End User Licensing Agreement
This End User License Agreement (“EULA”) governs Subscriber’s license and use of certain Software and/or Products developed by Anitian, Inc. (“Anitian”). If Subscriber registers for an evaluation use of Anitian’s Software or Products, this EULA will also govern that evaluation. By accepting this EULA, Subscriber agrees to the terms of this EULA. If the person is entering into this EULA on behalf of another legal entity, you represent that you have the authority to bind such entity and its affiliates to these terms and conditions, in which case the terms “you” or “your” shall refer to such entity and its affiliates. If you do not have such authority, or if you do not agree with these terms and conditions, you must not accept this agreement and may not use the software or the platforms the software creates.
In the event of a contradiction between this Addendum and a Master Agreement, the Master Agreement shall take precedence.
Capitalized terms shall have the meanings set forth in this section, or in the section where they are first used.
“Access Protocols” means the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Subscriber or any Authorized Users to access the Products.
“Authorized User” means any individual who is an employee of Subscriber or such other person or entity as may be authorized by a Proposal, to access the one or more Products pursuant to Subscriber’s rights under this Agreement.
“Documentation” means the technical materials provided by Anitian to Subscriber in hard copy or electronic form describing the use and operation of the Software.
“Error” means a reproducible failure of the Software to substantially conform to the Documentation.
“Error Corrections” means bug fixes or workarounds intended to correct Errors in the Software.
“Intellectual Property Rights” means any and all now known or hereafter existing (a) rights associated with works of authorship, including copyrights, mask work rights, and moral rights; (b) trademark or service mark rights; (c) trade secret rights; (d) patents, patent rights, and industrial property rights; (e) other layout design rights, design rights, and other proprietary rights of every kind and nature; and (f) all registrations, applications, renewals, extensions, or reissues of the foregoing, in each case in any jurisdiction throughout the world.
“Product(s)” means one or more software products Anitian has developed and are licensed to Subscriber as defined in one or more Proposals or on-line orders. Products Anitian provides include, but are not limited to: Anitian Compliance Automation, Anitian Cloud Security Platform, PCI Hardened AWS Amazon Machine Images, Anitian Cloud Security Information and Event Manager (SIEM), and Anitian Cloud Automation.
“Proposal” means a document signed by Subscriber or an online order specifying the Software and/or Services to be made available by Anitian pursuant to this Agreement.
“Subscriber Content” or “Data” are interchangeable and mean any Subscriber-specific content. This includes, but is not limited to, security logs, system logs, system configurations, custom scripts, Thirdparty software, and information the Subscriber input or uploaded to software components.
“Software” refers generically to any software, code, scripts, automations, configurations, or other intellectual property developed by Anitian and licensed to Subscriber under the terms of this EULA. Software may also be part of one or more of the Products provided to Subscriber as defined in one or more Proposals.
“Services” refers to professional or managed services provided in tandem with Software and defined in one (or more) Proposals or on-line orders. “Supported Environment” means the minimum hardware, software, and connectivity configuration specified by Anitian in the Documentation as required for use of the Software.
“Platform” means the cloud environments Anitian’s Products create which includes (but is not limited to) system instances, containers, virtual private clouds (VPC), networks, access controls, environment specific configurations, encrypted secrets, passwords, license keys, and user accounts.
“Third Party Products” means software that is included as part of the Software, but does not belong to Anitian. Subscriber’s use of Third Party Products is governed under separate end user license agreements for each Third Party Product.
“Cloud Service Provider” means the cloud provider (e.g. AWS) where the Subscriber will use the Software.
“Managed Services” means the on-going security monitoring and management Services that can be included with the Software. Managed Services are delivered on an on-going basis, rather than a onetime engagement.
“Software Term” the period of time where the Subscriber is subscribed to Software, which may also include managed services.
A.2. Provision of Products
Access. Subject to Subscriber’s payment of the fees in one or more Proposals, Anitian will provide Subscriber access to Products and/or Software. On or as soon as reasonably practicable after the Effective Date, but no later than within three (3) business days, Anitian shall provide to Subscriber the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Subscriber and its Authorized Users to access the Products in accordance with the Access Protocols.
Responsibility for Products and Content Hosting. Subscriber shall, at its own expense, provide for the hosting of the Platform which is accessible as part of the Product. Unless otherwise set forth on a Proposal, Subscriber is responsible for providing and using credentials for all Product components. The Subscriber shall receive a separate bill for charges and fees imposed by the provider of Cloud Service Providers and/or Third Party Products.
Subscriber Credentials. Subscriber may elect to provide Anitian access to keys, credentials, or passwords (“Credentials”) to access Subscriber’s applications and/or technology infrastructure. By providing Anitian any such Credentials, Subscriber authorizes Anitian to use those Credentials and to access Subscriber applications and infrastructure for the purpose of providing Software under this Agreement. Any such access right is at all times subject to and conditioned upon Anitian’s full compliance with Subscriber’s access and security standards and policies, which Subscriber shall provide to Anitian in writing.
Anitian represents and warrants that it follows industry-standard policies and provides Software features and internal practices to protect the security and integrity of Subscriber Data (including without limitation employee data). Anitian will notify Subscriber as soon as possible, to be followed-up in writing, of any actual Security Incident (as defined below) involving such Subscriber Data. The notification provided to Subscriber shall include, if known, and to Anitian’s knowledge as of the time of notice: (i) the general circumstances and extent of any unauthorized access to Subscriber Data or intrusion into the computer systems or facilities on or in which Subscriber Data is maintained; (ii) which categories of Subscriber Data were involved; (iii) the identities of all individuals whose Anitian personal information was affected; and (iv) steps taken to secure the data and preserve information for any necessary investigation. The notification required to be delivered to Subscriber under this Section shall be delivered promptly and in no event later than twenty-four (24) hours after Anitian learns of any such actual Security Incident. Anitian shall not delay its notification to Subscriber for any reason, including, without limitation, investigation purposes. Anitian shall cooperate fully with Subscriber in investigating and responding to each successful or attempted security breach including allowing immediate access to Anitian’ facility by Subscriber’s investigator, to investigate, and obtain copies of data as provided herein.
A Security Incident occurs when Anitian knows or has reason to know that: (A) Anitian has experienced an incident resulting in the unauthorized acquisition or unauthorized use of unencrypted Subscriber Data, or encrypted Subscriber Data and the confidential process or key that is capable of compromising the security, confidentiality or integrity of Subscriber Data that creates a substantial risk of theft or fraud; or (B) Subscriber Data was acquired or used by an unauthorized person or used for an unauthorized purpose. In the event of any Security Incident, Anitian shall fully assist Subscriber to provide notification and take all other reasonable actions that Subscriber, in Subscriber’s discretion, determines necessary to mitigate the effects of such Security Incident or in compliance with applicable law.
Subscriber’s Proprietary Information. Anitian shall (a) safeguard the Subscriber Data and, Subscriber’s Confidential Information, methods, systems, process, materials, business models, campaign configurations, trade secrets and any other information that are collected, stored or resident in the Products, or that can be derived or inferred from the Software or related deliverables (“Subscriber’s Proprietary Information”) and (b) ensure that Subscriber’s Proprietary Information is not combined, associated or kept with any information not authorized by Subscriber.
General Restrictions. Anitian shall only use Subscriber’s Proprietary Information or Subscriber’s Data as set forth in this Agreement, and except as set forth in this Agreement, shall not (and shall not allow any third party to): (a) sell, rent, lease, provide access to or sublicense the Subscriber’s Proprietary Information or Subscriber’s Data to a third party or use the Subscriber’s Proprietary Information or Subscriber’s Data to provide a Product to a third-party (for example, by offering consulting Products to third parties); (b) copy, reverse engineer, decompile, disassemble, modify or create any derivative product from the Subscriber’s Proprietary Information; (c) remove or obscure any product identification, proprietary, copyright or other notices contained in the Subscriber’s Proprietary Information; or (d) incorporate the Subscriber’s Proprietary Information into any other offering.
A.4. Third Party Products
The Software may include third-party software as part of the Product(s). Such Third Party Products are described on Addendum D attached hereto. Third Party Products are licensed as part of the Software. License keys for Third Party Products will be provided to Subscriber within thirty (30) days after the Effective Date of this Agreement.
End user license agreements for each Third Party Product are included with each Third Party Software product. Anitian can also provide copies of all Third Party EULA’s upon request.
If Subscriber does not consent to the terms of any of the Third Party Product end user licensing agreements, it must notify Anitian in writing within 30 days from the Effective Date of this Agreement. Subscriber must delete Third Party Products from the Platform immediately. Anitian is not obligated to assist Subscriber with deleting Third Party Products. Since some Third Party Products are embedded into Anitian’s Products, Anitian cannot guarantee Subscriber will receive a refund for pre-purchased Third Party Products. Anitian will issue a refund or stop any usage billing where possible and applicable.
Your continued use of the Third Party Products after 30 days from the Effective Data indicates your acceptance and agreement to all the terms in all Third Party Product end user license agreements.
A.5. Intellectual Property
License Grant. Subject to the terms and conditions of this Agreement, Anitian grants to Subscriber a non-exclusive, worldwide, non-transferable (except to Subscriber’s affiliates) license during the term, solely for Subscriber’s internal business purposes, (a) to access, use, perform, and digitally display theProduct(s) in accordance with the Documentation; and (b) to use and reproduce a reasonable number of copies of the Documentation solely to support Subscriber’s use of the Products. Anitian Corporation owns all right, title and interest, including without limitation all intellectual property and other rights, in and to the Product(s), Content (except for Subscriber Content, third-party content, Third PartyProducts, if any, therein).
Anitian Product(s) are proprietary Software available on SaaS subscription basis. Use of Software for any purpose not set forth in this Agreement is prohibited. All templates, scripts, code, and other content are the property of Anitian and/or its business partners, affiliates, assigns, licensors or other respective owners. Subscriber shall not decompile, disassemble, or reverse engineer the Software or any elements of the Software, or otherwise derive source or object code from the Software or any elements thereof. After the expiration of evaluation period and upon the first monthly or yearly payment, Anitian will grant to Subscriber a perpetual, non-transferable, (except to Subscriber’s affiliates) non-sub licensable, non-exclusive, paid-up right and license to use, copy, modify and prepare derivative works of the Platform, for purposes of Subscriber’s internal business only.
Limitations. The Software, together with all know-how, processes, methodologies, specifications, designs, inventions, functionality, graphics, user interfaces, techniques, methods, applications, libraries, documentation or other technology and materials of any kind, or any enhancement thereof, used or made available by Anitian to you or any Authorized User in connection with the Software andSupport, constitute or otherwise involve valuable intellectual property rights of Anitian and all right, title and interest in and to the foregoing will, as between the Parties, be owned by Anitian. No title to or ownership of the Software, or any intellectual property rights associated therewith, is transferred under this Agreement and Anitian reserves all rights not otherwise expressly granted herein.
Open Source Software. Certain items of software may be provided to Subscriber with the Software and are subject to “open source” or “free software” licenses (“Open Source Software”). Some of the OpenSource Software is owned by third parties. Anitian represents and warrants that it is in compliance with all licenses to open source software components used in or in connection with the Products and such open source licenses do not in any way restrict or impair Subscriber’s use of the Products in accordance with this Agreement. Instead, each item of Open Source Software is licensed under the terms of the end-user license that accompanies such Open Source Software. If required by any license for particular Open Source Software, Anitian makes such Open Source Software, and Anitian’s modifications to that Open Source Software, available by written request at the notice address specified below.
A.6. Subscriber Data and Responsibility
License; Ownership. Subscriber grants Anitian a nonexclusive, worldwide, royalty-free and fully paid license (a) to use the Subscriber Data solely as necessary for purposes of providing the Products and(b) to use the Subscriber trademarks, Product marks, and logos as required to provide the Products.The Subscriber Data hosted by Anitian as part of the Products, and all worldwide Intellectual Property Rights in it, is the exclusive property of Subscriber. All rights in and to the Subscriber Data not expressly granted to Anitian in this Agreement are reserved by Subscriber.
Authorized Users Access to Products. Subscriber may permit any Authorized Users to access and use the features and functions of the Products as contemplated by this Agreement. User IDs cannot be shared or used by more than one Authorized User at a time. If a Subscriber wishes to add additionalUser IDs, Subscriber may order such additional User IDs at any time by executing a new Proposal detailing the number of additional User IDs. Upon written acceptance by Anitian of the Proposal, Anitian shall make the Software(s) available to the additional Authorized Users. Subscriber shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the Products, and notify Anitian promptly of any such unauthorized use known to Subscriber.
Subscriber Warranty. Subscriber represents and warrants that any Subscriber Content hosted by Anitian as part of the Products shall not knowingly (a) infringe any copyright, trademark, or patent; (b) misappropriate any trade secret; (c) be deceptive, defamatory, obscene, pornographic or unlawful; (d) contain any viruses, worms or other malicious computer programming codes intended to damage Anitian’s system or data; or (e) otherwise violate the rights of a third party. Anitian is not obligated to back up any Subscriber Content; the Subscriber is solely responsible for creating backup copies of any Subscriber Content at Subscriber’s sole cost and expense. Subscriber agrees that any use of theProducts contrary to or in violation of the representations and warranties of Subscriber in this section constitutes unauthorized and improper use of the Products.
Subscriber Responsibility for Data and Security. Subscriber and its Authorized Uses shall have access to the Subscriber Data and shall be responsible for all changes to and/or deletions of Subscriber Data and the security of all passwords and other Access Protocols required in order the access the Products.Subscriber shall have the ability, both during the term and following termination, at no cost to Subscriber, to export Subscriber Data out of the Products and is encouraged to make its own back-ups of the Subscriber Data. Subscriber shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Subscriber Data.
A.7. Warranties and Disclaimers
Limited Warranty. Anitian warrants to Subscriber that the Software will setup the Platform(s) properly.Provided that Subscriber notifies Anitian in writing of any breach of the foregoing warranty during the term hereof, Anitian shall, as Subscriber’s sole and exclusive remedy, provide the support set forth in Addendum B Software Support to this Agreement. This warranty gives Subscriber specific legal rights, and Subscriber may also have other rights which vary from jurisdiction to jurisdiction.
Anitian warrants that during the Subscription Term for the applicable Products, the Products will conform, in all material respects, with their Documentation.
Anitian represents and warrants that it will perform, consistent with industry practice, scans and run other virus and code review processes designed to ensure that the Products will not contain any virus, malware, or any other computer code, files, or programs that are designed or intended to disrupt, damage, or limit the functioning of any software, hardware, or telecommunications equipment or to damage or obtain access to any data or other information of Subscriber or any third party.
Disclaimer. THE CLOUD SERVICE PROVIDER AND THIRD PARTY PRODUCTS ARE NOT ANITIAN PRODUCTS. ANITIAN IS NOT RESPONSIBLE FOR THE CLOUD SERVICE PROVIDER OR THIRD PARTY PRODUCTS, OR FOR ANY ACTS OR OMISSIONS OF THE THIRD-PARTY PROVIDER OF THE CLOUD SERVICE PROVIDER OR THIRD PARTY PRODUCTS. SUBSCRIBER ACKNOWLEDGES THAT THE PROVIDER OF THE CLOUD SERVICE PROVIDER MAY IMPLEMENT PROCEDURES THAT WOULD MAKE IT DIFFICULT OR IMPOSSIBLE TO ACCESS SUBSCRIBER’S DATA OR THE RESOURCES MADE AVAILABLE VIA THE CLOUD SERVICE PROVIDER IN CERTAIN CIRCUMSTANCES (E.G., IN THE CASEOF A VIRUS, DENIAL-OF-SERVICE, OR SIMILAR ATTACK; TRANSMISSION OR STORAGE OF INFRINGING OR ILLEGAL CONTENT; USE FOR BULK EMAIL; USE THAT COULD OR DOES HARM THE THIRD PARTY’S NETWORKS OR SERVERS OR COMPROMISE SECURITY).
Compliance Responsibility. Use of Software shall not in any way constitute a guarantee that Subscriber will be compliant with any regulations or standards including the compliance standard(s) applicable to the Software. Anitian’s Products and the Platforms they build are intended to assist Subscriber in building and maintain a computing environment that meets compliance and security requirements. Subscriber is solely responsible for obtaining necessary certifications or accreditations to meet any compliance or security certifications. Software does not include any automatic or default certifications for any compliance standard or regulation.
Subscriber agrees not to export, reexport, or transfer, directly or indirectly, any U.S. technical data acquired from Anitian, or any products utilizing such data, in violation of the United States export laws or regulations. Subscriber shall not permit Authorized Users to access or use any Products in a U.S. embargoed country (currently Cuba, Iran, North Korea, Sudan, Syria or Crimea) or in violation of any U.S. export law or regulation.
Severability. If any provision of this Agreement is, for any reason, held to be invalid or unenforceable, the other provisions of this Agreement will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Without limiting the generality of the foregoing, Subscriber agrees that the section titledLimitation of Liability will remain in effect notwithstanding the unenforceability of any provision in the subsection titled Limited Warranty.
Waiver. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.