Terms and Conditions

Fortify 24×7 Terms and Conditions

 

1. Services and Products.

(a) Order Form. One or more quotes or other order forms signed by You and Fortify 24×7 or its authorized reseller (“Order Forms”) shall set forth the Fortify 24×7 products, software platform, and related services to be provided (the “Fortify 24×7 Services”), the time period for which they are provided (the “Term”), price, payment terms, and certain other terms and conditions in addition to those set forth herein (collectively, the “Agreement”).

(b) Fortify 24×7 Services. Subject to the terms of this Agreement and Fortify 24×7’s receipt of full payment, Fortify 24×7 grants You a limited, non-exclusive, non-transferable, non-sublicensable license to install (as applicable), access, and use the Fortify 24×7 Services for Your internal business purposes during the Term.

(c) Your Responsibilities. You are responsible for:

(i) installing and/or deploying on Your systems any software required by Fortify 24×7 to allow the Fortify 24×7 Services to function;

(ii) obtaining all required rights and authorizations for Fortify 24×7 to process the Technical Data (as defined below) and for the Fortify 24×7 Services to interact with Your systems, consistent with this Agreement, and

(iii) all activity occurring under Your user accounts for the Fortify 24×7 Services, and You shall notify Fortify 24×7 immediately if You have knowledge of any unauthorized use of such user accounts or security credentials.

(d) Resale. If you purchase Fortify 24×7 Services through an authorized reseller, these Terms and Conditions will govern but Your payment obligations will be with the authorized reseller, not Fortify 24×7. Any terms or conditions agreed to between You and the authorized reseller that are in addition to these Terms and Conditions are solely between you and the authorized reseller. Resellers are not authorized to make any modifications or changes to these Terms and Conditions, or bind Fortify 24×7 to any additional or different terms or conditions.

(e) Evaluation and Early Access Services. Any Fortify 24×7 Services and any Third-Party Software made available to You free of charge or for trial or evaluation purposes, with or without an Order Form (“Evaluation Services”) shall be available only for the limited time period that Fortify 24×7 designates in its discretion. Fortify 24×7 may modify or terminate your license to use Evaluation Services at any time, without liability. Notwithstanding anything to the contrary in this Agreement, the Evaluation Services are provided “as is,” Fortify 24×7 shall not have any warranty, indemnification, support, or service level obligations or liability with respect to the Evaluation Services and Fortify 24×7’s maximum aggregate liability with respect to the Evaluation Services shall be $500.00. Any elements of the Fortify 24×7 Services designated as “early access” or “beta” are provided “as is” without any warranty, indemnification, or service level obligations and shall not create any obligation for Fortify 24×7 to continue to develop, productize, offer for sale or in any other way continue to provide or develop such elements of the Fortify 24×7 Services.

2. Rights and Ownership.

(a) Technical Data. The Fortify 24×7 Services use a crowd-sourced environment for the benefit of all Fortify 24×7 customers in support of efforts to identify suspicious and potentially malicious activities. You hereby authorize Fortify 24×7 to collect and use, but not distribute except as provided in this Agreement, data collected from Your computing environments via the Fortify 24×7 Services, including without limitation technical information about Your devices, files, binaries, user activity, networks, systems, and software, and any other data contained therein (collectively, “Technical Data”), for the purpose of providing Fortify 24×7 Services to You and Fortify 24×7’s customers during the Term.

(b) Ownership. You own all rights, title, and interest in Technical Data. Fortify 24×7 or its licensors, as applicable, own all right, title, and interest in the Fortify 24×7 Services and Third Party Software, information (other than Technical Data) used to perform or included in the Fortify 24×7 Services, anonymized and aggregated metadata and Technical Data that is not identifiable to You or your users (“Anonymized Data”), and any modifications, enhancements, and derivative works of any of the foregoing.

(c) Standard License Restrictions. You shall not (x) sublicense, distribute, or otherwise make available the Fortify 24×7 Services to any third party; (y) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code for the Fortify 24×7 Services, circumvent their functions, or attempt to gain unauthorized access to the Fortify 24×7 Services or their related systems or networks; or
(z) use the Fortify 24×7 Services to circumvent the security of another party’s network or information. You may not access or use the Fortify 24×7 Services (i) if You are, or act on behalf of, a person or entity in the business of providing Internet security products or services substantially similar to Fortify 24×7’s products or services, (ii) to perform any competitive analysis on the Fortify 24×7 Services, or (iii) to create any service or other technology that has features or functionality the same as or similar to the features or functionality of the Fortify 24×7 Services. All rights not granted under this Agreement are reserved to Fortify 24×7.

3. Confidentiality.

(a) Confidentiality. To the extent that a party or its affiliate receives confidential or proprietary information from the other party or its affiliate, including without limitation Technical Data, during the Term of this Agreement (“Confidential Information”), the receiving party
shall employ reasonable measures to ensure the Confidential Information is not used, disclosed, sold, licensed, distributed, or otherwise made available to third parties except in the performance of, or as authorized by, this Agreement. “Confidential Information” does not include: (i) Anonymized Data, (ii) information that was publicly available at the time of disclosure or that subsequently becomes publicly available other than by a breach of this provision, (iii) information previously known by or developed by the receiving party independent of and without reference to the Confidential Information, or (iv) information that the receiving party rightfully obtains without restrictions on use and disclosure. The receiving party may disclose Confidential Information as required by applicable law or by proper legal or governmental authority, provided it uses reasonable efforts to give the disclosing party prompt notice of any such legal or governmental demand and cooperate with the disclosing party in any effort to seek a protective order or otherwise to contest such required disclosure, at the disclosing party’s expense.

(b) Deletion of Confidential Data. Upon Your request, Fortify 24×7 shall delete all of Your Confidential Information in Fortify 24×7’s possession, subject to Fortify 24×7’s use of Technical Data pursuant to Section 2(a).

(c) EU Privacy. Fortify 24×7 has certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks regarding the collection, use, and retention of personal data from European Union member countries and Switzerland, respectively.

4. Limited Warranty.

(a) Limited Warranty. Fortify 24×7 warrants that the Fortify 24×7 Services (i) will materially conform to their descriptions in the Order Form, and (ii) do not and will not contain any malicious computer code, viruses, worms, malware, advanced persistent threats, or targeted attacks. FORTIFY 24X7 MAKES NO OTHER WARRANTY TO YOU OR ANY OTHER PARTY, AND HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO THE FORTIFY 24X7 SERVICES, ANY OTHER SERVICES, OR ANY THIRD PARTY SOFTWARE INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, OF QUALITY, OF FITNESS FOR A PARTICULAR PURPOSE, OF ABSENCE OF HIDDEN DEFECTS, AND ANY WARRANTY THAT MAY ARISE FROM COURSE OF PERFORMANCE, BY REASON OF USAGE OR TRADE OR COURSE OF DEALING. THE FORTIFY 24X7 SERVICES ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. THE FORTIFY 24X7 SERVICES ARE NOT FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, OR COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, PHYSICAL INJURY OR PROPERTY DAMAGE. FORTIFY 24X7 DOES NOT WARRANT THAT THE FORTIFY 24X7 SERVICES OR THE THIRD PARTY SOFTWARE WILL OPERATE WITHOUT INTERRUPTION, OR WILL BE FREE OF DEFECTS, OR WILL DETECT OR PREVENT ALL INTRUSIONS, VULNERABILITIES TO INTRUSION OR ATTACK, UNAUTHORIZED ACTIVITY, ERRORS, DATA THEFT OR DESTRUCTION. THE FORTIFY 24X7 SERVICES AND THE THIRD PARTY SOFTWARE DO NOT PROVIDE A GUARANTEE OR WARRANTY OF PROTECTION, DETECTION, OR ACCURATE ANALYSIS OF SECURITY THREATS, AS NO THREAT DETECTION IS FAIL SAFE. FORTIFY 24X7 IS NOT RESPONSIBLE FOR TAKING ANY ACTIONS IN YOUR ENVIRONMENT, INCLUDING WITHOUT LIMITATION INCIDENT CONTAINMENT, REMEDIATION, AND RESPONSE, IN RESPONSE TO ALERTS AND OTHER DATA PROVIDED BY THE FORTIFY 24X7 SERVICES.

(b) Remedy. You shall promptly notify Fortify 24×7 in writing of any breach of the foregoing warranties. As Your sole remedy and Fortify 24×7’s sole obligation for any breach of the warranties provided herein, Fortify 24×7 shall, at its option and expense, (i) use good faith efforts to attempt to correct any such non-conformity; or (ii) terminate this Agreement and promptly refund You any prepaid fees covering the remainder of the Term after the effective date of the termination.

(c) Fortify 24×7 Tools. The Fortify 24×7 Services may include one or more Fortify 24×7 proprietary software tools such as APIs and reporting, deployment, and inventory management software tools (“Fortify 24×7 Tools”). THE FORTIFY 24X7 TOOLS ARE PROVIDED “AS IS” WITHOUT WARRANTY, INDEMNIFICATION, SUPPORT, OR SERVICE LEVEL OBLIGATIONS OF ANY KIND.

5. Indemnification.

(a) Indemnification by Fortify 24×7. Fortify 24×7 shall defend You against any claim, demand, assessment, action, suit, or proceeding brought by a third party (“Claim”) alleging that Your use of the Fortify 24×7 Services infringes the intellectual property rights of a third party, and shall indemnify You for any damages, reasonable attorneys’ fees, and costs (“Losses”) finally awarded against You as a result of, and for amounts paid by You under a settlement of, such a Claim.

In the event of such a Claim, or if Fortify 24×7 reasonably believes the Fortify 24×7 Services may be vulnerable to an infringement claim, Fortify 24×7 may, in its discretion and at no cost to You (i) modify the Fortify 24×7 Services so that they are no longer claimed to infringe,
(ii) obtain a license for Your continued use of the Fortify 24×7 Services in accordance with this Agreement, or (iii) terminate this Agreement upon 30 days’ written notice and refund to You any prepaid fees covering the remainder of the Term after the effective date of termination.

Fortify 24×7 shall not defend or indemnify You where such Loss or Claim arises in whole or in part from (i) Your non-compliance with the terms of this Agreement, (ii) Fortify 24×7’s compliance with Your specifications, instructions, or requirements or (iii) the use or combination of the Fortify 24×7 Services or any part thereof with software, hardware, data, or processes not provided by Fortify 24×7, if the Fortify 24×7 Services or use thereof would not infringe without such combination.

(b) Indemnification by You. You shall defend Fortify 24×7 and its employees, directors, shareholders, agents, and consultants (“Indemnitees”) against any Claim (i) alleging that the Technical Data infringes the intellectual property rights of a third party, (ii) alleging that Fortify 24×7 lacks the proper rights or authorizations to process the Technical Data, and/or (iii) regarding a security event involving Your systems (unless arising from Fortify 24×7’s breach of this Agreement), and You shall indemnify the Indemnitees for any Losses finally awarded against them as a result of, and for amounts paid by them under a settlement of, such a Claim.

(c) Procedure. The party seeking defense and indemnity hereunder shall (i) give the indemnifying party prompt written notice of such Claim; (ii) permit the indemnifying party to solely control and direct the defense or settlement of the Claim, provided the indemnifying party will not settle any Claim in a manner that requires the indemnified party to admit liability without the indemnified party’s prior written consent; and (c) provide all reasonable assistance in connection with the defense or settlement of such Claim, at the indemnifying party’s cost and expense. The indemnified party may, at its own expense, participate in defense of any Claim.

(d) Testimony. In the event that Fortify 24×7 or any Indemnitees are required to testify in any judicial, administrative or legislative proceeding involving You with respect to the Fortify 24×7 Services You shall reimburse Fortify 24×7 for any and all costs, expenses, and time incurred in that regard, unless the proceeding results from Fortify 24×7’s breach of this Agreement.

6. Limitation of Liability.

IN NO EVENT SHALL FORTIFY 24X7 OR ITS RESELLERS, LICENSORS, OR SUPPLIERS BE LIABLE FOR ANY INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY OR INDIRECT DAMAGES, LOSS OR INTERRUPTION OF BUSINESS OPERATIONS, LOST PROFITS, OR DATA LOSS ARISING OUT OF THIS AGREEMENT OR PROVISION OF THE FORTIFY 24X7 SERVICES OR THIRD-PARTY SOFTWARE. THE TOTAL AGGREGATE LIABILITY OF FORTIFY 24X7 AND ITS RESELLERS, LICENSORS, AND SUPPLIERS UNDER THIS AGREEMENT SHALL BE LIMITED TO THE FEES PAID BY YOU IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE FIRST CLAIM, FOR THE PARTICULAR ORDER FORM UPON WHICH THE CLAIM IS BASED. FORTIFY 24X7 AND ITS RESELLERS, LICENSORS, AND SUPPLIERS ARE NOT RESPONSIBLE FOR ANY UNAUTHORIZED DESTRUCTION, LOSS, ALTERATION, DISCLOSURE OF, OR ACCESS TO TECHNICAL DATA WHICH IS NOT IN THE POSSESSION AND CONTROL OF FORTIFY 24X7. THE FOREGOING PROVISIONS FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN THE PARTIES AND ANY MODIFICATION OF SUCH PROVISIONS WOULD SUBSTANTIALLY AFFECT THE FEES CHARGED.

7. Termination and Suspension.

(a) Termination. This Agreement (or any Order Form) may be terminated at any time by either party upon written notice if the other party materially breaches this Agreement and such breach remains uncorrected for 30 days following written notice of the breach from the other party.

(b) Suspension. Fortify 24×7 may suspend Your access to the Fortify 24×7 Services and Third Party Software (1) with immediate effect upon written notice if Fortify 24×7 reasonably determines that You are in breach of Section 2(c) (Standard License Restrictions); (2) with immediate effect upon written notice if Fortify 24×7 reasonably determines that Your use of the Fortify 24×7 Services poses a security risk or threat to the function of the Fortify 24×7 Services, or poses a security or liability risk or threat to Fortify 24×7 or its hosting provider;
(3) upon at least five (5) days’ prior notice in the event of Your material breach or threatened material breach of any other term of this Agreement; and (4) immediately upon the end of the Term if not renewed. Unless this Agreement is terminated per the preceding section, Fortify 24×7 shall restore access promptly upon its reasonable satisfaction that the cause for suspension has been cured. Suspension of the Fortify 24×7 Services does not limit Fortify 24×7’s other rights and remedies and will have no impact on the duration of the Term, any service levels, or the associated fees owed.

8. Miscellaneous.

(a) Entire Agreement. This Agreement shall be the entire agreement between the parties and supersedes all prior or present proposals, representations, undertakings, agreements, or warranties, expressed or implied, written or oral, concerning its subject matter. Any and all terms and conditions in any purchase order or other purchasing document issued by You or on your behalf (including without limitation any pre-printed terms and conditions) are rejected and shall be null and void. This Agreement may be amended only by a written instrument executed by both parties.

(b) Notices. All notices under this Agreement must be in writing and delivered by hand or sent by registered mail or nationally recognized next-day courier service addressed to the party at its address indicated on the Order Form.

(c) Waiver; Severability. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right. If a court of competent jurisdiction holds any provision of this Agreement invalid or unenforceable the remaining provisions of will remain in full force and effect, and the provision affected will be construed so as to be enforceable to the maximum extent permissible by law. The headings of this Agreement are for convenience only. In case of any difficulty in the interpretation of one or more of the headings, the headings shall have no meaning and no effect.

(d) Independent Contractor; Third-Party Beneficiaries. Fortify 24×7 is an independent contractor, this Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties. There are no third-party beneficiaries to this Agreement.

(e) Survival. Sections 2(b), 3, 5, 6, and 8 shall survive termination of this Agreement.

(f) Governing Law and Venue. This Agreement shall be governed and construed in accordance with the laws of the State of Washington without regard to the application of conflict of laws principles. The United Nations Convention on Contracts for the International Sale of Goods shall not apply. The exclusive venue for any dispute relating to or arising out of this Agreement, including without limitation its construction, effect, the performance, breach, rescission or termination, shall be in the federal or state courts for Denver, Colorado, and the parties’ consent to personal jurisdiction in such courts.

(g) Force Majeure. Fortify 24×7 shall not be responsible for any failure to perform due to unforeseen circumstances or to causes beyond its reasonable control, including but not limited to acts of God, changes in governmental laws, rules, taxes, regulations or orders, war, terrorist acts, insurrection, riot, embargoes, supplier stoppages or delays, acts of civil or military authorities, fire, floods, accidents, strikes, or shortages of transportation, facilities, fuel, energy, labor, or materials.

(h) Fees, Taxes. You will pay the fees and expenses for the Fortify 24×7 Services and any Third-Party Software as set forth in the Order Form agreed to by the parties. Failure to timely pay any undisputed invoice under this Agreement shall constitute a material breach of this Agreement by You. You will be responsible for sales and other taxes arising out of this Agreement, except for taxes imposed on Fortify 24×7’s or its reseller’s real or personal property, employment, revenue, or income.

(i) Export Controls and Sanctions. You shall not permit any third party to access or use the Fortify 24×7 Services in violation of any export or import law or regulation or export the Fortify 24×7 Services except in compliance with all applicable laws and regulations. You shall not permit the Fortify 24×7 Services to be accessed or used by anyone on the U.S. Commerce Department’s Table of Denial Orders or U.S. Treasury Department’s list of Specially Designated Nationals, or by anyone in a country subject to a United States embargo.