General Terms and Conditions

Last updated: January 12, 2022

Please read carefully: the individual accepting these terms and conditions on behalf of a company or other legal entity (“Client” or “you”), represents and warrants that they have full authority to bind the Client to this Agreement. Unless the Client has another valid Agreement for the purchase and use of PacketWatch products and services, these Terms and Conditions govern the use and provision of PacketWatch products and services. By assenting to these terms (either by signing an Order Form, Master Services Agreement (“MSA”), Quote or Statement of Work (“SOW”) or otherwise placing an order), Client accepts these Terms and Conditions, which will be deemed a binding contract between Client and WGM Associates LLC DBA PacketWatch, an Arizona limited liability company, on behalf of itself and any affiliates performing hereunder (collectively, “PacketWatch”).  These Terms and Conditions are binding as of the earliest of the date that Client accepts these Terms and Conditions, or the date set forth on an Order, MSA or SOW.

Terms and Conditions

These Terms and Conditions cover all PacketWatch products and services but provisions regarding specific products or services apply only to the extent Client has purchased, accessed, or used such products or services.

1. Definitions.

“Affiliate” means any entity that a party directly or indirectly controls (e.g., subsidiary) or is controlled by (e.g., parent), or with which it is under common control (e.g., sibling).

“Agreement” means these PacketWatch Terms and Conditions together with each Order.

“API” means an application program (or programming) interface.

“Client Contractor Services” means products, services or content developed or provided by Client Contractors, including, but not limited to, third party applications complimentary to the Offerings, implementation services, managed services, training, technical support, or other consulting services related to, or in conjunction with, the Offerings.

“Client Contractor” means any individual or entity (other than a PacketWatch Competitor) that: (i) has access or use of a Product under this Agreement solely on behalf of and for Client’s Internal Use, (ii) has an agreement to provide Client (or its Affiliates) services, and (iii) is subject to confidentiality obligations covering PacketWatch’s Confidential Information.

“Client” means as the context requires, in addition to the entity identified above, any Client Affiliate that places an Order under these PacketWatch Terms and Conditions, uses or accesses any Offering hereunder, or benefits from the Client’s use of an Offering.

“Documentation” means PacketWatch’s end-user technical documentation included in the applicable Offering.

“Endpoint” means any physical or virtual device, such as, a computer, server, laptop, desktop computer, mobile, cellular, container or virtual machine image.

“Error” means a reproducible failure of a Product to perform in substantial conformity with its applicable Documentation.

“Internal Use” means access or use solely for Client’s and subject to the Section entitled Affiliates, Orders and Payment; Affiliates and the Section entitled Access and Use Rights, its Affiliates’, own internal information security purposes. By way of example and not limitation, Internal Use does not include access or use: (i) for the benefit of any person or entity other than Client or its Affiliates, or (ii) in any event, for the development of any product or service. Internal Use is limited to access and use by Client’s and Client’s Affiliates’ employees and Client Contractors (except as set forth in the Section entitled Client Contractors), in either event, solely on Client’s behalf and for Client’s benefit.

“Network” means the physical or wireless devices (switches, gateways, routers, etc.) providing the connection between multiple Endpoints and 3rd party services including connectivity to the Internet.

“Offerings” means, collectively, any Products, Product-Related Services, or Professional Services.

“Order” means any purchase order or other ordering document (including any SOW) accepted by PacketWatch that identifies the following ordered by Client: Offering, Offering quantity based on PacketWatch’s applicable metrics (e.g., hours of effort, usage period, throughput, number of Endpoints, Network Configuration, size of company (based on number of employees), number of file uploads, or number of queries), price and Subscription/Order Term.

“PacketWatch Competitor” means a person or entity in the business of developing, distributing, or commercializing Internet security products or services substantially like or competitive with PacketWatch’s products or services.

“PacketWatch Data” shall mean the data generated by the PacketWatch Offerings, including but not limited to, correlative and/or contextual data, and/or detections. For the avoidance of doubt, PacketWatch Data does not include Client Data.

“PacketWatch Equipment” means any computer hardware, collection devices or networking hardware provided to Client for the purpose of providing Services hereunder and specified in the SOW.

“PacketWatch Tool” means any PacketWatch proprietary software-as-a-service, software, hardware, or other tool that PacketWatch uses in performing Professional Services, which may be specified in the applicable SOW. PacketWatch Tools may include PacketWatch’s products.

“Product-Related Services” means, collectively, (i) PW MDR, (ii) PW Threat Intel, (iii) the technical support services for certain Products provided by PacketWatch, (iv) training, and (v) any other PacketWatch services provided or sold with Products. Product-Related Services do not include Professional Services.

“Product” means any of PacketWatch’s cloud-based software or other products ordered by Client as set forth in the relevant Order, the available accompanying API’s, the PacketWatch Data, any Documentation, and any Updates thereto that may be made available to Client from time to time by PacketWatch.

“Professional Services” means any professional services performed by PacketWatch for Client pursuant to an SOW or other Order. Professional Services may include without limitation incident response, investigation and forensic services related to cyber-security adversaries, tabletop exercises, and next generation penetration tests related to cyber-security.

“Recognized Freight Carrier” means Federal Express, UPS or other mutually agreed commercial freight carrier.

“Services” means, collectively, any Product-Related Services and any Professional Services.

“Sponsoring Partner” means, as the context requires, in addition to the entity identified above, any Sponsoring Partner Affiliate that will pay for an Order placed under these PacketWatch Terms and Conditions, or benefits from the Client’s use of an Offering.

“Statement of Work” or “SOW” means a mutually agreed executed written document describing the Professional Services to be performed by PacketWatch for Client, deliverables, fees, and expenses related thereto.

“Subscription/Order Term” means the period of time set forth in the applicable Order during which: (i) Client is authorized by PacketWatch to access and use the Product or Product-Related Service, or (ii) Professional Services may be performed.

“Updates” means any correction, update, upgrade, patch, or other modification or addition made by PacketWatch to any Product and provided to Client by PacketWatch from time to time on an as available basis.

2. Affiliates, Orders and Payment.

2.1 Affiliates. Any Affiliate of Client or Sponsoring Partner purchasing hereunder, or using or accessing any Offering hereunder, or benefitting from the Client’s use of an Offering, will be bound by and comply with all terms and conditions of this Agreement. The Client signing these PacketWatch Terms and Conditions will remain responsible for Client’s Affiliates’ acts and omissions unless Client’s Affiliate has entered into its own Terms and Conditions with PacketWatch.

2.2 Orders. Only those transaction-specific terms stating the Offerings ordered, quantity, price, payment terms, Subscription/Order Term, and billing/provisioning contact information (and for the avoidance of doubt, specifically excluding any pre-printed terms on Client’s purchase order) will have any force or effect unless a particular Order is executed by an authorized signer of PacketWatch and returned to Client. If any such Order is so executed and delivered, then only those specific terms on the face of such Order that expressly identify those portions of this Agreement that are to be superseded will prevail over any conflicting terms herein but only with respect to those Offerings ordered on such Order. Orders are non-cancellable. All Orders regardless of source are, and PacketWatch’s obligations and liabilities to Client are governed by, this Agreement.

2.3 Payment and Taxes. As applicable, either Sponsoring Partner on behalf of Client, or Client shall pay the fees for Offerings to PacketWatch as set forth in the applicable Order. Unless otherwise expressly set forth on the Order, either Sponsoring Partner or Client will pay the fees and amounts stated on each Order within 30 days after receipt of the applicable invoice. Except as otherwise expressly provided in this Agreement, all fees and other amounts are non-refundable. Fees are exclusive of any applicable sales, use, value added, withholding, and other taxes, however designated. Client shall pay all such taxes levied or imposed by reason of Client’s purchase or use of the Offerings and the transactions hereunder, except for taxes based on PacketWatch’s income or with respect to PacketWatch’s employment of its employees.

3. Access & Use Rights.

3.1 Evaluation. If PacketWatch approves Client’s use of a PacketWatch product for evaluation (the “Evaluation Product”), the terms herein applicable to Products also apply to evaluation access and use of such Evaluation Product, except for the following different or additional terms: (i) the duration of the evaluation is as mutually agreed upon by Client and PacketWatch, provided that either PacketWatch or Client can terminate the evaluation at any time upon written (including email) notice to the other party; (ii) the Evaluation Product is provided “AS-IS” without warranty of any kind, and PacketWatch disclaims all warranties, support obligations, and other liabilities and obligations for the Evaluation Product; and (iii) Client’s access and use is limited to Internal Use by Client employees only.

3.2 Access & Use Rights. Subject to the terms and conditions of this Agreement (including PacketWatch’s receipt of applicable fees), PacketWatch grants Client, under PacketWatch’s intellectual property rights in and to the applicable Product, a non-exclusive, non-transferable (except as expressly provided in the Section entitled Assignment), non-sublicensable license to access and use the Products in accordance with any applicable Documentation solely for Client’s Internal Use during the applicable Subscription/Order Term. Client’s access and use is limited to the quantity in the applicable Order. Furthermore, the following additional terms and conditions apply to specific Products (or components thereof):

(a) Products with Software Components. If Client purchases a subscription to a Product with a downloadable object-code component (“Software Component”), Client may, during the Subscription/Order Term install and run multiple copies of the Software Components solely for Client’s and Client’s Affiliates’ Internal Use up to the maximum quantity in the applicable Order.

(b) PacketWatch Tools. If PacketWatch provides PacketWatch Tools to Client pursuant to performing Professional Services, the license set forth in the Section entitled Access & Use Rights applies to such PacketWatch Tools as used solely for Client’s Internal Use during the period of time set forth in the applicable Order, or if none is specified, for the period authorized by PacketWatch. Not all Professional Services engagements will involve the use of PacketWatch Tools.

3.3 Restrictions. The access and use rights set forth in the Section entitled Access & Use Rights do not include any rights to, and Client will not, with respect to any Offering (or any portion thereof): (i) employ or authorize a PacketWatch Competitor to use or view the Offering or Documentation, or to provide management, hosting, or support for an Offering; (ii) alter, publicly display, translate, create derivative works of or otherwise modify an Offering; (iii) sublicense, distribute or otherwise transfer an Offering to any third party (except as expressly provided in the Section entitled Assignment); (iv) allow third parties to access or use an Offering (except for Client Contractors as expressly permitted herein); (v) create public Internet “links” to an Offering or “frame” or “mirror” any Offering content on any other server or wireless or Internet-based device; (vi) reverse engineer, decompile, disassemble or otherwise attempt to derive the source code (if any) for an Offering (except to the extent that such prohibition is expressly precluded by applicable law), circumvent its functions, or attempt to gain unauthorized access to an Offering or its related systems or networks; (vii) use an Offering to circumvent the security of another party’s network/information, develop malware, unauthorized surreptitious surveillance, data modification, data exfiltration, data ransom or data destruction; (viii) remove or alter any notice of proprietary right appearing on an Offering; (ix) conduct any stress tests, competitive benchmarking or analysis on, or publish any performance data of, an Offering (provided, that this does not prevent Client from comparing the Products to other products for Client’s Internal Use); (x) use any feature of PacketWatch APIs for any purpose other than in the performance of, and in accordance with, this Agreement; or (xi) cause, encourage or assist any third party to do any of the foregoing. Client agrees to use an Offering in accordance with laws, rules and regulations directly applicable to Client and acknowledges that Client is solely responsible for determining whether a particular use of an Offering is compliant with such laws.

3.4 Installation and User Accounts. PacketWatch is not responsible for installing Products unless Client purchase installation services from PacketWatch. For those Products requiring user accounts, only the single individual user assigned to a user account may access or use the Product. Client is liable and responsible for all actions and omissions occurring under Client’s and Client’s Contractor’s user accounts for Offerings. Client shall notify PacketWatch if Client learn of any unauthorized access or use of Client’s user accounts or passwords for an Offering.

3.5 Malware Samples. If PacketWatch makes malware samples available to Client in connection with an evaluation or use of the Product (“Malware Samples”), Client acknowledges and agrees that: (i) Client’s access to and use of Malware Samples is at Client’s own risk, and (ii) Client should not download or access any Malware Samples on or through its own production systems and networks and that doing so can infect and damage Client’s systems, networks, and data. Client shall use the Malware Samples solely for Internal Use and not for any malicious or unlawful purpose. PacketWatch will not be liable for any loss or damage caused by any Malware Sample that may infect Client’s computer equipment, computer programs, data, or other proprietary material due to Client’s access to or use of the Malware Samples.

3.6 Third Party Software. PacketWatch uses certain third-party software in its Products, including what is commonly referred to as open-source software. Under some of these third-party licenses, PacketWatch is required to provide Client with notice of the license terms and attribution to the third party. See the licensing terms and attributions for such third-party software that PacketWatch uses at: https://PacketWatch.com/opensource.

3.7 Ownership & Feedback. Products, Product-Related Services, and the PacketWatch Tools are made available for use or licensed, not sold. PacketWatch owns and retains all right, title and interest (including all intellectual property rights) in and to the Products, Product-Related Services, and the PacketWatch Tools. Any feedback or suggestions that Client provides to PacketWatch regarding its Offerings and PacketWatch Tools (e.g., bug fixes and features requests) is non-confidential and may be used by PacketWatch for any purpose without acknowledgement or compensation; provided, Client will not be identified publicly as the source of the feedback or suggestion.

4. Client Contractors.

4.1 Authorization. Client authorizes PacketWatch to give Client Contractors the rights and privileges to the Offerings necessary to enable and provide for Client’s use and receipt of the Client Contractor Services. If at any time Client revokes this authorization, to the extent the Offerings provide for Client to limit the Client Contractor’s access and use of the Offerings, then Client is responsible for taking the actions necessary to revoke such access and use. In the event Client requires PacketWatch assistance with such revocation or limitation, Client must contact PacketWatch Support with written notice of such revocation or limitation at support@PacketWatch.com and PacketWatch will disable the Client Contractor’s access to Client’s Offerings within a reasonable period of time following receipt of such notice but in any event within 72 hours of receipt of such notice.

4.2 Disclaimer. Client Contractors are subject to the terms and conditions in the Agreement while they are using the Offerings on behalf of Client and Client remains responsible for their acts and omissions during such time. Any breach by a Client Contractor of this Agreement is a breach by Client. PacketWatch may make available Client Contractor Services to Client, for example, through an online directory, catalog, store, or marketplace. Client Contractor Services are not required for use of the Offerings. Offerings may contain features, including API’s, designed to interface with or provide data to Client Contractor Services. PacketWatch is not responsible or liable for any loss, costs or damages arising out of Client Contractor’s actions or inactions in any manner, including but not limited to, for any disclosure, transfer, modification or deletion of Client Data (defined in Exhibit A). Whether or not a Client Contractor is designated by PacketWatch as, or otherwise claims to be “certified,” “authorized,” or similarly labeled, PacketWatch does not: (i) control, monitor, maintain or provide support for, Client Contractor Services, (ii) disclaims all warranties of any kind, indemnities, obligations, and other liabilities in connection with the Client Contractor Services, and any Client Contractor interface or integration with the Offerings, and (iii) cannot guarantee the continued availability of Client Contractor Services and related features. If Client Contractor Services and related features are no longer available for any reason, PacketWatch is not obligated to provide any refund, credit, or other compensation for, or related to, the Offerings.

4.3 Restrictions on Client Contractors. Client shall not give or allow Client Contractors access to, or use of, intelligence reports provided to Client, or made accessible in the Products. For the avoidance of doubt, nothing herein prevents Client from using intelligence products for Client’s Internal Use.

5. Professional Services.

5.1 Fees. Professional Services will commence on a mutually agreed upon date. Estimates provided for Professional Services performed on a time-and-material basis are estimates only and not a guaranteed time of completion. Professional Services performed on a fixed fee basis are limited to the scope of services stated in the applicable Order.

5.2 Ownership of Deliverables. Professional Services provided hereunder do not constitute “works for hire,” “works made in the course of duty,” or similar terms under laws where the transfer of intellectual property occurs on the performance of services to a payor. The only deliverable arising from the Professional Services is a report consisting primarily of PacketWatch’s findings, recommendations, and adversary information. Client owns the copy of the report (including without limitation, all Client’s Confidential Information therein) delivered to Client (“Deliverable”), subject to PacketWatch’s ownership of the PacketWatch Materials. Client agrees that PacketWatch exclusively owns any and all software (including object and source code), flow charts, algorithms, documentation, adversary information, report templates, know-how, inventions, techniques, models, PacketWatch trademarks, ideas and any and all other works and materials developed by PacketWatch in connection with performing the Professional Services (including without limitation all intellectual property rights therein and thereto) (collectively, the “PacketWatch Materials”) and that title shall remain with PacketWatch. For the avoidance of doubt, the PacketWatch Materials do not include any Client Confidential Information or other Client provided materials or data. Upon payment in full of the amounts due hereunder for the applicable Professional Services and to the extent the PacketWatch Materials are incorporated into the Deliverable(s), Client shall have a perpetual, non-transferable (except as expressly provided in the Section entitled Assignment), non-exclusive license to use the PacketWatch Materials solely as a part of the Deliverable(s) for Client’s Internal Use.

6. Data Security and Privacy.

See Exhibit A.

7. Confidentiality.

7.1 Definitions. In connection with this Agreement, each party (“Recipient”) may receive Confidential Information of the other party (“Discloser”) or third parties to whom Discloser has a duty of confidentiality. “Confidential Information” means non-public information in any form that is in the Recipient’s possession regardless of the method of acquisition that the Discloser designates as confidential to Recipient or should be reasonably known by the Recipient to be Confidential Information due to the nature of the information disclosed and/or the circumstances surrounding the disclosure. Confidential Information shall not include information that is: (i) in or becomes part of the public domain (other than by disclosure by Recipient in violation of this Agreement); (ii) previously known to Recipient without an obligation of confidentiality and demonstrable by the Recipient; (iii) independently developed by Recipient without use of Discloser’s Confidential Information; or (iv) rightfully obtained by Recipient from third parties without an obligation of confidentiality.

7.2 Restrictions on Use. Except as allowed in Section 7.3 (Exceptions), Recipient shall hold Discloser’s Confidential Information in strict confidence and shall not disclose any such Confidential Information to any third party, other than to its employees, and contractors, including without limitation, counsel, accountants, and financial advisors (collectively, “Representatives”), its Affiliates and their Representatives, subject to the other terms of this Agreement, and in each case who need to know such information and who are bound by restrictions regarding disclosure and use of such information comparable to and no less restrictive than those set forth herein. Recipient shall not use Discloser’s Confidential Information for any purpose other than as set forth in this Agreement. Recipient shall take the same degree of care that it uses to protect its own confidential information of a similar nature and importance (but in no event less than reasonable care) to protect the confidentiality and avoid the unauthorized use, disclosure, publication, or dissemination of the Discloser’s Confidential Information. Within 72 hours of Recipient becoming aware of the unauthorized use, disclosure, publication, or dissemination of the Discloser’s Confidential Information while in Recipient’s control, Recipient shall provide Discloser with notice thereof.

7.3 Exceptions. Recipient may disclose Discloser’s Confidential Information: (i) to the extent required by applicable law or regulation; (ii) pursuant to a subpoena or order of a court or regulatory, self-regulatory, or legislative body of competent jurisdiction; (iii) in connection with any regulatory report, audit, or inquiry; or (iv) where requested by a regulator with jurisdiction over Recipient. In the event of such a requirement or request, Recipient shall, to the extent legally permitted: (a) give Discloser prompt written notice of such requirement or request prior to such disclosure; and (b) at Discloser’s cost, a reasonable opportunity to review and comment upon the disclosure and request confidential treatment or a protective order pertaining thereto prior to Recipient making such disclosure. If the Recipient is legally required to disclose the Discloser’s Confidential Information as part of: (x) a legal proceeding to which the Discloser is a party but the Recipient is not; or (y) a government or regulatory investigation of the Discloser, the Discloser shall pay all of the Recipient’s reasonable and actual out of pocket legal fees and expenses (as evidenced by reasonably detailed invoices) and will reimburse the Recipient for its reasonable costs and fees of compiling and providing such Confidential Information, including, a reasonable hourly rate for time spent preparing for, and participating in, depositions and other testimony.

7.4 Destruction. Upon Discloser’s written request, Recipient shall use commercially reasonable efforts to destroy the Confidential Information and any copies or extracts thereof. However, Recipient, its Affiliates and their Representatives may retain any Confidential Information that: (i) they are required to keep for compliance purposes under a document retention policy or as required by applicable law, professional standards, a court, or regulatory agency; or (ii) have been created electronically pursuant to automatic or ordinary course archiving, back-up, security, or disaster recovery systems or procedures; provided, however, that any such retained information shall remain subject to this Agreement. Upon Discloser’s request, Recipient will provide Discloser with written confirmation of destruction in compliance with this provision.

7.5 Equitable Relief. Each party acknowledges that a breach of this Section 7 (Confidentiality) shall cause the other party irreparable injury and damage. Therefore, each party agrees that those breaches may be stopped through injunctive proceedings in addition to any other rights and remedies which may be available to the injured party at law or in equity without the posting of a bond.

8. Warranties & Disclaimer.

8.1 No Warranty for Pre-Production Versions. Any pre-production feature or version of an Offering provided to Client is experimental and provided “AS IS” without warranty of any kind and will not create any obligation for PacketWatch to continue to develop, productize, support, repair, offer for sale, or in any other way continue to provide or develop any such feature or Offering. Client agrees that its purchase is not contingent on the delivery of any future functionality or features, or dependent on any oral or written statements made by PacketWatch regarding future functionality or features.

8.2 Product Warranty. If Client has purchased a Product, PacketWatch warrants to Client during the applicable Subscription/Order Term that: (i) the Product will operate without Error; and (ii) PacketWatch has used industry standard techniques to prevent the Products at the time of delivery from injecting malicious software viruses into Client’s Endpoints where the Products are installed. Client must notify PacketWatch of any warranty claim during the Subscription/Order Term. Client’s sole and exclusive remedy and the entire liability of PacketWatch for its breach of this warranty will be for PacketWatch, at its own expense to do at least one of the following: (a) use commercially reasonable efforts to provide a work-around or correct such Error; or (b) terminate Client’s license to access and use the applicable non-conforming Product and refund the prepaid fee prorated for the unused period of the Subscription/Order Term. PacketWatch shall have no obligation regarding Errors reported after the applicable Subscription/Order Term.

8.3 Services Warranty. PacketWatch warrants to Client that it will perform all Services in a professional and workmanlike manner consistent with generally accepted industry standards. Client must notify PacketWatch of any warranty claim for Services during the period the Services are being performed or within 30 days after the conclusion of the Services. Client’s sole and exclusive remedy and the entire liability of PacketWatch for its breach of this warranty will be for PacketWatch, at its option and expense, to (a) use commercially reasonable efforts to re-perform the non-conforming Services, or (b) refund the portion of the fees paid attributable to the non-conforming Services.

8.4 Exclusions. The express warranties do not apply if the applicable Product or Service: (i) has been modified, except by PacketWatch, (ii) has not been installed, used, or maintained in accordance with this Agreement or Documentation, or (iii) is non-conforming due to a failure to use an applicable Update. If any part of a Product or Service references websites, hypertext links, network addresses, or other third-party locations, information, or activities, it is provided as a convenience only.

8.5 No Guarantee. CLIENT ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT PACKETWATCH DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, OR DISCOVER ALL OF CLIENT’S OR ITS AFFILIATES’ SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND CLIENT AND ITS AFFILIATES WILL NOT HOLD PACKETWATCH RESPONSIBLE THEREFOR.

8.6 Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES IN THIS SECTION 8, PACKETWATCH AND ITS AFFILIATES DISCLAIM ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, PACKETWATCH AND ITS AFFILIATES AND SUPPLIERS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT WITH RESPECT TO THE OFFERINGS AND PACKETWATCH TOOLS. THERE IS NO WARRANTY THAT THE OFFERINGS OR PACKETWATCH TOOLS WILL BE ERROR FREE, OR THAT THEY WILL OPERATE WITHOUT INTERRUPTION OR WILL FULFILL ANY OF CLIENT’S PARTICULAR PURPOSES OR NEEDS. THE OFFERINGS AND PACKETWATCH TOOLS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. NEITHER THE OFFERINGS NOR PACKETWATCH TOOLS ARE FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE. Client agrees that it is Client’s responsibility to ensure safe use of an Offering and the PacketWatch Tools in such applications and installations. PACKETWATCH DOES NOT WARRANT ANY THIRD-PARTY PRODUCTS OR SERVICES.

8.7 Additional Terms That May Apply. See Exhibit C for additional warranties that may apply to certain international Clients.

9. Indemnification.

9.1 PacketWatch’s Obligation. PacketWatch shall at its cost and expense: (i) defend and/or settle any claim brought against Client by an unaffiliated third party alleging that an Offering infringes or violates that third party’s intellectual property rights, and (ii) pay and indemnify any settlement of such claim or any damages awarded to such third party by a court of competent jurisdiction as a result of such claim; provided, that Client: (a) gives PacketWatch prompt written notice of such claim; (b) permits PacketWatch to solely control and direct the defense or settlement of such claim (however, PacketWatch will not settle any claim in a manner that requires Client to admit liability without Client’s prior written consent); and (c) provides PacketWatch all reasonable assistance in connection with the defense or settlement of such claim, at PacketWatch’s cost and expense. In addition, Client may, at Client’s own expense, participate in defense of any claim.

9.2 Remedies. If a claim covered under this Section occurs or in PacketWatch’s opinion is reasonably likely to occur, PacketWatch may at its expense and sole discretion (and if Client’s access and use of an Offering is enjoined, PacketWatch will, at its expense): (i) procure the right to allow Client to continue using the applicable Offering; (ii) modify or replace the applicable Offering to become non-infringing; or (iii) if neither (i) nor (ii) is commercially practicable, terminate Client’s license or access to the affected portion of applicable Offering and refund a portion of the pre-paid, unused fees paid by Client corresponding to the unused period of the Subscription/Order Term.

9.3 Exclusions. PacketWatch shall have no obligations under this Section if the claim is based upon or arises out of: (i) any modification to the applicable Offering not made by PacketWatch; (ii) any combination or use of the applicable Offering with or in any third party software, hardware, process, firmware, or data, to the extent that such claim is based on such combination or use; (iii) Client’s continued use of the allegedly infringing Offering after being notified of the infringement claim or after being provided a modified version of the Offering by PacketWatch at no additional cost that is intended to address such alleged infringement; (iv) Client’s failure to use the Offering in accordance with the applicable Documentation; and/or (v) Client’s use of the Offering outside the scope of the rights granted under this Agreement.

9.4 Exclusive Remedy. THE REMEDIES SPECIFIED IN THIS SECTION CONSTITUTE CLIENT’S SOLE AND EXCLUSIVE REMEDIES, AND PACKETWATCH’S ENTIRE LIABILITY, WITH RESPECT TO ANY INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.

10. Limitation of Liability.

10.1 TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT FOR LIABILITY FOR ANY AMOUNTS PAID OR PAYABLE TO THIRD PARTIES UNDER SECTION 9 (INDEMNIFICATION), CLIENT’S PAYMENT OBLIGATIONS, AND/OR ANY INFRINGEMENT OR MISAPPROPRIATION BY ONE PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY IN CONNECTION WITH THIS AGREEMENT OR THE SUBJECT MATTER HEREOF (UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STATUTE, TORT OR OTHERWISE) FOR ANY LOST PROFITS, REVENUE, OR SAVINGS, LOST BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE; OR (B) AN AMOUNT THAT EXCEEDS THE TOTAL FEES PAID OR PAYABLE TO PACKETWATCH FOR THE RELEVANT OFFERING DURING THAT OFFERING’S SUBSCRIPTION/ORDER TERM. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY SPECIFIED IN THIS AGREEMENT. MULTIPLE CLAIMS SHALL NOT EXPAND THE LIMITATIONS SPECIFIED IN THIS SECTION 10.

10.2 Additional or Different Terms That May Apply. See Exhibit C for additional or different terms related to liability that may apply to certain international Clients.

11. Compliance with Laws.

Each party agrees to comply with all U.S. federal, state, local and non-U.S. laws directly applicable to such party in the performance of this Agreement, including but not limited to, applicable export and import, anti-corruption and employment laws. Client acknowledges and agrees the Offerings shall not be used, transferred, or otherwise exported or re-exported to regions that the United States and/or the European Union maintains an embargo or comprehensive sanctions (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity subject to individual prohibitions (e.g., parties listed on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders) (collectively, “Designated Nationals”), without first obtaining all required authorizations from the U.S. government and any other applicable government. Client represents and warrants that Client is not located in, or is under the control of, or a national or resident of, an Embargoed Country or Designated National. PacketWatch represents and warrants that PacketWatch is not located in, or is under the control of, or a national or resident of, an Embargoed Country or Designated National.

12. U.S. Government End-Users.

12.1 Commercial Items. The following applies to all acquisitions by or for the U.S. government or by any U.S. Government prime contractor or subcontractor at any tier (“Government Users”) under any U.S. Government contract, grant, other transaction, or other funding agreement. The Products, PacketWatch Tools, and Documentation are “commercial items,” as that term is defined in Federal Acquisition Regulation (“FAR”) (48 C.F.R.) 2.101, consisting of “commercial computer software” and “commercial computer software documentation,” as such terms are used in FAR 12.211 and 12.212. In addition, Department of Defense FAR Supplement (“DFARS”) 252.227-7015 (Technical Data – Commercial Items) applies to technical data acquired by Department of Defense agencies. Consistent with FAR 12.211 and 12.212 and DFARS (48 C.F.R.) 227.7202-1 through 227.7202-4, the Products, PacketWatch Tools, and Documentation are being licensed to Government Users pursuant to the terms of this license(s) customarily provided to the public as forth in this Agreement, unless such terms are inconsistent with United States federal law (“Federal Law”).

12.2 Disputes with the U.S. Government. If this Agreement fails to meet the Government’s needs or is inconsistent in any way with Federal Law and the parties cannot reach a mutual agreement on terms for this Agreement, the Government agrees to terminate its use of the Offerings. In the event of any disputes with the U.S. Government in connection with this Agreement, Section 14.3 of this Agreement shall not apply. Instead, the rights and duties of the parties arising from this Agreement, shall be governed by, construed, and enforced in accordance with Federal Procurement Law and any such disputes shall be resolved pursuant to the Contract Disputes Act of 1978, as amended (41 U.S.C. 7101-7109), as implemented by the Disputes Clause, FAR 52.233-1.

12.3 Precedence. This U.S. Government rights in this Section are in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in the Offerings, computer software or technical data under this Agreement.

13. Suspension and Termination.

This Agreement shall remain effective until termination in accordance with this Section or as otherwise specified herein. PacketWatch may immediately suspend Client’s access to, or use of, the Offerings if: (i) PacketWatch believes that there is a significant threat to the security, integrity, functionality, or availability of the Offerings or any content, data, or applications in the Offerings; (ii) Client or Client users are in breach of Section 3.3 (Restrictions); or (iii) Client fails to pay PacketWatch when undisputed fees are due; provided, however, PacketWatch will use commercially reasonable efforts under the circumstances to provide Client with notice and, if applicable, an opportunity to remedy such violation prior to any such suspension. Either party may terminate this Agreement upon 30 days’ written notice of a material breach by the other party, unless the breach is cured within the 30-day notice period. Prior to termination and subject to the terms of this Agreement, Client shall have the right to access and download Client Data available per the Client’s purchased Products and data retention period in a manner and in a format supported by the Products.

13.1 Process on Termination. Upon termination of this Agreement for any reason: (a) all Client’s access and use rights granted in this Agreement will terminate; (b) Client must promptly cease all use of Offerings and un-install any software components installed on Client’s Endpoints; (c) promptly (within 5 business days) return the PacketWatch Equipment in the packaging provided insured for the value specified with a Recognized Freight Carrier and (c) Client Data will be deleted in accordance with the data retention period purchased by Client and Section 7.4 Confidentiality; Destruction). Sections 1, 3.3, 7, 10, 12, 13, and 14 and all liabilities that accrue prior to termination shall survive expiration or termination of this Agreement for any reason.

14. General.

14.1 Entire Agreement. This Agreement constitutes the entire agreement between Client and PacketWatch concerning the subject matter of this Agreement and it supersedes all prior and simultaneous proposals, agreements, understandings, or other communications between the parties, oral or written, regarding such subject matter. Notwithstanding the foregoing, if Client have a PacketWatch Limited Warranty Agreement for PW MDR Platinum (or a preceding or successor named product) fully executed with PacketWatch, the warranty provided therein stands alone and is not superseded by this Agreement. It is expressly agreed that the terms of this Agreement shall supersede any terms in any procurement Internet portal or other similar non-PacketWatch document and no such terms included in any such portal or other non-PacketWatch document shall apply to the Offerings ordered. This Agreement shall not be construed for or against any party to this Agreement because that party or that party’s legal representative drafted any of its provisions.

14.2 Assignment. Neither party may assign this Agreement without the prior written consent of the other party, except to an Affiliate in connection with a corporate reorganization or in connection with a merger, acquisition, or sale of all or substantially all its business and/or assets. Any assignment in violation of this Section shall be void. Subject to the foregoing, all rights, and obligations of the parties under this Agreement shall be binding upon and inure to the benefit of and be enforceable by and against the successors and permitted assigns.

14.3 Governing Law; Venue. This Agreement, and the rights and duties of the parties arising from this Agreement, shall be governed by, construed, and enforced in accordance with the laws of the State of Arizona, excluding its conflicts-of-law principles. The sole and exclusive jurisdiction and venue for actions arising under this Agreement shall be state and federal courts in Maricopa County, Arizona, and the parties agree to service of process in accordance with the rules of such courts. The Uniform Computer Information Transactions Act and the United Nations Convention on the International Sale of Goods shall not apply. Notwithstanding the foregoing, each party reserves the right to file a suit or action in any court of competent jurisdiction as such party deems necessary to protect its intellectual property rights and, in PacketWatch’s case, to recoup any payments due.

14.4 Permission to List Client. Unless Client direct otherwise by sending an email to us at legal@PacketWatch.com, which direction may be given at any time, Client agree that PacketWatch may display Client’s company name and/or logo (in accordance with any trademark guidelines Client provide) as a PacketWatch Client in a manner that does not suggest Client’s use or endorsement of any specific PacketWatch product or service.

14.5 Independent Contractors; No Third-Party Rights. The parties are independent contractors. This Agreement shall not establish any relationship of partnership, joint venture, employment, franchise, or agency between the parties. No provision in this Agreement is intended or shall create any rights with respect to the subject matter of this Agreement in any third party.

14.6 Waiver, Severability & Amendments. The failure of either party to enforce any provision of this Agreement shall not constitute a waiver of any other provision or any subsequent breach. If any provision of this Agreement is held to be illegal, invalid, or unenforceable, the provision will be enforced to the maximum extent permissible so as to affect the intent of the parties, and the remaining provisions of this Agreement will remain in full force and effect. This Agreement may only be amended, or any term or condition set forth herein waived, by written consent of both parties.

14.7 Force Majeure. Neither party shall be liable for, nor shall either party be considered in breach of this Agreement due to, any failure to perform its obligations under this Agreement (other than its payment obligations) as a result of a cause beyond its control, including but not limited to, act of God or a public enemy, act of any military, civil or regulatory authority, change in any law or regulation, fire, flood, earthquake, storm or other like event, disruption or outage of communications (including an upstream server block and Internet or other networked environment disruption or outage), power or other utility, labor problem, or any other cause, whether similar or dissimilar to any of the foregoing, which could not have been prevented with reasonable care. The party experiencing a force majeure event, shall use commercially reasonable efforts to provide notice of such to the other party.

14.8 Notices. All legal notices will be given in writing to the addresses in the Order and will be effective: (i) when personally delivered, (ii) on the reported delivery date if sent by a recognized international or overnight courier, or (iii) five business days after being sent by registered or certified mail (or ten days for international mail). For clarity, Orders, POs, confirmations, invoices, and other documents relating to order processing and payment are not legal notices and may be delivered electronically in accordance with each party’s standard ordering procedures.

Exhibit A: Data Security and Privacy Schedule

    1. Definitions

    a. “PacketWatch Systems” means those computer systems hosting the ‘PW MDR Platform’.

    b. “Client Data” means the data generated by the Client’s Endpoints and collected by: (i) the Products, and/or (ii) the PacketWatch Tools, and in either case, sent to the PacketWatch Systems. Client Data is considered Client’s Confidential Information (defined in Section 7 Confidentiality) and subject to the exclusions, exceptions and obligations set forth therein and this Exhibit A Data Security and Privacy Schedule.

    c. “Execution Profile/Metric Data” means any machine-generated data, such as metadata derived from tasks, file execution, commands, resources, network telemetry, executable binary files, macros, scripts, and processes, that: (i) Client provides to PacketWatch in connection with this Agreement or (ii) is collected or discovered during the course of PacketWatch providing Offerings, excluding any such information or data that identifies Client or to the extent it includes Personal Data.

    d. “Personal Data” means information provided by Client to PacketWatch or collected by PacketWatch from Client used to distinguish or trace a natural person’s identity, either alone or when combined with other personal or identifying information that is linked or linkable by PacketWatch to a specific natural person. Personal Data also includes such other information about a specific natural person to the extent that the data protection laws applicable in the jurisdictions in which such person resides define such information as Personal Data.

    e. “Privacy and Security Laws” means U.S. federal, state and local and non-U.S. laws, including those of the European Union, that regulate the privacy or security of Personal Data and that are directly applicable to PacketWatch.

    f. “Security Breach” means unauthorized access to, or unauthorized acquisition of: (i) Client Data, or (ii) Personal Data, stored on PacketWatch Systems that results in the compromise of such Client Data and/or Personal Data.

    g. “Threat Actor Data” means any packets, malware, spyware, virus, worm, Trojan horse, or other potentially malicious or harmful code or files, URLs, DNS data, network telemetry, commands, processes or techniques, metadata, or other information or data, in each case that is potentially related to unauthorized third parties associated therewith and that: (i) Client provides to PacketWatch in connection with this Agreement, or (ii) is collected or discovered during the course of PacketWatch providing Offerings, excluding any such information or data that identifies Client or to the extent that it includes Personal Data.

    2. PW MDR Platform

    The ‘PW MDR Platform’ uses content collected from its clients, partners, and others, for the benefit of all its clients, to help each client protect themselves against suspicious and potentially destructive activities. PacketWatch’s Products are designed to quickly detect, identify, and respond to intrusions by collecting and analyzing data, including network data, packets, PCAPs, logs, machine event data, executed scripts, code, system files, c2 beacons, login information, binaries, tasks, resource information, commands, protocol identifiers, URLs, and related metadata. Client, rather than PacketWatch, determines which types of data, whether Personal Data or not, exist on its own systems and networks. Accordingly, Client’s network environment is unique in configurations and naming conventions and the collected data could potentially include Personal Data. PacketWatch uses the data to: (i) analyze, characterize, attribute, warn of, and/or respond to threats against Client and other Clients, (ii) analyze trends and performance, (iii) improve the functionality of, and develop, PacketWatch’s products and services, and enhance cybersecurity; and (iv) permit Clients to leverage other applications that use the data, but for all of the foregoing, in a way that does not identify Client or Client’s Personal Data to other Clients. Neither Execution Profile/Metric Data nor Threat Actor Data are Client’s Confidential Information or Client Data.

    3. Processing Personal Data

    a. Provisioning/Use of Offerings. Personal Data may be collected and used during the provisioning and use of the Offerings to deliver, support and improve the Offerings, administer the Agreement and further the business relationship between Client and PacketWatch, comply with law, act in accordance with Client’s written instructions, or otherwise in accordance with this Agreement. Client authorizes PacketWatch to collect, use, store and transfer the Personal Data that Client provide to PacketWatch as contemplated in this Agreement.

    b. Suspicious/Unknown File Analysis. While using certain PacketWatch Offerings Client may have the option to submit or upload (by submission, configuration, and/or, in the case of Services, by PacketWatch personnel retrieval) files and other information related to the files for security analysis and response or, when submitting crash reports, to make the product more reliable and/or improve PacketWatch’s products and services or enhance cyber-security. These potentially suspicious or unknown files may be transmitted and analyzed to determine functionality and their potential to cause instability or damage Client’s endpoint. In some instances, these files could contain Personal Data for which Client are responsible.

    4. Compliance with Privacy and Information Security Requirements

    a. Compliance with Laws. PacketWatch shall comply with all Privacy and Security Laws, the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from the European Economic Area, Switzerland, and the United Kingdom, as applicable. PacketWatch’s privacy notice may be found at https://www.packetwatch.com/privacy-notice/. To the extent necessary to comply with Privacy and Security Laws, including but not limited to when Client is a controller of Personal Data processed by PacketWatch originating in the European Union, Switzerland, or the United Kingdom, the Data Protection Addendum set forth [Contact us for a copy of the GDPR Agreement via legal@packetwatch.com] shall apply to PacketWatch’s processing of such Client Personal Data.

    b. Safeguards. PacketWatch shall maintain appropriate technical and organizational safeguards commensurate with the sensitivity of the Client Data and Personal Data processed by it on Client’s behalf, which are designed to protect the security, confidentiality, and integrity of such Client Data and Personal Data and protect such Client Data and Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access which substantially conform to the CIS CSC or NIST control framework. (“Information Security Controls for PacketWatch Systems”).

    5. Client Obligations.

    Client, along with its Affiliates, represents and warrants that: (i) it owns or has a right of use from a third party, and controls, directly or indirectly, all of the software, hardware and computer systems (collectively, “Systems”) where the Products and/or PacketWatch Tools will be installed or that will be the subject of, or investigated during, the Offerings, (ii) to the extent required under any federal, state, or local U.S. or non-US laws (e.g., Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq., Title III, 18 U.S.C. 2510 et seq., and the Electronic Communications Privacy Act, 18 U.S.C. § 2701 et seq.) it has authorized PacketWatch to access the Systems and process and transmit data through the Offerings and PacketWatch Tools in accordance with this Agreement and as necessary to provide and perform the Offerings, (iii) it has a lawful basis in having PacketWatch investigate the Systems, process the Client Data and the Personal Data; (iv) that it is and will at all relevant times remain duly and effectively authorized to instruct PacketWatch to carry out the Offerings, and (v) it has made all necessary disclosures, obtained all necessary consents and government authorizations required under applicable law to permit the processing and international transfer of Client Data and Client Personal Data from each Client and Client Affiliate, to PacketWatch.

    Rev. January 12, 2022