Last Updated December 12, 2023

THIS ADDENDUM TO LICENSE AGREEMENT (“ADDENDUM”) CONSTITUTE A BINDING AGREEMENT BETWEEN THE PENTERA ENTITY (“COMPANY”) AND THE CUSTOMER ENTITY (“CUSTOMER”), EACH AS SPECIFIED IN THE ORDER FORM TO WHICH THIS ADDENDUM RELATES. SUCH ORDER FORM, ONCE SIGNED, SHALL INCORPORATE THIS ADDENDUM BY REFERENCE.

WHEREAS, Company and the Customer have entered into a license agreement for the use of Pentera Core Software and/or Pentera Surface Software, and any related services (as specified in the Order Form) (“License Agreement”); and

WHEREAS, Customer desires to purchase, access and utilize the Credential Exposure module (“Module“) in connection with the terms and conditions set forth in the Order Form and the applicable License Agreement;

NOW THEREFORE, in consideration of the premises and the covenants herein contained, Customer hereby agrees as follows;

1. USAGE OF THE MODULE.

This Addendum governs Customer’s use, access, and utilization of the Module in conjunction with the provisions of the applicable License Agreement. The Module is intended for the detection, and presentation of data and exposed credentials achieved through the Module, including but not limited to, names, passwords, email addresses, limited localization data (state and city only). Any such data and credentials found shall be collectively referred to as “Breached Assets”. Customer shall not and shall prohibit others from renting, leasing, lending, selling, disclosing or sublicensing the Breached Assets or otherwise providing access to the Breached Assets to any third party other than a limited access to its employees.

2. REPRESENTATIONS AND WARRANTIES.

Customer hereby represents and warrants that it has provided all required notices, has a lawful legal basis and the right to use the Breached Assets obtained through the Module, and has obtained all necessary consents and permission to collect, store, disclose, process and use any such Breached Assets through the Module, all in accordance with any applicable privacy and data protection laws and regulations.

3. DATA DELETION REQUIREMENT.

Customer hereby agrees and represents that it shall permanently delete any and all Breached Assets received from the Module  upon the earlier of receipt of a written notification from Company requesting such deletion or upon termination and or expiration of the License Agreement.

4. MISCELLANEOUS.

All capitalized terms used but not defined herein shall have the meaning ascribed to them in the applicable License Agreement. Other than as explicitly stated herein, no other provision of the License Agreement shall be deemed affected or amended by this Addendum. This Addendum shall be deemed an integral part of the applicable License Agreement and shall be governed and construed by the terms and conditions set forth therein. This Addendum may be executed in any number of counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.

Unless a separate Data Processing Agreement exists between the parties, and to the extent Customer is deemed a Data Controller (as such term is defined under the EU General Data Protection Regulation 2016/679 (“GDPR”) or  a “Business” under the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. (the “CCPA”), and is subject to the GDPR and/or CCPA, respectively, the terms and conditions set forth in the Data Processing  Agreement (“DPA”) available at https://www.pentera.io/resources/data-sheets/pentera-data-processing-agreement/ shall apply to the use and processing of Personal Data under this Addendum.