Search Results

Blog

Category

Compliance Automation EULA

COMPLIANCE AUTOMATION END USER LICENSE AGREEMENT

This Master Subscription Agreement and all Exhibits annexed hereto (the “Agreement”) is a legal agreement by and between Anitian, Inc. (“Anitian”), and the party identified on the Proposal or similar document and entering into this Agreement for the use of the Product (“Subscriber”, “Subscriber”). In consideration of the mutual covenants and agreements set forth herein, and other good and valuable consideration, receipt of which is hereby acknowledged, the parties agree as follows:

THIS MASTER SUBSCRIPTION AGREEMENT (“AGREEMENT”) GOVERNS YOUR ACQUISITION AND USE OF ANY PRODUCT MADE AVAILABLE BY ANITIAN CORPORATION (“ANITIAN”). IF YOU REGISTER FOR AN EVALUATION USE OF OUR PRODUCTS, THIS AGREEMENT WILL ALSO GOVERN THAT EVALUATION. BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING THIS AGREEMENT OR A PROPOSAL THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A ANITIAN OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE PRODUCTS.

1. BACKGROUND. Anitian has developed Software (defined below), which it provides as part of its Products (defined below). Subscriber wishes to utilize the Products, and Anitian desires to make the Products available to Subscriber, subject to the following terms and conditions.

2. DEFINITIONS. Capitalized terms shall have the meanings set forth in this section, or in the section where they are first used.

3. “Access Protocols” means the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Subscriber or any Authorized Users to access the Products.

3.1. “Authorized User” means any individual who is an employee of Subscriber or such other person or entity as may be authorized by a Proposal, to access the one or more Products pursuant to Subscriber’s rights under this Agreement.

3.2. “Documentation” means the technical materials provided by Anitian to Subscriber in hard copy or electronic form describing the use and operation of the Software.

3.3. “Error” means a reproducible failure of the Software to substantially conform to the Documentation.

3.4. “Error Corrections” means bug fixes or workarounds intended to correct Errors in the Software.

3.5. “Intellectual Property Rights” means any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark or Product mark rights; (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) layout design rights, design rights, and other proprietary rights of every kind and nature other than trademarks, Product marks, trade dress, and similar rights; and (f) all registrations, applications, renewals, extensions, or reissues of the foregoing, in each case in any jurisdiction throughout the world.

3.6. “Proposal” means a document signed by Subscriber or an online order specifying the Products to be made available by Anitian pursuant to this Agreement.

3.7. “Product” means the software and/or managed services ordered by Subscriber through a Proposal or on-line order.

3.8. “Subscriber Content” or “Subscriber Data” are interchangeable and mean any content, including applications, data, or configurations, developed by or on behalf of Subscriber and used with the Software.

3.9. “Software” means the software programs described in Exhibit A (Software Products) and any associated user interfaces and related technology that Anitian makes available pursuant to this Agreement.

3.10. “Supported Environment” means the minimum hardware, software, and connectivity configuration specified from time to time by Anitian as required for use of the Products. The current requirements are described in Exhibit A (Software Products).

3.11. “Compliance Environment” means the cloud environment the Software creates which includes (but is not limited to) EC2 instances, VPCs, environment specific configurations, encrypted secrets, passwords, license keys, and user access controls.

3.12. “Third Party Products” means software that is included as part of the Software, but does not belong to Anitian. Subscriber’s use of Third Party Products is governed under separate End User License Agreements (EULA) for each Third Party Product.

3.13. “Cloud Infrastructure Provider” means the cloud provider (e.g. AWS) where the Subscriber will use the Software.

3.14. “Managed Services” means the on-going security monitoring and management Services that can be included with the Software. Managed Services are delivered on an on-going basis, rather than a one-time engagement. .

3.15. “Product Term” the period of time where the Subscriber is Subscribed to Products, which may also include managed services.

This Agreement was last updated on January 21, 2020. Anitian reserves the right to change, modify, add or remove portions of these terms. We will notify current account administrators of any material changes that will be posted as the amended terms on the Anitian website at Terms of Product.

Your continued use of the Software after this thirty (30) day period following the email notice of any changes to these Terms indicates your acceptance and agreement to any and all such changes.

4. PROVISION OF PRODUCTS

4.1. Access. Subject to Subscriber’s payment of the fees set forth in Exhibit A (Software Products), Anitian will provide Subscriber access to Software. On or as soon as reasonably practicable after the Effective Date Anitian shall provide to Subscriber the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Subscriber and its Authorized Users to access the Software in accordance with the Access Protocols.

4.2. Responsibility for Software and Content Hosting. Subscriber shall, at its own expense, provide for the hosting of the Compliance Environment which is accessible as part of the Products. Unless otherwise set forth on a Proposal, Subscriber is responsible for providing and using credentials for all Software components. The Subscriber shall receive a separate bill for charges and fees imposed by the provider of Cloud Infrastructure Providers or Third Party Products.

4.3. Subscriber Credentials. Subscriber may elect to provide Anitian access to keys, credentials, or passwords (“Credentials”) to access Subscriber’s applications and/or technology infrastructure. By providing Anitian any such Credentials, Subscriber authorizes Anitian to use those Credentials and to access Subscriber applications and infrastructure for the purpose of providing Products under this Agreement.

4.4. Security.

4.4.1. Anitian represents and warrants that it follows industry-standard policies and provides software features and internal practices to protect the security and integrity of Subscriber Data (including without limitation employee data). Anitian will notify Subscriber as soon as possible via telephone, to be followed-up in writing, of any actual, suspected or threatened Security Incident (as defined below) involving such Subscriber Data. The notification provided to Subscriber shall include, if known, and to Anitian’ knowledge as of the time of notice: (i) the general circumstances and extent of any unauthorized access to Subscriber Data or intrusion into the computer systems or facilities on or in which Subscriber Data is maintained; (ii) which categories of Subscriber Data were involved; (iii) the identities of all individuals whose Anitian personal information was affected; and (iv) steps taken to secure the data and preserve information for any necessary investigation. The notification required to be delivered to Subscriber under this Section shall be delivered promptly and in no event later than twenty-four (24) hours after Anitian learns of any such actual, suspected or threatened Security Incident. Anitian shall not delay its notification to Subscriber for any reason, including, without limitation, investigation purposes. Anitian shall cooperate fully with Subscriber in investigating and responding to each successful or attempted security breach including allowing immediate access to Anitian’ facility by Subscriber’s investigator, to investigate, and obtain copies of data as provided herein.

4.4.2. Security Incident occurs when Anitian knows or has reason to know that: (A) Anitian has experienced an incident resulting in the unauthorized acquisition of unauthorized use of unencrypted Subscriber Data, or encrypted Subscriber Data and the confidential process or key that is capable of compromising the security, confidentiality or integrity of Subscriber Data that creates a substantial risk of identity theft or fraud; or (B) Subscriber Data was acquired or used by an unauthorized person or used for an unauthorized purpose. In the event of any Security Incident, Anitian shall assist Subscriber to provide notification and take other reasonable actions that Subscriber, in Subscriber’s reasonable discretion, determines necessary in mitigating the effects of such Security Incident or in compliance with applicable law.

4.4.3. Subscriber’s Proprietary Information. Anitian shall (a) safeguard the Subscriber Data and, Subscriber’s Confidential Information, methods, systems, process, materials, business models, campaign configurations, trade secrets and any other information that are collected, stored or resident in the Products, or that can be derived or inferred from the Products or related deliverables (“Subscriber’s Proprietary Information”) and (b) ensure that Subscriber’s Proprietary Information is not combined, associated or kept with any information not authorized by Subscriber.

4.4.4. General Restrictions. Anitian shall only use Subscriber’s Proprietary Information or Subscriber’s Data as set forth in this Agreement, and except as set forth in this Agreement, shall not (and shall not allow any third party to): (a) sell, rent, lease, provide access to or sublicense the Subscriber’s Proprietary Information or Subscriber’s Data to a third party or use the Subscriber’s Proprietary Information or Subscriber’s Data to provide a Product to a third-party (for example, by offering consulting Products to third parties); (b) copy, reverse engineer, decompile, disassemble, modify or create any derivative product from the Subscriber’s Proprietary Information; (c) remove or obscure any product identification, proprietary, copyright or other notices contained in the Subscriber’s Proprietary Information; or (d) incorporate the Subscriber’s Proprietary Information into any other offering.

4.5. Third Party Products

The Software includes third-party software as part of the Compliance Environment. Third Party Products are licensed as part of the Software. License keys for Third Party Products will be provided to Subscriber within thirty days after the Effective Date of this Agreement.

End User License Agreements (EULA) for each Third Party Product is included with Software. Consult the Documentation for copies of each EULA.

If Subscriber does not consent to the terms of any or all of the Third Party Product EULAs, it must notify Anitian in writing within 30 days from the Effective Date of this Agreement. Subscriber must delete Third Party Products from the Compliance Environment immediately. Anitian is not obligated to assist Subscriber with deleting Third Party Products. Anitian will not provide refunds for any Third Party Products that Subscriber does not use.

Your continued use of the Third Party Products after 30 days from the Effective Data indicates your acceptance and agreement to all the terms in all Third Party Product EULAs.

5. INTELLECTUAL PROPERTY

5.1. License Grant. Subject to the terms and conditions of this Agreement, Anitian grants to Subscriber a non-exclusive, non-transferable license during the term, solely for Subscriber’s internal business purposes and in accordance with the limitations set forth in Exhibit A (Software Products), (a) to access, use, perform, and digitally display the Software as required for use of the Products and in accordance with the Documentation; and (b) to use and reproduce a reasonable number of copies of the Documentation solely to support Subscriber’s use of the Products. Anitian Corporation owns all right, title and interest, including without limitation all intellectual property and other rights, in and to the Product, Content (except for Subscriber Content, third-party content, Third Party Products, if any, therein), and Software.

Anitian Compliance Automation is proprietary Software available on SaaS subscription basis. Use of the Product and Software for any purpose not set forth in this Agreement is prohibited. All Automation Templates generated by the Product are the property of Anitian Corporation and/or its business partners, affiliates, assigns, licensors or other respective owners. Subscriber shall not decompile, disassemble, or reverse engineer the Product or any elements of the Product, or otherwise derive source or object code from the Product or any elements thereof. After the expiration of evaluation period and upon the first monthly or yearly payment, Anitian will grant to Subscriber a perpetual, non-transferable, non-sublicensable, non-exclusive, paid-up right and license to use, copy, modify and prepare derivative works of the Automation Templates, for purposes of Subscriber’s internal business only.

5.2. Limitations. The Product, together with all know-how, processes, methodologies, specifications, designs, inventions, functionality, graphics, user interfaces, techniques, methods, applications, libraries, documentation or other technology and materials of any kind, or any enhancement thereof, used or made available by Anitian to you or any Authorized User in connection with the Product and Support, constitute or otherwise involve valuable intellectual property rights of Anitian and all right, title and interest in and to the foregoing will, as between the Parties, be owned by Anitian. No title to or ownership of the Product, or any intellectual property rights associated therewith, is transferred under this Agreement and Anitian reserves all rights not otherwise expressly granted herein.

5.3. Subscriber References. Anitian may use your Anitian name and logo to identify you as a Subscriber on the Site, on publicly available Subscriber lists, and in media releases during the term of the Agreement.

5.4. Open Source Software. Certain items of software may be provided to Subscriber with the Software and are subject to “open source” or “free software” licenses (“Open Source Software”). Some of the Open Source Software is owned by third parties. The Open Source Software is not subject to the terms and conditions of the section titled

Indemnification or the subsection titled License Grant. Instead, each item of Open Source Software is licensed under the terms of the end-user license that accompanies such Open Source Software. Nothing in this Agreement limits Subscriber’s rights under, or grants Subscriber rights that supersede, the terms and conditions of any applicable end user license for the Open Source Software. If required by any license for particular Open Source Software, Anitian makes such Open Source Software, and Anitian’s modifications to that Open Source Software, available by written request at the notice address specified below.

6. FEES AND EXPENSES; PAYMENTS

6.1. Fees. In consideration for the access rights granted to Subscriber and the Products performed by Anitian under this Agreement, Subscriber will pay to Anitian the fees set forth in Exhibit B (Fees) and as otherwise required by a particular Proposal. In the event that Subscriber wishes to increase the number of Compliance Environments or Authorized Users beyond the maximum number of environments for which fees have been paid, Subscriber shall be required to pay additional fees associated with the increased number of Stack Environments, prorated for the remainder of the term.

6.2. All fees for Products are due and payable to Anitian in advance. Anitian shall be entitled to withhold performance and discontinue Product until all amounts due are paid in full. Except to the extent otherwise expressly stated therein, if an applicable Proposal or SOW provides for payment via credit card or electronic money transfer (e.g., ACH), Anitian is permitted to process such payment on the date of Anitian’s invoice. Subscriber will pay all fees specified in Proposals. Except as otherwise specified herein or in a Proposal, (1) fees are based on Products subscriptions purchased and not actual usage, (2) payment obligations are noncancelable and, fees paid are non- refundable, and (3) quantities purchased cannot be decreased during the relevant subscription term. Notwithstanding anything to the contrary, Subscriber shall not be obligated to pay for any subscription-based Product or Managed Service following Subscribers termination of the subscription-based Product or Managed Service.

6.3. Invoicing and Payment. Subscriber will provide Anitian with valid and updated credit card information, or with a valid purchase order or alternative document reasonably acceptable to Anitian. If Subscriber provides credit card information, you authorize Anitian to charge such credit card for all Purchased Products listed in the Proposal for the initial subscription term and any renewal subscription term(s) as set forth in Section Subscription Term. Such charges shall be made in advance, either annually or in accordance with any different billing frequency stated in the applicable Proposal. If the Proposal specifies that payment will be by a method other than a credit card, Anitian will invoice Subscriber in advance and otherwise in accordance with the relevant Proposal.

Unless otherwise stated in the Proposal, invoiced charges are due net 30 days from the invoice date. Subscriber is responsible for providing complete and accurate billing and contact information to Anitian and notifying Anitian of any changes to such information.

6.4. Taxes. The fees are exclusive of all applicable sales, use, value-added and other taxes, and all applicable duties, tariffs, assessments, export and import fees, or other similar charges, and Subscriber will be responsible for payment of all such taxes (other than taxes based on Anitian’s income), fees, duties, and charges and any related penalties and interest, arising from the payment of the fees, the delivery of the Products, or the license of the Software to Subscriber. Subscriber will make all payments of fees to Anitian free and clear of, and without reduction for, any withholding taxes; any such taxes imposed on payments of fees to Anitian will be Subscriber’s sole responsibility, and Subscriber will provide Anitian with official receipts issued by the appropriate taxing authority, or such other evidence as the Anitian may reasonably request, to establish that such taxes have been paid. Subscriber shall indemnify and defend Anitian in connection with any proceedings brought by any taxing authorities in connection with this Agreement.

6.5. Expenses. Subscriber shall reimburse Anitian for all costs, pre-approved by Subscriber, including Anitian’s reasonable out-of-pocket (including travel and living) expenses incurred in performing its obligations hereunder. All costs and expenses incurred by Subscriber in connection herewith are the sole responsibility of Subscriber.

6.6. Interest. Any amounts not paid when due shall bear interest at the rate of one and one half percent (1.5%) per month, or the maximum legal rate if less. Subscriber will permit Anitian or its representatives to review Subscriber’s relevant records and inspect Subscriber’s facilities to ensure compliance with this Agreement.

6.7. Audit. Anitian will give Subscriber at least ten (10) days advance notice of any such inspection and will conduct the same during normal business hours in a manner that does not unreasonably interfere with Subscriber’s normal operations. If any such audit should disclose any underpayment of fees, Subscriber shall promptly pay Anitian such underpaid amount, together with interest thereon at the rate specified in this section. If the amount of such underpayment exceeds five percent (5%) of fees actually paid during the audited period, Subscriber shall also pay Anitian for Anitian’s expenses associated with such audit.

7. SUBSCRIBER DATA AND RESPONSIBILITY

7.1. License; Ownership. Subscriber grants Anitian a nonexclusive, worldwide, royalty- free and fully paid license (a) to use the Subscriber Data as necessary for purposes of providing the Products and (b) to use the Subscriber trademarks, Product marks, and logos as required to provide the Products. The Subscriber Data hosted by Anitian as part of the Products, and all worldwide Intellectual Property Rights in it, is the exclusive property of Subscriber. All rights in and to the Subscriber Data not expressly granted to Anitian in this Agreement are reserved by Subscriber.

7.2. Authorized Users Access to Products. Subscriber may permit any Authorized Users to access and use the features and functions of the Products as contemplated by this Agreement. User IDs cannot be shared or used by more than one Authorized User at a time. If a Subscriber wishes to add additional User IDs, Subscriber may order such additional User IDs at any time by executing a new Proposal detailing the number of additional User IDs. Upon written acceptance by Anitian of the Proposal, Anitian shall make the Product(s) available to the additional Authorized Users. Subscriber shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the Products, and notify Anitian promptly of any such unauthorized use known to Subscriber.

7.3. Subscriber Warranty. Subscriber represents and warrants that any Subscriber Content hosted by Anitian as part of the Products shall not (a) infringe any copyright, trademark, or patent; (b) misappropriate any trade secret; (c) be deceptive, defamatory, obscene, pornographic or unlawful; (d) contain any viruses, worms or other malicious computer programming codes intended to damage Anitian’s system or data; or (e) otherwise violate the rights of a third party. Anitian is not obligated to back up any Subscriber Content; the Subscriber is solely responsible for creating backup copies of any Subscriber Content at Subscriber’s sole cost and expense. Subscriber agrees that any use of the Products contrary to or in violation of the representations and warranties of Subscriber in this section constitutes unauthorized and improper use of the Products.

7.4. Subscriber Responsibility for Data and Security. Subscriber and its Authorized Uses shall have access to the Subscriber Data and shall be responsible for all changes to and/or deletions of Subscriber Data and the security of all passwords and other Access Protocols required in order the access the Products. Subscriber shall have the ability, both during the term and following termination, at no cost to Subscriber, to export Subscriber Data out of the Products and is encouraged to make its own back-ups of the Subscriber Data. Subscriber shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Subscriber Data.

7.5. Copyright Policy. Anitian reserves the right to terminate its agreement with any Subscriber who repeatedly infringes third party copyright rights upon prompt notification to Anitian by the copyright owner or the copyright owner’s legal agent. Without limiting the foregoing, if Subscriber believes that a copyrighted work has been copied and posted via the Products in a way that constitutes copyright infringement, Subscriber shall provide Anitian with the following information: (a) an electronic or physical signature of the person authorized to act on behalf of the owner of the copyrighted work; (b) an identification and location in connection with the Products of the copyrighted work that Subscriber claims has been infringed; (c) a written statement by Subscriber that Subscriber has a good faith belief that the disputed use is not authorized by the owner, its agent, or the law; (d) the name and contact information, such as telephone number or e-mail address, of Subscriber; and (e) a statement by Subscriber that the above information in Subscriber’s notice is accurate and, under penalty of perjury, that Subscriber is the copyright owner or authorized to act on the copyright owner’s behalf. Contact information for Anitian’s Copyright Agent for notice of claims of copyright infringement is as follows:

Anitian, Inc.
Attn: Copyright Agent
8625 SW Cascade Ave, Suite 500 Beaverton, OR 97008
Email: info@anitian.com

8. WARRANTIES AND DISCLAIMERS

8.1. Limited Warranty. Anitian warrants to Subscriber that the Software will setup the Compliance Environment properly. Provided that Subscriber notifies Anitian in writing of any breach of the foregoing warranty during the term hereof, Anitian shall, as Subscriber’s sole and exclusive remedy, provide the support set forth in Exhibit A (Software Products) to this Agreement. This warranty gives Subscriber specific legal rights, and Subscriber may also have other rights which vary from jurisdiction to jurisdiction.

8.2. Disclaimer. THE CLOUD INFRASTRUCTURE PROVIDER AND THIRD PARTY PRODUCTS ARE NOT ANITIAN PRODUCTS. ANITIAN IS NOT RESPONSIBLE FOR THE CLOUD INFRASTRUCTURE PROVIDER OR THIRD PARTY PRODUCTS, OR FOR ANY ACTS OR OMISSIONS OF THE THIRD-PARTY PROVIDER OF THE CLOUD INFRASTRUCTURE PROVIDER OR THIRD PARTY PRODUCTS. SUBSCRIBER ACKNOWLEDGES THAT THE PROVIDER OF THE CLOUD INFRASTRUCTURE PROVIDER MAY IMPLEMENT PROCEDURES THAT WOULD MAKE IT DIFFICULT OR IMPOSSIBLE TO ACCESS SUBSCRIBER’S DATA OR THE RESOURCES MADE AVAILABLE VIA THE CLOUD INFRASTRUCTURE PROVIDER IN CERTAIN CIRCUMSTANCES (E.G., IN THE CASE OF A VIRUS, DENIAL-OF-PRODUCT, OR SIMILAR ATTACK; TRANSMISSION OR STORAGE OF INFRINGING OR ILLEGAL CONTENT; USE FOR BULK EMAIL; USE THAT COULD OR DOES HARM THE THIRD PARTY’S NETWORKS OR SERVERS OR COMPROMISE SECURITY).

8.3. Compliance Responsibility. Use of Software shall not in any way constitute a guarantee that Subscriber will be compliant with any regulations or standards including the compliance standard(s) applicable to the Software. The Anitian Compliance Automation Software is intended to assist Subscriber in building and maintain a computing environment that is compliant. Subscriber is solely responsible for obtaining necessary certifications or accreditations to meet compliance requirements. Software does not include any automatic or default certifications for any compliance standard or regulation.

9. LIMITATION OF LIABILITY

9.1. TYPES OF DAMAGES. TO THE EXTENT LEGALLY PERMITTED UNDER APPLICABLE LAW, ANITIAN OR ITS SUPPLIERS SHALL NOT BE LIABLE TO SUBSCRIBER FOR ANY SPECIAL, INDIRECT, EXEMPLARY, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY NATURE INCLUDING, BUT NOT LIMITED TO DAMAGES OR COSTS DUE TO LOSS OF PROFITS, DATA, REVENUE, GOODWILL, PRODUCTION OR USE, BUSINESS INTERRUPTION, PROCUREMENT OF SUBSTITUTE GOODS OR PRODUCTS, OR PERSONAL OR PROPERTY DAMAGE ARISING OUT OF OR IN CONNECTION WITH ANITIAN’S PERFORMANCE HEREUNDER OR THE USE, MISUSE, OR INABILITY TO USE THE SOFTWARE, DOCUMENTATION, PRODUCTS OR OTHER PRODUCTS OR PRODUCTS HEREUNDER, REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY,

WHETHER IN TORT, CONTRACT, OR OTHERWISE, EVEN IF ANITIAN HAS BEEN NOTIFIED OF THE LIKELIHOOD OF SUCH DAMAGES.

9.2. AMOUNT OF DAMAGES. THE MAXIMUM LIABILITY OF ANITIAN ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT SHALL NOT EXCEED THE FEES PAID BY SUBSCRIBER TO ANITIAN DURING THE SIX (6) MONTHS PRECEDING THE ACT, OMISSION OR OCCURRENCE GIVING RISE TO SUCH LIABILITY. NOTHING IN THIS AGREEMENT SHALL LIMIT OR EXCLUDE ANITIAN’S LIABILITY FOR GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT OF ANITIAN OR ITS EMPLOYEES OR AGENTS OR FOR DEATH OR PERSONAL INJURY. SOME STATES AND JURISDICTIONS DO NOT ALLOW FOR THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION AND EXCLUSION MAY NOT APPLY TO SUBSCRIBER.

9.3. BASIS OF THE BARGAIN. The parties agree that the limitations of liability set forth in this section shall survive and continue in full force and effect despite any failure of consideration or of an exclusive remedy. The parties acknowledge that the prices have been set and the Agreement entered into in reliance upon these limitations of liability and that all such limitations form an essential basis of the bargain between the parties.

10. CONFIDENTIALITY

10.1. Confidential Information. During the term of this Agreement, each party (the “Disclosing Party”) may provide the other party (the “Receiving Party”), whether marked or otherwise, with certain information regarding the Disclosing Party’s business, technology, products, or Products or other confidential or proprietary information (collectively, “Confidential Information”). The Receiving Party agrees: (i) not to divulge to any third person any such Confidential Information, (i) to give access to such Confidential information solely to those employees with a need to have access thereto for purposes of this Agreement, and (iii) to take the same security precautions to protect against disclosure or unauthorized use of such Confidential information that the party takes with its own confidential information, but in no event will a party apply less than reasonable precautions to protect such Confidential Information. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing the Proprietary Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. Regardless of whether so marked or identified, the Software, Documentation, and all enhancements and improvements thereto will be considered Confidential Information of Anitian.

10.2. Disclosure. Both Parties will have the right to disclose the existence but not the terms and conditions of this Agreement, unless such disclosure is approved in writing by both Parties prior to such disclosure, or is included in a filing required to be made by a Party with a governmental authority (provided such party will use reasonable efforts to obtain confidential treatment or a protective order) or is made on a confidential basis as reasonably necessary to potential investors or acquirers.

11. INDEMNIFICATION

11.1. By Anitian. Anitian will defend at its expense any claim brought, or alleged, against Subscriber, and will pay any settlement Anitian makes or approves, or any damages arising from or related to such claim, insofar as such claim is based on a claim by any third party alleging that the Software or the Products misappropriates any trade secret recognized under the Uniform Trade Secrets Act or infringes any copyright or United States patent issued as of the Effective Date. If any portion of the Software or the Products becomes, or in Anitian’s opinion is likely to become, the subject of a claim of infringement, Anitian may, at Anitian’s option: (a) procure for Subscriber the right to continue using the Software or the Products; (b) replace the Software or the Products with non-infringing software or Products which do not materially impair the functionality of the Software or the Products; (c) modify the Software or the Products so that it becomes non-infringing; or (d) terminate this Agreement and refund any fees actually paid by Subscriber to Anitian, and upon such termination, Subscriber will immediately cease all use of the Software, Documentation, and Products. Notwithstanding the foregoing, Anitian shall have no obligation under this section or otherwise with respect to any infringement claim based upon (w) any use of the Software or the Products not in accordance with this Agreement or as specified in the Documentation; (x) any use of the Software or the Products in combination with other products, equipment, software or data not supplied by Anitian, except for Third Party Products; or (y) any modification of the Software or the Products by any person other than Anitian or its authorized agents. This subsection states the sole and exclusive remedy of Subscriber and the entire liability of Anitian, or any of the officers, directors, employees, shareholders, contractors or representatives of the foregoing, for infringement claims and actions.

11.2. By Subscriber. Subscriber will defend at its expense any suit brought against Anitian, and will pay any settlement Subscriber makes or approves, or any damages finally awarded in such suit, insofar as such suit is based on a claim arising out of or relating to Subscriber’s breach of the subsections titled Subscriber Warranty and Copyright Policy. This subsection states the sole and exclusive remedy of Anitian and the entire liability of Subscriber, or any of the officers, directors, employees, shareholders, contractors or representatives of the foregoing, for the claims and actions described herein.

11.3. Procedure. In the event a party seeks indemnification as set forth herein, the following will apply: (a) the indemnified party shall promptly notify the indemnifying party in writing of any threatened or actual claim or suit; provided, however, that failure to give such notice shall not preclude indemnification with respect to any claim except to the extent of any additional or increased losses or other actual prejudice directly caused by such failure to give notice; (b) the indemnifying party shall have the right to choose counsel to defend such claim (subject to the approval of the indemnified party, which approval shall not be unreasonably withheld) and to control of the defense or settlement of any claim or suit, except that neither party shall have the right to enter into any settlement agreement that materially affects the other party’s material rights or material interests without such party’s prior written consent, which consent will not be unreasonably withheld or delayed; and (c) the indemnified party shall cooperate with the indemnifying party to facilitate the settlement or defense of any claim or suit, provided the indemnified party is reimbursed for its reasonable costs of providing such cooperation.

12. TERM AND TERMINATION

12.1. Subscription Term. Unless otherwise specified in a formal executed Proposal, the initial term of this agreement shall be twelve (12) months. This Agreement shall be automatically renew on a month-to-month basis unless either party provides written notice to the other of its intention not to renew at least thirty (30) days prior to the expiration of the then-current term.

12.2. Termination. Either party may terminate this Agreement immediately upon notice to the other party if the other party materially breaches this Agreement, and such breach remains uncured more than thirty (30) days after receipt of written notice of such breach. Subscriber may terminate a subscription-based Product or Managed Service upon not less than thirty (30) days’ notice of cancellation. If Subscriber cancels a subscription-based Product of Managed Service as set forth herein, Subscriber shall not be required to pay for any additional subscription-based Product or Managed Service.

12.3. Effect of Termination. Upon termination or expiration of this Agreement for any reason: (a) all rights and obligations of both parties, including all licenses granted hereunder, shall immediately terminate; (b) within ten (10) days after the effective date of termination, each party shall comply with the obligations to return all Confidential Information of the other party, as set forth in the section titled Confidentiality; and (c) within ten (10) days after the effective date of termination, Anitian shall discontinue all use of Subscriber Content, allow Subscriber, without cost, to export all Subscriber Content and destroy all copies of Subscriber Content in its possession (d) Subscriber will remove all Software code, content, Third Party Products and configurations from their Cloud Infrastructure Provider. The sections and subsections titled Definitions, Limitations, Warranties and Disclaimers, Limitation of Liability, Confidentiality, Indemnification, Effect of Termination, and Miscellaneous will survive expiration or termination of this Agreement for any reason.

13. MISCELLANEOUS

13.1. Governing Law and Venue. This Agreement and any action related thereto will be governed and interpreted by and under the laws of the State of Delaware, without giving effect to any conflicts of laws principles that require the application of the law of a different jurisdiction. The parties hereby expressly consents to the personal jurisdiction and venue in the state and federal courts located in New Castle County,

Delaware. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. Subscriber shall always comply with all international and domestic laws, ordinances, regulations, and statutes that are applicable to its purchase and use of the Software, Documentation, or Products hereunder.

13.2. Export. Subscriber agrees not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from Anitian, or any products utilizing such data, in violation of the United States export laws or regulations. Subscriber shall not permit Authorized Users to access or use any Products in a U.S. embargoed country (currently Cuba, Iran, North Korea, Sudan, Syria or Crimea) or in violation of any U.S. export law or regulation.

13.3. Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Without limiting the generality of the foregoing, Subscriber agrees that the section titled Limitation of Liability will remain in effect notwithstanding the unenforceability of any provision in the subsection titled Limited Warranty.

13.4. Waiver. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.

13.5. Remedies. Except as provided in the sections titled Limited Warranty and Indemnification, the parties’ rights and remedies under this Agreement are cumulative. The parties acknowledge that the Confidential Information provided by the Disclosing Party to the Receiving Party contains valuable trade secrets and proprietary information of the Disclosing Party, that any actual or threatened breach of the sections titled Intellectual Property or Confidentiality or any other breach of a party’s obligations with respect to Intellectual Property Rights or confidentiality will constitute immediate, irreparable harm to the Disclosing Party for which monetary damages would be an inadequate remedy. In such case, the Receiving Party will be entitled to immediate injunctive relief without the requirement of posting bond. If any legal action is brought to enforce this Agreement, the prevailing party will be entitled to receive its attorneys’ fees, court costs, and other collection expenses, in addition to any other relief it may receive.

13.6. No Assignment. Neither party shall assign, subcontract, delegate, or otherwise transfer this Agreement, or its rights and obligations herein, without obtaining the prior written consent of the other party, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void; provided, however, that either party may assign this Agreement in connection with a merger, acquisition, reorganization or sale of all or substantially all of its assets, or other operation of law, without any consent of the other party. The terms of this Agreement shall be binding upon the parties and their respective successors and permitted assigns.

13.7. Force Majeure. Any delay in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay is caused by a labor dispute, shortage of materials, fire, earthquake, flood, or any other event beyond the control of such party, provided that such party uses reasonable efforts, under the circumstances, to notify the other party of the cause of such delay and to resume performance as soon as possible.

13.8. Independent Contractors. Subscriber’s relationship to Anitian is that of an independent contractor, and neither party is an agent or partner of the other. Subscriber will not have, and will not represent to any third party that it has, any authority to act on behalf of Anitian.

13.9. Notices. Each party must deliver all notices or other communications required or permitted under this Agreement in writing to the other party at the address listed on the first page of the Agreement by courier, by certified or registered mail (postage prepaid and return receipt requested), or by a nationally-recognized express mail Product. Notice will be effective upon receipt or refusal of delivery. If delivered by certified or registered mail, any such notice will be considered to have been given five (5) business days after it was mailed, as evidenced by the postmark. If delivered by courier or express mail Product, any such notice shall be considered to have been given on the delivery date reflected by the courier or express mail Product receipt. Each party may change its address for receipt of notice by giving notice of such change to the other party.

13.10. Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original and all of which shall be taken together and deemed to be one instrument.

13.11. Entire Agreement. This Agreement is the final, complete and exclusive agreement of the parties with respect to the subject matters hereof and supersedes and merges all prior discussions between the parties with respect to such subject matters. No modification of or amendment to this Agreement, or any waiver of any rights under this Agreement, will be effective unless in writing and signed by an authorized signatory of Subscriber and the Anitian.

EXHIBIT A

SOFTWARE PRODUCTS

Subject to the terms and conditions of the Agreement, Anitian will provide to Subscriber the following Software Products:

  1. DESCRIPTION OF SOFTWARE.
    1. Anitian Compliance Automation. Providing software to setup and configure a cloud environment to meet compliance requirements. Software includes many components, some of which are Third Party Products.
    2. Hardened Machine Images. Providing pre-configured computer systems that are configured to meet compliance requirements.
  2. ACCESS.
    1. The Products and Documentation will be made available to Subscriber via email or other shared on-line site.
    2. At Subscriber’s request and at no charge to Subscriber, Anitian will provide an initial 1 hour telephone session to instruct Authorized Users regarding the basic access and use of the Software.
    3. Unless sated otherwise in a Master Products Agreement, State of Work, Proposal or other written agreement between the parties, the Subscription period length is 12 months, 24 months, or 36 months as specified in the Proposal.
    4. The maximum number of Compliance Environments is specified in the Proposal. Anitian and/or its suppliers may audit applicable records in order to verify Subscriber’s compliance with the Compliance Environments parameters.
  3. SUPPORT.
    During the Term, support provided to Subscriber shall comprise the following:
    1. Standard Support. Anitian shall provide email based support for use by Authorized Users Monday through Friday, 8 am to 5 pm EST, US holidays excluded, for problem resolution assistance. This Support is only available to Authorized Users. This support is exclusively for problems with Software and does not include guidance on compliance or assisting Subscriber’s auditors.
    2. Error Corrections. Anitian will use commercially reasonable efforts to correct all Errors in the Software reported by Subscriber in writing to Anitian. Anitian will utilize remote diagnostic procedures whenever possible for Error diagnosis and Error Correction. Anitian may not issue Error Corrections for all Errors.
    3. Improvements. During the Term, Anitian may, in its sole discretion, provide Subscriber with updates, upgrades, enhancements, and any other improvements that Anitian then generally offers to other subscribers to the Product.
  4. SUBSCRIBER RESPONSIBILITIES. It shall be Subscriber’s sole responsibility to perform those specific Products that are necessary to establish Subscriber’s or Authorized Users’ use of the Software, Documentation, and Products. This includes, but is not limited to: (a) providing employee lists to set up Authorized User accounts and (b) designating Authorized Users to participate in training.

  5. OTHER PRODUCTS. Anitian’s Products outside the scope of this Agreement, if any, shall be provided pursuant to Anitian’s then-current applicable Products policies and procedures, including, at a minimum, execution of Anitian’s then-current consulting/professional Products agreement and payment of Anitian’s then-current fees for such Products, plus Anitian’s reasonable costs and expenses incurred in providing such Products. Anitian will obtain Subscriber’s prior written consent prior to performing any work Product that falls outside the scope of this Agreement.

EXHIBIT B

MANAGED SECURITY

1. DESCRIPTION OF PRODUCT

1.1. Anitian Security Operations Services (“SecOps”). Provides security monitoring and management for the Anitian Compliance Automation environment(s). SecOps includes the following:

1.1.1. Attack Detection: Anitian will monitor Subscriber’s environment for signs of attack, compromise, data breach, malware, abuse, theft, or infiltration from an unauthorized source.

1.1.2. Threat Hunting: Anitian will actively review Subscriber’s data for evidence of threat actors and/or compromise within Subscriber’s environment using Anitian’s exclusive Anitian threat hunting techniques.

1.1.3. Threat Assessment: Anitian will assess the severity threats poses to Subscriber’s data, security, operations, and availability.

1.1.4. Incident Response: Anitian will respond to events using one or more of the following means:

1.1.4.1. Alert: Anitian will send an alert to the Subscriber to advise them of the incident and severity.

1.1.4.2. Automated Response: Anitian will implement automatic responses on security controls to block or quarantine malicious behavior.

1.1.4.3. Manual Response: If Anitian’s analysts determines a threat is both severe and automated defenses may not stop it, Anitian will manually configure security controls to block the attacker(s) and protect Subscriber’s data. Anitian will contact Subscriber prior to implementing any changes.

1.1.4.4. Extended Incident Response: In the rare event of a serious breach that was not blocked, Anitian can provide, for an additional cost, digital forensics Products to analyze the attack techniques and assist the Subscriber in restoring their environment to a secure state.

2. ACCESS

2.1. At Subscriber’s request and at no charge to Subscriber, Anitian will provide weekly reports to Subscriber on security issues. This report will be delivered via email or a web portal.

2.2. Unless sated otherwise in a Master Products Agreement, State of Work, Proposal or other written agreement between the parties, the Subscription period length is 12 months, 24 months, or 36 months as specified in the Proposal.

3. SUPPORT.
During the Term, support provided to Subscriber shall comprise the following:

3.1. Support. Anitian shall provide email and telephone support for use by Authorized Users 24 hours a day, for problem resolution or security incident troubleshooting. This Support is only available to Authorized Users.

3.2. Extended Guardrails. Anitian will monitor the environment for alignment with compliance requirements and report any potentially non-compliant configurations to the Subscriber.

3.3. Improvements. During the Term, Anitian may, in its sole discretion, provide Subscriber with updates, upgrades, enhancements, and any other improvements that Anitian then generally offers to other subscribers to the Product.

4. SUBSCRIBER RESPONSIBILITIES. It shall be Subscriber’s sole responsibility to perform those specific Products that are necessary to establish Subscriber’s or Authorized Users’ use of the Software, Documentation, and Products. This includes, but is not limited to: (a) providing employee lists to set up Authorized User accounts and (b) designating Authorized Users to participate in training.

5. PRODUCT LEVEL AGREEMENTS

5.1. Definitions for this Section:

5.1.1. “Incident Response” is a credible, validated threat to Subscriber’s security that requires Anitian and/or Subscriber’s personnel to respond to protect confidentiality, integrity, or availability of the environment(s).

5.1.2. “Emergency Change” is when a change that must be made to Subscriber’s environment quickly due to an immediate threat to the stability or security of the Subscriber’s environment. Subscriber’s are entitled to two Emergency Changes in any 30 day period. Additional requires may incur additional costs.

5.1.3. “Regular Changes” are policy or configuration changes that do not meet the criteria of an Emergency as defined above.

5.2. Service Level Agreements: Anitian agrees to uphold the following Service Level Agreements for SecOps.

A. Incident Response: 6 hours

B. Regular Changes: 72 hours

C. Emergency Changes: 1 hour

5.3. Remedy Process

5.3.1. This section defines the process for Subscriber’s to make a claim for any Product Level Agreement that was not met.

5.3.1.1. To receive a credit, Subscriber must submit a claim via email to claims@anitian.com within 7 business days from the date when the Product Level Agreement was violated. The claim submission must include the following information:

5.3.1.2. The email subject line must contain the words “SLA Credit Request”

5.3.1.3. The email body must contain 1) Subscriber’s name, b) Subscriber’s contact name c) Subscriber’s phone number; d) a description of the violation; and e) the date(s) and time(s) of the violation.

5.3.2. Anitian will make all credit determinations in its reasonable discretion and will notify the designated contact(s) in writing (which may be in the form of an email) of its decision. If any request is rejected, Anitian will explain the reason for this rejection.

5.3.3. For every hour Anitian violates the Service Level Agreement, Subscriber will be issued a credit of $200. In any given month, the credit applied shall not exceed US$5,000.00.

5.3.4. Subscribers who have cancelled their Product Agreement are not entitled to Service Level Agreement claims.