THIS END USER LICENSE AGREEMENT ("AGREEMENT") GOVERNS THE USE OF THE SUBSCRIPTION SERVICES DESCRIBED HEREIN. BY ACCESSING AND USING THE SUBSCRIPTION SERVICES, YOU (“CUSTOMER”) ARE CONSENTING TO BE BOUND BY THIS AGREEMENT, INCLUDING ALL TERMS INCORPORATED BY REFERENCE. YOU AGREE THAT THIS AGREEMENT IS EQUIVALENT TO ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY YOU. IF YOU AGREE TO THESE TERMS ON BEHALF OF A BUSINESS OR A GOVERNMENT AGENCY, YOU REPRESENT AND WARRANT THAT YOU HAVE AUTHORITY TO BIND THAT BUSINESS TO THIS AGREEMENT, AND YOUR AGREEMENT TO THESE TERMS WILL BE TREATED AS THE AGREEMENT OF THE BUSINESS. IN THAT EVENT, "YOU" AND "YOUR" REFER HEREIN TO THAT BUSINESS. THE SUBSCRIPTION SERVICES ARE BEING LICENSED AND NOT SOLD TO YOU. SECURITYSCORECARD PERMITS YOU TO ACCESS AND USE THE SUBSCRIPTION SERVICES AND PURCHASE SUBSCRIPTION SERVICES ONLY IN ACCORDANCE WITH THE TERMS OF THIS AGREEMENT AND THE ORDER FORMS(S).
“Subscription Services” means the on-line, web-based security rating platform provided by SecurityScorecard, as specified on an Order Form.
“Order Form” means an ordering document that specifies the Subscription Services.
2. LICENSE GRANT. SecurityScorecard agrees to make available to Customer the Subscription Services set forth in an applicable Order Form in accordance with the terms and conditions of this Agreement. SecurityScorecard shall be responsible for providing the Subscription Services, and shall not be responsible for providing any service or product not described in this Agreement or applicable Order Form. SecurityScorecard grants Customer a nonexclusive, nontransferable right to access and use the Subscription Services solely for Customer’s internal business purposes as set forth in this Agreement. Customer shall not (i) use the Subscription Services to store or transmit computer viruses, worms, time bombs, Trojan horses and other harmful or malicious code, routines, files, scripts, agents or programs, (ii) use the Subscription Services to store or distribute any information, material or data that is harassing, threatening, infringing, libelous, unlawful, obscene, or which violates the privacy or intellectual property rights of any third party, (iii) access or use the Subscription Services for any benchmarking or competitive purposes, including, without limitation, for the purpose of designing and/or developing any competitive services, (iv) sell, resell, rent, lease, offer any time sharing arrangement, service bureau or any service based upon, the Subscription Services, (v) interfere with or disrupt the integrity or performance of the Subscription Services or thirdparty data contained therein, (vi) attempt to gain unauthorized access to the Subscription Services or any associated systems or networks or (vii) modify, make derivative works of, disassemble, decompile or reverse engineer the Subscription Services or any component thereof.
3.1. Termination for Breach. Either Party may terminate this Agreement, or an Order Form, following a material breach of this Agreement so long as the terminating Party has given the other party at least thirty (30) days prior written notice of the breach and such breach is not cured within such thirty (30) day period. Termination for breach will not alter or affect the terminating party's right to exercise any other remedies for breach.
3.2 Termination for Convenience. Customer may terminate an Order Form for convenience upon written notice to SecurityScorecard, provided that, there shall be no refunds of any fees in the event of such termination under this Section 3.2.
4. INVOICES, PAYMENTS.
4.1. Fees. The fees and payment terms for the Subscription Services rendered by SecurityScorecard will be as set forth in the applicable Order Form.
4.2. Refunds. Except in the case of termination for SecurityScorecard’s uncured breach, all payments are nonrefundable.
5. INTELLECTUAL PROPERTY RIGHTS.
5.1 Subscription Services. As between Customer and SecurityScorecard, SecurityScorecard retains all right title and interest in and to the Subscription Services, including all intellectual property rights therein and thereto, and Customer acquires no rights with respect to the Subscription Services, by implication or otherwise, except for those expressly granted in this Agreement.
5.2 Suggestions. Customer hereby grants to SecurityScorecard a royaltyfree, worldwide, transferable, sublicenseable, irrevocable, perpetual license to use or incorporate into the Subscription Services any suggestions, enhancement requests, recommendations or other feedback related to the Subscription Services that is provided by Customer.
6. OBLIGATIONS OF CUSTOMER
6.1. Customer Obligations. Customer shall (i) use the Subscription Services solely in accordance with this Agreement and any applicable laws and be responsible for the compliance of all its users with the foregoing and (ii) notify SecurityScorecard promptly of any unauthorized access to the Subscription Services of which Customer becomes aware.
6.2. Authority, Compliance. Customer represents and warrants that (i) Customer has the ability and authority to enter into and perform its obligations under this Agreement and the Order Form and (ii) Customer will not, and will not allow others, to use the Subscription Services in a manner that is (i) restricted in Section 2 above, or (ii) prohibited by law or regulation.
7. WARRANTY AND DISCLAIMER.
7.1. Authority. SecurityScorecard represents and warrants that SecurityScorecard has the power and authority to enter into and perform its obligations under this Agreement.
7.2. Compliant with Description. SecurityScorecard represents and warrants that the Subscription Services provided will substantially conform to its description provided in any Order Form. In the event the Subscription Services do not conform to the description provided in any Order Form, SecurityScorecard shall conform the Subscription Services to the descriptions within a reasonable period of time of being notified by Customer, and at no cost to Customer.
7.3. Service Level Agreement. The Subscription Services are provided under the Service Level Agreement attached hereto as Exhibit A.
7.4. Information Security. SecurityScorecard has taken commercially reasonable steps to protect the information technology systems currently used in providing the Subscription Services. SecurityScorecard has in place commercially reasonable disaster recovery plans, procedures and facilities for the Subscription Services and have taken commercially reasonable steps to safeguard the security of the Subscription Services.
7.5. DISCLAIMER. SECURITYSCORECARD PROVIDES ITS SUBSCRIPTION SERVICES FOR INFORMATIONAL PURPOSES AND DOES NOT WARRANT THAT THESE PRODUCTS AND SUBSCRIPTION SERVICES WILL IDENTIFY OR DETECT EVERY VULNERABILITY OR SECURITY ISSUE. SECURITYSCORECARD MAKES NO WARRANTY OR REPRESENTATION REGARDING THE SUBSCRIPTION SERVICES, ANY INFORMATION, MATERIALS, GOODS OR SERVICES OBTAINED THROUGH THE SUBSCRIPTION SERVICES, OR THAT THE SUBSCRIPTION SERVICES WILL MEET ANY CUSTOMER REQUIREMENTS. EXCEPT FOR THE LIMITED WARRANTIES SET FORTH ABOVE, SECURITYSCORECARD EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SECURITYSCORECARD SHALL NOT BE RESPONSIBLE OR LIABLE FOR THE ACCURACY OR USEFULNESS OF ANY INFORMATION PROVIDED, OR FOR ANY USE OF SUCH INFORMATION BY CUSTOMERS OR OTHERS. Because some states and jurisdictions do not allow limitations on implied warranties, the above limitation may not apply to Customer. In that event, such warranties are limited to the minimum warranty scope and period allowed by applicable law.
8. LIMITATION OF LIABILITY. EXCEPT FOR THE INDEMNIFICATION OBLIGATIONS UNDER SECTIONS 9 AND 10, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING, WITHOUT LIMITATION, LOSS OF PROFITS OR GOODWILL, FOR ANY MATTER ARISING OUT OF OR RELATING TO THIS AGREEMENT AND/OR AN ORDER FORM AND/OR ITS OR THEIR SUBJECT MATTER, WHETHER SUCH LIABILITY IS ASSERTED ON THE BASIS OF CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; AND EACH PARTY’S TOTAL LIABILITY FOR ANY CAUSE OF ACTION, CLAIM, DAMAGES, FEES, COSTS OR EXPENSES SHALL BE LIMITED TO THE AMOUNT PAID BY CUSTOMER TO SECURITYSCORECARD FOR THE SUBSCRIPTION SERVICES PROVIDED BY SECURITYSCORECARD UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE CLAIM AT ISSUE ACCRUED. THE LIMITATIONS SET FORTH IN THIS SECTION 8 APPLY TO ALL CAUSES OF ACTION IN THE AGGREGATE. EACH PARTY ACKNOWLEDGES AND AGREES THAT THIS SECTION 8 REPRESENTS A REASONABLE ALLOCATION OF RISK AND THAT, IN THE ABSENCE OF THESE LIMITATIONS OF LIABILITY, THE TERMS OF THIS AGREEMENT WOULD BE SUBSTANTIALLY DIFFERENT. Because some states and jurisdictions do not allow limitation of liability in certain instances, portions of the above limitation may not apply to Customer.
9. CUSTOMER INDEMNIFICATION. Customer agrees to indemnify, defend, and hold harmless SecurityScorecard, its directors, officers, shareholders, employees and agents, and their respective successors, assigns, estates and heirs (the “SecurityScorecard Indemnified Parties”) from and against any and all causes of action, losses, liabilities, claims, damages, obligations, fees, costs, expenses (including, without limitation, reasonable legal/attorney’s fees), brought by or owing to any third party and arising from or related to (i) any gross negligence or willful misconduct of Customer, (ii) any breach of restrictions in Section 2 of this Agreement, and (iii) any reliance by Customer upon the Subscription Services; provided, that SecurityScorecard (i) promptly gives Customer written notice of the claim; (ii) gives Customer sole control of the defense and settlement of the claim (provided that Customer may not settle any Claim unless the settlement unconditionally releases SecurityScorecard of all liability); and (iii) provides to Customer all reasonable assistance, at Customer’s expense.
10. SECURITYSCORECARD INDEMNIFICATION. SecurityScorecard will defend at its own expense any action brought against Customer, or Customer’s directors, officers or employees (the “Customer Indemnified Parties”) by a third party to the extent that the action is based on a claim, suit or proceeding that the Subscription Services infringe such party’s copyright or trademark rights (“Infringement Claim”), and SecurityScorecard will pay those costs and damages (including, but not limited, to legal/attorneys’ fees) finally awarded against Customer Indemnified Parties by a court of competent jurisdiction in any such action that are specifically attributable to such Infringement Claim, or those costs and damages agreed to in a monetary settlement of such action; provided, however, that Customer provides SecurityScorecard with prompt notice of the Infringement Claim, sole control of defense and settlement of that Infringement Claim, and reasonable assistance regarding such Infringement Claim at SecurityScorecard’s reasonable expense. In the event of any such Infringement Claim, SecurityScorecard may, at its option: (i) purchase a license to permit Customer to continue using the Subscription Services; (ii) modify or replace the relevant Subscription Services with noninfringing services of substantially equivalent performance within a reasonable period of time; or (iii) terminate this Agreement and the Order Form immediately and reimburse Customer for any fees paid in advance for Subscription Services that will not be performed due to such termination. Notwithstanding the forgoing, SecurityScorecard will have no obligation under this section or otherwise with respect to an Infringement Claim based upon: (i) any use of the Subscription Services not in accordance with this Agreement; (ii) any use of the Subscription Services in combination with other products, equipment, software or data not supplied by SecurityScorecard; (iii) any use of any form of the Subscription Services other than the most current form made available to Customer; or (iv) any modification of the Subscription Services by any person other than SecurityScorecard or its authorized representatives. This Section 10 states SecurityScorecard’s sole and exclusive liability, and Customer’s sole and exclusive remedy, for Infringement Claims. SecurityScorecard will not be responsible for any amounts arising out of any compromise or settlement made by Customer without SecurityScorecard’s prior written consent.
11. CONFIDENTIALITY. Each party (“Receiving Party”) may, during the course of its provision and use of the Subscription Services hereunder, receive, have access to, and acquire information from discussions with the other party (‘Disclosing Party”) which may not be accessible or known to the general public, such as technical and business information concerning hardware, software, designs, specifications, techniques, processes, procedures, research, development, projects, products or services, business plans or opportunities, business strategies, finances, costs, vendors, penetration test results and other security information; defect and support information and metrics; and first and third party audit reports and attestations or customers and other third party proprietary or confidential information that Disclosing Party treats as confidential, (“Confidential Information”). Confidential Information shall not include information or materials that (a) were generally known to the public on the Effective Date; (b) become generally known to the public after the Effective Date, other than as a result of the act or omission of the Receiving Party; (c) were rightfully known to the Receiving Party prior to its receipt thereof from the Disclosing Party; (d) are or were disclosed by the Disclosing Party generally without restriction on disclosure; (e) the Receiving Party lawfully received from a third party without that third party’s breach of agreement or obligation of trust; or (f) are independently developed by the Receiving Party as shown by documents and other competent evidence in the Receiving Party’s possession. The Receiving Party shall not: (i) use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, except with the Disclosing Party's prior written permission, (ii) disclose or make the Disclosing Party’s Confidential Information available to any party, except those of its employees, contractors, and agents that have signed an agreement containing disclosure and use provisions substantially similar to those set forth herein and have a “need to know” in order to carry out the purpose of this Agreement. Each party agrees to protect the confidentiality of the Confidential Information of the other party in the same manner that it protects the confidentiality of its own proprietary and confidential information of like kind, but in no event shall either party exercise less than reasonable care in protecting such Confidential Information. If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance
12. ANONYMOUS AGGREGATED DATA. Customer agrees that SecurityScorecard may aggregate anonymous data generated by Customer (“Aggregated Anonymous Data”). Customer agrees that SecurityScorecard will have the right to generate Aggregate Anonymous Data and that Aggregate Anonymous Data is the property of SecurityScorecard, which SecurityScorecard may use for any business purpose during or after the term of this Agreement including without limitation to develop and improve SecurityScorecard products and services and to create and distribute reports and other materials. Customer is not responsible for SecurityScorecard’s use of Aggregate Anonymous Data.
13. MAINTENANCE AND MODIFICATIONS. SecurityScorecard may from time to time perform routine maintenance. SecurityScorecard shall make reasonable efforts to give Customer a minimum of five (5) business days advance notification (via phone or email) of such maintenance and SecurityScorecard shall use best efforts to ensure that such maintenance shall not interrupt delivery of Subscription Service to Customer. Such maintenance shall normally be performed outside of normal business hours Eastern Time zone. In the event of a need for emergency maintenance, SecurityScorecard will make reasonable efforts to notify Customer and to provide as much notification as is deemed practicable by SecurityScorecard in regards to any downtime or other information pertinent to the affected Subscription Service. Customer shall provide (and revise as necessary) a list of contacts for maintenance and escalation purposes.
14.1. Relationship of Parties. The performance by SecurityScorecard of its duties and obligations under this Agreement shall be that of an independent contractor, and nothing in either agreement shall create or imply an agency relationship between SecurityScorecard and Customer, nor will either agreement be deemed to constitute a joint venture or partnership between the Parties. Furthermore, the Parties agree that the relationship between SecurityScorecard and Customer is non-exclusive.
14.2. Assignment. Neither party may assign its rights and obligations under this Agreement, either in whole or in part, without the express written consent of the other party; however, a party may assign such rights and obligations to an acquiring or successor entity in connection with a merger or acquisition, including the sale of all or substantially all of the assigning party’s assets. Any assignment in violation of this subsection 14.2 shall be void.
14.3. No Waiver. No waiver of any term or condition of this Agreement shall be construed as a waiver of any other term or condition, nor shall any waiver of any default under the same be construed as a waiver of any other default. No waiver of any provision hereof or any right or remedy hereunder shall be effective unless in writing and signed by the party against whom such waiver is sought to be enforced. No delay in exercising, no course of dealing with respect to, and no partial exercise of any right or remedy hereunder shall constitute a waiver of any other right or remedy, or future exercise thereof.
14.4. Severability. If any provision, or portion thereof, of this Agreement is determined by a court of competent jurisdiction to be invalid, illegal or unenforceable, such determination shall not impair or affect the validity, legality or enforceability of the remaining provisions of the relevant agreement, and each provision, or portion thereof, is hereby declared to be separate, severable and distinct and the Parties shall use their best efforts to agree upon a substitute provision that comports as closely as possible with the intent and effect of the stricken provision, failing which the court shall construe the relevant agreement to as closely as possible achieve the intention of the Parties had the stricken provision remained.
14.5. Amendment. No amendment, modification, change or discharge of this Agreement shall be valid unless in writing and signed by both Parties.
14.6. Survival. The Sections that are intended by their nature to survive termination or expiration shall survive any termination or expiration of this Agreement
14.7. Force Majeure. Customer acknowledges that the Internet consists of multiple interconnected networks that are independently owned and that are not subject to SecurityScorecard’s control and that SecurityScorecard does not warrant the Subscription Services against failure, malfunction, or cessation of Internet services or connectivity by Internet service providers or any of the networks that make up the Internet that may make the Subscription Services temporarily or permanently unavailable. If the performance of any part of this Agreement by either party is prevented, hindered, delayed or otherwise made impracticable by reason of any flood, riot, fire, judicial or governmental action, act of terrorism, act of cyber-warfare, act of war, labor dispute, act of God or any other cause or causes beyond the control of either party, that party shall be excused from such performance to the extent that it is prevented, hindered or delayed by such cause or causes. If such hindrance persists for a period of thirty (30) days or more, then either party shall have the right to terminate each applicable Order and/or terminate this Agreement without penalty and/or liability.
14.9. Headings. Headings are used in this Agreement and all associated agreements are solely for convenience and shall not be deemed to affect in any manner the meaning or intent of the applicable agreement or any provision there/hereof.
14.11. Counterparts. Each Order, and by extension, this Agreement, may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.
14.12. Notices. All notices, unless specified as an “electronic notice,” due under the terms of this Agreement shall be given in writing and sent by registered mail, reputable express courier service, or shall be delivered by hand to the following addresses: If to SecurityScorecard: SecurityScorecard Inc., 111 West 33rd Street, 11th Floor, New York, NY 10001, Attention: CEO. If to Customer: it shall be the address set forth in Order Form signature block.
14.13. Choice of Law; Venue. The Agreement and all agreements associated herewith shall be governed in all respects by the laws of the State of New York without regard to its conflict of laws principles, and all claims and/or lawsuits in connection with this Agreement, an Order Form, and/or any associated agreements must be brought in any state or federal court located in the State of New York, and the Parties hereby irrevocably submit to the jurisdiction and venue of any such court.
14.14. No Third Party Beneficiaries. The Parties do not intend to create any third-party beneficiaries of this Agreement, and nothing in this Agreement is intended, nor shall anything herein be construed to create any rights, legal or equitable, in any person other than the Parties to this Agreement.
EXHIBIT A: SERVICE LEVEL AGREEMENT.
SecurityScorecard’s goal is to achieve 99.9% Availability of the Services for its customers. If uptime for the Services is less than 98.0% for a given month of the Term, then SecurityScorecard shall issue Customer a service credit (“Service Credit”) in accordance with the schedule below, with the credit being calculated based on the fees for month of the affected Services. “Availability” is defined as the 24/7 access to the web interface to the SecurityScorecard SaaS platform being accessible and users can log-in to the system. Availability excludes issues due to internet and/or connectivity.
1. SERVICE CREDIT PROCEDURE.
To receive a Service Credit, Customer shall submit a customer support ticket with the description “Request for Service Credit” in the subject line of the email. Each request must include the following information: (a) Customer’s name; (b) Customer’s contact name, email and telephone information; (c) date and beginning and end time(s) of outage(s); and (d) a brief description of the characteristics of the failed uptime goal. Each Service Credit will be applied in the next billing cycle after SecurityScorecard’s receipt of Company’s credit request.
Uptime Commitment Failure
95.0% - 98.0%
10% of the fees for the month during which the failure occurred
94.9% and below
20% of the fees for the month during which the failure occurred
If fees are paid on an annual basis, the monthly fee shall be calculated in order to determine appropriate monthly credit.
2. SERVICE LEVELS.
SecurityScorecard’s support team can be reached at [email protected] and shall be available for all customer support requests during SecurityScorecard business hours, 8am-5pm EST Monday-Friday excluding US Federal Holidays Incidents will be routed and addressed according to the following service levels (each, a “Service Level”):
1 – Critical Priority
Incident that renders Services inoperative or causes Services to fail catastrophically.
Case will be opened upon receipt of request or identification of issue. Customer must be notified of the status of the issue within 1 hour. SecurityScorecard shall use reasonable commercial efforts (including by diligently and continuously performing such services as may be necessary) to: (a) promptly replicate and verify the reported problem; and (b) arrive at a fix as promptly as possible.
2 – High Priority
Incident that affects the operation of Services and degrades Company’s use of Services.
Case will be opened upon receipt of request or identification of issue. Customer must be notified of the status of the issue within 4 hours. SecurityScorecard shall use reasonable commercial efforts (including by diligently and continuously performing such services as may be necessary) to: (a) promptly replicate and verify the reported problem; and (b) arrive at a fix as promptly as possible.
3 – Standard Priority
Incident that affects the operation of Services but that does not degrade Company’s use of Services.
Case will be opened upon receipt of request. Customer must be notified of the status of the issue within 6 hours. SecurityScorecard shall diligently perform, during normal business hours, such services as may be necessary to: (a) promptly begin work on error identification and verification; and (b) arrive at a fix as promptly as possible.
3. SCHEDULED MAINTENANCE. SecurityScorecard may perform any standard maintenance, upgrades, replacement of hardware or software or any other like activity that may result in unavailability (collectively, “Scheduled Maintenance”). SecurityScorecard shall notify Customer in advance of any anticipated Scheduled Maintenance, and provide the date, time and expected duration. Such notice will be provided by email or web notification. Scheduled Maintenance shall not be included in the Uptime Commitment calculation.
4. EMERGENCY MAINTENANCE. SecurityScorecard may also perform any maintenance reasonably necessary to fix critical Service functionality, security or other vulnerabilities or material defects that may substantially impair the usability or performance of the Services, to the extent such maintenance cannot reasonable be performed during the Scheduled Maintenance window (“Emergency Maintenance”). SecurityScorecard shall notify Customer at least 24 hours’ notice (or at least as much notice as is reasonably possible, where 24 hours is not commercially reasonable) of any Emergency Maintenance, including its date, time and expected duration. Such notice will be provided by email or web notification.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.