CyberSage, Threat Modeling Automation
CyberSage SAAS Terms and Conditions
CUSTOMER’S RESPONSIBILITIES & RESTRICTIONS.
1.1. Acceptable Use. Customer shall comply with the AUP. Customer shall not: (a) use the SaaS for service bureau or time-sharing purposes or in any other way allow third parties to exploit the SaaS; (b) provide SaaS passwords or other log-in information to any third party; (c) share non-public SaaS features or content with any third party; (d) access the SaaS in order to build a competitive product or service, to build a product using similar ideas, features, functions or graphics of the SaaS, or to copy any ideas, features, functions or graphics of the SaaS; (e) engage in web scraping or data scraping on or related to the SaaS, including without limitation collection of information through any software that simulates human activity or any bot or web crawler; (f) interfere with or disrupt the integrity of the SaaS or the data contained therein; (g) gain unauthorized access to the SaaS or Provider's systems; or (h) use the SaaS for any unlawful, invasive, or fraudulent purpose. In the event of breach of the requirements of this Section, including without limitation by Users, Provider may suspend Customer’s access to the SaaS without advanced notice and without refund, in addition to such other remedies as Provider may have. Neither this Agreement nor the AUP requires that Provider take any action against Customer or any User or other third party for violating the AUP, this Section 5.1, or this Agreement, but Provider is free to take any such action it sees fit.
1.2. Unauthorized Access. Customer shall take reasonable steps to prevent unauthorized access to the SaaS, including without limitation by protecting its passwords and other log-in information. Customer shall notify Provider immediately of any known or suspected unauthorized use of the SaaS or breach of its security and shall use best efforts to stop said breach.
1.3. Compliance with Laws. In its use of the SaaS, Customer shall comply with all applicable laws, including without limitation Privacy/Security laws.
1.4. Users & SaaS Access. Customer is responsible and liable for: (a) Users’ use of the SaaS, including without limitation unauthorized User conduct and any User conduct that would violate the AUP or the requirements of this Agreement applicable to Customer; and (b) any use of the SaaS through Customer’s account, whether authorized or unauthorized.
IP & FEEDBACK.
2.1. IP Rights to the SaaS. Provider retains all right, title, and interest in and to the SaaS, including without limitation all software used to provide the SaaS and all graphics, user interfaces, logos, and trademarks reproduced through the SaaS. This Agreement does not grant Customer any intellectual property license or rights in or to the SaaS or any of its components, except to the limited extent that such rights are necessary for Customer’s use of the SaaS as specifically authorized by this Agreement. Customer recognizes that the SaaS and its components are protected by copyright and other laws.
2.2. Feedback. Provider has not agreed to and does not agree to treat as confidential any Feedback (as defined below) that Customer, Customer’s Clients, or other Users give Provider, and nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Provider’s right to use, profit from, disclose, publish, keep secret, or otherwise exploit Feedback, without compensating or crediting Customer. Feedback will not be considered Customer’s trade secret. (“Feedback” refers to any suggestion or idea for improving or otherwise modifying any of Provider’s products or services.)
CONFIDENTIAL INFORMATION. “Confidential Information” refers to the following items Provider discloses to Customer: (a) any document Provider marks “Confidential”; (b) any information Provider orally designates as “Confidential” at the time of disclosure, provided Provider confirms such designation in writing within __ business days; (c) the Documentation and _________________________, whether or not marked or designated confidential; and (d) any other nonpublic, sensitive information Customer should reasonably consider a trade secret or otherwise confidential. Notwithstanding the foregoing, Confidential Information does not include information that: (i) is in Customer’s possession at the time of disclosure; (ii) is independently developed by Customer without use of or reference to Confidential Information; (iii) becomes known publicly, before or after disclosure, other than as a result of Customer’s improper action or inaction; or (iv) is approved for release in writing by Customer. Customer is on notice that the Confidential Information may include Provider’s valuable trade secrets.
3.1. Nondisclosure. Customer shall not use Confidential Information for any purpose other than _______________________________ (the “Purpose”). Customer: (a) shall not disclose Confidential Information to any employee or contractor of Customer unless such person needs access in order to facilitate the Purpose and executes a nondisclosure agreement with Customer with terms no less restrictive than those of this Article 6.2; and (b) shall not disclose Confidential Information to any other third party without Provider’s prior written consent. Without limiting the generality of the foregoing, Customer shall protect Confidential Information with the same degree of care it uses to protect its own confidential information of similar nature and importance, but with no less than reasonable care. Customer shall promptly notify Provider of any misuse or misappropriation of Confidential Information that comes to Customer’s attention. Notwithstanding the foregoing, Customer may disclose Confidential Information as required by applicable law or by proper legal or governmental authority. Customer shall give Provider prompt notice of any such legal or governmental demand and reasonably cooperate with Provider in any effort to seek a protective order or otherwise to contest such required disclosure, at Provider’s expense.
3.2. Termination & Return. With respect to each item of Confidential Information, the obligations of Section 7.1 above (Nondisclosure) will terminate ___________ after the date of disclosure; provided that such obligations related to Confidential Information constituting Provider’s trade secrets will continue so long as such information remains subject to trade secret protection pursuant to applicable law. Upon termination of this Agreement, Customer shall return all copies of Confidential Information to Provider or certify, in writing, the destruction thereof.
3.3. Injunction. Customer agrees that: (a) no adequate remedy exists at law if it breaches any of its obligations in this Article 7; (b) it would be difficult to determine the damages resulting from its breach of this Article 7, and such breach would cause irreparable harm to Provider; and (iii) a grant of injunctive relief provides the best remedy for any such breach, without any requirement that Provider prove actual damage or post a bond or other security. Customer waives any opposition to such injunctive relief or any right to such proof, bond, or other security. (This Section 7.3 does not limit either party’s right to injunctive relief for breaches not listed.)
3.4. Retention of Rights. This Agreement does not transfer ownership of Confidential Information or grant a license thereto. Provider will retain all right, title, and interest in and to all Confidential Information.
3.5. Exception & Immunity. Pursuant to the Defend Trade Secrets Act of 2016, 18 USC Section 1833(b), Customer is on notice and acknowledges that, notwithstanding the foregoing or any other provision of this Agreement:
(a) Immunity. An individual shall not be held criminally or civilly liable under any Federal or State trade secret law for the disclosure of a trade secret that- (A) is made- (i) in confidence to a Federal, State, or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or (B) is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.
(b) Use of Trade Secret Information in Anti-Retaliation Lawsuit. An individual who files a lawsuit for retaliation by an employer for reporting a suspected violation of law may disclose the trade secret to the attorney of the individual and use the trade secret information in the court proceeding, if the individual- (A) files any document containing the trade secret under seal; and (B) does not disclose the trade secret, except pursuant to court order.
REPRESENTATIONS & WARRANTIES.
4.1. From Provider. Provider represents and warrants that it is the owner of the SaaS and of each and every component thereof, or the recipient of a valid license thereto, and that it has and will maintain the full power and authority to grant the rights to use the SaaS set forth in this Agreement without the further consent of any third party. Provider’s representations and warranties in the preceding sentence do not apply to use of the SaaS in combination with hardware or software not provided by Provider. In case of breach of the warranty above in this Section 8.1, Provider, at its own expense, shall promptly: (a) secure for Customer the right to continue using the SaaS; (b) replace or modify the SaaS to make it noninfringing; or if such remedies are not commercially practical in Provider’s reasonable opinion, (c) refund the fees paid for the SaaS for every month remaining in the then-current Term following the date after which Customer access to the SaaS ceases as a result of such breach of warranty. If Provider exercises its rights pursuant to Subsection 8.1(c) above, Customer shall promptly cease all use of the SaaS and all reproduction and use of the Documentation and erase all copies in its possession or control. This Section 8.1, in conjunction with Customer’s right to terminate this Agreement where applicable, states Customer’s sole remedy and Provider’s entire liability for breach of the warranty above in this Section 8.1.
4.2. From Customer. Customer represents and warrants that: (a) it has the full right and authority to enter into, execute, and perform its obligations under this Agreement and that no pending or threatened claim or litigation known to it would have a material adverse impact on its ability to perform as required by this Agreement; (b) it has accurately identified itself and it has not provided any inaccurate information about itself to or through the SaaS; and (c) it is a corporation, the sole proprietorship of an individual 18 years or older, or another entity authorized to do business pursuant to applicable law.
4.3. Warranty Disclaimers. Except to the extent set forth in the SLA and in Section 8.1 above, CUSTOMER ACCEPTS THE SAAS “AS IS,” WITH NO REPRESENTATION OR WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING: (a) PROVIDER HAS NO OBLIGATION TO INDEMNIFY OR DEFEND CUSTOMER OR USERS AGAINST CLAIMS RELATED TO INFRINGEMENT OF INTELLECTUAL PROPERTY; (b) PROVIDER DOES NOT REPRESENT OR WARRANT THAT THE SAAS WILL PERFORM WITHOUT INTERRUPTION OR ERROR; AND (c) PROVIDER DOES NOT REPRESENT OR WARRANT THAT THE SAAS IS SECURE FROM HACKING OR OTHER UNAUTHORIZED INTRUSION OR THAT CUSTOMER DATA WILL REMAIN PRIVATE OR SECURE.
INDEMNIFICATION. Customer shall defend, indemnify, and hold harmless Provider and the Provider Associates (as defined below) against any “Indemnified Claim,” meaning any third party claim, suit, or proceeding arising out of or related to Customer's alleged or actual use of, misuse of, or failure to use the SaaS, including without limitation: (a) claims by Users or by Customer's employees, as well as by Customer’s own customers; (b) claims related Data Incidents (as defined below); (c) claims related to infringement or violation of a copyright, trademark, trade secret, or privacy or confidentiality right by written material, images, logos or other content uploaded to the SaaS through Customer’s account, including without limitation by Customer Data; and (d) claims that use of the SaaS through Customer’s account, including by Users, harasses, defames, or defrauds a third party or violates the CAN-Spam Act of 2003 or any other law or restriction on electronic advertising. INDEMNIFIED CLAIMS INCLUDE, WITHOUT LIMITATION, CLAIMS ARISING OUT OF OR RELATED TO PROVIDER’S NEGLIGENCE. Customer’s obligations set forth in this Article 9 include, without limitation: (i) settlement at Customer’s expense and payment of judgments finally awarded by a court of competent jurisdiction, as well as payment of court costs and other reasonable expenses; and (ii) reimbursement of reasonable attorneys’ fees incurred before Customers’ assumption of the defense (but not attorneys’ fees incurred thereafter). If Customer fails to assume the defense on time to avoid prejudicing the defense, Provider may defend the Indemnified Claim, without loss of rights pursuant to this Article 9. Provider will have the right, not to be exercised unreasonably, to reject any settlement or compromise that requires that it or a Provider Associate admit wrongdoing or liability or subjects either of them to any ongoing affirmative obligation. (“Provider Associates” are Provider’s officers, directors, shareholders, parents, subsidiaries, agents, successors, and assigns. A “Data Incident” is any (1) unauthorized disclosure of, access to, or use of Customer Data, including without limitation Excluded Data, or (2) violation of Privacy/Security Law through Customer’s account. Data Incidents include, without limitation, such events caused by Customer, by Provider, by Customer’s customers or other users, by hackers, and by any other third party.)
LIMITATION OF LIABILITY.
6.1. Dollar Cap. PROVIDER’S CUMULATIVE LIABILTY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED $______.
6.2. Excluded Damages. Except with regard to breaches of Article 7 (Confidential Information), IN NO EVENT WILL PROVIDER BE LIABLE FOR LOST PROFITS OR LOSS OF BUSINESS OR FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT.
6.3. Clarifications & Disclaimers. THE LIABILITIES LIMITED BY THIS ARTICLE 9 APPLY TO THE BENEFIT OF PROVIDER’S OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND THIRD PARTY CONTRACTORS, AS WELL AS: (a) TO LIABILITY FOR NEGLIGENCE; (b) REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, STRICT PRODUCT LIABILITY, OR OTHERWISE; (c) EVEN IF PROVIDER IS ADVISED IN ADVANCE OF THE POSSIBILITY OF THE DAMAGES IN QUESTION AND EVEN IF SUCH DAMAGES WERE FORESEEABLE; AND (d) EVEN IF CUSTOMER’S REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE. Customer acknowledges and agrees that Provider has based its pricing on and entered into this Agreement in reliance upon the limitations of liability and disclaimers of warranties and damages in this Article 10 and that such terms form an essential basis of the bargain between the parties. If applicable law limits the application of the provisions of this Article 9, Provider’s liability will be limited to the maximum extent permissible. For the avoidance of doubt, Provider’s liability limits and other rights set forth in this Article 9 apply likewise to Provider’s affiliates, licensors, suppliers, advertisers, agents, sponsors, directors, officers, employees, consultants, and other representatives.