Last updated March 25, 2021.



1.          Definitions.


“Administrator(s)” means a person designated by Customer to have an Account with the authority to utilize the Administrative

Console to create and manage Accounts associated with Customer.

“Account(s)” means the number of User account(s) specified in the applicable Order Form and created by a User for itself or on behalf of Customer (including accounts created by or for its Administrators) within the Cloud Service.

“Administrative Console” means the functionality for managing User access, security and other administrative functionality for

Accounts associated with the Cloud Service provided to Customer.

Authorized Reseller” shall mean any authorized reseller of Cloud Services who validly sells Customer a subscription to the Cloud

Services subject to the terms and conditions of this Agreement.

“CipherCloud IP” means all CipherCloud proprietary materials, including without limitation CipherCloud’s Confidential Information, the Software, Deliverables, any hardware and/or software used by CipherCloud in performing Professional Services, CipherCloud’s processes and methods, and any CipherCloud templates and/or forms, including report and presentation templates and forms.

Cloud Services” means the online, web-based applications and platform which is made accessible to Customer by CipherCloud via a designated website, which includes the associated offline Software components to be used in connection with such services as updated from time-to-time by CipherCloud in its sole discretion.

Confidential Information” means the non-public information that is exchanged between the parties, provided that such information is: (i) identified as confidential at the time of disclosure by the disclosing party (“Discloser”); or (ii) disclosed under circumstances that would indicate to a reasonable person that the information should be treated as confidential by the party receiving such information (“Recipient”). The terms and conditions of this Agreement, the nature of the discussions and the relationship between the parties, and the terms of any commercial transaction between the parties shall be considered Confidential Information.

Customer Data” shall mean data, information, applications, and any other items originated by Customer that Customer submits to the Cloud Service.

“Customer-Owned Property” means any technology, software, algorithms, formulas, techniques or know-how and other tangible and intangible items that were owned by Customer, or developed by or for Customer prior to the SOW effective date that are pr ovided by Customer to CipherCloud for use in connection with the development of the Deliverables or performance of Profes sional Services. Customer-Owned Property shall not be included in the Deliverables, unless necessary to perform the Professional Services.

Deliverables” means the materials that are created specifically for Customer as a result of the Professional Services provided hereunder, and that are identified as deliverables in a SOW.

Documentation” means the written and/or electronic end user documentation pertaining to the use of the Cloud Services that is made available by CipherCloud for Customer together with access to the Cloud Services.

Effective Date” means the date of the transmission to Customer of its access credentials.

Evaluation Period” shall be thirty (30) days from the date of the transmission to Customer of its access credentials.

“Open Source License Terms” means license terms and conditions for the Open Source Software that:  (i) create, or purport to

create, obligations of the user with respect to the user’s proprietary software programs or any derivative work thereof; or ( ii) grant, or

purport to grant, to any third party any rights to or immunities under the user’s intellectual property or proprietary rights in the use r’s

software programs or any derivative work thereof.

“Order Form” means the Order Form (including attachments thereto) which are provided by CipherCloud to Customer pursuant to this Agreement and executed by the parties, as such schedule may be amended in writing from time to time by the parties.

“Privacy Policy” means the then-current CipherCloud privacy policy found at which identifies how CipherCloud collects, uses and discloses, on a limited basis, information of Users.

Software” means CipherCloud’s proprietary software that allows a User to use certain functionality in connection with features of the Cloud Service that is provided by CipherCloud either for installation on a Customer’s or a User’s device or that is otherwise accessed by Users from the Customer’s or User’s software, hardware or other devices. The Software shall be governed by the terms of the applicable license agreement.

SOW” means a statement of work for Professional Services.

“Subscription Period” means the time commencing on the Order Form Effective Date and continuing for the period specified in the applicable Order Form.

“Support Services” has the meaning set forth in Exhibit A.

“Third Party Software” means any software licensed by CipherCloud from third parties incorporated into the Software, excluding

Open Source Software.

“User(s)” means, collectively, any person who is permitted by Customer or an Administrator to access, store, retrieve or manage

Customer Data in any Account.


2.          Cloud Services.


2.1         Provision of Cloud Service; Access Right. Subject to Customer’s payment of the applicable fees, during the applicable subscription, CipherCloud will provide Customer with the Cloud Service described on one or more Order Form. CipherCloud will host the Cloud Service and may update the content, functionality, and user interface of the Cloud Service from time to time. Unless otherwise specified in the applicable Order Form, the Cloud Services are purchased on a subscription basis. Customer has a non- exclusive, non-sublicenseable, nontransferable right to access and use the Cloud Service and display the CipherCloud IP during the applicable subscription, solely for Customer’s internal business purposes. CipherCloud reserves all rights not expressly granted hereunder.

2.2         Access and License Restrictions. Within thirty (30) days following the commencement of the Cloud Service, Customer agrees  to  add  CipherCloud  registered  emails  and  any  other  CipherCloud  specified  Cloud  Service  related  email  domain(s) to Customer’s whitelist, in order to facilitate the transmission and receipt of Cloud Service-related emails. Customer will not: (i) sublicense, sell, transfer, assign, distribute or otherwise commercially exploit the Cloud Service or CipherCloud IP; (ii) modify or create derivative works based on the Cloud Service or CipherCloud IP; (iii) create Internet “links” to the Cloud Service or “frame” or “mirror” any content provided in connection therewith; or (iv) reverse engineer, or copy, or otherwise access the Cloud Service or CipherCloud IP in order to build a product using features, functions or graphics similar to the Cloud Service or CipherCloud IP, (v) copy any features, functions, or graphics of the Cloud Service or CipherCloud IP; (vi) allow User subscriptions to be shared or used by more than one individual User (except that User subscriptions may be reassigned to new Users replacing individuals who have terminated employment or otherwise changed job status or function and no longer need to use the Cloud Services for the purposes described in Section 2.1; (vii) use the Cloud Service to: (a) send unsolicited or unlawful messages; (b) send or store infringing, obscene, threatening, harmful, libelous, or otherwise unlawful material, including material harmful to children or vio lative of privacy rights; (c) send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, or agents; (d) interfere with or disrupt the integrity or performance of the Cloud Service or the data contained therein; or (e) attempt to gain unauthorized access to the Cloud Service or its related systems or networks or (viii) provide or disclose to, or permit use of the Cloud Service or CipherCloud IP by, persons other than Users.

2.3         Security/Data Integrity. During the  subscription, CipherCloud will  maintain reasonable administrative, physical,  and technical safeguards designed for the protection, confidentiality, and integrity of Customer Data (at least as rigorous as th e safeguards CipherCloud employs to protect its own data). In the event of a breach of this provision, as Customer’s sole and exclusive remedy, CipherCloud will use commercially reasonable efforts to restore Customer’s Data as quickly as possible. To protect the privac y of any Customer Data that may have been provided, CipherCloud employs industry-standard controls including physical access controls, encryption, internet firewalls, intrusion detection, and network monitoring. In addition, access to confidential information is limited to those individuals and agents having a need to know. Upon request, CipherCloud will provide additional information regarding

CipherCloud’s data security policies and procedures.

2.4         Customer Data Storage Location. The Cloud Service is provided from the United States and Customer Data is stored in the United States. CipherCloud reserves the right to provide the Cloud Service from outside the United States and to store Customer Data outside the United States. CipherCloud will use commercially reasonable efforts to provide Customer with at least 30 days’ notice of any such changes in the Customer Data storage location. Notwithstanding the foregoing, Customer understands that nothing herein prohibits: (i) a User from accessing the Cloud Service, including Customer Data, outside of the United States (subject to applicable law); and (ii) processing of other information outside of the United States.

2.5         Responsibilities. Each party will abide by all applicable laws and regulations in connection with use of the Cloud Service. Customer will be responsible for any and all access to and use of the Cloud Service by any actual or purported User. Customer will be responsible and liable for the acts and omissions of all Users in connection with this Agreement (such that any act or omission committed by a User that would, if committed by Customer as a party to this Agreement, would be deemed a breach of this Agreement, will be deemed a breach hereof, regardless of whether or not a User is a signatory to this Agreement). Customer acknowledges that Customer’s access information, including User IDs, passwords and devices of its Users, will be Customer’s “key” to the Cloud Service and, accordingly, Customer will be responsible for maintaining the confidentiality of such access information (including each User ID and password). Customer will promptly: (i) notify CipherCloud of any unauthorized use of any password or Account or any other known or suspected security breach; (ii) report to CipherCloud and use reasonable efforts to s top any known or suspected copying or distribution of CipherCloud IP. Customer will not provide false identity information to gain unauthorized access to the Cloud Service. Each Account Administrator will have the ability to create additional Accounts and additional licenses. Customer’s designated Account Administrators are responsible for ensuring that Users are assigned the appropriate access level. Customer is responsible for deactivating an Account Administrator’s Account upon his or her termination of employment or service or as Customer deems appropriate.

2.6         Account Information and Data. As between CipherCloud and Customer, Customer owns all Customer Data. Customer acknowledges and agrees that anonymous data about Customers will be collected by CipherCloud through the Cloud Service for internal purposes to improve quality and performance and generate related reports. CipherCloud may use this data, anonymously, for benchmarking studies, and these benchmark studies may be made available by CipherCloud under separate terms. All data used in conducting benchmarking analysis will be in aggregate form only and will not contain Customer’s confidential information. Customer’s  identity  will  not  be  associated  with  data  made  available  to  third  parties  as  a  result  of  benchmarking  analysis. CipherCloud’s collection, use, and disclosure of anonymous or aggregated information are not subject to any of the restrictions in CipherCloud’s privacy policy. CipherCloud may archive Customer Data that is not in use at any time.

2.7         Non-CipherCloud Applications and Cloud Services. CipherCloud may make available to Customer’s Users certain third- party applications, services or products, which are licensed by their provider to Customer’s Users, for use in connection with the Cloud Service (“Third-party Products”). CipherCloud makes no warranties of any kind and assumes no liability whatsoever for Customer’s or User’s use of such Third-party Products.

2.8         Open Source Software.  Open Source Software is licensed to you under such Open Source Software’s own Open Source License Terms, which can be found in the Documentation.  Such Open Source License Terms are consistent with the license granted herein, and may contain additional rights benefiting you.  The Open Source License Terms shall take precedence over this Agreement to the extent that this Agreement imposes greater restrictions on you than the applicable Open Source License Terms.   You acknowledge that Software may be distributed alongside or contain or use certain Open Source Software or other Third Party Software that may be covered by the terms of a different license or agreement. “Open Source Software” means various open source software, including GPL software which is software licensed under the GNU General Public License as published by the Free Software Foundation, and components licensed under the terms of applicable open source license agreements included in the materials relating to such software.


3.          Beta and Evaluation Access.


3.1         Beta Software.   CipherCloud may periodically release new features ahead of its general availability for the purpose of receiving feedback from select customers. In the event Customer is accessing the Cloud Service in order to evaluate CipherCloud Beta Software, then CipherCloud hereby grants to Customer a personal, temporary, limited, nonexclusive, nonassignable, nonsublicensable license, for the applicable Evaluation Period, to access and use the Software hosted in the Cloud Service and any related Documentation, subject to the license restrictions, terms and conditions of this Agreement.

Customer may use and test the Beta Software during the Evaluation Period. Within ten (10) days of the end of the Evaluation Period, Customer shall report in writing to CipherCloud in reasonable detail: (i) all occurrences of errors, faults, and problems encountered (including the procedures and tests used to discover and diagnose such errors, faults, or problems) during the operation of the Beta Software; and (ii) observations on the operation of the Beta Software, its functionality, performance, deficiencies, and limitations, together with recommendations for enhancements to and modifications of the Beta Software.

The purpose of this Agreement is to solicit input and comments on the Beta Software and any input or comments provided are the sole property of CipherCloud. Any material, data, information, images, sounds, text, and other communications Customer transmits or posts to a CipherCloud website or provides to CipherCloud, shall   not be considered confidential (the “Communications”). CipherCloud and its designees shall be free to copy, modify, create derivative works, publicly display, disclose, distribute, license and sublicense through multiple tiers of distribution and licensees, incorporate, and otherwise use the Communications, including derivatives thereof, for any and all commercial or noncommercial purposes without obligation to Customer of any kind. Customer hereby assigns, and agrees to assign, all Communications to CipherCloud.

3.2         Evaluation.  In the event Customer is accessing the Cloud Services in order to evaluate the Software in a non-production environment, CipherCloud grants to Customer a personal, temporary, limited, nonexclusive, nonassignable, nonsublicensable license to access and use the Cloud Services during the Evaluation Period solely for the purpose of evaluating the suitability of the Cloud Services and Software for Customer’s production use subject to the license restrictions, terms and conditions of this Agreement.


4.          Intellectual Property Ownership. CipherCloud owns all right, title and interest, including related intellectual property rights, in and to the Cloud Service, CipherCloud IP, survey questions provided by CipherCloud, and any related suggestions, enhancement requests, and feedback. Subject to the terms and conditions of this Agreement (including Customer’s obligation to pay all fees hereunder when due), Customer agrees that the CipherCloud name and logo, and the Cloud Service-related product names are trademarks of CipherCloud or its licensors. Subject to the following, no license to such marks is granted.


5.          Support and Service Level Commitments.


5.1         Support Services. Subject to payment of the corresponding fees, CipherCloud will provide the Support Services specified in the applicable order and as further described in Exhibit A (Service Level Commitments and Support Services).

5.2         Service Level Commitments. The Service Level Commitments for the Cloud Service are as specified on Exhibit A, subject to the level subscribed to and paid for by the Customer under the applicable order. The sole and exclusive remedy for any breach of any Service Level Commitment is set forth in Exhibit A.

5.3         Neither the Support Services nor Service Level Commitments shall apply to Customer’s access and use of the Beta Software

or evaluation in a non-production environment.


6.          Professional Services.


6.1          Grant of License.  Subject to Customer’s timely payment of applicable fees and the terms of this Agreement, Customer shall have a perpetual, non-exclusive, nontransferable, right and license to (unless otherwise set forth in a SOW) use, display and reproduce the Deliverables solely for its internal business purposes. Deliverables shall not be shared with any third party.

6.2          Intellectual  Property  Rights.  Customer  acknowledges  that  CipherCloud  may  use  CipherCloud  IP  to  provide  the Professional Services, and that Customer may obtain access to certain CipherCloud IP as a result of CipherCloud’s performance of its obligations under this Agreement.   CipherCloud IP is and shall remain the sole and exclusive property of CipherCloud and CipherCloud shall retain all right, title and interest in and to the CipherCloud IP and all derivative works thereof.

6.3          Restrictions. Customer agrees not to reproduce or modify any portion of the CipherCloud IP, and will not disclose, sell, sublicense or otherwise transfer or make available all or any portion of the CipherCloud IP to any third party without the pr ior written consent of CipherCloud. Nothing contained in this Agreement shall directly or indirectly be construed to assign or grant to Customer any right, title or interest in or to the trademarks, copyrights, patents or trade secrets of CipherCloud or any ownership ri ghts in or to the CipherCloud IP.   Customer shall not cause or permit the reverse engineering, reverse assembly, or reverse compilation of, or otherwise attempt to derive source code from, the CipherCloud IP. Customer shall not create derivative works based upon all o r part of the CipherCloud IP.  Customer shall not resell, redistribute or make available Cip herCloud IP or the Professional Services to any third party, and shall not use the CipherCloud IP, Professional Services or the Deliverables to provide services to any third party.

6.4          Customer-Owned Property.  Customer will be and remain, at all times, the sole and exclusive owner of the Customer- Owned Property (including, without limitation, any modification, compilation, derivative work of, and all intellectual pro perty and proprietary rights contained in or pertaining thereto). Customer hereby grants to CipherCloud a perpetual, non-exclusive, nontransferable, right and license under Customer’s intellectual property rights in the Customer-Owned Property necessary for CipherCloud to use, make, copy, modify, and create derivative works of the Customer-Owned Property for the limited purpose of developing and testing the Deliverables. CipherCloud will promptly return to Customer all Customer-Owned Property upon the termination or expiration of this Agreement, or sooner at Customer’s request.

6.5         Customer Responsibilities.  In connection with each SOW, Customer acknowledges that Customer’s timely provision of (and   CipherCloud’s access to) Customer’s facilities, equipment, assistance, cooperation, data, information and materials from Customer’s officers, agents and employees (“Cooperation”) is essential to the performance of the   Professional Services, and that CipherCloud shall not be liable for any deficiency in performing the Professional Services if such deficiency results from Customer’s failure to provide full Cooperation as required hereunder. Cooperation includes, but it not limited to: (i) designating a project manager or technical lead to interface with CipherCloud during the course of the Professional Services; (ii) allocating and engaging additional resources as may be required to assist CipherCloud in performing the Professional Services; and (iii) making available to Cip herCloud any data, information and any other materials required by CipherCloud to perform the Support Services, including, but not limited to, any data, information or materials specifically identified in the SOW (collectively, “Customer Materials”).   Customer will be responsible for ensuring that all such Customer Materials are accurate and complete.

6.6         Competitive Materials.    This  Agreement shall  not  preclude  CipherCloud from  developing  materials  outside  of  this Agreement which are competitive, irrespective of their similarity, to materials which might be delivered to Customer pursuant to this Agreement.  Nothing in this Agreement shall be construed as precluding or limiting in any way the right of CipherCloud to provide consulting, development, or other services of any kind or nature whatsoever to any individual or entity as CipherCloud in its sole discretion deems appropriate.

6.7          Modified Orders.  Customer may from time to time desire to modify an SOW. In such case, CipherCloud will prepare an addendum to the SOW or prepare a new SOW which shall be signed by the parties and added to this Agreement.


7.          Fees and Payment.


7.1         Fees. Customer agrees to pay all fees set forth on all Order Forms under this Agreement. In the event that the parties mutually agree in writing to any extension of a Subscription Period or the provisioning of n upgrade, Customer will pay CipherCloud the then-current list price for such extension or upgrade, unless otherwise set forth in the applicable Order Form. Subject to any credits applicable  to  any  Service  Level  Commitments  hereunder,  if  any,  or  as  otherwise  set  forth  in  this  Agreement,  all  fees  are nonrefundable. Unless otherwise specified in an Order Form, all fees and other amounts are payable in United States Dollars.

7.2         Invoicing and Payment Terms. Unless otherwise specified in the applicable Order Form, Customer will pay all fees within thirty (30) days of the date of the applicable invoice issued by CipherCloud. In the event Customer disputes any invoiced fees, Customer will provide written notice of the disputed amount within fifteen (15) days after receiving such invoice and timely pay any undisputed portion of such invoice. The parties will cooperate in good faith to resolve any disputed invoice or portion thereof within fifteen (15) days of notice of dispute. All amounts payable by Customer under this Agreement will be made without setoff and without any deduction or withholding. Customer will promptly reimburse CipherCloud for any cost or expense incurred in connection with any collection efforts undertaken by CipherCloud in connection with any past due amount owed under this Agreement. Any payment not received from Customer by the due date may accrue (except for amounts then under reasonable and good faith dispute) inter est at the rate of one and one half percent (1.5%) of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid.

7.3         Taxes. Fees are exclusive of Taxes and, Customer will promptly pay or reimburse CipherCloud for all Taxes arising out of this Agreement. For purposes of this Agreement, “Taxes” means any sales, use and other taxes (other than taxes on CipherCloud’s income), export and import fees, customs duties and similar charges applicable to the transactions contemplated by this Agreement that are imposed by any government or other authority. If Customer is legally entitled to an exemption from the payment of any Taxes, Customer will promptly provide CipherCloud with legally sufficient tax exemption certificates for each taxing jurisdiction for which it claims exemption. Unless otherwise prohibited by law, CipherCloud will apply the benefits of any requested tax exemption to charges occurring under Customer’s Account after the date CipherCloud receives and reasonably processes such tax exemption certificates.

7.4         Professional Services.   Unless otherwise agreed in an Order Form, Customer agrees to pay CipherCloud’s then-current hourly rates for Professional Services. The Professional Services must be used within twelve (12) months of the Effective Date of the applicable SOW or they will be forfeited, notwithstanding any shorter period referenced in such SOW.  Unless otherwise specified in the SOW, CipherCloud shall invoice Customer for Professional Services set forth in any SOW on either: (i) a time and materials basis based on CipherCloud’s actual hours worked; or (ii) a fixed price as set forth in an applicable SOW. One day of Professional  Service equals eight (8) man hours. Each invoice shall indicate the nature of the work performed and any reasonable expenses incurred by CipherCloud with appropriate receipts and/or documentation, as well as the total amount due.  Customer shall reimburse CipherCloud for any and all expenses that fall within one or more of the expense categories set forth in a SOW so long as such expenses are attributable to Professional Services performed under this Agreement.

7.5         Purchases Through Authorized Resellers. The terms of this Agreement related to pricing, payment and taxes do not apply to any Customer orders placed through Authorized Resellers where Customer pays the applicable fees directly to such Authorized Reseller. Customer will establish such terms independently with the Authorized Reseller.


8.          Term and Termination.


8.1         Term of Agreement and Term of Order Form. This Agreement will commence on the Agreement Effective Date and will remain in effect for as long as there is an Order Form in effect, unless otherwise terminated as provided for in Section 8.3 herein below. Each Order Form placed under this Agreement will be in effect for a period of one (1) year from the Order Form Effective Date unless otherwise agreed in writing by the parties.

8.2         Order Form Renewal. Unless the Agreement is terminated as provided for herein, the Order Form(s) under this Agreement will automatically renew for the same period of time as the Subscription Period of the prior Order Form subject to payment of the corresponding fees, with either party having the ability to provide the other party with its intent not to renew the applicable Order Form(s) with at least thirty (30) days written notice prior to the end of the then-current Subscription Period of such Order Form(s).

8.3         Termination for Material Breach.  Either party may terminate this Agreement, any Order Form, or any SOW upon written notice of a material breach of the applicable Agreement, Order Form or SOW by the other party as provided below, subject to a thirty (30) day cure period (“Cure Period”).  If the breaching party has failed to cure the breach within the Cure Period after the receipt by the breaching party of written notice of such breach, the non-breaching party may give a second notice to the breaching party terminating the applicable Agreement, Order Form or SOW.  Termination of any particular Order Form or SO W under this Section will not be deemed a termination of this Agreement or any other Order Form or SOW, unless the notice of termination states th at this Agreement or another Order Form or SOW is also terminated.  Notwithstanding the foregoing, the Cure Period applicable to a breach by Customer of any payment obligations under this Agreement, any Order Form or any SOW will be fifteen (15) days.

8.4         Statements of Work.  The term of each SOW will be as set forth in that SOW. If no term is expressed in a SOW, then the term of that SOW will begin on the effective date of that SOW (as defined in the SOW) and continue until the Professional Ser vices described in that SOW are complete or the SOW is earlier terminated as set forth herein.

8.5         Termination for Bankruptcy or Insolvency.  If Customer: (i) terminates or suspends its business; (ii) becomes subject to any bankruptcy or insolvency proceedings under US federal or state statutes or any similar proceedings under the laws of other jurisdictions; (iii) becomes insolvent or subject to direct control by a trustee, receiver or similar authority; or (iv) dissolves or liquidates, voluntarily or otherwise, CipherCloud may terminate this Agreement, any Order Form, and/or any SOW upon fifteen (15) days’ written notice.

8.6         Effect of Termination.  Termination or expiration of this Agreement will not be deemed a termination or expiration of any Order Forms or SOWs in effect as of the date of termination or expiration, and this Agreement will continue to govern and be effective as to those outstanding Order Forms and SOWs until those Order Forms and SOWs have expired or terminated by their own terms or as set forth herein.  When this Agreement and all Order Forms and SOWs have terminated or expired, then within thirty (30) days after the date when this Agreement and all Order Forms and SOWs have expired, each party will return to the other party or destroy all of such other party’s Confidential Information, at such other party’s discretion, and upon request provide such other party with an officer’s certificate attesting to such return and/or destruction, as appropriate.   Any unbilled amounts, including, but not limited to delayed invoicing, will continue to be due and payable as set forth herein.  Customer’s access to the Cloud Services will immediately terminate.

8.7         Survival of Terms.  Those provisions which by their nature are intended to survive the termination of this Agreement shall survive.

8.8         Post-Termination Obligations. Upon the termination or expiration of this Agreement for any reason Customer will have no further rights to the Cloud Service hereunder except as set forth in this Section 8.8. For thirty (30) days following the expiration or the termination of the Agreement and/or applicable Subscription Period, and subject to Customer’s prior written request, CipherCloud will grant Customer’s Administrator limited access to the Cloud Service solely for purposes of Customer’s retrieval of the Customer Data. After such thirty (30) day period, Customer will have no further rights to access the Cloud Service and CipherCloud will have no obligation to maintain the Customer Data.

8.9         Suspension of Cloud Service. CipherCloud may at any time suspend any User’s access and use of the Cloud Service and/or remove or disable any Customer Data as to which CipherCloud reasonably and in good faith believes is in violation of this Agreement. CipherCloud agrees to provide Customer with notice of any such suspension or disablement before its implementation unless such suspension or disablement is necessary to comply with legal process, regulation, order or prevent imminent harm to the Cloud Service or any third party, in which case CipherCloud will notify Customer to the extent allowed by applicable law of such suspension or disablement as soon as reasonably practicable thereafter.


9.          Representations and Warranties.


9.1         Representations and Warranties. Each party represents and warrants that it has the power and authority to enter into this

Agreement. Customer represents and warrants that, to the best of Customer’s knowledge and belief: (i) Customer Data does not and will not violate the terms or conditions of this Agreement, applicable law, or any third party’s privacy rights; and (ii) any and all contact information that it provides to CipherCloud, including email addresses sent to or via the Cloud Service, will not include any inaccurate information. CipherCloud warrants that the Cloud Service, when used in accordance with the instructions in the Documentation, will materially conform to the description in the Documentation. Customer will have thirty (30) days following the initial provision of any Cloud Service to notify CipherCloud of a breach of the foregoing warranty, in which event, CipherCloud’s entire liability and Customer’s sole and exclusive remedy will before CipherCloud’s to   reperform, modify, or replace the Cloud Service so that it so conforms to such warranty. Any remedy provided by CipherCloud will not extend the original warranty period. CipherCloud will have no obligation under this Agreement to correct, and CipherCloud makes no warranty with respect to, errors caused by or relating to: (a) use of the Cloud Service in a manner inconsistent with the Documentation or this Agreement; or (b) third party hardware or software misuse, modification, or malfunction.



10.        Indemnification. CipherCloud will indemnify and hold Customer harmless from and against any and all third-party claims, costs, damages, losses, liabilities and expenses (including attorneys’ fees and costs) to the extent arising out of or in connection with: (a) a claim alleging that the Cloud Service directly infringes or misappropriates a copyright, trademark, or trade secret of a third party; or (b) a claim arising from breach of this Agreement by CipherCloud. CipherCloud will have no indemnification obligation, and Customer will indemnify CipherCloud pursuant to this Agreement, for claims arising from any infringement or misappropriation to the extent arising from: (i) Customer’s or any User’s use of the Cloud Service other than as permitted under this Agreement; (ii) the combination of the Cloud Service with any Customer Owned Property or any other Customer-supplied or utilized products, services, hardware, data, content, or business process(s); provided however, that for purposes of clarification, populating the Cloud Service with Customer Data will not be deemed a combination that terminates CipherCloud’s indemnity obligation; or (iii) from the modification of the Cloud Service or any CipherCloud IP by any party other than CipherCloud or CipherCloud’s agents. The foregoing is CipherCloud’s sole and exclusive obligation for infringement claims. Customer will indemnify and hold CipherCloud harmless from and against any and all third party claims, costs, damages, losses, liabilities and expenses (including attorneys’ fees and costs) to the extent arising out of or in connection with: (A) a claim alleging that use of the Customer Materials infringe a copyright, trademark, or trade secret, privacy, or publicity rights of a third party; (B) a claim arising from the breach of this Agreement by Customer or Customer’s Users. Each party’s indemnification obligations are conditioned on the indemnified party: (1) promptly giving written notice of the claim to the indemnifying party; (2) giving the indemnifying party sole control of the defense and settlement of the claim (provided that the indemnifying party may not settle any claim unless the settlement unconditionally releases the indemnified party of all liability for the claim); (3) providing to the indemnifying party all available information and assistance in connection with the claim, at the indemnifying party’s request and expense; and (4) not compromising or settling such claim. The indemnified party may participate in the defense of the claim, at the indemnified party’s sole expense (not subject to reimbursement).




12.        Confidentiality. Recipient  may  use  Discloser’s Confidential Information solely to  perform Recipient’s obligations or exercise its rights hereunder. Recipient may not disclose, or permit to be disclosed, Discloser’s Confidential Information to any third party without Discloser’s prior written consent, except that Recipient may disclose Discloser’s Confidential Information solely to Recipient’s employees and/or subcontractors who have a need to know and who are bound in writing to keep such information confidential pursuant to written agreements consistent with this Agreement. Recipient will exercise due care in protecting Discloser’s Confidential Information from unauthorized use and disclosure, and will not use less than the degree of care a reasonable person would use. The foregoing will not apply to any information that: (i) is in the public domain through no fault of Recipient; (ii) was properly known to Recipient, without restriction, prior to disclosure by Discloser; (iii) was properly disclosed to Recipient, wit hout restriction, by another person with the legal authority to do so; (iv) Recipient independently develops without use of Disclo ser’s Confidential Information; (v) is expressly permitted to be disclosed pursuant to the terms of this Agreement; or (iv) is required to be disclosed pursuant to a judicial or legislative order or proceeding; provided that Recipient provides to Discloser p rior notice of the intended disclosure and an opportunity to respond or object thereto. If Directive 95/46/EC applies to any Personal Data (as defined in such Directive) processed by CipherCloud hereunder, Customer represents and warrants that: (a) it has obtained or will obtain all consents necessary to transfer the Personal Data to CipherCloud, as a data processor, in the U.S.; (b) the transfer of Personal Data to the U.S. does not violate applicable law or Customer’s privacy policy; (c) any instructions given by Customer to CipherCloud for the processing of Personal Data do not violate applicable law or Customer’s privacy policy. Customer will be responsible for all inquiries and complaints regarding Personal Data from Data Subjects or Supervisory Authorities (as those defined by Directive 95/46/EC or applicable member state law implementing that Directive).


13.        Export Control. Customer represents and warrants that it shall comply with all laws and regulations applicable to Customer with respect to the license and use of the Software.  Customer further acknowledges and agrees that the Software licensed under this Agreement may be subject to restrictions and controls imposed by the United States Export Administration Act and the regulations thereunder. Customer agrees to comply with all applicable export and reexport control laws and regulations, including the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, trade and economic sanctions maintained by the Treasury Department’s Office of Foreign Assets Control, and the International Traffic in Arms Regulations (“ITAR”) maintained by the Department of State.  Specifically, Customer covenants that it shall not, directly or indirectly, sell, export, reexport, transfer, divert, or otherwise dispose of any Software or technology (including products derived from or based on such technology) recei ved from CipherCloud under this Agreement to any destination, entity, or person prohibited by the laws or regulations of the United States, without obtaining prior authorization from the competent government authorities as required by those laws and regula tions. These prohibitions include, but are not limited to the following:  (i) the Software cannot be exported or re -exported to any countries embargoes by the United States (currently including Cuba, Iran, North Korea, Sudan or Syria) which includes natio nals of these countries employed by Customer; (ii) the Software cannot be exported or re-exported for military use in country group ‘b’ prior to valid ‘export license’ or valid ‘license exception’; (iii) engineers cannot have access to CipherCloud’s proprietary encryption source code; and (iv) the Software cannot be used for any prohibited end uses including any ‘nuclear, biological or chemical weapon related activities’.  Customer agrees to notify CipherCloud of any suspicious activities by any employee related to the Software.  Customer agrees to indemnify, to the fullest extent permitted by law, CipherCloud from and against any fines or penalties that may arise as a result of Customer’s breach of this provision. This export control clause shall survive termination or cancellation of this Agreement.


14.        Anticorruption Laws.      Customer acknowledges that it is familiar with and understands the provisions of the U.S. Foreign Corrupt Practices Act (the “FCPA”) and the U.K. Bribery Act of 2010 (“UKBA”) and agrees to comply with its terms as well as any provisions of local law or CipherCloud’s corporate policies and procedures related thereto. Customer further understands the provisions relating to the FCPA and UKBA’s prohibitions regarding the payment or giving of anything of value, including but not limited to payments, gifts, travel, entertainment and meals, either directly or indirectly, to an official of a foreign government or political party for the purpose of influencing an act or decision in his or her official capacity or inducing the official to use his or her party’s influence with that government, to obtain or retain business involving the Cloud Services. Customer agrees to not violate or knowingly let anyone violate the FCPA or UKBA, and Customer agrees that no payment it makes will constitute a bribe, influence payment, kickback, rebate, or other payment that violates the FCPA, the UKBA, or any other applicable anticorruption or antibribery law.


15.        U.S. Government Restricted Rights.          The  Software  and  Documentation  are  “commercial  items”,  “commercial computer software” and “commercial computer software documentation,” respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable.  Any use, modification, reproduction, release, performance, display or disclosure of the Software and Documentation by the United States Government shall be governed solely by the terms of this Agreement and shall be prohibited except to the extent expressly permitted by the terms of this Agreement. The Software was developed fully at private expense.


16.        General.


16.1       Independent Contractors. The parties are and at all times shall be and remain independent contractors as to each other, and at no time shall either party be deemed to be the agent or employee of the other.  No joint venture, partnership, agency, or other relationship shall be created or implied as a result of this Agreement. Furthermore, neither party shall have the authority to, and shall not purport to, enter into any contract or commitment on behalf of the other party.

16.2       Governing LawThis Agreement, and any and all actions arising from or in any manner affecting the interpretation of this

Agreement, shall be governed by, and construed solely in accordance with, the laws of the State of California, without giving effect to any conflicts of laws principles that would require the application of the laws of a different jurisdiction.  The parties consent to the exclusive jurisdiction and venue of the federal and state courts located in Santa Clara County, California for any action permitted under this Section, challenge to this Section, or judgment upon the award entered.  The United Nations Convention on Contracts for the International Sale of Goods and Uniform Computer Information Transactions Act (UCITA), or any similar federal laws or regulations enacted, to the extent allowed by law shall not apply to this Agreement.

16.3       ComplianceThe parties shall comply with all provisions of any applicable laws, regulations, rules, or orders relating to the rights granted herein and to the testing, production, transport, export, re-export, packaging, labeling, distribution, sale or other use of the Software, Cloud Services, Support Services, Professional Services or as otherwise applicable to a party’s activities hereunder.

16.4       Assignment. Customer may not assign this Agreement (whether expressly, by implication, or b y operation of law, including in connection with any merger or sale of assets or business), or delegate its performance under this Agreement (either in whole or in part), to any third party without obtaining CipherCloud’s prior written consent. CipherCloud may assign this Agreement or any rights granted herein. Any purported transfer, assignment, or delegation in violation of this Section shall be null and void when attempted and of no force or effect.  Subject to the foregoing, this Agreement shall bind and inure to the benefit of the successors and permitted assigns of CipherCloud and Customer.

16.5       Notices. All notices required to be sent hereunder shall be in writing, addressed to receiving party’s current business contact, if known, with a cc: to the Legal Department of the receiving party, and sent to the party’s address as listed in this Agreement, or as updated by either party by written notice.  Notices shall be effective upon receipt and shall be deemed to be received as follows: (i) if personally delivered by courier, when delivered; or (ii) if mailed by first class mail, or the local equivalent, on the fifth busi ness day after posting with the proper address.

16.6       Waivers; AmendmentNo waiver of any terms or conditions of this Agreement shall be valid or binding on a party unless such party makes the waiver in hardcopy writing signed by an authorized representative of that party.  The failure of one party to enforce any of the provisions of this Agreement, or the failure to require at any time the performance of the other party of any of the provisions of this Agreement, shall in no way be construed to be a present or future waiver of such provisions, nor in any way affect the ability of a party to enforce each and every provision thereafter.  This Agreement may not be altered, amended, modified, or otherwise changed in any way except by a hardcopy written instrument signed by the authorized representatives of each party.

16.7       Severability. If any provision of this Agreement is found or held to be invalid or unenforceable by any tribunal of competent jurisdiction, then the meaning of such provision shall be construed, to the extent feasible, so as to render the provision enforceable, and if no feasible interpretation would save such provision, it shall be severed from the remainder of this Agreement, which shall remain in full force and effect.

16.8       Force Majeure.   Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to unforeseen events, which occur after the signing of this Agreement and which are beyond the reasonable control of the parties, such as strikes, blockade, war, terrorism, riots, natural disasters, refusal of license by the government or other governmental agencies, in so far as such an event prevents or delays the affected party from fulfilling its obligations and such party is not able to prevent or remove the force majeure at reasonable cost.

16.9      Headings; Language.  All headings used herein are for convenience of reference only and will they in any way affect the interpretation hereof. The English language version of this Agreement controls.  This Agreement, and any associated documentation, shall be written and signed in English.

16.10     Entire AgreementThis Agreement (including any software license agreements, exhibits, accepted purchase orders and any amendments hereto) contains the entire agreement of the parties with respect to the subject matter of this Agreement and supersedes all previous or contemporaneous communications, representations, proposals, commitments, understandings and agreements, whether written or oral, between the parties regarding the subject matter hereof.   CipherCloud does not accept, expressly or impliedly and CipherCloud hereby rejects and deems deleted any additional or different terms or conditions that Customer presents, including, but not limited to, any terms or conditions contained or referenced in any order, acceptance, acknowledgement, or other document, or established by trade usage or prior course of dealing.

16.11     Third Party Rights.  Other than as expressly set out in this Agreement, this Agreement does not create any rights for any person who is not a party to it and no person who is not a party to this Agreement may enforce any of its terms or rely on any exclusion or limitation contained in it.

16.12     Retention and Audits.  Customer will maintain complete and accurate records of its access and use of the Cloud Services provided under this Agreement for a period of 7 years after the completion of these Cloud Services or delivery and/or performance of

any Deliverables. Records relating to the performance of this Agreement including but not limited to the Export and the Anti­ Corruption sections will be made available to CipherCloud upon reasonable notice.




Commencing on the Order Form Effective Date, CipherCloud will provide to Customer the Service Level Commitments and Support Services defined herein and as otherwise may be specified in the Order. In the event of a conflict between the terms of the Agreement, this Exhibit A, and an Order, the terms of this Exhibit A shall prevail.


1.          Definitions.  Unless otherwise defined herein, capitalized terms used in this Schedule shall have the same meaning as set forth in an Order Form or the Agreement.


1.1         “Business Day” means Monday through Friday, other than any CipherCloud holiday.

1.2         “Email Support” means technical email assistance provided by CipherCloud Technical Support Engineer to Customer’s technical support contact 24 hours a day 7 days a week for Level One support and reporting Severity Level 3 or 4 Errors.  The contact address for Email Support is:

1.3         “Error” means any occurrence which causes the Cloud Services not to operate in material conformance with the applicable

Documentation with the Severity Levels as provided herein.

1.4         Incident Report” means the submission made by Customer to CipherCloud for the reporting of an Error. Each Incide nt Report includes the following information: (i) authorized Customer support contacts; (ii) Customer’s designated Severity Leve l; (iii) Error description and any error messages; and (iv) problem frequency and procedures to reproduce.

1.5         “Level One” support means: (i) providing general product information, assisting with  configuration; (ii) resolving known issues documented in CipherCloud’s public knowledge database and Documentation; and (iii) collecting all relevant technical problem identification information, and answering all Customer usage questions.

1.6         “Level Two” support means: (i) completing error isolation, error replication, and identifying defects in product specifications

(iii) documenting errors; (iv) defining action plans; and (v) analyzing logs and traces.

1.7         “Level Three” support means: (i) diagnosing complex issues that are not already known to CipherCloud; (ii) correcting

Errors and bugs; maintaining software; and providing support that requires knowledge of the source code via phone or internet.

1.8         Revision” means any Update or Upgrade to the Cloud Services that CipherCloud makes generally available.

1.9         “Severity Level” means the four (4) levels or Error severity as defined in Section 3 herein.

1.10       “Support Incident” means a request for assistance to resolve a question, or problem being reported.

1.11       “Support Site” means the link for the support web interface that can be located at the

1.12       “Telephone Support” means technical support telephone assistance provided by CipherCloud Technical Support Engineer to Customer’s technical support contact for Level One support and reporting Errors of any Severity Level.  The contact number for Telephone Support is: +1 (408) 520-1275.


2.          Support Service Tiers.


2.1         Premium. Premium Support Services shall include:

  • Access to and delivery of CipherCloud Support Services 24 hours a day 7 days a week until Error is resolved.
  • Unlimited number of Incident Report submissions.
  • Customer portal access for additional Error reporting and follow up of any Severity Level.

2.2         Standard. Standard Support Services shall include:

  • Access to and delivery of CipherCloud Support Services from 7 AM to 5 PM PST until Error is resolved.
  • Unlimited number of Incident Report submissions.
  • Customer portal access for additional Error reporting and follow up of any Severity Level.


3.          Severity Levels.  Incident Reports for all Severity Level 1 and 2 Errors must be reported by phone. Incident Reports for Severity Level 3 and 4 Errors may be reported by phone or by email or via Customer Portal. CipherCloud will exercise commercially reasonable efforts to correct any Error submitted by Customer in an Incident Report in accordance with the followi ng Severity Level definitions:







An  Error  causing  a  critical

business impact to Customer due to a complete loss of service in a production environment.

1 Business


4 hours

CipherCloud   will   commit   Level

Two/Three resources to resolve. Customer shall commit the full-time resources during the hours of coverage to resolve the Error.


An  Error  causing  a  serious

business impact to Customer due to a significant loss of service in a production environment.

2 Business


24 hours

CipherCloud   will   commit   Level

Two/Three resources to resolve. Customer  shall  commit  the necessary  resources  during  the hours of coverage to resolve the Error.


An   Error   causing  a   minor

business impact to Customer due to a minor loss of service in a production environment.

4 Business


2 Business


CipherCloud   will   commit   Level

One (and Level Two/Three as determined by CipherCloud) resources to resolve.


An   Error   causing   no,   or

insignificant,  work impediment to Customer, such as information request or report.




5 Business


CipherCloud   will   commit   Level

One resources to resolve.


4.          Customer Obligation.   To enable identification and correction of Errors, Customer is required to assist CipherCloud technical support staff until the Error is resolved. Required Customer activities may include, but are not limi ted to, the following: (i) logging into Customer’s instance for diagnosis of problems; (ii) downloading and installing of Revisions.

 5.         Escalation. Customer shall follow CipherCloud’s escalation process and procedures (“Escalation” or “Escalated”).  When Escalation for an issue with resolving an Error is reported by Customer, the following procedures shall apply:

5.1         Status Updates. Each Customer support contact shall establish a schedule of follow-up, status updated communications with their CipherCloud counterpart that shall ensure timely exchange of information.

5.2         Monitor Phase.  The purpose of the monitor phase is to evaluate the Customer’s environment over some period of time to verify that the Escalation has been resolved. Both parties shall co-ordinate monitoring activities and mutually agree to close the monitor phase when it is clear the problem requiring Escalation is resolved.

5.3         Closing Escalation.  When both parties agree that the issue necessitating Escalation is resolved, the Escalation is closed. Each designated contact shall exchange final reports with their counterpart summarizing the Custo mer issues, actions taken, results of those actions, likelihood of issue recurrence, and recommended future actions.


6.          Service  Availability.    CipherCloud’s  Service  Availability  commitment  for  a  given  calendar  month  is  99%  Service

Availability is calculated per month as follows:

(Total – Unplanned Outage – Planned Maintenance/Total – Planned Maintenance) * 100 >/ 99% 


  • Total is the total minutes in the month
  • Unplanned Outage is total minutes unavailable in the month outside of the Planned Maintenance window
  • Planned Maintenance is total minutes of planned maintenance in the month.
  • An Unplanned Outage occurs only if it affects the data protection and remediation features of the Cloud Service.

6.1          CipherCloud Planned Maintenance. Periodically, CipherCloud will need to perform planned maintenance that will require the Cloud Service to be taken down for up to 60 minutes (which time shall not be considered an Unplanned Outage). Specific information and timelines for Service Updates will be published by CipherCloud.

6.2          CipherCloud Feature  Releases.  Periodically, CipherCioud introduces new features in Cloud with enhanced functionality. Features and functionality will be made available as part of a major feature release (“Feature Release”) or as part of regular planned maintenance. Feature Releases may take up to twelve (12) hours to update and will require the Cloud Service to be taken down for some or all of that time (which time shall not be considered an Unplanned Outage). Specific information and timelines for Feature Releases will be published by CipherCioud.


7.           Data  Retention.  Except as set forth in Section 8.8 of the Agreement, CipherCioud will maintain the Customer Data for twelve (12)  months after submission by  Customer, respectively, for access by  Customer. Thereafter, CipherCioud, in  its sole discretion, may continue to maintain or archive or delete the Customer Data.

(Rev March 2021_LO)