THESE END USER LICENSE TERMS AND CONDITIONS (the “Agreement”) CONSTITUTE A BINDING AGREEMENT BETWEEN THE PENTERA ENTITY (“Company”) AND THE CUSTOMER ENTITY (“Customer”), EACH AS SPECIFIED IN THE ORDER FORM WHICH ONCE ACCEPTED BY COMPANY, IS HEREBY INCORPORATED INTO, AND MADE A PART OF, THIS AGREEMENT BY REFERENCE. Company and User may be collectively referred to herein as the “Parties”, and each individually as a “Party”.

IF USER HAS AN EXISTING AGREEMENT IN EFFECT WITH COMPANY FOR THE LICENSE OF SOFTWARE OR SOFTWARE SERVICES (AN “EXISTING AGREEMENT“), THEN THE PARTIES AGREE THAT THE ORDER FORM SHALL BE GOVERNED BY, AND DEEMED INCORPORATED INTO AND MADE A PART OF, THE EXISTING AGREEMENT (AND NOT THIS AGREEMENT), IN WHICH CASE, THE FOLLOWING TERMS AND CONDITIONS SHALL NOT APPLY.

1. DEFINITIONS. The following capitalized terms have the meanings set forth below:

“Affiliate” means, with respect to either Party, any entity that, directly or indirectly, controls, is controlled by, or is under common control with a party to this Agreement, where control means the power to direct the affairs or management of such entity, whether through the ownership of more than fifty percent (50%) of the voting securities, by contract, as trustee or executor.

“Channel Partner” means a Company authorized distributor, reseller, or other channel partner for the Software.

“Customer Data” means any data or information inputted or uploaded to the Software by or on behalf of Customer, or otherwise integrated with the Software via an API, or data belonging to Customer’s applications within the environment in which the Software is installed (such as, application ‘metadata’).

“Feature” means any module, tool, functionality, or feature of the Software.

“Intellectual Property Rights” means any and all rights, titles, and interests (under any jurisdiction or treaty, whether protectable or not, and whether registered or unregistered) in and to any technology, invention, work of authorship, software, database, data, know-how, software, design, and/or other intellectual property, and includes but is not limited to patents, copyrights and similar authorship rights, moral (and similar personal) rights, mask work rights, data and database rights, trade secret rights and similar rights in confidential information and other non-public information, design rights, industrial property rights, trademark, service mark, trade name, trade dress and similar branding rights, as well as: (i) all applications, registrations, renewals, reexaminations, extensions, continuations, continuations-in-part, provisionals, substitutions, divisions or reissues of or for the foregoing; and (ii) all goodwill associated with the foregoing.

“Order Form” means any ordering document, whether executed directly between the Parties or indirectly between Company and a Channel Partner, from time to time, by which Customer may obtain a Subscription to the Software and/or the performance of Services in accordance with this Agreement. Each Order Form is hereby incorporated by reference into, and shall be subject to, this Agreement.

“Software” means Company’s software as a service solution described in Schedule A.

“Subscription Scope” means any Software usage and/or consumption limitations and parameters (for example, as to volume of Users, domains and assets, notifications, API access, Features, duration) set forth in the Order Form.

“Subscription Term” means the Software subscription period specified in the Order Form.

“Users” means an employee of Customer (or its Affiliates, as permitted hereunder) authorized to access and use the Software, whose email address is associated with the Customer’s domain.

2. SUBSCRIPTION

2.1. General. Subject to the terms and conditions of this Agreement and the Order Form, including the Subscription Scope, Company grants Customer a limited, worldwide, non-exclusive, non-assignable, non-sublicensable, revocable, non-transferable right and license, during the Subscription Term, to access and use the Software solely for Customer’s internal end-use (collectively, the “Subscription”).  This Agreement commences on the Effective Date and, unless terminated in accordance herewith, shall continue in full force and effect until all Order Forms have expired and/or as long as the User continues to use the Software. This Agreement commences on the Effective Date and, unless terminated in accordance herewith, shall continue in full force and effect until all Order Forms have expired and/or as long as the Customer continues to use the Software. Customer acknowledges and agrees that a Channel Partner is not authorized to make any promises or commitments on Company’s behalf, and Company is not bound by any obligations to Customer or any terms or conditions set forth on any ordering document, other than as set forth in this Agreement and the Order Form.

2.2. Account Setup. Subject to Customer’s compliance with its obligations hereunder, following the Start Date (as defined in the Order Form), Company will perform the initial Software setup activities (to the extent applicable), as further described in Schedule A (the “Initial Setup”). Customer shall fully cooperate with Company in such efforts, and shall provide Company with all information, access and other resources necessary to achieve the Initial Setup. Furthermore, the Customer shall be responsible for making any changes or additions to its current systems, software, and hardware that may be required to support operation of the Software. Following Initial Setup, in order to access the Software, Customer is required to set up an administrative account with Company, by submitting the information requested in the applicable Software interface (“Account”), and each User may need to set up a user account (each, a “User Account”, and references herein to the “Account” shall be deemed to include all such User Accounts if applicable). Customer represents and warrants that all information submitted during the Initial Setup process, including without limitation Asset Validation (defined below), is, and will thereafter remain, complete and accurate, and acknowledges that Company will rely on Customer’s Asset Validation in connection with Company’s provision of the Software. Customer will indemnify and hold harmless Company from any liabilities, damages, and expenses, including reasonable attorney’s fees and costs incurred by Company, arising out of or resulting from inaccuracies in Asset Validation submitted by Customer. Customer shall be responsible and liable for all activities that occur under or in the Account. Customer will require that all Users keep user ID and password information strictly confidential and not share such information with any unauthorized person.

2.3. Customer Affiliates Usage. Customer Affiliate shall have the right to order Software services under this Agreement covering its own needs by executing an Order Form. In such case, the Affiliate executing such Order Form shall be deemed the Customer pursuant to this Agreement and shall be solely responsible and liable for its actions or omissions under this Agreement.

2.4. Hosting. The Software will be hosted by a third party hosting services provider (currently, AWS) selected by Company (“Hosting Provider”), and accordingly the availability of the Software shall be in accordance with the Hosting Provider’s then-current uptime commitments. Company shall make best efforts to notify Customer in writing if, and when, Company engages a new Hosting Provider under this Agreement.

2.5. Restrictions. As a condition to the Subscription, and except as expressly permitted otherwise under this Agreement, Customer shall not do (or permit or encourage to be done) any of the following license restrictions (in whole or in part): (a) copy, “frame” or “mirror” the Software; (b) sell, assign, transfer, lease, rent, sublicense, or otherwise distribute or make available the Software to any third party (such as offering it as part of a time-sharing, outsourcing or service bureau environment); (c) publicly perform, display or communicate the Software; (d) modify, alter, adapt, arrange, or translate the Software; (e) decompile, disassemble, decrypt, reverse engineer, extract, or otherwise attempt to discover the source code or non-literal aspects (such as the underlying structure, sequence, organization, file formats, non-public APIs, ideas, or algorithms) of, the Software; (f) remove, alter, or conceal any copyright, trademark, or other proprietary rights notices displayed on or in the Software; (g) circumvent, disable or otherwise interfere with security-related or technical features or protocols of the Software; (h) make a derivative work of the Software, or use it to develop any service or product that is the same as (or substantially similar to) it; (i) store or transmit any robot, malware, Trojan horse, spyware, or similar malicious item intended (or that has the potential) to damage or disrupt the Software; (j) employ any hardware, software, device, or technique to pool connections or reduce the number of licenses, servers, nodes, or Users that directly access or use the Software (sometimes referred to as ‘virtualization’, ‘multiplexing’ or ‘pooling’) in order to circumvent the Subscription Scope; (k) forge or manipulate identifiers in order to disguise the origin of any data or content inputted or uploaded to, or transmitted through, the Software by Customer; or (l) take any action that imposes or may impose (as determined in Company’s reasonable discretion) an unreasonable or disproportionately large load on the servers, network, bandwidth, or other cloud infrastructure which operate or support the Software, or otherwise systematically abuse or disrupt the integrity of such servers, network, bandwidth, or infrastructure.

2.6. Reservation of Rights. For the avoidance of doubt, the Software (including any software made available hereunder) is only licensed, and no title in or to the Software (or such software) passes to Customer. Any rights not expressly granted herein are hereby reserved by Company and its licensors, and, except for the Subscription, Customer is granted no other right or license to the Software, whether by implied license, estoppel, exhaustion, operation of law, or otherwise.

3. SUPPORT SERVICES.

3.1. During the Subscription Term, and subject to Customer’s payment of the Fees, Company shall provide its then current, standard Software technical support and maintenance services (“Support Services”), as described in the Order Form. The Support Services (in whole or in part) may be performed by Company, a Channel Partner and/or Company-certified third party service providers, and Company shall remain primarily responsible for such service providers’ performance of the Support Services.

3.2. As part of Support Services, Company may, from time to time, modify and replace the Features (but not material functionalities, unless it improves the material functionality) and user interface of the Software.

4. PAYMENT

4.1. Subscription Fees. Customer shall pay Company the Subscription fees (the “Subscription Fees”) and any other fees or charges specified in the Order Form (together, the “Fees”).

4.2. General. Unless expressly stated otherwise in the Order Form: (a) all Fees are stated, and are to be paid, in US Dollars; (b) all payments under this Agreement are non-refundable, and are without any right of set-off or cancellation; (c) all Fees are payable, and shall be invoiced, in advance, and shall be paid within ten (10) days of Company’s issuance of invoice; and (d) any amount not paid when due will accrue interest on a daily basis until paid in full, at the lesser of the rate of one and a half percent (1.5%) per month and the highest amount permitted by applicable law.

4.3. Suspension. Without affecting any of Customer’s obligations under the Agreement (including, any payment obligations under an Order Form) and without limiting any other rights that may be available to Company under the Agreement, Company reserves the right to suspend or cease provision of the Software: (a) if Customer and/or Channel Partner (as applicable) is fifteen (15) is seven (7) days or more overdue on a payment; (c) if Company deems such suspension or cessation necessary as a result of Customer’s breach under Section ‎2.5 (Restrictions); (c) if Company reasonably determines suspension or cessation is necessary to avoid material harm to Company, to its other customers, or to the Software, including if the Software’s cloud infrastructure is experiencing denial of service attacks or other attacks or disruptions outside of Company’s control, or (d) as required by law or at the request of governmental entities.

4.4. Taxes. Amounts payable under this Agreement are exclusive of all applicable sales, use, consumption, VAT, GST, and other taxes, duties or governmental charges, except for taxes based upon Company’ net income. In the event that Customer is required by any law applicable to it to withhold or deduct taxes for any payment under this Agreement, then the amounts due to Company shall be increased by the amount necessary so that Company receives and retains, free from liability for any deduction or withholding, an amount equal to the amount it would have received had Customer not made any such withholding or deduction. If a purchase order (or purchase order number) is required by Customer in order for an invoice to be paid, then Customer (or, if applicable, Channel Partner) shall promptly provide such purchase order (or number) to Company. Any terms or conditions (whether printed, hyperlinked, or otherwise) in a purchase order or related correspondence, which purport to modify or supplement this Agreement (or the corresponding Order Form), shall be void and of no effect.

5. OWNERSHIP. Company (and/or its licensors, as applicable) is, and shall be, the sole and exclusive owner of all right, title and interest (including without limitation all Intellectual Property Rights) in and to:

(a) the Software and all related intellectual property (such as content appearing therein);
(b) its Confidential Information;
(c) any non-Customer-identifying information, data, reporting, suggestions, analyses, and/or intelligence relating to the operation, support, and/or Customer’s use, of the Software (such as metadata, aggregated data, analytics, security findings or discoveries, etc.) (collectively, “Output”)
(d) any feedback, suggestions, or ideas for or about the Software (collectively, “Feedback”); and
(e) any and all improvements, derivative works, and/or modifications of/to any of the foregoing, regardless of inventorship or authorship.
(all together, the “Company Materials”).

Customer shall make, and hereby irrevocably makes, all assignments and/or waivers necessary or reasonably requested by Company to ensure and/or provide Company (and/or its designee(s)) the ownership rights set forth in this paragraph.

6. PRIVACY. To the extent any Customer Data is deemed Personal Data (as such term is defined under the EU General Data Protection Regulation 2016/679 (“GDPR”) and/or Personal Information (as such term is defined under the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. (the “CCPA”) and is subject to the GDPR and/or CCPA, respectively, the terms and conditions set forth in the Data Processing Addendum (“DPA”) available at https://pentera.io/resources/data-sheets/pentera-data-processing-agreement/ shall apply to the use and processing of such Personal Data and shall be deemed incorporated by reference into this Agreement.

7. CONFIDENTIALITY. Each Party (the “Recipient”) may have access to certain non-public or proprietary information and materials of the other Party (the “Discloser”), whether in tangible or intangible form (“Confidential Information”). Confidential Information shall not include information and material which: (a) at the time of disclosure by Discloser to Recipient hereunder, is in the public domain; (b) after disclosure by Discloser to Recipient hereunder, becomes part of the public domain through no fault of the Recipient; (c) was rightfully in the Recipient’s possession at the time of disclosure by the Discloser hereunder, and which is not subject to prior continuing obligations of confidentiality; (d) is rightfully disclosed to the Recipient by a third party having the lawful right to do so; or (e) independently developed by the Recipient without use of, or reliance upon, Confidential Information received from the Discloser. The Recipient shall not disclose or make available the Discloser’s Confidential Information to any third party (including without limitation by way of publishing), except to its employees, contractors, advisers, agents and investors, subject to substantially similar written confidentiality undertakings). Recipient shall take commercially reasonable measures, at a level at least as protective as those taken to protect its own Confidential Information of like nature (but in no event less than a reasonable level), to protect the Discloser’s Confidential Information within its possession or control, from disclosure to a third party. The Recipient shall use the Discloser’s Confidential Information solely for the purposes expressly permitted under this Agreement. In the event that Recipient is required to disclose Confidential Information of the Discloser pursuant to any Law, regulation, or governmental or judicial order, the Recipient will (a) promptly notify Discloser in writing of such Law, regulation or order, (b) reasonably cooperate with Discloser in opposing such disclosure, (c) only disclose to the extent required by such law, regulation or order (as the case may be). Upon termination of this Agreement, or otherwise upon written request by the Discloser, the Recipient shall promptly return to Discloser its Confidential Information (or if embodied electronically, permanently erase it), and certify compliance writing.

Notwithstanding anything in this Agreement to the contrary, the pricing and payment terms under the Order Form are confidential to Company, and Customer shall not disclose such Confidential Information to any third party (except its accountants and lawyers), without Company’ prior express written consent.

8. DISCLAIMERS. THE SOFTWARE, SERVICES, OUTPUT, AS WELL AS ANY OTHER GOODS AND SERVICES PROVIDED OR MADE AVAILABLE BY COMPANY OR ITS AFFILIATES HEREUNDER (COLLECTIVELY, THE “COMPANY MATERIALS”) ARE PROVIDED AND MADE AVAILABLE ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITH ALL DEFECTS. ALL ACCESS TO, USE OF, AND RELIANCE UPON, COMPANY MATERIALS IS AT CUSTOMER’S SOLE RISK (AND ACCORDINGLY CUSTOMER AGREES NOT TO USE OR RELY UPON THE COMPANY MATERIALS AS A SUBSTITUTE FOR PROFESSIONAL ADVICE).
ALL EXPRESS, IMPLIED AND STATUTORY CONDITIONS AND WARRANTIES (INCLUDING WITHOUT LIMITATION ANY IMPLIED CONDITIONS OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET POSSESSION, NON-INFRINGEMENT, OR QUALITY OF SERVICE, OR THAT OTHERWISE ARISE FROM A COURSE OF PERFORMANCE OR USAGE OF TRADE) ARE HEREBY DISCLAIMED BY COMPANY AND ITS LICENSORS. COMPANY DOES NOT MAKE ANY REPRESENTATION, WARRANTY, GUARANTEE OR CONDITION: (A) REGARDING THE EFFECTIVENESS, USEFULNESS, RELIABILITY, TIMELINESS, COMPLETENESS, OR QUALITY OF COMPANY MATERIALS; (B) THAT CUSTOMER’S USE OF COMPANY MATERIALS WILL BE UNINTERRUPTED, SECURE OR ERROR-FREE; (C) REGARDING THE OPERATION OF ANY CELLULAR NETWORKS, THE PASSING OR TRANSMISSION OF DATA VIA ANY NETWORKS OR THE CLOUD, OR ANY OTHER CELLULAR OR DATA CONNECTIVITY PROBLEMS; OR (D) REGARDING THE SATISFACTION OF, OR COMPLIANCE WITH, ANY LAWS, REGULATIONS, OR OTHER GOVERNMENT OR INDUSTRY RULES OR STANDARDS. COMPANY WILL NOT BE LIABLE OR OBLIGATED IN RESPECT OF DELAYS, INTERRUPTIONS, SERVICE FAILURES OR OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS OR FOR ISSUES RELATED TO PUBLIC NETWORKS OR HOSTING PROVIDERS.

9. LIMITATION OF LIABILITY

9.1. IN NO EVENT SHALL EITHER PARTY OR ITS DIRECTORS, OFFICERS, AFFILIATES OR AGENTS BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL OR PUNITIVE DAMAGES OR ANY LOSS OF PROFITS, BUSINESS, OPPORTUNITY OR REVENUE OR ANY LOSS OF, OR DAMAGE TO, DATA, INFORMATION SYSTEMS, REPUTATION, OR GOODWILL ARISING OUT OF, OR RELATING TO, THE SERVICES OR THE ARRANGEMENTS CONTEMPLATED HEREIN AND/OR THE COST OF PROCURING ANY SUBSTITUTE GOODS OR SERVICES. IN ANY EVENT, COMPANY’S ENTIRE, AGGREGATE LIABILITY FOR THE PROVISION OF THE SERVICES OR UNDER ANY PROVISION OF THIS AGREEMENT SHALL NOT EXCEED THE AMOUNT OF PAYMENT RECEIVED BY COMPANY FROM CUSTOMER (OR, IF APPLICABLE, FROM CHANNEL PARTNER) IN THE TWELVE (12) MONTHS PRECEDING THE APPLICABLE CLAIM.

9.2. THE FOREGOING EXCLUSIONS AND LIMITATION SHALL APPLY: (A) TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW; (B) EVEN IF A PARTY HAS BEEN ADVISED, OR SHOULD HAVE BEEN AWARE, OF THE POSSIBILITY OF LOSSES, DAMAGES, OR COSTS; (C) EVEN IF ANY REMEDY IN THIS AGREEMENT FAILS OF ITS ESSENTIAL PURPOSE; AND (D) REGARDLESS OF THE THEORY OR BASIS OF LIABILITY, AND WHETHER IN CONTRACT, TORT (INCLUDING WITHOUT LIMITATION FOR NEGLIGENCE OR BREACH OF STATUTORY DUTY), MISREPRESENTATION, RESTITUTION, OR OTHERWISE.

10. INDEMNIFICATION

10.1. In the event a third party makes or institutes any claim, action, or proceeding against Customer alleging that Customer’s authorized access and use of the Software infringes such third party’s copyright or patent (an “Infringement Claim”), Company shall: (a) at its own expense, defend Customer against the Infringement Claim; and (b) indemnify and hold harmless Customer for any amount finally awarded against or imposed upon Customer (or otherwise agreed in settlement) under the Infringement Claim. As a condition to the foregoing, Customer agrees: (A) to provide Company with prompt written notice of the Infringement Claim; (B) to cede to Company full control of the defense and settlement of the Infringement Claim (except that any non-monetary obligation imposed on Customer under a settlement shall require Customer’s prior written consent, not to be unreasonably withheld, conditioned or delayed); (C) to provide Company with all information and assistance reasonably requested by Company; and (D) not to admit any liability under (or otherwise compromise the defense of) the Infringement Claim. Customer may participate in the defense of the Infringement Claim at Customer’s own cost and expense.

10.2. Company will have no liability under this Section (Indemnification) to the extent that the Infringement Claim is based on or results from: (i) a modification to the Software not made by Company; (ii) the combination of the Software with any third party product or service; and/or (iii) any Customer instructions or specifications.

10.3. Should the Software (in whole or in part) become, or in Company’s opinion be likely to become, the subject of an Infringement Claim, then Customer permits Company, at Company’s option and expense, to either: (x) obtain for Customer the right to continue using the Software (or part thereof); or (y) replace or modify the Software (or part thereof) so that it’s use hereunder becomes non-infringing; provided, however, that if (x) and (y) are not, in Company’s opinion, commercially feasible, Company may terminate this Agreement upon written notice to Customer, and Customer (or, if applicable, Channel Partner) shall be entitled to receive a pro-rated refund of any prepaid and unutilized Subscription Fees hereunder based on the remainder of the then-current Subscription Term. Under no circumstances shall Company be required to refund more than it actually received from a Channel Partner.

10.4. This Section represents Company’s sole liability, and Customer’s sole remedy, for any Infringement Claim. Company’s combined aggregate liability under this Section (Indemnification) shall not exceed three (3) times the amounts actually paid by Customer (or, if applicable, by Channel Partner) to Company under this Agreement.

11. TERM AND TERMINATION

11.1. Term. This Agreement commences on the Effective Date and, unless terminated in accordance herewith, shall continue in full force and effect until all Order Forms have expired. Each Subscription Term under an Order Form shall commence on the Start Date and end on the End Date specified in the Order Form (the “Initial Subscription Term”), unless earlier terminated or renewed pursuant to the terms of the Agreement. Unless otherwise agreed in an Order Form, the Order Form shall automatically renew for successive periods identical to the Initial Subscription Term or one year (whichever is longer) (each, a “Renewal Subscription Term”, and together with the Initial Subscription Term, the “Term”), unless either Party notifies the other Party in writing of its intent not to renew the Order Form, not less than sixty (60) days prior to the expiration of the then-current Subscription Term. Except if otherwise specified in an Order Form, in case of auto-renewal, the Subscription Fees during any Renewal Subscription Term may be increased by up to seven (7) percent of the applicable fees in the immediately preceding Subscription Term.

11.2. Termination for Breach. Each Party may terminate this Agreement immediately upon written notice to the other Party if the other Party commits a material breach under this Agreement and, if curable, fails to cure that breach within sixty (60) days after receipt of written notice specifying the material breach (except that for payment defaults, such cure period will be seven (7) days).

11.3. Termination for Insolvency. Each Party may terminate this Agreement upon written notice to the other Party upon the occurrence of any of the following events in respect of such other Party: (a) a receiver is appointed for the other Party or its property, which appointment is not dismissed within sixty (60) days; (b) the other Party makes a general assignment for the benefit of its creditors; (c) the other Party commences, or has commenced against it, proceedings under any bankruptcy, insolvency or debtor’s relief Law, which proceedings are not dismissed within sixty (60) days; or (d) the other Party is liquidating, dissolving or ceasing normal business operations.

11.4. Effect of Termination; Survival. Upon termination of this Agreement for any reason: (a) the Subscription shall automatically terminate, (b) Customer shall cease all access and use of the Software thereunder, and (c) Customer shall (as directed) permanently erase and/or return all Confidential Information of Company in Customer’s possession or control. Following termination, all outstanding Fees and other charges that accrued as of termination, will become immediately due and payable, and if necessary Company shall issue a final invoice therefor. All fees due under an Order Form are non-cancellable and non-refundable except in the case of termination by Company pursuant to Section ‎10.3 or termination by Company pursuant to Section ‎11.3 (Termination for Insolvency), in which case Customer (or, if applicable, Channel Partner) shall be entitled to a pro-rated refund of any prepaid and unutilized Subscription Fees based on the remainder of the then-current Subscription Term. Sections ‎5 (Ownership) through ‎12 (Miscellaneous) shall survive termination of this Agreement and any Order Form, as shall any right, obligation or provision that is expressly stated to so survive or that ought by its nature to survive. Termination shall not affect any rights and obligations accrued as of the effective date of termination.

12. MISCELLANEOUS

12.1. Entire Agreement and Amendments. This Agreement (and its annexes) represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings and statements by the Parties with respect to such subject matter. In entering into this Agreement, neither Party is relying on any representation or statement not expressly specified in this Agreement. Any language or provisions contained in the Parties’ electronic communications, ordering documents, packaging or specifications, or contained in any of the Parties’ “shrinkwrap,” “clickwrap,” “browsewrap” agreements, whether or not different from, or in addition to, the terms of this Agreement, shall be void and of no effect. This Agreement may only be amended by a written instrument duly signed by each Party. The section and subsection headings used in this Agreement are for convenience only. This Agreement may be executed in counterparts each of which will be considered an original, but all of which together will constitute one and the same instrument.

12.2. Assignment. This Agreement may not be assigned, in whole or in part, by either Party without the prior express written consent of the other Party; except, however, that either Party may, upon written notice, assign this Agreement in whole to: (A) an Affiliate; or (B) a successor in connection with a merger, consolidation, or acquisition of all or substantially all of the assigning Party’s assets or business relating to this Agreement. Any prohibited assignment will be null and void. Subject to the provisions of this Section (Assignment), this Agreement will bind and benefit each Party and its respective successors and assigns. Furthermore, any Company obligation hereunder may be performed (in whole or in part), and any Company right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Company.

12.3. Company Contracting Entity and Governing Law. The Pentera entity entering into the Agreement shall be the entity stated in the Order Form.  The law that will govern the Agreement and that will apply in the event of any dispute or lawsuit arising out of or in connection with the Agreement, including any question regarding its existence, validity or termination, and the competent courts that have exclusive jurisdiction over any such dispute or lawsuit, depends on the Company entity stated in the Order Form, as follows: 

Pentera entity entering into this Agreement

Pentera entity address

Governing Law

Courts with exclusive jurisdiction

Pentera Security Inc.

 200 Summit Drive, Burlington, Massachusetts, 01803, USA

New York, USA

New York City, New York, USA

Pentera Security GmbH

Chilehaus A, Fischertwiete 2, 20095 Hamburg, Germany

England and Wales

London, England

Pentera Security UK Ltd.

35 Ballards Lane, London N3 1XW, United Kingdom

England and Wales

London, England

Pentera Security SG Pte. Ltd.

 DUO Tower, 3 Fraser Street Level 08, Singapore 189352, Singapore

England and Wales

London, England

Pentera Security Ltd.

94 Em Hamoshavot road, Petah Tikva,4970602, Israel

Israel

Tel Aviv-Jaffa, Israel

Pentera Security Gulf FZ-LLC

DMC-BLD05-DQ-F02-019, Building 05, Dubai Media City, Dubai, UAE

England and Wales

London, England

The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement.

12.4. NO JURY TRIALS. EACH PARTY IRREVOCABLY WAIVES ITS RIGHT TO TRIAL OF ANY ISSUE BY JURY. EXCEPT TO SEEK EQUITABLE RELIEF, OR TO OTHERWISE PROTECT OR ENFORCE A PARTY’S INTELLECTUAL PROPERTY RIGHTS OR CONFIDENTIALITY OBLIGATIONS, NO ACTION, REGARDLESS OF FORM, UNDER THIS AGREEMENT MAY BE BROUGHT BY EITHER PARTY MORE THAN ONE (1) YEAR AFTER THE DATE ON WHICH THE CORRESPONDING LIABILITY AROSE.

12.5. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be illegal, invalid or unenforceable, then: (a) the remaining provisions of this Agreement shall remain in full force and effect; and (b) such provision will be ineffective solely as to such jurisdiction (and only to the extent and for the duration of such illegality, invalidity or unenforceability), and will be substituted (in respect of such jurisdiction) with a valid, legal and enforceable provision that most closely approximates the original legal intent and economic impact of such provision.

12.6. Publicity. Customer agrees that Company may refer to Customer as a customer of Company, including by displaying Customer’s name and logo on Company’s website and in its promotional materials.

12.7. Waiver and Remedies. No failure or delay on the part of either Party in exercising any right or remedy hereunder will operate as a waiver thereof, nor will any single or partial exercise of any such right or remedy preclude any other or further exercise thereof, or the exercise of any other right or remedy. Any waiver granted hereunder must be in writing, duly signed by the waiving Party, and will be valid only in the specific instance in which given. Except as may be expressly provided otherwise in this Agreement, no right or remedy conferred upon or reserved by either Party under this Agreement is intended to be, or will be deemed, exclusive of any other right or remedy under this Agreement, at law, or in equity, but will be cumulative of such other rights and remedies.

12.8. Relationship. The relationship of the Parties is solely that of independent contractors, neither Party nor its employees are the servants, agents, or employees of the other, and no exclusivities arise out of this Agreement. Nothing in this Agreement shall be construed to create a relationship of employer and employee, principal and agent, joint venture, partnership, association, or otherwise between the Parties. Neither Party has any authority to enter into agreements of any kind on behalf of the other Party and neither Party will create or attempt to create any obligation, express or implied, on behalf of the other Party.

12.9. Force Majeure. Except for payment obligations of amounts due under this Agreement, neither Party will be responsible for failure or delay of performance if caused by natural hazards, pandemic or epidemic (or similar regional health crisis), act of God, strikes, lockouts, war, military operation, terrorism, riot, or civil commotion and/or any matter beyond the reasonable control of the affected Party (a “Force Majeure Event”). Each party will use reasonable efforts to mitigate the effect of a Force Majeure Event.

12.10. Notices. All notices or other communications provided for in connection with this Agreement shall be in writing and shall be given in person, by courier, by facsimile, email, or by registered or certified mail, postage prepaid, addressed as set forth above. All notices and other communications delivered in person or by courier service shall be deemed to have been given as of one business day after sending thereof, those given by facsimile transmission with confirmation or receipt shall be deemed to have been given as of the date of transmission thereof (provided that such date is a business day in the country of receipt and if not, the next business day), and all notices and other communications sent by registered mail shall be deemed given three (3) days after posting. Notices sent by email shall be deemed received upon receipt of such email.

12.11. Export Compliance. Customer represents and warrants that: (a) it is not a resident of (or will use the Software or such documentation in) a country that the U.S. government has embargoed for use of the Software or such documentation, nor is an entity named on the U.S. Treasury Department’s list of Specially Designated Nationals or any other applicable trade sanctioning regulations of any jurisdiction; and (b) its country of residence and/or incorporation (as applicable) is the same as the country specified in the contact and/or billing address provided to Company. Customer shall not transfer, export, re-export, import, re-import or divert the Software or such documentation in violation of any export or re-export control laws and regulations (such as the United States’ ITAR, EAR, and OFAC regulations), as well as any applicable import and use restrictions, all as then in effect, and shall not transfer, export, re-export, import, re-import or divert any the Software or such documentation (in whole or in part) to any prohibited country without obtaining authorizations and/or licenses from the applicable government authorities, including without limitation to Lebanon, Syria, Iran, Iraq, Sudan, Yemen, Cuba, Russia, Belarus, Crimean Peninsula, Luhansk People’s Republic, Donetsk People’s Republic or North Korea (or other countries specifically designated in writing by Company from time to time).

SCHEDULE A

SOFTWARE AND INITIAL SETUP

The Software is designed to help customers validate their organization’s cyber defenses, protect their external-facing digital assets, and continuously monitor the exposure of their attack surface.

An attack surface is any external-facing asset that an attacker could discover, attack, or use to gain a foothold into an environment. It comprises all internet-accessible assets (hardware, software, etc.) that a potential attacker can discover internet-accessible assets (hardware, software, etc.) that are discoverable by a potential attacker.

The validation of the attack surface includes two main stages:

1. Discovery:
– Asset inventory discovery
– Asset enumeration
– Vulnerability assessment

The Company performs a comprehensive inventory count of the internet-facing assets of the Customer organization to identify the Customer assets that are associated with its organization. Once an initial list is created, the Customer must reexamine the assets and approve the list to validate the fact that these assets belong to the Customer organization and to make sure that any asset the Customer chooses to test through the Software belongs to the Customer organization (“Asset Validation”). Assets for which the Customer declined ownership will be excluded from the account.

First, Pentera Surface maps the attack surface of the Customer’s organization by discovering the assets related to an account and exposed to the world wide web. This process involves categorizing the Customer’s assets by types, such as databases, servers, routers, or switches. The Customer can decline or confirm ownership of any asset at any point.

2. Exploitation:
– Each Pentera Surface test provides the Customer with results that demonstrate whether the Customer’s attack surface is exposed to attack or validates that it is protected against attack.
– Pentera Surface maps and discovers the attack surface and prioritizes to the Customer the most critical vulnerabilities and assets that might be targeted by potential attackers and by doing so, allow the Customer to remediate and take action to reduce the organizational risk.
– Pentera Surface may also help customers validate if the vulnerability identified in their assets can be exploited by an attacker and determine its impact. The customer must reexamine and approve any ethical hacking or ethical exploitation performed by Pentera Surface as part of its testing prior to such initiation of the testing.