October 24, 2023
Version 3.0
Last Updated: October 2023
THESE END USER LICENSE TERMS AND CONDITIONS (the “Agreement”) CONSTITUTE A BINDING AGREEMENT BETWEEN THE PENTERA ENTITY (“Company”) AND THE END USER CUSTOMER ENTITY (“Customer”), EACH AS SPECIFIED IN THE ORDER FORM TO WHICH THIS AGREEMENT RELATES, WHICH ORDER FORM, ONCE ACCEPTED BY COMPANY, IS HEREBY INCORPORATED INTO, AND MADE A PART OF, THIS AGREEMENT BY REFERENCE. Company and User may be collectively referred to herein as the “Parties”, and each individually as a “Party”.
IF USER HAS AN EXISTING AGREEMENT IN EFFECT WITH COMPANY FOR THE LICENSE OF SOFTWARE OR SOFTWARE SERVICES (AN “EXISTING AGREEMENT“), THEN THE PARTIES AGREE THAT THE ORDER FORM SHALL BE GOVERNED BY, AND DEEMED INCORPORATED INTO AND MADE A PART OF, THE EXISTING AGREEMENT (AND NOT THIS AGREEMENT), IN WHICH CASE, THE FOLLOWING TERMS AND CONDITIONS SHALL NOT APPLY.
1. DEFINITIONS. The following capitalized terms have the meanings set forth below:
“Affiliate” means, with respect to either Party, any entity that, directly or indirectly, controls, is controlled by, or is under common control with a party to this Agreement, where control means the power to direct the affairs or management of such entity, whether through the ownership of more than fifty percent (50%) of the voting securities, by contract, as trustee or executor.
“Channel Partner” means a Company authorized distributor, reseller, or other channel partner for the Software.
“Customer Data” means any data or information inputted or uploaded to the Software by or on behalf of Customer, or otherwise integrated with the Software via an API, or data belonging to Customer’s applications within the environment in which the Software is installed (such as, application ‘metadata’).
“Feature” means any module, tool, functionality, or feature of the Software.
“Intellectual Property Rights” means any and all rights, titles, and interests (under any jurisdiction or treaty, whether protectable or not, and whether registered or unregistered) in and to any technology, invention, work of authorship, software, database, data, know-how, software, design, and/or other intellectual property, and includes but is not limited to patents, copyrights and similar authorship rights, moral (and similar personal) rights, mask work rights, data and database rights, trade secret rights and similar rights in confidential information and other non-public information, design rights, industrial property rights, trademark, service mark, trade name, trade dress and similar branding rights, as well as: (i) all applications, registrations, renewals, reexaminations, extensions, continuations, continuations-in-part, provisionals, substitutions, divisions or reissues of or for the foregoing; and (ii) all goodwill associated with the foregoing.
“Order Form” means the order form, including any purchase order, for the Software services.
“Software” means Company’s software as a service solution described in Schedule A.
“Subscription Scope” means any Software usage and/or consumption limitations and parameters (for example, as to volume of Users, domains and assets, notifications, API access, Features, duration) set forth in the Order Form.
“Subscription Term” means the Software subscription period specified in the Order Form.
“Users” means an employee of Customer (or its Affiliates, as permitted hereunder) authorized to access and use the Software, whose email address is associated with the Customer’s domain.
2. SUBSCRIPTION
2.1. General. Subject to the terms and conditions of this Agreement and the Order Form, including the Subscription Scope, Company grants Customer a limited, worldwide, non-exclusive, non-assignable (except as provided in Section 13.2 (Assignment) below), non-sublicensable, non-transferable right and license, during the Subscription Term, to access and use the Software solely for Customer’s internal end-use (collectively, the “Subscription”).
2.2. Account Setup. Commencing promptly following the Start Date (as defined in the Order Form), Company shall perform the initial Software setup activities (to the extent applicable), as further described in Schedule A (the “Initial Setup”). Customer shall fully cooperate with Company in such efforts, and shall provide Company with all information, access and other resources necessary to achieve the Initial Setup. Furthermore, the Customer shall be responsible for making any changes or additions to its current systems, software, and hardware that may be required to support operation of the Software. Following Initial Setup, in order to access the Software, Customer is required to set up an administrative account with Company, by submitting the information requested in the applicable Software interface (“Account”), and each User may need to set up a user account (each, a “User Account”, and references herein to the “Account” shall be deemed to include all such User Accounts if applicable). Customer represents and warrants that all information submitted during the Initial Setup process, including without limitation Asset Validation (defined below), is, and will thereafter remain, complete and accurate, and acknowledges that Company will rely on Customer’s Asset Validation in connection with Company’s provision of the Software. Customer will indemnify and hold harmless Company from any liabilities, damages, and expenses, including reasonable attorney’s fees and costs incurred by Company, arising out of or resulting from inaccuracies in Asset Validation submitted by Customer. Customer shall be responsible and liable for all activities that occur under or in the Account. Customer will require that all Users keep user ID and password information strictly confidential and not share such information with any unauthorized person.
2.3. Customer Affiliates Usage. Customer Affiliate shall have the right to order Software services under this Agreement covering its own needs by executing an Order Form. In such case, the Affiliate executing such Order Form shall be deemed the Customer pursuant to this Agreement and shall be solely responsible and liable for its actions or omissions under this Agreement.
2.4. Hosting. The Software will be hosted by a third party hosting services provider (currently, AWS) selected by Company (“Hosting Provider”), and accordingly the availability of the Software shall be in accordance with the Hosting Provider’s then-current uptime commitments. Company shall make best efforts to notify Customer in writing if, and when, Company engages a new Hosting Provider under this Agreement.
2.5. Restrictions. As a condition to the Subscription, and except as expressly permitted otherwise under this Agreement, Customer shall not do (or permit or encourage to be done) any of the following license restrictions (in whole or in part): (a) copy, “frame” or “mirror” the Software; (b) sell, assign, transfer, lease, rent, sublicense, or otherwise distribute or make available the Software to any third party (such as offering it as part of a time-sharing, outsourcing or service bureau environment); (c) publicly perform, display or communicate the Software; (d) modify, alter, adapt, arrange, or translate the Software; (e) decompile, disassemble, decrypt, reverse engineer, extract, or otherwise attempt to discover the source code or non-literal aspects (such as the underlying structure, sequence, organization, file formats, non-public APIs, ideas, or algorithms) of, the Software; (f) remove, alter, or conceal any copyright, trademark, or other proprietary rights notices displayed on or in the Software; (g) circumvent, disable or otherwise interfere with security-related or technical features or protocols of the Software; (h) make a derivative work of the Software, or use it to develop any service or product that is the same as (or substantially similar to) it; (i) store or transmit any robot, malware, Trojan horse, spyware, or similar malicious item intended (or that has the potential) to damage or disrupt the Software; (j) employ any hardware, software, device, or technique to pool connections or reduce the number of licenses, servers, nodes, or Users that directly access or use the Software (sometimes referred to as ‘virtualization’, ‘multiplexing’ or ‘pooling’) in order to circumvent the Subscription Scope; (k) forge or manipulate identifiers in order to disguise the origin of any data or content inputted or uploaded to, or transmitted through, the Software by Customer; or (l) take any action that imposes or may impose (as determined in Company’s reasonable discretion) an unreasonable or disproportionately large load on the servers, network, bandwidth, or other cloud infrastructure which operate or support the Software, or otherwise systematically abuse or disrupt the integrity of such servers, network, bandwidth, or infrastructure.
2.6. Reservation of Rights. For the avoidance of doubt, the Software (including any software made available hereunder) is only licensed, and no title in or to the Software (or such software) passes to Customer. Any rights not expressly granted herein are hereby reserved by Company and its licensors, and, except for the Subscription, Customer is granted no other right or license to the Software, whether by implied license, estoppel, exhaustion, operation of law, or otherwise.
3. PURCHASES VIA CHANNEL PARTNERS. If Customer is purchasing the Subscription (and/or any related services) through a Channel Partner, then:
(a) the “Order Form” shall be the order issued by the Channel Partner to Company (the “Company-Channel Partner Order”), and the “Subscription Scope” shall be determined with reference to the Company-Channel Partner Order, and Company shall have no responsibility or liability for any discrepancy between the Subscription Scope under such Company-Channel Partner Order on the one hand, and the order issued by Customer to Channel Partner (the “Customer-Channel Partner Order”) on the other hand;
(b) instead of paying Company, Customer will pay the applicable amounts to the Channel Partner, as agreed between Customer and the Channel Partner;
(c) Company may suspend or terminate Customer’s Subscription if Company does not receive payment from the Channel Partner, as a result of Customer not paying the corresponding amount to the Channel Partner;
(d) if Customer is entitled to a refund under the terms and conditions of this Agreement, then, unless Company specifies otherwise, Company will refund any applicable fees to the Channel Partner (and under no circumstances shall Company be required to refund more than it received from the Channel Partner), and the Channel Partner alone will be responsible for refunding the appropriate amounts to Customer; and
(e) the Channel Partner is not authorized to make any promises or commitments on Company’ behalf, and Company is not bound by any obligations to Customer other than as set forth in this Agreement.
4. SUPPORT SERVICES.
4.1. During the Subscription Term, and subject to Customer’s payment of the Fees, Company shall provide its then current, standard Software technical support and maintenance services (“Support Services”), as described in the Order Form. The Support Services (in whole or in part) may be performed by Company, a Channel Partner and/or Company-certified third party service providers, and Company shall remain primarily responsible for such service providers’ performance of the Support Services.
4.2. As part of Support Services, Company may, from time to time, modify and replace the Features (but not material functionalities, unless it improves the material functionality) and user interface of the Software.
5. PAYMENT
5.1. Subscription Fees. Customer shall pay Company the Subscription fees (the “Subscription Fees”) and any other fees or charges specified in the Order Form (together, the “Fees”).
5.2. General. Unless expressly stated otherwise in the Order Form: (a) all Fees are stated, and are to be paid, in US Dollars; (b) all payments under this Agreement are non-refundable, and are without any right of set-off or cancellation; (c) all Fees are payable, and shall be invoiced, in advance, and shall be paid within ten (10) days of Company’s issuance of invoice; and (d) any amount not paid when due will accrue interest on a daily basis until paid in full, at the lesser of the rate of one and a half percent (1.5%) per month and the highest amount permitted by applicable law.
5.3. Suspension. Without affecting any of Customer’s obligations under the Agreement (including, any payment obligations under an Order Form) and without limiting any other rights that may be available to Company under the Agreement, Company reserves the right to suspend or cease provision of the Software: (a) if Customer is seven (7) days or more overdue on a payment; (c) if Company deems such suspension or cessation necessary as a result of Customer’s breach under Section 2.5 (Restrictions); (c) if Company reasonably determines suspension or cessation is necessary to avoid material harm to Company, to its other customers, or to the Software, including if the Software’s cloud infrastructure is experiencing denial of service attacks or other attacks or disruptions outside of Company’s control, or (d) as required by law or at the request of governmental entities.
5.4. Taxes. Amounts payable under this Agreement are exclusive of all applicable sales, use, consumption, VAT, GST, and other taxes, duties or governmental charges, except for taxes based upon Company’ net income. In the event that Customer is required by any law applicable to it to withhold or deduct taxes for any payment under this Agreement, then the amounts due to Company shall be increased by the amount necessary so that Company receives and retains, free from liability for any deduction or withholding, an amount equal to the amount it would have received had Customer not made any such withholding or deduction. If a purchase order (or purchase order number) is required by Customer in order for an invoice to be paid, then Customer shall promptly provide such purchase order (or number) to Company. Any terms or conditions (whether printed, hyperlinked, or otherwise) in a purchase order or related correspondence, which purport to modify or supplement this Agreement (or the corresponding Order Form), shall be void and of no effect.
6. OWNERSHIP. Company (and/or its licensors, as applicable) is, and shall be, the sole and exclusive owner of all right, title and interest (including without limitation all Intellectual Property Rights) in and to:
(a) the Software and all related intellectual property (such as content appearing therein);
(b) its Confidential Information;
(c) any non-Customer-identifying information, data, reporting, suggestions, analyses, and/or intelligence relating to the operation, support, and/or Customer’s use, of the Software (such as metadata, aggregated data, analytics, security findings or discoveries, etc.) (collectively, “Output”)
(d) any feedback, suggestions, or ideas for or about the Software (collectively, “Feedback”); and
(e) any and all improvements, derivative works, and/or modifications of/to any of the foregoing, regardless of inventorship or authorship.
(together, the “Company Materials”).
Customer shall make, and hereby irrevocably makes, all assignments and/or waivers necessary or reasonably requested by Company to ensure and/or provide Company (and/or its designee(s)) the ownership rights set forth in this paragraph.
7. PRIVACY. To the extent any Customer Data is deemed Personal Data (as such term is defined under the EU General Data Protection Regulation 2016/679 (“GDPR”) and/or Personal Information (as such term is defined under the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. (the “CCPA”) and is subject to the GDPR and/or CCPA, respectively, the terms and conditions set forth in the Data Processing Addendum (“DPA”) available at https://pentera.io/resources/data-sheets/pentera-data-processing-agreement/ shall apply to the use and processing of such Personal Data and shall be deemed incorporated by reference into this Agreement.
8. CONFIDENTIALITY. Each Party (the “Recipient”) may have access to certain non-public or proprietary information and materials of the other Party (the “Discloser”), whether in tangible or intangible form (“Confidential Information”). Confidential Information shall not include information and material which: (a) at the time of disclosure by Discloser to Recipient hereunder, is in the public domain; (b) after disclosure by Discloser to Recipient hereunder, becomes part of the public domain through no fault of the Recipient; (c) was rightfully in the Recipient’s possession at the time of disclosure by the Discloser hereunder, and which is not subject to prior continuing obligations of confidentiality; (d) is rightfully disclosed to the Recipient by a third party having the lawful right to do so; or (e) independently developed by the Recipient without use of, or reliance upon, Confidential Information received from the Discloser. The Recipient shall not disclose or make available the Discloser’s Confidential Information to any third party (including without limitation by way of publishing), except to its employees, contractors, advisers, agents and investors, subject to substantially similar written confidentiality undertakings). Recipient shall take commercially reasonable measures, at a level at least as protective as those taken to protect its own Confidential Information of like nature (but in no event less than a reasonable level), to protect the Discloser’s Confidential Information within its possession or control, from disclosure to a third party. The Recipient shall use the Discloser’s Confidential Information solely for the purposes expressly permitted under this Agreement. In the event that Recipient is required to disclose Confidential Information of the Discloser pursuant to any Law, regulation, or governmental or judicial order, the Recipient will (a) promptly notify Discloser in writing of such Law, regulation or order, (b) reasonably cooperate with Discloser in opposing such disclosure, (c) only disclose to the extent required by such law, regulation or order (as the case may be). Upon termination of this Agreement, or otherwise upon written request by the Discloser, the Recipient shall promptly return to Discloser its Confidential Information (or if embodied electronically, permanently erase it), and certify compliance writing.
Notwithstanding anything in this Agreement to the contrary, the pricing and payment terms under the Order Form are confidential to Company, and Customer shall not disclose such Confidential Information to any third party (except its accountants and lawyers), without Company’ prior express written consent.
9. DISCLAIMERS. THE SOFTWARE, SERVICES, OUTPUT, AS WELL AS ANY OTHER GOODS AND SERVICES PROVIDED OR MADE AVAILABLE BY COMPANY OR ITS AFFILIATES HEREUNDER (COLLECTIVELY, THE “COMPANY MATERIALS”) ARE PROVIDED AND MADE AVAILABLE ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITH ALL DEFECTS. ALL ACCESS TO, USE OF, AND RELIANCE UPON, COMPANY MATERIALS IS AT CUSTOMER’S SOLE RISK (AND ACCORDINGLY CUSTOMER AGREES NOT TO USE OR RELY UPON THE COMPANY MATERIALS AS A SUBSTITUTE FOR PROFESSIONAL ADVICE).
ALL EXPRESS, IMPLIED AND STATUTORY CONDITIONS AND WARRANTIES (INCLUDING WITHOUT LIMITATION ANY IMPLIED CONDITIONS OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET POSSESSION, NON-INFRINGEMENT, OR QUALITY OF SERVICE, OR THAT OTHERWISE ARISE FROM A COURSE OF PERFORMANCE OR USAGE OF TRADE) ARE HEREBY DISCLAIMED BY COMPANY AND ITS LICENSORS. COMPANY DOES NOT MAKE ANY REPRESENTATION, WARRANTY, GUARANTEE OR CONDITION: (A) REGARDING THE EFFECTIVENESS, USEFULNESS, RELIABILITY, TIMELINESS, COMPLETENESS, OR QUALITY OF COMPANY MATERIALS; (B) THAT CUSTOMER’S USE OF COMPANY MATERIALS WILL BE UNINTERRUPTED, SECURE OR ERROR-FREE; (C) REGARDING THE OPERATION OF ANY CELLULAR NETWORKS, THE PASSING OR TRANSMISSION OF DATA VIA ANY NETWORKS OR THE CLOUD, OR ANY OTHER CELLULAR OR DATA CONNECTIVITY PROBLEMS; OR (D) REGARDING THE SATISFACTION OF, OR COMPLIANCE WITH, ANY LAWS, REGULATIONS, OR OTHER GOVERNMENT OR INDUSTRY RULES OR STANDARDS. COMPANY WILL NOT BE LIABLE OR OBLIGATED IN RESPECT OF DELAYS, INTERRUPTIONS, SERVICE FAILURES OR OTHER PROBLEMS INHERENT IN USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS OR FOR ISSUES RELATED TO PUBLIC NETWORKS OR HOSTING PROVIDERS.
10. LIMITATION OF LIABILITY
10.1. IN NO EVENT SHALL EITHER PARTY OR ITS DIRECTORS, OFFICERS, AFFILIATES OR AGENTS BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL OR PUNITIVE DAMAGES OR ANY LOSS OF PROFITS, BUSINESS, OPPORTUNITY OR REVENUE OR ANY LOSS OF, OR DAMAGE TO, DATA, INFORMATION SYSTEMS, REPUTATION, OR GOODWILL ARISING OUT OF, OR RELATING TO, THE SERVICES OR THE ARRANGEMENTS CONTEMPLATED HEREIN AND/OR THE COST OF PROCURING ANY SUBSTITUTE GOODS OR SERVICES. IN ANY EVENT, COMPANY’S ENTIRE, AGGREGATE LIABILITY FOR THE PROVISION OF THE SERVICES OR UNDER ANY PROVISION OF THIS AGREEMENT SHALL NOT EXCEED THE AMOUNT OF PAYMENT RECEIVED BY COMPANY FROM CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE APPLICABLE CLAIM.
10.2. THE FOREGOING EXCLUSIONS AND LIMITATION SHALL APPLY: (A) TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW; (B) EVEN IF A PARTY HAS BEEN ADVISED, OR SHOULD HAVE BEEN AWARE, OF THE POSSIBILITY OF LOSSES, DAMAGES, OR COSTS; (C) EVEN IF ANY REMEDY IN THIS AGREEMENT FAILS OF ITS ESSENTIAL PURPOSE; AND (D) REGARDLESS OF THE THEORY OR BASIS OF LIABILITY, AND WHETHER IN CONTRACT, TORT (INCLUDING WITHOUT LIMITATION FOR NEGLIGENCE OR BREACH OF STATUTORY DUTY), MISREPRESENTATION, RESTITUTION, OR OTHERWISE.
11. INDEMNIFICATION
11.1. In the event a third party makes or institutes any claim, action, or proceeding against Customer alleging that Customer’s authorized access and use of the Software infringes such third party’s copyright or patent (an “Infringement Claim”), Company shall: (a) at its own expense, defend Customer against the Infringement Claim; and (b) indemnify and hold harmless Customer for any amount finally awarded against or imposed upon Customer (or otherwise agreed in settlement) under the Infringement Claim. As a condition to the foregoing, Customer agrees: (A) to provide Company with prompt written notice of the Infringement Claim; (B) to cede to Company full control of the defense and settlement of the Infringement Claim (except that any non-monetary obligation imposed on Customer under a settlement shall require Customer’s prior written consent, not to be unreasonably withheld, conditioned or delayed); (C) to provide Company with all information and assistance reasonably requested by Company; and (D) not to admit any liability under (or otherwise compromise the defense of) the Infringement Claim. Customer may participate in the defense of the Infringement Claim at Customer’s own cost and expense.
11.2. Company will have no liability under this Section (Indemnification) to the extent that the Infringement Claim is based on or results from: (i) a modification to the Software not made by Company; (ii) the combination of the Software with any third party product or service; and/or (iii) any Customer instructions or specifications.
11.3. Should the Software (in whole or in part) become, or in Company’s opinion be likely to become, the subject of an Infringement Claim, then Customer permits Company, at Company’s option and expense, to either: (x) obtain for Customer the right to continue using the Software (or part thereof); or (y) replace or modify the Software (or part thereof) so that it’s use hereunder becomes non-infringing; provided, however, that if (x) and (y) are not, in Company’s opinion, commercially feasible, Company may terminate this Agreement upon written notice to Customer, and Customer shall be entitled to receive a pro-rated refund of any prepaid and unutilized Subscription Fees hereunder based on the remainder of the then-current Subscription Term.
11.4. This Section represents Company’s sole liability, and Customer’s sole remedy, for any Infringement Claim. Company’s combined aggregate liability under this Section (Indemnification) shall not exceed three (3) times the amounts actually paid by Customer to Company under this Agreement.
12. TERM AND TERMINATION
12.1. Term. This Agreement commences on the Effective Date and, unless terminated in accordance herewith, shall continue in full force and effect until all Order Forms have expired. Each Subscription Term under an Order Form shall commence on the Start Date and end on the End Date specified in the Order Form (the “Initial Subscription Term”), unless earlier terminated or renewed pursuant to the terms of the Agreement. Unless otherwise agreed in an Order Form, the Order Form shall automatically renew for successive periods identical to the Initial Subscription Term or one year (whichever is longer) (each, a “Renewal Subscription Term”, and together with the Initial Subscription Term, the “Term”), unless either Party notifies the other Party in writing of its intent not to renew the Order Form, not less than sixty (60) days prior to the expiration of the then-current Subscription Term. Except if otherwise specified in an Order Form, in case of auto-renewal, the Subscription Fees during any Renewal Subscription Term may be increased by up to seven (7) percent of the applicable fees in the immediately preceding Subscription Term.
12.2. Termination for Breach. Each Party may terminate this Agreement immediately upon written notice to the other Party if the other Party commits a material breach under this Agreement and, if curable, fails to cure that breach within sixty (60) days after receipt of written notice specifying the material breach (except that for payment defaults, such cure period will be seven (7) days).
12.3. Termination for Insolvency. Each Party may terminate this Agreement upon written notice to the other Party upon the occurrence of any of the following events in respect of such other Party: (a) a receiver is appointed for the other Party or its property, which appointment is not dismissed within sixty (60) days; (b) the other Party makes a general assignment for the benefit of its creditors; (c) the other Party commences, or has commenced against it, proceedings under any bankruptcy, insolvency or debtor’s relief Law, which proceedings are not dismissed within sixty (60) days; or (d) the other Party is liquidating, dissolving or ceasing normal business operations.
12.4. Effect of Termination; Survival. Upon termination of this Agreement for any reason: (a) the Subscription shall automatically terminate, (b) Customer shall cease all access and use of the Software thereunder, and (c) Customer shall (as directed) permanently erase and/or return all Confidential Information of Company in Customer’s possession or control. Following termination, all outstanding Fees and other charges that accrued as of termination, will become immediately due and payable, and if necessary Company shall issue a final invoice therefor. All fees due under an Order Form are non-cancellable and non-refundable except in the case of termination by Company pursuant to Section 11.3 or termination by Company pursuant to Section 12.3 (Termination for Insolvency), in which case Customer shall be entitled to a pro-rated refund of any prepaid and unutilized Subscription Fees based on the remainder of the then-current Subscription Term. Sections 6 (Ownership) through 13 (Miscellaneous) shall survive termination of this Agreement and any Order Form, as shall any right, obligation or provision that is expressly stated to so survive or that ought by its nature to survive. Termination shall not affect any rights and obligations accrued as of the effective date of termination.
13. MISCELLANEOUS
13.1. Entire Agreement and Amendments. This Agreement (and its annexes) represents the entire agreement of the Parties with respect to the subject matter hereof, and supersedes and replaces all prior and contemporaneous oral or written understandings and statements by the Parties with respect to such subject matter. In entering into this Agreement, neither Party is relying on any representation or statement not expressly specified in this Agreement. This Agreement may only be amended by a written instrument duly signed by each Party. The section and subsection headings used in this Agreement are for convenience only. This Agreement may be executed in counterparts each of which will be considered an original, but all of which together will constitute one and the same instrument.
13.2. Assignment. This Agreement may not be assigned, in whole or in part, by either Party without the prior express written consent of the other Party; except, however, that either Party may, upon written notice, assign this Agreement in whole to: (A) an Affiliate; or (B) a successor in connection with a merger, consolidation, or acquisition of all or substantially all of the assigning Party’s assets or business relating to this Agreement. Any prohibited assignment will be null and void. Subject to the provisions of this Section (Assignment), this Agreement will bind and benefit each Party and its respective successors and assigns. Furthermore, any Company obligation hereunder may be performed (in whole or in part), and any Company right (including invoice and payment rights) or remedy may be exercised (in whole or in part), by an Affiliate of Company.
13.3. Company Contracting Entity and Governing Law. The Pentera entity entering into the Agreement shall be the entity stated in the Order Form. The law that will govern the Agreement and that will apply in the event of any dispute or lawsuit arising out of or in connection with the Agreement, including any question regarding its existence, validity or termination, and the competent courts that have exclusive jurisdiction over any such dispute or lawsuit, depends on the Company entity stated in the Order Form, as follows:
| Pentera entity entering into this Agreement | Pentera entity address | Governing Law | Courts with exclusive jurisdiction |
| Pentera Security Inc. | 200 Summit Drive, Burlington, Massachusetts, 01803, USA | New York, USA | New York City, New York, USA |
| Pentera Security GmbH | Chilehaus A, Fischertwiete 2, 20095 Hamburg, Germany | England and Wales | London, England |
| Pentera Security UK Ltd. | 35 Ballards Lane, London N3 1XW, United Kingdom | England and Wales | London, England |
| Pentera Security SG Pte. Ltd. | DUO Tower, 3 Fraser Street Level 08, Singapore 189352, Singapore | England and Wales | London, England |
| Pentera Security Ltd. | 94 Em Hamoshavot road, Petah Tikva,4970602, Israel | Israel | Tel Aviv-Jaffa, Israel |
The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement.
13.4. NO JURY TRIALS. EACH PARTY IRREVOCABLY WAIVES ITS RIGHT TO TRIAL OF ANY ISSUE BY JURY. EXCEPT TO SEEK EQUITABLE RELIEF, OR TO OTHERWISE PROTECT OR ENFORCE A PARTY’S INTELLECTUAL PROPERTY RIGHTS OR CONFIDENTIALITY OBLIGATIONS, NO ACTION, REGARDLESS OF FORM, UNDER THIS AGREEMENT MAY BE BROUGHT BY EITHER PARTY MORE THAN ONE (1) YEAR AFTER THE DATE ON WHICH THE CORRESPONDING LIABILITY AROSE.
13.5. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be illegal, invalid or unenforceable, then: (a) the remaining provisions of this Agreement shall remain in full force and effect; and (b) such provision will be ineffective solely as to such jurisdiction (and only to the extent and for the duration of such illegality, invalidity or unenforceability), and will be substituted (in respect of such jurisdiction) with a valid, legal and enforceable provision that most closely approximates the original legal intent and economic impact of such provision.
13.6. Publicity. Customer agrees that Company may refer to Customer as a customer of Company, including by displaying Customer’s name and logo on Company’s website and in its promotional materials.
13.7. Waiver and Remedies. No failure or delay on the part of either Party in exercising any right or remedy hereunder will operate as a waiver thereof, nor will any single or partial exercise of any such right or remedy preclude any other or further exercise thereof, or the exercise of any other right or remedy. Any waiver granted hereunder must be in writing, duly signed by the waiving Party, and will be valid only in the specific instance in which given. Except as may be expressly provided otherwise in this Agreement, no right or remedy conferred upon or reserved by either Party under this Agreement is intended to be, or will be deemed, exclusive of any other right or remedy under this Agreement, at law, or in equity, but will be cumulative of such other rights and remedies.
13.8. Relationship. The relationship of the Parties is solely that of independent contractors, neither Party nor its employees are the servants, agents, or employees of the other, and no exclusivities arise out of this Agreement. Nothing in this Agreement shall be construed to create a relationship of employer and employee, principal and agent, joint venture, partnership, association, or otherwise between the Parties. Neither Party has any authority to enter into agreements of any kind on behalf of the other Party and neither Party will create or attempt to create any obligation, express or implied, on behalf of the other Party.
13.9. Force Majeure. If any performance (excluding payment obligations) under this Agreement by either party is prevented, hindered, or delayed by reason of an event of Force Majeure (defined below), the party so affected shall be excused from such performance to the extent that, and for so long as, performance is prevented, interrupted, or delayed thereby, provided that such party so affected shall promptly notify the other party of the occurrence of such event. If and when performance is resumed, all dates specified in this Agreement and/or in any Order Forms or purchase orders accepted pursuant to this Agreement shall be automatically adjusted to reflect the period of such prevention, interruption, or delay by reason of such event of Force Majeure. For purposes of this Agreement, an event of Force Majeure shall be defined as: (a) fire, flood, earthquake, explosion, pandemic or epidemic (or similar regional health crisis), or act of God; (b) strikes, lockouts, picketing, concerted labor action, work stoppages, other labor or industrial disturbances, or shortages of materials or equipment, not the fault of either party; (c) invasion, war (declared or undeclared), terrorism, riot, or civil commotion; (d) an act of governmental or quasi-governmental authorities; (e) failure of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, shortage of adequate power or transportation facilities; and/or (f) any matter beyond the reasonable control of the affected party. Notwithstanding the foregoing, Customer shall not be entitled to use, or rely on, this Section (Force Majeure) in connection with any Customer breach of the Subscription and/or Company’s Intellectual Property Rights. For the avoidance of doubt, any problems relating to hosting of the Software by a third party is beyond the reasonable control of Company.
13.10. Notices. All notices or other communications provided for in connection with this Agreement shall be in writing and shall be given in person, by courier, by facsimile, email, or by registered or certified mail, postage prepaid, addressed as set forth above. All notices and other communications delivered in person or by courier service shall be deemed to have been given as of one business day after sending thereof, those given by facsimile transmission with confirmation or receipt shall be deemed to have been given as of the date of transmission thereof (provided that such date is a business day in the country of receipt and if not, the next business day), and all notices and other communications sent by registered mail shall be deemed given three (3) days after posting. Notices sent by email shall be deemed received upon receipt of such email.
13.11. Export Compliance. Customer shall be solely responsible for obtaining all required authorizations and licenses from applicable government authorities under Export Control Laws, in connection with Customer’s use of the Software and its related documentation. Customer represents and warrants that: (a) it is not a resident of (or will use the Software or such documentation in) a country that the U.S. government has embargoed for use of the Software or such documentation, nor is an entity named on the U.S. Treasury Department’s list of Specially Designated Nationals or any other applicable trade sanctioning regulations of any jurisdiction; and (b) its country of residence and/or incorporation (as applicable) is the same as the country specified in the contact and/or billing address provided to Company. Customer shall not transfer, export, re-export, import, re-import or divert the Software or such documentation in violation of any Export Control Laws (defined below), and shall not transfer, export, re-export, import, re-import or divert any the Software or such documentation to Lebanon, Syria, Iran, Iraq, Sudan, Yemen, Cuba, or North Korea (or other countries specifically designated in writing by Company from time to time). In the event of a breach under this Section (Export Compliance), Customer agrees to indemnify and hold harmless Company and all Company Affiliates (and their respective directors, officers, and employees) for any fines and/or penalties imposed upon Company or a Company Affiliate (or such persons) as a result of such breach. “Export Control Laws” means all applicable export and re-export control Laws applicable to Customer and/or Company or its Affiliates (such as those of the State of Israel), as well as the United States’ Export Administration Regulations (EAR) maintained by the US Department of Commerce, trade and economic sanctions maintained by the US Treasury Department’s Office of Foreign Assets Control, and the International Traffic in Arms Regulations (ITAR) maintained by the US Department of State.
SCHEDULE A
SOFTWARE AND INITIAL SETUP
The Pentera Surface platform is designed to help customers validate their organization’s cyber defenses, protect their external-facing digital assets, and continuously monitor the exposure of their attack surface.
An attack surface is any external-facing asset that an attacker could discover, attack, or use to gain a foothold into an environment. It comprises all internet-accessible assets (hardware, software, etc.) that a potential attacker can discover internet-accessible assets (hardware, software, etc.) that are discoverable by a potential attacker.
The validation of the attack surface includes two main stages:
1. Discovery:
– Asset inventory discovery
– Asset enumeration
– Vulnerability assessment
The Company performs a comprehensive inventory count of the internet-facing assets of the Customer organization to identify the Customer assets that are associated with its organization. Once an initial list is created, the Customer must reexamine the assets and approve the list to validate the fact that these assets belong to the Customer organization and to make sure that any asset the Customer chooses to test through the Software belongs to the Customer organization (“Asset Validation”). Assets for which the Customer declined ownership will be excluded from the account.
First, Pentera Surface maps the attack surface of the Customer’s organization by discovering the assets related to an account and exposed to the world wide web. This process involves categorizing the Customer’s assets by types, such as databases, servers, routers, or switches. The Customer can decline or confirm ownership of any asset at any point.
2. Exploitation:
– Each Pentera Surface test provides the Customer with results that demonstrate whether the Customer’s attack surface is exposed to attack or validates that it is protected against attack.
– Pentera Surface maps and discovers the attack surface and prioritizes to the Customer the most critical vulnerabilities and assets that might be targeted by potential attackers and by doing so, allow the Customer to remediate and take action to reduce the organizational risk.
– Pentera Surface may also help customers validate if the vulnerability identified in their assets can be exploited by an attacker and determine its impact. The customer must reexamine and approve any ethical hacking or ethical exploitation performed by Pentera Surface as part of its testing prior to such initiation of the testing.