreement and fails to cure such breach within thirty (30) days after written notice by the non-breaching Party (fifteen (15) days in the case of non-payment), then the non-breaching Party may terminate this Agreement immediately upon notice.

7.3 Suspension of Hosted Service.  In the event that AttackIQ reasonably concludes that there is a significant threat to the security or functionality of the AttackIQ System, then AttackIQ may suspend Customer’s access to the Hosted Service without advanced notice in addition to and without prejudice to any other remedies AttackIQ may have, until AttackIQ identifies the cause of the threat or resolves the threat, but not to exceed ten (10) days.

7.4 Effect of Termination. 

a) In General. In the event of any termination or expiration of this Agreement: (i) all of Customer's rights under this Agreement will immediately terminate; (ii) the licenses granted in this Agreement will terminate; (iii) all Users will immediately cease any access or use of the AttackIQ System, (iv) Customer promptly shall uninstall the AttackIQ System software from each machine; and (v) Customer shall pay in full for the Professional Services performed up to and including the effective date of termination. Customer may retain a reasonable number of copies of AttackIQ Data reports solely for its archival purposes after this Agreement terminates or expires, provided that Customer also reproduces any copyright, trademark or other proprietary markings and notices on the report.

b) Deletion of Customer Data. If Customer requests deletion of its Customer Data in writing prior to the date of termination or expiration of this Agreement, then AttackIQ will permanently and irrevocably delete the Customer Data stored by AttackIQ or its cloud hosting provider, or both, within ten (10) days of the date of termination or expiration of this Agreement.

c) Survival. Provisions of this Agreement that by their nature are intended to survive, will continue to apply in accordance with their terms including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, indemnity obligations, limitations of liability and the miscellaneous provisions of the Section entitled Miscellaneous.

7.5      Remedy. If Customer terminates this Agreement due to material breach by AttackIQ under Subsection 7.2, then AttackIQ shall refund any pre-paid fees on a pro rata basis for the remaining Term within thirty (30) days of Customer’s termination. However, this remedy shall not apply in the case of a breach of the Subsection entitled Support Services and Professional Services Warranty.

Section 8. Confidential Information.

8.1 Confidentiality Generally.  If the Parties have entered into a Non-Disclosure Agreement (“NDA”), this Agreement incorporates the NDA. If the Parties have not signed an NDA, then the Recipient will protect Confidential Information of the Discloser against any unauthorized use or disclosure to the same extent that the Recipient protects its own Confidential Information of a similar nature against unauthorized use or disclosure, but in no event will use less than a reasonable standard of care to protect such Confidential Information; provided that the Confidential Information of the Discloser is conspicuously marked or otherwise identified as confidential or proprietary upon receipt by the Recipient or the Recipient otherwise knows or has reason to know that the same is Confidential Information of the Discloser. All Customer Data and Personal Data is the Confidential Information of Customer. The Recipient will use any Confidential Information of the Discloser solely for the purposes for which it is provided by the Discloser.

8.2 Exceptions. This Section 8 will not be interpreted or construed to prohibit: (a) any use or disclosure which is necessary or appropriate in connection with the Recipient’s performance of its obligations or exercise of its rights under this Agreement; (b) any use or disclosure required by applicable law (for example, pursuant to applicable securities laws or legal process), provided that the Recipient uses reasonable efforts to give the Discloser reasonable advance notice thereof (to afford the Discloser an opportunity to intervene and seek an order or other appropriate relief for the protection of its Confidential Information from any unauthorized use or disclosure); or (c) any use or disclosure made with the written consent of the Discloser.

Section 9. Limited Warranties and Remedies.

9.1 Mutual Warranties. Each Party hereby represents and warrants to the other Party that (a) the individual executing this Agreement on behalf of such Party is duly authorized to execute this Agreement on its behalf, and (b) this Agreement is a valid and binding obligation of such Party and enforceable against such Party in accordance with its terms.

9.2 Disclaimers.  AttackIQ does not warrant that the AttackIQ System is free from bugs, errors, defects or deficiencies. AttackIQ does not provide any warranties regarding the AttackIQ Data and disclaims all liability for the AttackIQ Data and actions taken in connection with the AttackIQ Data by any party other than AttackIQ. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 9, ATTACKIQ MAKES NO WARRANTY OR GUARANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES, WHETHER IMPLIED OR STATUTORY, INCLUDING ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CUSTOMER ACKNOWLEDGES THAT THE DISCLAIMERS IN THIS SECTION 9 ARE A MATERIAL PART OF THIS AGREEMENT, AND ATTACKIQ WOULD NOT HAVE ENTERED INTO THIS AGREEMENT BUT FOR SUCH DISCLAIMERS.

Section 10. Indemnification.

10.1 IP Indemnification by AttackIQ. 

a)      AttackIQ will, at its expense, either defend Customer from or settle any claim, suit or proceeding (“Claim”) brought by a third party against Customer alleging that Customer’s use of the AttackIQ System in accordance with this Agreement infringes or misappropriates such third party’s United States patent, copyright, trademark or trade secret intellectual property rights.

b)      AttackIQ will indemnify Customer from and pay: (i) all damages, costs and attorneys’ fees finally awarded against Customer in a Claim under Subsection 10.1(a); (ii) all out-of-pocket costs (including reasonable attorneys’ fees) reasonably incurred by Customer in connection with the defense of a Claim under Subsection 10.1(a) (other than attorneys’ fees and costs incurred without AttackIQ’s consent after AttackIQ has accepted defense of the Claim); and (iii) all amounts that AttackIQ agrees to pay to any third party to settle a Claim under Subsection 10.1(a). Further, should the AttackIQ System become, or in AttackIQ's opinion is likely to become, the subject of a claim of infringement or misappropriation AttackIQ may, at its option and expense: (i) obtain a license to permit Customer to continue using the AttackIQ System according to the terms of this Agreement; (ii) modify or replace the relevant portion(s) of the AttackIQ System with a non-infringing or non-misappropriating alternative having substantially equivalent performance within a reasonable period of time; or (iii) terminate this Agreement by providing notice to Customer, and provide Customer with a refund of any pre-paid fees for the AttackIQ System on a pro rata basis for the remaining Term.

c)      AttackIQ’s indemnity obligation will not apply to the extent any infringement or misappropriation arises as a result of: (i) Customer Data, (ii) a combination of the AttackIQ System with software or systems not provided by AttackIQ, or (iii) any failure of Customer to comply with this Agreement.

10.2 Indemnification by Customer.

a)      Customer will, at its expense, either defend AttackIQ from or settle any Claim brought by a third party against AttackIQ caused by or arising out of: (i) Customer Data or (ii) an assertion that Customer has violated the Subsection entitled Restrictions.

b)      Customer will indemnify AttackIQ from and pay: (i) all damages, costs and attorneys’ fees finally awarded against AttackIQ in a Claim under Subsection 10.2(a); (ii) all out-of-pocket costs (including reasonable attorneys’ fees) reasonably incurred by AttackIQ in connection with the defense of a Claim under Subsection 10.2(a) (other than attorneys’ fees and costs incurred without Customer’s consent after Customer has accepted defense of the Claim); and (iii) all amounts that Customer agrees to pay to any third party to settle a Claim under Subsection 10.2(a).

10.3 Process. The indemnified Party will promptly notify the indemnifying Party of any claim subject to this Section 10, but the indemnified Party’s failure to promptly notify the indemnifying Party will only affect the indemnifying Party’s obligations under this Section 10 to the extent that such failure prejudices the indemnifying Party’s ability to defend the Claim. The indemnifying Party may: (a) use counsel of its own choosing to defend against any Claim; and (b) settle the Claim as the indemnifying Party deems appropriate, (except that the indemnifying Party may not settle any Claim unless the settlement unconditionally releases the indemnified Party of all liability related to the Claim). The indemnified Party shall provide the indemnifying Party, at the indemnifying Party’s expense, with all assistance, information and authority reasonably required for the defense and settlement of the Claim.

Section 11. Limitations of Liability.

11.1 By Type. IN NO EVENT WILL ATTACKIQ HAVE ANY LIABILITY TO CUSTOMER OR ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, REMOTE, SPECULATIVE, COVER, PUNITIVE OR EXEMPLARY DAMAGES, (INCLUDING LOSS OF USE, DATA, BUSINESS OR PROFITS) REGARDLESS OF THE THEORY OF LIABILITY OR WHETHER ATTACKIQ HAS BEEN ADVISED OF THE POSSIBILITY OF THESE TYPES OF DAMAGES.

11.2 By Amount Generally. IN NO EVENT WILL ATTACKIQ BE LIABLE FOR AGGREGATE DAMAGES IN EXCESS OF THE FEES PAID OR PAYABLE BY CUSTOMER TO ATTACKIQ UNDER THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY OR WHETHER ATTACKIQ HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.3 Exclusions. No limitation of liability in this Agreement, whether through the exclusion of certain types of damages, a cap on the amount of damages, or other limitation applies to either Party’s liability for violation of the other party’s intellectual property rights, gross negligence, intentional misconduct, death or personal injury.

11.4 Allocation of Risk. The Parties agree that the limitations specified in this Section 11 will survive and apply even if any limited remedy specified in this Agreement is found to have failed of its essential purpose. Each Party acknowledges that the foregoing limitations are an essential element of this Agreement and a reasonable allocation of risk between the Parties and that in the absence of such limitations the pricing and other terms set forth in this Agreement would be substantially different.

Section 12. Disputes.

12.1 Informal Dispute Resolution. If a dispute arises between the Parties, then the Parties will use reasonable efforts to resolve the dispute through negotiation. If such negotiations result in an agreement in principle to settle the dispute, the Parties shall cause a written settlement agreement to be prepared, signed and dated, whereupon the dispute shall be deemed settled, and not subject to further dispute resolution.

12.2 Unresolved Disputes; Waiver of Jury Trial. Upon the Parties’ mutual written agreement, any dispute under this Section 12 may be submitted for resolution to mediation to occur at a mutually agreed upon location. The Parties reserve all rights to adjudicate any dispute not submitted to mediation hereunder, in any court of competent jurisdiction located in in San Francisco County, State of California, USA; provided, however, that each Party hereby waives the right to a trial by jury in any such action.

12.3 Exception for Injunctive Relief. The Parties acknowledge that any breach of the confidentiality provisions or the unauthorized use of a Party’s intellectual property may result in serious and irreparable injury to the aggrieved Party for which damages may not adequately compensate the aggrieved Party. The Parties agree, therefore, that, in addition to the dispute resolution process described above and any other remedy that the aggrieved Party may have, it shall be entitled to seek equitable injunctive relief without being required to post a bond or other surety or to prove either actual damages or that damages would be an inadequate remedy.

Section 13. Miscellaneous.

13.1 Force Majeure. In the event that either Party is prevented from performing or is unable to perform any of its obligations under this Agreement due to any delay or failure to perform as required by this Agreement (except with respect to monetary obligations) as a result of any cause or condition beyond such Party’s reasonable control (including, without limitation, any unforeseen patent claims or any act or failure to act by the other Party), and if such Party shall have used its commercially reasonable efforts to mitigate its effects, such Party shall give prompt written notice to the other Party, and the time for the performance shall be extended for the period of delay or inability to perform due to such occurrences. If the period continues for sixty (60) or more days then either Party is entitled to terminate this Agreement by giving a notice to the other Party. The relief offered by this Subsection 13.1 is the exclusive remedy available with respect to the delays described in this Subsection. This Subsection will not apply to any payment obligation of either Party.

13.2 Export. The AttackIQ System and related technology are subject to applicable United States export laws and regulations. Customer must comply with all applicable United States and international export laws and regulations with respect to the AttackIQ System and related technology. Without limitation, Customer may not export, re-export or otherwise transfer the AttackIQ System or related technology, without a United States government license: (a) to any person or entity on any United States export control list; (b) to any country subject to United States sanctions; or (c) for any prohibited end use.

13.3 Anti-corruption. Customer has not received or been offered any bribe, kickback, illegal or improper payment, gift, or thing of value from any AttackIQ personnel or agents in connection with this Agreement, other than reasonable gifts and entertainment provided in the ordinary course of business. If Customer becomes aware of any violation of the above restriction, Subscriber will promptly notify AttackIQ at support@attackiq.com.

13.4 Independent Contractors. Each Party is an independent contractor and not a partner or agent of the other. This Agreement will not be interpreted or construed as creating or evidencing any partnership or agency between the Parties or as imposing any partnership or agency obligations or liability upon either Party. Further, neither Party is authorized to, and will not, enter into or incur any agreement, contract, commitment, obligation or liability in the name of or otherwise on behalf of the other Party.

13.5 No Third Party Beneficiaries. This Agreement does not create any third party beneficiary rights in any individual or entity that is not a Party to this Agreement.

13.6 Assignment. Except as set forth in this Subsection, neither Party shall assign, delegate, or otherwise transfer this Agreement or any of its rights or obligations to a third party without the other Party's prior written consent.  Either Party may assign, without such consent but upon written notice, its rights and obligations under this Agreement to: (i) its corporate affiliate; or (ii) any entity that acquires all or substantially all of its capital stock or its assets related to this Agreement, through purchase, merger, consolidation, or otherwise. Any other attempted assignment shall be void. Subject to the foregoing, this Agreement will be fully binding upon, inure to the benefit of and be enforceable by any permitted assignee.

13.7 Applicable Law. This Agreement will be interpreted, construed and enforced in all respects in accordance with the laws of the State of California, U.S.A., as applied to agreements entered into and to be performed entirely within California between California residents, without regard to conflicts of law principles. The 1980 UN Convention on Contracts for the International Sale of Goods or its successor will not apply to this Agreement.

13.8 Notice. Ordinary day-to-day operational communications may be conducted by email or telephone communications. Any other notices required by this Agreement will be in writing and given by personal delivery, by pre-paid first class mail or by overnight courier to the address specified on the Order Form (or such other address as may be specified in writing in accordance with this Subsection).

13.9 Additional Definitions. See Attachment 1.

13.10       Entire Agreement. This Agreement, including any attachments and exhibits constitutes the complete and exclusive statement of all mutual understandings between the Parties with respect to the subject matter hereof, superseding all prior or contemporaneous proposals, communications and understandings, oral or written. In the event of any conflict or inconsistency among the following, the order of precedence shall be: (i) the Order Form, (ii) the applicable SOW, (iii) this Hosted End User License Agreement and (iv) the Documentation.  No modification, amendment, or waiver of any provision of this Agreement will be effective unless it exists in writing and is signed by the Party against whom the modification, amendment, or waiver is to be asserted. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.

 

Attachment 1

Additional Definitions

“Agent” means the test point software agent installed on endpoints by Customer and provided with the AttackIQ System.

“AttackIQ Data” means data generated by the AttackIQ System including network telemetry data and other information regarding Customer’s network security vulnerabilities and security threats and any reports Customer creates using the AttackIQ System. For clarity, AttackIQ Data does not include any Personal Data.

“AttackIQ Marks” means any trademarks, service marks, service or trade names, logos, and other designations of AttackIQ.

“AttackIQ System” means the “AttackIQ” proprietary threat intelligence solution for computer software and systems described on the Order Form. The AttackIQ System is comprised of the Agent, the Hosted Service, the Documentation and any Updates to the foregoing.

“Confidential Information” means any information that is proprietary or confidential to the Discloser or that the Discloser is obligated to keep confidential (e.g., pursuant to a contractual or other obligation owing to a third party). Confidential Information may be of a technical, business or other nature (including, but not limited to, information which relates to the Discloser’s technology, software documentation, research, development, products, services, pricing of products and services, customers, employees, contractors, marketing plans, finances, contracts, legal affairs, or business affairs). However, Confidential Information does not include any information that: (a) was known to the Recipient prior to receiving the same from the Discloser in connection with this Agreement; (b) is independently developed by the Recipient; (c) is acquired by the Recipient from another source without restriction as to use or disclosure; or (d) is or becomes part of the public domain through no fault or action of the Recipient. All Customer Data and Personal Data is the Confidential Information of Customer.

“Content Library” means a library of attack scenarios and behaviors used with the AttackIQ System to test the security of Customer’s software and systems.

“Customer Data” means data generated by Customer’s endpoint and delivered to the AttackIQ System and any other information that Customer is permitted to input into the AttackIQ System data fields. Customer Data does not include Personal Data.

“Discloser” means a Party that discloses any of its Confidential Information to the other Party.

“Documentation” means the (a) documentation describing the AttackIQ System accompanying the AttackIQ System and (b) the Content Library developed by AttackIQ included with the Documentation.

“Hosted Service” means the software-as-a-service portion of the AttackIQ System hosted on machines owned or controlled by AttackIQ, as further described on the Order Form.

“Intellectual Property Rights” means any patent, copyright, trademark, service mark, trade name, trade secret, know-how, moral right or other intellectual property right under the laws of any jurisdiction, whether registered, unregistered, statutory, common law or otherwise (including any rights to sue, recover damages or obtain relief for any past infringement, and any rights under any application, assignment, license, legal opinion or search).

“License Key” means a data token provided by AttackIQ associated with Customer’s instance of the AttackIQ System, and which enables use of the AttackIQ System for a specific period of time.

“Party” means AttackIQ or Customer.

“Personal Data” means any information provided by Customer to AttackIQ used to identify a specific natural person, either alone or when combined with other information that is linkable by AttackIQ to a specific natural person. Personal Data also includes other information about a specific natural person where the data protection laws in effect in the region where such person resides define this information as Personal Data.

“Purpose” means the limited purpose of evaluating and validating the effectiveness of Customer’s own computer network security infrastructure in connection with Customer’s ordinary, internal business operations.

“Recipient” means a Party that receives any Confidential Information of the other Party.

“Support Services” means the Informational Support Services.

“Updates” means corrections, updates, patches and other modifications to the AttackIQ System that AttackIQ makes generally commercially available during the Term.

“User” means Customer’s current employees, independent contractors, agents and consultants who are authorized or permitted by Customer to access and use the AttackIQ System on behalf of Customer; provided that each individual is not: (a) a resident of any country subject to a United States embargo or other similar United States export restrictions; (b) on the United States Treasury Department’s list of Specifically Designated Nationals; (c) on the United States Department of Commerce’s Denied Persons List or Entity List; or (d) on any other United States export control list.