Master Subscription Agreement
Current as of: March 12, 2024
Subscription Agreement
This Subscription Agreement (this “Agreement”), contains terms and conditions that govern your purchase and use of the Services (as defined below), and is a contract between Blacksmith InfoSec, LLC., a Delaware (USA) corporation (“Blacksmith InfoSec”), and you or the entity or organization that you represent. This Agreement takes effect when you enter into an Order (as defined below) with Blacksmith InfoSec (the “Effective Date”). Capitalized terms not otherwise defined in this Agreement will have the respective meanings assigned to them in Section 22. Blacksmith InfoSec may modify this Agreement from time to time, subject to the terms in Section 21.8.
If you are an individual using the Services for your own purposes: (1) all references to “Customer” are to you, and (2) you represent that you are legally permitted and competent to enter into this Agreement.
If you are using the Services on behalf of an entity or organization: (1) all references to “Customer” are to that entity or organization, and (2) you represent that you have the right, power and authority to enter into this Agreement on behalf of Customer.
1. Access and Use
1.1 Use of the Services
Subject to the applicable Order and this Agreement, Blacksmith InfoSec hereby grants to Customer the right to access and use the Services in accordance with the Documentation during the Order Term for Customer’s Environment. Customer acknowledges that use of the Services by Customer for the benefit of third parties requires Customer’s acceptance into and participation in the Blacksmith InfoSec Partner Network and will be subject to the terms available therein for the applicable partner program. For clarity, this limitation does not prevent Customer from sharing reports containing Customer Data that have been generated by the Services with individuals or entities outside of its organization.
1.2. Data
Through Customer’s configurations and use of the Services, Customer has control over the types and amounts of data they share with the Services. By submitting Customer Data to the Services, Customer hereby grants to Blacksmith InfoSec, its Affiliates, and contractors the right, and is expressly instructing Blacksmith InfoSec, its Affiliates, and contractors, to Process Customer Data in order to provide and support the Services as described in this Agreement. Blacksmith InfoSec will be liable for the actions and omissions of its Affiliates and contractors undertaken in connection with Blacksmith InfoSec’s performance under this Agreement to the same extent that Blacksmith InfoSec would be liable if performing the Services directly except as outlined under Third Party Access. Customer authorizes Blacksmith InfoSec to use information about Customer’s configuration and use of the Services (“Usage Data”), Customer Data and Account Data to: (a) manage Customer’s account; (b) provide and improve the Services and Support (as defined in Section 2); and (c) provide insights, service and feature announcements, and other reporting. Customer agrees that Blacksmith InfoSec may use aggregated or anonymized Customer Data and Usage Data for any business purpose during or after the term of this Agreement, including without limitation to develop and improve Blacksmith InfoSec products and services and to create and distribute insights, reports and other materials. Blacksmith InfoSec’s Processing of Usage Data and Customer Data shall at all times be subject to Blacksmith InfoSec’s obligations under this Agreement, including those of security under Section 3 and confidentiality under Section 6.
1.3. Limited Grant
As between the Parties: (a) Customer owns all right, title and interest in and to Customer’s Environment and Customer Data, including in each case all associated Intellectual Property Rights, and (b) Blacksmith InfoSec owns all right, title and interest in and to the Services, Documentation, Blacksmith InfoSec Operations Data, and Feedback, including in each case all associated Intellectual Property Rights. Except for the rights expressly granted by one Party to the other in this Agreement, all rights are reserved by the granting Party. All rights granted by each Party to the other under this Section 1 are limited, nonexclusive and, except as otherwise provided in this Agreement, non-transferable.
2. Support
During the Order Term, Blacksmith InfoSec will provide support to Authorized Users (“Customer Administrators” and “MSP Representatives”). Without limiting any of Customer’s remedies under this Agreement in connection with the Services themselves, Customer’s sole and exclusive remedy for any alleged failure by Blacksmith InfoSec to provide Support with reasonable skill, care and diligence shall be re-performance of the applicable Support.
3. Security and Privacy
Each Party has obligations with respect to security and privacy as set forth in this Agreement, which they consider appropriate.
3.1. Security
Blacksmith InfoSec will implement and maintain appropriate technical and organizational measures to protect Customer Data and Account Data from accidental loss and from unauthorized access, use, alteration, or disclosure. Customer agrees to use reasonable efforts to prevent unauthorized access or use of the Services and to promptly notify Blacksmith InfoSec if Customer believes (a) any Customer Credentials have been lost, stolen or made available to an unauthorized third party or (b) an unauthorized third party has accessed the Services or Customer Data.
3.2. Privacy
Customer agrees that it will only transfer Personal Data to the Services to the extent necessary for Customer to access and make use of the Services and to the extent permitted by Data Protection Laws given the nature of the Personal Data and the specifics of the Services and the terms of this Agreement. Blacksmith InfoSec agrees to protect the privacy of customer data as outlined in the Blacksmith InfoSec Privacy Policy: https://blacksmithinfosec.com/privacy-policy.
4. Pricing and Fees
4.1. Payment for Services
Except as provided in Section 4.2 with respect to good faith disputes, Customer agrees to pay all fees charged by Blacksmith InfoSec for Customer’s use of Services in accordance with this Agreement and applicable Order(s). Prices for Services are posted within the product or applicable Order(s).
4.2. Payment Disputes
Customer must assert any good faith dispute with regard to payment in writing within 10 days of renewal giving rise to the dispute. Blacksmith InfoSec may suspend Customer’s and its Authorized Users’ access to the Services until such amounts are paid in full. Blacksmith InfoSec will not exercise its suspension or termination rights if Customer disputes the applicable charges reasonably and in good faith and provides reasonable cooperation to resolve the dispute.
4.3. Payment Methods
If Customer is paying Fees using a credit card or any digital payment method supported by Blacksmith InfoSec, Customer authorizes Blacksmith InfoSec to charge Customer’s account for the Services using that payment method. Customer must keep all information in its billing account current to ensure that all Fees are charged to the appropriate account and are timely paid. If Customer notifies Blacksmith InfoSec to stop using a previously designated payment method and fails to designate an alternative, Blacksmith InfoSec may immediately suspend use and access to the Services. Any notice from Customer changing its billing account will not affect charges Blacksmith InfoSec submits to Customer’s billing account before Blacksmith InfoSec can reasonably act on Customer’s request. Blacksmith InfoSec uses a third-party intermediary to manage credit card processing, and this intermediary is not permitted to use Customer’s credit card information except in connection with Customer’s authorized purchases. Notice (including email) from Blacksmith InfoSec’s third-party credit card processor declining Customer’s credit card or otherwise relating to Customer’s account will be deemed valid notice from Blacksmith InfoSec.
4.4. Taxes
All Fees are exclusive of taxes, levies, duties or charges imposed by government authorities (collectively, “Taxes”). Except for Taxes on Blacksmith InfoSec’s income, revenues, gross receipts, personnel or assets, Customer shall be solely responsible for all sales, service, value-added, use, excise, consumption and any other Taxes on amounts payable by Customer under the Orders and this Agreement. Without limiting the foregoing, if Customer is required to deduct or withhold any Taxes under Applicable Laws outside the United States, Customer is responsible for remitting such Taxes in a timely manner and in accordance with those Applicable Laws and Customer shall not offset any Fees payable to Blacksmith InfoSec for any such remittances.
5. Order Renewal
5.1. Auto-Renewal
Unless either Party takes a non-renewal action as described in Section 5.3, Orders will automatically renew as a new Order for additional periods of the same duration as the expiring Order Term (each, a “Renewal Order Term”). For annual subscriptions, Blacksmith InfoSec will give Customer Administrator notice by email on or around 30 days’ prior to the start of the Renewal Order Term. Such notice will include notice of pricing adjustments, if any, pursuant to Section 5.2 below. Failure of Customer to take a non-renewal action in a timely manner, shall be deemed to constitute consent to the applicable fee increase. If an order fails to auto-renew, access to services will be suspended until the payment method is updated.
5.2. Auto-Renewal Pricing Adjustments
In connection with any auto-renewal for Orders, Blacksmith InfoSec may increase the pricing in effect at the end of the applicable Order Term for the Services. Blacksmith InfoSec will provide at least 30 days notice via email of any planned price increases.
5.3. Non-Renewal Action
If Customer does not want to auto-renew, Customer must submit a request to Blacksmith InfoSec by emailing billing@blacksmithinfosec.com at least 15 days before the expiration of the then current Order Term. If Customer does not want to continue to use Blacksmith InfoSec Services, Customer can prevent incurring further expenses by submitting a Support request for disablement of Customer’s account including the desired disablement date.
6. Confidentiality
6.1. Confidential Information
“Confidential Information” means any information disclosed by one Party, its Affiliates, business partners or their respective employees, agents or contractors (collectively, the “Discloser”) that is designated as confidential or that reasonably should be understood to be confidential. Confidential Information includes without limitation: (a) Customer Data; (b) information relating to the Discloser’s or its Affiliates’ technology, customers, business plans, promotional and marketing activities, finances, pricing, and other business affairs; (c) third-party information that the Discloser is obligated to keep confidential; and (d) the terms of this Agreement, any pricing quotes and all Orders. Confidential Information does not include any information that: (i) was known to the Party that receives any Confidential Information (the “Recipient”) without restriction as to use or disclosure; (ii) is independently developed by the Recipient without reference to or use of the Discloser’s Confidential Information; (iii) is acquired by the Recipient from another source without restriction as to use or disclosure; or (iv) is or becomes publicly available through no fault or action of the Recipient.
6.2. Restrictions on Use and Disclosure
The Recipient shall use at least the same degree of care that it uses to protect its own similar confidential information (but not less than reasonable care) to: (a) use the Discloser’s Confidential Information only as permitted under this Agreement, unless Discloser has provided prior written consent for other uses, and (b) only disclose the Discloser’s Confidential Information to Recipient’s, or its Affiliates’, employees, partners, contractors (including legal counsel and accountants), and service providers (“Representatives”) who (i) are bound by non-use and non-disclosure obligations at least as protective as those contained in this Agreement and (ii) have a need to know the Confidential Information for the Recipient to exercise its rights or perform its obligations under this Agreement. Recipient shall be responsible for any breach of these obligations by its Representatives to the same extent it is responsible for its own breaches. To the limited extent any use or disclosure is required by Applicable Law or a valid and binding order of a governmental body (such as a subpoena or court order), the Recipient may disclose only that portion of the Discloser’s Confidential Information that it is required to disclose upon the advice of its counsel, provided that, to the extent permitted under Applicable Law, the Recipient uses reasonable efforts to give the Discloser reasonable advance notice thereof to afford the Discloser an opportunity to intervene and seek an order or other appropriate relief for the protection of its Confidential Information. In the event of any breach or threatened breach by the Recipient of its obligations under this Section 6.2, the Discloser will be entitled to seek injunctive and other equitable relief in any court of competent jurisdiction to enforce such obligations.
7. Customer Responsibilities and Restrictions
7.1. Customer Responsibilities
Customer will be solely responsible for: (a) Customer’s Environment, including as necessary to enable Authorized Users’ access and use of the Services; (b) Account Data, Customer Data and Customer Credentials (including activities conducted with Customer Credentials), subject to Blacksmith InfoSec’s obligations under this Agreement; (c) providing any required notices to, and receiving any required consents and authorizations from, Customer Component providers, Authorized Users and persons whose Personal Data may be included in Account Data, Customer Data or Customer Credentials; and (d) ensuring use of the Services is only for Customer’s Environment and in accordance with the AUP, Documentation and applicable Customer Component Terms.
7.2. Customer Restrictions
No provision of this Agreement includes the right to, and Customer shall not, directly or indirectly: (a) enable any person or entity other than Authorized Users to access and use the Services; (b) attempt to gain unauthorized access to any Service or its related systems or networks; (c) use any Service to access Blacksmith InfoSec Intellectual Property Rights except as permitted under this Agreement; (d) modify, copy or create any derivative work based upon a Service or any portion, feature or function of a Service; (e) resell, distribute or otherwise make available any Service to any third party, including as part of a managed services offering; (f) except to the extent limited by Applicable Law, reverse engineer, disassemble or decompile all or any portion of, or attempt to access, discover or recreate the source code for, the Services; (g) access or use the Services or Documentation for the purpose of competing (or enabling others to compete) with Blacksmith InfoSec, including: copying ideas, features, functions or graphics, developing competing products or services, or performing competitive analyses; (h) remove, obscure or alter any proprietary notice related to the Services; (i) use the Services to send or store Malicious Code; (j) use or permit others to use the Services in violation of any laws; or (k) use or permit others to use the Services other than for Customer’s operations and as described in the applicable Order, Documentation and this Agreement.
7.3. Blacksmith InfoSec Remedies
In the event Blacksmith InfoSec reasonably believes a violation of Section 7.2 has occurred, in addition to any other remedies available at law or in equity (including termination pursuant to Section 10.1), Blacksmith InfoSec will have the right to investigate the suspected violation and suspend any individually identified Authorized User(s) who are suspected of the violation from accessing the Services for so long as is reasonably necessary to address the potential violation. Blacksmith InfoSec will notify Customer in writing of any such suspension (each, a “Suspension Notice”) and work with Customer in good faith to resolve the potential violation. Such Suspension Notice will be provided in advance, unless Blacksmith InfoSec reasonably believes the suspected violation creates an urgent or emergency situation where a failure to take immediate action may put Blacksmith InfoSec, Customer, or other Blacksmith InfoSec customers at risk of imminent harm. For clarity, Blacksmith InfoSec reserves the right, but does not assume any obligation to Customer (except with respect to the Suspension Notice), to take any of the actions described in this Section 7.3.
8. Warranty and Disclaimers
8.1. Blacksmith InfoSec Warranties
Blacksmith InfoSec warrants that during the applicable Order Term: (a) Blacksmith InfoSec will not materially decrease the overall security of the Services; (b) the Services will perform in accordance with the Documentation in all material respects; and (c) Blacksmith InfoSec will not materially decrease the overall functionality of the Services.
8.2. NO IMPLIED WARRANTIES
EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTY OR GUARANTEE OF ANY KIND, WHETHER IMPLIED, STATUTORY, OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL WARRANTIES, WHETHER IMPLIED, OR STATUTORY, INCLUDING ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
8.3. AS-IS
EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, ALL SERVICES, SUPPORT AND ANY OTHER MATERIAL ARE PROVIDED BY BLACKSMITH INFOSEC ON AN “AS IS” AND “AS AVAILABLE” BASIS. BLACKSMITH INFOSEC MAKES NO REPRESENTATION OR WARRANTY, AND HAS NO SUPPORT OBLIGATIONS OR LIABILITY, EXCEPT WITH RESPECT TO THE SERVICES AND SOLELY TO THE EXTENT SET FORTH UNDER THIS AGREEMENT. WITHOUT LIMITING THE OTHER PROVISIONS OF THIS SECTION 8, BLACKSMITH INFOSEC MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES, DOCUMENTATION, OR ANY OTHER MATERIAL, OR RESULTS OF THE USE THEREOF, WILL: (a) MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS; (b) OPERATE WITHOUT INTERRUPTION; (c) ACHIEVE ANY INTENDED RESULT; (d) BE ERROR FREE OR (e) BE COMPATIBLE, WORK WITH OR CONTINUE TO WORK WITH CUSTOMER COMPONENTS. ANY CHANGES TO CUSTOMER ENVIRONMENT, CUSTOMER COMPONENTS, OR CONNECTIONS (INCLUDING THEIR UNAVAILABILITY) OR CUSTOMER COMPONENT TERMS DURING AN ORDER TERM DO NOT AFFECT CUSTOMER’S OBLIGATIONS UNDER THE APPLICABLE ORDER OR THIS AGREEMENT.
9. Compliance with Applicable Laws
Each Party agrees to comply with all Applicable Laws with respect to its performance of its obligations and exercise of its rights under this Agreement. Without limiting the foregoing:
9.1. Anti-Bribery and Anti-Corruption
Each Party shall comply with Applicable Laws concerning anti-bribery and anti-corruption, which may include the U.S. Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010. As of the Effective Date and the date of each Order, each Party represents that it has neither received nor been offered any illegal or improper bribe, kickback, payment, gift or thing of value from any employee, agent or representative of the other Party or its Affiliates in connection with this Agreement. Each Party agrees to promptly notify the other Party if it learns of any violation of the foregoing. This representation is not intended to include customary and reasonable gifts and entertainment provided in the ordinary course of business, to the extent such gifts and entertainment are permitted by Applicable Law.
9.2. Export Controls and Economic Sanctions
(a) Export
Each Party shall comply with the U.S. Export Administration Regulations, the International Traffic in Arms Regulations, the sanctions regulations administered by the Office of Foreign Assets Control, and any other applicable export laws, restrictions, and regulations (collectively, “Export Controls”) to ensure that no software, Services or technology or technical data related thereto in its custody or control are (a) exported, re-exported, or transferred in-country directly or indirectly in violation of Export Controls or (b) used by any person and/or for any purposes prohibited by Export Controls. Customer agrees not to include any technology or technical data (with the exception of technology designated EAR99 on the Commerce Control List of the Export Administration Regulations) subject to Export Control restrictions in the Customer Data. Compliance with this Section 9.2(a) may require a Party to obtain one or more export licenses or other required approvals depending on factors such as the destination, end-users, and end-uses.
(b) Sanctions
Neither Party will, directly or indirectly, deliver Blacksmith InfoSec software, Services, technology, or technical data related thereto to (i) an individual, entity, country, or region identified on the Consolidated Screening List, available at https://www.trade.gov/consolidated-screening-list, (ii) an individual or entity in Russia or Belarus ((i) and (ii) collectively, “Sanctions Target”), or (iii) to any party that is 50% owned by one or more Sanctions Target. Each Party represents that (a) it is not a Sanctions Target; and (b) it is not otherwise prohibited (based on 50% ownership, location for operations or use or other legally relevant factors) from providing or receiving Services, as applicable, without a license or other approval under Export Controls.
10. Term and Termination
10.1. Termination for Cause
Blacksmith InfoSec may terminate any Order upon written notice to Customer if Customer fails to pay any amount due under the Order that is not disputed in good faith in accordance with Section 4.2, and such failure continues more than 15 days after Blacksmith InfoSec’s delivery of written notice. Either Party may terminate all Orders and this Agreement, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach remains uncured 30 days after the non-breaching Party provides the breaching Party with written notice of such breach. In addition, either Party may terminate all Orders and this Agreement, effective on written notice to the other Party, in the event that the other Party (i) becomes insolvent, enters into bankruptcy or any similar financial reorganization or legally binds itself to any such reorganization or (ii) makes any assignment of its rights or assets for the benefit of its creditors.
10.2. Effect of Termination
Upon expiration or earlier termination of an Order: (a) subject to Section 10.4, all rights granted to Customer with respect to Services under such Order will terminate effective as of the effective date of termination; (b) subject to Section 10.4, Blacksmith InfoSec will have no obligation to provide the applicable Services to Customer or Authorized Users after the effective date of the termination; and (c) subject to Section 4.2 (Payment Disputes), the Parties will make any payments required under Section 10.3.
10.3. Payments at Termination
Regardless of whether Customer uses the Services at the levels reflected in the Orders or otherwise, Customer will not be entitled to a refund of Fees paid and any committed Fees for the full term of the Order(s) and any Fees accrued beyond any committed Fees based on Customer’s use of the Services prior to termination will become immediately due and payable.
10.4. Post-Termination Access
Access to Services post-termination will be revoked.
10.5. Survival
The provisions set forth in the following Sections, and any other right or obligation of the Parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement: 1.2 (Data), 4 (Pricing and Fees), 6 (Confidentiality), 7.2 (Customer Restrictions), 10 (Term and Termination), 11 (Indemnification), 12 (Limitations of Liability), 14 (Notices), 20 (Governing Law; Venue), and 21 (Miscellaneous).
11. Indemnification
11.1. Infringement Remedies
If the Services become, or in Blacksmith InfoSec’s opinion are likely to become, the subject of a Customer Claim, Blacksmith InfoSec may in its discretion and at its own expense: (a) obtain for Customer the right to continue using the Services; (b) modify the Services so that they no longer infringe or misappropriate, with no material decrease in functionality; or, if neither (a) or (b) are commercially reasonable, (c) terminate the Order. Blacksmith InfoSec will have no obligation to defend or indemnify Customer Indemnitees for any Customer Claim to the extent an Action arises from any of the following (collectively, “Customer-Controlled Matters”): (i) Customer’s Environment; (ii) Account Data, Customer Data or Customer Credentials (including activities conducted with Customer Credentials), subject to Blacksmith InfoSec’s Processing obligations under this Agreement; or (iii) use of the Services by Customer or an Authorized User in a manner that breaches an Order, Service Plan or this Agreement. BLACKSMITH INFOSEC’S OBLIGATIONS IN SECTIONS 11.1 STATE CUSTOMER’S EXCLUSIVE REMEDIES AND BLACKSMITH INFOSEC’S ENTIRE LIABILITY FOR ANY CLAIM OF INTELLECTUAL PROPERTY RIGHTS INFRINGEMENT OR MISAPPROPRIATION.
11.2. Customer Indemnity
Subject to Section 11.3, Customer agrees to defend Blacksmith InfoSec and its Affiliates, and their respective employees, officers and directors (collectively, “Blacksmith InfoSec Indemnitees”), against any Action made or brought against the Blacksmith InfoSec Indemnitees by a third party arising out of or relating to Customer-Controlled Matters, and Customer will indemnify Blacksmith InfoSec Indemnitees from any Losses finally awarded against Blacksmith InfoSec Indemnitees as a result of, or for amounts paid by Blacksmith InfoSec Indemnitees under a settlement approved by Customer in writing, for any Action against the Blacksmith InfoSec Indemnitees arising out of or relating to Customer-Controlled Matters.
11.3. Indemnification Procedures
A Blacksmith InfoSec Indemnitee seeking indemnification shall promptly notify the customer (“Indemnifying Party”), in writing of any Action for which it seeks indemnification pursuant to Section 11.2 (as applicable) and reasonably cooperate with the Indemnifying Party at the Indemnifying Party’s expense. The Indemnifying Party shall promptly take control of the defense and investigation of such Action and shall employ counsel of its choice to handle and defend the same, at the Indemnifying Party’s expense. An Indemnitee may participate in and observe the proceedings on a monitoring, non-controlling basis at its own expense with counsel of its own choice. A Party’s failure to perform any obligations under this Section 11.3 will not relieve the Indemnifying Party of its obligations under Section 11.2 (as applicable) except to the extent that the Indemnifying Party can demonstrate that it has been materially prejudiced as a result of such failure. The Indemnifying Party shall not settle an Action without the Indemnitee’s written consent if such settlement shall require action or payment by the Indemnitee.
12. Limitations of Liabilities
12.1. EXCLUSIONS AND LIMITATIONS
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS OTHERWISE PROVIDED IN THIS SECTION 12, (A) IN NO EVENT SHALL EITHER PARTY, ITS AFFILIATES OR THEIR EMPLOYEES, AGENTS, CONTRACTORS, OFFICERS OR DIRECTORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, OR FOR DAMAGES FOR BUSINESS INTERRUPTION, LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES ARISING OUT OF OR RELATING TO THIS AGREEMENT; (B) IN NO EVENT SHALL BLACKSMITH INFOSEC, ITS AFFILIATES OR THEIR EMPLOYEES, AGENTS, CONTRACTORS, OFFICERS OR DIRECTORS BE RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING IN CONNECTION WITH YOUR INABILITY TO USE THE SERVICES, INCLUDING AS A RESULT OF ANY PERMITTED TERMINATION OR SUSPENSION OF THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICES; OR THE COST OF PROCUREMENT OF SUBSTITUTE SERVICES; AND (C) IN NO EVENT SHALL EITHER PARTY’S CUMULATIVE AND AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE FEES PAID TO BLACKSMITH INFOSEC BY OR ON BEHALF OF CUSTOMER FOR THE SERVICES GIVING RISE TO THE LIABILITY UNDER THE APPLICABLE ORDER(S), INCLUDING PRIOR ORDERS FOR THE SAME SERVICES, IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE LIABILITY. THE EXCLUSIONS AND LIMITATIONS IN THIS SECTION APPLY WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR ANY OTHER BASIS, EVEN IF THE NON-BREACHING PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE PROVISIONS OF THIS SECTION 12 ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES, AND THE PARTIES HAVE RELIED ON THE EXCLUSIONS IN DETERMINING TO ENTER INTO THIS AGREEMENT AND THE PRICING FOR THE SERVICES.
12.2. Exceptions
The exclusions and limitations in 12.1 shall not apply to: (i) a Party’s gross negligence, willful misconduct, or fraud in relation to this Agreement; (ii) a Party’s indemnification obligations under Section 11; (iii) Customer’s breach of Section 7.2; or (iv) Customer’s payment obligations to Blacksmith InfoSec under this Agreement.
13. Publicity
Neither Party shall, except as otherwise required by Applicable Law or stock exchange requirements, issue or release any announcement, statement, press release or other publicity or marketing materials relating to this Agreement or otherwise use the other Party’s marks or logos without the prior written consent of the other Party. Provided, however, Blacksmith InfoSec may include Customer’s name and logo in its lists of Blacksmith InfoSec customers, its public website and other promotional material, in each case in accordance with any Customer brand guidelines to the extent available to Blacksmith InfoSec. Blacksmith InfoSec agrees to cease such uses of Customer’s name and logo within 30 days following Customer’s request submitted to marketing@blacksmithinfosec.com.
14. Notices
14.1. Indemnity Notices
Notices for indemnification and other “Legal Notices”, shall be sent to (a) Blacksmith InfoSec, Attn: Legal, 851 Cherry Ave, Ste 27 # 1070, San Bruno, CA 94066, with a copy to legal@blacksmithinfosec.com or (b) Customer at the email addresses of its primary administrator. All Legal Notices required or permitted to be given under this Section 14.1, shall be in writing and shall be deemed to be sufficiently given (i) one business day after being sent by overnight courier to the Party’s physical address; or (ii) three business days after being sent by registered mail, return receipt requested, to the Party’s physical address or email.
14.2. Other communications
All notices required or permitted to be given under this Section 14.2 shall be in writing and shall be deemed to be sufficiently given two business days after being sent, unless sender has knowledge that such notice was not received.
(a) To Blacksmith InfoSec
For all other notices or communications to Blacksmith InfoSec, Customer may contact, as appropriate, (i) support@blacksmithinfosec.com (in connection with Sections 2 and 10.4), (ii) billing@blacksmithinfosec.com (in connection with Section 5), (iii) any other e-mail address specifically identified in an applicable Section of the Agreement.
(b) To Customer
For all other notices or communications to Customer, Blacksmith InfoSec will contact (i) a Customer Administrator (including in connection with Section 7.3) via email; (ii) Customer’s billing contact provided in Company Profile via email; or (iii) for notices not specific to Customer, through the Services.
15. Free and Beta Services
The following applies to any use of (i) Services that Blacksmith InfoSec makes available to Customer without charging a fee (“Free Services”) and (ii) services or functionality that Blacksmith InfoSec makes available to Customer and that is not generally made available to Blacksmith InfoSec customers and/or is designated as beta, pilot, preview, or similar designation (“Beta Services”). Unless otherwise set forth in an Order : (a) Free Services and Beta Services offered at no charge will be subject to the Fees on the Pricing Page upon expiration of any free period term set forth in an applicable Order or if there is no term in an Order, upon 15 days’ notice by Blacksmith InfoSec (b) Blacksmith InfoSec reserves the right to discontinue or modify the provision of any Beta Services at any time with or without notice Section 2 (Support), and Section 8.1 (Blacksmith InfoSec Warranties) do not apply to Free Services and Beta Services, (e) the Security Measures do not encompass the Beta Services, except to the extent they apply to the underlying Services.
16. Indirect Purchases
If Customer is purchasing the Services through a Blacksmith InfoSec approved reseller (an “Intermediary”), the following terms shall apply solely for the purposes of such indirect purchase: (a) all references to an ‘Order’ in the Agreement shall refer to the order between the Customer and the Intermediary; (b) in addition to the rights provided in Section 1.2 (Data), Customer agrees that Intermediary will have access to customer data. (c) Sections 4 (Pricing and Fees) and 6 (Order Renewal) will be without effect and the terms between the Intermediary and Customer covering such subject matter will apply instead; (d) per the terms of the agreement between Blacksmith InfoSec and the Intermediary, Blacksmith InfoSec has a right to terminate its order(s) with the Intermediary, in the event of failure by Intermediary to make payments to Blacksmith InfoSec; (e) Sections 10.2, 10.3, and 10.4 (Termination) will be without effect as any termination of an Order and all terms in this Agreement with respect to refund or payment obligations, if any, will be between the Intermediary and Customer; notwithstanding the foregoing, both Parties agree to take the required steps through the Intermediary processes in order to achieve the intended results of the terms in Section 10.2, 10.3, and 10.4 and any other refund or payment obligations.
17. Third Party Access Terms
To the extent that any service provider or Blacksmith InfoSec-authorized partner (each a “Service Provider”) accesses or uses the Services in connection with its provision of services to Customer, each Service Provider user shall be deemed an Authorized User and Blacksmith InfoSec shall have the right to enforce the following sections of this Agreement with respect to the Service Provider’s activities: 1 (Access and Use), 3 (Security and Privacy), 6 (Confidentiality), 7 (Customer Responsibilities and Restrictions), 10 (Compliance with Applicable Laws), and 12 (Indemnity). As between Blacksmith InfoSec and Service Provider, references to Customer in those Sections shall be deemed references to Service Provider, except with respect to the defined terms of Customer Environment and Customer Data. For the avoidance of doubt, Service Provider is not a beneficiary of this Agreement.
18. Assignment
Either Party may assign this Agreement and all Orders to an Affiliate or in connection with any merger, consolidation or reorganization, or a sale of all or substantially all of such Party’s business or assets relating to this Agreement to an unaffiliated third party, so long as notice is provided within 60 days of such assignment and the assignee agrees in writing to accept all obligations and responsibilities under this Agreement, including, in the case of Customer, all outstanding Fees. Subject to the foregoing, neither Party may assign any of its rights or obligations under this Agreement, whether by operation of law or otherwise, without the other Party’s prior written consent. Any purported assignment in violation of this Section is void. This Agreement is binding upon and inures to the benefit of the Parties hereto and their respective permitted successors and assigns.
19. Force Majeure
Neither Party shall be liable or responsible to the other Party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations to make payments for Services received), when and to the extent such failure or delay is caused by events outside of the reasonable control of the affected Party, including acts of God; pandemics; flood, fire or explosion; war, invasion, riot or other civil unrest; terrorist or criminal acts; cyberattacks; internet disruptions; embargoes or blockades in effect on or after the date of this Agreement; or national or regional emergency (each of the foregoing, a “Force Majeure Event”), provided that, in each case, the affected Party will provide prompt notice to the other Party, stating the period of time the occurrence is expected to continue, and use diligent efforts to end the failure or delay and minimize the effects of such Force Majeure Event.
20. Governing Law; Venue
Except to the extent the issue arising under this Agreement is governed by United States federal law, this Agreement shall be governed by and construed and enforced in accordance with the laws of the California, without giving effect to the choice of law rules of that state. Any legal action or proceeding arising under or relating to this Agreement shall be brought exclusively in the state or federal courts located in San Franciso, California, USA, and the Parties expressly consent to personal jurisdiction and venue in those courts. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods are specifically excluded from application to this Agreement.
21. Miscellaneous
21.1. Entire Agreement
This Agreement, together with all Orders, and the AUP, is the complete and exclusive statement of the agreement between the Parties and supersedes all proposals, questionnaires and other communications and agreements between the Parties (oral or written) relating to the subject matter of this Agreement. Any terms and conditions of any other instrument issued by Customer in connection with this Agreement which are in addition to, inconsistent with or different from the terms and conditions of this Agreement shall be of no force or effect. Additionally, this Agreement supersedes: any confidentiality, non-disclosure, evaluation or trial agreement previously entered into by the Parties with respect to Customer’s or an Affiliate’s evaluation of the Services or otherwise with respect to the Services.
21.2. U.S. Government Customers
The Services and Documentation are provided to the U.S. Government as “commercial items,” “commercial computer software,” “commercial computer software documentation,” and “technical data” with the same rights and restrictions generally applicable to the Services and Documentation. If Customer or any Authorized User is using Services and Documentation on behalf of the U.S. Government and these terms fail to meet the U.S. Government’s needs or are inconsistent in any respect with federal law, Customer and Customer’s Authorized Users must immediately discontinue use of the Services and Documentation. The terms listed above are defined in the Federal Acquisition Regulation and the Defense Federal Acquisition Regulation Supplement.
21.3. Independent Parties; No Third-Party Beneficiaries
The Parties expressly understand and agree that their relationship is that of independent contractors. Nothing in this Agreement shall constitute one Party as an employee, agent, joint venture partner or servant of another. This Agreement is for the sole benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer on any other person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.
21.4. Amendment
Except as otherwise provided in Section 21.8, this Agreement may be modified only by a written instrument duly executed by authorized representatives of the Parties.
21.5. No Waiver
The failure of a Party to exercise or enforce any condition, term or provision of this Agreement will not operate as a waiver of such condition, term or provision. Any waiver by either Party of any condition, term or provision of this Agreement shall not be construed as a waiver of any other condition, term or provision.
21.6. Severability
If any provision of this Agreement is held invalid or unenforceable, the remainder of the Agreement shall continue in full force and effect.
21.7. Headings
The headings in this Agreement are for reference only and shall not affect the interpretation of this Agreement. For purposes of this Agreement, the words “include,” “includes” and “including” are deemed to be followed by the words “without limitation”; the word “or” is not exclusive; and the words “herein,” “hereof,” “hereby,” “hereto” and “hereunder” refer to this Agreement as a whole.
21.8. Changes to this Agreement
Blacksmith InfoSec may modify this Agreement at any time by posting a revised version at https://www.blacksmithinfosec.com/master-subscription-agreement, which modifications will become effective as of the first day of the calendar month following the month in which they were first posted; provided, however, that if an Order specifies a fixed term of 12 months or longer, the modifications will instead be effective immediately upon the start of the next Renewal Order Term. In either case, if Customer objects to the updated Agreement, as its sole and exclusive remedy, Customer may choose not to renew in accordance with Section 5.3. For the avoidance of doubt, any Order is subject to the version of the Agreement in effect at the time of the Order.
- Definitions
Capitalized terms not otherwise defined in this Agreement shall have the respective meanings assigned to them in this Section 22.
“Account Data” means information about Customer that Customer provides to Blacksmith InfoSec in connection with the creation or administration of its Blacksmith InfoSec accounts, such as first and last name, user name and email address of an Authorized User or Customer’s billing contact. Customer shall ensure that all Account Data is current and accurate at all times during the applicable Order Term, and shall in no event include Sensitive Information in Account Data. Account Data is subject to Blacksmith InfoSec’s privacy policy, currently available at https://www.blacksmithinfosec.com/privacy-policy.
“Affiliate” means, with respect to a Party, a business entity that directly or indirectly controls, is controlled by or is under common control with, such Party, where “control” means the direct or indirect ownership of more than 50% of the voting securities of a business entity.
“Applicable Laws” means any and all governmental laws, rules, directives, regulations or orders that are applicable to a particular Party’s performance under this Agreement.
“AUP” means Blacksmith InfoSec’s standard Acceptable Use Policy, currently available at https://www.blacksmithinfosec.com/legal/acceptable-use.
“Authorized User” means an individual employee, agent, contractor, or service provider (subject to Section 18 (Third Party Access Terms)) of Customer or a Customer Affiliate who has been supplied user credentials for the Services by Customer (or by Blacksmith InfoSec at Customer’s request).
“Core Service” means each Service/feature on the Order (excluding any beta product) that is available on the Blacksmith InfoSec platform and for which there is committed spend in the affected month.
“Customer Administrator” means the individual(s) identified in the Account Data as admin users.
“Customer Environment” means the systems, platforms, services, software, devices, sites and/or networks that Customer uses for its operations (exclusive of the subscribed Services).
“Data Protection Laws” means Applicable Laws concerning the privacy and protection of Personal Data.
“Blacksmith InfoSec Operations Data” means data pertaining to, or used in, the operations, use and testing of the Services including data arising from Blacksmith InfoSec’s customers’ use of the Services, aggregated data on third party components, aggregated and/or anonymized data as described in Section 1.3, and other data and information that informs the Services.
“Exceptions” means any of: (a) Customer’s breach of this Agreement, an Order or the AUP; (b) Customer’s failure to configure and use the Services in accordance with the Documentation; (c) failures of, or issues with, Customer’s Environment; (d) Force Majeure Events; (e) Blacksmith InfoSec’s suspension of Authorized Users’ access to the Services pursuant to Section 5.2 or 8.3; or (f) maintenance during a window for which Blacksmith InfoSec provides notice to Customer Administrator by email or through the Services in advance.
“Feedback” means bug reports, suggestions or other feedback with respect to the Services or Documentation provided by or on behalf of Customer to Blacksmith InfoSec, exclusive of any Customer Confidential Information therein.
“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
“Malicious Code” means code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs, and Trojan horses.
“Order” means the purchase of a subscription to the Services: (a) completed and submitted by Customer online at the Blacksmith InfoSec Product Site.
“Order Term” means, with respect to each Order, the subscription term for the Services specified in the applicable Order (unless the Order is otherwise terminated earlier in accordance with this Agreement or the Order).
“Party” means each of Blacksmith InfoSec and Customer.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Pricing Page” means the web page(s) where Blacksmith InfoSec publishes its list prices for Services, the list for general Services is currently available at https://www.blacksmithinfosec.com/overview/.
“Process” means to perform an operation or set of operations on data, content or information, including to submit, transmit, post, transfer, disclose, collect, record, organize, structure, store, adapt or alter; “Processing” has a correlative meaning.
“Service Plan” means the packaged plan and associated features, as detailed at the Pricing Page, for the hosted Blacksmith InfoSec service to which Customer subscribes.
“Services” means the hosted services that are made available by Blacksmith InfoSec online via the applicable login page (currently https://web.blacksmithinfosec.com/) and other web pages designated by Blacksmith InfoSec, that Blacksmith InfoSec makes available on a fee-based basis. “Services” does not include (a) any services provided without charge or any alpha, beta or other pre-commercial releases of a Blacksmith InfoSec product or service (or feature of functionality of a Service); and (b) any tools or other services.
“Threat Actor Data” means any data related to unauthorized third-party bad actors and associated Malicious Code or other information or data relating to the third party bad actor or their actions that is collected or discovered through or during the use of the Services by Blacksmith InfoSec customers, excluding any such information or data that identifies Authorized Users or Customer.