Verizon EULA Agreement

This Cylance End User License Agreement (“Agreement”) is entered into by and between Cylance Inc., with an address of 400 Spectrum Center Drive, Suite 900, Irvine, CA 92618 (“Cylance”, “we”, “us” or “our”) and ______________________________, with an address of _____________________________________________________ (“INSERT CLIENT NAME”, “you”, “your” or “Client”) and is effective as of the last date of signature below (“Effective Date”). The parties are accepting the terms of this Agreement and [INSERT CLIENT NAME] is registering for use of our proprietary software product (as defined in further detail below, the “Software”), or the organization or entity that has authorized you to accept this Agreement and register for access to the Software for its benefit (in either case “you”, “your” or “Client”), and governs your access to and use of the Software (defined below), as a web-based hosted service made available by us via the hosted components of the Software (the “Service”), and as may be downloaded by you.

This Agreement includes the written ordering document issued to you by Cylance or an authorized Cylance distributor or reseller that identifies the Software licensed to you (“Ordering Document”) and any Cylance documentation expressly referenced herein, and constitutes the entire contract between you and Cylance with respect to the subject matter of this Agreement, and supersedes all prior agreements and understandings between you and us, whether written or oral.  The terms of a purchase order or other ordering document are expressly rejected by both you and us, and our failure to object to such terms shall not be construed as a waiver of this Agreement nor an acceptance of such terms.  If any provision of an Ordering Document directly conflicts with, or expressly supersedes, any term within the main body of this Agreement, then the provision of the Ordering Document shall govern solely for the Software and Services described therein.

BY EXECUTING THIS AGREEMENT, OR REGISTERING FOR, DOWNLOADING, ACCESSING OR USING THE SOFTWARE OR SERVICE, YOU CONFIRM THAT (1) YOU HAVE READ THIS AGREEMENT, (2) YOU AND ANY ORGANIZATION OR ENTITY ON WHOSE BEHALF YOU ARE ENTERING IN TO THIS AGREEMENT AND/OR USING THE SOFTWARE AND/OR SERVICE, ACCEPT THE TERMS OF THIS AGREEMENT, AND (3) IF YOU ARE AN INDIVIDUAL, THAT YOU ARE AN EMPLOYEE OR AGENT OF THE ORGANIZATION OR ENTITY ON WHOSE BEHALF YOU ARE ACTING, AND HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF SUCH ORGANIZATION OR ENTITY.

1.     License Grant.  Subject to the terms and conditions of this Agreement (including without limitation payment of all applicable license fees), Cylance grants to you a worldwide, nonexclusive, non-transferable, non-sublicensable license to: (i) to install and run Software (end point components delivered) made available to you hereunder  during the period of time set forth in the Ordering Document (unless terminated earlier in accordance with this Agreement) (“Term”), in object code format only, on computers owned or controlled solely by you and your Affiliates, solely to process data solely owned or controlled by you and your Affiliates for internal operations and internal data processing purposes; and (ii) to access and use the Services solely in support of the foregoing license grant; and  (iii) to access and use the API Materials in accordance with the relevant Documentation solely to support Client’s internal use of the Software as permitted herein, including to create applications, integrations, software connectors and interfaces to facilitate communications and data exchange between Software and other Client owned or operated systems or databases or third-party applications licensed and/owned by Client, as relevant.  “Software” means Cylance’s proprietary solution which Client has purchased licenses to hereunder, as identified on the relevant Ordering Document, including any endpoint component(s), online components, proprietary analytical engines, and any related API Material, web interfaces, virtual machines, applications, programs, license keys, installer software, Documentation and/or any content delivered or made available to Client as part of the solution, and further including any copies of any of the forgoing made by Client and any upgrades and/or modifications to any of the forgoing delivered by Cylance to Client.  “API Material(s)” means any application programming interfaces and related documentation licensed hereunder which is made available to Client in connection with Client’s license to the Software, if any.  “Affiliates” means any entity controlling, controlled by, or under common control with the referenced entity, where the term “control” means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract, or otherwise. We reserve all rights not expressly granted herein and, except as expressly granted in this Section 1, no right or license is granted hereunder, express or implied or by way of estoppel, to any technology or intellectual property rights.  As between the parties, we retain all right, title, and interest in and to the Software and Service and all copies and derivative works thereof, which rights include, but are not limited to, patent, copyright, trademark, trade secret, and all other intellectual property rights.

2.   Restrictions on Use.  You shall not directly or indirectly, nor authorize any person or entity to: (i) sell, rent, lease, distribute, redistribute or transfer the Software or any rights in any of the Software, or use the Software in a hosted or managed services environment except as hosted by us through the Service; (ii) reverse engineer, decompile, disassemble, re-engineer, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation, or otherwise create or attempt to create or permit, allow, or assist others to create or derive the source code of the Software, or its structural framework; (iii) modify or create derivative works of the Software; (iv) use the Software or Service in whole or in part for any purpose except as expressly provided under this Agreement; (vi) remove any proprietary notice, labels, or marks on or in Software; or (vii) disable or circumvent any access control or related device, process or procedure established with respect to the Software (viii) disclose the results of any benchmark tests or other tests connected with the Software to any third party without the prior written consent of Cylance.  You may not use the Software or Service for illegal or unlawful or malicious activities.  While using the Service, you may not directly or indirectly, nor authorize any person or entity to: (a) access or use (or attempt to access or use) the account of another user without permission, or the login information of another user; (b) “frame” or “mirror” any portion of the Service; (c) use any robot, spider, site search/retrieval application or other manual or automatic device or process to retrieve, index, “data mine” or in any way reproduce or circumvent the navigational structure or presentation of the Service; or (d) probe, scan or test the vulnerability of the Service, nor breach the security or authentication measures on the Service, or take any action that imposes an unreasonable or disproportionately large load on the infrastructure of the Service, such as a denial of service attack.  You are responsible for use of the Software and Service by you and your Affiliates and your respective users, and for all their compliance with this Agreement, and any breach of this Agreement by any Affiliate or user shall be deemed to have been a breach by you.

3.   Potentially Malicious Code and Anonymous Data.

3.1   Transmission of Files.  You acknowledge that a feature of the Software is to facilitate analysis of files and processes (including but not limited to portable executable files or other executable code) that exist on, or are being introduced into your computer systems or networks (“Files”) to identify potential or actual malicious code, malware or other intrusive artifacts or processes therein (“Potentially Malicious Code”).  Therefore, you acknowledge and agree that, in certain configurations, to function optimally and for purposes in connection with our support of Software, the Software may transmit Files to servers owned or controlled by us, and we may otherwise analyze or classify Files. 

3.2   Anonymous Data.  We may reduce Potentially Malicious Code to a cryptographic hash, and we may deconstruct, analyze and catalogue Potentially Malicious Code to determine functionality and potential to cause instability or damage to your systems or networks.  We may also use the cryptographic hash to identify files on other systems as Potentially Malicious Code, and use and distribute the unique file hash to promote awareness, detection and prevention of internet security risks, in which case the unique file hash will be without attribution to you, your operations, or your systems or networks (“Anonymous Data”).  We may also extract, compile, synthesize, and analyze data transmitted by the Software from your systems or networks, or information resulting from your use of the Software, in each case to the extent such data or information does not identify you, your operations, or your systems or networks or any person, which is also “Anonymous Data”.  You agree that we may use, copy, modify, distribute and display Files, Anonymous Data and Potentially Malicious Code for our business purposes, including without limitation for developing, enhancing, and supporting products and services.  Without limiting the foregoing, we will not identify you as the source of any Files or Potentially Malicious Code.

3.3   Risks Regarding Potentially Malicious Code.  If the Software identifies Potentially Malicious Code, certain configurations of the Software may block Potentially Malicious Code from execution, in which case you may either allow execution of the Potentially Malicious Code, or alternatively quarantine it.  Or, you may determine that Potentially Malicious Code is acceptable for use on your systems, and need not be blocked or quarantined.  You acknowledge that blocking the execution of or quarantining or running Potentially Malicious Code may result in a loss of functionality of Files, applications, or your systems and networks, and cause other potential harm or loss.  YOUR DECISION TO BLOCK, QUARANTINE OR ENABLE EXECUTION OF POTENTIALLY MALICIOUS CODE IS AT YOUR OWN RISK.  YOU ACKNOWLEDGE THAT WE HAVE NO CONTROL OVER THE SPECIFIC CONDITIONS UNDER WHICH YOU USE THE SOFTWARE OR ALLOW OR DISALLOW POTENTIALLY MALICIOUS CODE TO EXECUTE. THE SOFTWARE AND ANY RELATED SERVICE DO NOT REPLACE YOUR OBLIGATION TO EXERCISE YOUR INDEPENDENT JUDGMENT WITH RESPECT TO THE EXISTENCE OR SUITABILITY OF POTENTIALLY MALICIOUS CODE EXISTING ON YOUR COMPUTER SYSTEMS OR THE SECURITY OF YOUR COMPUTER SYSTEMS OR NETWORKS.   

4.   Support and Maintenance; Other Services.  We will provide you with ongoing Software support and maintenance services in accordance with our support and maintenance policy found at www.cylance.com/support.  Please note that we are not obligated to provide support or maintenance in connection with any discontinued Software beyond 1 year from its discontinuance.  If you have purchased professional services from Cylance (“Professional Services”), such services will be delivered in accordance with the relevant statement of work (“SOW”). If you have ordered “ThreatZero” and/or “ThreatZero Assurance” Professional Services (as identified in the relevant Ordering Document), then, Cylance will deliver its standard ThreatZero and/or ThreatZero Assurance Professional (each, as relevant) in accordance with its standardized SOW for such Professional Services. The standardized SOWs for ThreatZero and ThreatZero Assurance Professional Services are attached hereto as Exhibits.  Any additional terms relevant to such services, including where relevant, terms regarding the applicable fees and expenses, acceptance or rejection of such services, Client obligations, etc. shall all be outlined in the relevant SOW, as applicable.  The parties agree and understand that no “work for hire” or software development services shall ever be provided or contemplated under any SOW or this Agreement.

5.    Payment. You will make all payments identified on the Ordering Document in accordance with its terms, or in any case not more than 30 days from the date of invoice.  All amounts are payable in U.S. Dollars, are nonrefundable, and are not subject to any deduction or set-off.  All fees are exclusive of all taxes, duties, shipping fees, and similar amounts, all of which are your responsibility (excluding taxes based on our income).  If you default in making any payment when due, we may, without prejudice to our other available remedies, assess a late payment charge, at the lower rate of 1.5% per month, or the maximum rate under applicable law, and/or suspend delivery of any product or service hereunder. Your failure to pay amounts when due shall be deemed a material breach of this Agreement. 

6.   Termination. A party may terminate this Agreement if the other party materially breaches any term or condition of this Agreement and does not cure such breach within thirty (30) days after receipt of notice of such breach.  Either party may terminate this Agreement upon notice to the other if the other party is adjudged insolvent or bankrupt, or upon the institution of any proceedings by or against the party seeking relief that are not dismissed within ninety (90) days, or upon its reorganization or arrangement under any laws relating to insolvency, or upon making an assignment for the benefit of creditors, or upon the appointment of a receiver,  liquidator or trustee of any of its property or assets, or upon its liquidation, dissolution or winding up. Termination or expiration of this Agreement shall immediately terminate the Term and the license granted in Section 1.  Immediately upon any termination or expiration of this Agreement, you shall: (a) pay all outstanding amounts owed to us thereunder; (b) un-install and cause all users to un-install all copies of the Software, and cease and cause all users to cease all use of the Software and Service; (c) upon request, return to us (or destroy) all copies of the Software in your possession or control; and (d) upon request, certify in writing your compliance with (b) and (c).  Upon termination or expiration of this Agreement, each party shall return or destroy the Confidential Information of the other party that is the possession or control of such party.  Any terms of this Agreement which by their nature extend beyond termination as well as any rights or obligations that have accrued prior to termination or expiration, will survive such termination, and the following Sections shall survive the termination or expiration of this Agreement: 3.2, 3.3, 5, 6, 7, 8, 9, 10 and 11.

7.   Confidentiality.

7.1   Definition.  “Confidential Information” means all non-public information that either party provides to the other party hereunder and reasonably considers to be of a confidential, proprietary or trade secret nature.  Our Confidential Information includes but is not limited to: (i) the Software, (ii) fees payable hereunder, and (iii) all technology, information, data and know-how, whether in tangible or intangible form, whether designated as confidential or not, and whether or not stored, compiled or memorialized physically, electronically, graphically, photographically, or in writing.  Confidential Information does not include any information which the receiving party can demonstrate by evidence: (a) is, as of the time of its disclosure, or thereafter becomes, part of the public domain through no fault of the receiving party; (b) was rightfully known to the receiving party without obligation of confidentiality to the disclosing party prior to the time of its disclosure, as evidenced by its records kept in the ordinary course of its business; (c) is uploaded in connection with your use of the Software to us for analysis; or (d) is, subsequent to disclosure hereunder, rightfully learned from a third party not under a confidentiality obligation to the disclosing party with respect to such Confidential Information, as evidenced by its records kept in the ordinary course of its business.

7.2   Obligations.  Each party shall: (a) not use the Confidential Information of the other party for any purpose except in performance of its rights and obligations hereunder; (b)  disclose Confidential Information of the other party only to the employees and agents of such party who need to know the Confidential Information in support of the performance of this Agreement by the receiving party, provided that such individuals have previously agreed, either as a condition to employment or in order to obtain the Confidential Information, to be bound by terms and conditions no less restrictive than those of this Section 7; and (c) treat all Confidential Information of the other party with the same degree of care as such party accords its own Confidential Information of a similar nature, but in no case less than reasonable care.  This Section shall survive for five (5) years from expiration or termination of the Term.

7.3   Authorized Disclosure.  Confidential Information of the disclosing party that is required to be disclosed by the other party pursuant to a duly authorized subpoena, court order, or government authority may be disclosed by the receiving party to the extent required, and shall continue to be the Confidential Information of the disclosing party for all other purposes and the receiving party shall, prior to disclosing pursuant to a subpoena, court order, or government authority, provide prompt notice and assistance to the disclosing party prior to such disclosure so that the disclosing party may seek a protective order or other appropriate remedy to protect against or limit disclosure. 

7.4   Your Information.  You acknowledge that the Software may collect information about your systems and applications in connection with the support of the Software including, without limitation, usersnames, filepath, MAC Addresses, network information, hardware type, model number, hard disk size, CPU type, disk type, RAM size, systems architecture, operating system, versions, locale, BIOS version, BIOS model, system telemetry, device ID, IP address, location, information about third party products, and other configurations, settings and artifacts including metadata related to the execution of Potentially Malicious Code, and you hereby consent that such information may be transferred to and processed in the USA for purposes of performance of this Agreement by Cylance.  We will not transfer such information to any third party, except to our vendors who support the platforms that we use in the regular course of our business, and who have agreed in writing to keep such information confidential.

8.   Warranties; Disclaimer; Acknowledgments.

8.1   Limited Warranty.  We warrant that, under normal use for a period of 60 days following the first date of delivery to you, the Software will operate substantially as described in our published documentation and user manual accompanying such delivery (“Documentation”).  If the Software fails to meet the foregoing warranty (“Warranty”) during the foregoing warranty period, then we will use commercially reasonable efforts to correct the nonconformity.  The Warranty does not apply (i) to the extent the Software is subjected to misuse, negligence or accident, or is used in an environment or a manner or purpose for which it was not designed as specified in the Documentation, or other than permitted herein, (ii) for claims resulting from the acts or omission or the installation, modification, alteration or repair of the Software by a person or entity other than by us or our authorized agents, or (iii) any other cause or circumstance outside of our control.  We further warrant that we have the right to enter into this Agreement and that we have used commercially reasonable efforts to prevent the Software, when delivered to you, from containing any malicious code or virus.  If we cannot correct the Software as described in this Section, your sole and exclusive remedy, and our sole liability, for breach of Warranty shall be a refund of the fees paid by you to us for the nonconforming Software during the period of non-compliance.

8.2   Disclaimer.  EXCEPT AS WARRANTED IN SECTION 8.1, ALL SOFTWARE, DELIVERABLES, INFORMATION AND SERVICES PROVIDED OR MADE AVAILABLE BY US TO YOU HEREUNDER (“Items”) ARE PROVIDED “AS IS” AND WITHOUT ANY WARRANTY WHATSOEVER, AND WE EXCLUDE AND DISCLAIM ALL OTHER WARRANTIES OF ANY KIND WHATSOEVER RELATING TO THE ITEMS, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.  WE DO NOT WARRANT THAT THE ITEMS WILL BE ERROR-FREE, COMPLETELY SECURE, OR BE PROVIDED (OR BE AVAILABLE) WITHOUT INTERRUPTION.  WE MAKE NO WARRANTIES OR REPRESENTATIONS REGARDING ACCURACY OF INFORMATIONAL CONTENT OR SYSTEM INTEGRATION, OR THE APPROPRIATENESS OF THE SOFTWARE FOR ANY PARTICULAR SYSTEM.  THE SOFTWARE AND SERVICE ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. THE SOFTWARE AND SERVICE ARE NOT FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, OR COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY OR PROPERTY DAMAGE.  SOME JURISDICTIONS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU, BUT THIS SECTION SHALL BE ENFORCEABLE TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

8.3   Your Obligations, Acknowledgments and Warranties

8.3.1     You acknowledge that the Software is designed to supplement other sources of information and is not intended to replace your professional discretion and judgment.  You accept responsibility for, and acknowledge that you exercise your own independent and professional judgment in, the selection and use of Software and any results obtained therefrom.  You warrant that you have the right to enter into this Agreement and to install the Software on any machine, equipment, device, network or system where the Software is installed.  

8.3.2     You warrant that you will not upload to the Software or Service, or cause or allow to be uploaded to the Software or Service, any data or information for which you do not have sufficient rights. YOU ACKNOWLEDGE AND WARRANT THAT YOU ARE SOLELY RESPONSIBLE AND LIABLE FOR VERIFYING THE ACCURACY AND ADEQUACY OF ANY OUTPUT FROM THE SOFTWARE AND SERVICE, AND FOR ANY RELIANCE THEREON AND TO THE MAXIMUM EXTENT PERMITTED BY LAW YOU WAIVE ANY AND ALL CAUSES OF ACTION OR CLAIMS AGAINST US ARISING THEREFROM OR RELATING THERETO.  WE CANNOT AND DO NOT WARRANT THE RESULTS THAT MAY BE OBTAINED BY THE USE OF THE SOFTWARE OR SERVICE. 

8.3.3     You acknowledge and agree that our access, analysis and associated transmission of data, including personal data, shall be deemed authorized by you for purposes of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq., the Electronic Communications Privacy Act, 18 U.S.C. § 2701 et seq., and all other applicable international, federal, state and local laws, rules and regulations that relate to, regulate, or impact the subject matter of the Software. 

9.   Indemnification.

9.1   By Cylance.  We will defend, indemnify and hold harmless you and your officers, directors, employees and agents (“Indemnified Party” or “Indemnified Parties”) from and against any third party claims, actions, suits and proceedings brought against any Indemnified Party alleging that the Software, in the form as delivered to you hereunder, infringes the U.S. copyrights or patents of such third party; provided that you provide us with (i) prompt written notice of the claim; (ii) all necessary assistance, information and authority necessary for us to defend the claim and perform our obligations under this Section 9 (at our expense); and (iii) sole control of the defense of such claim and all associated settlement negotiations.  If a claim of infringement is made or appears likely to be made with respect to the Software, we may, at our expense and discretion, enable you to continue to use the affected Software, modify the Software to make it non-infringing, replace the Software with a substantially functional equivalent, or terminate this Agreement in whole or with respect to the affected Software and provide you with a credit equal to the price paid for the affected Software, less depreciation calculated on a straight-line basis for the applicable term.  THIS SECTION STATES OUR SOLE OBLIGATION AND LIABILITY, AND YOUR SOLE AND EXCLUSIVE REMEDY, REGARDING CLAIMS OF INFRINGEMENT.

9.2   Exclusions.  Cylance will have no liability or responsibility to indemnify the Indemnified Parties under Section 9.1 with respect to any claim based upon (i) any information, component or application provided or made available by you or any third party (including without limitation Files); (ii) any modification of the Software by a party other than Cylance or our authorized agents; (iii) the combination, operation or use of the Software with non-Cylance software programs or data; (iv) the use of other than the latest release of the Software if such claim could have been avoided by use of the latest unmodified release; (v) your continuance of allegedly infringing activity after being notified thereof, or after being notified of modifications (to be made at no cost) that would have avoided the alleged infringement. 

9.3   By You.  You will defend, indemnify and hold harmless Cylance, its Affiliates, and its and their officers, directors, employees and agents (“Cylance Indemnitees”) from and against any claims, actions, suits and proceedings brought against any Cylance Indemnitee arising from or related to (a) Files; and/or (b) use of the Software delivered hereunder, except to the extent such claim is covered by the indemnification obligation of Cylance in Section 9.1.  We will provide you with (i) prompt written notice of the claim; (ii) all necessary assistance, information and authority necessary for you to defend the claim (at your expense); and (iii) sole control of the defense of such claim and all associated settlement negotiations; provided, however, that you may not settle any claim that does not fully and unconditionally release the Cylance Indemnitees from any and all liability.

10.  Limitations of Liability and Damages Cap.  TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, IN NO EVENT SHALL WE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE FOR LOST PROFITS OR REVENUES OR LOST DATA OR SIMILAR ECONOMIC LOSS, REGARDLESS OF HOW SUCH LOSSES OR DAMAGES ARE CHARACTERIZED, OR FOR ANY CONSEQUENTIAL, SPECIAL, INCIDENTAL, INDIRECT OR PUNITIVE DAMAGES, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF WE HAVE BEEN ADVISED OF SUCH CLAIM.  TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, IN NO EVENT WILL OUR TOTAL, AGGREGATE LIABILITY ARISING FROM OR RELATED TO THIS AGREEMENT (INCLUDING FOR NEGLIGENCE, STRICT LIABILITY, BREACH OF CONTRACT, WARRANTY, AND OTHER CONTRACT OR TORT CLAIMS) EXCEED THE AMOUNT OF DIRECT DAMAGES ACTUALLY INCURRED BY YOU UP TO THE AMOUNT OF FEES PAID BY YOU TO US HEREUNDER DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CAUSE OF ACTION OR CLAIM.  IN NO EVENT SHALL THE TOTAL LIABILITY OF CYLANCE ARISING FROM OR RELATING TO ANY PROFESSIONAL SERVICES PERFORMED UNDER AN SOW, WHETHER SUCH DAMAGES ARE BASED ON TORT, CONTRACT, OR ANY OTHER LEGAL THEORY, EXCEED THE AMOUNT OF FEES PAID TO CYLANCE FOR SUCH PROFESSIONAL SERVICES. This Section shall not limit damages caused by our fraud, misrepresentation or gross negligence, or to amounts payable by us to a third party pursuant to our indemnification obligation in Section 9.1.  The foregoing limitations will apply even if the above stated remedy fails its essential purpose.

11.  Additional Terms.

11.1 Compliance With Laws.  The Software and Service are provided solely for lawful purposes and use.  We make no representation that the Software or Service is appropriate for use in any given country of use.  You are solely responsible for, and agree to comply with, all applicable laws, statutes, ordinances, and other governmental authority, however designated, with respect to the use of and access to the Software and Service, including without limitation United States government laws, regulations, orders or other restrictions regarding export from the United States and re-export from other jurisdictions of software, technical data and information or derivatives of such software, or technical data and information.  You acknowledge that none of the Software or underlying information or technology may be downloaded, or otherwise exported or re-exported into (or to a national or resident of), or used in any countries or by any individual subject to U.S. any trade embargo or exclusion, including without limitation Iran, Cuba, Syria, North Korea and Sudan.  You warrant that you will not, directly or indirectly, without obtaining prior authorization from the competent government authorities as required by those laws and regulations: (1) sell, export, re-export, transfer, divert, or disclose or provide Software or Documentation to any prohibited person, entity, or destination; or (2) use the Software or Documentation for any use prohibited by the laws or regulations of the United States or your country of residence or location.  You will reasonably cooperate with us, and will provide us promptly upon request with any certificates or documents, in each case as are reasonably requested to obtain approvals, consents, licenses and/or permits required for any payment or any export or import of Software or Documentation under this Agreement.  Nothing in this Agreement shall preclude us from cooperating in any legal proceeding or government inquiry.  Cylance reserves the right at any time to request a certificate signed by your authorized representative confirming your compliance with the requirements of this Section 11.1. ‎ You acknowledge and agree that you are solely responsible for complying with any local import rules and regulations relating to your performance of this Agreement, including obtaining any approvals and licenses that may be required.

11.2  Governing Law.  This Agreement shall be governed in all respects by the laws of the State of California, without regard to conflicts of law rules or principles that would dictate a different governing law.  This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods. 

11.3  Arbitration.  Unless resolved amicably between the parties, any and all disputes, controversies, or differences which may arise between the parties, out of or in relation to or in connection with this Agreement, or the breach thereof, shall be solely and finally settled by binding arbitration pursuant to the then-current rules of JAMS.  Such arbitration shall be held in Orange County, California USA.  The arbitration shall be conducted by a single arbitrator, who shall be knowledgeable in the subject matter hereof.  The parties shall agree upon the selection of the arbitrator, but if the parties cannot agree on such selection within ten (10) days following the submittal of a demand for arbitration by a party, then the arbitrator shall be selected by JAMS.  The arbitrator will provide a written explanation to the parties of any arbitration award.  Any decision rendered by the arbitrator shall be binding, final and conclusive upon the parties, and a judgment thereon may be entered in, and enforced by, any court having jurisdiction over the party against which an award is entered or the location of the assets of such party, and the parties hereby irrevocably waive any objection to the jurisdiction of such courts based on any ground, including without limitation, improper venue or forum non conveniens.  The parties and the arbitrator shall be bound to maintain the confidentiality of this Agreement, the dispute and any award, except to the extent necessary to enforce any such award.  Notwithstanding each party agreeing to arbitrate, you acknowledge that your material breach of this Agreement may cause us irreparable harm for which there may be no adequate remedy at law, and that under such circumstances, we shall be entitled to equitable relief by injunction or otherwise in any court having jurisdiction, without the obligation of posting any bond or surety.

11.4  Severability; Amendment.  If any provision of this Agreement is held to be illegal or unenforceable for any reason, then such provision shall be deemed to be restated so as to be enforceable to the maximum extent permissible under law; the remainder of this Agreement shall remain in full force and effect.  Amendments or changes to this Agreement must be in writing and be executed by both parties to be effective.  You acknowledge that you have not relied upon any written or oral representations of Cylance in entering into this Agreement other than the representations, if any, expressly set forth in this Agreement.

11.5  Use of Names. You hereby authorize us to use your name and logo in our marketing efforts, including being publically identified as a customer of Cylance. 

11.6  United States Governmental End Users.  The Software is copyright protected Commercial Computer Software and Computer Software Documentation as those terms are defined in 48 C.F.R. 2.101.  The U.S. Government shall obtain only those rights to the Software as are authorized by 48 C.F.R. 12.212 or 48 C.F.R. 227.7202-3, as applicable.  Any use, modification, reproduction, release, performance, display or disclosure of the Software by the U.S. Government shall be governed solely by this Agreement.  The Software is deemed to be “commercial computer software” and “commercial computer software documentation,” respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable.  Any use, modification, reproduction, release, performance, display or disclosure of the Software by the United States Government shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Agreement.

11.7  Personal Data and Privacy Policy.  The privacy policy of Cylance (the “Privacy Policy”) (a copy of which is available at www.cylance.com/privacy-policy) applies to all personal data transmitted by the Software or otherwise provided by you to Cylance in connection with this Agreement.  You hereby accept the Privacy Policy, including any modified versions of the Privacy Policy that Cylance may publish from time to time on its website (www.cylance.com) or otherwise provide to you. With respect to personal data originating in the European Economic Area (“EEA”), prior to making any such personal data available to Cylance, directly or through the operation of the Software, you shall obtain consent from all persons, whether employees of you, your customers, or other third parties, whose personal data may be transmitted by the Software, to the transfer of such personal data to the USA or other countries in accordance with the Privacy Policy, and to the processing of such information for the purposes described in the Privacy Policy and/or this Agreement, or otherwise ensure the admissibility of such transfer and processing.  You also shall obtain all authorizations and give all notices to data protection authorities within the EEA that are required by applicable law prior to the transfer of such personal data to Cylance.  For purposes of personal data originating in the EEA, the terms “personal data” and “processing” shall have the meanings set forth in the Data Protection Directive 1995 (Directive 95/46/EC). With respect to personal data originating in any other jurisdiction, you shall obtain all consents, or otherwise ensure the admissibility of such transfer and processing, and take all other actions required under applicable laws to make the transfer and processing of such personal data as contemplated in the Privacy Policy and/or this Agreement fully consistent with the requirements of all applicable laws of the jurisdiction where such personal data originated.

11.8  Assignment.  You may not assign or otherwise transfer this Agreement, or its rights or duties hereunder, in whole or in part, by operation of law or otherwise, without our prior written consent.  Any assignment or transfer without the consent of Cylance will be null and void and of no force or effect.  We may assign this Agreement or its rights or duties hereunder, in whole or in part, by operation of law or otherwise, upon a sale of all or substantially all of our business or assets to which this Agreement pertains, or transfer this Agreement to an affiliate or subsidiary.  Subject to the forgoing, this Agreement shall be binding upon and inure to the benefit of the parties’ successors and permitted assigns. 

11.9  General.  The parties are independent contractors for all purposes under this Agreement.  Neither party shall be liable for any delay or failure due to force majeure and other causes beyond its reasonable control; provided that the foregoing shall not apply to your payment obligations.  The parties do not intend that any term of this Agreement be enforceable by any third party.  Any waiver or failure to enforce any provision of this Agreement will not be deemed a waiver of any other provision or of such provision on any other occasion.  Any notices or consents under this Agreement to either party must be in writing and personally delivered or sent by certified or registered mail, return receipt requested, or by nationally recognized overnight express courier, and will be delivered upon receipt.  Notices sent to you will be sent to the address specified in the Ordering Document or such other address as you may specify in writing by notice.  Notices to us shall be sent to Cylance Inc., Attn: Legal, 400 Spectrum Center Dr., Suite 900, Irvine, CA 92618 USA.

Professional Services Descriptions

Service Description
ThreatZero Services – Initial implementation

Summary of ThreatZero Services. ThreatZero Services are the initial implementation services for installing and implementing the Software for an End User. The ThreatZero Services will be performed in the following phases:

1. Planning Phase
2. Deployment and Implementation Phase- CylancePROTECT and/or CylanceOPTICS Software to be deployed and implemented on endpoints
3. Training, Final Tuning and Reporting Phase
4. Achieving Success Criteria; Service End Date

B. Detailed Description of ThreatZero Services

1. Planning Phase:

  • Cylance and End User will participate in one or more planning meetings to identify project scope (systems and software requirements, asset inventory and access requirements) and review prerequisites for Software deployment and implementation.
  • Upon conclusion of the planning meetings, Cylance will draft and finalize a project plan and deployment task list, identifying and synthesizing feedback received from relevant End User stakeholders regarding topics, including but not limited to, systems and software requirements, asset inventory and access requirements.
  •  End User to review, validate and approve the final project plan, no later than five (5) business days from delivery. If changes are requested by End User, Cylance will redeliver a project plan, until approved by End User. The final approved project plan (“Project Plan”) shall be used as a guide to complete deployment and implementation activities contemplated during the Deployment and Implementation Phase. The finally approved Project Plan can only be modified as needed based on mutual agreement of the parties.

2. Deployment and Implementation Phase:

  • Once the Project Plan is finally approved by End User, guided by input from End User stakeholders, End User will initiate and participate in the deployment plan per the Project Plan, installing the Software on endpoints, leveraging a combination of native and custom deployment methodologies. The maximum number of endpoints which Cylance will assist in deploying will be as stated in the Ordering Document and be based on the fees paid by the End User; this is only a maximum number and the actual number of endpoints which Cylance will assist in deploying will be dependent on the number made available by End User during the Initial Deployment and Implementation Phase).
  • Cylance will manage the Software implementation of deployed endpoints and tune of Software attributes based on End User input and desired outcomes.
  • Cylance will conduct weekly update meetings with End User to validate the deployment and implementation to ensure continuity.

3. Training, Final Tuning and Reporting Phase:

  • Cylance will train End User (Software administrators) on best practices on how to maintain Software and optimize solution on End User’s environment (Up to three (3) hours of training)
  • Cylance will manage and finalize learning phase and tuning of Software attributes based on End User input and to achieve Success Criteria (described below).
  • Cylance will develop and deliver operational reports memorializing configurations policies, settings, zones and other aspects of the Software deployment.

4. Achieving Success Criteria; Service End Date: The ThreatZero Services shall be deemed completed when the Success Criteria are met. Unless otherwise mutually agreed in writing, the parties assume the following objective “Success Criteria”: Unless otherwise agreed in writing between the Parties, overall ThreatZero Report Card* grade of 95% or better. This report card will reflect a weighted measurement the relevant aspects of the implementation, including the handling of all malware and potentially un-wanted Programs (PUPs), policy implementation, version control, and inventory status.

C. Other relevant Terms.

1. End User Obligations and Responsibilities. End User shall provide Cylance with appropriate information concerning, and reasonable access to, the computer systems of the End User and provide all information and data and access and full, good faith cooperation as reasonably necessary to facilitate Cylance’s delivery of these ThreatZero Services, including one or more employees of End User who have substantial computer systems and network and project management experience to act as a liaison between End User and Cylance. If End User fails or delays in its performance of any of the foregoing, and such failure or delay causes substantial or material difficulties for Cylance to perform its obligations hereunder, Cylance shall not be held responsible for the delay. End User also agrees to the following specific obligations and responsibilities:

  • End User shall identify point of contact for engagement.
  • End User shall ensure that any disclosures, consents or approvals for monitoring of endpoints (if any needed) shall be obtained in advance of any implementation or deployment of such endpoints.
  • End User shall provide Cylance with administrative access to the Cylance Software user interface.
  • End User shall be responsible for network availability of End User systems at all times during the Project Plan; End User understands that lack of network readiness or access to specific files or other data may result in lack of productivity by Cylance or may otherwise affect the accuracy of the results.
  • End User shall ensure all devices relevant to the implementation within the desired environment will be accessible via network connectivity and accessibility prior to the time that the engagement commences.
  • End User shall provide the Cylance consultant(s) with necessary documentation related to the engagement, and with relevant information on proposed applications and computing systems, on an as needed basis, to ensure success of the ThreatZero Services.
  • End User shall provide the Cylance consultant(s) with access to all necessary facilities and computer systems (to include passwords).
  • End User shall provide the Cylance consultant(s) office space or a desk while onsite, as needed.
  • End User shall request and schedule any interviews/meetings with the appropriate individuals as reasonably requested by the Cylance project manager in a timely fashion.

2. Schedule; End User Caused Delays; End User Failures that Prevent Cylance Performance. The parties will agree upon a deployment and implementation schedule as part of the Project Plan. The parties will each use reasonable commercial efforts to meet the schedule outlined in the Project Plan. Notwithstanding the foregoing, the parties agree that the timelines recited are best estimates, and all timelines for deployment and implementation efforts outlined are estimates only and subject to unforeseen circumstances. End User acknowledges that End User cooperation and access to End User personnel and systems and timely provision by End User of certain information, assistance, responses is essential to the timely performance of the these ThreatZero Services by Cylance. End User understands that Cylance shall not be liable for any deficiency or failure in performing the ThreatZero Services if such deficiency or failure results from the failure of End User to comply with its obligations hereunder or to provide the access to personnel, systems or information need for Cylance to perform ThreatZero Services. End User further agrees that if End User continues to fail to perform after two (2) written requests from Cylance, then Cylance may be relieved of its obligations hereunder with respect to those services that cannot be performed as a result of such End User failure and such services shall be deemed delivered hereunder.

Service Description
ThreatZero Assurance Services

A. Summary of ThreatZero Assurance Services. ThreatZero Assurance Services is a maintenance plan that can only be purchased after Cylance has completed ThreatZero Professional Services for End User (“ThreatZero Services”). In every case, for each delivery of ThreatZero Assurance Services, the following phases are relevant:

1. Reporting and Review Phase
2. Tuning Phase
3. Achieving Success Criteria; Service End Date

B. Detailed Description of ThreatZero Assurance Services

1. Reporting and Review Phase:

  • Cylance will generate and deliver ThreatZero Report and relevant report cards to review status of threats at the commencement of the project.
  • review of the Cylance ThreatZERO Report with End User
  • Policy review showcasing best practices, suggested modifications, and further recommendations to re-establish prevention status
  • malware status review during which threats are identified
  • review of potentially unwanted programs (“PUPs”)
  • review of memory exploit attempts and exclusions
  • review of script control events and exclusions
  • review of deployed agent version and update statuses
  • review of Software features and upgrades

2. Tuning Phase:

  • Cylance to review and refine the current status and tuning of Software attributes based on End User input and initial configuration efforts delivered previously as part of ThreatZero Assurance Services.
  • A final ThreatZero Report will be generated and relevant report card will be delivered outlining items that were remediated and/or need to be addressed.

3. Achieving Success Criteria; Service End Date: The ThreatZero Assurance Services shall be deemed completed when the Success Criterial are met. Unless otherwise mutually agreed, the parties assume the following objective “Success Criteria”: Unless otherwise agreed in writing between the parties, overall ThreatZero Assurance Report* card grade of 95% or better. This report card will reflect a weighted measurement the relevant aspects of the implementation, including the handling of all malware and potentially un-wanted Programs (PUPs), policy implementation, version control, and inventory status.

C. Other Relevant Terms

1. End User Obligations and Responsibilities. End User shall provide Cylance with appropriate information concerning, and reasonable access to, the computer systems of the End User and provide all information and data and access and full, good faith cooperation as reasonably necessary to facilitate the Cylance’s delivery of these ThreatZero Assurance Services, including one or more employees of End User who have substantial computer systems and network and project management experience to act as a liaison between End User and Cylance. If End User fails or delays in its performance of any of the foregoing, and such failure or delay causes substantial or material difficulties for Cylance to perform its obligations hereunder, Cylance shall not be held responsible for the delay. End User also agrees to the following specific obligations and responsibilities:

  • End User shall identify point of contact for engagement.
  • End User shall ensure that any disclosures, consents or approvals for monitoring of endpoints (if any needed) shall be obtained in advance of any implementation or deployment of such endpoints
  • End User shall provide Cylance with administrative access to the Cylance Software user interface
  • End User shall be responsible for network availability of End User systems at all times during the project; End User understands that lack of network readiness or access to specific files or other data may result in lack of productivity by Cylance or may otherwise affect the accuracy of the results.
  • End User shall ensure all devices relevant to the implementation within the desired environment will be accessible via network connectivity and accessibility prior to the time that the engagement commences.
  • End User shall provide the Cylance consultant(s) with necessary documentation related to the engagement, and with relevant information on proposed applications and computing systems, on an as needed basis, to ensure success of the ThreatZero Assurance Services.
  • End User shall provide the Cylance consultant(s) with access to all necessary facilities and computer systems (to include passwords).
  • End User shall provide the Cylance consultant(s) office space or a desk while onsite, as needed.
  • End User shall request and schedule any interviews/meetings with the appropriate individuals as reasonably requested by the Cylance project manager in a timely fashion.

2. End User Failures that Prevent Cylance Performance. End User understands that Cylance shall not be liable for any deficiency or failure in performing the ThreatZero Assurance Services if such deficiency or failure results from the failure of End User to comply with its obligations hereunder or to provide the access to personnel, systems or information need for Cylance to perform ThreatZero Assurance Services. End User further agrees that if End User continues to fail to perform after two (2) written requests from Cylance, then Cylance may be relieved of its obligations hereunder with respect to those services that cannot be performed as a result of such End User failure and such services shall be deemed delivered hereunder.