SecurityStudio Master Subscription Agreement

THIS MASTER SUBSCRIPTION AGREEMENT GOVERNS CUSTOMER’S ACQUISITION AND USE OF SECURITYSTUDIO SERVICES. CAPITALIZED TERMS HAVE THE DEFINITIONS SET FORTH HEREIN.

IF CUSTOMER REGISTERS FOR A FREE TRIAL OF SECURITYSTUDIO SERVICES OR FOR FREE SERVICES, THE APPLICABLE PROVISIONS OF THIS AGREEMENT WILL ALSO GOVERN THAT FREE TRIAL OR THOSE FREE SERVICES. BY ACCEPTING THIS AGREEMENT, BY (1) CLICKING A BOX INDICATING ACCEPTANCE, (2) EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, OR (3) USING FREE SERVICES, CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERM “CUSTOMER” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

The Services may not be accessed for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.

This Agreement was last updated on September 24, 2019. It is effective between Customer and SecurityStudio as of the date of Customer accepting this Agreement.

1. DEFINITIONS

“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for urposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Agreement” means this SecurityStudio Master Subscription Agreement.

“Beta Services” means SecurityStudio services or functionality that may be made available to Customer to try at its option at no additional charge which is clearly designated as beta, pilot, limited release, developer preview, non-production, evaluation, or by a similar description.

“Content” means information obtained by SecurityStudio from publicly available sources or its third party content providers and made available to Customer through the Services, Beta Services or pursuant to an Order Form.

“Customer” means in the case of an individual accepting this Agreement on his or her own behalf, such individual, or in the case of an individual accepting this Agreement on behalf of a company or other legal entity, the company or other legal entity for which such individual is accepting this Agreement, and Affiliates of that company or entity (for so long as they remain Affiliates) which have entered into Order Forms.

“Customer Data” means electronic data and information submitted by or for Customer to the Services, whether on Customer’s own account, by Customer’s Users, or for Customer’s clients. Customer Data excludes Content and Non-SecurityStudio Applications.

“Documentation” means this Agreement and Order Forms, as well as SecurityStudio’s Terms of Service and Privacy Policy as updated from
time to time, accessible via login to the applicable Service.

“Free Services” means Services that SecurityStudio makes available to Customer free of charge. Free Services exclude Services offered as a free trial and Purchased Services.

“Malicious Code” means code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs and Trojan horses.

“Order Form” means an ordering document or online order specifying the Services to be provided hereunder that is entered into between Customer and SecurityStudio or any of their Affiliates, including any addenda and supplements thereto. By entering into an Order Form hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto

“Purchased Services” means Services that Customer or Customer’s Affiliate purchases under an Order Form or online purchasing portal, as
distinguished from Free Services or those provided pursuant to a free trial.

“SecurityStudio” means the SecurityStudio Inc company described in the “SecurityStudio Contracting Entity, Notices, Governing Law, and
Venue” section below.

“Services” means the products and services that are ordered by Customer under an Order Form or online purchasing portal, or provided to Customer free of charge (as applicable) or under a free trial, and made available online by SecurityStudio, including associated SecurityStudio offline or mobile components. “Services” exclude Content and Non-SecurityStudio Applications.

“User” means, in the case of an individual accepting these terms on his or her own behalf, such individual, or, in the case of an individual accepting this Agreement on behalf of a company or other legal entity, an individual who is authorized by Customer to use a Service, for whom Customer has purchased a subscription (or in the case of any Services provided by SecurityStudio without charge, for whom a Service has been provisioned), and to whom Customer (or, when applicable, SecurityStudio at Customer’s request) has supplied a user identification and password (for Services utilizing authentication). Users may include, for example, employees, consultants, contractors and agents of Customer, and third parties with which Customer transacts business.

2. SECURITYSTUDIO’S RESPONSIBILITIES

2.1. Provision of Purchased Services. SecurityStudio will (a) make the Services and Content available to Customer pursuant to this Agreement, and the applicable Order Forms and Documentation, (b) provide applicable SecurityStudio standard support for the Purchased Services to Customer at no additional charge, and/or upgraded support if purchased, (c) use commercially reasonable efforts to make the online Purchased Services available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which SecurityStudio shall give advance electronic notice), and (ii) any unavailability caused by circumstances beyond SecurityStudio’s reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving SecurityStudio employees), Internet service provider failure or delay, Non-SecurityStudio Application, or denial of service attack, and (d) provide the Services in accordance with laws and government regulations applicable to SecurityStudio’s provision of its Services to its customers generally (i.e., without regard for Customer’s particular use of the Services), and subject to Customer’s use of the Services in accordance with this Agreement, the Documentation and the applicable Order Form.

2.2. Protection of Customer Data. SecurityStudio will maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, as described in the Documentation. Those safeguards will include, but will not be limited to, measures designed to prevent unauthorized access to or disclosure of Customer Data (other than by Customer or Users). To the extent Personal Data from the European Economic Area (EEA), the United Kingdom and Switzerland are processed by SecurityStudio, its Processor Binding Corporate Rules, the EU-US and/or Swiss-US Privacy Shield, and/or the Standard Contractual Clauses shall apply, as further set forth in the DPA. For the purposes of the Standard Contractual Clauses, Customer and its applicable Affiliates are each the data exporter, and Customer’s acceptance of this Agreement, and an applicable Affiliate’s execution of an Order Form, shall be treated as its execution of the Standard Contractual Clauses and Appendices. Upon request by Customer made within 30 days after the effective date of termination or expiration of this Agreement, SecurityStudio will make Customer Data available to Customer for export or download as provided in the Documentation. After such 30-day period, SecurityStudio will have no obligation to maintain or provide any Customer Data, and as provided in the Documentation will thereafter delete or destroy all copies of Customer Data in its systems or
otherwise in its possession or control, unless legally prohibited.

2.3. SecurityStudio Personnel. SecurityStudio will be responsible for the performance of SecurityStudio’s personnel (including SecurityStudio’s employees and contractors) and their compliance with SecurityStudio’s obligations under this Agreement, except as otherwise specified herein.

2.4. Beta Services. From time to time, SecurityStudio may make Beta Services available to Customer at no charge. Customer may choose to try such Beta Services or not in Customer’s sole discretion. Beta Services are intended for evaluation purposes and not for commercial use, are not supported by Us, and may be subject to additional terms. Beta Services are not considered “Services” under this Agreement, however, all restrictions, including SecurityStudio’s reservation of rights and Customer’s obligations concerning the Services, shall apply equally to Customer’s use of Beta Services, if any. Unless otherwise stated, any Beta Services trial period will expire upon the earlier of one year from the trial start date or the date that a version of the Beta Services becomes generally available without the applicable Beta Services designation. SecurityStudio may discontinue Beta Services at any time in  SecurityStudio’s sole discretion and may never make them generally available. SecurityStudio will have no liability for any harm or damage arising out of or in connection with a Beta Service.

2.5. Free Trial. If Customer register on SecurityStudio’s or an Affiliate’s website for a free trial, SecurityStudio will make the applicable Service(s) available to Customer on a trial basis free of charge until the earlier of (a) the end of the free trial period for which Customer registered to use the applicable Service(s), or (b) the start date of any Purchased Service subscriptions ordered by Customer for such Service(s), or (c) termination by SecurityStudio in its sole discretion. Additional trial terms and conditions may appear on the trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.

ANY DATA CUSTOMER ENTERS INTO THE SERVICES, AND ANY CUSTOMIZATIONS MADE TO THE SERVICES BY OR FOR CUSTOMER, DURING CUSTOMER’S FREE TRIAL WILL BE PERMANENTLY LOST UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE TRIAL, PURCHASES APPLICABLE UPGRADED SERVICES, OR EXPORTS SUCH DATA, BEFORE THE END OF THE TRIAL PERIOD. CUSTOMER CANNOT TRANSFER DATA ENTERED OR CUSTOMIZATIONS MADE DURING THE FREE TRIAL TO A SERVICE THAT WOULD BE A DOWNGRADE FROM THAT COVERED BY THE TRIAL (E.G., FROM ENTERPRISE EDITION TO PROFESSIONAL EDITION); THEREFORE, IF CUSTOMER PURCHASES A SERVICE THAT WOULD BE A DOWNGRADE FROM THAT COVERED BY THE TRIAL, CUSTOMER
MUST EXPORT CUSTOMER DATA BEFORE THE END OF THE TRIAL PERIOD OR CUSTOMER DATA WILL BE PERMANENTLY LOST.

NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY SECURITYSTUDIO” SECTION BELOW, DURING THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND SECURITYSTUDIO SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE SERVICES FOR THE FREE TRIAL PERIOD UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE SECURITYSTUDIO’S LIABILITY WITH RESPECT TO THE SERVICES PROVIDED DURING THE FREE TRIAL SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, SECURITYSTUDIO AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD WILL MEET CUSTOMER’S
REQUIREMENTS, (B) CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED DURING THE FREE TRIAL PERIOD WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO SECURITYSTUDIO AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE SERVICES DURING THE FREE TRIAL PERIOD, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

CUSTOMER SHALL REVIEW THE APPLICABLE SERVICE’S DOCUMENTATION DURING THE TRIAL PERIOD TO BECOME FAMILIAR WITH THE FEATURES AND FUNCTIONS OF THE SERVICES BEFORE MAKING A PURCHASE.

2.6. Free Services. SecurityStudio may make Free Services available to Customer. Use of Free Services is subject to the terms and conditions of this Agreement. In the event of a conflict between this section and any other portion of this Agreement, this section shall control. Free Services are provided to Customer without charge up to certain limits as described in the Documentation. Usage over these limits requires Customer’s purchase of additional resources or services. Customer agrees that SecurityStudio, in its sole discretion and for any or no reason, may terminate Customer’s access to the Free Services or any part thereof. Customer agrees that any termination of Customer’s access to the Free Services may be without prior notice, and Customer agrees that SecurityStudio will not be liable to Customer or any third party for such termination. Customer is solely responsible for exporting Customer Data from the Free Services prior to termination of Customer’s access to the Free Services for any reason, provided that if SecurityStudio terminates Customer’s account, except as required by law SecurityStudio will provide Customer a reasonable opportunity to retrieve its Customer Data.

NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY SECURITYSTUDIO” SECTION BELOW, THE FREE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND SECURITYSTUDIO SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE FREE SERVICES UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE SECURITYSTUDIO’S LIABILITY WITH RESPECT TO THE FREE SERVICES SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, SECURITYSTUDIO AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE FREE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE FREE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED THROUGH THE FREE SERVICES WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO SECURITYSTUDIO AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE FREE SERVICES, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.

3. USE OF SERVICES AND CONTENT

3.1. Subscriptions. Unless otherwise provided in the applicable Order Form or Documentation, (a) Purchased Services and access to Content are purchased as subscriptions for the term stated in the applicable Order Form or in the applicable online purchasing portal, (b) subscriptions for Purchased Services may be added during a subscription term at the same pricing as the underlying subscription pricing, prorated for the portion of that subscription term remaining at the time the subscriptions are added, and (c) any added subscriptions will terminate on the same date as the underlying subscriptions. Customer agrees that its purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by SecurityStudio regarding future functionality or features.

3.2. Usage Limits. Services and Content are subject to usage limits specified in Order Forms and Documentation. If Customer exceeds a contractual usage limit, SecurityStudio may work with Customer to seek to reduce Customer’s usage so that it conforms to that limit. If, notwithstanding SecurityStudio’s efforts, Customer is unable or unwilling to abide by a contractual usage limit, Customer will execute an Order Form for additional quantities of the applicable Services or Content promptly upon SecurityStudio’s request, and/or pay any invoice for excess usage in accordance with the “Invoicing and Payment” section below.

3.3. Customer’s Responsibilities. Customer will (a) be responsible for Users’ compliance with this Agreement, Documentation and Order Forms, (b) be responsible for the accuracy, quality and legality of Customer Data, the means by which Customer acquired Customer Data, Customer’s use of Customer Data with the Services, and the interoperation of any Non-SecurityStudio Applications with which Customer uses Services or Content, (c) use commercially reasonable efforts to prevent unauthorized access to or use of Services and Content, and notify SecurityStudio promptly of any such unauthorized access or use, (d) use Services and Content only in accordance with this Agreement, Documentation, the Acceptable Use and External Facing Services Policy at https://securitystudio.com/agreements/, Order Forms and applicable laws and government regulations, and (e) comply with terms of service of any Non-SecurityStudio Applications with which Customer uses Services or Content. Any use of the Services in breach of the foregoing by Customer or Users that in SecurityStudio’s judgment threatens the security, integrity or availability of SecurityStudio’s services, may result in SecurityStudio’s immediate suspension of the Services, however SecurityStudio will use commercially reasonable efforts under the circumstances to provide Customer with notice and an opportunity to remedy such violation or threat prior to any such suspension.

3.4. Usage Restrictions. Customer will not (a) make any Service or Content available to anyone other than Customer or Users, or use any Service or Content for the benefit of anyone other than Customer or its Affiliates, unless expressly stated otherwise in an Order Form or the Documentation, (b) sell, resell, license, sublicense, distribute, make available, rent or lease any Service or Content, or include any Service or Content in a service bureau or outsourcing offering, (c) use a Service or Non-SecurityStudio Application to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use a Service or Non-SecurityStudio Application to store or transmit Malicious Code, (e) interfere with or disrupt the integrity or performance of any Service or third-party data contained therein, (f) attempt to gain unauthorized access to any Service or Content or its related systems or networks, (g) permit direct or indirect access to or use of any Services or Content in a way that circumvents a contractual usage limit, or use any Services to access or use any of SecurityStudio intellectual property except as permitted under this Agreement, an Order Form, or the Documentation, (h) modify, copy, or create derivative works based on a Service or any part, feature, function or user interface thereof, (i) copy Content except as permitted herein or in an Order Form or the Documentation, (j) frame or mirror any part of any Service or Content, other than framing on Customer’s own intranets or otherwise for its own internal business purposes or as permitted in the Documentation, (k)
except to the extent permitted by applicable law, disassemble, reverse engineer, or decompile a Service or Content or access it to (1) build a competitive product or service, (2) build a product or service using similar ideas, features, functions or graphics of the Service, (3) copy any ideas, features, functions or graphics of the Service, or (4) determine whether the Services are within the scope of any patent.

3.5. Removal of Content and Non-SecurityStudio Applications. If Customer receives notice that Content or a Non-SecurityStudio Application must be removed, modified and/or disabled to avoid violating applicable law, third-party rights, or the Acceptable Use and External Facing Services Policy , Customer will promptly do so. If Customer does not take required action in accordance with the above, or if in SecurityStudio’s judgment continued violation is likely to reoccur, SecurityStudio may disable the applicable Content, Service and/or Non-SecurityStudio Application. If requested by SecurityStudio, Customer shall confirm such deletion and discontinuance of use in writing and SecurityStudio shall be authorized to provide a copy of such confirmation to any such third party claimant or governmental authority, as applicable. In addition, if SecurityStudio is required by any third party rights holder to remove Content, or receives information that Content provided to Customer may violate applicable law or third-party rights, SecurityStudio may discontinue Customer’s access to Content through the Services.

4. NON-SECURITYSTUDIO PRODUCTS AND SERVICES

4.1. Non-SecurityStudio Products and Services. SecurityStudio or third parties may make available (for example, through a Marketplace or otherwise) third-party products or services, including, for example, Non-SecurityStudio Applications and implementation and other consulting services. Any acquisition by Customer of such products or services, and any exchange of data between Customer and any NonSecurityStudio provider, product or service is solely between Customer and the applicable Non-SecurityStudio provider. SecurityStudio does not warrant or support Non-SecurityStudio Applications or other Non-SecurityStudio products or services, whether or not they are designated by SecurityStudio as “certified” or otherwise, unless expressly provided otherwise in an Order Form. SecurityStudio is not responsible for any disclosure, modification or deletion of Customer Data resulting from access by such Non-SecurityStudio Application or its provider.

4.2. Integration with Non-SecurityStudio Applications. The Services may contain features designed to interoperate with NonSecurityStudio Applications. SecurityStudio cannot guarantee the continued availability of such Service features, and may cease providing them without entitling Customer to any refund, credit, or other compensation, if for example and without limitation, the provider of a NonSecurityStudio Application ceases to make the Non-SecurityStudio Application available for interoperation with the corresponding Service features in a manner acceptable to SecurityStudio.

5. FEES AND PAYMENT

5.1. Fees. Customer will pay all fees specified in the Order Form, except as otherwise specified herein, (i) fees are based on Services and Content subscriptions purchased and not actual usage, (ii) payment obligations are non-cancelable and fees paid are non-refundable, and (iii) quantities purchased cannot be decreased during the relevant subscription term.

5.2. Invoicing and Payment. Customer will provide SecurityStudio with valid and updated credit card information, or with a valid purchase order or alternative document reasonably acceptable to SecurityStudio. If Customer provides credit card information to SecurityStudio, Customer authorizes SecurityStudio to charge such credit card for all Purchased Services listed in the Order Form for the initial subscription term and any renewal subscription term(s) as set forth in the “Term of Purchased Subscriptions” section below. Such charges shall be made in advance, either annually or in accordance with any different billing frequency stated in the applicable Order Form. If the Order Form specifies that payment will be by a method other than a credit card, SecurityStudio will invoice Customer in advance and otherwise in accordance with the relevant Order Form. Unless otherwise stated in the Order Form, invoiced fees are due net 15 days from the invoice date. Customer is responsible for providing complete and accurate billing and contact information to SecurityStudio and notifying SecurityStudio of any changes to such information.

5.3. Overdue Charges. If any invoiced amount is not received by SecurityStudio by the due date, then without limiting SecurityStudio’s rights or remedies, (a) those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, and/or (b) SecurityStudio may condition future subscription renewals and Order Forms on payment terms shorter than those specified in the “Invoicing and Payment” section above.

5.4. Suspension of Service and Acceleration. If any charge owing by Customer under this or any other agreement for services is 30 days or more overdue, (or 10 or more days overdue in the case of amounts Customer has authorized SecurityStudio to charge to Customer’s credit card), SecurityStudio may, without limiting its other rights and remedies, accelerate Customer’s unpaid fee obligations under such agreements so that all such obligations become immediately due and payable, and suspend Services until such amounts are paid in full, provided that, other than for customers paying by credit card or direct debit whose payment has been declined, SecurityStudio will give Customer at least 10 days’ prior notice that its account is overdue, in accordance with the “Manner of Giving Notice” section below for billing notices, before suspending services to Customer.

5.5. Payment Disputes. SecurityStudio will not exercise its rights under the “Overdue Charges” or “Suspension of Service and Acceleration” section above if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute.

5.6. Taxes. SecurityStudio’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If SecurityStudio has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, SecurityStudio will invoice Customer and Customer will pay that amount unless Customer provides SecurityStudio with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, SecurityStudio is solely responsible for taxes assessable against it based on its income, property and employees.

6. PROPRIETARY RIGHTS AND LICENSES

6.1. Reservation of Rights. Subject to the limited rights expressly granted hereunder, SecurityStudio reserves all of SecurityStudio’s right, title and interest in and to the Services and Content, including all of SecurityStudio’s related intellectual property rights. No rights are granted to Customer hereunder other than as are expressly set forth herein.

6.2. Access to and Use of Content. Customer have the right to access and use applicable Content subject to the terms of applicable Order
Forms, and this Agreement.

6.3. License to Host Customer’s Data and Applications. Customer grant SecurityStudio and applicable contractors a worldwide, limitedterm license to host, copy, transmit and display Customer’s Data as reasonably necessary for SecurityStudio to provide the Services in accordance with this Agreement. Subject to the limited licenses granted herein, SecurityStudio acquires no right, title or interest from Customer or Customer’s Users, or Customer’s Clients under this Agreement in or to any of Customer’s Data.

6.4. License to Use Feedback. Customer grant to SecurityStudio a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into SecurityStudio’s services any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer or Users relating to the operation of SecurityStudio’s services.

7. CONFIDENTIALITY

7.1. Definition of Confidential Information. “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Customer’s Confidential Information includes Customer’s Data; SecurityStudio’s Confidential Information includes the Services and Content; and Confidential Information of each party includes the terms and conditions and any Exhibits of this Agreement and all Order Forms (including pricing), as well as business and marketing plans, technology and technical information, product plans and designs, business processes, customer and user information, and other proprietary information disclosed by such party. However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

7.2. Protection of Confidential Information. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to (i) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement and (ii) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections not materially less protective of the Confidential Information than those herein. Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its legal counsel or accountants will remain responsible for such legal counsel’s or accountant’s compliance with this “Confidentiality” section. Notwithstanding the foregoing, SecurityStudio may disclose the terms of this Agreement and any applicable Order Form to a subcontractor to the extent necessary to perform SecurityStudio’s obligations to
Customer under this Agreement, under terms of confidentiality intended to be as materially protective as set forth herein.

7.3. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to that Confidential Information.

8. REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS

8.1. Representations. Each party represents that it has validly entered into this Agreement and has the legal power to do so.

8.2. SecurityStudio Warranties. SecurityStudio warrants that during an applicable subscription term (a) this Agreement, the Order Forms and the Documentation will accurately describe the applicable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, (b) SecurityStudio will not materially decrease the overall security of the Services, (c) the Services will perform materially in accordance with the applicable Documentation, and (d) subject to the “Integration with NonSecurityStudio Applications” section above, SecurityStudio will not materially decrease the overall functionality of the Services. For any breach of a warranty above, Customer’s exclusive remedies are those described in the “Termination” and “Refund or Payment upon Termination” sections below.

8.3. Disclaimers. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND,
WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CONTENT, FREE TRIALS, FREE
SERVICES AND BETA SERVICES ARE PROVIDED “AS IS,” AND AS AVAILABLE EXCLUSIVE OF ANY WARRANTY
WHATSOEVER.

9. MUTUAL INDEMNIFICATION

9.1. Indemnification by SecurityStudio. SecurityStudio will defend Customer against any claim, demand, suit or proceeding made or brought against Customer by a third party alleging that any Purchased Service infringes or misappropriates such third party’s intellectual property rights (a “Claim Against Customer”), and will indemnify Customer from any damages, attorney fees and costs finally awarded against Customer as a result of, or for amounts paid by Customer under a settlement approved by SecurityStudio in writing of, a Claim Against Customer, provided Customer (a) promptly gives SecurityStudio written notice of the Claim Against Customer, (b) gives SecurityStudio sole control of the defense and settlement of the Claim Against Customer (except that SecurityStudio may not settle any Claim Against Customer unless it unconditionally releases Customer of all liability), and (c) gives SecurityStudio all reasonable assistance, at SecurityStudio’s expense. If SecurityStudio receives information about an infringement or misappropriation claim related to a Service, SecurityStudio may in its discretion and at no cost to Customer (i) modify the Services so that they are no longer claimed to infringe or misappropriate, without breaching SecurityStudio’s warranties under “SecurityStudio Warranties” above, (ii) obtain a license for Customer’s
continued use of that Service in accordance with this Agreement, or (iii) terminate Customer’s subscriptions for that Service upon 30 days’ written notice and refund Customer any prepaid fees covering the remainder of the term of the terminated subscriptions. The above defense and indemnification obligations do not apply if (1) the allegation does not state with specificity that the Services are the basis of the Claim Against Customer; (2) a Claim Against Customer arises from the use or combination of the Services or any part thereof with software, hardware, data, or processes not provided by SecurityStudio, if the Services or use thereof would not infringe without such combination; (3) a Claim Against Customer arises from Services under an Order Form for which there is no charge; or (4) a Claim against Customer arises from Content, a Non-SecurityStudio Application or Customer’s breach of this Agreement, the Documentation or applicable Order Forms.

9.2. Indemnification by Customer. Customer will defend SecurityStudio and its Affiliates against any claim, demand, suit or proceeding made or brought against SecurityStudio by a third party alleging (a) that any Customer Data or Customer’s use of Customer Data with the Services, (b) a Non-SecurityStudio Application provided by Customer, or (c) the combination of a Non-SecurityStudio Application provided by Customer and used with the Services, infringes or misappropriates such third party’s intellectual property rights, or arising from Customer’s use of the Services or Content in an unlawful manner or in violation of the Agreement, the Documentation, or Order Form (each a “Claim Against SecurityStudio”), and will indemnify SecurityStudio from any damages, attorney fees and costs finally awarded against SecurityStudio as a result of, or for any amounts paid by SecurityStudio under a settlement approved by Customer in writing of, a Claim Against SecurityStudio, provided SecurityStudio (a) promptly gives Customer written notice of the Claim Against SecurityStudio, (b) gives Customer sole control of the defense and settlement of the Claim Against SecurityStudio (except that Customer may not settle any Claim Against SecurityStudio unless it unconditionally releases SecurityStudio of all liability), and (c) gives Customer all reasonable assistance, at Customer’s expense. The above defense and indemnification obligations do not apply if a Claim Against SecurityStudio arises from SecurityStudio’s breach of this Agreement, the Documentation or applicable Order Forms

9.3. Exclusive Remedy. This “Mutual Indemnification” section states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any third party claim described in this section.

10. LIMITATION OF LIABILITY

10.1. Limitation of Liability. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EACH PARTY TOGETHER WITH ALL OF ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER AND ITS AFFILIATES HEREUNDER FOR THE SERVICES GIVING RISE TO THE LIABILITY IN THE TWELVE MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, BUT WILL NOT LIMIT CUSTOMER’S AND ITS AFFILIATES’ PAYMENT OBLIGATIONS UNDER THE “FEES AND PAYMENT” SECTION ABOVE.

10.2. Exclusion of Consequential and Related Damages. IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY LOST PROFITS, REVENUES, GOODWILL, OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S OR ITS AFFILIATES’ REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.

11. TERM AND TERMINATION

11.1 Term of Agreement. This Agreement commences on the date Customer first accepts it and continues until all subscriptions hereunder have expired or have been terminated.

11.2. Term of Purchased Subscriptions. The term of each subscription shall be as specified in the applicable Order Form. Except as otherwise specified in an Order Form, subscriptions will automatically renew for additional periods equal to the expiring subscription term or one year (whichever is shorter), unless either party gives the other written notice (email acceptable) at least 30 days before the end of the relevant subscription term. Except as expressly provided in the applicable Order Form, renewal of promotional or one-time priced subscriptions will be at SecurityStudio’s applicable list price in effect at the time of the applicable renewal. Notwithstanding anything to the contrary, any renewal in which subscription volume or subscription length for any Services has decreased from the prior term will result in re-pricing at renewal without regard to the prior term’s per-unit pricing.

11.3. Termination. A party may terminate this Agreement for cause (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors

11.4. Refund or Payment upon Termination. If this Agreement is terminated by Customer in accordance with the “Termination” section above, SecurityStudio will refund Customer any prepaid fees covering the remainder of the term of all Order Forms after the effective date of termination. If this Agreement is terminated by SecurityStudio in accordance with the “Termination” section above, Customer will pay any unpaid fees covering the remainder of the term of all Order Forms to the extent permitted by applicable law. In no event will termination relieve Customer of its obligation to pay any fees payable to SecurityStudio for the period prior to the effective date of termination 11.5. Surviving Provisions. The sections titled “Free Services”, “Fees and Payment”, “Proprietary Rights and Licenses”, “Confidentiality”, “Disclaimers”, “Mutual Indemnification”, “Limitation of Liability”, “Refund or Payment upon Termination”, “Removal of Content and NonSecurityStudio Applications”, “Surviving Provisions” and “ General Provisions” will survive any termination or expiration of this Agreement, and the section titled “Protection of Customer Data” will survive any termination or expiration of this Agreement for so long as SecurityStudio retains possession of Customer Data

12. GENERAL PROVISIONS

12.1. Export Compliance. The Services, Content, other technology SecurityStudio makes available, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. Customer shall not permit Users to access or use any Service or Content in a U.S. embargoed country (as those countries may be designated by the Government of the United States from time to time) or in violation of any U.S. export law or regulation.

12.2. Anti-Corruption. Customer agrees that Customer has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from SecurityStudio or from any of SecurityStudio’s employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction.

12.3 Entire Agreement and Order of Precedence. This Agreement is the entire agreement between Customer and SecurityStudio regarding Customer’s use of the Services and Content and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning the subject matter of this Master Subscription Agreement. Except as otherwise provided herein, no modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. The parties agree that any term or condition stated in Customer’s purchase order or in any other of Customer’s order documentation (excluding Order Forms) is void. In the event of any conflict or inconsistency among the following documents, this Master Subscription Agreement shall control.

12.4. Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. Each party will be solely responsible for payment of all compensation owed to its employees, as well as all employment-related taxes

12.5. Third-Party Beneficiaries. There are no third-party beneficiaries under this Agreement.

12.6. Waiver. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.

12.7. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be
deemed null and void, and the remaining provisions of this Agreement will remain in effect.

12.8. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (including all Order Forms), without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Notwithstanding the foregoing, if a party is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of the other party, then such other party may terminate this Agreement upon written notice. In the event of such a termination, SecurityStudio will refund Customer any prepaid fees covering the remainder of the term of all subscriptions for the period after the effective date of such termination. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.

12.9. SecurityStudio Contracting Entity, Notices, Governing Law, and Venue. The SecurityStudio entity entering into this Agreement,
the address to which Customer should direct notices under this Agreement, the law that will apply in any dispute or lawsuit arising out of or in connection with this Agreement, and the courts that have jurisdiction over any such dispute or lawsuit, depend on where Customer is
domiciled.

  • If Customer is
    domiciled in:
  • The United States of
    America, Canada,
    Mexico or a Country in
    Central or South
    America or the
    Caribbean
  • Customer is contracting
    with:
  • SecurityStudio Inc
  • Notices should be
    addressed to:
  • SecurityStudio Inc at
    5909 Baker Road, Suite
    500, Minnetonka MN
    55345, U.S.A., Attn:
    Kevin Orth, CFO, with
    a copy to Attn: General
    Counsel
  • The governing law is:
  • Minnesota and
    controlling United
    States federal law

  • The courts having
    exclusive jurisdiction
    are venued at:
  • Minneapolis,
    Minnesota, U.S.A.
  • If Customer is
    domiciled in:

  • The United States of
    America, Canada,
    Mexico or a Country in
    Central or South
    America or the
    Caribbean

  • Customer is contracting
    with:

  • SecurityStudio Inc






  • Notices should be
    addressed to:

  • SecurityStudio Inc at
    5909 Baker Road, Suite
    500, Minnetonka MN
    55345, U.S.A., Attn:
    Kevin Orth, CFO, with
    a copy to Attn: General
    Counsel
  • The governing law is:


  • Minnesota and
    controlling United
    States federal law




  • The courts having
    exclusive jurisdiction
    are venued at:
  • Minneapolis,
    Minnesota, U.S.A.





12.10. Manner of Giving Notice. Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the third business day after mailing, or (c), except for notices of termination or an indemnifiable claim (“Legal Notices”), which shall clearly be identifiable as Legal Notices, the day of sending by email. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer. All other notices to Customer will be addressed to the relevant Services system administrator designated by Customer.

12.11. Agreement to Governing Law and Jurisdiction. Each party agrees to the applicable governing law described above without regard to choose or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts designated above.

12.12. No Agency. For the purpose of avoidance of any doubt, SecurityStudio is entering into this Agreement as principal and not as agent for any other company. Subject to any permitted Assignment under the sectioned labeled “Assignment” above, the obligations owed by SecurityStudio under this Agreement shall be owed to Customer solely by SecurityStudio and the obligations owed by Customer under this Agreement shall be owed solely to SecurityStudio.

Acceptable Use and External-Facing Services Policy

1. Scope

This Acceptable Use and External Facing Services Policy (“Policy”) applies to customers’ use of all services offered by
SecurityStudio Inc or its affiliates (“SecurityStudio”).

2. Last Updated

September 25, 2019

3. Changes to Policy

SecurityStudio may change this Policy by posting an updated version of the Policy at https://securitystudio.com/agreements/ and such updates will be effective upon posting.

4. Violations

A customer’s violation of this Policy will be considered a material breach of the master subscription agreement and/or other agreement governing the customer’s use of the services.

5. Prohibited Material

Customers may not, and may not allow any third-party, including its users, to use services to display, store, process or transmit, or permit use of services to display, store, process or transmit:

  • Material that infringes or misappropriates a third party’s intellectual property or proprietary rights;
  • Hate-related or violent material, and/or material advocating discrimination against individuals or groups;
  • Obscene, excessively profane material or otherwise objectionable material;
  • Material advocating or advancing criminal hacking, cracking, or phishing;
  • Material related to illegal drugs or paraphernalia;
  • Malicious material;
  • Unlawful software;
  • Malicious code, such as viruses, worms, time bombs, Trojan horses and other harmful or malicious files, scripts,
    agents or programs; or
  • Material that violates, encourages or furthers conduct that would violate any applicable laws, including any
    criminal laws, or any third-party rights, including publicity or privacy rights.

6. Prohibited Actions

Customers may not use a service to, nor allow its users or any third-party to use a service to:

  • Generate or facilitate unsolicited commercial email (spam). Such prohibited activity includes, but is not limited
    to:
    o sending communications or email in violation of the CAN-SPAM Act or any other applicable anti-spam law or regulation;
    o imitating or impersonating SecurityStudio, another person or his, her or its email address, or creating false accounts for the purpose of sending spam;
    o data mining or harvesting any web property (including any External-Facing Service) to find email addresses or other user account information;
    o sending unauthorized mail via open, third-party servers;
    o sending email to users who have requested to be removed from a mailing list;
    o selling to, exchanging with, sharing with or distributing to a third party personal information, including the email addresses of any person without such person’s knowing and continued consent to such disclosure; or
    o sending unsolicited emails to significant numbers of email addresses belonging to individuals and/or entities with whom you have no preexisting relationship;
  • Send, upload, distribute or disseminate, or offer to do the same, with respect to unlawful, defamatory,
    harassing, abusive, fraudulent, infringing, obscene, excessively profane, hateful, violent, or otherwise objectionable material, or promote, support or facilitate unlawful, hateful, discriminatory, or violent causes;
  • Intentionally distribute viruses, worms, defects, Trojan horses, corrupted files, hoaxes, or any other items of a destructive or deceptive nature;
  • Conduct or forward multi-level marketing, such as pyramid schemes and the like;
  • Generate or facilitate SMS, MMS, or other text messages or push notifications in violation of the Telephone Consumer Protection Act, the Do-Not-Call Implementation Act, or any other applicable law including antispam, telemarketing or telephone consumer protection laws or regulations;
  • Use the services in any manner that violates any applicable industry standards, third party policies or requirements that SecurityStudio may communicate to its users, including all of the applicable guidelines published by the CTIA, the Mobile Marketing Association, the Self- Regulatory Principles as directed by the Digital Advertising Alliance and the Network Advertising Initiative or any other generally accepted industry associations, carrier guidelines or other industry standards;
  • Transmit material that may be harmful to minors;
  • Illegally transmit another’s intellectual property or other proprietary information without such owner’s or licensor’s permission;
  • Impersonate another person, entity or SecurityStudio (via the use of an email address or otherwise) or otherwise misrepresent themselves or the source of any email;
  • Violate the rights (such as rights of privacy or publicity) of others;
  • Promote, facilitate or encourage illegal activity;
  • Interfere with other users’ enjoyment of a service;
  • Engage in activity in connection with illegal peer-to-peer filesharing;
  • Engage in or promote gambling, or run a gambling operation;
  • “Mine” bitcoins and other cryptocurrencies;
  • Sell, distribute or export illegal or prescription drugs or other controlled substances or paraphernalia;
  • Access (including through any interfaces provided with a service), any SecurityStudio product or service, or other service or website, in a manner that violates the terms for use of or access to such service or website;
  • Operate an “open proxy” or any other form of Internet proxy service that is capable of forwarding requests to any end user or third party-supplied Internet host;
  • Perform significant load or security testing without first obtaining SecurityStudio’s written consent;
  • Remove any copyright, trademark or other proprietary rights notices contained in or on the service or reformat or frame any portion of the web pages that are part of the service’s administration display;
  • Access a third party web property for the purposes of web scraping, web crawling, web monitoring, or other similar activity through a web client that does not take commercially reasonable efforts to identify itself via a unique User Agent string describing the purpose of the web client and obey the robots exclusion standard (also known as the robots.txt standard), including the crawl-delay directive; or Use a service in any manner that would disparage SecurityStudio.

7. U.S. Digital Millennium Copyright Act or Similar Statutory Obligations

To the extent a customer uses the services for hosting, advertising, sending electronic messages or for the creation and hosting of, or for posting material on, websites, each customer must (i) comply with any notices received under Title II of the Digital Millennium Copyright Act of 1998 (Section 512 of the U.S. Copyright Act) or similar statute in other countries (the “DMCA”), (ii) set up a process to expeditiously respond to notices of alleged infringement that comply with the DMCA and to implement a DMCA-compliant repeat infringers policy, (iii) publicly display a description of its notice and takedown process under the DMCA on its instance of the services, and (iv) comply with such processes, policy(ies), and description.

It is SecurityStudio’s policy to respond expeditiously to valid notices of claimed copyright infringement compliant with the DMCA. In appropriate circumstances, SecurityStudio will terminate the accounts of customers who SecurityStudio suspects to be repeatedly or blatantly infringing copyrights.

If SecurityStudio receives a notice alleging that material on a customer’s instance of a service infringes another party’s intellectual property, SecurityStudio may disable that customer’s instance of the service or remove the allegedly infringing material. If SecurityStudio receives more than one such notice for the same customer, SecurityStudio reserves the right to immediately terminate such customer’s subscriptions to the services as deemed necessary by SecurityStudio to ensure continued protection under the safe harbor provisions under the DMCA or to prevent violations of other applicable laws or third parties’ rights.