Invicti Subscription Services Agreement
IMPORTANT – CAREFULLY READ ALL THE TERMS AND CONDITIONS OF THIS INVICTI SUBSCRIPTION SERVICES AGREEMENT (“SSA”). BY SIGNING AN ORDER FORM INCORPORATING THIS AGREEMENT, CLICKING “I ACCEPT”, CLICKING “CREATE”, PROCEEDING WITH THE INSTALLATION AND/OR ACCESS AND USE OF THE INVICTI SOLUTION, OR USING THE INVICTI SOLUTION AS AN AUTHORIZED REPRESENTATIVE OF YOUR COMPANY NAMED ON THE APPLICABLE ORDER FORM ON WHOSE BEHALF YOU INSTALL AND/OR USE THE INVICTI SOLUTION, YOU ARE INDICATING THAT YOU HAVE READ, UNDERSTOOD, AND ACCEPT THIS AGREEMENT WITH INVICTI (AS DEFINED BELOW). IF YOU DO NOT AGREE WITH ALL OF THE TERMS OF THIS AGREEMENT, DO NOT INSTALL, COPY, OR OTHERWISE USE THE INVICTI SOLUTION. THE EFFECTIVE DATE OF THIS AGREEMENT SHALL BE THE DATE THAT YOU SIGN AN ORDER FORM WITH INVICTI OR OTHERWISE ACCEPT THIS AGREEMENT AS SET FORTH ABOVE.
1. DEFINITIONS. Capitalized terms used in this SSA shall have the meaning given to them in Schedule 1: Definitions, attached hereto.
2. ORDERS.
2.1. Formation. This SSA governs the overall relationship of the parties in relation to Customer’s use of the Invicti Solution. An Order Form is not effective unless Customer has a fully executed and effective SSA at time of signature and the applicable Order Form has been signed by an authorized representative of each party. Each executed Order Form creates a separate Agreement between Invicti and Customer.
2.2. Informal. Provision of the Invicti Solution, Support, or any other products or services provided by Invicti or its Affiliate to Customer or its Affiliates is governed by this SSA unless otherwise expressly and conspicuously agreed in writing by the parties. The pre-printed terms of Customer’s purchase order or other business form or terms that Customer provides will be considered only for invoicing purposes, and any terms contained therein shall be void and have no force or effect.
2.3. Affiliate Orders. If an Order Form incorporating this SSA is executed by a party Affiliate, the terms “Customer” and “Invicti”, as used in this SSA, shall be read to mean (respectively) the applicable Customer Affiliate and/or Invicti Affiliate that executed the applicable Order Form.
3. Invicti Solution.
3.1. License Grant. Subject to Customer’s compliance with the terms and conditions of the Agreement, including payment of all applicable fees, Invicti hereby grants to Customer for its internal business purposes a limited, non-sublicensable, non-exclusive, non-transferable, worldwide license, solely during the Subscription Term or Trial Period, as applicable and as set forth in the Order Form, to:
(A) either:
(i) install, execute, and use, or permit Users to install, execute, and use, in object code form only, the Software on Customer-provided infrastructure; or
(ii) [for on-demand / Cloud-based Solutions] access and use the Cloud Service; and
(B) reproduce and use a reasonable number of copies of the Documentation for use with the Invicti Solution.
3.2. Trial Versions and Beta Features.
(A) Beta Features. Beta Features are subject to the Beta Terms. Invicti may, in its sole discretion: (i) cease providing Beta Features at any time; or (ii) cease providing Beta Features free of charge and require Customer to purchase such features for continued use as part of the Invicti Solution. Customer will not attempt to circumvent, dismantle, or otherwise interfere with any time-control disabling functionality in any Beta Feature that causes the Beta Feature to cease functioning. “Beta Feature(s)” means any Invicti Solution feature that is identified by Invicti, including via the applicable Invicti Solution user interface or via other communications to Customer, as “Beta”, “Alpha”, “Experimental”, “Limited Release” or “Pre-Release” or that is otherwise identified by Invicti as unsupported.
(B) Trial Versions. Invicti will provide the Trial Version free of charge for a time period of 15 business days or such longer period as may be granted by Invicti (“Trial Period”). Invicti may extend the Trial Period in its sole and exclusive discretion. Invicti may immediately terminate Customer’s access to and use of the Trial Version at any time, and all data generated during the Trial Period will be deleted. Invicti will have no liability under the Agreement arising out of or related to any use of a Trial Version by Customer or the deletion of any data generated during the Trial Period. Any use of a Trial Version is solely at Customer’s own risk and may be subject to additional requirements as specified by Invicti. Invicti is not obligated to provide Support for any Trial Version, and all Trial Versions are provided as-is without warranty. Customer agrees to use the Trial Version in a non-production environment. “Trial Version(s)” means any Invicti Solution version that is provided by Invicti on a “Trial”, “Evaluation”, or “Proof of Concept” basis whether or not identified as such by Invicti on an Order Form.
3.3. Support. Invicti will provide Customer with Support for the Invicti Solution.
4. ADDITIONAL CUSTOMER RESPONSIBILITIES. Customer: (i) must keep its passwords secure and confidential and use industry-standard password management practices; (ii) is solely responsible for the Content and all activity conducted through its account within the Cloud Service; (iii) must use commercially reasonable efforts to prevent unauthorized access to its account and notify Invicti promptly of any such unauthorized access; (iv) may use the Invicti Solution only in accordance with the Documentation and applicable law; (v) is responsible for its Users’ compliance with the terms of the Agreement; (vi) must not use the Invicti Solution in a manner that violates the Usage Parameters or Fair Use; and (vii) will at all times comply with the AUP..
5. FEES AND PAYMENT.
5.1. Subscription Fees. Fees are due and payable as set forth on the Order Form, and Customer shall timely pay all fees. Unless otherwise stated in the Agreement, payment obligations are non-cancelable, and fees paid are non-refundable. Invicti reserves the right to increase fees upon renewal. All payments shall be made in the currency stated on the Order Form. Invicti may charge interest on overdue amounts at the lesser of 1.5% per month or the maximum legal rate and may charge Customer for any cost or expense arising out of collection efforts. Customer may submit a request to increase Usage Parameters at any time, and, upon execution of an Order Form, Customer will pay fees due for such increase at a prorated amount for the remainder of Customer’s then-current Subscription Term.
5.2. Taxes.
(A) Invicti shall charge, and Customer will pay, all applicable federal, state, or local sales or use taxes, value added taxes (“VAT”), goods and services taxes (“GST”), and consumption taxes that Invicti is legally obligated to charge (“Taxes”). All fees charged, and price quoted by Invicti are exclusive of any Taxes regardless of however these taxes may be imposed, e.g., VAT, GST, WHT or consumption taxes, unless such Taxes are stated on the invoice Invicti provides to Customer. Customer may provide Invicti with an exemption certificate or equivalent information acceptable to the relevant taxing authority. In such case, Invicti will not charge or collect the Taxes covered by such exemption certificate or equivalent documentation.
(B) During the term of the Agreement, Invicti may provide Customer with forms, documents, or certifications as may be required for Customer to satisfy information reporting or withholding tax obligations with respect to payments under this Agreement. Upon Invicti’s receipt of Customer’s proof of withholding (which proof must be acceptable in Invicti’s sole discretion), Customer may deduct or withhold any taxes that Customer determines it is obligated to withhold from any amounts payable to Invicti under the Agreement. Except as stated in this section, Customer may not withhold or offset any amount owed to Invicti for any reason.
6. CONFIDENTIAL INFORMATION.
6.1. “Confidential Information” means any proprietary information (excluding Personal Data) disclosed by one party (“Discloser”) and received by the other party (“Recipient”) during, or prior to entering into, the Agreement that Recipient should know is confidential or proprietary based on the circumstances surrounding the disclosure, or because it has been identified as being such by the Discloser. Invicti’s Confidential Information includes, without limitation, the Invicti Solution and any non-public technical, business, and pricing information. Confidential Information does not include information that: (i) is or becomes generally known to the public through no fault or breach of the Agreement by Recipient; (ii) is rightfully known by Recipient at the time of disclosure without an obligation of confidentiality; (iii) is independently developed by Recipient without the use of Discloser’s Confidential Information; or (iv) Recipient rightfully obtains from a third party without restriction on use or disclosure. Recipient will maintain the confidentiality of Confidential Information, and Recipient agrees not to use such Confidential Information for any purpose except as necessary to fulfill its obligations and exercise its rights under the Agreement. Recipient will protect the secrecy of and prevent disclosure and unauthorized use of Discloser’s Confidential Information using the same degree of care that it takes to protect its own confidential information and will in no event use less than reasonable care. Recipient may share Discloser’s Confidential Information with its employees, contractors, directors, agents, and representatives who have a need to know the information to perform obligations under the Agreement, and with whom Recipient has written obligations on confidentiality in place at least as stringent as those in the Agreement. Recipient may disclose Discloser’s Confidential Information if required by judicial or administrative process, provided that Recipient first provides Discloser with prompt notice of such required disclosure to enable the Discloser to seek a protective order, unless such notice is prohibited by applicable law.
6.2. Data Protection. Notwithstanding the foregoing, the parties agree that the Data Processing Addendum (see section 10.2(C)) shall exclusively govern with respect to the collection, use, storage, and confidentiality of Personal Data.
7. RESTRICTIONS. Except as expressly set forth in the Agreement, and to the maximum extent permitted by applicable law, Customer will not (and will not allow any third party to): (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive the structure of the Invicti Solution or the source code from the Invicti Solution; (ii) distribute, license, sublicense, assign, transfer, provide, lease, lend, rent, disclose, use for timesharing or service bureau purposes, or otherwise use for the benefit of any third party the Invicti Solution (iii) use or access the Invicti Solution in order to build a similar or competitive product or service or to disclose to any third party any benchmarking or comparative study involving the Invicti Solution; (iv) modify, adapt, translate, or create derivative works of the Invicti Solution or Documentation; ; (v) remove, alter, or obscure in any way any proprietary rights notices (including copyright notices) of Invicti or its suppliers on or within the Invicti Solution or Documentation; (vi) use the Invicti Solution to scan any Applications or Targets outside of those that it owns or manages, without Invicti’s and the relevant Application or Target owner’s explicit written consent; or (vii) use the Invicti Solution in a manner that violates the Usage Parameters or Fair Use.
8. TERM AND TERMINATION.
8.1. Term. Subject to the termination rights set forth herein, the term of this SSA will commence on the Effective Date and will continue as long as the Invicti Solution is being provided to Customer under an Order Form. Unless otherwise agreed in the Order Form, the Subscription Term will automatically renew for successive terms of 12 months provided that either party may opt not to renew by giving the other party 30 calendar days prior written notice to the other party (“Notice of Non-Renewal”). Notice of Non-Renewal must be received no less than 30 days before the expiration of the then-current Subscription Term.
8.2. Mutual Termination for Material Breach. Either party may terminate an affected Order Form or all Order Forms between Invicti and Customer immediately, upon notice, if the other party materially breaches its obligations under the Agreement and, if remediable, does not remedy such breach within 30 calendar days of receiving written notification to do so from the non-breaching party.
8.3. Termination for Dissolution, Bankruptcy. Subject to applicable law, either party may immediately terminate the SSA and/or any Order Form on written notice if the other party enters into compulsory or voluntary liquidation, ceases to carry on business, or takes or suffers any similar action which the other party reasonably believes means that it may be unable to pay its debts.
8.4. Termination for Illegality. Either party may terminate one or more affected Order Forms and/or the Agreement immediately, upon notice, if the other party would be in violation of applicable law or regulation as a result of the continued relationship of the parties.
8.5. Effect of Termination.
(A) Upon the termination of an applicable Order Form: (i) the licenses granted under the Order Form for the Invicti Solution will immediately terminate, and Customer and its Users will immediately cease use of the Invicti Solution; (ii) Invicti’s obligations to provide Support will immediately terminate; (iii) in the event of a termination for Customer’s breach of the Agreement, Customer will pay to Invicti the full amount of any outstanding fees due hereunder; (iv) in the event of a termination for Invicti’s breach of the Agreement, Invicti will refund to Customer the pro-rata amount of any prepaid but unused fees; (v) for Cloud Service Customers, Customer may request that Invicti delete the Content belonging to Customer; and (vi) on Customer’s request, Invicti will destroy or return all Customer Confidential Information in its possession or control and will not make or retain any copies of such information in any form, except that Invicti may retain one archival copy of such information solely for the purposes of ensuring compliance with the Agreement or as required by applicable law or regulation.
(B) CUSTOMER ACKNOWLEDGES AND AGREES THAT THE INVICTI SOLUTION MAY CONTAIN DISABLING CODE THAT (EITHER AUTOMATICALLY OR AT INVICTI’S CONTROL) WILL RENDER THE INVICTI SOLUTION (AND RELATED DATA) UNUSABLE UPON TERMINATION OR CUSTOMER’S BREACH OF THE AGREEMENT AND FAILURE TO CURE WITHIN 30 DAYS OF RECEIVING NOTICE OF SUCH BREACH FROM INVICTI.
(C) The following sections will survive any termination or expiration of the Agreement: 1, 5, 6, 7, 8, 9, 10, 11, 12, 13, and 19.
(D) Termination of this SSA will prevent Customer from renewing and placing additional Order Forms with Invicti, however it will not affect the operation of any Order Form then in effect. Each Order Form must independently terminate.
(E) Expiration or termination of all or part of the Agreement shall not affect any accrued rights, remedies, obligations, or liabilities of the parties.
9. PROPRIETARY RIGHTS. Except as for the rights granted to Customer pursuant to the Agreement, Invicti retains all right, title, and interest in and to all Intellectual Property Rights held by Invicti (and its licensors). Title to the Invicti Solution will not pass from Invicti to Customer, and the Invicti Solution and all copies thereof will at all times remain the sole and exclusive property of Invicti.
10. DATA SECURITY.
10.1. Content. Customer owned Content remains the property of Customer. Customer represents and warrants to Invicti that Customer has provided all required notices and has obtained all required licenses, permissions, and consents regarding Customer’s Content for use within the Invicti Solution. Customer grants Invicti a perpetual, transferable, worldwide, fully paid, royalty free right and license to use Customer’s Content in accordance with this SSA.
10.2. Data Security Measures and Data Processing Addendum.
(A) Security Measures. Invicti: (i) implements and maintains reasonable security measures appropriate to the nature of the Content including, without limitation, technical, physical, administrative, and organizational controls designed to maintain the confidentiality, security, and integrity of Content; (ii) implements and maintains industry standard systems and procedures for detecting, preventing, responding to attacks, intrusions, or other systems failures and regularly tests or otherwise monitors the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designates an employee or employees to coordinate implementation and maintenance of its security measures (as defined below); and (iv) identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of Content that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information.
(B) Notice of Data Breach. If Invicti becomes aware that Customer Data was accessed or disclosed in breach of the Agreement, Invicti will: (i) notify Customer without undue delay, but in no event more than 72 hours of Invicti becoming aware of the breach; (ii) act to eliminate the breach and preserve forensic evidence; and (iii) provide available information to Customer regarding the nature and scope of the breach.
(C) Data Processing Addendum. When legally required, the parties agree to comply with the terms of Invicti’s Data Processing Addendum (presently found at the following URL: https://www.invicti.com/legal/dpa/) as may be periodically updated by Invicti.
10.3. Data Insights. Invicti automatically collects certain data and information related to Customer’s use of the Invicti Solution (“Data Insights”), such as Target URLs, scan results, accessed features, and used/unused Application or Target count. Data Insights are used internally to manage Customer’ license, for benchmarking purposes, to facilitate Customer’s use of the Invicti Solution, and to maintain, secure, develop, and improve Invicti’s products and services. Data Insights are never sold, and are aggregated and anonymized when used by Invicti in any external facing capacity (e.g., identifying average false-positive count, improving vulnerability detection and correlation) so as to never identify Customer, its Users, or any natural person.
11. WARRANTIES & DISCLAIMERS.
11.1. Warranty.
(A) Invicti warrants that:
(i) it will not materially decrease the overall security of the Invicti Solution;
(ii) it will not materially decrease the overall functionality of the Invicti Solution;
(iii) the Invicti Solution will perform substantially in conformance with the Documentation;
(iv) it will maintain all necessary licenses, consents, and permissions for performance of its obligations under the Agreement; and
(v) it uses commercially reasonable efforts consistent with industry standards to regularly scan for and remove any “Malware” from the Cloud Service, and that the Software shall be free from Malware at the time of delivery to Customer. “Malware” means software programs designed to damage or do other unwanted actions on a computer system, including viruses, worms, Trojan Horses, and spyware.
(B) This warranty is null and void to the extent the Invicti Solution: (i) fails to conform with this warranty as a result of its use with any third-party hardware or software other than as authorized by Invicti in the Documentation; (ii) is used other than in accordance with its published Documentation; or (iii) is used in breach of the Agreement. If the Invicti Solution does not conform with the warranty in sections 11.1(A)(i)-(iv), then Customer’s sole remedy, and Invicti’s entire liability will be to correct the non-conformance promptly.
(C) Uptime SLA. Invicti warrants that it will maintain the availability of the Cloud Service as provided in the Uptime SLA.
11.2. Warranty Disclaimer. INVICTI DISCLAIMS ALL WARRANTIES AND CONDITIONS NOT EXPRESSLY PROVIDED HEREIN, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THE INVICTI SOLUTION IS PROVIDED “AS IS” AND MAY NOT BE ERROR-FREE, UNINTERRUPTED OR CONFORM WITH CUSTOMER SPECIFICATIONS. INVICTI MAKES NO WARRANTY AGAINST FALSE POSITIVES, THAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED BY USE OF THE INVICTI SOLUTION.
12. INDEMNIFICATION.
12.1. By Invicti. Subject to sections 12.1(A) and 12.3, Invicti will, at its cost and expense: (i) defend any unaffiliated third-party claim against Customer to the extent such claim alleges that the Invicti Solution infringes the Intellectual Property Rights of such third party; and (ii) indemnify Customer from settlement costs or any damages finally awarded to such third party (including reasonable legal and professional fees and expenses) by a court of competent jurisdiction as a result of such claim.
(A) Remedy. If such a claim occurs, or in Invicti’s opinion appears reasonably likely to occur, then Invicti may at its expense and in its sole discretion: (i) modify the Invicti Solution to become non-infringing; (ii) procure the necessary rights to allow Customer to continue using the Invicti Solution; (iii) replace the Invicti Solution with a functional equivalent; or (iv) if neither (i) through (iii) are commercially practicable, terminate the Invicti Solution and refund any prepaid and unused fees.
(B) Exclusions. Invicti has no obligation for any claim to the extent arising from or related to: (i) Invicti’s compliance with Customer’s specifications; (ii) a combination of the Invicti Solution with other technology or aspects where the infringement would not occur but for the combination; (iii) Content; or (iv) use of the Invicti Solution in combination with hardware, software, or other technology, products, or services not provided by or authorized by Invicti in the Documentation.
12.2. By Customer. Subject to section 12.3, Customer will, at its cost and expense: (i) defend any unaffiliated third-party claim against Invicti to the extent such claim alleges (a) that Customer initiated one or more scans of an Application or Target (as the case may be) that is not owned or managed by Customer or its Affiliate, and (b) that any part of the Content has been provided unlawfully or infringes or violates a third party’s Intellectual Property Rights; and (ii) indemnify Invicti from settlement costs or any damages finally awarded to such third party (including reasonable legal and professional fees and expenses) by a court of competent jurisdiction as a result of such claim.
12.3. Process. If the indemnified party receives notice of a claim that is covered by this section 12, the indemnified party shall give the indemnifying party prompt written notice thereof, provided that failure to give prompt notice shall not relive a party of its obligations under this section unless such failure materially prejudices the claim. The indemnifying party shall be allowed to solely conduct the defense of the matter, including choosing legal counsel to defend the claim, provided that the choice is reasonable and is communicated to the indemnified party in advance. The indemnified party shall comply with the indemnifying party’s reasonable requests for assistance and cooperation in the defense of the claim. The indemnifying party may not settle the claim without the indemnified party’s consent, which may not be unreasonably withheld, delayed, or conditioned.
12.4. THIS SECTION CONTAINS CUSTOMER’S EXCLUSIVE REMEDIES AND INVICTI’S SOLE LIABILITY FOR THE INFRINGEMENT CLAIMS IDENTIFIED IN THIS SECTION.
13. LIMITATION ON DAMAGES.
13.1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL INVICTI OR ITS LICENSORS BE LIABLE FOR ANY LOST PROFITS OR BUSINESS OPPORTUNITIES, LOSS OF USE, LOSS OF REVENUE, LOSS OF GOODWILL, BUSINESS INTERRUPTION, LOSS OF DATA, OR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES UNDER ANY THEORY OF LIABILITY.
13.2. EXCEPT FOR EITHER PARTY’S (I) INDEMNITY OBLIGATIONS, (II) CUSTOMER’S BREACH OF INVICTI’S PROPRIETARY RIGHTS OR SECTION 7, AND (III) AS OTHERWISE EXCLUDED UNDER SECTION 13.3, EACH PARTY’S (AND ITS RESPECTIVE AGENTS’, AFFILIATES’, LICENSORS’, AND SUPPLIERS’) TOTAL AGGREGATE LIABILITY UNDER AN APPLICABLE ORDER FORM WILL NOT, IN ANY EVENT, UNDER ANY THEORY OF LAW, EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER FOR THE INVICTI SOLUTION IN THE 12 MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.
13.3. WITH RESPECT TO INVICTI’S BREACH OF SECTION 10 AND A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS, EACH PARTY’S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THREE TIMES THE FEES PAID OR PAYABLE BY CUSTOMER UNDER THE APPLICABLE ORDER FORM FOR THE INVICTI SOLUTION IN THE 12 MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.
14. OPEN SOURCE SOFTWARE. The Invicti Solution incorporates and consists of third-party Open Source Software that Customer may use under the terms and conditions of the specific license under which the Open Source Software is distributed. Invicti represents and warrants that: (a) inclusion of Open Source Software in the Invicti Solution will not prevent Customer from exercising the license rights granted to Customer herein or limit Customer’s ability to use the Invicti Solution in accordance with the Documentation; and (b) Customer’s use of Open Source Software governed under any restrictive copyleft terms shall not prohibit Customer’s use of or any result generated from the Invicti Solution or require the disclosure, licensing, or assignment of Customer’s proprietary or third-party licensed software. Title to Open Source Software remains with the applicable licensors. Except as otherwise provided in this section, Invicti disclaims all representations, warranties, conditions, and liability arising from Open Source Software.
15. THIRD PARTY INTEGRATIONS. The Invicti Solution may, in certain cases, allow the Customer to connect to or otherwise interact with one or more third-party service providers for purposes permitted by the Invicti Solution. Because Invicti does not control such third-party service providers, access to any such third-parties through the Invicti Solution may be implemented, suspended or terminated by Invicti from time to time in its sole discretion, including as may be necessary for security or maintenance purposes or as required by the Documentation or applicable law. It is the Customer’s sole responsibility to enter into and maintain any agreement between the Customer and any such third party for the provision of their services to the Customer, and Invicti is not hereby made a party to such agreement. To the extent that the Customer, its Affiliates, representatives or Users use the Invicti Solution to transmit any Customer owned Content to or from any such third party, the Customer directs and authorizes Invicti to provide or receive, respectively, such Customer owned Content to or from such third party. To the extent the Customer, its Affiliates, representatives or Users the Invicti Solution to connect or otherwise interact with any such third party, or have identified or designated any such third party as the Customer’s third-party service provider, the Customer authorizes Invicti to allow such third party to access Customer owned Content as necessary for Invicti to provide the Invicti Solution to the Customer. The Customer acknowledges and agrees that such third parties are not agents of Invicti, that Invicti is not responsible for their services, compliance, accuracy, actions or omissions or for their maintenance or treatment of Customer owned Content, that Invicti will not be liable for and specifically disclaim liability for any damage or loss caused thereby, that access to such third party via the Invicti Solution does not imply any endorsement by Invicti, and that any Customer owned Content submitted to such third parties via the Invicti Solution will be governed by the Customer’s agreement (if any) with such third party. Invicti shall not be responsible for any disclosure, modification or deletion of Customer owned Content resulting from access by such third party.
16. GOVERNMENT LICENSES. For purposes of sales to government entities in the United States, the Invicti Solution and the accompanying Documentation are deemed to be “commercial computer software” and “commercial computer software documentation”, respectively, pursuant to DFARS Section 227.7202 and FAR Section 12.212(b), as applicable. Any use, modification, reproduction, release, performing, displaying, or disclosure of the Invicti Solution or the accompanying Documentation by or for the U.S. Government will be governed solely by the terms and conditions of the Agreement, in conjunction with statutes, regulations, and the terms of the GSA Schedule, if applicable.
17. EXPORT COMPLIANCE AND ANTI-CORRUPTION. The Invicti Solution and any other technology Invicti makes available, and derivatives thereof, may be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government or other applicable jurisdiction denied-party list. Customer shall not permit Users to access or use any Invicti Solution in a U.S. or other applicable jurisdiction embargoed country or in violation of any U.S. or other applicable export law or regulation. Customer has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Invicti’s employees, agents, or a third party in connection with the Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will use reasonable efforts to promptly notify Invicti’s legal department at legal@invicti.com. Customer’s failure to comply with any term of this section will constitute a material breach of the Agreement and will entitle Invicti to suspend all products and services provided under the Agreement and immediately terminate the Agreement upon notice, in addition to any other remedy available at law or equity.
18. INVICTI SOLUTION LIFECYCLE.
18.1. Invicti has no obligation to provide Support for any version of the Invicti Solution other than the most current and previous minor release (“Current Version”). Invicti shall have no liability for damages resulting from or in connection with Customer’s failure to install and/or use a Current Version. Invicti shall have no obligation to provide Support for a version of the Invicti Solution other than the Current Version (“Non-Current Version”), and may, in its sole and exclusive discretion, discontinue Support for, discontinue sales of and/or retire a Non-Current Version (“End of Life”). Invicti shall publicly post (on its website) a notice of End of Life, including, where relevant, the last date of general commercial availability of the affected version of the Invicti Solution and the timeline for discontinuing Support.
18.2. Due to operation of law, regulation, or to comply with reasonable security standards (e.g., patching a known vulnerability) Invicti may, on rare occasions, require Customer to update to the most current version of the Invicti Solution (“Emergency Update”). Invicti will clearly communicate the need for such Emergency Update. Invicti shall have no liability for damages resulting from or in connection with Customer’s failure to implement an Emergency Update.
19. MISCELLANEOUS.
19.1. Publicity. Customer agrees that Invicti may publicly disclose that it is providing the Invicti Solution to Customer and may use Customer’s name and logo to identify Customer in promotional materials, including press releases, provided that Invicti does not state or imply that Customer endorses the Invicti Solution.
19.2. Feedback. To the extent Customer or any User provides suggestions or feedback to Invicti regarding the functioning, features, or other characteristics of the Invicti Solution, Documentation, or other materials or services provided or made available by Invicti (“Feedback”), such Feedback and any rights therein shall vest in and be considered the exclusive property of Invicti, and may be used and exploited by Invicti in any manner whatsoever without any obligation of payment to Customer or restriction of any kind, provided that any such Feedback may not include a reference to Customer or its Affiliates. Notwithstanding the above, in the event that, in spite of the foregoing, the Feedback is deemed to remain with the Customer, Customer hereby grants Invicti a perpetual, irrevocable, non-exclusive, royalty-free, fully-paid, fully-transferable, worldwide license (with rights to sublicense through multiple tiers of sublicensees) to Invicti to use and exploit such Feedback in any manner for the purpose of improving and continuing the development of the Invicti Solution.
19.3. Entire Agreements and Modifications. This Agreement, including the Order Forms and all documents attached hereto or incorporated herein by reference, constitutes the entire agreement between the parties and supersedes any prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. No modification of any term of the Agreement is effective unless set forth in writing and signed by both parties.
19.4. Order of Precedence. Any ambiguity, conflict, or inconsistency between documents comprising the Agreement shall be resolved in the following order of precedence: (i) Order Form; (ii) any document or URL incorporated into the Order Form; and (iii) the SSA (including attached and/or URL incorporated documents).
19.5. Irreparable Harm. Any breach by a party to the Agreement, , any unauthorized disclosure of Confidential Information, or any violation of the other party’s Intellectual Property Rights could cause irreparable injury or harm to the other party. The other party may seek a court order to stop any breach or avoid any future breach of the Agreement.
19.6. Assignment. The Agreement may not be assigned by a party without the prior written approval of the other party, such approval not to be unreasonably withheld, except in connection with: (i) a merger, consolidation, or similar transaction involving (directly or indirectly) a party; (ii) a sale or other disposition of all or substantially all of the assets of a party; or (iii) any other form of combination or reorganization involving (directly or indirectly) such party. Any purported assignment in violation of this section shall be null and void and have no effect.
19.7. Force Majeure. A party is not liable under the Agreement for non-performance of its obligations caused by events or conditions beyond that party’s control if that party makes reasonable efforts to perform (“Force Majeure Event”), provided however that, without prejudice to the provisions of this section, when the Force Majeure Event ceases, or otherwise as soon as feasible thereafter, the party or parties affected shall re-commence performance of their obligations under this Agreement. In the event that the Force Majeure Event persists beyond thirty (30) calendar days or a continuation of the obligations hereunder otherwise no longer remains possible, the parties shall, in the first instance, endeavor to reach a mutually satisfactory workaround. Where such workaround is not possible or is not achieved within a further fifteen (15) calendar days, either party may terminate this agreement, and in any such case: (i) Invicti will refund to Customer the pro-rata amount of any prepaid but unused fees; and (ii) all amounts due to Invicti by the Customer until the effective termination date shall be paid in full.
19.8. Relationship of the Parties. Each party is an independent contractor of the other under the Agreement, and nothing in the Agreement shall be construed to create a partnership, joint venture, agency relationship, fiduciary relationship, or any other arrangement related to sharing of profits and losses. Each party is responsible for its own expenses in meeting its obligations under the Agreement. Each party agrees that it has the full power and authority to enter into the Agreement and to carry out the actions contemplated herein.
19.9. Notices. Except for operational notices which may be sent by email to the party’s administrative contact, any notice, report, approval, authorization, agreement, or consent required or permitted hereunder will be in writing as follows: notices will be sent to the address that the applicable party has or may provide by written notice or, if there is no such address, the most recent address the party giving notice can locate using reasonable efforts. A copy of any notices sent to Invicti should also be sent to legal@invicti.com. Notices are deemed received as of the time posted or delivered, or if that time does not fall within a Business Day, as of the beginning of the first Business Day following the time posted or delivered. For purposes of counting days for notice periods, the Business Day on which the notice is deemed received counts as the first day. Notices shall be given in English.
19.10. Waiver and Enforceability. No failure or delay in exercising any right hereunder will operate as a waiver thereof, nor will any partial exercise of any right or power hereunder preclude further exercise. If any provision will be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the Agreement will otherwise remain in full force and effect and enforceable.
19.11. Governing Law. The Agreement will be deemed to have been made in, and will be construed pursuant to: (i) if Customer is located in the Americas, the laws of the state of Texas without regard to conflicts of law provisions and without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transactions Act; (ii) if Customer is located outside of the Americas, the laws of Malta without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transactions Act. Customers located in the Americas hereby consent to the jurisdiction of the courts of both the state and/or federal courts of Texas, and Customers located outside of the Americas hereby consent to the jurisdiction of the courts of Malta. The prevailing party in any action to enforce the Agreement will be entitled to recover its attorney’s fees and costs in connection with such action.
19.12. Translations Other Than English. The English language version of this Agreement and any documents exchanged pursuant to this Agreement shall be controlling in all respects. Any translations of this Agreement into a language other than English shall have no legal effect and are for the convenience of the parties only.
Schedule 1: Definitions
“Affiliates” means, with respect to a party at a given time, an entity that then is directly or indirectly controlled by, is under common control with, or controls that party, and here “control” means an ownership, voting, or similar interest representing 50% or more of the total interests then outstanding of that entity. Where applicable or appropriate, references to Customer or Invicti shall include their respective Affiliates.
“Agreement” means the applicable Order Form and this SSA (including any terms incorporated by reference in the SSA) which govern the provision of the Invicti Solution and Support provided to Customer or the Customer’s Affiliate.
“Application” means a collection of components, including Development Environments and/or Development Resources, which is assigned to be scanned by the Invicti Solution for vulnerabilities, trends, or performance metrics. An Application may contain one (1) or many Targets.
“AUP“ means Invicti’s Acceptable Use Policy (presently found at the following URL: https://www.invicti.com/legal/aup) as may be periodically updated by Invicti.
“Beta Terms“ means Invicti’s Beta Terms (presently found at the following URL: https://www.invicti.com/legal/betaterms/) as may be periodically updated by Invicti.
“Business Days” means Monday through Friday, excluding public holidays in the country whose laws govern the Agreement.
“Cloud Service” means the Invicti proprietary software as a service provided for use over the internet and any and all modified, updated, or enhanced versions thereof that Invicti may provide to Customer or its Users.
“Customer” means the entity utilizing the Invicti Solution and on behalf of which this SSA is agreed.
“Content” means data gathered through use of the Invicti Solution or provided for use with the Invicti Solution, wheresoever stored.
“Development Environment” means the URLs for development, pre-production, and production environments or environments of similar designation in which a website, web application, server, network device, or API run.
“Development Resource” means repositories, projects, and other assets related to the operation and maintenance of the Application.
“Documentation” means the operating instructions, user manuals, Invicti-provided product specifications, “read-me” files, and other documentation that Invicti makes available to Customer in hard copy or electronic form for the Invicti Solution, including any modified, updated, or enhanced versions of such documentation.
“Fair Use” means the reasonable and intended use of the Invicti Solution in accordance with the Usage Parameters, without imposing an excessive strain on the Invicti Solution or Invicti’s systems, circumventing licensing restrictions or disrupting the intended functionality of the Invicti Solution.
“Intellectual Property Rights” means all intellectual property rights, including copyrights, trademarks, service marks, trade secrets, patents, patent applications, moral rights, and all other proprietary rights, whether registered or unregistered.
“Invicti” means the Invicti entity identified on an Order Form, or if none is identified: (i) if Customer’s primary billing address is located in the United States, Latin America, or Canada (“North America”), Invicti Security Corp., a Florida corporation with principal place of business at 1000 N. Lamar Blvd., Ste. 300, Austin, TX 78703; or (ii) if Customer’s primary billing address is located outside of North America, Invicti Security Ltd., a limited liability company registered in Malta with principal place of business at Mirabilis Building, Triq L – Intornjatur, Mriehel, CBD 3050, Malta.
“Invicti Solution” means Invicti’s proprietary programs made available to Customer as the Software or Cloud Service, including without limitation its features, functions, user interface, and related Support services (each as defined below), as specified on an Order Form.
“Open Source Software” means computer software for which the source code is freely available according to the specific license under which that software is distributed.
“Order Form” means an order form or other ordering document entered into between Customer and Invicti or an Invicti Affiliate for Customer’s purchase of the Invicti Solution or other services from Invicti.
“Software” means the Invicti proprietary software provided in executable code form and any and all modified, updated, or enhanced versions thereof that Invicti may provide to Customer or its Users.
“Subscription” means a subscription license purchased by Customer to install or access online, and use the Invicti Solution and to receive Support during the applicable Subscription Term.
“Subscription Term” means the contract term for Customer’s access and use of the Invicti Solution as set forth on the applicable Order Form.
“Support” means the standard maintenance or support services provided by Invicti for the Invicti Solution (presently found at the following URL: https://www.invicti.com/legal/standard-support), as may be periodically updated by Invicti or such upgraded support offering purchased by Customer pursuant to an Order Form.
“Target” means a single, unique website, web application, server, network device, API, repository, project,
or other microservice or asset running in a specified Development Environment or Development Resource.
“Target Environment” means the environment in which an application or API runs, whether a development environment, testing environment, production environment, or environment of similar designation.
“Uptime SLA” means the uptime service level agreement applicable to the Cloud Service (presently found at the following URL: https://www.invicti.com/legal/sla), as may be periodically updated by Invicti.
“Usage Parameters” means any and all parameters specified in the Documentation, Order Form, or other writing by Invicti regarding the scope of use of the Invicti Solution by Customer or its Users.
“User(s)” means Customer’s employees, contractors, or agents (including those of Customer’s Affiliates) who are authorized by the Customer to use the Invicti Solution.
Last modified May 15, 2025.