Master Service Agreement
Last Updated November 25, 2020
This Master Service Agreement (this “Agreement”) is the main agreement between Abnormal Security Corporation, a Delaware corporation having its principal place of business at 185 Clara Street, Suite 100, San Francisco, CA 94107 (“Company”), and the end customer and user of our service (“Customer”). Each of Company and Customer may be referred to as a “Party,” or together, the “Parties.”
By accepting this Agreement, either by clicking a box indicating its acceptance or by executing an Order Form (as defined below) that references this Agreement, Customer agrees to the terms of this Agreement. If Customer and Company have executed a written agreement governing Customer’s access to and use of the Service, then the terms of such signed agreement will govern and will supersede this Agreement.
This Agreement is effective as of the earlier of the date that Customer accepts the terms of this Agreement as indicated above or first accesses or uses the Service (the “Effective Date”). Company reserves the right to modify or update the terms of this Agreement in its discretion, the effective date of which will be the earlier of (i) 30 days from the date of such update or modification and (ii) Customer’s continued use of the Service following such changes.
In consideration of the mutual covenants and agreements set forth in this Agreement, the parties hereby agree as follows:
The definitions of certain capitalized terms used in this Agreement are set forth below. Others are defined in the body of this Agreement.
“Customer Data” has the meaning ascribed to it in Section 7.1, below.
“Documentation” means the written or online documentation regarding the Service made available by Company, and all modifications, updates, and upgrades thereto.
“Order Form” means an ordering document to purchase a Subscription to the Service delivered by Customer to Company, setting forth pertinent details regarding the Subscription, including start and end dates and agreed pricing. Each Order Form will be incorporated herein by reference.
“Service” means Company’s proprietary, Software-as-a-Service solution for detecting, analyzing, and blocking targeted email fraud, including the Documentation and all software applications, databases, modules, source code, development tools, libraries and utilities that Company uses, creates, and/or maintains in order to provide the Service to Customer, the modifications, updates, upgrades, and enhancements thereto that Company makes on a periodic basis.
“Service Level Agreement” means the Service Level Agreement attached hereto as Exhibit A.
“Subscription” has the meaning ascribed to it in Section 2.1.
“Subscription Term” means the length of the Subscription set forth on the applicable Order Form.
“Support” means the technical support services set forth on Exhibit B.
“Users” means individuals or entities that are authorized by Customer to use the Service under its account and on its behalf.
2. ACCESS TO AND USE OF SERVICES
- Right to Access and Use the Service. Subject to the terms of this Agreement, Company grants Customer a royalty-free, nonexclusive, nontransferable, worldwide right during each Subscription Term to access and use the Service described in the applicable Order Form for the quantity and for the duration identified on the Order Form (the “Subscription”).
- Restrictions. Customer will not (and will use commercially reasonable efforts not to allow any third party to): (i) access the Service for any benchmarking, penetration testing or competitive purposes without Company’ express written consent; (ii) market, sublicense, resell, lease, loan, transfer, or otherwise commercially exploit or make the Service available to any third party, except to a third party that manages Customer’s computing environment; or (iii) modify, create derivative works, decompile, reverse engineer, attempt to gain access to the source code, or copy the Service, or any of their components (each a “Prohibited Use”).
3. COMPANY OBLIGATIONS
3.1 General. Company is responsible for providing the Service in conformance with this Agreement, the Order Form(s), and applicable Documentation. The Service will be hosted by Company on its cloud-based infrastructure.
3.2 Availability. Company will use its best efforts to ensure that the Service is available in accordance with the terms of the Service Level Agreement, which sets forth Customer’s remedies for any interruptions in the availability of the Service.
3.3 Support. If Customer experiences any errors, bugs, or other issues in its use of the Service, then Company will provide Support in order to resolve the issue or provide a suitable workaround. The fee for Support is included in the cost of the Subscription set forth on the Order Form.
4. TERM AND TERMINATION
4.1 Term. The term of this Agreement will commence on the Effective Date and will continue for so long as there are active Subscriptions, unless otherwise terminated as provided in Section 4.2, below (the “Term”).
4.2 Termination for Cause. Either Party may terminate this Agreement or any active Subscription for cause (i) upon 30 days written notice to the other Party of a material breach if such breach remains uncured at the expiration of the 30-day period, or (ii) if the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.
4.3 Effect of Termination. If Customer terminates this Agreement or any active Subscription in accordance with Section 4.2, then Company will provide a pro rata refund of any prepaid fees allocable to the remaining Term.
- Survival. The following provisions will survive any expiration or termination of this Agreement: Sections 6; 7; 8; 9; 12; and 13.
5. FEES AND PAYMENT
5.1 Fees. Customer will pay the fees for the Subscription set forth on the applicable Order Form. Following execution of the Order Form, Company will submit an invoice to Customer for the Subscription, and payment will be due 30 days from receipt of an undisputed invoice unless otherwise set forth on the Order Form (the “Due Date”).
5.2 Overdue Charges. If any undisputed, invoiced amount is not received by Company by the Due Date, then (i) those charges may accrue late interest at the rate of 3.0% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, and (ii) Company may condition future Subscriptions on receipt of payment for previous Subscriptions and/or payment terms shorter than those specified on the previous Order Form.
5.3 Taxes. The fees payable hereunder are exclusive of any sales taxes (unless included on the invoice), or similar governmental sales tax type assessments, excluding any income or franchise taxes on Company (collectively, “Taxes”) with respect to the Service provided to Customer. Unless Customer provides Company with a valid exemption certificate, Customer is solely responsible for paying all Taxes associated with or arising from this Agreement and shall indemnify and/or reimburse Company for all Taxes paid or payable by, demanded from, or assessed upon Company.
- Confidential Information. Except as explicitly excluded below, any information of a confidential or proprietary nature provided by a Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) constitutes the Disclosing Party’s confidential and proprietary information (“Confidential Information”). Company’ Confidential Information includes the Service and any information conveyed to Customer in connection with Support. Customer’s Confidential Information includes Customer Data. Confidential Information does not include information which is (i) already known by the Receiving Party without an obligation of confidentiality other than pursuant to this Agreement; (ii) publicly known or becomes publicly known through no unauthorized act of the Receiving Party; (iii) rightfully received from a third party without a confidentiality obligation to the Disclosing Party; or (iv) independently developed by the Receiving Party without access to the Disclosing Party’s Confidential Information.
- Confidentiality Obligations. Each Party will use the Confidential Information of the other Party only as necessary to perform its obligations under this Agreement, will not disclose the Confidential Information to any third party, and will protect the confidentiality of the Disclosing Party’s Confidential Information with the same standard of care as the Receiving Party uses or would use to protect its own Confidential Information, but in no event will the Receiving Party use less than a reasonable standard of care. Notwithstanding the foregoing, the Receiving Party may share the other Party’s Confidential Information with those of its employees, agents and representatives who have a need to know such information and who are bound by confidentiality obligations at least as restrictive as those contained herein (each, a “Representative”). Each Party shall be responsible for any breach of confidentiality by any of its Representatives.
- Additional Exclusions. A Receiving Party will not violate its confidentiality obligations if it discloses the Disclosing Party’s Confidential Information if required by applicable laws, including by court subpoena or similar instrument so long as the Receiving Party provides the Disclosing Party with written notice of the required disclosure so as to allow the Disclosing Party to contest or seek to limit the disclosure or obtain a protective order, unless such notice is prohibited by law. If no protective order or other remedy is obtained, the Receiving Party will furnish only that portion of the Confidential Information that is legally required, and agrees to exercise reasonable efforts to ensure that confidential treatment will be accorded to the Confidential Information so disclosed.
7. DATA PROTECTION
7.1 Customer Data. In connection with its use of the Service, Customer will transfer a limited amount of information, including personal information, to Company for processing, primarily consisting of (i) email metadata (e.g. headers and origin IP address), email contents (e.g. email address, email contents, and any attachments thereto), and email platform metadata (e.g. tokenized identifiers) (collectively, “Email Data”), and (ii) User IP address (collectively, “User Data” and together with Email Data, “Customer Data”). Company uses Customer Data exclusively for the purpose of providing the Service to Customer, and Customer grants Company a limited license during the Subscription Term to use Customer Data to do so.
7.2 Security. Company maintains industry-standard physical, technical, and administrative safeguards in order to protect Customer Data.
7.3 No Access. Except for the Customer Data or as otherwise permitted under this Agreement, Company does not (and will not) collect, process, store, or otherwise have access to any information or data, including personal information, about Users, Customer’s network, or users of Customer’s products or services.
8.1 Company Property. Company owns and retains all right, title, and interest in and to the Service, including any de-identified data Company derives from Customer Data by means of normal functioning of the Service. Additionally, Company owns any feedback or suggestions provided by Customer to Company with respect to the Service. Except for the limited license granted to Customer in Section 2.1, Company does not by means of this Agreement or otherwise transfer any rights in the Service to Customer, and Customer will take no action inconsistent with the Company’s intellectual property rights in the Service.
8.2 Customer Property. Customer owns and retains all right, title, and interest in and to the Customer Data and does not by means of this Agreement or otherwise transfer any rights in the Customer Data to Company, except for the limited license set forth in Section 7.1.
9. REPRESENTATIONS AND WARRANTIES
- Mutual Representations and Warranties. Each Party represents and warrants it has validly entered into this Agreement and has the legal power to do so.
- Limited Warranty. Company warrants that the Service (a) will conform with the Documentation, and (b) will be provided in a manner consistent with generally accepted industry standards.
- Disclaimer. With the exception of the limited warranties set forth in this Section 9, the Service is provided “as is” to the fullest extent permitted by law. Company and its licensors expressly disclaim all other warranties, express or implied, including warranties of performance, merchantability, fitness for any particular purposes, and non-infringement. Company does not warrant that the Service (i) is error-free, (ii) will perform uninterrupted, or (iii) will meet Customer’s requirements.
10.1 Company will maintain in full force and effect during the term of this Agreement:
(a) Commercial general liability insurance on an occurrence basis for bodily injury, death, property damage, and personal injury, with coverage limits of not less than $1,000,000 per occurrence and $2,000,000 general aggregate for bodily injury and property damage;
(b) Worker’s compensation insurance as required by applicable law, including employer’s liability coverage for injury, disease and death, with coverage limits of not less than $1,000,000 per accident and employee;
(c) Umbrella liability insurance on an occurrence form, for limits of not less than $3,000,000 per occurrence and in the aggregate; and
(d) Technology Errors & Omissions and Cyber-risk on a claims-made form, for limits of not less than $10,000,000 annual aggregate covering liabilities for financial loss resulting or arising from acts, errors or omissions in the rendering of the Service, or from data damage, destruction, or corruption, including without limitation, unauthorized access, unauthorized use, virus transmission, denial of service, and violation of privacy from network security failures in connection with the Service. Coverage will be maintained for a period of no less than three years following termination of this Agreement.
10.2 Insurance carriers will be rated A-VII or better by A.M. Best Provider. Company’ coverage will be considered primary without right of contribution of Customer’s insurance policies. In no event will the foregoing coverage limits affect or limit in any manner Company’ contractual liability for indemnification or any other liability of Company under this Agreement.
- By Company. Company will indemnify, defend, and hold harmless Customer, its affiliates, and their respective owners, directors, officers, and employees (collectively, “Customer Indemnitees”) from and against any claim, action, demand, suit or proceeding (each a “Claim”) made or brought by a third party against any of the Customer Indemnitees alleging that Customer’s use of the Service infringes or misappropriates any United States or European Union patent, trademark, copyright, or any other intellectual property of such third party. Company will pay any settlement of such Claim, or any damages finally awarded against any Customer Indemnitees by a court of competent jurisdiction as a result of any such Claim. In connection with any Claim Customer will (i) give Company prompt written notice of the Claim, (ii) give Company sole control of the defense and settlement of the Claim (provided that Company may not settle any Claim without the Customer Indemnitee’s written consent, which will not be unreasonably withheld), and (iii) provide to Company all reasonable assistance, at Company’ request and expense. If Customer’s right to use the Service is, or in Company’ opinion is likely to be, enjoined as the result of a Claim, then Company may, at Company’ sole option and expense procure for Customer the right to continue using the Service under the terms of this Agreement, or replace or modify the Service so as to be non-infringing and substantially equivalent in function to the claimed infringing or enjoined Service. If Company determines that neither of the foregoing is commercially reasonable, then Company may terminate this Agreement and refund to Customer any prepaid fees allocable to the remainder of the Subscription Term. Company will have no indemnification obligations under this Section 11.1 to the extent that a Claim is based on or arises from: (a) use of the Service in a manner other than as expressly permitted in this Agreement; (b) any alteration or modification of the Service except as expressly authorized by Company; or (c) the combination of the Service with any other software, product, or services (to the extent that the alleged infringement arises from such combination). This Section 11.1 sets forth Company’ sole and exclusive liability, and Customer’s exclusive remedies, for any Claim of infringement or misappropriation of intellectual property.
- By Customer. Customer will indemnify, defend, and hold harmless Company, its affiliates, and their respective owners, directors, officers, and employees (together, the “Company Indemnitees”) from and against any Claim related to Customer or a User engaging in a Prohibited Use. Customer will pay any settlement of and any damages finally awarded against any Company Indemnitee by a court of competent jurisdiction as a result of any such Claim. In connection with any Claim Company will (i) give Customer prompt written notice of the Claim, (ii) give Customer sole control of the defense and settlement of the Claim (provided that Customer may not settle any Claim without Company’ prior written consent which will not be unreasonably withheld), and (iii) provide to Customer all reasonable assistance, at Customer’s request and expense.
12. LIMITATIONS OF LIABILITY
- EACH PARTY HERETO AGREES THAT WITH THE EXCEPTION OF THE INDEMNIFICATION OBLIGATIONS UNDER SECTION 11, THE CONFIDENTIALITY OBLIGATIONS UNDER SECTION 6, AND COMPANY’S BREACH OF ITS SECURITY OBLIGATIONS UNDER SECTION 7.2, (THE “EXCLUDED CLAIMS”) AND ABSENT GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT OF THE OTHER PARTY, NEITHER THE OTHER PARTY NOR ITS AFFILIATES NOR THE OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, AGENTS OR REPRESENTATIVES OF ANY OF THEM WILL BE LIABLE TO SUCH PARTY FOR ANY INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, WHETHER FORESEEABLE OR UNFORESEEABLE, THAT MAY ARISE OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF THE OTHER PARTY HAS BEEN NOTIFIED OF THE POSSIBILITY OR LIKELIHOOD OF SUCH DAMAGES OR COSTS OCCURRING AND WHETHER SUCH LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, PRODUCTS LIABILITY OR OTHERWISE.
- EACH PARTY HERETO AGREES THAT WITH THE EXCEPTION OF THE EXCLUDED CLAIMS AND ABSENT GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT OF THE OTHER PARTY, IN NO EVENT WILL THE COLLECTIVE LIABILITY OF EITHER PARTY, OR THEIR RESPECTIVE AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS, AGENTS AND REPRESENTATIVES, TO THE OTHER PARTY FOR ANY AND ALL DAMAGES, INJURIES, AND LOSSES ARISING OUT OF, BASED ON, RESULTING FROM, OR IN ANY WAY RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER TO COMPANY UNDER THIS AGREEMENT IN THE PRIOR 12 MONTHS. THE EXISTENCE OF MULTIPLE CLAIMS OR SUITS UNDER OR RELATED TO THIS AGREEMENT WILL NOT ENLARGE OR EXTEND THE LIMITATION OF MONEY DAMAGES WHICH WILL BE THE CLAIMANT’S SOLE AND EXCLUSIVE REMEDY. WITH RESPECT TO EXCLUDED CLAIMS, THE AMOUNT OF SUCH LIMIT WILL BE THREE TIMES THE TOTAL AMOUNT PAID BY CUSTOMER TO COMPANY UNDER THIS AGREEMENT.
This Agreement, including all applicable Order Forms, is the entire agreement between Customer and Company and supersedes all prior agreements and understandings concerning the subject matter hereof and may not be amended or modified except by a writing signed by both Parties. Customer and Company are independent contractors, and this Agreement will not establish any relationship of partnership, joint venture, or agency between Customer and Company. Failure to exercise any right under this Agreement will not constitute a waiver. There are no third-party beneficiaries to this Agreement. This Agreement is governed by the laws of the State of California without reference to conflicts of law rules. For any dispute relating to this Agreement, the Parties consent to personal jurisdiction and the exclusive venue of the courts in San Francisco County, California. Any notice provided by one Party to the other under this Agreement will be in writing and sent by electronic mail to the email address listed on the signature page below. If any provision of this Agreement is found unenforceable, this Agreement will be construed as if it had not been included. Neither Party may assign this Agreement without the prior, written consent of the other Party, except that either Party may assign this Agreement without such consent to an affiliate, or in connection with an acquisition of the assigning Party or a sale of all or substantially all of its assets.
SERVICE LEVEL AGREEMENT
1. Definitions. For purposes of this Service Level Agreement, the following terms have the meaning ascribed to each term below:
“Downtime” means if Customer is unable to access the Service by means of a web browser and/or API as a result of failure(s) in the Service, as confirmed by Company.
“Emergency Downtime” means circumstances where Company discovers a vulnerability in the Service that is reasonably likely to have a broad material impact on the Service. During Emergency Downtime, Company will make the Service unavailable to correct the vulnerability, and then promptly restore the availability of the Service.
“Maintenance Downtime” means routine maintenance that occurs outside of normal working hours (Pacific Time) and continues for no more than four hours in any one instance, so long as Company provides Customer at least 48 hours prior written notice (including by email) to Customer’s main technical contact on file with Company.
“Monthly Uptime Percentage” means the total number of minutes in a calendar month minus the number of minutes of Downtime suffered in a calendar month, divided by the total number of minutes in a calendar month.
“Service Credit” means the number of days by which Company will extend the length of the Subscription Term, at no charge to Customer, according to the table in Section 2, below.
2. Service Level Warranty. During the Term, the Service will be operational and available to Customer at least 99.0% of the time in any calendar month (the “Service Level Warranty”). If the Monthly Uptime Percentage does not meet the Service Level Warranty in any calendar month, and if Customer meets its obligations under this Agreement, then Customer will be eligible to receive Service Credit as follows:
< 99.0% – ≥ 98.0%
< 98.0% – ≥ 95.0%
3. Customer Must Request Service Credit. In order to receive Service Credit, Customer must notify Company in writing within 30 days from the time Customer becomes eligible to receive a Service Credit under the terms of this Agreement. Failure to comply with this requirement will forfeit Customer’s right to receive Service Credit.
4. Maximum Service Credit.The aggregate maximum amount of Service Credit to be issued by Company to Customer for all Downtime that occurs in a single calendar month will not exceed 15 days. Service Credit may not be exchanged for, or converted into, monetary amounts.
5. Exclusions. The Service Level Warranty does not apply to Service unavailability due to Maintenance Downtime, Emergency Downtime, or any performance issues that (i) are caused by riots, insurrection, fires, flood, storm, explosions, acts of God, war, terrorism, earthquakes, or any other causes that are beyond Company’ reasonable control so long as Company uses commercially reasonable efforts to mitigate the effects of such force majeure, (ii) resulted from Customer’s equipment or third party equipment or service (e.g. Customer’s internet connection), or (iii) resulted from Customer’s violation of this Agreement.
This exhibit sets forth the terms on which Company provides technical support (“Support”) to Customer (the “Support Terms”).
“Error” means a failure of the Service to conform to the published specifications, resulting in the inability to use, or material restriction in the use of, the Service.
“Start Time” means the time at which Company first becomes aware of an Error during Company’s regular business hours, following initiation of a Support case by Customer in accordance with Section 3, below.
- During a Subscription Term, Company will provide the Support described in these Support Terms 8 hours a day, 5 days a week (9am – 5pm, Pacific Time).
- Contacts. The Customer Support Contacts may initiate a Support case by emailing email@example.com or calling (866) 466-9321 .
- Severity Levels and Timeframes. Company will establish the Priority Level of an Error and the corresponding Support case in its sole discretion and will use its best efforts to adhere to the Response Times set forth below.
System Down. Complete failure of the software, impacting all users. Incident is causing a service disruption for production users or a degrading condition that renders the service inoperable.
The software is operating in degraded mode. One or more of the subsystems is not functioning or impacting only a subset of the users. Incident is causing a service degrading condition, but the service is still operable.
All major functionality is working. Non-critical system issues. The service is running with limited functionality in one or more subsystems or intermittent issues
How-To Questions and software issues with no degradation.
- Conditions, Exclusions, and Termination.
A. Conditions. Company’ obligation to provide Support is conditioned upon the following: (i) Customer makes reasonable efforts to solve the Error after consulting with Company; (ii) Customer provides Company with sufficient information and resources to correct the Error, as well as any and all assistance reasonably requested by Company; and (iii) Customer procures, installs, and maintains all equipment, telephone lines, communication interfaces and other hardware necessary to access and operate the Service.
B. Exclusions. Company is not obligated to provide Support in the following situations: (i) the problem is caused by Customer’s gross negligence, hardware malfunction, or other causes beyond the reasonable control of Company; or (ii) the problem is with third party software not licensed through Company.
C. Termination. Company reserves the right to conclude its performance of a particular Support case when, in its reasonable discretion, Company determines that it has provided a satisfactory resolution or workaround to the Error.