SecurityPal Terms and Conditions

Last Updated July 26, 2022

BY SUBMITTING AN ORDER FORM THAT IS REQUESTED AND ACCEPTED BY SECURITYPAL, INC. (“SECURITYPAL”) IN WRITING (“ORDER”), YOU OR THE ENTITY THAT YOU REPRESENT IDENTIFIED ON THE ORDER (“CLIENT”) ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND A PARTY TO THESE TERMS AND CONDITIONS (THESE “TERMS AND CONDITIONS”); UNLESS CLIENT HAS EXECUTED A SEPARATE SIGNED AGREEMENT WITH SECURITYPAL GOVERNING THE SAME SUBJECT MATTER HEREIN (THE “SEPARATE AGREEMENT”) IN WHICH CASE SUCH SEPARATE AGREEMENT SHALL APPLY TOGETHER WITH THE ORDER. PROVISION AND USE OFTHESERVICES IDENTIFIED IN THE ORDER IS CONDITIONED ON, AND CLIENT’S USE OF ANY SUCH SERVICES SHALL CONSTITUTE, CLIENT’S ASSENT TO THESE TERMS AND CONDITIONS TO THE EXCLUSION OF ALL OTHER TERMS, UNLESS OTHERWISE AGREED IN THE SEPARATE AGREEMENT. IF CLIENT DOES NOT UNCONDITIONALLY AGREE TO ALL OF THESE TERMS AND CONDITIONS,THEN IN THE ABSENCE OF A SEPARATE AGREEMENT CLIENT WILL HAVE NO RIGHT TO USE SECURITYPAL’S SERVICES.

1. Services.

SecurityPal will provide Client with the Services set forth on an order form executed by both parties (“Order”) in accordance with and subject to Client’s compliance with these Terms and Conditions and the applicable Order (together, the “Agreement”). Any capitalized terms used but not defined in these Terms and Conditions have the meanings given to them in the Order. To the extent these Terms and Conditions conflict with any Order, the Order shall control. Any terms and conditions set forth in a purchase order issued by or on behalf of Client shall not amend or modify these Terms and Conditions or any Order and shall be of no force or effect unless such terms and conditions are expressly accepted in a writing signed by an authorized signatory of SecurityPal. These Terms and Conditions may be accepted through execution of an Order incorporating these terms and conditions by reference.

2. Restrictions.

Client shall remain responsible for any breach of this Agreement by its Users. Client is solely responsible for all data, information, and other content and materials that are collected, uploaded, posted, delivered, provided, or otherwise transmitted by Client in connection with the Services, and Client represents and warrants that it has all rights necessary to grant the licenses herein without violation of any third party rights, including without limitation, any privacy rights, publicity rights, copyrights, trademarks, confidentiality, contract rights, or any other intellectual property or proprietary rights; and shall hold SecurityPal harmless from any violation of the foregoing. Client shall be responsible for maintaining the security of its passwords for accessing the SecurityPal application. Client will not disclose passwords to any third party. Should Client discover an unauthorized disclosure of any such passwords or any unauthorized access to the SecurityPal application, Client shall promptly send a notification describing said incident to security@securitypalhq.com. Upon the termination of the engagement of any user of the Services, Client will promptly remove access for such user.

3. Definition of Security Questionnaire.

A “Security Questionnaire” is defined as a form, document, or questionnaire containing no more than four hundred (400) questions regarding Client’s security practices. A form, document, or questionnaire that contains more than four hundred (400) questions counts as multiple Security Questionnaires in a quantity that reflects one (1) Security Questionnaire for every four hundred (400) questions.

4. Fees.

Client shall pay SecurityPal the fees set forth on the Order (“Fees”) in accordance with the payment terms set forth in the Order. Any invoiced amounts not received in the specified time frame are subject to a finance charge of the lesser of 1.5% per month and the greatest amount allowed by applicable law. Payment obligations are non-cancellable and non-refundable, even if Client does not use the allotted quantity of SecurityPal Tokens during the stated time periods in an Order.

5. Intellectual Property.

5.1     Client shall retain ownership of all data and information provided by Client in connection with this Agreement (“Client Data”).

5.2     SecurityPal will retain all right, title and interest, in and to its software, platform environments, tools, technologies, processes, methods, templates, generic responses and language, and SecurityPal documentation used to provide the Services; all improvements, enhancements or modifications thereto; and all intellectual property rights related to any of the foregoing (collectively, “SecurityPal IP”).

5.3     Security Questionnaires completed pursuant to the Services hereunder and delivered to Client in connection with this Agreement (“Completed Questionnaires”) may contain, in part, certain SecurityPal IP and Client Data. Client will own the Completed Questionnaires hereunder, subject to SecurityPal’s ownership of SecurityPal IP included therein (if any). If any Completed Questionnaires delivered hereunder contain any SecurityPal standard templates, or generic responses and language (collectively, “Generic Response Data”), then SecurityPal hereby grants Client and its successors a perpetual, irrevocable, worldwide, non-exclusive, right and license to use, reproduce and display such Generic Response Data as part of the Completed Questionnaires in its bona fide business activities.

6. Term; Termination.

AThis Agreement will have the term set forth on the Order. Either party may terminate this Agreement in the event the other party breaches this Agreement and fails to cure such breach within thirty (30) days from receipt of written notice thereof (provided that such notice provides sufficient detail of the breach and also states the intent to terminate). Sections 3 through 10 inclusive, as well as all outstanding payment obligations, shall survive any expiration or termination of this Agreement.

7. Confidentiality.

7.1     Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose non-public information relating to the Disclosing Party’s technology, finances, customers, operations, or business (hereinafter referred to as “Confidential Information” of the Disclosing Party) that was identified as confidential at the time of disclosure or where the nature and circumstances surrounding disclosure would cause a reasonable person to believe that such information was confidential. For the avoidance of doubt, Client Data is deemed Client’s Confidential Information. Confidential Information will not include any information that (a) is or becomes generally available to the public through no breach of this Agreement by the Receiving Party; or (b) was known, without obligation of confidentiality, by the Receiving Party prior to receipt from the Disclosing Party; or (c) was received without restriction from any person or entity that was not subject to any obligation of confidentiality or restriction on use; or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing the Confidential Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to allow the Disclosing Party to contest such order, unless prohibited from doing so by law. This Agreement is the Confidential Information of both parties, however, either party may disclose this Agreement on a need-to-know basis pursuant to its due diligence obligations in a financing or a change of control event, provided that the parties receiving the foregoing are subject to confidentiality obligations at least as strict as this Agreement.

7.2     Except as otherwise specifically provided in this Agreement, the Receiving Party agrees: (i) to use all reasonable precautions (and at least the precautions Receiving Party takes to protect its own Confidential Information) to prevent the disclosure of Disclosing Party’s Confidential Information to any third persons except to its employees and contractors with a need to have access thereto for purposes of this Agreement, and who are subject to confidentiality obligations no less stringent than the terms of this Agreement, or as otherwise directed by Client; (ii) to take the same security precautions to protect against disclosure or unauthorized use of such Confidential Information that the party takes with its own confidential information, but in no event will a party apply less than reasonable precautions to protect such Confidential Information; and (iii) not to use such Confidential Information except to exercise its rights and fulfill its obligations under this Agreement. Because of the unique and proprietary nature of the Confidential Information, it is understood and agreed that Disclosing Party’s remedies at law for a breach by the Receiving Party of its obligations under this Section may be inadequate and that the Disclosing Party will be entitled to seek equitable relief in addition to any other remedies.

7.3     Client acknowledges and agrees that SecurityPal may (i) internally use and modify (but not disclose) Client Data and other information relating to the provision, use and performance of the Services and related systems and technologies during and after the Term for the purposes of (A) providing the Services and any support or consultation services to Client and (B) generating Aggregated Anonymous Data (defined below) for SecurityPal’s business purposes, including without limitation for purposes of improving, testing, promoting and enhancing the Services and for other developmental, diagnostic and corrective purposes in connection with the Services and other SecurityPal offerings. “Aggregated Anonymous Data” means data submitted to, collected by, or generated by SecurityPal in connection with Client’s use of the Services (such as data regarding website and user interface experience, customer sales performance, and data derived therefrom), but only in aggregate, anonymized form which cannot be linked by a third party specifically to Client or any individual.

8. Warranty Disclaimer.

Each party represents and warrants to the other that it has the full right and authority to enter into, execute, and perform its obligations under this Agreement. SecurityPal warrants that the Services will be performed in a professional and workmanlike manner, consistent with industry standards. Client shall review all Completed Questionnaires for accuracy and inform SecurityPal of any needed corrections or clarifications. Client will notify SecurityPal of any warranty deficiencies within 30 days of the performance of the relevant Services and Client’s exclusive remedy will be the re-performance of the relevant Services. EXCEPT FOR THE WARRANTIES EXPRESSLY PROVIDED IN THIS AGREEMENT THESERVICES AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS-IS,” WITHOUT ANY WARRANTIES, EXPRESS OR IMPLIED, OF ANY KIND, ALL OF WHICH ARE HEREBY DISCLAIMED

9. Limitation of Liability.

NOTWITHSTANDING ANYTHING ELSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXPECT FOR GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, IN NO EVENT SHALL SECURITYPAL BE LIABLE UNDER ANY CONTRACT, TORT, WARRANTY, STRICT LIABILITY, NEGLIGENCE, OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE PROVISION OF THE SERVICES OR OTHER PERFORMANCE OF THIS AGREEMENT FOR (I) ANY SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, COMPENSATORY, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, LOST PROFITS, REVENUE, INCOME OR BUSINESS, DATA LOSS OR CORRUPTION, INTERRUPTION OF BUSINESS; AND/OR (II) ANY LIABILITY IN EXCESS OF (IN THE AGGREGATE) THE FEES PAID FOR THE SERVICES IN THE APPLICABLE ORDER IN THE TWELVE (12) MONTH PERIOD PRIOR TO THE DATE THE CAUSE OF ACTION AROSE.

10. Changes to Terms and Conditions.

SecurityPal reserves the right to change, modify, add, or remove portions of these Terms and Conditions from time to time. If SecurityPal updates or changes any part of these Terms and Conditions, SecurityPal will post the updated Terms and Conditions on securitypal.com and update the “Last updated” date above. Please be sure to review any changes made to these Terms and Conditions by occasionally checking this page for updates. The updated or changed Terms and Conditions will be effective and binding upon Client immediately. For the avoidance of doubt, any renewal or subsequent Term will be governed by the version of the Terms and Conditions available at the time of such renewal or subsequent Term.

11. Miscellaneous

This Agreement is not assignable or transferable by either party without the other party’s prior written consent; provided that, either party may, without consent, assign and transfer this Agreement to an affiliate or a successor to all or substantially all of its business or assets. Except as otherwise specified herein, any notice or communication requires or permitted under this Agreement shall be writing to the parties at the addresses on the Order (or at such other address as may be given in writing by either party to the other) and shall be deemed to have been received by the addressee: (i) if given by hand, immediately upon receipt; (ii) if given by overnight courier service, the first business day following dispatch; or (iii) if given by registered or certified mail, postage prepaid and return receipt requested, the second business day after such notice is deposited in the mail. If any provision of this Agreement shall be adjudged by a court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable. This Agreement shall be deemed to have been made in and shall be construed pursuant to the laws of the State of California, without regard to any conflicts of laws’ provisions thereof. All disputes will be subject to final and binding arbitration in accordance with the rules and procedures of the Judicial Arbitration and Mediation Services (JAMS). If available, the JAMS Streamlined Arbitration Rules & Procedures will be used. The arbitration will take place in San Francisco, California, in the English language. To the extent a claim cannot legally be arbitrated, it will be subject to the sole and exclusive jurisdiction of, and venue in, the state and Federal courts located in San Francisco, California. In any action or proceeding to enforce this Agreement, the prevailing party will be entitled to seek recovery of costs and attorneys’ fees. Any waivers or amendments shall be effective only if made in writing. This Agreement is the complete Miscellaneous. This Agreement is not assignable or transferable by either party without the other party’s prior written consent; provided that, either party may, without consent, assign and transfer this Agreement to an affiliate or a successor to all or substantially all of its business or assets. Except as otherwise specified herein, any notice or communication requires or permitted under this Agreement shall be writing to the parties at the addresses on the Order (or at such other address as may be given in writing by either party to the other) and shall be deemed to have been received by the addressee: (i) if given by hand, immediately upon receipt; (ii) if given by overnight courier service, the first business day following dispatch; or (iii) if given by registered or certified mail, postage prepaid and return receipt requested, the second business day after such notice is deposited in the mail. If any provision of this Agreement shall be adjudged by a court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable. This Agreement shall be deemed to have been made in and shall be construed pursuant to the laws of the State of California, without regard to any conflicts of laws’ provisions thereof. All disputes will be subject to final and binding arbitration in accordance with the rules and procedures of the Judicial Arbitration and Mediation Services (JAMS). If available, the JAMS Streamlined Arbitration Rules & Procedures will be used. The arbitration will take place in San Francisco, California, in the English language. To the extent a claim cannot legally be arbitrated, it will be subject to the sole and exclusive jurisdiction of, and venue in, the state and Federal courts located in San Francisco, California. In any action or proceeding to enforce this Agreement, the prevailing party will be entitled to seek recovery of costs and attorneys’ fees. Any waivers or amendments shall be effective only if made in writing. This Agreement is the complete and exclusive statement of the mutual understanding of the parties relating to the subject matter hereof. No delay, failure or default will constitute a breach of this Agreement to the extent caused by matters beyond the applicable party’s reasonable control, including, without limitation, acts of war, terrorism, fire, floods, hurricanes, earthquakes, pandemics, epidemic, riots or other acts of civil disorder or political unrest, embargoes, outages of third party connections, utilities, or telecommunications networks, internet-access issues, and other third party mechanical, electronic or commmunications failures or degradation (each and collectively, “Force Majeure Events”).