Master Services Agreement
Last updated on May 29, 2024.
Pursuant to the license and/or sale of certain goods and/or services as set forth in the Order Form (as defined below), this Master Services Agreement (this “MSA”) governs the rights between ThreatZero Solutions LLC, an Idaho limited liability company (“ThreatZero”) and Customer (as defined below). Terms defined in the Order Form shall have the same meanings herein. Such rights may pertain to the (a) access to the Platform on a subscription basis; (b) provision of the Services; and/or (c) purchase and sale of the Goods. The Platform, the Services and the Goods are collectively referred to herein as the “Offerings”. A “Customer” is a person or legal entity that has executed an Order Form. Customer and ThreatZero are referred to collectively herein as the “parties” and each individually as a “party.” This MSA is effective as of the “Effective Date” set forth in the order form or other agreement (“Order Form”) pursuant to which Customer has agreed (a) to access the Platform on a subscription basis; (b) retain the Services; and/or (c) purchase the Goods.
A. IF CUSTOMER HAS ACQUIRED ACCESS TO THE PLATFORM PURSUANT TO THE ORDER FORM, THEN THE TERMS OF SECTIONS 1 THROUGH 5 OF THIS AGREEMENT SHALL APPLY:
1. PLATFORM ACCESS
1.1 Provision of the Platform. ThreatZero agrees to provide Customer with access to the Platform on a subscription basis for the Contract Term. The Platform is provided by ThreatZero or by a Supplier (as defined below) at ThreatZero’s request or direction. As used in this MSA, “Supplier(s)” means, individually and collectively, persons or entities engaged (i) to provide any part of the Platform, (ii) in connection with the development and operation of the Platform, or (iii) to provide, or in connection with, any other platform or product through which the Platform is provided. A Customer, in its capacity as such, will not be considered a Supplier.
1.2 Accounts. In order to access and use certain features of the Platform, Customer must register for an account (an “Account”). Use of and access to the Platform, in whole or in part, is permitted to those persons designated for such access by Customer (such persons, “Permitted Users”). If Customer is given Account login information (including, but not limited to, user IDs and passwords) to access the Platform, Customer shall require that all Permitted Users keep such Account login information strictly confidential and not share such information with any unauthorized person. Customer is responsible for maintaining the security and confidentiality of its Account information (including login information) and is fully responsible for Permitted User activities that occur under Customer’s Account.
1.3 Account Access. Customer acknowledges that while the security of Customer’s Account will be maintained through the use of passwords, it may be possible for Customer’s Account to be accessed by unauthorized third parties via communication between Customer and ThreatZero using the internet, other network communications, facilities, telephone, or other electronic means, and ThreatZero disclaims any and all liability resulting from or related to such events. Customer may permit an unlimited number of individuals to serve as Permitted Users, provided Customer remains responsible for compliance by each such Permitted User with all of the terms and conditions of this MSA.
1.4 General Restrictions. Customer shall not, in each case without the express written authorization of ThreatZero: (a) rent, lease, copy, provide access to, transfer, publish, assign, convey, translate, convert to another programming language, or sublicense the Platform or use the Platform to provide a service to a third party, (b) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code or application programming interfaces (“APIs”) to the Platform, except to the extent expressly permitted by applicable law (and then only upon advance notice to ThreatZero), (c) modify the Platform, or create any derivative product or service from any of the foregoing, (d) remove or obscure any product identification, disclaimer, watermark, proprietary, copyright or other notices contained in the Platform (including any reports or data printed from the Platform), (e) incorporate the Platform into any other offering (whether software as a service or otherwise), or (f) publicly disseminate information or analysis regarding the performance of the Platform.
1.5 Export. The Platform may be subject to U.S. export control laws and may be subject to export or import regulations in other countries. Customer agrees not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from ThreatZero, or any products utilizing such data, in violation of the United States export laws or regulations.
1.6 Security and Privacy. ThreatZero will maintain appropriate administrative, technical and physical safeguards designed to protect the confidentiality, integrity, and availability of Customer Data (as defined below) processed by ThreatZero in connection with the Platform.
1.7 Hosting Services. ThreatZero will provide the hosting services for the Platform (“Hosting Services”) through a third-party hosting facility (such as Amazon Web Services) and may update the identity, content, functionality and user interface of the Hosting Services from time to time in its sole discretion and in accordance with this MSA. Customer will be solely responsible for the data entered in the Platform, whether entered by Customer or by ThreatZero on behalf of Customer.
1.8 Hosting Service Access. In order to use the Platform, Customer must have or obtain access to the internet. Customer agrees that ThreatZero is not providing Customer with access to the internet in order to use the Platform and that Customer is solely responsible for obtaining and maintaining such internet access and for providing all equipment necessary to obtain and maintain such internet access. ThreatZero does not and cannot control the flow of data to or from ThreatZero’s network, designated hosting facility and/or other portions of the internet. Such flow depends in large part on the performance of internet services provided or controlled by third parties. At times, actions or inactions of such third parties can impair or disrupt Customer’s connections to the internet (or portions thereof) and ThreatZero disclaims any and all liability resulting from or related to such events.
2. CUSTOMER DATA
2.1 Generally. “Customer Data” means information or other data of any type which is provided to ThreatZero by Customer, its customers, employees or representatives, at the direction or instruction of Customer, or by any other individuals as promoted by Customer, in each case in connection with ThreatZero’s provision of the Platform to Customer. Customer is solely responsible for the accuracy, content and legality of all Customer Data and its use by Customer.
2.2 Use of Customer Data. Customer represents and warrants to ThreatZero that Customer has sufficient rights in the Customer Data to authorize ThreatZero and its affiliates and Suppliers to process, distribute and display the Customer Data as contemplated or authorized by this MSA, and that the Customer Data and any processing, distribution and display thereof does not infringe the rights of any third party. In connection with Customer’s use of the Platform, certain features may permit Customer to interact or share Customer Data with third-party websites or services. If Customer chooses to transmit Customer Data or provide any other information to such third parties, Customer agrees to be bound by any applicable third-party terms of use, and ThreatZero and its affiliates and Suppliers accept no responsibility or liability for any such third-party services.
2.3 Rights in Customer Data.
(a) As between the parties, Customer shall retain all right, title and interest (including any and all intellectual property rights) in and to Customer Data provided by Customer to ThreatZero.
(b) Customer hereby grants to ThreatZero and its Related Service Providers (as defined below) a non-exclusive, irrevocable, worldwide, royalty-free right to use, copy, store, share and modify Customer Data and to display such Customer Data (collectively, “Rights”) to the extent necessary: (x) to provide and enhance the Platform; and (y) to provide Customer with information on other products and services.
(c) In addition to the foregoing, Customer agrees that ThreatZero and its Related Service Providers may, to the extent permissible under applicable law, use Customer Data to create Derived Works (as defined below) and use and share such Derived Works for any purpose, and grants to such persons such Rights as shall be necessary to enable such creation and use.
(d) All right, title and interest (including any and all intellectual property rights) in and to Derived Works created in accordance with the terms of this MSA shall be owned by ThreatZero or its applicable affiliate.
As used in this MSA, “Related Service Providers” means affiliates of ThreatZero engaged in the provision of ThreatZero’s products or services, or their respective successors’ products or services, in each case in their capacities as such. “Derived Works” means data, information or other material that is created from Customer Data, but that is not itself identifiable Customer Data.
Notwithstanding the foregoing, nothing in this MSA shall constrain or otherwise limit ThreatZero or its affiliates’ or Suppliers’ use or sharing of Customer Data that is or has become public, or publicly available, or that has been acquired from another source, including by another customer of ThreatZero, provided that such information or other data shall remain subject to any license grants applicable thereto.
3. OWNERSHIP
This is a subscription agreement for use of the Platform and not an agreement for sale. Customer acknowledges that it is obtaining only a limited right to access or use the Platform as provided in the applicable Order Form and that irrespective of any use of the words “purchase”, “sale” or like terms hereunder no ownership rights are being conveyed to Customer, its Contractors or affiliates under this MSA or otherwise and Customer agrees that ThreatZero or its affiliates or Suppliers, as applicable, retains all right, title and interest (including all patent, copyright, trade secret and other intellectual property rights) in and to: (a) the Platform, (b) documentation related to the Platform (“Documentation”), (c) deliverables related to the Platform; (d) deliverables provided with the Services to the extent identified in the Order Form; and (e) any and all related and underlying software (including interfaces), databases (including data models, structures, de-identified Customer Data and aggregated statistical data contained therein), Derived Works, and technology (collectively (a)-(e), “ThreatZero Technology”). Further, Customer acknowledges that the Platform is offered as an on-line, hosted solution, and that Customer has no right to obtain a copy of the Platform itself. Customer acknowledges that all intellectual property rights, including copyrights, patents, trademarks, and trade secrets, in the Platform and its content are owned by ThreatZero, its affiliates or its Suppliers, as applicable. Neither this MSA (nor Customer’s access to the Platform) transfers to Customer or any third party any rights, title or interest in or to such intellectual property rights, except for the limited access rights set forth in this MSA.
4. ACCEPTABLE USE POLICY
4.1 Requirements. Customer hereby agrees to the following terms that constitute ThreatZero’s “Acceptable Use Policy”:
(a) Customer agrees not to use the Platform to collect, upload, transmit, display, or distribute any Customer Data (i) that violates any third-party right, including any copyright, trademark, patent, trade secret, moral right, privacy right, right of publicity, or any other intellectual property or proprietary right; (ii) that is unlawful, harassing, abusive, tortious, threatening, harmful, invasive of another’s privacy, vulgar, defamatory, false, intentionally misleading, trade libelous, pornographic, obscene, patently offensive, promotes racism, bigotry, hatred, or physical harm of any kind against any group or individual or is otherwise objectionable; or (iii) that is in violation of any law, regulation, or obligations or restrictions imposed by any third party.
(b) In addition, Customer agrees not to: (i) upload, transmit, or distribute to or through the Platform any computer viruses, worms, or any software intended to damage or alter a computer system or data; (ii) send through the Platform unsolicited or unauthorized advertising, promotional materials, junk mail, spam, chain letters, pyramid schemes, or any other form of duplicative or unsolicited messages, whether commercial or otherwise; (iii) use the Platform to harvest, collect, gather or assemble information or data regarding other users, including e-mail addresses, without their consent; (iv) interfere with, disrupt, or create an undue burden on servers or networks connected to the Platform, or violate the regulations, policies or procedures of such networks; (v) attempt to gain unauthorized access to the Platform (or to other computer systems or networks connected to or used together with the Platform), whether through password mining or any other means; (vi) harass or interfere with any other user’s use and enjoyment of the Platform; or (vii) use software or automated agents or scripts to produce multiple accounts on the Platform, or to generate automated searches, requests, or queries to (or to strip, scrape, or mine data from) the Platform.
4.2 Reservation of Rights. ThreatZero reserves the right to investigate and/or take appropriate action against Customer in ThreatZero’s sole discretion if Customer violates this Acceptable Use Policy or any other terms of this MSA or otherwise creates potential liability for ThreatZero or any other person or entity, or to comply with any applicable legal or regulatory requirement, request or instruction. Such action may include, but shall not be limited to, terminating Customer’s Account and/or reporting Customer to law enforcement and/or regulatory authorities.
5. PLATFORM SUPPORT
ThreatZero shall provide email support to Customer from 9AM to 5PM Mountain Standard Time, Monday through to Friday, on business days in Salt Lake City, Utah. ThreatZero shall use commercially reasonable efforts to respond to support requests within one business day and shall address (internally and externally) such support requests in a commercially reasonable manner. Support shall include, without limitation, troubleshooting system functionality, providing guidance on usage and workflow, and identifying and escalating issues which ThreatZero prioritizes, in its sole and absolute discretion, based on severity, scope and impact. ThreatZero may offer personalized training, implementation, and adoption programs at an additional cost. ThreatZero shall have no obligation to provide any custom code development, API scripting, or contractual engineering services for Customer. Subject to any limitations set forth in this MSA, ThreatZero shall use commercially reasonable efforts to ensure that the Platform is available for use and access at least ninety-nine and nine tenths percent (99.9%) of the time each calendar month, except in the case of scheduled maintenance for which ThreatZero will endeavor to provide advance notification to Customer.
B. IF CUSTOMER HAS PURCHASED GOODS PURSUANT TO THE ORDER FORM, THEN THE TERMS OF SECTIONS 6 AND 7 OF THIS MSA SHALL APPLY:
6. SHIPMENT
Shipment of the Goods shall be FOB Destination, except for drop shipments, which shall be shipped in accordance with the particular vendor’s shipping policies. The cost of shipment, if any, will be paid by ThreatZero and added to Customer’s invoice. ThreatZero shall have the right to ship the Goods at all times via its own vehicle or a carrier selected by ThreatZero.
7. ACCEPTANCE
The Goods shall be deemed accepted upon delivery by ThreatZero. Return of the Goods shall be governed by ThreatZero’s current return policy as made available to Customer upon request or, if applicable, the return policy of the vendor of such Goods.
C. THE TERMS OF SECTIONS 8 THROUGH 14 OF THIS MSA SHALL APPLY IN ALL CASES TO THE EXTENT APPLICABLE AS DESCRIBED BELOW:
8. FEES AND PAYMENT
All fees owing by Customer to ThreatZero are set forth in the Order Form. Except as expressly set forth in Section 10 (Limited Warranty), all fees are non-refundable. Except as otherwise set forth in the Order Form or this MSA, ThreatZero’s fees are exclusive of all shipping costs. Any late payments shall be subject to a service charge equal to 1.5% per month of the amount due or the maximum amount allowed by law, whichever is less.
9. TERM AND TERMINATION
9.1 Term; ThreatZero Termination. This MSA is effective as of the Effective Date and automatically renews for the Renewal Terms upon expiration of the Initial Term, unless either party gives the other written notice of termination at least thirty (30) days prior to expiration of the then-current Contract Term. Notwithstanding the foregoing, ThreatZero shall have the right to terminate this MSA at any time and for any reason (including without cause), in writing, with immediate effect. If ThreatZero terminates this MSA for convenience, Customer shall be entitled to receive a refund of the portion of the fees paid by Customer for goods or services not provided to Customer during the remainder of its Contract Term.
9.2 Termination for Cause. Customer may terminate this MSA (i) if ThreatZero (a) fails to cure any material breach of this MSA within 30 days after written notice; (b) ceases operation without a successor; or (c) seeks protection under any bankruptcy, receivership, trust deed, creditors’ arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against ThreatZero (and not dismissed within 60 days thereafter) or (ii) as otherwise provided in Section 14.7(c) and 14.7(d) below.
9.3 Effect of Termination. Upon any termination of this MSA, Customer shall immediately cease any and all use of and access to the Platform (including any and all related ThreatZero Technology) and delete (or, at ThreatZero’s request, return) any and all copies of the Documentation, any ThreatZero passwords or access codes and any other ThreatZero Confidential Information in its possession. Customer acknowledges that following termination it shall have no further access to any Customer Data input into the Platform, and that ThreatZero may delete any such data at any time. Termination of this MSA is not an exclusive remedy and the exercise by either party of any remedy under this MSA will be without prejudice to any other remedies it may have under this MSA, by law, or otherwise.
9.4 Survival. All provisions of this MSA enforceable by ThreatZero following termination hereof shall survive termination of this MSA, including, but not limited to: 1.4 (General Restrictions), 1.5 (Export), 2 (Customer Data), 3 (Ownership), 6 (Shipment), 7 (Acceptance) 8 (Fees and Payment), 9 (Term and Termination), 10.2 (Warranty Disclaimer), 11 (Limitation of Remedies and Damages), 12 (Indemnification), 13 (Confidential Information), and 14 (General Terms).
10. LIMITED WARRANTY
10.1 Limited Warranty.
(a) Platform. ThreatZero warrants, for Customer’s benefit only, that the Platform will operate in substantial conformity with all applicable product descriptions provided to Customer in writing. ThreatZero does not warrant that Customer’s use of the Platform will be uninterrupted or error-free, nor does ThreatZero warrant that it will review Customer Data for accuracy, or that it will preserve or maintain Customer Data without loss. ThreatZero’s sole liability (and Customer’s sole and exclusive remedy) for any breach of this warranty shall be, in ThreatZero’s sole discretion and at no charge to Customer, to use commercially reasonable efforts to provide Customer with an error correction or work-around that corrects the reported non-conformity, or if ThreatZero determines such remedies to be impracticable, to allow Customer to terminate the Contract Term and receive as its sole remedy a refund of any fees Customer has pre-paid for use of the Platform or related services it has not received as of the date of the warranty claim. The limited warranty set forth in this Section 10.1 shall not apply: (i) unless Customer makes a claim within 30 days of the date on which the condition giving rise to the claim first appeared; or (ii) if the error was caused by misuse, unauthorized modifications or third-party hardware, software or services; or (iii) to use provided on a no-charge or evaluation basis.
(b) Services. ThreatZero warrants, for Customer’s benefit only, that the Services shall be provided in a timely, professional and workmanlike manner, using individuals of suitable training and skill.
(c) Goods. ThreatZero’s sole obligation for the Goods purchased by Customer and distributed through ThreatZero is to pass through to Customer any manufacturer or vendor warranties to which ThreatZero has access and to assist Customer in accessing such manufacturer/vendor warranties with the applicable manufacturer.
10.2 Warranty Disclaimer. EXCEPT FOR THE LIMITED WARRANTIES IN SECTION 10.1 ABOVE, THE OFFERINGS, HOSTED SERVICES AND ALL OTHER SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE”. NEITHER THREATZERO NOR ANY OF ITS SUPPLIERS OR AFFILIATES MAKES ANY OTHER WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. CUSTOMER MAY HAVE OTHER STATUTORY RIGHTS. NEITHER THREATZERO NOR ANY OF ITS SUPPLIERS OR AFFILIATES SHALL BE LIABLE FOR DELAYS, INTERRUPTIONS, SERVICE FAILURES AND OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS OR OTHER SYSTEMS OUTSIDE THE REASONABLE CONTROL OF THREATZERO.
11. LIMITATION OF REMEDIES AND DAMAGES
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY, NOR ANY OF THEIR RESPECTIVE AFFILIATES, SHALL BE LIABLE FOR ANY LOSS OF USE, LOST OR INACCURATE DATA, LOST PROFITS, FAILURE OF SECURITY MECHANISMS, INTERRUPTION OF BUSINESS, COSTS OF DELAY OR ANY INDIRECT, SPECIAL, INCIDENTAL, RELIANCE OR CONSEQUENTIAL DAMAGES OF ANY KIND, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. NOTWITHSTANDING ANY OTHER PROVISION OF THIS MSA TO THE CONTRARY, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN RESPECT OF ANY CLAIM OTHER THAN ONE DETERMINED BY A COURT OF COMPETENT JURISDICTION BY FINAL AND NON-APPEALABLE JUDGMENT TO HAVE PRIMARILY RESULTED FROM THE GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR BAD FAITH OF THREATZERO, THREATZERO’S AND ITS AFFILIATES’ AND ITS SUPPLIERS’ ENTIRE LIABILITY TO CUSTOMER SHALL NOT EXCEED THE AMOUNT ACTUALLY PAID BY CUSTOMER TO THREATZERO DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY UNDER THIS MSA. THE PARTIES AGREE THAT THE LIMITATIONS SPECIFIED IN THIS SECTION 11 WILL SURVIVE AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS MSA IS FOUND TO HAVE FAILED ITS ESSENTIAL PURPOSE.
CUSTOMER ACKNOWLEDGES AND AGREES THAT IT SHALL ASSUME THE RISK OF ANY INFORMATION AND CONTENT PROVIDED THROUGH THE OFFERINGS. SUCH INFORMATION AND CONTENT ARE INTENDED TO BE USED FOR INFORMATION PURPOSES ONLY AND CUSTOMER IS SOLELY RESPONSIBLE FOR ANY ACTIONS TAKEN OR INACTIONS NOT TAKEN THAT PERTAIN TO SUCH INFORMATION AND CONTENT. NEITHER THREATZERO NOR ANY OF ITS AFFLIATES OR SUPPLIES SHALL HAVE ANY LIABILITY FOR ANY SUCH ACTIONS TAKEN OR INACTIONS NOT TAKEN THAT PERTAIN TO SUCH INFORMATION AND CONTENT OR THAT OTHERWISE PERTAIN TO THE OFFERINGS.
12. INDEMNIFICATION
12.1 ThreatZero Indemnification. ThreatZero shall indemnify and hold harmless Customer and its affiliates, officers, directors, employees, and agents (collectively, “Customer Indemnified Parties”) from and against all costs, damages awarded or agreed to in settlement, losses, liabilities and expenses (including attorneys’ fees and costs) arising out of any third-party claims or causes of action in connection with breach by ThreatZero of any terms of this MSA, provided that ThreatZero shall have received from Customer: (a) prompt written notice of such claim (but in any event notice in sufficient time for ThreatZero to respond without prejudice); (b) the exclusive right to control and direct the investigation, defense, and settlement (if applicable) of such claim; and (c) all reasonably necessary cooperation of the applicable Customer Indemnified Party. If Customer’s use of the Platform is, or in ThreatZero’s opinion is likely to be, enjoined due to a claim of infringement, or if required by settlement, ThreatZero may, in its sole discretion: (x) substitute substantially functionally similar products or services; (y) procure for Customer the right to continue using the Platform; or if (x) and (y) are commercially impracticable, (z) terminate the MSA and refund to Customer the fees paid by Customer for any unused portion of the Contract Term which was paid for by Customer. The foregoing indemnification obligations of ThreatZero shall not apply: (1) if the Platform is modified by any party other than ThreatZero, but solely to the extent the alleged breach is caused by such modification; (2) if the Platform is combined with other products or processes not authorized by ThreatZero, but solely to the extent the alleged breach is caused by such combination; (3) to any unauthorized use of the Platform; or (4) to any action arising as a result of Customer Data or any third-party deliverables or components contained within the Platform. The foregoing indemnity shall not, as to Customer or any other Customer Indemnified Party, be available to the extent that such amounts are determined by a court of competent jurisdiction by final and non-appealable judgment to have primarily resulted from the gross negligence, willful misconduct or bad faith of such Customer Indemnified Party. THIS SECTION 12.1 SETS FORTH THREATZERO’S AND ITS AFFILIATES’ AND SUPPLIERS’ SOLE LIABILITY TO CUSTOMER’ AND THE OTHER CUSTOMER INDEMNIFIED PARTIES AND CONSTITUTES CUSTOMER’S AND THE OTHER CUSTOMER INDEMNIFIED PARTIES’ SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY CLAIM OF A BREACH OF THIS MSA AND/OR ANY CLAIM OF INTELLECTUAL PROPERTY INFRINGEMENT.
12.2 Customer Indemnification. Customer shall indemnify and hold harmless ThreatZero, its affiliates and its and their licensors, officers, directors, employees, and agents (collectively, “ThreatZero Indemnified Parties”) from and against all third-party claims, causes of action, costs, damages, losses, liabilities and expenses (including attorneys’ fees and costs) arising out of or in connection with: (i) any action taken (or not taken) by Customer based upon use of the Offerings; (ii) any Customer Data; (iii) any service or product offered by Customer in connection with or related to the Offerings; (iv) violation by Customer of Customer’s representations and warranties in this MSA; or (v) breach by Customer of any terms of this MSA. The foregoing indemnity shall not, as to ThreatZero or any other ThreatZero Indemnified Party be available to the extent that such amounts are determined by a court of competent jurisdiction by final and non-appealable judgment to have primarily resulted from the gross negligence, willful misconduct or bad faith of such ThreatZero Indemnified Party.
13. CONFIDENTIAL INFORMATION
13.1 Obligations. Each party agrees that all code, inventions, know-how, business, technical and financial information it (the “Receiving Party”) obtains from the disclosing party (the “Disclosing Party”) constitute the confidential property of the Disclosing Party (“Confidential Information”), provided that it is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be Confidential Information due to the nature of the information disclosed and the circumstances surrounding the disclosure. Except as expressly authorized herein (including pursuant to Section 2 above), the Receiving Party will hold in confidence and not use or disclose any Confidential Information. Any ThreatZero Technology, performance information relating to the Offerings, and the terms and conditions of this MSA shall be deemed Confidential Information of ThreatZero without any marking or further designation. For the avoidance of doubt, ThreatZero Technology shall be deemed not to be Confidential Information of Customer. Customer Data shall be deemed Confidential Information of Customer without any marking or further designation, use and ownership of which Customer Data shall be subject to the terms of Section 2 above.
13.2 Exceptions. The Receiving Party’s nondisclosure obligation shall not apply to information which the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation to the Disclosing Party or its representatives; or (iv) is independently developed by employees of the Receiving Party who had no access to such information. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party shall be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law. In the event of any conflict between the terms of this Section 13 and the confidentiality terms contained in any other agreements between the parties, the terms of this Section 13 shall prevail. Nothing in this MSA shall prohibit ThreatZero from (a) disclosing or using Customer Data in connection with any suit, action or proceeding for the purpose of defending itself, reducing its liability or protecting or exercising any of its rights, remedies or interests, or (b) disclosing information which is required to be disclosed by ThreatZero or its affiliates under compulsion of law (whether by oral question, interrogatory, subpoena, civil investigative demand or otherwise) or by order of any court or at the request of any governmental or regulatory body to whose supervisory authority ThreatZero or any of its affiliates is subject, or to ThreatZero’s independent auditors or accountants. For avoidance of doubt, nothing in this MSA shall prohibit any party from disclosing or providing any information to any governmental, regulatory, or self-regulatory organization, voluntarily or otherwise.
14. GENERAL TERMS
14.1 Assignment. This MSA will bind and inure to the benefit of each party’s permitted successors and assigns. Neither party may assign this MSA except upon the advance written consent of the other party, except that either party may assign this MSA in connection with a merger, reorganization (including internal reorganization), acquisition or other transfer of all or substantially all of such party’s assets or voting securities. Any attempt to transfer or assign this MSA except as expressly authorized under this Section 14.1 will be null and void. Notwithstanding the above, ThreatZero may subcontract its obligations hereunder from time to time in its discretion.
14.2 Severability. If any provision of this MSA shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited to the minimum extent necessary so that this MSA shall otherwise remain in effect.
14.3 Governing Law; Jurisdiction and Venue. This MSA shall be governed by the laws of the State of Idaho and the United States without regard to conflicts of laws provisions thereof. The jurisdiction and venue for actions related to the subject matter hereof shall be the state and United States federal courts located in Boise, Idaho and both parties hereby submit to the personal jurisdiction of such courts.
14.4 Attorneys’ Fees and Costs. The prevailing party in any action to enforce this MSA will be entitled to recover its attorneys’ fees and costs in connection with such action.
14.5 Notice. Subject to Sections 14.6 and 14.7 below, any notice or communication required or permitted under this MSA shall be in writing to the parties at their respective email addresses, addresses of record or at such other address as may be given in writing by either party to the other in accordance with this Section and shall be deemed to have been received by the addressee: (i) if given by hand, immediately upon receipt; (ii) if given by overnight courier service, the first business day following dispatch (iii) if given by registered or certified mail, postage prepaid and return receipt requested, the second business day after such notice is deposited in the mail; or (iv) if given by email, immediately upon delivery to the recipient’s server.
14.6 Consent to E-Delivery. Notwithstanding anything herein to the contrary, Customer hereby consents to electronic delivery of any required or optional communication or document related to this MSA or provision of the Offerings. Communications shall be deemed delivered to you when sent or provided, regardless of whether you actually access or review them. If signature or acknowledgment is required or requested with respect to any such document and Customer or any Permitted User “clicks” in an appropriate space, or takes such other action as may be indicated, Customer will be deemed to have signed or acknowledged the document to the same extent and with the same effect (i.e., legally binding) as if Customer had signed the document manually. If Customer signs electronically, Customer represents that it has the ability to access and retain a record of the relevant documents.
14.7 Amendments; Waivers.
(a) Except as otherwise set forth in the Order Form, and subject to the amendment process set out under Sections 14.7(b) and 14.7(c), no supplement, modification, or amendment of this MSA shall be binding, unless executed in writing by a duly authorized representative of each party to this MSA. No waiver will be implied from conduct or failure to enforce or exercise rights under this MSA, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the party claimed to have waived. No provision of any purchase order or other business form employed by Customer will supersede the terms and conditions of this MSA, and any such document relating to this MSA shall be for administrative purposes only and shall have no legal effect.
(b) Notwithstanding Section 14.7(a), ThreatZero may supplement, modify or amend this MSA by providing not less than thirty (30) days’ written notice of such supplement, modification or amendment to the Customer via email (the “Amendment Notice”) and such supplement, modification, or amendment described in such Amendment Notice (the “Amendment”) shall automatically take effect and become binding on the parties upon the date indicated in such Amendment Notice (the “Amendment Effective Date”), unless the Customer exercises its termination rights in accordance with Sections 14.7(c) and 14.7(d).
(c) Upon service of the Amendment Notice on Customer and, provided that the Amendment does not constitute a minor update, including, but not limited to correction of errors, Customer shall be entitled to notify ThreatZero of its determination to terminate this MSA by providing written notice of termination (a “Termination Notice”), via email to ThreatZero according to instructions to be contained in the Amendment Notice at least fourteen (14) days prior to the Amendment Effective Date. If Customer provides a Termination Notice in accordance with this Section 14.7(c), this MSA shall, subject to Section 14.7(d), terminate on the date immediately preceding the Amendment Effective Date and Customer shall be entitled to receive a refund of the fees paid by Customer for the portion of the Contract Term which was not rendered by ThreatZero to Customer. If Customer does not exercise its right to terminate under this Section 14.7(c), Customer’s continued use of the Offerings after the Amendment Effective Date shall constitute Customer’s acceptance of the Amendment terms.
(d) If Customer provides ThreatZero with a Termination Notice pursuant to Section 14.7(c), ThreatZero shall have the option to notify Customer by email of its determination to revoke the Amendment Notice with respect to Customer, following delivery of which notice of revocation Customer shall have no further right to terminate under Section 14.7(c) and this MSA shall not be supplemented, modified, or amended with respect to Customer, but will continue in full force and effect as though no Amendment Notice shall have been provided by ThreatZero to Customer.
14.8 Third-Party Beneficiaries. Except as expressly set forth in this MSA, no provisions of this MSA are intended, nor will they be interpreted, to provide for or create any third-party beneficiary rights or any other rights of any kind in any other party. Affiliates and Suppliers of ThreatZero shall be deemed third-party beneficiaries to this MSA, unless ThreatZero determines otherwise in its sole discretion.
14.9 Feedback. If Customer provides ThreatZero with any feedback or suggestions regarding the Offerings (“Feedback”), Customer hereby assigns to ThreatZero all rights in such Feedback and agrees that ThreatZero shall have the right to use and fully exploit such Feedback and related information in any manner ThreatZero deems appropriate. ThreatZero will treat any Feedback provided by Customer as non-confidential and non-proprietary.
14.10 References. Provided that ThreatZero complies with trademark usage requirements notified to it by Customer, ThreatZero and its affiliates may refer to Customer (including on its website and in its related marketing materials and communications) as one of ThreatZero’s customers and may use Customer’s logo as part of such reference(s).
14.11 Entire Agreement. This MSA, together with the Order Form, is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements and communications relating to the subject matter of this MSA. Customer acknowledges that the Platform is an on-line, subscription-based product, and that ThreatZero may make changes to the Platform. All exhibits to this MSA, if any, are a part of this MSA.
14.12 Force Majeure. Neither party, nor any of its respective affiliates, shall be liable for any delay or failure to perform any obligation under this MSA (except for a failure to pay fees) if the delay or failure is due to unforeseen events which occur after the signing of this MSA and which are beyond the reasonable control of such person, such as a strike, blockade, war, act of terrorism, riot, pandemics, quarantines, natural disaster, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency.
14.13 Independent Contractors. The parties to this MSA are independent contractors. There is no relationship of partnership, joint venture, employment, franchise or agency created hereby between the parties. Neither party will have the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent.
14.14 Counterparts; Electronic Execution. This MSA may be executed in any number of counterparts which, when so executed, shall constitute an original and all of which together will constitute one and the same instrument. A signed copy of this MSA delivered by email or other means of electronic transmission is deemed to have the same legal effect as delivery of an original signed copy of this MSA.
14.15 Waiver of Jury Trial. Each party irrevocably and unconditionally waives any right it may have to a trial by jury in respect of any legal action arising out of or relating to this MSA or the transactions contemplated hereby.