Master Subscription Agreement (MSA)

Last updated September 8, 2020

THIS MASTER SUBSCRIPTION AGREEMENT GOVERNS YOUR USE OF OUR SERVICES. SSC PERMITS YOU TO PURCHASE, ACCESS, AND/OR USE THE SERVICES ONLY IN ACCORDANCE WITH THE TERMS OF THIS AGREEMENT.

IF YOU REGISTER FOR A FREE TRIAL OF OUR SERVICES OR OTHERWISE UTILIZE FREE CAPABILITIES, THIS AGREEMENT WILL ALSO GOVERN THAT FREE TRIAL, UNLESS OTHERWISE PROVIDED HEREIN.

BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE, USING OUR SERVICES, OR BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT OR RELATES TO THE SERVICES, YOU AGREE TO THE TERMS OF THIS AGREEMENT, INCLUDING ALL TERMS INCORPORATED BY REFERENCE. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY, GOVERNMENT AGENCY, OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

You may not access the Services or request information from our Services if you are a direct competitor of SSC, except with our prior written consent. In addition, you may not access the Services for purposes of monitoring their availability, performance or functionality, or for any other competitive purposes.

This Agreement is subject to revision. If SSC makes any changes, SSC will notify you via email or through the Services (e.g., banner upon login). Any changes to this Agreement will be effective upon the earlier of thirty (30) calendar days following dispatch of an email notice to you (if applicable) or your next use of the Services. These changes are effective immediately to new Users of the Services. You are responsible for providing SSC with your most current e-mail address. In the event that the last e-mail address that you have provided SSC is not valid, or for any reason is not capable of delivering to you the notice described above, SSC’s dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. Continued use of the Services following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

This Agreement was last updated as of the date above. It is effective between you and SSC as of the earlier of: (a) the date you accept this Agreement or (b) the date you first access or otherwise use the Services.

1. DEFINITIONS

1.1. "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control," for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
1.2. “Agreement” means this Master Subscription Agreement.
1.3. “Applicable Data Privacy Laws” means the data privacy and security laws of the relevant jurisdiction, including but not limited to the European Union’s General Data Protection Regulation 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1.4. “Beta Services” means certain features, technologies, and services that are not generally available to customers, as updated from time to time.
1.5. “Credit(s)” means a credit for SSC’s Atlas platform associated to a sent questionnaire.
1.6. “Customer," “you" or "your" means the person accepting this Agreement, or, if applicable, the company or other legal entity for which Customer is accepting this Agreement.
1.7. “Customer Services Data” means electronic data and information submitted by or for Customer to the Services or collected and processed by or for Customer as a result of your use of the Services (e.g., username, vendor contact information, support requests, issue remediation).
1.8. “Documentation” means the documentation and Service feature descriptions, as updated from time to time, as provided by SSC (whether online or otherwise).
1.9. “Disruption Event” means either: (a) a User’s use of the Services which could disrupt: (i) the Services; (ii) other customer's use of the Services; or (iii) SSC network or servers used to provide the Services; or (b) unauthorized third-party access to the Services.
1.10. “Generic Reports” means reports that may include Customer Services Data in an anonymous, generic, de-identified format aggregated with other data not constituting Customer Services Data solely and exclusively for analyzing customer needs, improving SSC products and services, or providing benchmark data of usage and configuration of applications to other customers.
1.11. “Malicious Code” means code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs, and trojan horses.
1.12. "Non-SSC Applications" means a web-based or offline software application that is provided by Customer or a third party and is not owned, operated, controlled, or otherwise provided by SSC (including any third-party integrations or partner products promoted by SSC), whether such application interoperates with the Services or is provided on a stand-alone basis.
1.13. “Order Form” means a purchase order, quote, online subscription, or other ordering document specifying the Services to be provided hereunder that is entered into between (a) Customer and (b) SSC or any of SSC’s Affiliates or Resellers, including any addenda and supplements thereto. For the avoidance of doubt, Customer’s subscription confirmation within the Services platform shall be considered an “Order Form” for purposes hereof.
1.14. “Personal Information” means information relating to an identified or identifiable natural person.
1.15. “Privacy Policy” means SSC’s Privacy Policy, as updated from time-to-time, located at: https://securityscorecard.com/privacy or such other URL as SSC may provide from time to time.
1.16. “Professional Services” means the product implementation, training, and/or other professional services to be provided by SSC to Customer (if any).
1.17. "Purchased Services" means Services (including Professional Services, but excluding any SSC API Services) that Customer purchases under an Order Form, as distinguished from those provided pursuant to a free trial.
1.18 “Reseller” means one of SSC’s preferred partner resellers through whom Customer purchases the Services.
1.19 “Services” means the products and services made available online or otherwise by SSC, including customer support services provided in connection with SSC’s SaaS offerings. “Services” exclude Non-SSC Applications and any products, services or content related thereto.
1.20. “Slot(s)” means a unique top-level domain maintained in a Customer portfolio on the Services, subject to change during a twelve (12) month period a maximum of 10 times.
1.21. “SOW” means the Statement of Work applicable to any Professional Services package purchased by Customer as part of the Purchased Services (if any).
1.22. “SSC,” "we," or "us" means SecurityScorecard, Inc.
1.23. “SSC API Services” means the product and services related to SSC API functionality, including the use or development of API Integration(s). For purposes of this definition, “API Integrations” means the systematic interactions between Non-SSC Applications and the Services that are developed through the SSC API.
1.24. “Subscription Term” means the period of time during which Users are permitted to use the Services hereunder, as specified in the applicable Order Form and including all renewals or extensions thereof.
1.25. “Suspend” or “Suspension” means the immediate disabling of access to the Services, or components of the Services, as applicable, to prevent further use of the Services.
1.26. “User” means an individual who is authorized by Customer to use one or more of the Services and to whom Customer (or SSC at your request) has supplied a user identification and password. Users may include, for example, your employees, consultants, contractors, and agents.

2. FREE TRIAL. If Customer registers on the SSC website for a free trial or otherwise utilizes the functionality of the Services for free, SSC will make one or more Services available to Customer on a trial basis, free of charge, until the earlier of (a) the end of the free trial period for which Customer registered to use the applicable Service(s), or (b) the start date of any Purchased Service subscriptions ordered by Customer for such Service(s). CUSTOMER SERVICES DATA ON SSC SYSTEMS OR IN OUR POSSESSION OR CONTROL, ANY REPORTS, AND ANY CUSTOMIZATIONS MADE TO THE SERVICES BY OR FOR YOU, DURING YOUR FREE TRIAL MAY BE PERMANENTLY LOST OR DELETED AT THE END OF THE FREE TRIAL PERIOD UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE TRIAL OR PURCHASES UPGRADED SERVICES BEFORE THE END OF THE TRIAL PERIOD. SSC WILL HAVE NO LIABILITY FOR ANY HARM OR DAMAGE ARISING OUT OF OR IN CONNECTION WITH A FREE TRIAL. NOTWITHSTANDING SECTION 8 (REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES, AND DISCLAIMERS), DURING THE FREE TRIAL THE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY. Please review the Documentation during the trial period so that you become familiar with the features and functions of the Services before you make your purchase.

3. SSC RESPONSIBILITIES

3.1. Provision of Purchased Services. SSC will (a) make the Purchased Services available to Customer pursuant to this Agreement and the applicable Order Forms and SOWs, and (b) provide standard support for the Purchased Services to Customer at no additional charge, and/or upgraded support if purchased. Notwithstanding the foregoing, the Purchased Services may not be available due to: (i) planned downtime (of which SSC shall give advanced electronic notice through the Services or otherwise and which SSC shall schedule to the extent practicable during the weekend hours), and (ii) circumstances beyond our reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, pandemic, epidemic, quarantine restriction, strike or other labor problem (other than one involving SSC employees), Internet service provider failure or delay, Non-SSC Application failure or delay, or for denial of service attack. SSC reserves the right to make changes to the Services at any time and from time to time, provided, however, that SSC will not materially decrease the functionality of the Purchased Services during a Subscription Term. If SSC makes a material change to the Services, SSC will notify Customer of such change in accordance with Section 12.1 (Manner of Giving Notice). This Agreement does not govern any SSC API Services that are purchased by or made available to Customer. To the extent that the Services referenced in an Order Form include SSC API Services, such SSC API Services will be provided pursuant to a separate API Services and License Agreement and the corresponding SOW, if any, between Customer and SSC.
3.2 Provision of SSC API Services. In connection with Customer’s Purchased Services, SSC may make the SSC API Services available to Customer. Unless Customer has entered into a separate API Services and License Agreement, the following terms and restrictions shall apply to Customer’s use of the API Services.
3.2.1. Usage Restrictions. In addition to the restrictions set forth in Section 4.4, except as expressly and unambiguously authorized under this Agreement or by SSC in writing, Customer shall not (i) disclose or provide the API to any person or entity other than to Customer’s employees or consultants, or contractors who has a need to know, (ii) use the SSC API Services in a product or service that is commercially released; (iii) use the API in a manner that, as determined by SSC in its sole discretion, constitutes excessive or abusive usage, or otherwise fails to comply or is inconsistent with any part of the Documentation.
3.2.2. Proprietary Rights. As between the parties, SSC owns all rights, title, and interest in and to the SSC API Services and all other output of the API. Except to the limited extent expressly provided in this Agreement, SSC does not grant, and Customer shall not acquire, any right, title or interest (including, without limitation, any implied license) in or to the SSC API Services or output thereof.
3.2.3. Disclaimers. SSC reserves the right to limit access or functionality of the SSC API Services at any time. SSC API Services are provided “AS IS” and SSC disclaims all warranties relating to the API, express or implied, including but not limited to any warranties against infringement, merchantability and fitness for a particular purpose.
3.3. Protection of Customer Services Data. SSC will maintain industry-standard administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of Services and the Customer Services Data. Those safeguards will include, but will not be limited to, safeguards to ensure the security of the information technology systems used to provide the Services, maintaining and testing (at least annually) an incident management program, and measures for preventing inappropriate access, use, modification or disclosure of Customer Services Data by SSC personnel. SSC will promptly inform Customer following discovery of any breach of security, confidentiality, and/or integrity of the Services or Customer Services Data affecting Customer
3.4. Beta Services. From time to time, SSC may invite Customer to try Beta Services at no charge. Customer may accept or decline any such trial in its sole discretion. Beta Services will be clearly designated as beta, pilot, limited release, developer preview, non-production, evaluation or by a description of similar import. Beta Services are for evaluation purposes and not for production use, are not considered “Services” under this Agreement, are not supported, and may be subject to additional terms. Unless otherwise stated, any Beta Services trial period will expire upon the date that a version of the Beta Services becomes generally available. SSC may discontinue Beta Services at any time in its sole discretion and may never make them generally available. SSC WILL HAVE NO LIABILITY FOR ANY HARM OR DAMAGE ARISING OUT OF OR IN CONNECTION WITH A BETA SERVICE. NOTWITHSTANDING SECTION 8 (REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES, AND DISCLAIMERS), BETA SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY.

4. USE OF SERVICES; NON-SSC APPLICATIONS; AFFILIATES

4.1 Subscriptions.Unless otherwise provided in the applicable Order Form, (a) Services are purchased as subscriptions, (b) subscriptions may be added during a Subscription Term, with the term for such additional subscription(s) to be prorated for the portion of that Subscription Term remaining at the time the mid-term subscriptions are added, and (c) any added subscriptions will terminate on the same date as the Subscription Term, subject to any automatic renewals that may apply as set forth below in Section 11.2 below.
4.2. Usage Limits. Services are subject to usage limits, including, for example, the quantities specified in the applicable Order Form(s). Unless otherwise specified, a quantity in an Order Form refers to Slots or Credits, as applicable. If Customer exceeds its then-current contractual usage limit as set forth in the relevant Order Form, Customer may incur additional fees for excess usage if it does not reduce overuse within ten (10) days after notice from SSC and in such case, shall remit payment in accordance with Section 5 (Fees and Payment); Customer’s then-current contractual usage limit will automatically be increased to the new number of Slots or Credits for the remainder of the Subscription Term and thereafter (if applicable).
4.3. Customer Responsibilities. Customer will (a) be responsible for Users’ compliance with this Agreement and for all activities that occur through Users’ use of Services, (b) be responsible for the accuracy, quality and legality of Customer Services Data, (c) use commercially reasonable efforts to prevent unauthorized access to or use of Services (including not sharing any User passwords), and notify SSC promptly of any such unauthorized access or use, and (d) if applicable, comply with the terms of service for any Non-SSC Application with which Customer uses the Services.
4.4. Usage Restrictions. Solely for purposes of this Section 4.4, “Services” shall include SSC API Services. Customer will not (a) make any Service available to, or use any Service for the benefit of, anyone other than Customer or Users, including any part, feature, function or output of a Service, (b) sell, resell, license, sublicense, distribute, rent or lease any Service or any part, feature, function or output thereof (e.g., reports, screenshots), or include any Service in a service bureau or outsourcing offering, (c) use a Service to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use a Service to store or transmit Malicious Code, (e) use a Service in violation of this Agreement, applicable laws or government regulations, or form otherwise fraudulent or malicious purposes, (f) interfere with or disrupt the integrity or performance of any Service or third-party data contained therein, (g) attempt to gain unauthorized access to any Service or its related systems or networks, (h) use or permit direct or indirect access to or use of any Service in a way that circumvents a contractual usage limit, (i) publish, display, or copy (provided that Customer and its Users can copy as reasonably necessary to its and their rights under this Agreement and in connection with ordinary course back-up and disaster recovery procedures) a Service or any part, feature, function, output, or user interface thereof (this includes a prohibition on any publication of ratings, scores, reports or components thereof), (j) remove any legal, copyright, trademark or other proprietary rights notices contained in or on materials Customer receives or accesses through the Services; (k) frame or mirror any part of any Service, other than framing on your own intranets or otherwise for your own internal business purposes or as permitted in this Agreement, (l) access any Service in order to build a competitive product or service or use a Service in a way that competes with products or services offered by SSC, or (m) copy, adapt, reformat, reverse-engineer, disassemble, decompile, download, translate or otherwise modify any Service or SSC’s website, through automated or other means.
4.5. Privacy.
4.5.1. SSC may collect personal information in connection with a Customer’s use of the Services. SSC’s Privacy Policydescribes what data is collected, the purpose of the collection, the means by which SSC processes such data, and the third parties with whom the data may be shared.
4.5.2. To the extent Customer provides personal information to SSC, Customer represents that it has complied with all Applicable Data Privacy Laws concerning its collection and disclosure of such information, and that it is not relying upon SSC to discharge any of customer’s obligations or responsibilities under Applicable Data Privacy laws.
4.5.3. With respect to the personal information that it receives from Customer or Users, SSC represents that it has and will independently comply with all obligations imposed by Applicable Data Privacy upon controllers, that it will not consider itself to be a joint controller with Customer, and that it will not rely upon Customer to perform any of SSC’s obligations as a controller.
4.6. Suspension. If SSC becomes aware of a User’s violation of this Agreement, then SSC may specifically request that Customer Suspend that User’s use of the Services. If Customer fails to comply with our request to Suspend a User’s use of the Services, then SSC may Suspend that User’s use of the Services. The duration of any Suspension by SSC will be until the applicable User has cured the breach that caused the Suspension. Notwithstanding the foregoing, if there is a Disruption Event, then SSC may automatically Suspend the offending use. The Suspension will be to the minimum extent and of the minimum duration required to prevent or terminate the Disruption Event. If SSC Suspends a User’s use of the Services for any reason without prior notice to Customer, then at your request, SSC will provide Customer with the reason for the Suspension as soon as is reasonably possible.
4.7. Non-SSC Applications.
4.7.1. Acquisition and Use of Non-SSC Applications. SSC or third parties may make available third-party products or services, including, for example, Non-SSC Applications and implementation and other consulting services. If Customer elects to acquire or use such Non-SSC Applications, any exchange of data between Customer and any non-SSC provider is solely between Customer and the applicable non-SSC provider. SSC DOES NOT WARRANT OR SUPPORT NON-SSC APPLICATIONS OR OTHER NON-SSC PRODUCTS OR SERVICES, WHETHER OR NOT THEY ARE DESIGNATED BY SSC. SUCH NON-SSC APPLICATIONS ARE NOT UNDER THE CONTROL OF SSC AND SSC IS NOT RESPONSIBLE FOR THE PRODUCT, SERVICES, WEBSITE, OR CONTENT OF ANY THIRD-PARTY PROVIDER. Non-SSC Applications may be subject to additional terms and conditions between the provider of such Non-SSC Application and Customer, including terms related to the collection, use and processing of Personal Information. If Customer elects to acquire or use a Non-SSC Application, it is Customer’s responsibility to review and understand these additional terms.
4.7.2. Non-SSC Applications and Your Customer Services Data. If Customer installs or enables a Non-SSC Application for use with a Service, Customer grants SSC permission to allow the provider of that Non-SSC Application to access Customer Services Data as required for the interoperation of that Non-SSC Application with the Service. SSC is not responsible or liable for any disclosure, modification or deletion of Customer Services Data resulting from access by a Non-SSC Application. SSC is not responsible or liable to Customer if you install, connect, enable, use or share any integration, feature, workflows, actions, or suggestions authored or made available by an entity other than SSC.
4.7.3. Integration with Non-SSC Applications. The Services may contain features designed to interoperate with Non-SSC Applications. To use such features, Customer may be required to obtain access to Non-SSC Applications from their providers and may be required to grant SSC access to your account(s) on the Non-SSC Applications.
4.8. Affiliates. By entering into an Order Form, an Affiliate agrees to be bound by the terms of this Agreement as if such Affiliate were an original party hereto.

5. FEES AND PAYMENT FOR PURCHASED SERVICES

5.1. Reseller Purchases. If Customer purchases the Services through a Reseller, all payment-related terms (including, but not limited to, pricing, invoicing, billing, payment methods, and late payment charges) will be set forth in Customer’s agreement directly with such Reseller and such payment-related terms will supersede any conflicting terms set forth in this Section 5. SSC may suspend or terminate your access to the Services in the event of non-payment of the applicable fees to SSC by the Reseller due to your non-payment, or Customer’s uncured breach of this Agreement. Notwithstanding anything to the contrary, the agreement between Customer and a Reseller: (i) shall not modify any of the terms set forth herein other than Sections those portions of Section 5 related to billing and payments, and (ii) is not binding on SSC.
5.2. Fees. Customer will pay all fees specified in Order Forms. Except as otherwise specified herein or in an Order Form, (i) fees are based on the Service purchased and not actual usage, (ii) payment obligations are non-cancelable and fees paid are non-refundable except as set forth in Section 11.4 below, and (iii) quantities purchased cannot be decreased during the relevant Subscription Term. Customer will be responsible for any payments owed but not paid by any of Customer Affiliates ordering Services hereunder.
5.3. Invoicing and Payment. Fees shall be invoiced in advance, either annually or in accordance with any different billing frequency stated in the applicable Order Form. Unless otherwise stated in the Order Form, invoiced charges are due net thirty (30) days from the invoice date. Customer is responsible for providing complete and accurate billing and contact information to SSC and notifying SSC of any changes to such information. Customer acknowledges and agrees that SSC may engage third-party payment processors, which as of the “Last Updated” date of this Agreement include Stripe and its affiliates, to process online payments made by Customer hereunder, and that such payment processors will be provided your payment information in order to help us process your payment.
5.4. Overdue Charges. If any undisputed invoiced amount is not received by SSC by the due date, then without limiting our rights or remedies, (a) those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, (b) SSC may condition future subscription renewals and Order Forms on payment terms shorter than those specified in Section 5.3 (Invoicing and Payment), and/or (c) SSC may require Customer to pay any collections or legal fees incurred by SSC in order to collect payment of the corresponding undisputed invoiced amount.
5.5. Suspension of Service and Acceleration. If any amount owing by Customer under this or any other agreement for Purchased Services is thirty (30) or more days overdue, SSC may, without limiting other rights and remedies, accelerate Customer’s unpaid fee obligations under such agreements so that all such obligations become immediately due and payable, and Suspend Services to Customer until such amounts are paid in full. SSC will give Customer at least 10 days’ prior notice, in accordance with Section 12.1 (Manner of Giving Notice), before Suspending Services to Customer pursuant to the foregoing.
5.6. Taxes.Our fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If SSC has the legal obligation to pay or collect Taxes for which Customer is responsible under this Section 5.6, SSC will invoice Customer and Customer will pay that amount unless Customer provides SSC with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, SSC is solely responsible for taxes assessable against SSC based on our income, property, and employees.
5.7. Future Functionality. Customer agrees that its purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by SSC regarding future functionality or features.

6. PROPRIETARY RIGHTS AND LICENSES

6.1. Reservation of Rights. Subject to the limited rights expressly granted hereunder, SSC reserves all of its right, title, and interest in and to the Services and any proprietary materials of SSC contained therein, including all intellectual property rights therein and thereto, and Customer acquires no rights with respect to the Services, by implication or otherwise, except for those expressly granted in this Agreement. Customer reserve all of Customer’s rights, title and interest in Customer Services Data, provided that SSC may use Customer Services Data to create Generic Reports and as provided in Section 6.2 below. No rights are granted to Customer hereunder other than as expressly set forth herein.
6.2. SSC Rights to Use Customer Services Data. Customer grants SSC the right to use Customer Services Data, in compliance with applicable law, in order to: (a) provide the Services in accordance with this Agreement and the Privacy Policy, (b) communicate with any vendors or contacts provided by Customer, (c) prevent or address service or technical problems, (d) as Customer expressly permits, or (e) as may be required by law. SSC may also use Customer Services Data in an aggregated, de-identified and generic manner, in compliance with applicable law, for marketing, survey purposes, setting benchmarks, feature suggestions, product analytics and new product features or services, Services utilization analyses and related purposes, provided that (i) it is used only for internal administrative purposes and general usage statistics; (ii) does not identify Customer or its agents, representatives, customers or employees and is not attributable to such persons or entities in any way; and (iii) where Customer Services Data is used in this manner to create publicly disclosed general usage statistics, such statistics are used to report only the total aggregate use among SSC customers.
6.3. License by Customer to Use Feedback. Customer grants to SSC a worldwide, perpetual, irrevocable, transferable, royalty-free license to use and incorporate into the Services any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer or Users relating to the operation of the Services, provided that SSC shall not identify Customer or its Affiliates as the source of such feedback.

7. CONFIDENTIALITY

7.1. Definition of Confidential Information. “Confidential Information”means all information and materials disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. SSC Confidential Information includes the Services and any proprietary materials provided through the Services and marked as such; and Confidential Information of each party includes the terms and conditions of this Agreement and all Order Forms (including pricing), as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party as shown by documents and other competent evidence in the Receiving Party’s possession.
7.2. Protection of Confidential Information. The Receiving Party will (i) use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care), (ii) not to use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, disclose Confidential Information of the Disclosing Party only to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who are subject to confidentiality obligations consistent with this Agreement. Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this Section 7.2.
7.3. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law or by the order of a court or similar judicial or administrative body to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to that Confidential Information.

8. REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS

8.1. Representations. Each party represents that it has validly entered into this Agreement and has the legal power to do so.
8.2. SSC Warranties. SSC warrants that: (a) the Purchased Services will perform materially in accordance with the specifications set forth in the Documentation; and (b) SSC will provide the Professional Services, if applicable, in a professional and workmanlike manner. For any breach of the above warranties, Customer’s exclusive remedy and SSC’s sole obligation is those described in Sections 11.3 (Termination) and 11.4 (Refund or Payment upon Termination).
8.3. Mutual Warranties. Each party warrants that it will comply with all laws and regulations applicable to its provision or use of the Services, as applicable (including applicable security breach notification law).
8.4. Disclaimers. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD-PARTY HOSTING PROVIDERS OR NON-SSC APPLICATIONS.

9. MUTUAL INDEMNIFICATION

9.1. Indemnification by SSC. SSC will defend Customer against any claim, demand, suit or proceeding made or brought against Customer by a third party alleging that the use of a Purchased Service in accordance with this Agreement infringes or misappropriates such third party’s intellectual property rights (a “Claim Against Customer”), and will indemnify Customer from any damages, attorney fees and costs finally awarded against Customer as a result of, or for amounts paid by Customer under a court-approved settlement of, a Claim Against Customer, provided Customer (a) promptly give SSC written notice of the Claim Against Customer, (b) give SSC sole control of the defense and settlement of the Claim Against Customer (except that SSC may not settle any Claim Against Customer unless it unconditionally releases Customer of all liability), and (c) give SSC all reasonable assistance, at our expense. If SSC receives information about an infringement or misappropriation claim related to a Service, SSC may in its discretion and at no cost to Customer (i) modify the Service so that it no longer infringes or misappropriates, without breaching the warranties under Section 8.2 (SSC Warranties), (ii) obtain a license for Customer’s continued use of that Service in accordance with this Agreement, or (iii) terminate Customer’s subscriptions for that Service upon thirty (30) days’ written notice and refund Customer any prepaid fees covering the remainder of the term of the terminated subscriptions. The above defense and indemnification obligations do not apply to the extent a Claim Against Customer arises from: (i) a Non-SSC Application, (ii) Customer’s breach of this Agreement, (iii) any use of the Services in combination with other products, equipment, software or data not supplied by SSC; or (iii) any modification of the Services by any person other than SSC or its authorized representatives.
9.2. Indemnification by Customer. Customer will defend SSC against any claim, demand, suit or proceeding made or brought against SSC by a third party alleging that Customer Services Data, or your use of any Service in breach of this Agreement, infringes or misappropriates such third party’s intellectual property rights (a “Claim Against SSC”), and will indemnify SSC from any damages, attorney fees and costs finally awarded against SSC as a result of, or for any amounts paid by SSC under a court-approved settlement of, a Claim Against SSC, provided SSC (a) promptly gives Customer written notice of the Claim Against SSC, (b) gives Customer sole control of the defense and settlement of the Claim Against SSC (except that Customer may not settle any Claim Against SSC unless it unconditionally releases SSC of all liability), and (c) gives Customer all reasonable assistance, at your expense.
9.3. Exclusive Remedy. This Section 9 states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any type of claim described in this Section 9.

10. LIMITATION OF LIABILITY

10.1. Limitation of Liability. EXCEPT FOR EACH PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 9, NEITHER PARTY'S LIABILITY WITH RESPECT TO ANY SINGLE INCIDENT OR SERIES OF RELATED INCIDENTS ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL EXCEED THE AMOUNT PAID BY CUSTOMER HEREUNDER IN THE 12 MONTHS PRECEDING THE INCIDENT OR SERIES OF RELATED INCIDENTS, PROVIDED THAT IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER HEREUNDER. THE ABOVE LIMITATIONS WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY. HOWEVER, THE ABOVE LIMITATIONS WILL NOT LIMIT YOUR PAYMENT OBLIGATIONS UNDER SECTION 5 (FEES AND PAYMENT FOR PURCHASED SERVICES). THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.
10.2. Exclusion of Consequential and Related Damages. EXCEPT FOR EACH PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 9, IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS, REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES (INCLUDING, WITHOUT LIMITATION, LOSS OF PROFITS OR GOODWILL), WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.
10.3. Collective Liability. The provisions and limitations of this Section 10 will apply to Customer and all of its Affiliates purchasing Services hereunder in the aggregate, meaning SSC’S liability to Customer and/or one or more of its Affiliates for an incident or series of related incidents, collectively, will be limited to the aggregate amount paid by Customer and its Affiliates as set forth in this Section 10.

11. TERM AND TERMINATION

11.1. Term of Agreement. This Agreement commences on the date Customer first accepts it and continues for so long as SSC is providing Services.
11.2. Term of Purchased Subscriptions; AUTO-RENEWAL OF SUBSCRIPTION TERM. The Subscription Term shall be, and shall renew, as specified in the applicable Order Form. If no such term or renewal period is specified, Subscriptions will have an initial term of one year and will automatically renew for additional periods equal to the expiring Subscription Term or one year (whichever is shorter), unless either party gives the other notice of non-renewal at least sixty (60) days before the end of the relevant Subscription Term in accordance with Section 12.1 (Manner of Giving Notice).
11.3. Termination. A party may terminate this Agreement, any Order Form or SOW (i) thirty (30) days after providing written notice to the other party of a material breach of its obligations under this Agreement or the relevant Order Form or SOW if such breach remains uncured at the expiration of such 30-day period, (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors, or (iii) upon ten (10) days’ written notice to the other party if the other party is in material breach of this Agreement more than two (2) times notwithstanding any cure of such breaches.
11.4. Refund or Payment upon Termination. If this Agreement is terminated by Customer in accordance with Section 11.3 (Termination), SSC will refund Customer any prepaid fees covering the remainder of the Subscription Term of all Order Forms or SOW after the effective date of termination. If this Agreement is terminated by SSC in accordance with Section 11.3, Customer will pay any unpaid fees covering the remainder of the Subscription Term of all Order Forms. In no event will termination relieve Customer of its obligation to pay any fees payable to SSC for the Subscription Term period prior to the effective date of termination.
11.5. Customer Services Data. After the effective date of termination or expiration of this Agreement, SSC will have no obligation to maintain or provide Customer Services Data, and may, in its sole discretion, delete or destroy all copies of Customer Services Data in our systems or otherwise in our possession or control, unless legally prohibited.
11.6. Surviving Provisions. The Sections that are intended by their nature to survive termination or expiration shall so survive any termination or expiration of this Agreement.

12. NOTICES, GOVERNING LAW AND JURISDICTION

12.1. Manner of Giving Notice. All notices, permissions, and approvals hereunder shall be in writing and shall be deemed to have been given upon: (i) personal delivery, (ii) the second business day after mailing, (iii) the second business day after sending by confirmed facsimile, or (iv) the first business day after sending by email (provided email shall not be sufficient for notices of an indemnifiable claim). Notices to SSC shall be addressed to SecurityScorecard, Inc., Attn: Legal Department; 111 West 33rd Street, 11th Floor, New York, NY 10001; [email protected]. Billing-related notices to Customer shall be addressed to the relevant billing contact designated by Customer. All other notices to Customer shall be addressed to the relevant Services system administrator designated by Customer, in writing, by like notice.
12.2. Agreement to Governing Law and Jurisdiction. Each party agrees that this Agreement is governed by and shall be construed in accordance with the laws of the State of New York, in all respects, without regard to choice or conflicts of law rules, and that all disputes arising out of or relating to this Agreement are limited to the exclusive jurisdiction and venue of the state and federal courts located within New York County, New York. Each party hereby consents to and waives any objections with respect to such jurisdiction and venue.

13. GENERAL PROVISIONS

13.1. Export Compliance. The Services, other technology SSC makes available, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government denied-party list. Customer shall not permit Users to access or use any Service in a U.S.-embargoed country or in violation of any U.S. export law or regulation.
13.2. Entire Agreement and Order of Precedence. This Agreement, including any Order Forms, is the entire agreement between Customer and SSC regarding Customer’s use of Services and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter (including any non-disclosure agreement between Customer and SSC where the sole purpose was to evaluate the subscription hereunder). If Customer has executed a written agreement with SSC, the terms of such separately-negotiated and signed agreement shall control. No waiver of any provision of this Agreement will be effective unless in writing and signed by the party against whom the waiver is to be asserted. No modification or amendment of any provision of this Agreement, an Order Form or SOW will be effective unless in writing and signed by the party against whom the waiver is to be asserted. The parties agree that any term or condition stated in a Customer purchase order or in any other order documentation (excluding Order Forms) is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the applicable Order Form or SOW, (2) this Agreement, and (3) the Documentation.
13.3. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (including all Order Forms and SOWs hereunder), without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets or equity securities. Notwithstanding the foregoing, if a party is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of the other party, then such other party may terminate this Agreement upon written notice.
13.4. Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.
13.5. Third-Party Beneficiaries. The parties do not intend to create any third-party beneficiaries of this Agreement, and nothing in this Agreement is intended, nor shall anything herein be construed to create any rights, legal or equitable, in any person other than the Parties to this Agreement.
13.6. Waiver. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.
13.7. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.
13.8. Headings. Headings are used in this Agreement and all associated agreements are solely for convenience and shall not be deemed to affect in any manner the meaning or intent of the applicable agreement or any provision there/hereof.
13.9. Equitable Relief. Nothing in this Agreement will limit either party's ability to seek equitable relief.
13.10. Force Majeure. Except for payment obligations, neither party will be liable for inadequate performance to the extent caused by a condition (for example, natural disaster, an act of war or terrorism, riot, labor condition, governmental action, pandemic, epidemic, quarantine restriction, and Internet disturbance) that was beyond the party's reasonable control.
13.11. Jury Trial Waiver. EACH PARTY HEREBY WAIVES ITS RIGHTS TO A JURY TRIAL OF ANY CLAIM OR CAUSE OF ACTION BASED UPON OR ARISING OUT OF THIS AGREEMENT OR THE SUBJECT MATTER HEREOF. THE SCOPE OF THIS WAIVER IS INTENDED TO BE ALL-ENCOMPASSING OF ANY AND ALL DISPUTES THAT MAY BE FILED IN ANY COURT AND THAT RELATE TO THE SUBJECT MATTER OF THIS TRANSACTION, INCLUDING, WITHOUT LIMITATION, CONTRACT CLAIMS, TORT CLAIMS (INCLUDING NEGLIGENCE), BREACH OF DUTY CLAIMS, AND ALL OTHER COMMON LAW AND STATUTORY CLAIMS. THIS SECTION HAS BEEN FULLY DISCUSSED BY EACH OF THE PARTIES HERETO AND THESE PROVISIONS WILL NOT BE SUBJECT TO ANY EXCEPTIONS. EACH PARTY HERETO HEREBY FURTHER WARRANTS AND REPRESENTS THAT SUCH PARTY HAS REVIEWED THIS WAIVER WITH ITS LEGAL COUNSEL, AND THAT SUCH PARTY KNOWINGLY AND VOLUNTARILY WAIVES ITS JURY TRIAL RIGHTS FOLLOWING CONSULTATION WITH LEGAL COUNSEL.