Enterprise Customer Terms of Service
If you are an enterprise customer, these terms (the “Agreement”) govern your use of our products and services. They apply unless you have a separate written agreement with SpyCloud.
1. DEFINITIONS
(a) “Credentials” means any user accounts, passwords and other authentication credentials associated with use of the Service by Customer or End Users.
(b) “Customer Facilities” means Credentials and any account, hardware, system or other facility within Customer’s custody or control.
(c) “Data Subjects” mean any: (i) employees of Customer; (ii) users who sign up for user accounts to purchase or use Customer’s products or services; or (iii) users who provide personal information to Customer as part of the process for using or purchasing Customer’s products or services.
(d) “Emergency Security Issue” means any: (i) use of the Service by Customer or End Users in violation of the terms and conditions of this Agreement that disrupts or is reasonably likely to disrupt the availability of the Service to other users; or (ii) access to the Service by any unauthorized third party through use of any Customer Facilities.
(e) “End Users” means employees and contractors of Customer and its affiliates.
(f) “Intellectual Property” means all rights associated with patents and inventions; copyrights, mask works and other works of authorship (including moral rights); trademarks, service marks, trade dress, trade names, logos and other source identifiers; trade secrets; software, databases and data; and all other intellectual property and industrial designs.
(g) “Service” means SpyCloud’s proprietary online service (as may be updated from time to time) for detecting potential breaches of data security through monitoring of activities occurring online.
2. GRANT OF RIGHTS AND RESTRICTIONS
(a) Grant of Rights. During the term of this Agreement and subject to Customer’s compliance in all material respects with the terms and conditions of this Agreement (including any limitations on use set forth in the Order Form), and the terms outlined in the Data Processing Addendum available at https://spycloud.com/legal/dpa/ (“DPA”), SpyCloud hereby grants Customer a limited, non-exclusive, non-sublicensable right to access and use the Service only in the form made available by SpyCloud and only as necessary for End Users to monitor or investigate potential breaches of data security involving Customer or Data Subjects. SpyCloud may provide the Service through access to: (1) an application programming interface that allows End Users to run queries through the Service for information relevant to Data Subjects (“API”); or (ii) raw data files, supplemented by daily diff files (“Data Files”). All rights granted to Customer may only be exercised by Customer for Customer’s internal business purposes and in accordance with the license granted herein.
(b) Restrictions. Except as expressly permitted under this Agreement, Customer shall not itself, nor shall it permit any other party to: (i) reproduce, modify, translate, adapt or create derivative works based upon the Service; (ii) reverse engineer, decode, decompile, disassemble or otherwise attempt to access or derive the source code or architectural framework of the Service; (iii) access the Service for purposes of benchmarking or developing, marketing, selling or distributing any product or service that competes with or includes features substantially similar to the Service; (iv) rent, lease, lend, sell or sublicense the Service or otherwise provide access to the Service to any third party who is not an End User or as part of a service bureau or similar fee-for-service purpose; or (v) use the Service in any way that does not comply with all applicable laws and regulations.
(c) Changes. Customer acknowledges and agrees that SpyCloud may improve, modify, add or remove functions or features to or from the Service from time to time, with or without notice to Customer.
3. CUSTOMER RESPONSIBILITIES
(a) Technical Requirements. Customer and End Users shall be solely responsible for obtaining, configuring and maintaining any hardware, network connectivity and third-party software required to access the Service, including computers, operating systems, web browsers and storage devices.
(b) Protection. Customer shall be solely responsible for protecting the confidentiality of Credentials and all activities undertaken using Customer Facilities. In the event that Customer becomes aware of any unauthorized access to or use of the Service through use of Customer Facilities, Customer shall immediately give written notice to SpyCloud of such unauthorized use and make reasonable efforts to eliminate it. Customer shall at all times implement appropriate security policies and procedures and access control methodologies to safeguard access to the Service through Customer Facilities. All such measures shall comply with prevailing industry standards but in no case consist of less than reasonable care.
(c) Policies. In addition to the terms and conditions of this Agreement, access to and use of the Service shall comply with and be subject to any terms of service, acceptable use policy, privacy policy, end user license agreement and other guidelines instituted by SpyCloud or its licensors or service providers (collectively, “Policies”).
4. FEES AND TAXES
(a) Fees. Customer shall pay SpyCloud all undisputed amounts due under the applicable Order Form pursuant to the payment terms therein. Customer is responsible for providing complete and accurate billing information to SpyCloud, including the purchase order number at the time of purchase if Customer requires one. Any payment not received from Customer when due shall incur interest at the rate of one and a half percent (1.5%) per month or the maximum rate permitted by law, whichever is less. Customer shall bear all costs of collection for unpaid Fees. If Customer requires SpyCloud to submit invoices through a portal that imposes an administrative fee, Customer shall provide the correct instructions for SpyCloud to access the portal and reimburse SpyCloud for such fees. Customer shall provide the correct billing contact information. The invoice due date is governed by the invoice issuance date, not the date of Customer receipt of the invoice or any portal submission date.
(b) Taxes. Any and all amounts payable hereunder by Customer are exclusive of any value added, sales, use, excise or other similar taxes (collectively, “Taxes”). Customer shall be solely responsible for paying all applicable Taxes. If SpyCloud has the legal obligation to collect any Taxes, Customer shall reimburse SpyCloud upon invoice by SpyCloud. If Customer is required by law to withhold any taxes from its payments to SpyCloud, Customer shall provide SpyCloud with an official tax receipt or other appropriate documentation to support such payments and take reasonable steps to minimize such payment.
5. INTELLECTUAL PROPERTY
(a) Responsibility for Data. All information, data, and other materials accessible through the Service (“Data”) are the sole responsibility of the party from whom such materials originated. Customer acknowledges and agrees that: (i) the Service may provide access to or rely on Data from third parties, and such third parties, and not SpyCloud, are entirely responsible for such Data; (ii) Customer and End Users, and not SpyCloud, are entirely responsible for all Data that Customer and End Users submit, upload, email, transmit or otherwise make available through the Service (“Customer Data”); and (iii) Customer and End Users are solely responsible for giving all required notices and obtaining all necessary consents (including all required permissions from Intellectual Property holders) before submitting Customer Data through or to the Service. Customer and End Users shall not submit, upload, email, transmit or otherwise make available through the Service any Data not owned or managed by Customer or End Users.
(b) SpyCloud Ownership. Customer acknowledges and agrees that, as between SpyCloud and Customer, SpyCloud owns all right, title and interest (including all Intellectual Property) in and to Service, including the API and Data Files.
(c) Customer Ownership. SpyCloud acknowledges and agrees that, as between Customer and SpyCloud, Customer owns all right, title and interest (including all Intellectual Property) in and to Customer Data. Customer hereby grants SpyCloud and its service providers a worldwide, royalty-free, non-exclusive license to use, process, transmit and reproduce Customer Data as necessary for SpyCloud to provide the Service to Customer and End Users.
(d) Suggestions. If Customer or End Users elect to provide or make available to SpyCloud any suggestions, comments, ideas, improvements or other feedback relating to the Service (“Suggestions”), SpyCloud shall be free to use, disclose, reproduce, have made, modify, license, transfer and otherwise utilize and distribute Suggestions in any manner, without credit or compensation to Customer or End Users.
(e) Intellectual Property Notices. Customer shall not remove, obscure or modify in any way any copyright or trademark notices or other notices or disclaimers that appear within the Service.
(f) Reservation of Rights. Each of the parties reserves all rights not expressly granted under this Agreement.
6. TERM, SUSPENSION AND TERMINATION
(a) Term. The term for this Agreement shall commence on the Effective Date and end on the earlier date of: (i) the expiration or termination of all applicable Order Forms under this Agreement; or (ii) termination of this Agreement under Section 6(c).
(b) Renewal. Any Order Forms under this Agreement shall commence on the Effective Date and continue in effect until the End Date (the “Initial Term”), each as specified in the Order Form. Unless otherwise stated in the applicable Order Form, or unless either party has given the other party written notice of non-renewal at least thirty (30) days prior to the end of the then-current Term, Customer agrees that this Agreement and any applicable Order Form will automatically renew at the end of the then-current Term for a renewal period equal to the then-current Term (“Renewal Term”), at SpyCloud’s then-current rate. SpyCloud reserves the right to change prices for the Service for any upcoming Renewal Term by providing notice of such change within the Service or via email to Customer at least sixty (60) days before the commencement of the applicable Renewal Term.
(c) Suspension. SpyCloud reserves the right to suspend Customer or any End User’s access to the Service in the following scenarios: (i) in the event that Customer fails to fulfill its payment obligations in Section 4(a) for thirty (30) days; (ii) in the event of an Emergency Security Issue; (iii) if Customer’s usage of the Service exceeds any limits set forth in any Order Form; or (iv) if Customer or any End User violates a Policy. SpyCloud will make commercially reasonable efforts to limit suspension to the minimum extent and duration necessary to eliminate the issue
(d) Termination. Notwithstanding anything to the contrary, this Agreement may be terminated as follows: (i) by the non-breaching party upon a material breach of this Agreement by the other party, which breach is not cured within thirty (30) days after receipt of written notice from the non-breaching party; or (ii) by either party in the event the other party becomes insolvent or bankrupt; becomes the subject of any proceedings under bankruptcy, insolvency or debtor’s relief law; has a receiver or manager appointed; makes an assignment for the benefit of creditors; or takes the benefit of any applicable law or statute in force for the winding up or liquidation of such party’s business; or (iv) by SpyCloud if Customer fails to remedy a suspension event pursuant to Section 6(c) within fifteen (15) days.
(e) Events Upon Termination. Upon termination of this Agreement for any reason: (i) all rights granted by the parties under this Agreement shall immediately terminate; (ii) Customer shall immediately cease all use of the Service; and (iii) each party shall immediately cease all use of the other party’s Confidential Information (as defined in Section 9(a)) and return or destroy all copies of such Confidential Information that are within its custody or control. Without limiting the generality of this Section 6(d), in the event that Customer has received any Data Files, Customer shall, upon termination of this Agreement for any reason: (1) cease use of and delete all copies of Data Files within Customer’s custody or control; and (2) provide SpyCloud with a written certification signed by an officer of Company attesting to Customer’s compliance. Notwithstanding the foregoing, each party shall be permitted to retain one copy of the other party’s Confidential Information solely for archival, audit, disaster recovery, legal and/or regulatory purposes, and neither party will be required to search archived electronic back-up files of its computer systems for the other party’s Confidential Information in order to purge the other party’s Confidential Information from its archived files; provided further, that any Confidential Information so retained will (A) remain subject to the obligations and restrictions contained in this Agreement, (B) will be maintained in accordance with the retaining party’s document retention policies and procedures, and (C) the retaining party will not use the retained Confidential Information for any other purpose.
(f) Survival. Any provision that, by its terms, is intended to survive the expiration or termination of this Agreement shall survive such expiration or termination, including Sections: 2(b) {Restrictions}; 4 {Fees and Taxes}; 5 {Intellectual Property}; 6(d) {Events Upon Termination}; 6(e) {Survival}; 7 {Representations and Warranties}; 8 {Indemnification}; 9 {Confidential Information}; 10 {Disclaimer of Warranties}; 11 {Limitation of Liability}; and 12 {Miscellaneous}.
7. REPRESENTATIONS AND WARRANTIES
SpyCloud and Customer each represents and warrants to the other that: (a) it has the necessary power and authority to enter into this Agreement; (b) the execution and performance of this Agreement have been authorized by all necessary corporate or institutional action; (c) entry into and performance of this Agreement will not conflict with any provision of law or the certificate of incorporation, bylaws or comparable organizational documents of such party; (d) no action by any governmental organization is necessary to make this Agreement valid and binding upon such party; and (e) it possesses all governmental licenses and approvals necessary to perform its obligations under this Agreement.
8. INDEMNIFICATION
(a) SpyCloud Indemnification. SpyCloud agrees that Customer shall have no liability and SpyCloud shall indemnify, defend and hold Customer harmless against any loss, damage, cost, liability and expense (including reasonable attorneys’ fees) finally awarded by a court of competent jurisdiction or paid in settlement to the extent arising from any action or claim of a third party (collectively, “Losses”) asserting that Customer or End Users’ use of the Service infringes the Intellectual Property of such third party; provided, however, that SpyCloud shall have no obligation to indemnify Customer from any Losses to the extent they arise from: (i) use of the Service in any manner that does not comply in all material respects with the terms and conditions of this Agreement or any Policies or applicable laws or regulations; (ii) use of the Service in combination with any hardware or software not provided or approved by SpyCloud; (iii) modifications to the Service not made or authorized by SpyCloud; or (iv) any Customer Data (Sections 8(a)(i) through 8(a)(iv), collectively, “Customer Acts”). In the event that any part of the Service becomes the subject of a Loss or SpyCloud reasonably determines that any part of the Service is likely to become the subject of a Loss, SpyCloud may, at its sole discretion: (1) procure for Customer a license as necessary for Customer to exercise the rights granted by SpyCloud under this Agreement; (2) modify or replace the Service to avoid infringement, provided, however, that the Service as modified or replaced retains materially the same or better features and functionality; or (3) terminate this Agreement and provide a pro rata refund of the fees paid by Customer to SpyCloud for the unused portion of the Initial Term or Renewal Term, as applicable.
(b) Customer Indemnification. Customer agrees that SpyCloud shall have no liability and Customer shall indemnify, defend and hold SpyCloud harmless against any Loss to the extent arising from: (i) Customer Acts or Customer’s breach of Sections 2(b), 3, 5 or 9; (ii) any dispute between Customer and Data Subjects; and (iii) any violation of applicable laws or regulations by Customer or End Users. If Customer is U.S. Government Customer (as defined in Section 12), Customer’s indemnification obligations under this section will only apply to the extent permitted by applicable law.
(c) Procedure. The indemnified party shall: (i) give the indemnifying party prompt written notice of any Loss or threat of Loss; provided, however, that failure of the indemnified party to give such prompt written notice shall not relieve the indemnifying party of any obligation to indemnify pursuant to this Section 8, except to the extent the indemnifying party has been prejudiced thereby; (ii) cooperate fully with the indemnifying party, at the indemnifying party’s expense, in the defense or settlement of any Loss or threat of Loss; and (iii) give the indemnifying party sole and complete control over the defense or settlement of any Loss or threat of Loss; provided, however, that any settlement must include a complete release of the indemnified party without requiring the indemnified party to make any payment or bear any obligation.
9. CONFIDENTIAL INFORMATION
(a) Definition. “Confidential Information” means information identified in good faith by either party as being confidential or proprietary, or information that, under the circumstances, should reasonably be understood to be confidential or proprietary. Confidential Information shall include, but not be limited to, the terms and conditions of this Agreement, the source code and architectural framework of the Service, API specifications, and Data Files, information relating to future releases of the Service, information available via the Service, and pricing information and business plans provided by either party.
(b) Non-Disclosure. Each party agrees that it will use the Confidential Information provided by the other party only as necessary to exercise its rights and discharge its obligations under this Agreement and for no other purpose without the prior written consent of the disclosing party. Neither party shall disclose to a third party Confidential Information of the other party. To maintain in confidence the Confidential Information of the disclosing party, the receiving party shall use the same degree of care as it uses to protect the confidentiality of its own Confidential Information of like nature, but no less than a reasonable degree of care. The foregoing obligations shall not apply to any Confidential Information that: (i) can be demonstrated to have been publicly known at the time of the disclosing party’s disclosure of such Confidential Information to the receiving party; (ii) becomes part of the public domain or publicly known, by publication or otherwise, not due to any unauthorized act or omission by the receiving party; (iii) can be demonstrated to have been independently developed or acquired by the receiving party without reference to or reliance upon such Confidential Information; (iv) is provided to the receiving party by a third party who is under no obligation to the disclosing party to keep the information confidential; or (v) is required to be disclosed by law; provided, however, that the receiving party shall take reasonable actions to minimize such disclosure and promptly notify the disclosing party, to the extent permitted by law, so that the disclosing party may take lawful actions to avoid or minimize such disclosure. Notwithstanding anything to the contrary, SpyCloud shall be permitted to identify Customer as a SpyCloud customer.
10. DISCLAIMER OF WARRANTIES
ALL PRODUCTS AND SERVICES PROVIDED UNDER THIS AGREEMENT ARE PROVIDED “AS IS,” “AS AVAILABLE” AND “WITH ALL FAULTS.” EACH PARTY, TO THE MAXIMUM EXTENT PERMITTED BY LAW, EXPRESSLY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS (EXCEPT AS SET FORTH IN SECTION 7), EXPRESS OR IMPLIED, INCLUDING: (A) THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE; AND (B) ANY WARRANTY WITH RESPECT TO THE QUALITY, ACCURACY, CURRENCY OR COMPLETENESS OF THE PRODUCTS AND SERVICES PROVIDED UNDER THIS AGREEMENT, OR THAT USE OF SUCH PRODUCTS AND SERVICES WILL BE ERROR-FREE, UNINTERRUPTED, FREE FROM OTHER FAILURES OR WILL MEET CUSTOMER OR END USERS’ REQUIREMENTS.
11. LIMITATION OF LIABILITY
OTHER THAN WITH RESPECT TO A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 8 OR BREACH OF SECTION 2(b) OR 9: (A) IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, OR LOST PROFITS OR COST OF COVER, INCLUDING DAMAGES ARISING FROM ANY TYPE OR MANNER OF COMMERCIAL, BUSINESS OR FINANCIAL LOSS OCCASIONED BY OR RESULTING FROM ANY USE OF OR INABILITY TO USE THE PRODUCTS AND SERVICES PROVIDED UNDER THIS AGREEMENT, SUCH AS ANY MALFUNCTION, DEFECT OR FAILURE OF THE SERVICE OR ITS DELIVERY VIA THE INTERNET, EVEN IF SUCH PARTY HAD ACTUAL OR CONSTRUCTIVE KNOWLEDGE OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE; AND (B) IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE AMOUNT OF FEES RECEIVED BY SPYCLOUD FROM CUSTOMER UNDER THIS AGREEMENT IN THE TWELVE (12)-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE ON WHICH THE EVENTS GIVING RISE TO LIABILITY AROSE.
12. U.S. GOVERNMENT MATTERS
(a) Each party represents that it is not named on any United States government list of persons or entities restricted from doing business with any United States company. Customer shall not directly or indirectly access or use the Service in violation of any United States or international export embargo, prohibition or restriction.
(b) If Customer is a U.S. federal government department or agency (“U.S. Government Customers”), the Service is a “Commercial Item” as that term is defined at 48 C.F.R. §2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation”, as those terms are used in 48 C.F.R. §12.212 or 48 C.F.R. §227.7202. All U.S. Government Customers acquire subscriptions to the Service only as a “Commercial item” and only with those rights that are granted to all other end users pursuant to the terms and conditions of this Agreement, consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.72021 through 227.72024. U.S. Government Customers may only use the Service for a governmental-related purpose.
13. Miscellaneous
(a) Independent Contractors. The relationship between SpyCloud and Customer established by this Agreement is solely that of independent contractors. Neither party is in any way the partner or agent of the other, nor is either party authorized or empowered to create or assume any obligation of any kind, implied or expressed, on behalf of the other party, without the express prior written consent of such other party.
(b) Notice. All notices, demands, and other communications under this Agreement must be in writing and will be considered given upon: (i) delivery by traceable courier or mail (delivery confirmation/return receipt requested); or (ii) the first business day after sending by email. Notices to SpyCloud should be sent to legal@spycloud.com or to SpyCloud’s Legal Department at the address specified above. Billing notices and notices relating to this Agreement will be sent to the contacts designated by Customer on the Order Form.
(c) Assignment. Customer may not assign this Agreement, or sublicense, assign or delegate any right or obligation hereunder, by operation of law or otherwise without the prior written consent of SpyCloud which will not be unreasonably withheld. This Agreement shall be binding upon and inure to the benefit of the parties hereto and their respective successors and permitted assigns.
(d) Interpretation. For the purposes of this Agreement: (i) the words “such as,” “include,” “includes” and “including” shall be deemed to be followed by the words “without limitation;” (ii) the word “or” is not exclusive; and (iii) the words “herein,” “hereof,” “hereby,” “hereto” and “hereunder” refer to this Agreement as a whole. This Agreement shall be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted.
(e) Entire Agreement. This Agreement contains the entire agreement of the parties with respect to the subject matter hereof and supersedes all previous or contemporaneous oral or written negotiations or agreements with respect to such subject matter. In the event of any conflict between this Agreement and any Policy, the terms and conditions of this Agreement shall take precedence.
(f) Amendment. This Agreement may not be amended except in a writing executed by an authorized representative of each party. No terms in Customer’s purchase order or other order documents (excluding Order Forms) will be incorporated into this Agreement, regardless of any terms to the contrary, and SpyCloud expressly rejects all such terms.
(g) Severability. If any provision of this Agreement shall be held to be invalid or unenforceable under applicable law, then such provision shall be construed, limited, modified or, if necessary, severed to the extent necessary to eliminate its invalidity or unenforceability, without in any way affecting the remaining parts of this Agreement.
(h) Dispute Resolution; Governing Law. The parties shall use good faith, reasonable efforts to resolve any dispute before initiating legal action. The laws of the State of Delaware, excluding choice of law principles, govern this Agreement.
(i) Contract for Services. This Agreement is a contract for the provision of services and not a contract for the sale of goods. The provisions of the Uniform Commercial Code (UCC), the Uniform Computer Information Transaction Act (UCITA), or any substantially similar legislation as may be enacted, shall not apply to this Agreement. If Customer is located outside of the territory of the United States, the parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not govern this Agreement or the rights and obligations of the parties under this Agreement.
(j) Jurisdiction. The parties agree that any action, proceeding, controversy or claim between them arising out of or relating to this Agreement (collectively, an “Action”) shall be brought only in a court of competent jurisdiction in Wilmington, Delaware. Each Party hereby submits to the personal jurisdiction and venue of such courts and waives any objection on the grounds of venue, forum non-conveniens or any similar grounds with respect to any Action.
(k) No Waiver. The failure of either party to require strict performance by the other party of any provision hereof shall not affect the full right to require such performance at any time thereafter, nor shall the waiver by either party of a breach of any provision hereof be taken or held to be a waiver of the provision itself. Any waiver of the provisions of this Agreement, or of any breach or default hereunder, must be set forth in a written instrument signed by the party against which such waiver is to be enforced.
(l) Force Majeure. Neither party will be responsible for failure or delay of performance if caused by an event outside the reasonable control of the obligated party, including but not limited to an electrical, internet, or telecommunication change or outage not caused by the obligated party; government restrictions; or illegal acts of third parties. Each party will use reasonable efforts to mitigate the effect of a force majeure event.
(m) Use of Logo. During the term of this Agreement, SpyCloud may use Customer’s name and logo on SpyCloud’s website and marketing materials solely for the purpose of identifying Customer as a SpyCloud customer. Any such use of Customer’s name and logo shall comply with any usage guidelines provided by Customer.
(n) Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same agreement.