New SOC Talk Webinar: Optimizing Threat Intelligence to Maximize Incident Response - 12/9 at 2:00 PM EST. Register Now ➞

END USER LICENSE AGREEMENT

Please read your Order and this End User License Agreement (the “EULA”) (the Order and EULA are collectively referred to as this “Agreement”) carefully, which constitute a legal agreement between the customer set out in the Order (“you” or “Customer”) and ReliaQuest, LLC, on behalf of itself and any Affiliates (collectively referred to as “ReliaQuest”). Capitalized terms used herein not defined in context have the meanings set out in Section 15 (Definitions).

YOU AGREE TO THIS AGREEMENT BY DOWNLOADING, ACCESSING, OR USING THE RELIAQUEST PLATFORM OR BY CHECKING A BOX REFERENCING YOUR CONSENT TO ABIDE BY THIS AGREEMENT OR BY EXECUTING AN ORDER FOR GREYMATTER YOU: (1) ARE INDICATING THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT, AND AGREE TO BE LEGALLY BOUND BY IT ON BEHALF OF YOURSELF AND THE COMPANY OR OTHER LEGAL ENTITY FOR WHICH YOU ARE ACTING; AND (2) REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO ACT ON BEHALF OR BIND CUSTOMER TO THIS AGREEMENT. THESE TERMS AND CONDITIONS ARE BINDING AS OF THE EARLIEST OF THE DATE THAT YOU ACCEPT THIS AGREEMENT ON BEHALF OF CUSTOMER, THE DATE SET FORTH ON AN ORDER, OR THE DATE ON WHICH YOU OR CUSTOMER DOWNLOADS, INSTALLS, ACTIVATES, ACCESSES, OR USES THE RELIAQUEST PLATFORM (THE “EFFECTIVE DATE”).

THIS AGREEMENT CONSTITUTES THE COMPLETE AGREEMENT BETWEEN CUSTOMER AND RELIAQUEST AND GOVERNS CUSTOMER’S USE OF THE RELIAQUEST PLATFORM AND ANY OTHER RELATED RELIAQUEST SOFTWARE, APPLICATIONS, SERVICE TOOLS, OR SERVICES SET OUT IN AN ORDER.

The ReliaQuest Platform.

a. ReliaQuest Products.

i. Overview of ReliaQuest Products. ReliaQuest offers its customers different versions of the GreyMatter and shall provide the version of the GreyMatter that Customer selects in an Order based on the terms below. Customer agrees and acknowledges that its rights to access and use the GreyMatter depend upon the GreyMatter version selected in its Order.

ii. License to GreyMatter, Security Tool Content, and Other ReliaQuest Materials. Subject to Customer’s strict compliance with the terms of this Agreement, including Customer’s timely payment of all applicable Fees, ReliaQuest, under its Intellectual Property Rights, hereby grants to Customer, a non-exclusive, non-transferable, worldwide, non-sublicensable subscription license during the Order Term to access and use GreyMatter and any other ReliaQuest Materials (other than the Ongoing Enablement), if any, as follows:

A. Evaluation GreyMatter. If your Order contains Evaluation GreyMatter, then any Evaluation GreyMatter shall be used solely to evaluate whether Customer wishes to purchase a commercial license for GreyMatter and at all times solely for Internal Use in accordance with the capacity or volume restrictions contained in the Order, if any;
B. Free GreyMatter. If your Order contains Free GreyMatter, then any Free GreyMatter shall be used at all times solely for Internal Use in accordance with the capacity or volume restrictions contained in the Order, if any;
C. Purchased GreyMatter. If your Order contains Purchased GreyMatter, then any Purchased GreyMatter shall be used at all times solely for Internal Use in accordance with the capacity or volume restrictions contained in the Order, if any;
D. Security Tool Content or other ReliaQuest Materials. If your Order contains Security Tool Content or other ReliaQuest Materials, then any Security Tool Content provided by ReliaQuest or any other ReliaQuest Materials shall be used solely in connection with the technology designated in the Order and solely for Internal Use; and
E. Cloud-Based Access. Customer shall be limited to cloud-based access to an instance of the GreyMatter that resides in object code form on servers controlled by ReliaQuest (or its service providers) and the access shall be via a browser approved by ReliaQuest. The applicable GreyMatter version shall in all respects be the current version generally made available by ReliaQuest to its customers.

iii. License to Security Tool Content. Upon termination or expiration of the Order Term, ReliaQuest, under its Intellectual Property Rights, hereby grants to Customer, a non-exclusive, non-transferable, worldwide, non-sublicensable subscription license to access, use, modify, enhance, copy, or remove any Reporting or Security Tool Content provided by ReliaQuest solely for Internal Use.

iv. Limitations. Notwithstanding anything to the contrary in this Agreement, ReliaQuest does not provide maintenance and support, warranties, or indemnification for Evaluation GreyMatter, Free GreyMatter or Software Products.

v. License to Documentation. Subject to Customer’s compliance with the terms of this Agreement, including Customer’s timely payment of all applicable fees, ReliaQuest, under its Intellectual Property Rights, hereby grants to Customer, a nonexclusive license to access and use (but not modify) the Documentation, solely in connection with Customer’s use of the ReliaQuest Platform.

b. Ongoing Enablement.

i. Overview of Ongoing Enablement. ReliaQuest will provide the ongoing enablement activities as described or included in the applicable Order and associated ongoing enablement description (the “Ongoing Enablement”) in accordance with the terms and conditions set forth herein.

ii. License Grant to Ongoing Enablement. The terms of this Agreement apply to all Orders for Ongoing Enablement provided to Customer by ReliaQuest and are incorporated into and form a part of each Order. At all times subject to Customer’s payment of all applicable Fees when due, ReliaQuest will commence the Ongoing Enablement on a mutually agreed upon date or as otherwise identified in an Order. Subject to Customer’s strict compliance with the terms of this Agreement, including Customer’s timely payment of all applicable Fees, ReliaQuest, under its Intellectual Property Rights, hereby grants to Customer, a non-exclusive, non-transferable, worldwide, non-sublicensable subscription license during the Order Term to access and use the Ongoing Enablement for Internal Use.

iii. Fee Structure. If the Order states that the Ongoing Enablement will be performed on a time-and-material basis, then Ongoing Enablement shall be performed on a time-and-material basis and any estimate provided by ReliaQuest is solely for informational purposes and not a guaranteed time or cost of completion. If the Order states that the Ongoing Enablement will be performed on a fixed fee basis, then the Ongoing Enablement shall be performed on a fixed fee basis, which shall be limited to the scope of services, description, and dependencies set out in the applicable Order.

iv. Acknowledgement by Customer. With respect to any Ongoing Enablement provided by ReliaQuest to Customer, the parties acknowledge and agree that, outside of Log Data, ReliaQuest shall not have access to any other data on Customer’s systems and Customer shall not provide any other such data to ReliaQuest. In addition, Customer acknowledges and agrees that ReliaQuest does not guarantee that there will be no third-party security breaches, problems, or threats to Customer’s network or systems. Customer acknowledges and agrees that ReliaQuest is only being engaged to help identify such threats and expressly agrees that ReliaQuest shall not be responsible under any circumstances in the event any such issues occur. Unless as otherwise agreed in writing, in no event will Customer provide access to or transmit to ReliaQuest (via Log Data or otherwise) any personally identifiable information, protected health information, or other personal information that is subject to data privacy or security laws or regulations.

v. Reimbursement of Travel and Living Expenses. Unless as otherwise agreed in an Order, Customer is responsible for the reasonable travel and living expenses of ReliaQuest personnel traveling to Customer’s site to perform Ongoing Enablement, which will be billed to Customer by ReliaQuest. If requested of specified in an Order, ReliaQuest personnel will comply with Customer’s reasonable travel and expense reimbursement policies when traveling to Customer’s site.

vi. Dependencies. Customer acknowledges that ReliaQuest’s ability to deliver all Ongoing Enablement is dependent upon Customer’s full and timely cooperation with ReliaQuest including, but not limited to compliance with the assumptions and Customer responsibilities contained in an Order, as well as the accuracy and completeness of any information and data Customer provides to ReliaQuest. In the event Customer fails to provide the required information, data or access needed for ReliaQuest to perform the Ongoing Enablement, or Customer fails to meet or comply with the assumptions contained in the Order: (i) ReliaQuest’s Ongoing Enablement or provision of the ReliaQuest Platform may be rescheduled, delayed, or postponed (ii) the deadline or milestone for ReliaQuest to provide any such Ongoing Enablement or ReliaQuest Materials will be extended as a result of such delay, and (iii) ReliaQuest shall not be held in breach of any impacted provision of this Agreement, Order, or associated Ongoing Enablement description due to such act or omission of Customer. For the avoidance of doubt, ReliaQuest shall not be required to meet, or be penalized in any manner if Customer fails to comply with the terms of this Section 1.b.vi during the period of such non-compliance.

vii. Back-Up Data. ReliaQuest is not providing data back-up services and will not be responsible for loss or alteration of any Customer data, including Log Data. Unless otherwise agreed in an Order, Customer is responsible to back-up its own data, including any Customer Data and Log Data.

c. Open Source. The ReliaQuest Platform may contain Open Source Software, whether or not identified in the Documentation. Open Source Software that is delivered as part of the ReliaQuest Platform, which may not be removed or used separately from the ReliaQuest Platform is covered by the warranty, support and indemnification provisions applicable to the ReliaQuest Platform. Customer acknowledges that specific terms required by Open Source Software licensors may apply to its use. ReliaQuest shall make reasonable efforts to include these terms in the Documentation; however, these terms will not: (a) impose any additional restrictions on Customer’s use of the ReliaQuest Platform, or (b) negate or amend ReliaQuest’s responsibilities with respect to the ReliaQuest Platform.

d. Customer Vendors. Customer may permit or allow one or more Customer Vendor’s to use the ReliaQuest Platform solely on Customer’s behalf in connection with the Customer Vendor’s provision of services to Customer, subject to the terms and conditions of this Agreement and provided such Customer Vendor’s agree to confidentiality restrictions covering the ReliaQuest Platform at least as stringent as the confidentiality restrictions under this Agreement and such Customer Vendor agrees not to disclose, distribute, or provide access to the ReliaQuest Platform to any third-party at any time. Customer will be jointly and severally liable for all Customer Vendor actions relating to such Customer Vendor’s use of the ReliaQuest Platform. If at any time Customer revokes authorization to access the ReliaQuest Platform from a Customer Vendor, then Customer is responsible for taking the actions necessary to revoke such access and prevent continued usage of the ReliaQuest Platform by such Customer Vendor. In the event Customer requires ReliaQuest’s assistance with such revocation of access, Customer must contact ReliaQuest with written notice of such revocation or limitation and ReliaQuest will use reasonable efforts to disable the Customer Vendor’s account access within a reasonable period of time.

2. Access to Systems and Data; License to ReliaQuest to Provide ReliaQuest Platform. Customer hereby grants to ReliaQuest (and its service providers), under its Intellectual Property Rights, a limited, revocable, nonexclusive, paid- up license to access and use the required and necessary access to Customer’s systems and Log Data (including access via site to site VPN or Internet access) for ReliaQuest to provide the ReliaQuest Platform to Customer as specified in an Order. If Customer provides ReliaQuest access to any of Customer’s own or a third party’s software or other materials for use by ReliaQuest in its provision of the ReliaQuest Platform to Customer, then Customer (i) hereby grants ReliaQuest (and its service providers) a limited, non-exclusive, royalty-free right and license (or sublicense) to use such third party software or materials to the extent necessary for ReliaQuest to perform its obligations under this Agreement, and (ii) represents and warrants to ReliaQuest that it has secured sufficient rights in such third party software and materials to grant such license to ReliaQuest.

3. Ownership of Services and ReliaQuest Platform.

a. Ownership of ReliaQuest Platform. The ReliaQuest Platform and its components are licensed for Customer’s use and they are not sold to Customer. ReliaQuest and its third-party suppliers retain exclusive ownership to the Intellectual Property Rights associated with the ReliaQuest Platform and its components, and any such title and interest therein (and any Intellectual Property Rights embodied therein), including in any such ideas, concepts, know how, documentation, or techniques developed or learned by ReliaQuest during its provision of the ReliaQuest Platform under this Agreement or any Order. Unless otherwise expressly provided in an Order, the ReliaQuest Platform and its components are not considered works made for hire owned by Customer. All rights not expressly granted to Customer are reserved by ReliaQuest and there are no implied licenses herein.

b. Ownership of Software Products. Software Products are licensed to Customer by ReliaQuest subject to the terms and conditions of any third-party software manufacturer or developer license agreement applicable to the Software Product. As the Software Products are created, developed, and provided by a third-party, ReliaQuest can only provide such license rights as permitted by the third party. Software Products provided under any open source licensing model are governed solely by such open source licensing terms, which prevail over this Agreement. ReliaQuest and its third-party suppliers, as applicable, shall retain exclusive ownership of all Software Products and retain all intellectual property rights, title, and interest therein. Software Products are not sold to Customer and Customer will not attempt to decompile, reverse engineer, or otherwise recreate the source code of a Software Product.

c. Log Data; Security Reports. Other than the license granted to ReliaQuest, Log Data shall remain as the sole and exclusive property of Customer, provided, however (excluding Log Data) all reports, analysis, or other outputs generated by the ReliaQuest Platform (the “Security Reports”) shall be solely and exclusively owned by ReliaQuest. Customer hereby assigns and transfers to ReliaQuest all right, title, and interest in and to all Intellectual Property Rights associated with the Security Reports, and Customer shall provide all requested supporting documentation to ReliaQuest to perfect such assignment. ReliaQuest, under its Intellectual Property Rights, hereby grants to Customer a perpetual, non-exclusive, paid-up, royalty-free license to access, reproduce, distribute, display, and use the Security Reports solely for Internal Use.

d. Additional Rights in Service Tools. Customer acknowledges that the Service Tools are a component of the ReliaQuest Platform and, as such, ReliaQuest and its third-party suppliers are and shall remain exclusive owners of all rights, title, and interest in and to the Service Tools and all Intellectual Property Rights embodied therein. ReliaQuest may provide limited access for Customer to use a Service Tool, in whole or in part, at ReliaQuest’s sole discretion. Upon termination or expiration of an Order, ReliaQuest shall have the right to decommission and/or remove any and all parts of any Service Tools from Customer’s system and, in the event any Service Tools are retained by Customer after termination, Customer acknowledges and agrees that any such Service Tools (i) are provided on provided “AS IS” and without warranty of any kind from ReliaQuest to Customer, and (ii) may have limited or reduced functionality and ReliaQuest shall have no obligation to maintain, update, or support the operation or functionality of such Service Tools after the termination or expiration of this Agreement.

e. Volunteered Feedback. To the extent the Customer chooses to provide Volunteered Feedback to ReliaQuest, (i) the Customer hereby transfers to ReliaQuest the Customer’s rights in Volunteered Feedback (including Intellectual Property Rights) and (ii) ReliaQuest hereby grants back to the Customer a nonexclusive, perpetual, irrevocable, paid-up license to copy, modify, distribute, and otherwise exploit such Volunteered Feedback. ReliaQuest neither seeks nor requests Volunteered Feedback, and this Agreement places no obligations on the Customer to provide ReliaQuest with Volunteered Feedback.

4. Acceptable Use Policy. Unless otherwise expressly permitted by ReliaQuest in writing as an addendum to an Order, Customer will not and has no right to: (i) copy any portion of the ReliaQuest Platform (except as required to run GreyMatter and for reasonable backup purposes); (ii) alter, publicly display, translate, modify, adapt, or create any derivative works of the ReliaQuest Platform; (iii) rent, lease, loan, resell, transfer, sublicense, distribute, or otherwise provide access to the ReliaQuest Platform to any third party; (iv) disassemble, decompile, or reverse-engineer any part of the ReliaQuest Platform, or attempt to gain access to any source code, algorithms, methods, or techniques embodied in the ReliaQuest Platform, except to the extent expressly permitted by applicable law notwithstanding a contractual prohibition to the contrary; (v) access or use any Disabled Functionality; (vi) conduct any stress tests, competitive benchmarking or analysis on, or publish any performance data from or related to the ReliaQuest Platform; (vii) attempt to disable or circumvent any technological mechanisms intended to prevent, limit, or control use or copying of, or access to, any part of ReliaQuest Platform or any Disabled Functionality; (viii) remove or alter any notice of proprietary right appearing on ReliaQuest Platform; (ix) separately use any of the applicable features and functionalities of ReliaQuest Platform with external applications or code not furnished by ReliaQuest, except as otherwise specifically permitted in the Documentation; (x) misuse ReliaQuest Platform for any illegal, harmful, or fraudulent purposes; or (xi) encourage or assist any third party to do any of the foregoing ReliaQuest Platform may be configured to display warnings, reduce available functionality, or cease functioning if unauthorized or improper use is detected, any usage restrictions are reached or exceeded, or the Order Term has expired. Customer shall notify ReliaQuest immediately if Customer learns of any unauthorized access or use of its user accounts or passwords for the ReliaQuest Platform.

5. Subscription Fees.

a. Fees. Unless otherwise expressly set forth on the Order, Customer will pay the fees and amounts stated on each Order within thirty (30) days after receipt of the applicable invoice (the “Fees”). Except as otherwise expressly provided in this Agreement, all Fees and other amounts are non-refundable when paid. Without limitation to ReliaQuest’s other termination rights under this Agreement or any Order or at law or equity, ReliaQuest may terminate this Agreement and all licenses granted under this Agreement immediately by providing notice to Customer if Customer fails to pay the Fees when due.

b. Taxes. Fees are exclusive of any applicable sales, use, value added, withholding, and other taxes, however designated. Customer shall pay all such taxes levied or imposed by reason of Customer’s purchase of the licenses or services hereunder, as applicable, except for taxes based on ReliaQuest’s income or with respect to ReliaQuest’s employment of its employees.

c. Licenses Temporary Until Paid For. ReliaQuest may provide Customer with access to the ReliaQuest Platform prior to Customer’s payment of Fees. If ReliaQuest provides such access, then the licenses granted under this Agreement are temporary until Customer has paid all applicable Fees in full. If Customer does not pay all applicable Fees in full within the period set out in the Order, then the licenses may be canceled by ReliaQuest immediately by providing notice to Customer if Customer fails to pay the Fees when due.

6. Service Metrics. ReliaQuest shall be entitled to collect, compile, analyze and otherwise use and exploit (i) statistical data related to the use of and participation in ReliaQuest Platform and (ii) other data that qualifies as De-Identified Data (collectively “Service Metrics”). The term “De-identified Data” means information that meets each of the following criteria: the information (i) does not identify a particular natural person; (ii) does not identify, by network Internet Protocol address, raw hardware serial number, or raw MAC address, a particular device or computer associated with or used by a person; (iii) does not identify the Customer; and (iv) is not reasonably linkable to a particular natural person due to technical, legal, or other controls. No compensation will be paid by ReliaQuest with respect to its use of the Service Metrics.

7. Statement of Verification; Audit Rights. Upon ReliaQuest’s written request, Customer will furnish ReliaQuest with a document signed by Customer’s authorized representative verifying that the ReliaQuest Platform is being used in accordance with this Agreement and the applicable Order. Customer is responsible for implementing reasonable procedures to ensure its compliance with the terms of this Agreement and applicable terms of an Order. ReliaQuest may from time to time, but not more frequently than one (1) time in any calendar year, unless a material violation occurred in this period or is reasonably suspected by ReliaQuest, audit Customer’s and any Customer Vendor’s use of the ReliaQuest Platform for the purpose of confirming that the ReliaQuest Platform is not being used in a manner that is prohibited by this Agreement or any applicable Order. Any audit will be conducted during regular business hours at Customer’s (and/or its Customer Vendors’) facilities, will not unreasonably interfere with Customer’s (or Customer Vendors’) business and will comply with Customer’s (or its Customer Vendors’) reasonable uniformly applied security procedures. Customer shall (and shall cause any Customer Vendor to) provide ReliaQuest with reasonable access to all relevant records and facilities reasonably necessary to conduct the audit. If an audit reveals that Customer (and/or any Customer Vendor) has exceeded the scope of Customer’s license grant during the period audited, then ReliaQuest will invoice Customer, and Customer will promptly pay ReliaQuest, any underpaid Fees based on ReliaQuest’s price list in effect at the time the audit is completed. If ReliaQuest uncovers reasonable evidence that ReliaQuest Platform is being used in a manner that is prohibited by the terms of this Agreement, ReliaQuest may, in its sole discretion, immediately terminate this Agreement by providing notice to Customer without prejudice to ReliaQuest’s other remedies under this Agreement or at law or in equity. This Section 7 will survive expiration or termination of this Agreement for a period of two (2) years.

8. Confidentiality.

a. Nondisclosure Obligation. If ReliaQuest or Customer receives Confidential Information (“Recipient”) from the other party (“Discloser”), then Recipient will protect such Confidential Information from disclosure by exercising at least the same degree of care it uses to protect its own similar information, and in any event not less than reasonable care.

b. Exceptions. The foregoing obligations will not apply to any Confidential Information that (i) is or becomes available to the public, other than by breach of a duty under this Agreement by Recipient, (ii) is in the rightful possession of the Recipient without an obligation of confidentiality, or (iii) is independently developed by Recipient without use of or reference to Confidential Information of Discloser.

c. Required Disclosures. Confidential Information may be disclosed by Recipient as required by a court or governmental authority of competent jurisdiction, provided that prior to any such disclosure Recipient provides Discloser with prompt written notice so that Discloser may seek an appropriate protective order.

d. Return or Destruction of Confidential Information. Upon termination of this Agreement or of support and maintenance, Recipient will, at Discloser’s option, promptly return or destroy all tangible items and embodiments containing or consisting of Confidential Information and provide written certification of this destruction or return by an authorized person. ReliaQuest shall have the right to delete or remove all Customer Operational Data from ReliaQuest’s systems upon termination of or expiration of an Order and retain copies of this Agreement, any Orders and associated purchase orders and invoices, and any Customer Records for archival purposes after termination or expiration of an Order

e. Injunctive Relief. Recipient agrees that, due to the unique nature of the Confidential Information, the unauthorized disclosure or use of the Confidential Information may cause irreparable harm and significant injury to Discloser, the extent of which may be difficult to ascertain and for which there may be no adequate remedy at law. Accordingly, Recipient agrees that Discloser, in addition to any other available remedies, will have the right to seek an immediate injunction and other equitable relief enjoining any breach or threatened breach of this Section 8, without the necessity of posting any bond or other security. Recipient will notify Discloser in writing immediately upon Recipient’s becoming aware of any breach or threatened breach.

9. Warranties & Disclaimer.

a. GreyMatter Warranty. ReliaQuest offers its customers different versions of GreyMatter and shall provide the warranty corresponding to the version of GreyMatter selected by Customer in an Order, as follows:

i. Purchased GreyMatter Warranty. If your Order contains Purchased GreyMatter, then, unless as otherwise provided in this Agreement, ReliaQuest warrants that Purchased GreyMatter will substantially perform in accordance with the material functions described in ReliaQuest’s user Documentation referenced in an Order, when used in accordance with such Documentation and at the time of Delivery, there are no harmful viruses, trojan horses, or other harmful or malicious code in the version of Purchased GreyMatter provided by ReliaQuest to Customer.

ii. Free or Evaluation Versions of GreyMatter. If your Order contains Evaluation GreyMatter or Free GreyMatter, then ReliaQuest is providing such version “AS IS” without warranty of any kind and will not create any obligation for ReliaQuest to continue to develop, support, repair, offer for sale, or in any other way continue to provide or develop any such feature of Evaluation GreyMatter or Free GreyMatter (as the case may be) for Customer.

iii. GreyMatter Verify. ReliaQuest may make available to Customer GreyMatter Verify, which will allow Customer (at its option) to simulate a cyber-attack on Customer’s own environment and test how its internal systems respond to those attacks (“Simulated Attacks”); however, Customer acknowledges that ReliaQuest shall have no liability to Customer with respect to any Simulated Attacks, except to the extent any damages caused result from ReliaQuest’s gross negligence or intentional misconduct. ReliaQuest specifically disclaims any and all liability caused by a Simulated Attack (including, but not limited to, any damages, losses, or expenses of any kind related to system downtime, damage, data corruption, or data loss), except to the extent resulting from ReliaQuest’s gross negligence or intentional misconduct.

iv. GreyMatter Intel. GreyMatter Intel is provided “AS IS” and ReliaQuest makes no (and hereby disclaims all) representations, warranties, or conditions, whether written, oral, express, implied or statutory, including, without limitation, any implied warranties of merchantability, satisfactory quality, title, noninfringement, or fitness for a particular purpose, with respect to the use, misuse, or inability to use GreyMatter Intel (in whole or in part). As it pertains to any dark web searching services included within GreyMatter Intel, ReliaQuest does not warrant that such searches will reveal any or all security threats or predict any or all attacks, that the data discovered, generated or developed will be accurate or complete, or that operation of the service shall be uninterrupted or error-free. Without limiting the generality of the Page 6 of 21foregoing, ReliaQuest disclaims any liability for, and shall not be responsible in any way regarding, any third-party content, information, materials, links, files, or search results that may be accessible through the service or the data discovered, generated or developed.

b. Ongoing Enablement Warranty. Unless as otherwise provided in this Agreement, ReliaQuest warrants that its Ongoing Enablement activities will be performed by ReliaQuest in a professional and workmanlike manner and in accordance with the reasonable industry standards for performance of such services.

c. ReliaQuest Materials Warranty. ReliaQuest warrants that any ReliaQuest Materials, including any Security Tool Content, as delivered will be free of any harmful viruses, trojan horses, or other harmful or malicious code.

d. Software Products Warranty. ReliaQuest provides Software Products “AS IS” without warranties or indemnities of any kind, but the manufacturers or resellers of such items may provide their own warranties which are typically expressed in a separate software license agreement. To the extent permitted by the manufacturer or ReliaQuest’s vendor, any Software Products provided by ReliaQuest under this Agreement are subject to the terms and conditions of the specific end-user license of the Software Product manufacturer, including any applicable limitations of liability, representations and warranties, and other limitations or disclaimers.

e. Exclusive Remedies.

i. Breach of GreyMatter Warranty. If a version of Purchased GreyMatter does not conform to the warranty set forth in Section 9.a, and Customer notifies ReliaQuest in writing within thirty (30) days of first identification of such non-conformance by Customer, identifying the failure to conform and breach of warranty with specificity in such notice, ReliaQuest will make reasonable efforts to correct any non-conformance or breach that is confirmed by ReliaQuest within a reasonable period of time by doing one of the following, at ReliaQuest’s sole discretion: (1) modify or provide an updated version of the Purchased GreyMatter so that it conforms to the foregoing warranty, or (2) terminate the license with respect to the non-conforming Purchased GreyMatter and refund the applicable Fees paid by Customer for the non-conforming Purchased GreyMatter. This Section 9.e.i states ReliaQuest’s entire liability for warranty claims under Section 9.a relating to Purchased GreyMatter and ReliaQuest will have no further obligation to Customer with respect to such Purchased GreyMatter.

ii. Breach of Ongoing Enablement or ReliaQuest Materials Warranty. If any Ongoing Enablement does not conform to the warranty set forth in Section 9.b or any ReliaQuest Materials do not conform to the warranty set forth in Section 9.c, and Customer notifies ReliaQuest in writing within thirty (30) days of first identification of such non-conformance by Customer, identifying the failure to conform with specificity in such notice, ReliaQuest will correct any non-conformance confirmed by ReliaQuest within a reasonable period of time by re-performing the Ongoing Enablement or correcting the ReliaQuest Materials unless caused by any of the exclusions set forth in Section 9.f. Customer will provide ReliaQuest with access to the ReliaQuest Materials and such other information and access reasonably requested by ReliaQuest to permit ReliaQuest to confirm the non-conformance and will provide assistance and cooperation as reasonably requested by ReliaQuest to permit ReliaQuest to make required corrections. If ReliaQuest is unable to comply with the foregoing obligations, and such breach was not caused by any of the exclusions set forth in Section 9.f, then ReliaQuest will refund the applicable Fees paid by Customer for the Ongoing Enablement or the ReliaQuest Materials, Customer will discontinue all use of the Ongoing Enablement or ReliaQuest Materials and ReliaQuest will have no further obligation to Customer with respect to such Ongoing Enablement or ReliaQuest Materials. This Section 9.e.ii states ReliaQuest’s entire liability for warranty claims under Sections 9.b and 9.c relating to Ongoing Enablement and ReliaQuest Materials and ReliaQuest will have no further obligation to Customer with respect to such Ongoing Enablement or ReliaQuest Materials.

f. Exclusions. ReliaQuest will not be responsible for any breach of warranty under this Section 9, or any defects, problems or failures with respect to the ReliaQuest Platform that is caused by or arising from: (i) any non-conformance of the ReliaQuest Platform that ReliaQuest cannot recreate on Customer’s system after exercising reasonable efforts in an attempt to do so; (ii) misuse or use of the ReliaQuest Platform in a manner not contemplated by its description set forth in an Order, its applicable Documentation, or authorized by this Agreement; (iii) any modification of the ReliaQuest Platform made by any party other than ReliaQuest (unless expressly authorized by this Agreement); (iv) Customer’s use of the ReliaQuest Platform in combination with software or hardware not specified as compatible by ReliaQuest; (v) Customer’s failure to promptly implement new releases of the ReliaQuest Platform made available by ReliaQuest or to follow ReliaQuest instructions in the implementation of the ReliaQuest Platform; (vi) any virus, trojan horses, or other harmful malicious code not introduced by ReliaQuest; (vii) any version of the ReliaQuest Platform that has not been installed, used, or maintained in accordance with this Agreement or any applicable Documentation; (viii) any changes to or errors in third party software or hardware with which the ReliaQuest Platform operates or interfaces with, or on which the ReliaQuest Platform otherwise rely; or (ix) incidents or circumstances caused by the negligence or misconduct of Customer.

g. DISCLAIMER. THE WARRANTIES AND ANY ASSOCIATED REMEDIES EXPRESSED OR REFERENCED IN THIS AGREEMENT ARE EXCLUSIVE. NO OTHER WARRANTY, WRITTEN OR ORAL, IS EXPRESSED OR IMPLIED BY RELIAQUEST OR ITS THIRD-PARTY SUPPLIERS OR MAY BE INFER-RED FROM A COURSE OF DEALING OR USAGE OF TRADE. EXCEPT AS OTHERWISE PROVIDED IN THIS AGREEMENT, TO THE MAXIMUM EXTENT ALLOWED BY LAW, RELIAQUEST AND ITS THIRD-PARTY SUPPLIERS DISCLAIM ALL IMPLIED WARRANTIES OR CONDITIONS INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. NO ORAL OR WRITTEN INFORMATION OR ADVICE OUTSIDE OF THIS AGREEMENT OR AN ORDER WILL BE DEEMED TO CREATE A WARRANTY OR IN ANY WAY INCREASE THE EXPRESS WARRANTIES AND REMEDIES IN THIS AGREEMENT. ANY EXPRESS WARRANTIES AND ANY WARRANTIES IMPLIED OR REQUIRED BY LAW THAT ARE NOT DISCLAIMED OR EXCLUDED ARE LIMITED TO THE REMEDIES SPECIFIED IN THIS AGREEMENT. CUSTOMER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT RELIAQUEST DOES NOT GUARANTEE OR WARRANT THAT IT, OR THE RELIAQUEST PLATFORM (OR ITS COMPONENTS) OR SOFTWARE PRODUCTS WILL FIND, LOCATE, OR DISCOVER ANY OR ALL OF CUSTOMER’S OR ITS AFFILIATES’ SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND CUSTOMER AND ITS AFFILIATES WILL NOT HOLD RELIAQUEST RESPONSIBLE FOR FAILURE TO DETECT SUCH ITEMS. NO WARRANTY IS MADE THAT THE RELIAQUEST PLATFORM WILL MEET CUSTOMER’S NEEDS OR BE ERROR FREE OR UNINTERRUPTED. RELIAQUEST MAKES NO WARRANTIES REGARDING THE ACCURACY OF GREYMATTER, ANY RELIAQUEST MATERIALS, OR ANY SECURITY TOOL CONTENT, OR THE APPROPRIATENESS OF ANY SUCH ITEMS FOR ANY PARTICULAR SYSTEM.

10. Indemnification.

a. ReliaQuest’s Obligation. ReliaQuest shall at its cost and expense: (i) defend and/or settle any claim brought against Customer by an unaffiliated third party alleging the ReliaQuest Platform infringes or violates a third party’s Intellectual Property Rights, and (ii) pay and indemnify any settlement of such claim or any damages awarded to such third party by a court of competent jurisdiction as a result of such claim; provided, that Customer: (1) gives ReliaQuest prompt written notice of such claim; (2) permits ReliaQuest to solely control and direct the defense or settlement of such claim (however, ReliaQuest will not settle any claim in a manner that requires Customer to admit liability without Customer’s prior written consent); and (3) if required, provides ReliaQuest all reasonable assistance in connection with the defense or settlement of such claim, at ReliaQuest’s cost and expense. Customer may, at Customer’s own expense, participate in the defense of any claim.

b. Remedies. If a claim covered under Section 10.a occurs or in ReliaQuest’s opinion is reasonably likely to occur, ReliaQuest may at its expense and sole discretion: (i) procure the right to allow Customer to continue using the ReliaQuest Platform, as applicable; (ii) modify or replace the infringing portion of the ReliaQuest Platform, as applicable, to become non-infringing; or (iii) if neither (i) nor (ii) is commercially practicable, terminate Customer’s license or access to the affected portion of the ReliaQuest Platform, as applicable, and refund a pro-rata portion of the pre-paid, unused Fees paid by Customer corresponding to the unused period of the Order Term, if any.

c. Exclusions. ReliaQuest shall have no obligation to Customer under this Section 10 if the claim is based upon or arising out of: (i) any modification to the ReliaQuest Platform, as applicable, that is not made by ReliaQuest; (ii) any combination or use of the ReliaQuest Platform, as applicable, with or in any third party software, hardware, process, firmware, or data, to the extent that such claim is based on such combination or use with such third party items; (iii) Customer’s continued use of the allegedly infringing elements of the ReliaQuest Platform, as applicable, after being notified of the infringement claim or after being provided a modified version of the ReliaQuest Platform, as applicable, by ReliaQuest at no additional cost that is intended to address such alleged infringement; (iv) Customer’s failure to use the ReliaQuest Platform, in accordance with this Agreement, any instructions from ReliaQuest, or any applicable Documentation; (v) Customer’s use of the ReliaQuest Platform outside the scope of the rights granted under this Agreement or any Order; and/or (vi) the negligence of Customer, or ReliaQuest following the instructions of Customer.

d. Exclusive Remedy. THE REMEDIES SPECIFIED IN THIS SECTION 10 CONSTITUTE CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, AND RELIAQUEST’S ENTIRE LIABILITY, WITH RESPECT TO ANY INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.

11. Limitation of Liability.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT FOR LIABILITY FOR ANY AMOUNTS PAID OR PAYABLE TO THIRD PARTIES UNDER SECTION 10 (INDEMNIFICATION), CUSTOMER’S PAYMENT OBLIGATIONS, FRAUD, WILLFUL MISCONDUCT, AND/OR ANY INFRINGEMENT OR MISAPPROPRIATION BY ONE PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS (INCLUDING VIOLATIONS OF LICENSES GRANTED TO CUSTOMER UNDER SECTIONS 1, 3 AND 4 OF THIS AGREEMENT), NEITHER CUSTOMER NOR RELIAQUEST (INCLUDING ITS THIRD PARTY SUPPLIERS) SHALL BE LIABLE TO THE OTHER PARTY IN CONNECTION WITH THIS AGREEMENT OR THE SUBJECT MATTER HEREOF FOR ANY LOST PROFITS, REVENUE, OR SAVINGS, LOST BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING ANY DAMAGES ARISING FROM LOSS OF USE, LOSS OF DATA, LOST PROFITS, LOST REVENUE, BUSINESS INTERRUPTION, OR COST OF PROCURING SUBSTITUTE SOFTWARE OR ONGOING ENABLEMENT, BASED ON ANY THEORY OF LIABILITY, INCLUDING CONTRACT, INDEMNIFICATION, WARRANTY, TORT (INCLUDING NEGLIGENCE), OR STRICT LIABILITY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE. RELIAQUEST’S (AND ITS THIRD PARTY SUPPLIERS’) TOTAL LIABILITY TO CUSTOMER FOR ANY CLAIMS AGAINST RELIAQUEST UNDER AN ORDER OR THIS AGREEMENT IN THE AGGREGATE SHALL NOT EXCEED (A) FOR SOFTWARE PRODUCTS, THE AMOUNT PAID BY CUSTOMER FOR THE SPECIFIC SOFTWARE PRODUCT ITSELF GIVING RISE TO SUCH CLAIM; OR (B) FOR THE RELIAQUEST PLATFORM, THE TOTAL AMOUNT OF FEES PAID TO RELIAQUEST UNDER AN APPLICABLE ORDER DURING THE PRIOR TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF THE CLAIM (OR EARLIEST CLAIM IN THE EVENT OF MULTIPLE CLAIMS SUBJECT TO THIS LIMITATION). THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY SPECIFIED IN THIS AGREEMENT. MULTIPLE CLAIMS SHALL NOT EXPAND THE LIMITATIONS SPECIFIED IN THIS SECTION 11. CUSTOMER, NOT RELIAQUEST, IS SOLELY RESPONSIBLE FOR THE ACCURACY, QUALITY, AND SECURITY OF CUSTOMER’S DATA AND FOR MAINTAINING A BACKUP OF ALL DATA AND FOR ENSURING THE SECURITY AND INTEGRITY OF CUSTOMER’S DATA, COMPUTERS, NETWORKS, AND SYSTEMS (INCLUDING PROTECTING THEM AGAINST VIRUSES AND MALWARE). THERE ARE NO THIRD-PARTY BENEFICIARIES UNDER THIS AGREEMENT. THIS AGREEMENT EXPRESSLY EXCLUDES LIABILITY TO CUSTOMER’S SERVICE PROVIDERS, CUSTOMERS, AND OTHER THIRD PARTIES RELATED OR CONNECTED TO CUSTOMER. CUSTOMER WILL NOT BRING A LEGAL ACTION AGAINST RELIAQUEST MORE THAN TWELVE (12) MONTHS AFTER THE CAUSE OF ACTION AROSE UNLESS APPLICABLE LAW PROHIBITS THIS CONTRACTUAL LIMITATION.

12. Compliance with Laws. Each party agrees to comply with all applicable U.S. federal, state, local and non-U.S. laws directly applicable to such party in the performance of this Agreement, including but not limited to, applicable export and import, anti-corruption and employment laws. Customer acknowledges and agrees the ReliaQuest Platform shall not be used, transferred, or otherwise exported or re-exported to regions that the United States and/or the European Union maintains an embargo or comprehensive sanctions (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity subject to individual prohibitions (e.g., parties listed on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders) (collectively, “Designated Nationals”), without first obtaining all required authorizations from the U.S. government and any other applicable government. Customer represents and warrants that Customer is not located in, or is under the control of, or a national or resident of, an Embargoed Country or Designated National. ReliaQuest represents and warrants that ReliaQuest is not located in, or is under the control of, or a national or resident of, an Embargoed Country or Designated National.

13. Term and Termination.

a. Term. This EULA will commence upon the Effective Date and shall continue for as long as any Order remains in effect.

b. Termination Rights. Unless as otherwise provided in this Agreement, either party may terminate an Order by written notice to the other party in the event of a material breach of this Agreement that is not cured within sixty (60) days of receipt of the written notice (the “Cure Period”), as determined through evaluating ReliaQuest’s delivery of the ReliaQuest Platform during the period of time following its receipt of such termination notice or through Customer’s correction of such breach and continued compliance with the terms of the Agreement during such time frame. The written notice must include a detailed explanation that specifically identifies the performance issue or breach in question. If the performance issue has not been resolved by the end of the Cure Period, Customer may terminate the Agreement after delivering payment in full to ReliaQuest for all activities performed through the effective date of termination, and Customer will be entitled to a pro-rata refund of any pre-paid amounts under the applicable Order attributable to the post-termination timeframe. Non-payment by Customer shall be considered a material breach of this Agreement and shall constitute cause to the extent such breach is not cured by Customer within ten (10) days after receipt of written notice of such breach from ReliaQuest. In addition, ReliaQuest may immediately terminate this Agreement and any Order (in whole or in part) by providing written notice to Customer (a) if Customer materially breaches the license granted in Sections 1, 3 and 4 of this Agreement, or (b) as otherwise stated in this Agreement. ReliaQuest may also terminate Customer’s license to: (i) Evaluation GreyMatter; or (ii) Free GreyMatter, at any time with or without cause after providing notice to Customer. For the avoidance of doubt, termination of a particular Order shall not affect the term of any other Order that Customer has entered into with ReliaQuest. Upon termination or expiration of an Order, the access to the applicable components of the ReliaQuest Platform will be terminated automatically.

c. Software Product Breaches. Notwithstanding the foregoing, if the material breach described in Section 13(b) is caused by, or arises from a performance issue relating to a Software Product included in an Order, then Customer’s termination rights for such material breach shall strictly apply to terminating the portions of an applicable Order that relate to the Software Product, and, Customer shall not be permitted to terminate any other portion(s) of such Order as it relates to the ReliaQuest Platform.

d. Effect of Termination. Upon any expiration or termination of this Agreement, the rights and licenses granted to Customer will automatically terminate, and Customer agrees to immediately (a) cease using the ReliaQuest Platform, (b) return or destroy all copies of the ReliaQuest Platform and other ReliaQuest Confidential Information in Customer’s possession or control and return all Software Products to ReliaQuest, and (c) certify in writing the completion of the return or destruction in accordance with Section 8.d of this Agreement. Upon termination of this Agreement, ReliaQuest will have no obligation to refund any Fees or other amounts received from Customer during the Term. Unless otherwise provided in this Agreement, Customer shall be required to pay all Fees due under an Order, even in the event of an early termination. In addition to any other right or obligation that by its nature is intended to survive any termination or expiration, the following Sections shall survive any termination or expiration of this Agreement: (i) Section 3 (Ownership of Services and ReliaQuest Platform); (ii) Section 4 (Acceptable Use Policy); (iii) Section 5 (Subscription Fees); (iv) Section 6 (Service Metrics); (v) Section 7 (Statement of Verification; Audit Rights); (vi) Section 8 (Confidentiality); (vii) Section 9 (Warranties & Disclaimer); (viii) Section 10 (Indemnification); (ix) Section 11 (Limitation of Liability); (x) Section 13 (Term and Termination); and (xi) Section 14 (General).

e. Suspension and Termination. This Agreement shall remain effective until termination in accordance with this Section or as otherwise specified herein. ReliaQuest may immediately suspend Customer’s access to, or use of, the ReliaQuest Platform if: (i) ReliaQuest believes that there is a significant threat to the security, integrity, functionality, or availability of the ReliaQuest Platform or any components, content, data, or applications in the ReliaQuest Platform; (ii) Customer or Customer Users are in breach of the license granted in Section 1, 3 or 4 of this Agreement; or (iii) Customer fails to pay ReliaQuest any undisputed Fees when due; provided, however, ReliaQuest will use commercially reasonable efforts under the circumstances to provide Customer with notice and, if applicable, an opportunity to remedy such violation prior to any such suspension.

14. General.

a. Force Majeure. Neither party shall be liable for, nor shall either party be considered in breach of this Agreement due to, any failure to perform its obligations under this Agreement (other than its payment obligations) as a result of a cause beyond its control, including but not limited to, act of God or a public enemy, act of any military, civil or regulatory authority, change in any law or regulation, fire, flood, earthquake, pandemic, global health emergency, epidemic and/or actual or anticipated public health crisis, storm or other like event, disruption or outage of communications (including an upstream server block and Internet or other networked environment disruption or outage), power or other utility, labor problem, or any other cause, whether similar or dissimilar to any of the foregoing, which could not have been prevented with reasonable care. The party experiencing a force majeure event, shall use commercially reasonable efforts to provide notice of such to the other party.

b. Assignment. Neither party may assign this Agreement without the prior written consent of the other party, except (i) to an Affiliate in connection with a corporate reorganization or (ii) in connection with a merger, acquisition, or in connection with a sale of all or substantially all of its business and/or assets. Any assignment in violation of this Section shall be void. Subject to the foregoing, all rights and obligations of the parties under this Agreement shall be binding upon and inure to the benefit of and be enforceable by and against the successors and permitted assigns.

c. Governing Law; Venue. Except as otherwise provided in an Order, this Agreement, and the rights and duties of the parties arising from this Agreement, shall be governed by, construed, and enforced in accordance with the laws of the State of Florida, excluding its conflicts-of-law principles. The sole and exclusive jurisdiction and venue for actions arising under this Agreement shall be state and federal courts in Hillsborough County, Florida, and the parties agree to service of process in accordance with the rules of such courts. The Uniform Computer Information Transactions Act and the United Nations Convention on the International Sale of Goods shall not apply. Notwithstanding the foregoing, each party reserves the right to file a suit or action in any court of competent jurisdiction as such party deems necessary to protect its Intellectual Property Rights and, in ReliaQuest’s case, to recoup any payments due.

d. Entire Agreement. This Agreement and any applicable Orders entered into under this Agreement, forms the entire agreement between ReliaQuest and Customer regarding Customer’s use of the ReliaQuest Platform and supersedes and replaces any previous communications, representations, or agreements, or Customer’s additional or inconsistent terms, whether oral or written. In the event any provision of this Agreement is held invalid or unenforceable the remainder of this Agreement will remain enforceable and unaffected thereby.

e. Affiliates. Any Affiliate purchasing hereunder, or using or accessing any offering hereunder, or benefitting from the Customer’s use thereof, will be bound by and comply with all terms and conditions of this Agreement. The Customer signing this Agreement will remain responsible for Customer’s Affiliates’ acts and omissions unless Customer’s Affiliate has entered into its own agreement with ReliaQuest with respect to the subject matter herein.

f. Enforceability of Limitations. THE TERMS OF THIS AGREEMENT THAT LIMIT, DISCLAIM, OR EXCLUDE WARRANTIES, REMEDIES, OR DAMAGES ARE INTENDED BY THE PARTIES TO BE INDEPENDENT AND REMAIN IN EFFECT DESPITE THE FAILURE OR UNENFORCEABILITY OF ANY OTHER PROVISION OF THIS AGREEMENT. THE PARTIES HAVE RELIED ON THE LIMITATIONS AND EXCLUSIONS SET FORTH IN THIS AGREEMENT IN DETERMINING WHETHER TO ENTER INTO IT.

g. Waiver and Severability. Neither party’s failure to exercise or delay in exercising any of its rights under this Agreement will constitute or be deemed a waiver or forfeiture of those rights. If any provision of this Agreement is held to be illegal, invalid, or unenforceable, the provision will be enforced to the maximum extent permissible so as to affect the intent of the parties, and the remaining provisions of this Agreement will remain in full force and effect.

h. Amendment. ReliaQuest may change the terms and conditions of this EULA from time to time for business purposes and to comply with changes in applicable law. In the event of any substantive or material changes, ReliaQuest shall communicate these changes to you by posting the updated EULA on its Website, email, or other methods. Your continued use of, or access to, the ReliaQuest Platform following such this EULA constitutes your agreement to follow and be bound by the updated EULA. Changes in any other form other than a signed written amendment by authorized representatives of each party are void, including any handwritten interlineations to this Agreement. Any conflicting or additional terms and conditions on or accompanying any purchase order or other communication from Customer are void and Customer shall not seek or attempt to: (i) modify; (ii) contradict; (iii) negate; or (iv) add to, any term or condition contained in this Agreement. ReliaQuest’s failure to object to provisions contained in any purchase order or other communication from Customer will not be construed as a waiver of this Section 14.h and Customer’s issuance of a purchase order constitutes acceptance of this Agreement notwithstanding anything to the contrary in the purchase order. ReliaQuest expressly rejects any terms and conditions in Customer’s purchase order that differ from those in this Agreement. Any different or additional terms and conditions will not become a part of the agreement between the parties notwithstanding any subsequent acknowledgement, invoice, or license that ReliaQuest may issue.

i. Interpretation. Headings in this Agreement are for convenience only and do not affect the meaning or interpretation of this Agreement. This Agreement will not be construed either in favor of or against one party or the other, but rather in accordance with its fair meaning. When the term “including” is used in this Agreement it will be construed in each case to mean “including, but not limited to.”

j. Order of Precedence. In the event of a conflict, the terms of this Agreement shall prevail over any conflicting terms in an Order, unless such Order expressly references the section of this Agreement that it is intended to override.

k. Relationship of the Parties. Each party is an independent contractor in the performance of this Agreement. Neither party is, nor will claim to be, a legal representative, partner, franchisee, agent, or employee of the other, unless explicitly provided otherwise in this Agreement. Personnel of each party and their Affiliates will not be deemed employees or agents of the other party.

l. Publicity. Without the prior written consent of the other party or unless as otherwise provided in this Agreement, neither party will: (i) publicly use the name, logo or other identifying marks of the other party, or (ii) issue or permit the issuance of any press release or other public statement regarding this Agreement or the parties’ relationship.

m. Subcontracting. ReliaQuest shall be entitled to subcontract the performance of any component of the ReliaQuest Platform, or any part of it, to subcontractors selected by ReliaQuest so long as ReliaQuest remains liable to Customer for the performance of the ReliaQuest Platform as specified in the applicable Order.

n. Counterparts. This Agreement may be executed in counterparts, each of which will be deemed to be an original, but all of which together will be deemed to be one and the same instrument. This Agreement may be executed and delivered by PDF or by means of other electronic signature. PDF or other electronic signatures will be deemed to be valid and original. For the purposes of this Agreement, “written” or “writing” includes any electronic record or mode of communication that accurately preserves its information and is capable of being reproduced in tangible form, such as an electronically reproduced facsimile document. Neither Party may contest the validity or enforceability of a PDF or electronic document on the grounds that it fails to comply with the Statute of Frauds or similar laws requiring that contracts be in writing.

o. Independent Contractors; No Third-Party Rights. The parties are independent contractors. This Agreement shall not establish any relationship of partnership, joint venture, employment, franchise, or agency between the parties. No provision in this Agreement is intended or shall create any rights with respect to the subject matter of this Agreement in any third party.

p. Notices. All legal notices will be given in writing to the addresses in the Order and will be effective: (i) when personally delivered, (ii) on the reported delivery date if sent by a recognized international or overnight courier, or (iii) five (5) business days after being sent by registered or certified mail (or ten days for international mail). For clarity, Orders, purchase orders, confirmations, invoices, and other documents relating to order processing and payment are not legal notices and may be delivered electronically in accordance with each party’s standard ordering procedures.

q. Insurance. ReliaQuest will maintain, at its sole cost and expense, during the term of an Order and for at least one (1) year thereafter, the following insurance coverage:

(i) a commercial general liability insurance policy with limits for bodily injury, property damage and products liability/completed operations coverage of not less than $1,000,000 per occurrence, with an aggregate limit of not less than $2,000,000, such policy to include contractual liability and contain no exclusion related to ReliaQuest’s compliance status with mandatory or voluntary safety standards of the United States of America;
(ii) an automobile liability insurance policy with limits not less than $1,000,000 combined single limit;
(iii) workers’ compensation insurance, including coverage for occupational disease, in the benefit amounts required by Applicable Law, and employer’s liability insurance, with a limit of liability not less than $1,000,000 per accident, each of which includes coverage for temporary and contingent workers;
(iv) professional liability errors and omissions insurance with limits not less than $1,000,000 per occurrence and an aggregate limit of not less than $3,000,000; and
(v) privacy/network security (cyber) liability coverage with limits of not less than $3,000,000 per occurrence/annual aggregate.
All insurance will be maintained with insurance companies authorized by law to conduct business in the United States of America and Canada with the financial rating of at least A-VII status, as rated in the most recent edition of A.M. Best’s Insurance Reports. Upon written request, ReliaQuest will provide to Customer a certificate of insurance or similar binder for each policy evidencing compliance with this section. Should any of the above policies be canceled before the expiration date thereof, notice will be delivered in accordance with the applicable policy provisions.

r. Data Security. ReliaQuest will adhere to the Data Security Schedule attached as Exhibit A for the collection, processing, use, storage, disclosure, destruction and transmittal of any Customer Operational Data.

s. Description of Deployment and Identification. Customer agrees that ReliaQuest may publish a brief description of Customer’s deployment of ReliaQuest and identify Customer as a ReliaQuest customer on any of ReliaQuest’s websites, client lists, press releases, and other marketing materials.

t. Background Screening. In accordance with applicable law, and to the extent allowed by applicable law, ReliaQuest shall have performed background checks and screening as described in the Background Check Requirements attached hereto as Exhibit B on each employee performing Ongoing Enablement activities.

u. Non-Solicitation. Each party agrees during the term of this Agreement, and for the twelve (12) month period following termination of this Agreement, not to directly or indirectly (including through each Party’s divisions, parents, subsidiaries, Affiliates, successors or assignees) solicit, or make offers of employment to, or enter into consultant relationships with, any persons who are or were, during the term of this Agreement, the other party’s employees, consultants, contractors, or subcontractors involved, directly or indirectly, in the performance of this Agreement. It will not be a violation of this Section to advertise employment opportunities in any media of general circulation, provided it is not directed at the employees of either party.

v. Beta. ReliaQuest may make available to Customer certain products, versions, capabilities, components, features or software that are not yet generally available, including without limitation such products, features or software that are labeled as “preview”, “pre-release” or “beta” (collectively, “Beta Program”). Customer may access and use the Beta Program solely for its internal evaluation purposes and in accordance with the Beta Terms. In the event of any conflict between this Agreement, an Order and the Beta Terms, the Beta Terms shall govern and control solely with respect to the Beta Program.

15. Definitions. Unless otherwise indicated in this Agreement, the following terms, when capitalized, shall have the following meaning:

Affiliate” means any entity that a party directly or indirectly controls or is controlled by, or with which it is under common control.

Authorized Partner” means and authorized reseller of GreyMatter or Ongoing Enablement.

Beta Terms” means the terms and conditions located at www.reliaquest.com/beta-terms/.

Confidential Information” means: (1) all Customer Log Data; or (2) any nonpublic information provided or made available to a party by the other party, that is: (i) identified as confidential by the Discloser at the time of disclosure, or (ii) of a nature that would reasonably be considered to be confidential whether or not marked as confidential. ReliaQuest pricing and the terms of an Order are also considered Confidential Information of ReliaQuest. Confidential Information includes copies, summaries, and other derivatives of Confidential Information. Unless otherwise agreed to by the parties in writing, the use by ReliaQuest of its Confidential Information to perform Ongoing Enablement or to support any portion of any ReliaQuest Materials shall not itself become a ReliaQuest Material.

Customer Data” means all Customer Operational Data and Customer Records.

Customer Operational Data” means all Log Data that is held or retained by ReliaQuest on ReliaQuest’s systems.

Customer Records” means all records, reports, emails, or other information directly related to Customer and held, or retained by ReliaQuest on ReliaQuest’s systems, excluding the ReliaQuest Platform, or any ReliaQuest Confidential Information.

Customer Vendor” means any individual or entity (other than a ReliaQuest Competitor) that: (i) has access or use of a GreyMatter solely on behalf of and for Internal Use, (ii) has an agreement to provide Customer (or its Affiliates) services, and (iii) is subject to confidentiality obligations covering ReliaQuest’s Confidential Information.

Delivery” means the date of ReliaQuest’s initial delivery of the account or log-in information for GreyMatter or otherwise making GreyMatter available for download, access, or use by Customer.

Disabled Functionality” means certain functionality or materials (including programs, modules or components, functionality, features, documentation, content or other materials) that may be contained in or provided with the ReliaQuest Platform that are disabled or hidden, because Customer either: (a) does not have the relevant license or approval from ReliaQuest to use such functionality of the ReliaQuest Platform, or (b) has not paid the applicable Fees, for such functionality or materials.

Documentation” means the ReliaQuest’s applicable end-user technical documentation provided for the ReliaQuest Platform (if any).

Evaluation GreyMatter” means the provision of access to GreyMatter by ReliaQuest to Customer that is specified in an Order as provided under an evaluation license or a free trial license.

Feedback” means suggestions, ideas, feature requests, and recommendations by a ReliaQuest customer relating to the ReliaQuest Platform or other elements of ReliaQuest’s business.

Free GreyMatter” means the provision of access to GreyMatter by ReliaQuest to Customer that is specified in an Order as included, at no cost, or without charge (other than Evaluation GreyMatter). For the avoidance of doubt, any amendment to an existing statement of work or other ordering document that ReliaQuest currently has in place with Customer, that provides Customer access to GreyMatter at no cost or additional expense shall be considered Free GreyMatter under this Agreement.

GreyMatter” means the ReliaQuest GreyMatter software platform consisting of the GreyMatter Automate, GreyMatter Detect, GreyMatter Health, GreyMatter Hunt, GreyMatter Intel, GreyMatter Investigate, and GreyMatter Verify components, and any other related ReliaQuest software tools, programs, or platforms, whether existing now or developed by ReliaQuest during the Order Term, including any enhancements, derivatives, or developments thereto.

GreyMatter Automate” is the component of GreyMatter which supports the actions to enrich data and/or contain or remediate threats.

GreyMatter Detect” is the component of GreyMatter which supports the overall content methodology and lifecycle to accelerate Customer’s detection visibility and facilitate evolution of Customer’s capabilities.

GreyMatter Health” is the component of GreyMatter which supports the overall health of the primary technologies and is inclusive of all primary technologies.

GreyMatter Hunt” is the component of GreyMatter which supports threat hunting potentially leveraging data from customer’s primary and secondary technology.

GreyMatter Intel” is the component of GreyMatter which supports threat intelligence automation, aggregation, normalization and dissemination of machine-readable threat intelligence.

GreyMatter Investigate” is the component of GreyMatter which supports the triage and analysis of alerts which are generated within the customer’s primary technology.

GreyMatter Verify” is the component of GreyMatter which allows a Customer to test the effectiveness of Customer’s cybersecurity tools and content by simulating malicious and/or anomalous activity in a benign manner, within Customer’s environment.

Intellectual Property Rights” means all patent, copyright, trademark, and trade secret rights and other similar intellectual property and proprietary rights, whether registered or unregistered.

Internal Use” means access or use solely for Customer’s and its Affiliates’, own business operations on Customer’s systems, networks and devices with Customer’s data. “Internal Use” is limited to access and use by Customer, its Affiliates, and Customer Vendors, solely on Customer’s behalf and for Customers benefit. “Internal Use” does not include access or use: (i) for the benefit of any person or entity other than Customer or its Affiliates, (ii) for any commercial purpose in which Customer generates financial gain through the use or exploitation of the services or technology provided by ReliaQuest; or (iii) for the development of any product or service by Customer, its Affiliates, or any Customer Vendor.

Log Data” means log entries and log data generated from Customer’s applications, tools, and systems.

Ongoing Enablement” means, collectively, any GreyMatter related activities as identified in an Order, and may include without limitation incident response, engineering, Security Tool Content creation, on-going enablement and other cyber-security investigation and forensic services.

Ongoing Enablement Description” means the description of Ongoing Enablement to be provided by ReliaQuest attached to or referenced in an Order.

Open Source Software” means software or similar subject matter that is distributed under an open source license such as (by way of example only) the GNU General Public License, GNU Lesser General Public License, Apache License, Mozilla Public License, BSD License, MIT License, Common Public License, any derivative of any of the foregoing licenses, or any other license approved as an open source license by the Open Source Initiative.

Order Term” means the period of time set forth in the applicable Order during which Customer is authorized by ReliaQuest to access and use GreyMatter and any related services, including Ongoing Enablement.

Order” means a mutually agreed and executed written ordering document describing the Software Products, ReliaQuest Materials and/or components of GreyMatter licensed to Customer and the related Ongoing Enablement to be performed by ReliaQuest for Customer, including identification of the applicable Order Term and Fees related thereto. For the purposes of this Agreement, an “Order” may take the form of: (i) a separate GreyMatter order form to cover the licensing of GreyMatter and any Ongoing Enablement incorporating the terms or referencing this Agreement; (ii) a Statement of Work or SOW incorporating the terms or referencing this Agreement; or (iii) an amendment to and existing agreement between Customer and ReliaQuest (including a no-cost addendum or other similar document) incorporating the terms or referencing this Agreement.

Purchased GreyMatter” means GreyMatter licensed to Customer pursuant to an Order and for which GreyMatter is identified in the respective fee table and is assigned a dollar value greater than $0 that requires Customer to pay a license fee to ReliaQuest for such usage, either directly or indirectly through an Authorized Partner. For the avoidance of doubt, any amendment to an existing statement of work or other ordering document that ReliaQuest currently has in place with Customer, that provides Customer access to GreyMatter at no cost or additional expense shall not be considered Purchased GreyMatter under this Agreement.

ReliaQuest Competitor” means a person or entity in the business of developing, distributing, or commercializing cyber security products or services substantially similar to or competitive with ReliaQuest’s products or services.

ReliaQuest Materials” means and Security Tool Content, Reporting, or Service Tools provided to Customer pursuant to an Order.

ReliaQuest Platform” means, collectively: (i) Documentation; (ii) ReliaQuest Products; (iii) Ongoing Enablement; and (iv) all updates, enhancements, and modifications to the foregoing.

ReliaQuest Products” means, collectively: (i) GreyMatter, and (ii) Security Tool Content; (iii) Reporting; and (iv) Service Tools.

Reporting” means any tangible reports provided by ReliaQuest to Customer with respect to GreyMatter or the Ongoing Enablement provided by ReliaQuest, including any reports provided by ReliaQuest utilizing ReliaQuest’s proprietary model index reporting capabilities.

Security Tool Content” means the methodology, design, logic, and construction (including all code and scripts) of rules created by ReliaQuest and designed to detect, correlate and flag actionable activity in various security information and event management software and other end point detection and response software during the Order Term, including any improvements, modifications, changes, or enhancements made thereto.

Service Tool” means any ReliaQuest developed software program, application, or script that is used by ReliaQuest to perform the Ongoing Enablement.

Software Product” means an independent third party software program that is manufactured or developed by an original equipment manufacturer or similar type entity and is generally available from ReliaQuest through access or resale, any updates to such software program provided in connection with support, associated documentation, and all copies of the foregoing. For the avoidance of doubt, “Software Product” does not include the ReliaQuest Platform or any software developed by ReliaQuest.

Statement of Work” or “SOW” means a mutually agreed executed written document describing GreyMatter, the Ongoing Enablement to be performed by ReliaQuest for Customer, including any ReliaQuest Materials, Fees, and expenses related thereto, and/or Software Products.

Volunteered Feedback” means Feedback that embodies Intellectual Property Rights owned or controlled by a customer.

EXHIBIT A
DATA SECURITY SCHEDULE

This Data Security Schedule (this “Schedule”) applies to the collection, processing, use, storage, disclosure, destruction and transmittal (individually and collectively, “Data Processing”) of all Customer Operational Data in connection with the Agreement.
1. Definitions:

1.1 “Data Security Breach” means an instance in which (i) any loss or unauthorized access, acquisition, theft, destruction, disclosure or use of Customer Operational Data in ReliaQuest’s possession that has occurred arising directly from the gross negligent acts or omissions of ReliaQuest; (ii) the security of the ReliaQuest Systems is materially compromised resulting in exposure of Customer Operational Data; or (iii) ReliaQuest otherwise directly compromises the security, confidentiality, or integrity of Customer Operational Data.
1.2 “Security Event” means any incident, occurrence or circumstance that results in a Data Security Breach.
1.3 “ReliaQuest Systems” means the networks, systems, software, equipment and premises utilized by or on behalf of ReliaQuest to provide the services under the Agreement or otherwise for Data Processing.

2. Standard of Care: ReliaQuest: (a) will materially comply with the terms and conditions set forth in this Schedule in its Data Processing of Customer Operational Data, (b) will only use Customer Operational Data for the purposes provided under the Agreement, (c) certifies that it is not and has not been subject to a government investigation or consent decree, judgment or order regarding data privacy or information security.

3. Data Security: ReliaQuest will make reasonable efforts to comply with all applicable laws, regulations, international standards and codes of practice in connection with its Data Processing of Customer Operational Data. ReliaQuest will implement and maintain reasonable physical, technical and organizational measures and safeguards that protect the security and confidentiality of Customer Operational Data against unlawful or accidental access to, or unauthorized processing, disclosure, destruction, damage or loss of Customer Operational Data. Without limiting the generality of the foregoing, where appropriate, and in accordance with industry standards and best practices, ReliaQuest will implement or use commercially appropriate network management and maintenance applications and tools, fraud prevention and intrusion detection systems, and encryption technologies.

4. Third-Party Security Assessments
ReliaQuest will have a SOC 2 Type 2 attestation conducted on an annual basis and will maintain a certification of Information Security and Information Technology controls pursuant to the ISO/IEC 27001:2013 Certification Standard. ReliaQuest will promptly notify Customer in the event that any deviations or irregularities are noted in the resulting reports if such deviations or irregularities are applicable to the Agreement. Any such deviations or irregularities will be promptly addressed by ReliaQuest at its sole cost and expense. Customer has the right to request a SOC 2 report and ISO/IEC 27001 certificate at any time during the term of the Agreement.
5. Encryption: ReliaQuest will ensure that all Customer Operational Data received by ReliaQuest in accordance with the Agreement will be encrypted at rest (AES 256) and while in transit using a secure transfer method (e.g., SFTP, TLS).

6. Return or Destruction: Upon either the written request of Customer or the termination or expiration of the Agreement, and at Customer’s discretion, ReliaQuest will render unreadable or return to Customer, or any third party designated by Customer, within sixty (60) business days, all copies, duplicates, summaries, abstracts or other representations of any Customer Operational Data, without charge to Customer. For electronic media, “render unreadable” may include, among others, degaussing or using a FIPS compliant military-grade wipe program, and for hard-copy material “render unreadable” may include, among others, cross-cut shredding or incineration consistent with ISO 9564-1 or ISO 11568-3e.

7. Subcontractors and Third Parties: Except as provided in this Schedule, ReliaQuest will not transfer any Customer Operational Data to any subcontractor or other third party, or otherwise allow any subcontractor or third party to access Customer Operational Data, without the prior written agreement of Customer. For the purposes of this Schedule, Thycotic, ServiceNow, Digital Shadows and Amazon Web Services are authorized subcontractors of ReliaQuest.

8. Transborder Data Flows: ReliaQuest Systems and ReliaQuest’s Data Processing of Customer Operational Data will occur only within the U.S. or Ireland. Neither ReliaQuest, nor any of its third parties, will transfer any Customer Operational Data outside the U.S. or Ireland or across a country border without the written agreement of Customer.

9. Data Security Breaches and Security Events:

9.1 Notice:
If ReliaQuest discovers and has conclusive knowledge of a Data Security Breach or Security Event, ReliaQuest will provide prompt notice to Customer, which in no case will be more than five (5) business days thereafter. ReliaQuest will provide Customer with the name and contact information for a primary security contact that will be available to assist Customer, in resolving obligations associated with any Data Security Breach or Security Event.
9.2 Investigation, Remediation, Mitigation: ReliaQuest, at its own expense, will investigate, remediate and mitigate the effects of a Data Security Breach or Security Event and, upon request or at reasonable junctures, report to Customer all relevant information, details and findings regarding such activities. In the event of a Data Security Breach, ReliaQuest shall reasonably cooperate with Customer and Customer’s representatives to provide reasonable assistance to Customer in its efforts to help mitigate the effect of such Data Security Breach.

9.3 Notifications: In the event of a Data Security Breach or Security Event, ReliaQuest will not notify authorities or media unless: (i) explicit, written permission has been provided by Customer; or (ii) ReliaQuest is otherwise required by law to notify authorities, provided ReliaQuest will makes commercially reasonable attempts to notify Customer in advance of making any such required notification. To the extent Customer is required to provide notice of any kind to the authorities or media, Customer shall not under any circumstances identify ReliaQuest in such notice or announcement, unless as required to comply with applicable law.

 

EXHIBIT B
BACKGROUND SCREENING REQUIREMENTS

ReliaQuest will have completed a reasonable background check and drug screen as defined below on all ReliaQuest employees that participate in Ongoing Enablement activities under an Order. ReliaQuest shall use a reputable vendor in that jurisdiction for the performance of such checks and screens. Specifically, ReliaQuest shall ensure that, in accordance with applicable law, and unless as otherwise prohibited by applicable law:

(i) such individual has been required to take the legally permitted equivalent of a 9-panel drug screening test for those controlled substances as dictated by ReliaQuest and the results of the test were negative prior to any access of Customer premises or systems;

(ii) a national, regional or other jurisdictionally appropriate in country background check which would be the equivalent of a US federal, state and county including city, criminal background check, subject to the extent permitted by local law, was performed on such individual and the check revealed no (a) convictions for felonies, (b) misdemeanor convictions related to financial crimes or offenses, or (c) other information which would indicate that the individual is a danger to Customer, its customers, third parties or any of their property; and

(iii) an identity verification against a government database, e.g. national insurance or social security number equivalent verification or driver’s license check has occurred (where applicable).