End User License Agreement

ATTACKIQ EULA

If you contracted online with AttackIQ before August 21, 2019, or renewed that contract prior to August 21, 2019, your use of the Service will be governed by the previous version of the EULA located at attackiq.com/archive_2019_EULA.

If you contracted online with AttackIQ between July 9, 2023 and August 21, 2019, or renewed that contract on or before July 9, 2023, your use of the Service will be governed by the previous version of the EULA located at attackiq.com/archive_2023_EULA.

For all other Customers who contract online with AttackIQ, including any Customers that renew a contract with AttackIQ on or after July 10, 2023, your use of the Service will be governed by the Hosted EULA displayed below.

HOSTED END USER LICENSE AGREEMENT

PLEASE READ THIS HOSTED END USER LICENSE AGREEMENT CAREFULLY. THE AGREEMENT IS A BINDING CONTRACT FOR THE USE OF THE ATTACKIQ SOLUTION.

BY ACCESSING OR USING THE ATTACKIQ SOLUTION YOU ARE ACCEPTING THE AGREEMENT AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, AUTHORITY AND CAPACITY TO ENTER INTO THE AGREEMENT (ON BEHALF OF YOURSELF OR THE ENTITY THAT YOU REPRESENT). IF YOU DO NOT AGREE TO BE BOUND BY ALL OF THE AGREEMENT THEN DO NOT ACCESS OR USE THE ATTACKIQ SOLUTION.

IF YOU OR THE ENTITY THAT YOU REPRESENT HAS ENTERED INTO A SEPARATE CONTRACT FOR THE USE OF THE ATTACKIQ SOLUTION, THEN THAT SEPARATE CONTRACT, AND NOT THESE TERMS, GOVERNS YOUR USE OF THE ATTACKIQ SOLUTION.

BY CLICKING “I AGREE” YOU ACKNOWLEDGE THAT YOU HAVE READ AND ACCEPT THE AGREEMENT. THE AGREEMENT IS EFFECTIVE AS OF THE DATE THAT YOU CLICK “I AGREE” PRIOR TO COMMENCING USE OF THE ATTACKIQ SOLUTION.

This Hosted End User License Agreement is entered into by AttackIQ, Inc. a Delaware corporation (“AttackIQ”) and the undersigned customer (“Customer”).

Section 1.     Agreement.

This Hosted End User License Agreement made between Customer and AttackIQ governs the quote for the AttackIQ Solution prepared for Customer (“Quote”) and includes Attachment 1 and Attachment 2 (collectively, the “Agreement”). This Agreement grants Customer a limited license to use the AttackIQ Solution and Content Library.

Section 2.     License Grant; Access.

2.1          License Grant. Subject to the terms of this Agreement, AttackIQ grants to Customer a limited, non-exclusive, non-sublicensable, non-transferable license during the Term to: (a) install, reproduce and use the Agent, and use the Documentation and Content Library solely for the Purpose and (b) enhance and modify the Content Library solely for the Purpose. Customer may install the Agent on machine endpoints Customer owns or controls, up to the maximum number indicated on the Quote.  Customer may make a reasonable number of copies of the Documentation for backup and disaster recovery purposes during the Term, provided that Customer also reproduces on such copy any copyright, trademark or other proprietary markings and notices contained in the AttackIQ Solution.

2.2          Delivery.  AttackIQ and Customer agree that the Agent, Documentation and Content Library shall be delivered to Customer only electronically.

2.3          Access. Subject to the terms of this Agreement, AttackIQ will use commercially reasonable efforts to provide access to the Hosted Service according to the Documentation.

2.4          Changes to Hosted Service. AttackIQ may modify, enhance or remove features or functionality of the Hosted Service from time to time. If the changes materially reduce the overall functionality, usability and capability of the Hosted Service, then Customer shall have the right to terminate the Agreement and AttackIQ shall refund Customer any unused pre-paid fees on a pro rata basis for the remaining Term following the effective date of termination by Customer. AttackIQ will issue this refund within thirty (30) days of Customer’s termination of the Agreement.

2.5          System Security. AttackIQ will take commercially reasonable technical and organizational measures designed to secure its computer networks and the AttackIQ Solution from unauthorized access, use, alteration or disclosure. AttackIQ shall not be liable for unauthorized third-party access to its computer networks or the AttackIQ Solution, except to the extent caused by AttackIQ’s negligence or willful misconduct.

2.6          Limitations. Customer shall use the AttackIQ Solution only according to the Documentation, use commercially reasonable efforts to prevent unauthorized access to or use of the AttackIQ Solution and Content Library, and promptly notify AttackIQ of any unauthorized access or use of the AttackIQ Solution or Content Library. Customer is responsible for each User’s compliance with the Agreement.

2.7          Restrictions. Customer may not use the AttackIQ Solution or Content Library in any manner or for any purpose other than the Purpose and as expressly permitted by this Agreement.  Customer shall not, and shall not permit or enable any third party to: (a) sublicense, distribute or otherwise grant access to or transfer the AttackIQ Solution or the Content Library to any third party (except as permitted in the Subsection entitled Assignment); (b) include Personal Data in Customer Data;  (c) except as explicitly permitted in this Agreement, alter, create derivative works of or otherwise modify the AttackIQ Solution (except to the extent applicable laws specifically prohibit such restriction); (d) use the AttackIQ Solution or Content Library to damage or circumvent the security of any other party’s network or data; (e) perform or disclose the results of stress tests or benchmarking testing of the AttackIQ Solution, provided that Customer may compare the AttackIQ Solution to other products for its internal purposes; or (f) use the AttackIQ Solution to build a competitive product or service.

Section 3.     AttackIQ Solution Support Services.

Subject to Customer’s payment obligations under this Agreement, AttackIQ will provide the maintenance and support services described at Attachment 2 (the “Support Services”) for no additional charge. Only AttackIQ shall have the right to maintain and support the AttackIQ Solution.

Section 4.     Data.

4.1          Customer Data.  Customer is solely responsible for the content of the Customer Data including any claims related to the Customer Data. Subject to the terms of the Agreement, Customer hereby grants to AttackIQ a non-exclusive, royalty-free, worldwide license to, and to permit AttackIQ’s business partners (including but not limited to its hosting partners) to, use, copy, modify, perform and display the Customer Data during the Term, solely for the Purpose.

4.2          Content Library.  Customer agrees to use the Content Library solely for the Purpose.  Customer shall not provide the Content Library to any third party, other than as required by law. Customer’s breach of this Subsection shall be a material breach of this Agreement. Customer acknowledges that security vulnerabilities and security threats change constantly and this in turn may result in changes to the Content Library.

4.3          Data Security and Privacy.

a)            Customer Security. Customer shall maintain appropriate security for the Content Library, consistent with the security standards Customer uses to protect its Confidential Information.

b)            AttackIQ Security. AttackIQ shall maintain appropriate security for the Customer Data and Personal Data, consistent with the security standards AttackIQ uses to protect its Confidential Information and consistent with industry technical and organizational standards to protect against unauthorized processing and accidental loss or damage of the Customer Data and Personal Data.

c)            Personal Data Compliance. AttackIQ shall comply with U.S. and European Union federal, national and state laws related to data privacy in effect during the Term of this Agreement where the Personal Data data subject resides, including to the extent applicable, the California Consumer Privacy Act of 2018, Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code (“CCPA”) and the laws of the European Union member states under the General Data Protection Regulation (“GDPR”).

d)            Restrictions on Personal Data. If Customer provides Personal Data to AttackIQ under this Agreement, such as names and email addresses of employees who login to the AttackIQ Solution or request Support Services, then AttackIQ will: (a) use the Personal Data solely for the purpose of providing the AttackIQ Solution and Support Services and Professional Services to Customer; (b) use appropriate technical and organizational measures to protect against unauthorized processing and accidental loss or damage of the Personal Data; and (c) delete the Personal Data within twenty (20) days of a request to do so from Customer or, otherwise, as required by law.

  1. e) No Selling; No Consideration. AttackIQ and its subprocessors are expressly prohibited from: (i) selling Personal Data for monetary or other valuable consideration; (ii) sharing, collecting, retaining, using, or disclosing Customer Personal Data for any purpose, other than the express purpose of providing the AttackIQ Solution and Support Services and Professional Services to Customer. AttackIQ acknowledges and confirms that it does not receive any Personal Data as consideration for any services or products that it provides to Customer under this Agreement.

Section 5.     Proprietary Rights, Additional License Grants, Obligations and Restrictions.

5.1          Proprietary Rights.

a)            The AttackIQ Solution, Content Library and AttackIQ Data are the exclusive property of AttackIQ and constitute valuable intellectual property and proprietary materials of AttackIQ. Subject to the limited rights expressly granted in this Agreement, AttackIQ reserves all right, title and interest in and to the AttackIQ Solution, Content Library and AttackIQ Data and all derivative works thereof, including all Intellectual Property Rights. For clarity, AttackIQ owns all enhancements and modifications to the Content Library. No rights are granted to Customer except as expressly set forth in this Agreement.

b)            As between the Parties, the Customer Data and Personal Data are the exclusive property of Customer and constitute valuable intellectual property and proprietary materials of Customer. Subject to the limited rights expressly granted in this Agreement, Customer reserves all right, title and interest in and to the Customer Data and Personal Data, including all Intellectual Property Rights. No rights are granted to AttackIQ except as expressly set forth in this Agreement.

5.2          Feedback. Customer hereby grants to AttackIQ a non-exclusive, royalty-free, irrevocable, perpetual, worldwide, license to use and incorporate into the AttackIQ Solution suggestions, comments, improvements, ideas or other feedback or materials provided by Customer (the “Feedback”). AttackIQ will exclusively own any improvements or modifications to the AttackIQ Solution, or both, based on or derived from any Feedback including all Intellectual Property Rights in and to the improvements and modifications.

5.3          Trademarks.  AttackIQ owns all right, title and interest in and to the AttackIQ Marks and any goodwill arising out of the use of the AttackIQ Marks will remain with and belong to AttackIQ. Customer may not copy, imitate or use the AttackIQ Marks without the prior written consent of AttackIQ. Customer shall not remove or destroy any proprietary, trademark or copyright markings or notices placed upon or contained within the AttackIQ Solution. Customer will not in any way dispute, challenge or contend the validity of the AttackIQ Marks or any trademark, service mark or copyright registration owned by AttackIQ.

Section 6.     Payments.

6.1          Amount. In exchange for the right to use the AttackIQ Solution, and receive the Services, Customer agrees to pay the amounts specified in the applicable Quote and SOW (the “Fee”). The Fee does not include taxes and Customer shall be responsible for all such taxes, levies or duties associated with this Agreement, other than taxes based on AttackIQ’s net income.

6.2          Payment. The Fee is payable in full, in advance for the Initial Term and any Renewal Term, unless the Quote or SOW provides otherwise. AttackIQ may impose interest on late payments of undisputed invoices at the lower of 1.5% per month, or the maximum rate allowable by applicable law. Customer’s payment of the Fee is not contingent on the delivery of future functionality. All invoices are payable net thirty (30) days from date of invoice in United States Dollars. Except as explicitly provided in this Agreement, all payments are non-refundable.

6.3          Invoice Disputes. Customer must notify AttackIQ of any invoice dispute within thirty (30) days of the date of the applicable invoice and shall cooperate with AttackIQ in good faith in resolving any such dispute. If the Parties are unable to resolve such dispute within thirty (30) days after Customer’s notice of the dispute each Party shall have the right to seek any remedies it may have under this Agreement, at law or in equity. For clarity, any undisputed amount must be paid in full. AttackIQ may accept any payment in any amount without prejudice to AttackIQ’s right to recover the balance of any amount due or to pursue any other right or remedy. Customer shall pay all of AttackIQ’s reasonable fees, costs and expenses (including reasonable attorneys’ fees) if legal action is required to collect outstanding undisputed balances.

Section 7.     Term and Termination; Suspension.

7.1          Term. This Agreement commences on the Start Date listed on the Quote and shall continue in effect until the End Date listed on the Quote (the “Initial Term”). Thereafter, this Agreement shall automatically renew for successive periods equal to the Initial Term (each, a “Renewal Term”), unless Customer gives written notice of non-renewal to AttackIQ at least thirty (30) days prior to the end of the Initial Term or the then-current Renewal Term, as applicable. The Initial Term and the Renewal Term(s) (if any) are referred to collectively as the “Term”.

7.2          Termination for Material Breach.  If either Party materially breaches any term of this Agreement and fails to cure such breach within thirty (30) days after written notice by the non-breaching Party (fifteen (15) days in the case of non-payment), then the non-breaching Party may terminate this Agreement immediately upon notice.

7.3          Suspension of Hosted Service.  In the event that AttackIQ reasonably concludes that there is a significant threat to the security or functionality of the AttackIQ Solution, then AttackIQ may suspend Customer’s access to the Hosted Service without advanced notice in addition to and without prejudice to any other remedies AttackIQ may have, until AttackIQ identifies the cause of the threat or resolves the threat, but not to exceed ten (10) days.

7.4           Effect of Termination.

a)            In General. In the event of any termination or expiration of this Agreement: (i) all of Customer’s rights under this Agreement will immediately terminate; (ii) the licenses granted in this Agreement will terminate; (iii) all Users will immediately cease any access or use of the AttackIQ Solution; (iv) Customer promptly shall uninstall the AttackIQ Solution software from each machine; and (v) Customer shall pay in full for the Professional Services performed up to and including the effective date of termination. Customer may retain a reasonable number of copies of reports generated by the AttackIQ Solution solely for its archival purposes after this Agreement terminates or expires, provided that Customer also reproduces any copyright, trademark or other proprietary markings and notices on the report.

b)            Deletion of Customer Data. If Customer requests deletion of its Customer Data in writing prior to the date of termination or expiration of this Agreement, then AttackIQ will permanently and irrevocably delete the Customer Data stored by AttackIQ or its cloud hosting provider, or both, within ten (10) days of the date of termination or expiration of this Agreement.

c)            Survival. Provisions of this Agreement that by their nature are intended to survive, will continue to apply in accordance with their terms including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, indemnity obligations, limitations of liability and the miscellaneous provisions of the Section entitled Miscellaneous.

7.5          Remedy. If Customer terminates this Agreement due to material breach by AttackIQ under Subsection 7.2, then AttackIQ shall refund any pre-paid fees on a pro rata basis for the remaining Term within thirty (30) days of Customer’s termination. However, this remedy shall not apply in the case of a breach of the Subsection entitled Services Warranty.

Section 8.     Confidential Information.

8.1          Confidentiality Generally.  If the Parties have entered into a Non-Disclosure Agreement (“NDA”), this Agreement incorporates the NDA. If the Parties have not signed an NDA, then the Recipient will protect Confidential Information of the Discloser against any unauthorized use or disclosure to the same extent that the Recipient protects its own Confidential Information of a similar nature against unauthorized use or disclosure, but in no event will use less than a reasonable standard of care to protect such Confidential Information; provided that the Confidential Information of the Discloser is conspicuously marked or otherwise identified as confidential or proprietary upon receipt by the Recipient or the Recipient otherwise knows or has reason to know that the same is Confidential Information of the Discloser. All Customer Data and Personal Data is the Confidential Information of Customer. The Recipient will use any Confidential Information of the Discloser solely for the purposes for which it is provided by the Discloser.

8.2          Exceptions. This Section 8 will not be interpreted or construed to prohibit: (a) any use or disclosure which is necessary or appropriate in connection with the Recipient’s performance of its obligations or exercise of its rights under this Agreement; (b) any use or disclosure required by applicable law (for example, pursuant to applicable securities laws or legal process), provided that the Recipient uses reasonable efforts to give the Discloser reasonable advance notice thereof (to afford the Discloser an opportunity to intervene and seek an order or other appropriate relief for the protection of its Confidential Information from any unauthorized use or disclosure); or (c) any use or disclosure made with the written consent of the Discloser.

Section 9.     Limited Warranties and Remedies.

9.1          Mutual Warranties. Each Party hereby represents and warrants to the other Party that (a) the individual executing this Agreement on behalf of such Party is duly authorized to execute this Agreement on its behalf, and (b) this Agreement is a valid and binding obligation of such Party and enforceable against such Party in accordance with its terms.

9.2          AttackIQ Solution Warranty. AttackIQ warrants to Customer that during the first thirty (30) days of the Initial Term the AttackIQ Solution will perform in all material respects in accordance with the Documentation.  Customer’s sole and exclusive remedy and AttackIQ’s entire liability for any breach of the foregoing warranty is to repair or replace any nonconforming component of the  AttackIQ Solution so that the affected component operates as warranted or, if AttackIQ is unable to do so, terminate the license for the AttackIQ Solution and refund any pre-paid fees for the AttackIQ Solution on a pro rata basis for the remaining Term.

9.3          Services Warranty. AttackIQ represents and warrants that during the Term, the Services will be performed in a professional and workmanlike manner in accordance with generally prevailing industry standards and any related SOW. Customer’s sole and exclusive remedy and AttackIQ’s entire liability for a breach of the foregoing warranty is to reperform the Services.

9.4          No Malicious Code Warranty. AttackIQ warrants to Customer that during the Term: (a) AttackIQ applies industry standard tools to identify and eliminate viruses and other malware prior to delivering the Agent software to Customer; and (b) to AttackIQ’s knowledge, all Agent software delivered to Customer shall be free of: (i) functions or routines that are designed to surreptitiously delete or corrupt data in such a manner as to interfere with the normal operation of the AttackIQ Solution; (ii) undisclosed “time bombs”, time-out or deactivation functions or other means designed to terminate the operation of the AttackIQ Solution (other than at the direction of the user); (iii) “back doors” or other means designed to allow remote access and/or control a Customer’s networks; and (iv) any codes or keys designed to have the effect of disabling or otherwise shutting down all or any portion of the AttackIQ Solution or limiting its functionality.

9.5          Exceptions. The warranties in Subsections 9.2 through 9.4 do not apply to: (a) any component of the AttackIQ Solution that has been used in a manner other than as set forth in the Documentation and authorized under this Agreement, to the extent such improper use causes the AttackIQ Solution or Services to be nonconforming or (b) Force Majeure or any other type of catastrophic damage. Any claim submitted under Subsections 9.2 through 9.4 must be submitted in writing to AttackIQ during the warranty period.

9.6          Disclaimers.  AttackIQ does not warrant that the AttackIQ Solution is free from bugs, errors, defects or deficiencies. AttackIQ does not provide any warranties regarding the Content Library and disclaims all liability for the Content Library and actions taken in connection with the Content Library by any party other than AttackIQ. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 9, ATTACKIQ MAKES NO WARRANTY OR GUARANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES, WHETHER IMPLIED OR STATUTORY, INCLUDING ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CUSTOMER ACKNOWLEDGES THAT THE DISCLAIMERS IN THIS SECTION 9 ARE A MATERIAL PART OF THIS AGREEMENT, AND ATTACKIQ WOULD NOT HAVE ENTERED INTO THIS AGREEMENT BUT FOR SUCH DISCLAIMERS.

Section 10.   Indemnification.

10.1       IP Indemnification by AttackIQ.

a)            AttackIQ will, at its expense, either defend Customer from or settle any claim, suit or proceeding (“Claim”) brought by a third party against Customer alleging that Customer’s use of the AttackIQ Solution in accordance with this Agreement infringes or misappropriates such third party’s United States patent, copyright, trademark or trade secret intellectual property rights.

b)            AttackIQ will indemnify Customer from and pay: (i) all damages, costs and attorneys’ fees finally awarded against Customer in a Claim under Subsection 10.1(a); (ii) all out-of-pocket costs (including reasonable attorneys’ fees) reasonably incurred by Customer in connection with the defense of a Claim under Subsection 10.1(a) (other than attorneys’ fees and costs incurred without AttackIQ’s consent after AttackIQ has accepted defense of the Claim); and (iii) all amounts that AttackIQ agrees to pay to any third party to settle a Claim under Subsection 10.1(a). Further, should the AttackIQ Solution become, or in AttackIQ’s opinion is likely to become, the subject of a claim of infringement or misappropriation AttackIQ may, at its option and expense: (i) obtain a license to permit Customer to continue using the AttackIQ Solution according to the terms of this Agreement; (ii) modify or replace the relevant portion(s) of the AttackIQ Solution with a non-infringing or non-misappropriating alternative having substantially equivalent performance within a reasonable period of time; or (iii) terminate this Agreement by providing notice to Customer, and provide Customer with a refund of any pre-paid fees for the AttackIQ Solution on a pro rata basis for the remaining Term.

c)            AttackIQ’s indemnity obligation will not apply to the extent any infringement or misappropriation arises as a result of: (i) Customer Data, (ii) a combination of the AttackIQ Solution with software or systems not provided by AttackIQ, or (iii) any failure of Customer to comply with this Agreement.

10.2       Indemnification by Customer.

a)            Customer will, at its expense, either defend AttackIQ from or settle any Claim brought by a third party against AttackIQ caused by or arising out of: (i) Customer Data or (ii) an assertion that Customer has violated the Subsection entitled Restrictions.

b)            Customer will indemnify AttackIQ from and pay: (i) all damages, costs and attorneys’ fees finally awarded against AttackIQ in a Claim under Subsection 10.2(a); (ii) all out-of-pocket costs (including reasonable attorneys’ fees) reasonably incurred by AttackIQ in connection with the defense of a Claim under Subsection 10.2(a) (other than attorneys’ fees and costs incurred without Customer’s consent after Customer has accepted defense of the Claim); and (iii) all amounts that Customer agrees to pay to any third party to settle a Claim under Subsection 10.2(a).

10.3       Process. The indemnified Party will promptly notify the indemnifying Party of any claim subject to this Section 10, but the indemnified Party’s failure to promptly notify the indemnifying Party will only affect the indemnifying Party’s obligations under this Section 10 to the extent that such failure prejudices the indemnifying Party’s ability to defend the Claim. The indemnifying Party may: (a) use counsel of its own choosing to defend against any Claim; and (b) settle the Claim as the indemnifying Party deems appropriate (except that the indemnifying Party may not settle any Claim unless the settlement unconditionally releases the indemnified Party of all liability related to the Claim). The indemnified Party shall provide the indemnifying Party, at the indemnifying Party’s expense, with all assistance, information and authority reasonably required for the defense and settlement of the Claim.

Section 11.   Limitations of Liability.

11.1       By Type. EXCEPT FOR EITHER PARTY’S BREACH OF SECTION 8 (CONFIDENTIALITY) OR VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR A PARTY’S OBLIGATIONS UNDER SECTION 10 (INDEMNIFICATION) IN NO EVENT WILL A PARTY HAVE ANY LIABILITY TO THE OTHER PARTY or any third party FOR ANY consequential, INDIRECT, SPECIAL, INCIDENTAL, REMOTE, SPECULATIVE, COVER, PUNITIVE or exemplary DAMAGES, (including loss of use, data, business or profits) regardless of the theory of liability or whether the liable Party HAS BEEN ADVISED OF THE POSSIBILITY OF THESE TYPES OF DAMAGES.

11.2       By Amount Generally. EXCEPT FOR EITHER PARTY’S BREACH OF SECTION 8 (CONFIDENTIALITY) OR VIOLATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR A PARTY’S OBLIGATIONS UNDER SECTION 10 (INDEMNIFICATION) IN NO EVENT will either Party be liable for aggregate damages in excess of the fees PAID OR PAYABLE BY CUSTOMER TO ATTACKIQ UNDER THIS AGREEMENT, regardless of the theory of liability or whether the liable Party HAS BEEN ADVISED OF THE POSSIBILITY OF such DAMAGES.

11.3       By Amount for Certain Matters. EACH PARTY’S AGGREGATE LIABILITY FOR BREACH OF SECTION 8 (CONFIDENTIALITY) AND ITS OBLIGATIONS UNDER SECTION 10 (INDEMNIFICATION) SHALL NOT EXCEED FIVE HUNDRED THOUSAND DOLLARS ($500,000).

11.4       Exclusions.  No limitation of liability in this Agreement, whether through the exclusion of certain types of damages, a cap on the amount of damages, or other limitation, applies to either Party’s liability for violation of the other party’s intellectual property rights, gross negligence, intentional misconduct, death or personal injury.

11.5       Allocation of Risk. The Parties agree that the limitations specified in this Section 11 will survive and apply even if any limited remedy specified in this Agreement is found to have failed of its essential purpose. Each Party acknowledges that the foregoing limitations are an essential element of this Agreement and a reasonable allocation of risk between the Parties and that in the absence of such limitations the pricing and other terms set forth in this Agreement would be substantially different.

Section 12.  Disputes.

12.1       Informal Dispute Resolution. If a dispute arises between the Parties, then the Parties will use reasonable efforts to resolve the dispute through negotiation. If such negotiations result in an agreement in principle to settle the dispute, the Parties shall cause a written settlement agreement to be prepared, signed and dated, whereupon the dispute shall be deemed settled, and not subject to further dispute resolution.

12.2       Unresolved Disputes; Waiver of Jury Trial. Upon the Parties’ mutual written agreement, any dispute under this Section 12 may be submitted for resolution to mediation to occur at a mutually agreed upon location.  The Parties reserve all rights to adjudicate any dispute not submitted to mediation hereunder, in any court of competent jurisdiction located in in Santa Clara County, State of California, USA; provided, however, that each Party hereby waives the right to a trial by jury in any such action.

12.3       Exception for Injunctive Relief. The Parties acknowledge that any breach of the confidentiality provisions or the unauthorized use of a Party’s intellectual property may result in serious and irreparable injury to the aggrieved Party for which damages may not adequately compensate the aggrieved Party. The Parties agree, therefore, that, in addition to the dispute resolution process described above and any other remedy that the aggrieved Party may have, it shall be entitled to seek equitable injunctive relief without being required to post a bond or other surety or to prove either actual damages or that damages would be an inadequate remedy.

Section 13.  Miscellaneous.

13.1       Logo Use. AttackIQ may use Customer’s name and logo in listings of AttackIQ’s customers on the website located at www.AttackIQ.com  and in other public statements or disclosures for the purposes of marketing the AttackIQ Solution. Customer may request that AttackIQ cease or modify any use of Customer’s name or logo that is misleading or tends to dilute Customer’s brand.

13.2       Force Majeure. In the event that either Party is prevented from performing or is unable to perform any of its obligations under this Agreement due to any delay or failure to perform as required by this Agreement (except with respect to monetary obligations) as a result of any cause or condition beyond such Party’s reasonable control (including, without limitation, any unforeseen patent claims or any act or failure to act by the other Party), and if such Party shall have used its commercially reasonable efforts to mitigate its effects, such Party shall give prompt written notice to the other Party, and the time for the performance shall be extended for the period of delay or inability to perform due to such occurrences. If the period continues for sixty (60) or more days then either Party is entitled to terminate this Agreement by giving a notice to the other Party. The relief offered by this Subsection 13.2 is the exclusive remedy available with respect to the delays described in this Subsection. This Subsection will not apply to any payment obligation of either Party.

13.3       Export. The AttackIQ Solution and related technology are subject to applicable United States export laws and regulations. Customer must comply with all applicable United States and international export laws and regulations with respect to the AttackIQ Solution and related technology. Without limitation, Customer may not export, re-export or otherwise transfer the AttackIQ Solution or related technology, without a United States government license: (a) to any person or entity on any United States export control list; (b) to any country subject to United States sanctions; or (c) for any prohibited end use.

13.4       Anti-corruption. Customer has not received or been offered any bribe, kickback, illegal or improper payment, gift, or thing of value from any AttackIQ personnel or agents in connection with this Agreement, other than reasonable gifts and entertainment provided in the ordinary course of business. If Customer becomes aware of any violation of the above restriction, Customer will promptly notify AttackIQ at [email protected].

13.5       Independent Contractors. Each Party is an independent contractor and not a partner or agent of the other. This Agreement will not be interpreted or construed as creating or evidencing any partnership or agency between the Parties or as imposing any partnership or agency obligations or liability upon either Party. Further, neither Party is authorized to, and will not, enter into or incur any agreement, contract, commitment, obligation or liability in the name of or otherwise on behalf of the other Party.

13.6       No Third Party Beneficiaries. This Agreement does not create any third party beneficiary rights in any individual or entity that is not a Party to this Agreement.

13.7       Assignment. Except as set forth in this Subsection, neither Party shall assign, delegate, or otherwise transfer this Agreement or any of its rights or obligations to a third party without the other Party’s prior written consent.  Either Party may assign, without such consent but upon written notice, its rights and obligations under this Agreement to: (i) its corporate affiliate; or (ii) any entity that acquires all or substantially all of its capital stock or its assets related to this Agreement, through purchase, merger, consolidation, or otherwise. Any other attempted assignment shall be void. Subject to the foregoing, this Agreement will be fully binding upon, inure to the benefit of and be enforceable by any permitted assignee.

13.8       Applicable Law. This Agreement will be interpreted, construed and enforced in all respects in accordance with the laws of the State of California, U.S.A., as applied to agreements entered into and to be performed entirely within California between California residents, without regard to conflicts of law principles. In such case, the sole and exclusive personal jurisdiction and venue for any legal proceedings in connection with this Agreement shall be in the California State Courts located in Santa Clara County and the U.S. District Court for the Northern District of California. The Parties waive any objections related to such jurisdictions and venues. The 1980 UN Convention on Contracts for the International Sale of Goods or its successor will not apply to this Agreement.

13.9       Notice. Ordinary day-to-day operational communications may be conducted by email or telephone communications. Any other notices required by this Agreement will be in writing and given by personal delivery, by pre-paid first class mail or by overnight courier to the address specified on the Quote (or such other address as may be specified in writing in accordance with this Subsection).

13.10     Additional Definitions. See Attachment 1.

13.11    Entire Agreement. This Agreement, including any attachments and exhibits constitutes the complete and exclusive statement of all mutual understandings between the Parties with respect to the subject matter hereof, superseding all prior or contemporaneous proposals, communications and understandings, oral or written. In the event of any conflict or inconsistency among the following, the order of precedence shall be: (i) the Quote, (ii) the applicable SOW, (iii) this  Hosted End User License Agreement and (iv) the Documentation.  No modification, amendment, or waiver of any provision of this Agreement will be effective unless it exists in writing and is signed by the Party against whom the modification, amendment, or waiver is to be asserted. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.

Attachment 1

Additional Definitions

 “Agent” means the test point software agent installed on endpoints by Customer and provided with the AttackIQ Solution.

AttackIQ Data” means data generated by the AttackIQ Solution including telemetry data and other information regarding network security vulnerabilities and security threats that are not specific to Customer. For clarity, AttackIQ Data does not include any Personal Data and does not include information specific to Customer such as information about Customer’s own network vulnerabilities and network security measures.

AttackIQ Marks” means any trademarks, service marks, service or trade names, logos, and other designations of AttackIQ.

“AttackIQ Solution” means the AttackIQ proprietary threat intelligence solution for computer software and systems described on the Quote. The AttackIQ Solution is comprised of the Agent, the Hosted Service, the Documentation and any Updates to the foregoing.

“Confidential Information” means any information that is proprietary or confidential to the Discloser or that the Discloser is obligated to keep confidential (e.g., pursuant to a contractual or other obligation owing to a third party). Confidential Information may be of a technical, business or other nature (including, but not limited to, information which relates to the Discloser’s technology, software documentation, research, development, products, services, pricing of products and services, customers, employees, contractors, marketing plans, finances, contracts, legal affairs, or business affairs). However, Confidential Information does not include any information that: (a) was known to the Recipient prior to receiving the same from the Discloser in connection with this Agreement; (b) is independently developed by the Recipient; (c) is acquired by the Recipient from another source without restriction as to use or disclosure; or (d) is or becomes part of the public domain through no fault or action of the Recipient. All Customer Data and Personal Data is the Confidential Information of Customer.

“Content Library” means a library of attack scenarios and behaviors used with the AttackIQ Solution to test the security of Customer’s software and systems.

“Customer Data” means: (a) data generated by Customer’s endpoint that is not Personal Data and that is delivered to the AttackIQ Solution, (b) any other information that Customer is permitted to input into the AttackIQ Solution data fields,  (c) any reports Customer creates using the AttackIQ Solution and (d) data generated by the AttackIQ Solution including telemetry data and other information regarding network security vulnerabilities and security threats that are specific to Customer.

Discloser” means a Party that discloses any of its Confidential Information to the other Party.

“Documentation” means the documentation describing the AttackIQ Solution accompanying the AttackIQ Solution.

“Hosted Service” means the software-as-a-service portion of the AttackIQ Solution hosted on machines owned or controlled by AttackIQ, as further described on the Quote.

Intellectual Property Rights” means any patent, copyright, trademark, service mark, trade name, trade secret, know-how, moral right or other intellectual property right under the laws of any jurisdiction, whether registered, unregistered, statutory, common law or otherwise (including any rights to sue, recover damages or obtain relief for any past infringement, and any rights under any application, assignment, license, legal opinion or search).

Party” means AttackIQ or Customer.

“Personal Data” means any information provided by Customer to AttackIQ used to identify a specific natural person, either alone or when combined with other information that is linkable by AttackIQ to a specific natural person. Personal Data also includes other information provided by Customer to AttackIQ about a specific natural person where the data protection laws in effect in the region where such person resides define this information as Personal Data.

“Professional Services” means any implementation and/or consulting services purchased by the Customer.

“Purpose” means the limited purpose of evaluating and validating the effectiveness of Customer’s own computer network security infrastructure in connection with Customer’s ordinary, internal business operations.

Recipient” means a Party that receives any Confidential Information of the other Party.

“Services” means the Informational Support Services and Professional Services.

“Updates” means corrections, updates, patches and other modifications to the AttackIQ Solution that AttackIQ makes generally commercially available during the Term.

“User” means Customer’s current employees, independent contractors, agents and consultants who are authorized or permitted by Customer to access and use the AttackIQ Solution on behalf of Customer; provided that each individual is not: (a) a resident of any country subject to a United States embargo or other similar United States export restrictions; (b) on the United States Treasury Department’s list of Specifically Designated Nationals; (c) on the United States Department of Commerce’s Denied Persons List or Entity List; or (d) on any other United States export control list.

Attachment 2

Priority Support Services

Basic service level agreement:  AttackIQ provides Support Services 24 x 7 x 365

  • Unlimited Service Requests and Case Management
  • Email, Web & Phone support with Remote Desktop Sessions
  • 4 Hour Response Time for Severity 1 Tickets
  • 8 Hour Response Time for Severity 2 Tickets
  • 2 Business Day Response Time for Severity 3 & 4 Tickets
  • Access to all current Hot Fixes and Service Packs
  • Access to Major Upgrades and Enhancements
  • Proactive Escalation
  • Access to In-App Knowledge Base and FAQ
  • Identify up to 4 Authorized Contacts

 

Level Description
Severity 1 Major Impact

An issue that cannot be reasonably circumvented and which is an emergency condition that significantly restricts Customer’s ability to perform necessary business functions.

Severity 2 Moderate Impact

An issue that restricts Customer’s ability to use one or more features

Severity 3 Minor Impact

(Performance/Operational Impact).  An issue that restricts the Customer’s ability to use one or more features to perform a necessary business function, but which can be reasonably circumvented.

Severity 4 No Issue

A request for general support, installation questions or new feature requests.