Subscription Services Agreement

IMPORTANT – CAREFULLY READ ALL THE TERMS AND CONDITIONS OF THIS SUBSCRIPTION SERVICES AGREEMENT (“SSA”) TO RECEIVE ANY OR ALL OF THE SUBSCRIPTION SERVICES FROM VENDOR.

BY SIGNING AN ORDER FORM INCORPORATING THIS AGREEMENT, OR USING THE SOFTWARE AS AN AUTHORIZED REPRESENTATIVE OF YOUR COMPANY NAMED ON THE APPLICABLE ORDER FORM ON WHOSE BEHALF YOU USE THE SOFTWARE, YOU ARE INDICATING THAT YOU HAVE READ, UNDERSTOOD, AND ACCEPT THIS AGREEMENT . IF YOU DO NOT AGREE WITH ALL OF THE TERMS OF THIS AGREEMENT, DO NOT USE THE SOFTWARE. THE EFFECTIVE DATE OF THIS AGREEMENT SHALL BE THE DATE THAT YOU SIGN AN ORDER FORM WITH EITHER MEND OR INVICTI OR OTHERWISE ACCEPT THIS AGREEMENT AS SET FORTH ABOVE.

1. Definitions. Capitalized terms used in this SSA shall have the meaning given to them in Schedule 1: Definitions, attached hereto.

2. ORDERS.

2.1. Formation. This SSA governs the overall relationship of the parties in relation to Customer’s use of the Subscription Services. Customer is not permitted to use the Subscription Services until it has recorded its consent to this SSA via an Order Form. Each executed Order Form creates a separate Agreement between  Vendor and Customer.

2.2. Informal. Provision of the Subscription Services, Support, or any other products or services provided by either Vendor or its Affiliate to Customer or its Affiliates is governed by this SSA unless otherwise expressly and conspicuously agreed in writing by the parties. The pre-printed terms of Customer’s purchase order or other business form or terms that Customer provides will be considered only for invoicing purposes, and any terms contained therein shall be void and have no force or effect.

2.3. Affiliate Orders. If an Order Form incorporating this SSA is executed by a party Affiliate, the terms “Customer” and “Vendor”, as used in this SSA, shall be read to mean (respectively) the applicable Customer Affiliate and/or Vendor Affiliate that executed the applicable Order Form.

(A) access and use the Subscription Services, solely throughout the Subscription Term; and

(B) reproduce and use a reasonable number of copies of the Documentation for use with the Subscription Services.

3. Subscription Services.

3.1.  License Grant.  Subject to Customer’s compliance with the terms and conditions of the Agreement, including payment of all applicable fees, Vendor hereby grant to Customer for its internal business purposes a limited, non-sublicensable, nonexclusive, non-transferable, worldwide license, solely during the Subscription Term or Trial Period, as applicable and as set forth in the Order Form, to:

3.2. Beta Features.

(A) Beta Features. Beta Features are subject to the Beta Terms. Either Vendor may, in its sole discretion: (i) cease providing Beta Features at any time; or (ii) cease providing Beta Features free of charge and require Customer to purchase such features for continued use as part of the Subscription Services. Customer will not attempt to circumvent, dismantle, or otherwise interfere with any time-control disabling functionality in any Beta Feature that causes the Beta Feature to cease functioning.  “Beta Feature(s)” means any Software feature that is identified by Vendor, including via the applicable Software user interface or via other communications to Customer, as “Beta”, “Alpha”, “Experimental”, “Limited Release” or “Pre-Release” or that is otherwise identified by Vendor as unsupported.

3.3. Support.  Vendor, either directly or through Mend, when Vendor is Invicti, or Invicti, when Vendor is Mend, will provide Customer with Support for the Subscription Services.

4. ADDITIONAL CUSTOMER RESPONSIBILITIES. Customer: (i) must keep its passwords secure and confidential and use industry-standard password management practices; (ii) is solely responsible for the Content and all activity conducted through its account within the Cloud Service; (iii) must use commercially reasonable efforts to prevent unauthorized access to its account and notify Vendor promptly of any such unauthorized access; (iv) may use the Subscription Services only in accordance with the Documentation and applicable law; (v) is responsible for its Users’ compliance with the terms of the Agreement; (vi) must not exceed the Usage Parameters; and (vii) will at all times comply with the AUPs.

5. FEES AND PAYMENT.

5.1. Subscription Fees. Fees are due and payable as set forth on the Order Form, and Customer shall timely pay all fees to the Vendor indicated in the Order Form. Unless otherwise stated in the Agreement, payment obligations are non-cancelable, and fees paid are non-refundable. All payments shall be made in the currency stated on the Order Form. The Vendor indicated in the Order Form may charge interest on overdue amounts at the lesser of 1.5% per month or the maximum legal rate and may charge Customer for any cost or expense arising out of collection efforts. Customer may submit a request to increase Usage Parameters at any time for either Vendor or both, and, upon execution of an Order Form, Customer will pay fees due for such increase at a prorated amount for the remainder of Customer’s then-current Subscription Term.

5.2. Taxes.

(A) Vendor shall charge, and Customer will pay, all applicable federal, state, or local sales or use taxes, value added taxes (“VAT”), goods and services taxes (“GST”), and consumption taxes that Vendor is legally obligated to charge (“Taxes”). All fees charged, and price quoted by Vendor are exclusive of any Taxes regardless of however these taxes may be imposed, e.g., VAT, GST, WHT or consumption taxes, unless such Taxes are stated on the invoice Vendor provides to Customer. Customer may provide the applicable Vendor indicated in the Order Form with an exemption certificate or equivalent information acceptable to the relevant taxing authority. In such case, Vendor will not charge or collect the Taxes covered by such exemption certificate or equivalent documentation.

(B) with respect to withholding taxes, during the term of the Agreement, Vendor may provide Customer with forms, documents, or certifications as may be required for Customer to satisfy information reporting or withholding tax obligations with respect to payments under this Agreement. Upon Vendor’s receipt of Customer’s proof of withholding (which proof must be acceptable in Vendor’s sole discretion), Customer may deduct or withhold any taxes that Customer determines it is obligated to withhold from any amounts payable to Vendor under the Agreement. Except as stated in this section, Customer may not withhold or offset any amount owed to Vendor for any reason.

6. CONFIDENTIAL INFORMATION. Confidential Information includes, without limitation, the Software and any non-public technical, business, and pricing information. Confidential Information does not include information that: (i) is or becomes generally known to the public through no fault or breach of the Agreement by Recipient; (ii) is rightfully known by Recipient at the time of disclosure without an obligation of confidentiality; (iii) is independently developed by Recipient without the use of Discloser’s Confidential Information; or (iv) Recipient rightfully obtains from a third party without restriction on use or disclosure.  Recipient will maintain the confidentiality of Confidential Information, and Recipient agrees not to use such Confidential Information for any purpose except as necessary to fulfill its obligations and exercise its rights under the Agreement.  Recipient will protect the secrecy of and prevent disclosure and unauthorized use of Discloser’s Confidential Information using the same degree of care that it takes to protect its own confidential information and will in no event use less than reasonable care.  Recipient may share Discloser’s Confidential Information with its employees, contractors, directors, agents, and representatives who have a need to know the information to perform obligations under the Agreement, and with whom Recipient has written obligations on confidentiality in place at least as stringent as those in the Agreement. Recipient may disclose Discloser’s Confidential Information if required by judicial or administrative process, provided that Recipient first provides Discloser with prompt notice of such required disclosure to enable the Discloser to seek a protective order, unless such notice is prohibited by applicable law.  “Confidential Information” means any proprietary information disclosed by one party (“Discloser”) and received by the other party (“Recipient”) during, or prior to entering into, the Agreement that Recipient should know is confidential or proprietary based on the circumstances surrounding the disclosure.

7. RESTRICTIONS.  Except as expressly set forth in the Agreement, and to the maximum extent permitted by applicable law, Customer will not (and will not allow any third party to): (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive the structure or the source code of the Software; (ii) distribute, license, sublicense, assign, transfer, provide, lease, lend, rent, disclose, use for timesharing or service bureau purposes, or otherwise use for the benefit of any third party Subscription Services (iii) use or access the Subscription Services or the Software in order to build a similar or competitive product or service or to disclose to any third party any benchmarking or comparative study involving same; (iv) modify, adapt, translate, or create derivative works of the Software or Documentation; (v) remove, alter, or obscure in any way any proprietary rights notices (including copyright notices) of Vendor or its suppliers on or within the Software or Documentation; (vi) use the Subscription Servicesto scan any Targets or software code outside of those that it owns; (vii) take any action that imposes or may impose, at Vendor’s sole discretion, a disproportionately large load on the the Software  (such as DDoS) or any other interfere or attempt to interfere with the integrity or proper working of the Subscription Services; (viii) use the Subscription Services in such a manner that causes violation of this SSA or the AUPs or exceeds the Usage Parameters set forth under the applicable Order Form; (ix) breach any applicable local, national or international law, rule or regulation; (x) transmit to the Software any data, or send or upload any materials to the Software that contain viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.

8. TERM AND TERMINATION.

8.1. Term.  Subject to the termination rights set forth herein, the term of this SSA will commence on the Effective Date and will continue as long as the Subscription Services are being provided to Customer under an Order Form.  Unless otherwise agreed in the Order Form, the Subscription Term will automatically renew for successive terms of 12 months provided that either party may opt not to renew by giving the other party 30 day calendar days prior written notice (Notice of Non-Renewal). Notice of Non-Renewal must be received no less than 30 days before the expiration of the then-current Subscription Term.

8.2. Mutual Termination for Material Breach. Either party may terminate an affected Order Form or all Order Forms between Vendor and Customer immediately upon notice if the other party materially breaches its obligations under the Agreement and, if remediable, does not remedy such breach within 30 calendar days of receiving written notification to do so from the non-breaching party.

8.3. Termination for Dissolution, Bankruptcy. Subject to applicable law, either party may immediately terminate the SSA and/or any Order Form on written notice if the other party enters into compulsory or voluntary liquidation, ceases to carry on business, or takes or suffers any similar action which the other party reasonably believes means that it may be unable to pay its debts.

8.4. Effect of Termination.

(A) Upon the termination of an applicable Order Form: (i) the licenses granted under the Order Form for the Subscription Services will immediately terminate, and Customer and its Users will immediately cease use of the  Subscription Services; (ii) Vendor’s obligations to provide Support will immediately terminate; (iii) in the event of a termination for Customer’s breach of the Agreement, Customer will pay to Vendor the full amount of any outstanding fees due hereunder; (iv) in the event of a termination for Vendor’s breach of the Agreement, Vendor will refund to customer the pro-rata amount of any prepaid but unused fees; (v) Customer may request that Vendor delete the Content belonging to Customer; and (vi) on Customer’s request, Vendor will destroy or return all Customer Confidential Information in its possession or control and will not make or retain any copies of such information in any form, except that Vendor may retain one archival copy of such information solely for the purposes of ensuring compliance with the Agreement or as required by applicable law or regulation.

(B) CUSTOMER ACKNOWLEDGES AND AGREES THAT THE SOFTWARE MAY CONTAIN DISABLING CODE THAT (EITHER AUTOMATICALLY OR AT VENDOR’S CONTROL) WILL RENDER THE SOFTWARE (AND RELATED DATA) UNUSABLE UPON TERMINATION OR CUSTOMER’S BREACH OF THE AGREEMENT AND FAILURE TO CURE WITHIN 30 DAYS OF RECEIVING NOTICE OF SUCH BREACH FROM INVICTI.

(C) The following sections will survive any termination or expiration of the Agreement: 1, 5, 6, 7, 8, 9, 10, 11, 12, 13, and 20.

(D) Termination of this SSA will prevent Customer from renewing and placing additional Order Forms with Vendor, however it will not affect the operation of any Order Form then in effect. Each Order Form must independently terminate.

(E) Expiration or termination of all or part of the Agreement shall not affect any accrued rights, remedies, obligations, or liabilities of the parties.

8.5. Termination for Illegality. Either party may terminate one or more affected Order Forms and/or the Agreement immediately, upon notice, if the other party would be in violation of applicable law or regulation as a result of the continued relationship of the parties.

9. PROPRIETARY RIGHTS. Except as for the rights granted to Customer pursuant to the Agreement, as between Vendor and Customer, Vendor retains all right, title, and interest in and to all Intellectual Property Rights held by  Vendor (and its licensors). Title to the Subscription Services, including the Software, will not pass from Vendor to Customer, and the Subscription Services and all copies thereof will at all times remain the sole and exclusive property of Vendor.

10. DATA SECURITY.

10.1. Content. Customer owned Content remains the property of Customer. Customer represents and warrants to Vendor that Customer has provided all required notices and has obtained all required licenses, permissions, and consents regarding Customer’s Content for use within the Subscription Services. Customer grants Vendor a perpetual, transferable, worldwide, fully paid, royalty free right and license to use Customer’s Content in accordance with this SSA.

10.2. Data Security Measures and Data Processing Addendum.

(A) Security Measures. Vendor: (i) implements and maintains reasonable security measures appropriate to the nature of the Content including, without limitation, technical, physical, administrative, and organizational controls designed to maintain the confidentiality, security, and integrity of  Content; (ii) implements and maintains industry standard systems and procedures for detecting, preventing, responding to attacks, intrusions, or other systems failures and regularly tests or otherwise monitors the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designate an employee or employees to coordinate implementation and maintenance of its security measures (as defined below); and (iv) identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of Content that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information.

(B) Data Processing .

1. With regards to Invicti Software: When legally required, the Customer agrees to comply with the terms of the following Data Processing Addendum (presently found at the following URL: https://www.invicti.com/legal/dpa/) as may be periodically updated by Invicti.
2. With regards to Mend’s Solution:  Mend’s Solution is not intended to process personal data. It is the sole responsibility of Customer to ensure that all Content into which Mend’s Solution is integrated or which are examined by means of Mend’s Solution do not contain any personal data. Detailed information on Mend’s processing of personal data and commitment to privacy can be found in Mend’s privacy policy at https://www.mend.io/privacy-policy/ and Mend’s Data Processing Overview available at: https://www.mend.io/data-protection/.

10.3. Data Insights. To enable your use of the Subscription Services, the Software will automatically collect certain data and information related to Customer’s use of the Subscription Services (“Data Insights”). For these purposes, Vendor requires, and you hereby grant Vendor, a worldwide, non-exclusive, royalty-free license to store, use, reproduce, display and transmit Data Insights to the extent necessary to enable Customer’s use of the Subscription Services, including monitoring Customer’s usage of the services. This license shall remain in effect for as long as you have access to the Subscription Services.

Data Insights are used internally to manage Customer licenses, for benchmarking purposes, to facilitate Customer’s use of the Subscription Services, and to maintain, secure, develop, and improve the Subscription Services. Data Insights are never sold, and are aggregated and anonymized when used by Vendor in any external facing capacity (e.g., identifying average false-positive count, improving vulnerability detection and correlation) so as to never identify Customer, its Users, or any natural person.

11. WARRANTIES & DISCLAIMERS.

11.1. Warranty.

(A) Vendor warrants that: it will maintain all necessary licenses, consents, and permissions for performance of its obligations under the Agreement.

(B) This warranty is null and void to the extent the Subscription Services: (i) fail to conform with this warranty as a result of its use with any third-party hardware or software other than as authorized by Vendor in the Documentation; (ii) is used other than in accordance with its published Documentation; or (iii) is used in breach of the Agreement. If the Subscription Services do not conform with the warranty in sections 11.1(A), then Customer’s sole remedy, and Vendor’s entire liability will be to correct the non-conformance promptly.

(C) Uptime SLA. Vendor warrants that it will maintain the availability of the Cloud Service as provided in the Uptime SLA.

11.2. Warranty Disclaimer. VENDOR DISCLAIMS ALL WARRANTIES AND CONDITIONS NOT EXPRESSLY PROVIDED HEREIN, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THE SUBSCRIPTION SERVICES ARE PROVIDED “AS IS” AND MAY NOT BE ERROR-FREE OR UNINTERRUPTED OR CONFORM WITH CUSTOMER SPECIFICATIONS. VENDOR MAKES NO WARRANTY AGAINST: (A) FALSE POSITIVES; (B) THAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED BY USE OF THE SUBSCRIPTION SERVICES; (C) ANY ISSUES ARISING OUT OF OR RELATING TO INTERNET CONNECTIVITY; (D) ANY ISSUE ATTRIBUTABLE TO CUSTOMER HARDWARE OR SOFTWARE, CUSTOMER’S INTERNET OR DATA SERVICE PROVIDER; (D) BUGS, VULNERABILITIES, OR HARMFUL CODE CONTAINED IN UPDATES TO THIRD-PARTY SOLUTIONS, EVEN IF PROPOSED, RECOMMENDED OR MADE AVAILABLE BY VENDOR FROM TIME TO TIME.

CUSTOMER’S USE OF AND RELIANCE UPON THE SOFTWARE AND SUBSCRIPTION SERVICES ARE AT CUSTOMER’S SOLE DISCRETION, AND THE SUBSCRIPTION SERVICES DO NOT PROVIDE ANY LEGAL ADVICE.

THE FOREGOING EXCLUSIONS AND DISCLAIMERS ARE AN ESSENTIAL PART OF THIS SSA AND FORM THE BASIS FOR DETERMINING THE PRICE CHARGED FOR THE SERVICES.

12. INDEMNIFICATION.

12.1. By Vendor. Subject to sections 12.1(A) and 12.3, Vendor will, at its cost and expense: (i) defend any unaffiliated third-party claim against Customer to the extent such claim alleges that the Subscription Services infringe the Intellectual Property Rights of such third party; and (ii) indemnify Customer from settlement costs or any damages finally awarded to such third party (including reasonable legal and professional fees and expenses) by a court of competent jurisdiction as a result of such claim.

(A) Remedy. If such a claim occurs, or in Vendor’s opinion appears reasonably likely to occur, then Vendor may at its expense and in its sole discretion: (i) modify the Subscription Services to become non-infringing; (ii) procure the necessary rights to allow Customer to continue using the Subscription Services; (iii) replace the Subscription Services with a functional equivalent; or (iv) if neither (i) through (iii) are commercially practicable, terminate the Subscription Services and refund any prepaid and unused fees.

(B) Exclusions. Vendor has no obligation for any claim to the extent arising from or related to: (i) Vendor’s compliance with Customer’s specifications; (ii) a combination of the Subscription Services with other technology or aspects where the infringement would not occur but for the combination; (iii) Content; (iv) use of the Subscription Services in combination with hardware, software, or other technology, products, or services not provided by or authorized by Vendor in the Documentation; or (v) the use by Customer of any version of the Subscription Services which is not the latest available version of the Subscription Services that was made available by Vendor.

12.2. By Customer. Subject to section 12.3 Customer will, at its cost and expense: (i) defend any unaffiliated third-party claim against Vendor to the extent such claim alleges (a) that Customer initiated one or more scans of a Target that is not owned or managed by Customer or its Affiliate, and (b) that any part of the Content has been provided unlawfully or infringes or violates a third party’s Intellectual Property Rights; and (ii) indemnify Vendor from settlement costs or any damages finally awarded to such third party (including reasonable legal and professional fees and expenses) by a court of competent jurisdiction as a result of such claim.

12.3. Process. If the indemnified party receives notice of a claim that is covered by this section 12, the indemnified party shall give the indemnifying party prompt written notice thereof, provided that failure to give prompt notice shall not relive a party of its obligations under this section unless such failure materially prejudices the claim. The indemnifying party shall be allowed to solely conduct the defense of the matter, including choosing legal counsel to defend the claim, provided that the choice is reasonable and is communicated to the indemnified party in advance. The indemnified party shall comply with the indemnifying party’s reasonable requests for assistance and cooperation in the defense of the claim. The indemnifying party may not settle the claim without the indemnified party’s consent, which may not be unreasonably withheld, delayed, or conditioned.

12.4. THIS SECTION CONTAINS CUSTOMER’S EXCLUSIVE REMEDIES AND VENDOR’S SOLE LIABILITY FOR THE INFRINGEMENT CLAIMS IDENTIFIED IN THIS SECTION.

13. LIMITATION ON DAMAGES.

13.1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL VENDOR OR ITS LICENSORS BE LIABLE FOR ANY LOST PROFITS OR BUSINESS OPPORTUNITIES, LOSS OF USE, LOSS OF REVENUE, LOSS OF GOODWILL, BUSINESS INTERRUPTION, LOSS OF DATA, OR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES UNDER ANY THEORY OF LIABILITY.

13.2. VENDOR’S (AND ITS RESPECTIVE AGENTS’, AFFILIATES’, LICENSORS’ AND SUPPLIERS’) TOTAL AGGREGATE LIABILITY UNDER AN APPLICABLE ORDER FORM WILL NOT, IN ANY EVENT, UNDER ANY THEORY OF LAW, EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER FOR THE SUBSCRIPTION SERVICES IN THE 12 MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.

14. OPEN SOURCE SOFTWARE. The Subscription Services incorporate and consist of third-party Open Source Software that Customer may use under the terms and conditions of the specific license under which the Open Source Software is distributed. Vendor represents and warrants that: (a) inclusion of Open Source Software in the Subscription Services will not prevent Customer from exercising the license rights granted to Customer herein or limit Customer’s ability to use the Subscription Services in accordance with the Documentation; and (b) Customer’s use of Open Source Software governed under any restrictive copyleft terms shall not prohibit Customer’s use of or any result generated from the Subscription Services or require the disclosure, licensing, or assignment of Customer’s proprietary or third-party licensed software. Title to Open Source Software remains with the applicable licensors. Except as otherwise provided in this section, Vendor disclaims all representations, warranties, conditions, and liability arising from Open Source Software.

To the extent so indicated by an Open Source License referenced in such notices file, the Open Source Software corresponding to such Open Source License, is licensed directly to Customer  by its respective licensors and is subject to its respective Open Source License, and not to this SSA. Any terms included in such Open Source License shall be deemed to be imposed by reference herein and shall supersede any conflicting provisions herein, solely with respect to the corresponding Open Source Software which is governed by such Open Source License.

If, and to the extent, an Open Source License detailed in the notices file requires that the source code of its corresponding Open Source Software be made available to Customer, and such source code was not delivered to Customer with the Combined Platform, then only during the period prescribed in such Open Source License Customer can request to obtain from Vendor such source code, either by contacting Mend at the email address: Product@mend.io or by contacting Invicti in accordance with the provisions of section 19.9. You are solely responsible to flow-down the foregoing provisions on Open Source Software to any additional end-user to which Vendor provides the Platform.

15. THIRD PARTY INTEGRATIONS. The Subscription Services may, in certain cases, allow the Customer to connect to or otherwise interact with one or more third-party service providers for purposes permitted by the Subscription Services. Because Vendor does not control such third-party service providers, access to any such third-parties through the Subscription Services may be implemented, suspended or terminated by Vendor from time to time in its sole discretion, including as may be necessary for security or maintenance purposes or as required by the Documentation or applicable law. It is the Customer’s sole responsibility to enter into and maintain any agreement between the Customer and any such third party for the provision of their services to the Customer, and Vendor is not hereby made a party to such agreement. To the extent that the Customer, its Affiliates, representatives or Users use the Subscription Services to transmit any Customer owned Content to or from any such third party, the Customer directs and authorizes Vendor to provide or receive, respectively, such Customer owned Content to or from such third party. To the extent the Customer, its Affiliates, representatives or Users the Subscription Services to connect or otherwise interact with any such third party, or have identified or designated any such third party as the Customer’s third-party service provider, the Customer authorizes Vendor to allow such third party to access Customer owned Content as necessary for Vendor to provide the Subscription Services to the Customer. The Customer acknowledges and agrees that such third parties are not agents of Vendor, that Vendor is not responsible for their services, compliance, accuracy, actions or omissions or for their maintenance or treatment of Customer owned Content, that Vendor will not be liable for and specifically disclaim liability for any damage or loss caused thereby, that access to such third party via the Subscription Services does not imply any endorsement by Vendor, and that any Customer owned Content submitted to such third parties via the Subscription Services will be governed by the Customer’s agreement (if any) with such third party. Vendor shall not be responsible for any disclosure, modification or deletion of Customer owned Content resulting from access by such third party.

16. GOVERNMENT LICENSES. For purposes of sales to government entities in the United States, the Subscription Services and the accompanying Documentation are deemed to be “commercial computer software” and “commercial computer software documentation”, respectively, pursuant to DFARS Section 227.7202 and FAR Section 12.212(b), as applicable. Any use, modification, reproduction, release, performing, displaying, or disclosure of the Subscription Services or the accompanying Documentation by or for the U.S. Government will be governed solely by the terms and conditions of the Agreement, in conjunction with statutes, regulations, and the terms of the GSA Schedule, if applicable.

17. EXPORT COMPLIANCE AND ANTI-CORRUPTION. The Subscription Services and any other technology Vendor makes available, and derivatives thereof, may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government or other applicable jurisdiction denied-party list. Customer shall not permit Users to access or use any Subscription Services in a U.S. or other applicable jurisdiction embargoed country or in violation of any U.S. or other applicable export law or regulation. Customer has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Vendor’s employees, agents, or a third party in connection with the Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will use reasonable efforts to promptly notify Vendor’s legal department at legal@invicti.com, if Vendor is Invicti, or legal@mend.io, if Vendor is Mend. Customer’s failure to comply with any term of this section will constitute a material breach of the Agreement and will entitle Vendor to suspend all products and services provided under the Agreement and immediately terminate the Agreement upon notice, in addition to any other remedy available at law or equity.

18. SOFTWARE LIFECYCLE.

18.1. Vendor has no obligation to provide Support for any version of the Subscription Services other than the most current and previous minor release (“Current Version”). Vendor shall have no liability for damages resulting from or in connection with Customer’s failure to install and/or use a Current Version. Vendor shall have no obligation to provide Support for a version of the Subscription Services other than the Current Version (“Non-Current Version”), and may, in its sole and exclusive discretion, discontinue Support for, discontinue sales of and/or retire a Non-Current Version (“End of Life”). Vendor shall publicly post (on its website) a notice of End of Life, including, where relevant, the last date of general commercial availability of the affected version of the Subscription Services and the timeline for discontinuing Support.

18.2. Due to operation of law, regulation, or to comply with reasonable security standards (e.g., patching a known vulnerability) Vendor may, on rare occasions, require Customer to update to the most current version of the Subscription Services (“Emergency Update”). Vendor will clearly communicate the need for such Emergency Update. Vendor shall have no liability for damages resulting from or in connection with Customer’s failure to implement an Emergency Update.

19. MEND AI-POWERED CODE FEATURES

The use of Mend AI-Powered Code Features is governed by this SSA, as well as the supplemental terms specific to the Mend AI-Powered Code Features which are incorporated by reference and can be found here: Mend AI-Powered Code Features Supplemental Terms of Service. These Mend AI-Powered Code Features Supplemental Terms of Service are to be read in conjunction with these SSA and are binding upon your use of any of the Mend AI-Powered Code Features incorporated in any Mend Software.

20. MISCELLANEOUS.

20.1. Publicity. Customer agrees that Vendor may publicly disclose that it is providing the Subscription Services to Customer and may use Customer’s name and logo to identify Customer in promotional materials, including press releases, provided that Vendor does not state or imply that Customer endorses the Subscription Services.

20.2. Feedback. To the extent Customer or any User provides suggestions or feedback to Invicti or Mend regarding the functioning, features, or other characteristics of the Subscription Services, Documentation, or other materials or services provided or made available by any of Invicti or Mend (“Feedback”), that Feedback is solely owned by Invicti or Mend and may become part of the Subscription Services and/or Software, without any obligation or payment to Customer or restriction of any kind; provided that any such Feedback may not include a reference to Customer or to any other individual. Notwithstanding the foregoing, in the event that inspite of the aforementioned, the Feedback shall be deemed to remain with Customer, Customer hereby grants Vendor a perpetual, irrevocable, non-exclusive, royalty-free, fully-paid, fully-transferable, worldwide license (with rights to sublicense through multiple tiers of sublicensees) to Vendor to use and exploit such Feedback in any manner for the purpose of improving and continuing the development of the Subscription Services.

20.3. Entire Agreements and Modifications. The Agreement constitutes the entire agreement between the parties and supersedes any prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. No modification of any term of the Agreement is effective unless set forth in writing and signed by both parties.

20.4. Order of Precedence. Any ambiguity, conflict, or inconsistency between documents comprising the Agreement shall be resolved in the following order of precedence: (i) Order Form; (ii) any document or URL incorporated into the Order Form; and (iii) the SSA (including attached and/or URL incorporated documents).

20.5. Irreparable Harm. Any breach by a party to the Agreement, , any unauthorized disclosure of Confidential Information, or any violation of the other party’s Intellectual Property Rights could cause irreparable injury or harm to the other party. The other party may seek a court order to stop any breach or avoid any future breach of the Agreement.

20.6. Assignment. The Agreement may not be assigned by either party without the prior written approval of the other party, such approval not to be unreasonably withheld, except in connection with: (i) a merger, consolidation, or similar transaction involving (directly or indirectly) a party; (ii) a sale or other disposition of all or substantially all of the assets of a party; or (iii) any other form of combination or reorganization involving (directly or indirectly) such party. Any purported assignment in violation of this section shall be null and void and have no effect.

20.7. Force Majeure. A party is not liable under the Agreement for non-performance caused by events or conditions beyond that party’s control if that party makes reasonable efforts to perform (“Force Majeure Event”), provided however that, without prejudice to the provisions of this section, when the Force Majeure Event ceases, or otherwise as soon as feasible thereafter, the party or parties affected shall re-commence performance of their obligations under this Agreement. In the event that the Force Majeure Event persists beyond thirty (30) calendar days or a continuation of the obligations hereunder otherwise no longer remains possible, the parties shall, in the first instance, endeavor to reach a mutually satisfactory workaround. Where such workaround is not possible or is not achieved within a further fifteen (15) calendar days, either party may terminate this agreement, and in any such case: (i) Vendor will refund to Customer the pro-rata amount of any prepaid but unused fees; and (ii) all amounts due to Vendor by the Customer until the effective termination date shall be paid in full.

20.8. Relationship of the Parties. Each party is an independent contractor of the other under the Agreement, and nothing in the Agreement shall be construed to create a partnership, joint venture, agency relationship, fiduciary relationship, or any other arrangement related to sharing of profits and losses. Each party is responsible for its own expenses in meeting its obligations under the Agreement. Each party agrees that it has the full power and authority to enter into the Agreement and to carry out the actions contemplated herein.

20.9. Notices. Except for operational notices which may be sent by email to the party’s administrative contact, any notice, report, approval, authorization, agreement, or consent required or permitted hereunder will be in writing as follows: notices will be sent to the address that the applicable party has or may provide by written notice or, if there is no such address, the most recent address the party giving notice can locate using reasonable efforts. A copy of any notices sent to Vendor should also be sent to legal@invicti.com, if Vendor is Invicti, or legal@mend.io, if Vendor is Mend. Notices are deemed received as of the time posted or delivered, or if that time does not fall within a Business Day, as of the beginning of the first Business Day following the time posted or delivered. For purposes of counting days for notice periods, the Business Day on which the notice is deemed received counts as the first day. Notices shall be given in English.

20.10. Waiver and Enforceability. No failure or delay in exercising any right hereunder will operate as a waiver thereof, nor will any partial exercise of any right or power hereunder preclude further exercise. If any provision will be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the Agreement will otherwise remain in full force and effect and enforceable.

20.11. Governing Law/Forum. The Agreement will be deemed to have been made in, and will be construed in accordance with the laws of the State of Delaware, and any disputes shall be resolved exclusively under the jurisdiction of the competent courts of Dover, Delaware, without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transactions Act, and the prevailing party in any action to enforce the Agreement will be entitled to recover its attorney’s fees and costs in connection with such action.

20.12. Translations Other Than English. The English language version of this Agreement and any documents exchanged pursuant to this Agreement shall be controlling in all respects. Any translations of this Agreement into a language other than English shall have no legal effect and are for the convenience of the parties only.