This Master Subscription Services Agreement (this “Agreement“), effective as of the date you click the box to indicate acceptance (the “Effective Date“), is by and between ContraForce Group, Inc., a Delaware corporation, with offices at 7540 SH 121, Suite 200, McKinney, TX 75070 (“ContraForce“) and you (“you”, “End User”, “Customer”). ContraForce and Customer may be referred to herein collectively as the “Parties” or individually as a “Party.”
(b) “Customer Data” means all electronic information provided by Customer to ContraForce under this Agreement.
(c) “Deliverables” means the Software and Documentation, any tangible and intangible materials, including reports, studies, base cases, drawings, findings, manuals, and procedures that are prepared by Contraforce in the course of furnishing the Software and Documentation.
(d) “Documentation” means the standard ContraForce help materials, user documentation, and training materials normally made available by Contraforce in connection with specific Software tools and / or products.
(e) “Order Form” means ContraForce’s standard order form documentation for ordering certain Software products through the ContraForce Site (as defined in ContraForce’s Terms of Service).
(f) “Software” means the software products for cybersecurity operations and related services that are included in Customer’s subscription as identified in the Order Form in object code format, including any Updates provided to Customer pursuant to this Agreement.
(g) “Services” means any the services to be performed by ContraForce for Customer, other than Software Services, in accordance with Section 4 herein and as further detailed in a Statement of Work.
(h) “Software Services” means the access for Authorized Users through the Site to use the Software on a software as a service (SaaS) basis and cybersecurity operation services performed on a subscription or recurring basis as set forth in an Order Form.
(i) “Statement of Work” (also referred to as an “SOW”) means a document in writing signed by both Parties, that: (a) details the scope of work of the Services to be performed by ContraForce under this Agreement, including identification of deliverables and other materials to be provided to Customer, if any; (b) identifies the locations at which the Services shall be performed; and (c) specifies the applicable payment terms for performing the Services.
(j) “Term” means the duration of this Agreement as identified in the Order Form, as the subscription term (the “Initial Term”), or any extension period thereof (each, a “Renewal Term”).
(k) “Update” means any updates, bug fixes, patches, maintenance releases, or other error corrections to the PatchRx Software that ContraForce generally makes available free of charge to all customers of the Software.
(a) License to Customer. To enable Customer to use the Software Services, ContraForce grants to Customer, during the Term, a personal, non-exclusive, non-sublicensable, non-transferable and non-assignable license for Authorized Users solely to (i) access and use the Software and applicable Documentation strictly for the benefit of Customer’s internal business operations.
(b) License to ContraForce. To enable ContraForce to provide the Software Services, Customer grants to ContraForce, during the Term, a personal, non-exclusive, non-sublicensable license to use, reproduce, transmit and modify the Customer Data solely in connection with ContraForce provision of the Software Services, which for the avoidance of doubt includes ContraForce’ testing, monitoring, reporting, modeling, and benchmarking Software Services and use thereof.
(a) Security & Infrastructure Obligations. Customer will be responsible for designating an employee or other person (“User Administrator”) who shall be responsible for (i) notifying ContraForce of each Authorized User for which it wishes to have access to the Software Services; (ii) identifying the roles and rights of each Authorized User; and (iii) facilitating Customer’s review of usage logs and other auditing or reporting information provided by ContraForce. Customer will be responsible for maintaining the confidentiality and security of such passwords and login IDs and all activities that occur under these IDs, regardless of whether such passwords and login IDs are generated and managed by Customer or by ContraForce. Customer will ensure that each login ID and password issued to an Authorized User will be used only by that Authorized User. Customer agrees to notify ContraForce promptly of any actual or suspected unauthorized use of any account, login ID or passwords, or any other breach or suspected breach of these security requirements. ContraForce reserves the right to suspend or terminate any login ID which ContraForce reasonably believes may have been used by an unauthorized third party or by any user or individual other than the Authorized User to whom such login ID and password was rightfully assigned. Customer is also responsible for maintaining the required hardware, software, Internet connections and other resources necessary for Customer and Authorized Users to access the Services through the Site.
(b) Other Customer Responsibilities. During the term of this Agreement, Customer will provide ContraForce with reasonable access to requested resources such as (i) information about Customer personnel, facilities, equipment, hardware, software, network and information, and (ii) timely decision-making, notification of relevant issues or information, identification of bugs in Software or Software Services, and granting of approvals or permissions as reasonably necessary for ContraForce to provide the Software Services and/or Services under this Agreement.
4.1 ContraForce shall perform the Services set forth in the Order Form and as detailed in any agreed Statement of Work. If the Parties desire changes to the Services, including alterations in, additions to, or deletions from the Services, or changes in the sequence of the performance of the Services, and such request affects the completion, substance, and/or fees, as defined therein, the change shall be mutually agreed to in writing. ContraForce shall perform all Services in a professional and workmanlike manner using appropriately skilled, qualified, and competent personnel.
(a) ContraForce Intellectual Property. ContraForce owns or is an authorized licensee for all intellectual property used for purposes of providing the Software Services under this Agreement, whether developed prior to the commencement of this Agreement or anytime thereafter (the “ContraForce Properties”). All right, title, and interest in and to the ContraForce Properties (including, without limitation, all copyright, patent, trade secret, trademark and other intellectual property rights) and any customizations, corrections, updates, adaptations, enhancements, improvements, translations or copies of the foregoing shall remain or vest exclusively with ContraForce. Additionally, ContraForce shall own any aggregated and anonymized data compiled from various data sources, provided that such aggregated and anonymized data is not attributable to source data.
(b) Customer Intellectual Property. All right, title, and interest in and to the Customer Data shall be owned exclusively by Customer, provided that Customer grants to ContraForce a non-exclusive, worldwide license to copy, transmit, modify and use the Customer Data solely for purposes of providing the Software Services and Services.
From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media, and whether or not marked, designated, or otherwise identified as “confidential” (collectively, “Confidential Information“). Without limiting the foregoing, the Software Services, Services, Customer Data, and terms of this Agreement shall be considered Confidential Information. Confidential Information does not include information that the receiving Party can demonstrate that, at the time of disclosure is:
(a) in the public domain; (b) known to the receiving Party; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party. The receiving Party shall not disclose the disclosing Party’s Confidential Information to any person or entity, except to the receiving Party’s employees, agents, contractors, consultants and representatives, including its bankers, attorneys and accountants (collectively “Representatives”) who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder, and then only under a written confidentiality agreement or other binding confidentiality obligation no less restrictive than this Section 6. The receiving Party on behalf of itself and its Representatives agrees that it will treat Confidential Information of the disclosing Party with the same degree of care as it accords to its own confidential information of like sensitivity, but in no event less than a reasonable level of care. The receiving Party further ensures that it and its Representatives will use the disclosing Party’s Confidential Information only for the purposes contemplated by this Agreement. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party’s rights under this Agreement, including to make required court filings. On the expiration or termination of the Agreement, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed. In the event the terms of this Agreement conflict or are otherwise inconsistent with terms of any nondisclosure agreement the Parties entered into prior to the Effective Date concerning Confidential Information disclosed during the course of performance under this Agreement, the terms of this Agreement shall control.
Customer shall not sell, rent, lease, sublicense, distribute, transfer, copy, reproduce, download, display, timeshare, modify, alter, or create any derivative work, derivation, enhancement and/or improvement of the Software Services or the Software or use such as a component of or a base for products or services prepared for commercial sale, sublicense, lease, access or distribution. Customer shall not itself, or cause or permit any Authorized User to, translate, reverse engineer, or otherwise disassemble the Software. Customer shall not cause or allow any third party or unlicensed user or computer system, other than an Authorized User, to access or use the Software Services or Software. Customer shall not introduce any infringing or otherwise unlawful data or material or any virus, spyware, malware or disabling code into the Software Services or into ContraForce systems or environment, nor shall Customer remove, obscure or alter any intellectual property right or confidentiality notices or legends appearing in or on any aspect of the Software or the Software Services.
(a) ContraForce Warranties Disclaimer. ALL CONTRAFORCE PROPERTIES ARE PROVIDED “AS IS.” CONTRAFORCE DOES NOT WARRANT THAT THE SOFTWARE, SOFTWARE SERVICES OR SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, THAT THE OPERATION OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL DEFECTS IN THE SOFTWARE WILL BE CORRECTED. TO THE FULL EXTENT PERMITTED BY LAW, CONTRAFORCE DISCLAIMS ALL OTHER WARRANTIES WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHTS. FURTHER, CONTRAFORCE SHALL NOT BE LIABLE FOR ANY BUSINESS OR PROFESSIONAL DECISIONS MADE OR IMPLEMENTED BY CUSTOMER BASED ON CUSTOMER’S USE OF THE SERVICES.
(b) Mutual Warranties. Each Party represents, warrants, and covenants that (i) it is a business entity duly organized and in good standing in all jurisdictions where it does business; (ii) has the full power and authority to enter into and perform its obligations under this Agreement; (iii) it will comply with all applicable laws in connection with its performance hereunder, including all export control laws.
(c) Service Level Agreement. ContraForce provides certain Service Level Agreements regarding uptime and downtime as set forth in Exhibit A.
EXCEPT FOR BREACHES OF SECTIONS 2, 3, OR 6, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR DATA USE, WHETHER IN AN ACTION IN CONTRACT OR TORT INCLUDING NEGLIGENCE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY’S LIABILITY FOR DAMAGES HEREUNDER SHALL IN NO EVENT EXCEED IN THE AGGREGATE OF THE AMOUNT OF FEES PAID AND OWED BY CUSTOMER UNDER THIS AGREEMENT FOR THE IMMEDIATELY PRECEEDING TWELVE (12) MONTH PERIOD. THE PARTIES HAVE AGREED THAT THESE LIMITATIONS WILL SURVIVE AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
(a) ContraForce Indemnification. ContraForce, at its expense, shall defend, indemnify and hold Customer harmless from and against any loss, damages or liability from any claim, suit or proceeding (collectively, a “Claim”), to the extent arising out of, or related to, the use by Customer of the Software Services in strict accordance with this Agreement and alleging infringement of a United States patent issued on or before the Effective Date or a copyright or trade secret right of any third party; provided that Customer: (i) promptly notifies ContraForce of such Claim; (ii) provides ContraForce with full control of the defense and settlement of each such Claim; (iii) cooperates with ContraForce in such defense and settlement, and (iv) does not settle any such Claim or suit without ContraForce’ prior written consent. Customer may participate in the defense and settlement of any Claim with counsel of its choice at its own expense provided that ContraForce shall continue to have sole control of such defense or settlement. If any portion of the Software Services becomes, or in ContraForce’s opinion is likely to become, the subject of a claim of infringement, ContraForce may, at its option: (a) procure for Customer the right to continue using the Software Services; (b) replace the Software Services with non-infringing services which do not materially impair the functionality of the Software Services; (c) modify the Software Services so that it becomes non-infringing; or (d) terminate this Agreement and refund any unused fees actually paid by Customer to ContraForce for the remainder of the term then in effect, and upon such termination, Customer will immediately cease all use of the Software Services. Notwithstanding the foregoing, ContraForce shall have no obligation under this section or otherwise with respect to any infringement claim based upon (I) any use of the Software Services not in accordance with this Agreement or not as specified in the Documentation; (II) any use of the Software Services in combination with other products, equipment, software or data not supplied by ContraForce if the Software Services without such combination does not infringe; (III) any modification of the Software Services by any person other than ContraForce or its authorized agents; or (IV) a superseded Software version if a corrective Update has been made available to Customer. This Section 10(a) states the sole and exclusive remedy of Customer and the entire liability of ContraForce with respect to infringement claims and actions.
(b) Customer Indemnification. Customer, at its expense, shall defend, indemnify, and hold ContraForce harmless to the extent any Claims relate to or arise from: (i) Customer’s use of the Software Services other than as specified by ContraForce or for any illegal purposes; (ii) ContraForce’s use of the Customer Data; or (iii) any modification to a Deliverable not made by or at the direction of ContraForce, provided that ContraForce: (1) promptly notifies Customer of such Claims; (2) provides Customer with full control of the defense and settlement of each such Claim; (3) cooperates with Customer in such defense and settlement, and (4) does not settle any such Claim without Customer’s prior written consent. ContraForce may participate in the defense and settlement of any Claim with counsel of its choice at its own expense provided that Customer shall continue to have sole control of such defense or settlement.
This Service Level Agreement ("SLA") is a part of Master Subscription Agreement dated June 27, 2023 ("Master Agreement") between ContraForce Group Inc. (“ContraForce”) and (“Customer)”, under which ContraForce performs certain services for Customer. It sets forth the parties' objectives and the performance levels ContraForce must meet for certain services. This SLA is effective beginning on the effective date of the Master Agreement, and will remain in effect until the termination of the Master Agreement. Capitalized terms used but not defined in this SLA shall have the meanings set out in the Master Agreement. Any revisions to the service levels must be authorized by both parties
1. ServiceScope. This SLA covers the ContraForce Portal andContraForce API’s.
2. CustomerObligations. Customer's responsibilities and obligations in support of this SLA include the following:
(a) Providing information and authorizations as required by ContraForce for performing theServices.
(b) Adhering to policies and processes established by ContraForce and Customer for reporting service failures and incidents and prioritizing service requests.
(c) Making a representative available (i) for regular meetings to review the SLA and (ii)to consult with the ContraForce for resolving service-related incidents or requests.
(d) Paying fees and costs as required by the Master Agreement.
3. ContraForceObligations. ContraForce's responsibilities and obligations in support of this SLA include:
(a) TheServices shall be available 99.9%, measured monthly, excluding scheduled maintenance. No period of service degradation or inoperability will be included in calculating availability percentage due to the extent that such downtime or degradation is due to any of the following (”Exceptions”): (i) Customer requests maintenance and such maintenance affects uptime or downtime; (ii)Customer’s or any of its Authorized Users’ misuse of the Services; (iii)failures of Customer’s or any of its Authorized Users’ internet connectivity;(iv) internet or other network traffic problems other than problems arising in or from networks actually controlled by ContraForce; or (v) Customer’s or any of its Authorized Users’ failure to meet any minimum hardware or software requirements.
(b) Adhering to Customer's data security and protection, human resources, and other policies and practices as applicable to the performance of the Services.
(c) Making a representative available (i) for regular meetings to review the SLA and (ii)to resolve service-related incidents or requests.
4. Assumptions.ContraForce's performance of the Services under this SLA is subject to the following assumptions, constraint, and dependencies:
(a) Information provided by Customer to ContraForce as required for the Services will be accurate and timely.
(b) ContraForce's procedures and delivery of Services may be affected by changes in relevantCustomer internal policies or in applicable laws or regulations.
5. ServiceLevels and Service Credits.
(a) Customer's sole and exclusive remedy, and ContraForce's entire liability, in connection with Service availability under this SLA shall be that for each period of downtime lasting longer than two hours, ContraForce will credit Customer 5% of the monthly fees for each period of 60 or more consecutive minutes of downtime.Downtime shall begin to accrue as soon as Customer (with notice to ContraForce)recognizes that downtime is taking place, and continues until the availability of the Services is restored. In order to receive downtime credit, Customer must notify ContraForce in writing within 24 hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit. Such credits may not be redeemed for cash and shall not be cumulative beyond a total of credits for one week of Service Fees in any one calendar month in any event. ContraForce will only apply a credit to the month in which the incident occurred. ContraForce’s blocking of data communications or otherService in accordance with its response to violations of any agreements betweenCustomer and ContraForce shall not be deemed to be a failure of ContraForce to provide adequate service levels under this Agreement.