This End User Agreement (“Agreement”) is made and entered into by and between Kenna Security, Inc. (“Kenna”) and Customer (as defined in the applicable Order Form), effective as of the date of the Order Form (“Effective Date”). This Agreement, together with the Order Form (which is incorporated herein), governs Customer’s access to and use of the Kenna Service (as defined below).
1. SERVICE AND SUPPORT
1.1 Subject to the terms and conditions of this Agreement, Kenna will provide Customer with online access to the Kenna vulnerability threat management platform, including any updates, upgrades, and enhancements thereto (the “Service”). The Service is subject to modification from time to time at Kenna’s sole discretion for any purpose deemed appropriate by Kenna. Kenna will use reasonable efforts to give Customer prior written notice of any such modification that will have a substantive impact on Customer’s use of the Service.
The Service is designed to be available twenty-four (24) hours a day, seven (7) days a week, except for scheduled or emergency maintenance.
2. RESTRICTIONS AND RESPONSIBILITIES
2.1 Access to the Service may require the Customer to install certain software. Customer will not, and will not permit any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Service or any software, documentation or data related to the Service (“Software”) (provided that reverse engineering is prohibited only to the extent such prohibition is not contrary to applicable law); modify, translate, or create derivative works based on the Service or Software; use the Service or Software for timesharing or service bureau purposes or for any purpose other than its own use for its own internal business practices; or use the Service or Software other than in accordance with this Agreement and in compliance with all applicable laws and regulations.
2.2 Customer will cooperate with Kenna in connection with the performance of this Agreement by making available such personnel and information as may be reasonably required and taking such other actions as Kenna may reasonably request. Customer will also cooperate with Kenna in establishing a password or other procedures for verifying that only designated employees of Customer have access to any administrative functions of the Service.
2.3 Customer will designate an employee who will be responsible for all matters relating to this Agreement (“Primary Contact”). Customer may change the individual designated as Primary Contact at any time by providing written notice to Kenna.
2.4 Customer agrees that Kenna is permitted to disclose, including, without limitation, through display of Customer’s name or logo, that Customer is one of its customers to any third party at its sole discretion (including without limitation in its publicity and marketing materials); provided, however, that Customer may revoke such permission at any time upon written notice to Kenna.
2.5 Kenna will use commercially reasonable security measures to protect Customer data against unauthorized disclosure or use. Information on Kenna’s security protocols are available on Kenna’s website.
2.6 Customer will be responsible for maintaining the security of Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer account with or without Customer’s knowledge or consent.
3.1 Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose information relating to the Disclosing Party’s technology or business (hereinafter referred to as “Confidential Information” of the Disclosing Party). For clarity, Confidential Information will include any personal information entered by Customer representatives.
3.2 The Receiving Party agrees: (i) not to divulge to any third person any Confidential Information except as provided herein, (ii) to give access to Confidential Information solely to those employees and third party contractors with a need to have access thereto for purposes of this Agreement and who are subject to confidentiality obligations at least as stringent as those in this Section 3, and (iii) to take the same security precautions to protect against disclosure or unauthorized use of Confidential Information that the party takes with its own proprietary information, but in no event will a party apply less than reasonable precautions to protect Confidential Information. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it by a third party without obligations of confidentiality, or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing Confidential Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. In any event, Kenna may collect data with respect to and report on the aggregate response rate and other aggregate measures of the Service’s performance.
3.3 Notwithstanding the foregoing, Kenna may use and disclose in its discretion any information collected from Customer in the course of this Agreement that Kenna aggregates and/or anonymizes such that the information does not identify Customer.
4. INTELLECTUAL PROPERTY RIGHTS
Except as expressly set forth herein, Kenna (and its licensors, where applicable) will retain all intellectual property rights relating to the Service or the Software. Customer grants to Kenna a license to use without restriction, attribution or compensation any suggestions, ideas, enhancement requests, feedback or recommendations provided by Customer relating to the Service and/or the Software. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Service or Software or any intellectual property rights.
5. PAYMENT OF FEES
5.1 The Service is provided on a subscription basis. The term of Customer’s subscription (“Subscription Term”) is set forth in the applicable quote or order form agreed to at the time of registration (“Order Form”). Subscription fees for each Subscription Term (“Subscription Fees”) must be paid in full on or before the due date specified in the Order Form. Customer shall pay all such Subscription Fees via the payment method set forth in the applicable Order Form. If Customer imports more assets into the Service than specified in the applicable Order Form during any fiscal quarter, Kenna will invoice Customer at the end of such fiscal quarter for such additional assets at the per-asset fee indicated in the Order Form, and Customer agrees to pay such invoice.
5.2 Unpaid Subscription Fees are subject to a finance charge of one percent (1.0%) per month, or the maximum permitted by law, whichever is lower, plus all expenses of collection, including reasonable attorneys’ fees. Subscription Fees are exclusive of all taxes, including national, state or provincial and local use, sales, value-added, property and similar taxes, if any. Customer agrees to pay such taxes unless Customer has provided Kenna with a valid exemption certificate. In the case of any withholding requirements, Customer will pay any required withholding itself and will not reduce the amount paid to Customer on account thereof.
6. TERM AND TERMINATION
6.1 Subject to earlier termination as provided below, this Agreement is for the Subscription Term specified in the Order Form. Unless otherwise agreed in the Order Form, this Agreement shall automatically renew for additional successive one (1) year terms unless (i) either party gives the other party written notice of non-renewal at least thirty (30) days prior to the end of the then-current Subscription Term or (ii) earlier terminated pursuant to Section 6.2.
6.2 Customer may terminate this Agreement upon thirty (30) days’ written notice to Kenna for Kenna’s material breach that remains uncured at the end of such notice period. Kenna may suspend the Service immediately upon written notice to Customer if Customer breaches any of the terms or conditions of this Agreement, or may terminate this Agreement upon thirty (30) days’ written notice to Customer for Customer’s material breach that remains uncured at the end of such notice period. Upon expiration or termination of this Agreement, Customer’s right to use the Service will immediately cease, provided that with respect to data downloaded from the Service in accordance with its functionality and the terms of this Agreement prior to termination, Customer may continue to use such data solely for its own internal business purposes.
6.3 All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, restrictions, accrued rights to payment, confidentiality obligations, intellectual property rights, warranty disclaimers, and limitations of liability.
7. LIMITED WARRANTY
7.1 Kenna represents and warrants that it will provide the Service using commercially reasonable care and skill in accordance with generally recognized industry standards for similar services.
7.2 EXCEPT FOR THE WARRANTIES OF SECTION 7.1, THE SERVICE IS PROVIDED “AS-IS,” WITHOUT WARRANTIES OF ANY KIND. KENNA (AND ITS AGENTS, AFFILIATES AND SUPPLIERS) HEREBY DISCLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT.
8.1 Kenna hereby agrees to defend Customer against any third party claim that the Service infringes any patent, trademark or copyright of such third party, or misappropriates a trade secret (but only to the extent that the misappropriation is not a result of Customer actions) and indemnify Customer from the resulting costs and damages finally awarded against Customer to such third party by a court of competent jurisdiction or agreed to in settlement.
Remedies. If the alleged infringing Service becomes, or in Kenna’s opinion is likely to become, the subject of an infringement claim, Kenna will, at Kenna’s option and expense, do one of the following: (a) procure the rights necessary for Customer to make continued use of the affected Service; (b) replace or modify the affected Service to make it non-infringing; or (c) terminate the affected Service and discontinue the related support services, and, refund any pre-paid service fee attributable to the remainder of the term. Nothing in this section shall limit Kenna’s obligation under Section 8.1 to defend and indemnify Customer.
Exclusions. Notwithstanding the foregoing, Kenna will have no obligation under this Section 8.1 or otherwise with respect to any claim based on: (a) a combination of the Service with non-Kenna hardware, software or service; (b) use for a purpose or in a manner for which the Service was not designed; (c) any modification to the Service made without Kenna’s express written approval; (d) any Service provided on a no charge, beta or evaluation basis. THIS SECTION 8.1 (INDEMNIFICATION) STATES YOUR SOLE AND EXCLUSIVE REMEDY AND KENNA’S ENTIRE LIABILITY FOR ANY INFRINGEMENT CLAIMS OR ACTIONS.
8.2 Customer hereby agrees to defend Kenna against any third party claim relating to Customer’s violation of this Agreement and indemnify Customer from the resulting costs and damages finally awarded against Customer to such third party by a court of competent jurisdiction or agreed to in settlement.
8.3 The indemnified party under this Section 8 must (i) promptly notify the indemnifying party of the third party claim, (ii) supply any information reasonably requested by the indemnifying party, and (iii) allow the indemnifying party to control, and reasonably cooperate in, the defense and settlement of the claim.
9. LIMITATION OF LIABILITY
IN NO EVENT WILL EITHER PARTY (OR ANY OF ITS AGENTS, AFFILIATES, LICENSORS OR SUPPLIERS) BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICE, THE INABILITY TO USE THE SERVICE, OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, LOSS OF REVENUE OR ANTICIPATED PROFITS, LOST BUSINESS OR LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EXCLUDING CLAIMS UNDER SECTION 3 (CONFIDENTIALITY) AND SECTION 8 (INDEMNIFICATION), THE TOTAL LIABILITY OF EACH PARTY TO THE OTHER PARTY, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, WILL NOT EXCEED THE FEES PAID OR PAYABLE TO KENNA HEREUNDER IN THE TWELVE-MONTH PERIOD ENDING ON THE DATE THAT A CLAIM OR DEMAND IS FIRST ASSERTED. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
10. U.S. GOVERNMENT MATTERS
Notwithstanding anything else, Customer may not provide to any person or export or re-export or allow the export or re-export of the Service or any software or anything related thereto or any direct product thereof (collectively “Controlled Subject Matter”), in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Without limiting the foregoing Customer acknowledges and agrees that the Controlled Subject Matter will not be used or transferred or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. Use of the Service is representation and warranty that the user is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Controlled Subject Matter may use or include encryption technology that is subject to licensing requirements under the U.S. Export Administration Regulations. As defined in FAR section 2.101, any software and documentation provided by Kenna are “commercial items” and according to DFAR section 252.2277014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Service Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.
If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable by either party, except that (i) Customer may, upon written notice to Kenna, assign this Agreement to an affiliate, and (ii) either party may, upon written notice to the other party, assign this Agreement to a purchaser of all or substantially all of its stock or assets or to an entity into which the party is merged. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Kenna in any respect whatsoever. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Kenna will not be liable for any loss resulting from a cause over which it does not have direct control. This Agreement will be governed by the laws of the State of California without regard to its conflict of laws provisions. The federal and state courts sitting in San Francisco County, California will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement, provided that either party may seek injunctive relief in any court of competent jurisdiction.