TruSTAR TECHNOLOGY, INC., A DELAWARE CORPORATION (TruSTAR) IS WILLING TO GRANT YOU (AUTHORIZED USER) ACCESS TO THE TruSTAR PRODUCT OFFERING (THE SYSTEM) ONLY UPON THE CONDITION THAT YOU ACCEPT ALL THE TERMS CONTAINED HEREIN. BY CLICKING “ACCEPT” YOU CONSENT AND AGREE TO ALL THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO (OR CANNOT COMPLY WITH) ALL OF THE TERMS OF THIS AGREEMENT, THEN YOU MUST CLICK “DECLINE” AND YOU WILL NOT BE AUTHORIZED ACCESS TO USE THE TruSTAR SYSTEM.
If You are using the Service on behalf of an entity, You represent and warrant that You are authorized to accept the Terms on such entity’s behalf, and that such entity agrees to indemnify You and TruSTAR Technology for violations of the Terms.
Definitions. The following definitions shall apply to the Agreement:
“Agreement” the terms and conditions of this Exhibit A, as well as the terms and conditions contained in any exhibits, statements of work or purchase orders entered into by the Parties that reference the foregoing.
“Authorized User” means any of Client’s officers, providers, employees, agents or associated Clients who are authorized hereunder to access the System and otherwise receive the Services.
“Confidential Information” means all data disclosed by one party (“Discloser”) to the other party (“Recipient”), whether before or after the execution of this Agreement, in any form whatsoever, that is Client Data, or is information specifically marked as “confidential”.
“Disaster” means one or more of the following: (i) loss of the Services or the System used to provide the Services; (ii) destruction or loss of a component that prevents Provider from providing the Services; or (iii) an event or potential event, natural or otherwise, which threatens to prevent the provision of the Service from the primary data center.
“Documentation” means user and technical manuals and other documentation provided to Client hereunder describing the Services, the System, and their respective features, functionality, requirements and specifications.
“Insolvency Event” means that a party becomes insolvent, makes a general assignment for the benefit of creditors, files a voluntary petition of bankruptcy, suffers or permits the appointment of a receiver for its business or assets, or becomes subject to any proceeding under any bankruptcy or insolvency law, whether domestic or foreign, or has wound up or liquidated, voluntarily or otherwise.
“Laws” means applicable laws, rules, regulations, directives, ordinances, orders, governmental requirements or statutes.
“Client Data” means any data or information in the possession of the Client prior to being uploaded to TruSTAR’s servers or data that is uploaded to TruSTAR’s servers, but restricted to a Client Private Enclave.
“Client Published Data” means any data or information, whether anonymized or not, which is uploaded to the TruSTAR servers and not restricted to a Client Private Enclave.
“Client Private Enclave” means a restricted channel for Client Published Data accessible only by Authorized Users of that Enclave as administered by Client. For clarity, Client Published Data restricted to Client Private Enclave will not be accessible to any other Authorized Users at any time except those specifically designated and administered by Client. Client Published Data restricted to a Client Private Enclave is treated as Client Data.
“Person” means an individual, a corporation, partnership, limited liability company, association, trust, unincorporated organization, or other legal entity or organization.
“Prior Works” means Provider’s prior knowledge, including works of authorship, the System, ideas, concepts, methodologies, and processes developed or acquired in connection with Provider’s performance of professional services without Client’s assistance before the Effective Date.
“Security Breach” means any actual or reasonably suspected misuse, compromise, or unauthorized access or disclosure of the System or any data uploaded to the System.
“Service” or “Services” means access to, and use of, the System, together with any optional, related services provided to Client pursuant to the Agreement or applicable Statement of Work.
“Statement of Work” means any SOW incorporated into this MSA that references the foregoing.
“The System” means the computer program or programs compromising TruSTAR’s product offering including all software and user tools, the means of accessing the product provided to Client by Provider, new releases, updates, upgrades, modifications, patches and maintenance thereto.
Description of Services.
- Services. This Agreement shall apply only to the services offered by the System and those included in this Agreement. In the event Client desires Provider to provide additional services, (i.e., services other than the Services), including, without limitation, custom software development, enhanced implementation or integration, or the like, a separate, written agreement will be required.
- Set up. Client is solely responsible for all hardware, network and other equipment required by Client and/or its Authorized Users for implementation and use of the Services.
- Service Level. Service level terms and conditions are set forth in attached Exhibit B.
- Client hereby acknowledges and agrees that its rights, and those of its Authorized Users, to access and utilize the System and receive the Services are strictly limited to those expressly set forth herein, and, as between Client and Provider, all other rights, title and interest in and to the System, the Services, all Client Published Data outside of Client Private Enclave, and any related intellectual property rights, are, and shall remain, the sole property of Provider.
- Ownership of Data. As between the Parties, Client shall be the sole owner and controller of all Client Data and Client Published Data restricted to a Client Private Enclave. The Provider shall be the sole owner and controller of all other Client Published Data. However, Provider will not sell, assign, lease or otherwise transfer, dispose of or provide Client Data to third parties.
- Neither Client, nor Authorized User, shall attempt, directly or indirectly, or allow any third party to attempt, to copy, modify, duplicate, create derivative works from, republish, co-brand, reverse compile or engineer, disassemble, download, transmit, rent, distribute or otherwise utilize all or any portion of the Services and/or System in any form or media or by any means whatsoever, except that a Client or Authorized User may copy or download data from the System solely for Client’s or Client Authorized User’s internal business use as contemplated by this Agreement or for any other use authorized by this Agreement.
- Prior Works. Provider reserves all right, title, and interest in and to any of the Prior Works that Provider shall use in the performance of Services for Client. Provider hereby grants Client a non-exclusive, worldwide, royalty-free, license (with right to sublicense) to use its Prior Works during the Term of this Agreement and applicable Statement of Work as necessary to receive the Services. Nothing contained herein shall prohibit Provider from using any of Provider’s general knowledge to perform similar services for others.
- The provisions of this Section 2 shall survive any termination of this Agreement.
- Confidential Information is, shall be and shall remain the exclusive property of the Discloser. Recipient shall treat Confidential Information in accordance with how Recipient ensures confidentiality of its own proprietary and other confidential information (which shall not fall below a reasonable standard of care). Recipient shall not use, copy, publish, distribute or disclose it to others, nor allow or authorize anyone else to do so, without Discloser’s prior written approval, such approval to be withheld, delayed or conditioned by Discloser in its sole discretion. Neither Recipient nor its Authorized Users shall directly or indirectly make use of Confidential Information except as expressly authorized under this Agreement. Recipient shall (except as provided for herein) promptly return Confidential Information to Discloser upon Discloser’s reasonable request. For clarity, Client Published Data that is not restricted to a Client Private Enclave shall not be considered Confidential Information for purposes of any obligation, duty, requirement, or prohibition imposed by this Agreement. Notwithstanding the foregoing, Client will be permitted to disclose Confidential Information of the Provider, including this Agreement, to regulatory authorities having jurisdiction over Client, provided, however that Client will notify Provider of such disclosure (to the extent practicable and permissible by law, unless prohibited by such regulator).
- In the event that Recipient is made or becomes aware of any instance of unauthorized use or disclosure of the Discloser’s Confidential Information, Recipient agrees to notify Discloser of the same and to take such steps as may be reasonably directed by Discloser to prevent the recurrence of such unauthorized use or disclosure, and to mitigate any damages arising from the unauthorized use or disclosure. Furthermore, Recipient will cooperate with Discloser in pursuing any of Discloser’s legal remedies against third parties that have impermissibly accessed or used the disclosing Party’s Confidential Information that was in the possession of Recipient or its subcontractors, if any. The Parties hereto specifically agree that any breach of this Section 4 may result in irreparable harm. If a court of competent jurisdiction finds that Recipient has breached any of such obligations, Recipient agrees that, without any additional findings of irreparable injury or other conditions to injunctive relief, it will not oppose the entry of an appropriate order compelling its performance and restraining it from any further breaches (or attempted or threatened breaches).
- Physical Security. Any system or device used to store, process, access, or transmit data from System shall be physically secure in a manner reasonably consistent with industry best practices. At a minimum, such system or device shall either be fixed in a facility with controlled access and appropriate physical security or, in the case of a laptop or mobile device, shall automatically lock or log out after a defined period of inactivity and shall be capable of being managed and erased remotely by an authorized technology administrator. No data from System may be stored or transferred on any “thumb drive” or similar portable device.
- Logical Access. Any system or device used to store, process, access, or transmit Client Data or Client Pubished Data shall be logically secure in a manner reasonably consistent with industry best practices. At a minimum, access to any such system or device shall be: (i) protected by a firewall with all ports blocked except those required to be open, and (ii) limited to unique named users with Strong Passwords (as defined below) who have a need to know or access Client Data or Client Published Data. A “Strong Password” is a password comprised of no less than eight (8) characters and shall include at least one each of the following: uppercase letters, lowercase letters, numeric characters, and special characters.
- Disposal. If either party disposes of any system or device on which it has stored Client Data or Client Published Data, it shall first erase such system or device using a double erase method (low values and high values) or by other materially comparable or better process.
- Survival. The parties’ obligations under this Section 5 shall continue for a period of five (5) years from the date of this Agreement’s termination or expiration.
Default and Termination.
- Either party may elect to terminate for any reason upon thirty (30) days written notice. In the event of termination prior to the expiration of any Statement of Work after an upfront payment, payment will be refundable on a pro-rated basis for the period thirty (30) days from date of receipt of the termination notice through the expiration of any Statement of Work.
- Rights and Obligations of Parties upon Termination or Expiration. Upon the termination or expiration of any Statement of Work or this Agreement, Provider shall, upon Client’s request, make all reasonable efforts to provide the Client with a copy of all Client Published Data then in the Provider’s possession or control.
- Limited Representations and Warranties.
- Provider hereby represents and warrants to Client that it:
- Will perform the Services in a good and skillful manner, within the specified dates, time frames and milestones more fully set forth in the Agreement and any applicable Statement of Work, consistent with industry best practices, and make commercially reasonable efforts to meet the service levels defined in Exhibit B.
- Shall insure that all other TruSTAR Clients meet materially similar requirements as those defined in this Agreement.
- Shall at all times provide the Services, in accordance with any and all applicable local, state, and federal regulations and laws and only for the purposes authorized herein.
- Is not subject to any governmental, agency, or industry sanctions or restrictions.
- Employs reasonable precautions consistent with industry standards applicable to the performance of information technology services in the securities industry to protect against unauthorized intrusions and systems access, acts involving denial or service or misappropriation of service, unsolicited email, viruses, worms, Trojan horses and other harmful or malicious acts or code.
- Client hereby represents and warrants to Provider that it:
- Is not subject to any governmental, agency, or industry sanctions or restrictions.
- Shall not use the Services for or in connection with the sharing of competitively sensitive information—such as recent, current, and future prices, cost data, or output levels—or otherwise attempt price or other competitive coordination among itself and others, including any other TruSTAR Clients; and
- Shall at all times use the Services, in accordance with any and all applicable local, state, and federal regulations and laws and only for the purposes authorized herein.
DISCLAIMER OF REPRESENTATIONS OR WARRANTIES. THE EXPRESS WARRANTIES MADE IN THIS AGREEMENT ARE THE ONLY WARRANTIES MADE BY PROVIDER WITH RESPECT TO THE SERVICES AND SOFTWARE PROVIDED HEREUNDER, AND SUCH EXPRESS WARRANTIES ARE MADE EXPRESSLY IN LIEU OF ALL OTHER WARRANTIES AND REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, OR WARRANTY OF MERCHANTABILITY THAT THE SERVICES WILL BE ERROR-FREE OR UNINTERRUPTED, AND THAT SYSTEM DATA IS ACCURATE OR APPROPRIATE FOR ANY PARTICULAR CIRCUMSTANCE OR ACTION.
- Service Use. Provider hereby grants and Client hereby accepts the non-exclusive, royalty-free, worldwide right to: (i) use and permit the limited number of Authorized Users set forth in the applicable Statements of Work to use the Services, including the System and any and all software made available by Provider to Client in conjunction with the performance of the Services, from an unlimited number of locations pursuant to the terms and conditions of any applicable Statement of Work; and (ii) use the System for its business purposes, including but not limited to for malware and cyber security threat identification, evaluation and remediation.
- License. As of the Effective Date, and subject to the terms and conditions of this Agreement, Provider hereby grants to Client, and Client hereby accepts a worldwide, royalty free, fully paid up, nonexclusive, and perpetual license to: (i) use the System consistent with its business purpose and with this Agreement; (ii) allow Authorized Users to use the System for its business purposes consistent with this Agreement; and (iii) use, translate, modify or create derivative works to the Documentation, in whole or in part for use in connection with the permitted use of the System.
- As between Client and Provider, other than the limited use and license rights provided herein, all rights, title, and interest in and to the System, the Services, and Client Published Data outside of a Client Private Enclave and any related intellectual property rights, are, and shall remain, the sole property of Provider.
- Neither Client, nor any Authorized User, shall modify, adapt, decompile, disassemble or reverse engineer the System without the written permission from Provider. Neither Client, nor any Authorized User, shall rent, lease, lend, sell, sublicense, distribute, operate a service bureau business, or otherwise make the Services provided hereunder available to any third party, except as expressly permitted by or contemplated by this Agreement. Neither Client, nor any Authorized User shall attempt, directly or indirectly, or allow any third party to attempt, to copy, modify, duplicate, create derivative works from, republish, co-brand, reverse compile or engineer, disassemble, download, transmit, rent distribute or otherwise utilize all or any portion of the Services or System in any form or media or by any means whatsoever.
- Client hereby agrees to defend, indemnify and hold harmless Provider, its officers, directors, employees, agents and attorneys, from and against all third party suits, claims, or other actions, , from any damages and expenses, including reasonable attorneys’ fees, where the aforementioned is arising out of or related to (i) Client’s use of Services by Client or its Authorized Users that infringes any third party intellectual property rights and (ii) any breach by Client (or one its Authorized Users) of its the representations or warranties set forth in Section 7 above.
- Provider hereby agrees to defend and hold harmless Client, its officers, directors, employees, agents and attorneys, from and against all suits, claims, or other actions, and will indemnify Client, from any damages and expenses, including reasonable attorneys’ fees, arising out of claims that Client’s use of the Services or System, as authorized hereunder, infringe any third party intellectual property rights or arising out of or related to any breach by Provider of its material obligations hereunder, including the representations or warranties set forth in Section 7 above.
- The foregoing indemnification by each party shall be subject to the following: (i) The indemnified party promptly notifies the other party in writing of the claim; provided that the failure to so notify the indemnifying party shall not relieve the indemnifying party of any liability it may have to the indemnified party hereunder except to the extent the indemnifying party has been materially prejudiced thereby; (ii) the indemnifying party has sole control of the defense and all related settlement negotiations with respect to the claim, provided, however, that the indemnified party has the right, but not the obligation, to participate at its expense in the defense of any such claim of action through counsel of its own choosing (except that the indemnifying party may not settle any claim against the indemnified party unless it unconditionally releases the indemnified party of all liability), (iii) the indemnified party cooperates fully to the extent necessary, and executes all documents necessary, for the defense of such claim, and (iv) any third party claims that arise from a breach of Client’s indemnification obligations pursuant to Section 9(a) would be capped at $1,000,000USD.
- Client’S LIABILITY/LIMITATION OF LIABILITY. Client hereby acknowledges, represents and agrees that it accepts sole and complete responsibility for: (a) the selection and use of the Services to achieve Client's intended results; (b) use of the Services, or the results obtained from the Services, including, without limitation, the data from System and any reports or alerts provided by TruSTAR; (c) whether to use the System tools available to Client to anonymize any data it provides to TruSTAR hereunder; (d) any decisions regarding reliance on/use of data, results or other information obtained from or provided by the Services; and (e) the terms of any contracts between Client and Authorized Users and or third parties. Except for breach of a Party’s confidentiality and nondisclosure obligations, and except for obligations arising under a Party’s indemnification obligations hereunder, neither party will be liable to the other for incidental, consequential or special damages even if advised, in a sufficiently timely fashion to mitigate any such damages, of the possibility of such damages.
- Notices. Any notice or other communications required or permitted hereunder shall be sufficiently given if in writing and delivered personally or sent by a reputable third party delivery service, registered mail, or certified mail, postage prepaid and addressed as noted in the Primary SOW, provided however, that any invoices to Client shall be submitted electronically via Client’s then current electronic invoicing system, or as otherwise directed in writing by Client. Any notice sent to Client shall require a copy to be sent to the Client Point of Contact as depicted in the Primary SOW.
- Assignment. Neither Party shall assign, convey, encumber, or otherwise dispose of the Agreement or any rights or obligations hereunder without the prior express written consent of the other Party and any attempt to do so will be void. The Agreement shall be binding upon and inure to the benefit of the Parties hereto and their respective successors and permitted assigns.
- Relationship of Parties. Provider represents that its business and the performance of Services shall satisfy the test of independent contractor status under applicable laws. Provider agrees that the Provider Personnel shall be, and will remain at all times during the performance of Services, Provider’s employees, agents or sub-contractors. Provider as applicable, shall comply with the requirements of the Fair Labor Standards Act, as amended, in providing Services hereunder.
- Governing Law; Forum Selection. This Agreement shall be governed exclusively by the laws of New York, USA, without regard to its conflicts of laws principles. Any action under or concerning this Agreement shall be brought exclusively in the city and state of New York, USA. The parties irrevocably agree and consent that said forum is convenient and has jurisdiction to hear and decide any such action.
- Headings. The captions and headings herein are for convenience only, and shall not be deemed to constitute integral provisions of this Agreement.
- Severability. If any term, provision, covenant or condition of this Agreement is held invalid or unenforceable for any reason, the remainder of the provisions shall continue in full force and effect as if this Agreement had been executed with the invalid portion thereof eliminated, and a court of competent jurisdiction shall substitute for the invalid provision a valid and enforceable alternative which most closely approximates the original intent of the parties with respect to the affected provision.
- No Waiver. The delay or failure of either Party to exercise any right under this Agreement or to take action against the other party in the event of any breach of this Agreement shall not constitute a waiver of such right, or any other right, or of such breach, or any future breaches, under this Agreement.
- Force Majeure. Both parties will not be held responsible for any delay or failure in performance of any part of this Agreement to the extent that such delay is caused by events or circumstances beyond the Provider's or Client’s reasonable control, including but not limited to fire, flood, storm, act of God, war, malicious damage, failure of a utility service or transport or telecommunications network.
- Complete Agreement. This Agreement constitutes the entire agreement between the parties with respect to the System and the Services, and supersedes any and all prior or contemporaneous understandings or agreements whether written or oral. No amendment or modification of this Agreement will be binding unless reduced to a writing signed by duly authorized representatives of the parties and such writing makes specific reference to this Agreement and its intention as an amendment hereto.
- Counterparts. This Agreement may be executed simultaneously with any number of counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument.