This Agreement includes the Overview above
  • General Terms and Conditions
  • Definitions
  • Portal Terms and Conditions
  • Data Protection Addendum, as applicable
  • Credential Monitoring Service Terms and Conditions
  • Phishing Service Terms and Conditions
  • All Order Forms

Exhibit A: General Terms and Conditions

1.Definitions

Capitalized terms defined either in Exhibit A, or in the context in which they first appear in the Agreement (including the Order Form and Service Exhibits), will have the indicated meaning throughout the Agreement and all attached documents. Unless otherwise indicated, all Section references in the Agreement are to sections in these General Terms and Conditions.

2. Subscription Term & Termination

2.1 Initial Term + Renewals

Unless earlier terminated in accordance with this Section 2, the term of this Agreement shall:

  • Commence on the Effective Date and continue for the Initial Term.
  • thereafter, automatically renew for successive one year periods, unless either party provides written notice of non-renewal no less than thirty (30) days prior to the end of the then-current term. The Initial Term and any and all renewals thereof are collectively referred to in this Agreement as the “Term”.
2.2 Termination

Either party may terminate this Agreement in the event that the other party fails to cure a material breach within thirty (30) days after receipt of written notice thereof. In the event either party becomes liquidated, dissolved, bankrupt or insolvent, whether voluntarily or involuntarily, or shall take any action so declared, the other party shall have the right to terminate this Agreement immediately. Except as set forth in Sections 2, 3 (solely with respect to fees and expenses arising before termination, and hourly fees and expenses described on the applicable Order Form) and 4 – 10, which shall survive termination, upon termination of this Agreement, all rights and duties of the parties under this Agreement shall expire.

3.Fees and Payments

3.1 Fees

In addition to any consulting, training or other fees or expenses described on the applicable Order Form, Client shall pay to Vendor the Services fees described on the applicable Order Form. Fees designated for payment on an “Annual” basis are due and payable in advance, on the Effective Date; fees designated for payment on a “Monthly” basis are due and payable monthly, in advance. Vendor shall endeavor to invoice CLIENT on or prior to commencement of each renewal term, if any. Fees and expenses for renewal terms, if any, will automatically be set at Vendor’s then-current rates for the applicable Services and other services. Fees shall be payable in immediately available funds, in U.S. dollars. Payment shall be made without any right of set-off or deduction. Fees paid are non-refundable. Client shall promptly notify Vendor in the event that any factor relevant to fees changes, such as by exceeding a number of employees relevant to a fee.

3.2 Late Payments

Any payment not made when due shall accrue late payment fees at the rate of 1.5% per month or the highest amount allowable by law, whichever is lower, such interest to accrue on a daily basis after as well as before any judgment relating to collection of the amount due. Late fees shall not constitute an election of, or Vendor’s exclusive, remedy. Failure to pay fees when due shall entitle Vendor to terminate this Agreement upon notice to Client pursuant to Section 2. Client agrees to pay any and all legal fees, collection fees and other expenses incurred by Vendor to enforce this Agreement or otherwise due to Client’s failure to pay any amounts due or otherwise comply with the Agreement.

3.3 Taxes

All fees are exclusive of local, state, federal and international sales, value added, excise, withholding and other taxes and duties of any kind. CLIENT shall be responsible for, and agrees to pay in advance (or reimburse Vendor for amounts paid), any and all taxes and duties arising out of or in connection with this Agreement, other than taxes levied or imposed based upon Vendor’s net income.

3.4 Payments by ACH or Credit Card

If Client has provided Vendor with, and Vendor then accepts payments via, ACH debit, credit card or other method, and has provided applicable billing information, Client:

  • Authorizes Vendor to automatically charge all fees incurred via such method in accordance with the Agreement, including during automatic renewal periods.
  • agrees to provide Vendor with accurate and complete billing information including full name, street address, city, state, zip code, telephone number, and a valid payment method. Should automatic billing fail, Client shall promptly provide Vendor with updated or corrected information for the failed payment method, or provide for payment via an alternative payment method acceptable to Vendor.

4.Proprietary Rights; Feedback

All title, ownership, and intellectual property rights in and to the Services and Portal and any other materials used in connection with this Agreement and any Data created as part of this Agreement (including any changes thereto made at the suggestion of Client) and any related documentation, including any copyrights, patents, trade secrets, computer code, programs, inventions, discoveries, know-how, methods, processes, designs, algorithms, formulae, patterns, and compilations (“Proprietary Information”) are owned by Vendor and its licensors, and nothing in this Agreement should be construed as transferring any aspects of such rights to Client, any Authorized Third Party, or any other third party. Vendor reserves any and all rights not expressly granted herein. Client agrees that:

  • The content of all oral and written comments or reports provided to Vendor as feedback, including corrections, ideas and concepts, is the property of Vendor.
  • Client shall, and hereby does, assign any copyright and other such rights therein to Vendor, without any accounting or payment to Client.
  • Vendor may use the feedback in any way that it desires in its sole discretion.

5.Authority; Acknowledgments; Covenants

5.1 Authority

Client represents, warrants and covenants to Vendor that:

  • Client or an Authorized Third Party owns or lawfully controls, or otherwise holds a current and lawful right or license to possess, access and use, all Designated Resources provided to Vendor in connection with the Services.
  • Client has and will maintain the full right and power to enter into and perform this Agreement (including the right to provide Vendor with Designated Resources and permission to provide Services with respect to those Designated Resources) without the further consent of any Authorized Third party or any other third party.
  • Neither Client’s entry into this Agreement nor Client’s or Vendor’s performance hereunder will conflict with any right of privacy or any other obligation which Client may have to any other party (including any employee, Authorized Third Party or any other third party), whether under contract, statute, regulation, tort or otherwise.
5.2 Acknowledgment

Client acknowledges and agrees that:

  • The Services are not intended to replace any active security measures that CLIENT or any Authorized Third Party may now or hereafter have in place, of any sort (whether physical, technical or procedural), such as filters, virus software, firewalls, surveillance or information security programs.
  • any and all Data is intended to be merely indicative of, but does not and cannot guarantee, CLIENT’s or any Authorized Third Party’s security posture at any given moment in time.
5.3 Covenants

Client covenants and agrees that:

  • Data shall be used by Client solely for Client’s or an applicable Authorized Third Party’s internal, lawful business purposes.
  • Client shall comply with all applicable federal, national, state, provincial or local laws, statutes, ordinances, rules, regulations, judgments, decrees, requirements, orders, procedures or public policy or any legislative, administrative, governmental or regulatory body, agency or other authority of any kind with respect to its performance hereunder, including the purchase and use of the Services and Data, and obtaining required written and enforceable consent from Authorized Third Parties.
  • Data shall not be resold or sublicensed, or shared with any other person or entity (except as necessary to alert law enforcement, applicable public authorities or affected Authorized Third Parties).
  • Client shall not use any Data to develop any products and/or services, or otherwise repurpose Data for any reason without the express written consent of Vendor, which consent shall be in the sole and absolute discretion of Vendor.
  • Data shall not be used as a factor in or for the purpose of establishing an individual’s eligibility for, or evaluating any individual with respect to
    • Credit or insurance to be used primarily for personal, family or household purposes
    • Employment, promotion, reassignment or retention as an employee
    • Any other purpose authorized under Section 604 of the Fair Credit Reporting Act, as applicable
  • Data shall not be used as a factor in or for the purpose of improving, or providing advice or assistance with regard to improving, any individual’s credit record, credit history, or credit rating. Notwithstanding subsection

Notwithstanding subsection 5.3(c), to the extent that the Services expressly permit Client to request Services in connection with Designated Resources that relate to an Authorized Third Party, Client may share applicable Data with the applicable Authorized Third Party (and no others), subject to the other limitations included in this Section 5.3. Client shall defend, indemnify and hold Vendor and its affiliates, and their respective directors, officers, employees, agents, representatives and contractors, harmless from any and all costs and expenses (including any third party claims and attorneys’ fees) arising out of, related to or resulting from (i) any actual or alleged breach of this Agreement, including violation of any representation, warranty or covenant in this Section 5, or (ii) any decision, action or omission of Client or any Authorized Third Party, including any that Client or any Authorized Third Party or other third party may make based on the Data or Services, and any use or handling of Services or Data.

6.Warranty; Disclaimers

6.1 Authority

To the Extent Permitted by Applicable Law, Vendor Makes No Representations or Warranties Whatsoever in Connection With the Services or Any Data Provided Under or in Connection With This Agreement, All of Which Are Provided on an “As Is” Basis. Without Limiting the Generality of the Foregoing:

  • Vendor Does Not Warrant Results or Warrant That Any Services or Data Will Be Free From Errors.
  • Vendor Expressly Disclaims, and Client Expressly Waives, All Warranties, Whether Express or Implied, Including Warranties of Merchantability, Fitness for a Particular Purpose, Non-infringement, System Integration, Accuracy of Informational Content, and Accuracy of the Methodology Used to Develop or Provide the Services or Any Data. Without Limiting the Generality of the Foregoing, Vendor Does Not Warrant Results or Warrant That Any Services or Data Will Be Free From Errors, Defects or Bugs, or That Such Will Not Interfere With or Disrupt Any of the Designated Resources or Any Other Client Security System, Network, Software or System. Client Acknowledges That the Services Are Intended to Supplement, Not to Replace or Act as a Substitute for, a Comprehensive Data Security Program, and That Vendor Does Not and Cannot Guarantee Clients or Any Authorized Third Party’s Security Posture at Any Given Moment in Time.
6.2 Vendor Does Not Assemble, Evaluate or Make the Services or Any Data Available for Use as a Factor in or for the Purpose of:
  • Establishing Any Individual’s Eligibility for, or Evaluating Any Individual With Respect to
    • Credit or Insurance to Be Used Primarily for Personal, Family or Household Purposes
    • Employment, Promotion, Reassignment or Retention as an Employee
    • Any Other Purpose Authorized Under Section 604 of the Fair Credit Reporting Act
  • Improving, or Providing Advice or Assistance With Regard to Improving, Any Individual’s Credit Record, Credit History, or Credit Rating.

7.Limitation of Liability

Notwithstanding Anything Else Herein or Otherwise, to the Extent Permitted by Applicable Law:

  • In No Event Shall Vendor’s Liability Arising Out of or Related to This Agreement, Whether in Contract, Tort or Under Any Other Theory of Liability in the Aggregate, Exceed the Total Amount Paid or Payable by Client to Vendor Pursuant to an Applicable Order Form in the Twelve Months Preceding the Incident Giving Rise to Liability.
  • Neither Vendor Nor Any of Its Affiliates or Their Respective Directors, Officers, Employees, Licensors, Contractors, Suppliers, Agents or Representatives, Shall Be Liable for Any Indirect, Special, Consequential or Other Damages, Including Any Lost Profit, Lost Data or Lost Savings Under Any Contract, Negligence, Strict Liability or Other Legal or Equitable Theory, Even if Vendor Has Been Advised of the Possibility of Such Damages, or for Any Other Claim by Client or for Any Third Party Claim. The Parties Agree That This Section 7 Represents a Reasonable Allocation of Risk and That Vendor Would Not Proceed in the Absence of Such Allocation.

8.Confidentiality

8.1 Generally

“Confidential Information” is any information disclosed by one party (the “Disclosing Party”) to the other (the “Receiving Party”) in connection with the Services, and clearly marked as confidential or identified in writing to the Receiving Party as confidential at the time of disclosure. Notwithstanding anything to the contrary in this Agreement, whether or not marked as confidential, the following shall be deemed Confidential Information of Vendor:

  • Any Sources or Data disclosed to CLIENT either verbally or in writing.
  • The financial terms of this Agreement.
  • The Portal Nothing in this Agreement shall be interpreted to compel Vendor to disclose any or all of the Sources.
8.2 Obligations

Each Receiving Party will:

  • Treat as confidential all Confidential Information of the Disclosing Party.
  • Not use such Confidential Information except as expressly set forth in this Agreement or otherwise authorized in writing.
  • Implement reasonable procedures to prohibit the unauthorized use, disclosure, duplication, misuse or removal of the Disclosing Party’s Confidential Information.
  • Not disclose such Confidential Information to any third party
    • Except as may be necessary and required in connection with the rights and obligations of such Party under this Agreement, and subject to confidentiality obligations at least as protective as those set forth herein.
    • Except as may be permitted by Section 5.3 in connection with a third party specified in a Service Exhibit. Without limiting the foregoing, each of the Parties will use at least the same procedures and degree of care which it uses to prevent the disclosure of its own confidential information of like importance to prevent the disclosure of Confidential Information disclosed to it by the other Party, but in no event less than reasonable care. Except as expressly authorized in this Agreement, neither party will copy Confidential Information of the other party without the Disclosing Party’s prior written consent.
8.3 Exclusions

Confidential Information will not include, or will cease to include, as applicable, Confidential Information that the Receiving Party can document:

  • Is or becomes generally available to the public through no improper action or inaction by the Receiving Party.
  • Was known by the Receiving Party or in the Receiving Party’s possession prior to receipt of the Disclosing Party’s Confidential Information as shown by the Receiving Party’s business records kept in the ordinary course.
  • Is disclosed with the prior written approval of the Disclosing Party.
  • Was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information and provided that the Receiving Party can demonstrate such independent development by documented evidence prepared contemporaneously with such independent development.
  • Becomes known to the Receiving Party from a source other than the Disclosing Party without breach of this Agreement by the Receiving Party and otherwise not in violation of the Disclosing Party’s rights.
  • Is disclosed pursuant to the order or requirement of a court, administrative agency, or other governmental body, provided that the Receiving Party provides prompt, advance written notice thereof to enable the Disclosing Party to seek a protective order or otherwise prevent such disclosure. In the event such a protective order is not obtained by the Disclosing Party, the Receiving Party will disclose only that portion of the Confidential Information which its legal counsel advises that it is legally required to disclose. Vendor may use Client’s name and logo in Vendor public Client listings and marketing materials, and issue press releases referencing Client’s name
8.4 Ownership; Destruction of Data

All Confidential Information shall:

  • Remain the property of the Disclosing Party.
  • Shall be destroyed by the Receiving Party within two weeks upon written request (except for Data delivered prior to termination, which Client may continue to use within the scope of Section 5.3).

9.Non-solicitation

Client agrees that it shall not, at any time during the term and for a period of 18 months after termination of this Agreement, whether for its own account or for the account of others, solicit for employment, hire or otherwise engage any of the employees or independent contractors of Vendor. Notwithstanding the foregoing, nothing in this Agreement shall prevent Client from hiring any person who responds to a general solicitation not personally directed to such person. In the event Client hires or engages an employee or contractor of Vendor in violation of this Section 9, Vendor shall be entitled to collect liquidated damages from Client to compensate Vendor for locating, recruiting, hiring and training a replacement person. Vendor’s liquidated damages shall be a sum equal to two times the gross annual compensation of the person Client wrongfully hired or engaged. Gross annual compensation means twelve times the subject employee or contractor’s last full month’s compensation from Vendor including bonuses and benefits. The parties agree and acknowledge that this amount is a reasonable, liquidated amount and not a penalty.

10.Miscellaneous

10.1 Interpretation

The headings used in this Agreement are for convenience only and shall in no case be considered in construing this Agreement. If any part of this Agreement is held by a court of competent jurisdiction to be illegal or unenforceable, the validity or enforceability of the remainder of this Agreement shall not be affected and such provision shall be deemed modified to the minimum extent necessary to make such provision consistent with applicable law and, in its modified form, such provision shall then be enforceable and enforced. Termination is not an exclusive remedy and all other remedies will be available whether or not termination occurs. Any use of the term “include” or “includes” or “including” shall mean “include without limitation,” “includes without limitation” and “including without limitation,” respectively.

10.2 Assignment

Subject to the following, all of the terms and conditions of this Agreement shall be binding upon, inure to the benefit of, and be enforceable by the respective successors and any permitted assigns of the parties. CLIENT shall not assign this Agreement or any of its rights or obligations hereunder (whether by operation of law or otherwise) without the prior written consent of Vendor. Any attempt by CLIENT to assign this Agreement without Vendor’s prior written consent shall be null and void. There are no intended third party beneficiaries of this Agreement.

10.3 No Waiver; Limitations

No failure or delay in exercising any right hereunder will operate as a waiver thereof, nor will any partial exercise of any right or power hereunder preclude further exercise. To the extent permitted by applicable law, no action, regardless of form, arising out of this Agreement may be brought by CLIENT more than one (1) year after the cause of action has accrued.

10.4 Governing Law
10.4.1 U.S., Canada, Caribbean and the Americas

If Client’s principal place of business is located in the United States, Canada, the Caribbean or anywhere else in North America, Central America or South America, this Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in all respects (without regard to any conflict of laws provisions) in accordance with the laws of the United States of America and the State of Maryland as such laws are applied to agreements entered into and to be performed entirely within the State of Maryland.

10.4.2 United Kingdom, Europe and Elsewhere

If Client’s principal place of business is located in the United Kingdom, Europe or anywhere other than North America or South America, this Agreement and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation shall be governed by and construed in all respects (without regard to any conflict of laws provisions) in accordance with the laws of England as such laws are applied to agreements entered into and to be performed entirely within England.

10.4.3 Provisions Applicable in all Countries

The terms of the United Nations Convention on the International Sale of Goods shall not apply to this Agreement. The parties hereby confirm that they have requested that this Agreement be drafted in English. Les parties contractantes confirment qu’elles ont exigé quele présent contrat et tousles documents associés soient redigés en anglais.

10.5 Dispute Resolution
10.5.1 Informal Resolution

Subject to Section 10.5.6, Vendor and Client agree to try for 60 days to resolve any dispute under or in connection with this Agreement (a “Dispute”) informally. If the parties cannot settle any Dispute during this time period, then subject to Section 10.5.6:

  • The parties agree to enter binding arbitration (as defined in this Section 10.5), and not to sue in court in front of a judge or jury.
  • If Client’s principal place of business is located in the United States, Canada, the Caribbean or anywhere else in North America, Central America or South America, the parties also agree that class action lawsuits, class-wide arbitrations, private attorney general actions, and any other proceeding where someone acts in a representative capacity are not allowed, nor is combining individual proceedings without the consent of all parties.
10.5.2 Service of Process and Notice of Dispute

To the fullest extent permitted by applicable law or by any rules of any applicable arbitrators, courts or other tribunals, both parties hereby designate each of their respective corporate officers (including the President, CEO, and other C-level executives or equivalents) as agents to receive service of process by delivery via a reputable overnight courier to the receiving party’s address on file with the government registry of that party’s jurisdiction of organization or formation. Each party hereby acknowledges and agrees that such service of process shall be adequate and sufficient as if it were made by formal service of process pursuant to applicable laws or rules. If Client wishes to raise a Dispute and Vendor’s customer service representatives cannot resolve it, a Notice of Dispute should be sent by postal mail to Vendor, ATTN: LEGAL DEPARTMENT which includes: Client’s name, address, how to contact Client, the problem Client wishes to raise, and Client’s preferred means of resolution. Vendor will do the same if Vendor has a dispute with the Client. After 60 days, subject to Section 10.5.6, Client or Vendor may start arbitration in accordance with Section 10.5.3 if the dispute is unresolved.

10.5.3 Exclusive Forum and Place of Arbitration
10.5.3.1 U.S., Canada, Caribbean and the Americas

If Client’s principal place of business is located in the United States, Canada, the Caribbean or anywhere else in North America, Central America or South America, and a Dispute was not resolved through the informal resolution process described above then, subject to Section 10.5.6:

  • Such Dispute shall be finally settled in accordance with the Commercial Arbitration Rules of the American Arbitration Association.
  • Any such arbitration shall be conducted in the English language in Anne Arundel County, Maryland by a sole arbitrator.
10.5.3.2 U.S., Canada, Caribbean and the Americas

If Client’s principal place of business is located in the United States, Canada, the Caribbean or anywhere else in North America, Central America or South America, and a Dispute was not resolved through the informal resolution process described above then, subject to Section 10.5.6:

  • Such Dispute shall be finally settled in accordance with the Commercial Arbitration Rules of the American Arbitration Association.
  • Any such arbitration shall be conducted in the English language in Anne Arundel County, Maryland by a sole arbitrator.
10.5.4 Appointment of Arbitrator

For the purposes of the arbitration, a single arbitrator shall be selected by the parties, in default of which the arbitrator shall be appointed in accordance with the applicable arbitration rules. The arbitrator elected by the parties must be a qualified attorney, solicitor or barrister with at least 10 years of post-qualification practice experience, and also have experience in the fields of software development and distribution and intellectual property disputes (together, the “Requirements”). In appointing an arbitrator, the arbitral tribunal must, as far as possible, have regard to the Requirements.

10.5.5 Limitations

To the extent permitted by applicable law, Client must commence arbitration of any Dispute within one year of the date on which the relevant cause of action accrued (or, if later, within one year of the date on which the innocent party ought reasonably to have become aware of such an accrual), otherwise it is permanently barred. The arbitrator shall be bound by the provisions of this Agreement and base the decision on applicable law and judicial precedent, shall include in such decision the findings of fact and conclusions of law upon which the decision is based, and shall not grant any remedy or relief that a court could not grant under applicable law. Except to the extent otherwise expressly provided in applicable arbitration rules, the arbitrator’s decision shall be final and binding upon the parties, and shall not be subject to appeal.

10.5.6 Enforcement; Equitable Relief; IP Disputes

Notwithstanding anything to the contrary in this Section 10.5:

  • Either party may enforce any judgment rendered by the arbitrator in any court of competent jurisdiction.
  • The arbitrator shall have the right to issue equitable relief, including preliminary injunctive relief.
  • Vendor shall be entitled to apply to any court of competent jurisdiction for any interim relief.
  • Vendor shall be entitled to bring, in any court of competent jurisdiction, at any time, any claim concerning or related to the enforcement or validity of any intellectual property rights (including, for the avoidance of doubt, any trade secrets or confidential information) of Vendor or licensors of Vendor (an “IP Dispute”).
  • Vendor shall be entitled, upon receipt of any request for arbitration from Client under this Section 10.5, to decline to submit to the jurisdiction of any arbitral tribunal insofar as the request for arbitration relates to any IP Dispute, in which case Client may bring the same IP Dispute in any court of competent jurisdiction.
10.5.7 Severability

If any provision of this Agreement (including Section 10.5) is found to be invalid, illegal or unenforceable, that provision will be severed but the rest of the applicable section and Agreement still applies and shall be enforced. This Agreement prevails to the extent that it conflicts with applicable arbitration rules.

10.5.8 Attorneys Fees

The rules of the applicable arbitral tribunal will govern payment of filing fees and the arbitrator’s fees and expenses, but the prevailing party shall be entitled to recover reasonable attorneys’ fees and costs.

10.6 Changes in Laws

Notwithstanding anything to the contrary in this Agreement, Vendor may limit or discontinue the provision of the Services to the extent:

  • Vendor or any vendor of Vendor is restricted by any rule, regulation, law or governmental entity.
  • Vendor or any vendor of Vendor has discontinued the collection of data
  • Vendor or any vendor of Vendor is prohibited from providing Services. In addition, Vendor may discontinue, upgrade or change the production, support, delivery and maintenance of any Services if Vendor develops an upgraded version or otherwise no longer generally provides such Services to its Client’s. In the event that Vendor materially modifies the content or scope of the Services provided to Client, the Parties shall renegotiate the fees in good faith according to the prevailing pricing models.
10.7 Consent and Notices

Unless otherwise expressly indicated, any consent or authorization required under this Agreement shall be at the sole discretion of the party from whom such consent is required. Notice shall be deemed to have been received by a party, and shall be effective on the day received. All breach-related and indemnification-related notices permitted or required under this Agreement shall be in writing and shall be delivered by recognized postal or courier services who provide delivery confirmation to the other party’s address set forth on the Initial Order Form, or such other address as the parties may subsequently provide in writing. All other notices may be sent by email with notice deemed given upon acknowledgement of receipt by a reply email.

10.8 Independent Contractors

The parties enter into this Agreement as, and shall remain, independent contractors with respect to one another. Nothing in this Agreement shall create a partnership, joint venture, agency, franchise, or employment relationship between the parties.

10.9 Force Majeure

Vendor shall not be liable to Client by reason of any failure in performance of this Agreement if the failure arises out of the unavailability of communications facilities or energy sources, acts of God, acts of Client, acts of governmental authority, fires, strikes, delays in transportation, riots, terrorism, war, cybersecurity incidents, or any other causes beyond the reasonable control of Vendor.

10.10 Entire Agreement

This Agreement, together with its exhibits and Order Forms, comprises the entire agreement between the parties regarding the subject matter hereof and supersedes and merges all prior and contemporaneous proposals, understandings and all other agreements, oral and written, between the parties relating to the subject matter of this Agreement. Vendor reserves the right, in its sole discretion, to change the General Terms and Conditions and/or any of the terms and conditions of any of the Services exhibits (“Updated Terms”) from time to time. Unless Vendor makes a change for legal or administrative reasons, Vendor will provide reasonable advance notice before the Updated Terms become effective. Client agrees that Vendor may notify Client of the Updated Terms by posting them on the Portal, and that Client’s use of the Service (including the Portal) after the effective date of the Updated Terms (or engaging in such other conduct as Vendor may reasonably specify) constitutes Client’s agreement to the Updated Terms. Client should review these Terms and Conditions and any Updated Terms before using the Services. The Updated Terms will be effective as of the time of posting, or such later date as may be specified in the Updated Terms, and will apply to Client’s use of the Services from that point forward. These Terms of Use will govern any disputes arising before the effective date of the Updated Terms. Except as otherwise expressly provided in this Section, this Agreement may be amended or modified only in a writing executed by both parties. All Client documents, whether signed or unsigned, including purchase orders, shall not be given any effect which is inconsistent with this Agreement unless this provision is separately and specifically referred to and waived by Vendor in a signed writing.

10.11 Forms of Consent

This Agreement and any amendments thereto may be executed in counterparts. The parties consent to the conduct of transactions and the execution of any amendments between them by electronic means or records, including by use of electronic signatures and facsimile copies of a party’s signature.

Exhibit B – Definitions

“Administrator User” means a designated employee of Client who has been provided with: (a) access to all relevant Data on the Portal, including captured password data for Authorized Domain Name Assets and Authorized Email Asset; and (b) the ability to configure the Portal within specifications.

“Authorized Domain Name Asset” means any email domain name (such as “@EndUserName.com” or “@EndUserBrand.org”) that is: (a) unique to Client or an Authorized Third Party; and (b) owned or controlled by Client or an Authorized Third Party, as designated by Client from time to time in accordance with Vendor’s then-current process.

“Authorized Email Asset” means any email address (such as “John.Doe@EndUserName.com” or “John.Doe@EndUserBrand.org”) that is: (a) unique to Client or an Authorized Third Party; and (b) owned or controlled by Client or an Authorized Third Party, as designated by Client from time to time in accordance with Vendor’s then-current process.

“Authorized IP Address” means any IP address for a system, network or device which Client or an Authorized Third Party owns, or to which Client or an Authorized Third Party has authorized access, as designated by Client from time to time in accordance with Vendor’s then-current process.

“Authorized Monitored Party” means: (a) any employee, contractor, Supplier or agent of Client, on whose behalf Client has obtained prior written permission, in compliance with applicable laws and this Agreement, to provide Vendor with Designated Resources for the purpose of enabling Vendor to provide Monitoring Services and Monitoring Report Data to the Client with respect to those Designated Resources, without the further consent of the applicable employee, contractor, Supplier or agent or any other third party; (b) any Customer, or any employee, contractor, Supplier or agent of Customer, on whose behalf Client or such Customer has obtained prior written permission, in compliance with applicable laws and this Agreement, to provide Vendor with Designated Resources for the purpose of enabling Vendor to provide Monitoring Services and Monitoring Report Data to the Client with respect to those Designated Resources, without the further consent of the applicable Customer, employee, contractor, Supplier or agent or any other third party; and (c) any Prospect.

“Authorized Phished Party” means: any Customer on whose behalf Client has obtained prior written permission, in compliance with applicable laws and this Agreement, to provide Vendor with Designated Phishing Resources for the purpose of enabling Vendor to provide Phishing Services and Phishing Report Data to the Client with respect to those Designated Phishing Resources, without the further consent of the applicable Customer, or any employee, agent or any other third party.

“Authorized Third Party” means any Authorized Monitored Party or Authorized Phished Party.
“Customer” means any current client or customer of Client with which Client has a current written agreement that protects the confidentiality, and limits the use, of the Services and Data in a manner consistent with, and no less protective than, this Agreement.

“Customer Prospect” means any bona fide and current prospective Customer of Client which has expressed a current interest in viewing masked password Data concerning such prospective customer, but which is not yet a Customer bound by a written contract with Client in accordance with the Agreement.

“Data” means any and all data, reports, analyses, or other information provided or made available to Client in connection with the Services, including Monitoring Report Data and Phishing Report Data.

“Designated Monitoring Resources” means Authorized Domain Name Assets, Authorized Email Assets, and Authorized IP Addresses, subject to limitations set forth on the applicable Order Form.

“Designated Phishing Resources” means: (a) any Designated Monitoring Resources; plus (b) the name of any individual that corresponds to an Authorized Email Asset (e.g., John Doe corresponds with John.Doe@EndUserName.com) for the applicable Customer.

“Designated Resources” means any Designated Monitoring Resources or Designated Phishing Resources.

“Effective Date” means the date indicated on the Initial Order Form.

“Enterprise Customer” means a Customer with more than 500 employees and/or Designated Monitoring Resources.

“Initial Order Form” means the initial Order Form.

“Initial Term” means the initial term of this Agreement, as designated on the Order Form.

“Monitoring Report Data” means any and all data relevant to Monitoring Services made available to Client on the Portal, including Hits and reports.

“Monitoring Services” means: (a) monitoring Sources in an effort to identify apparent references to Designated Monitoring Resources (each, a “Hit”) which suggest that one or more individuals, organizations or communities are targeting Designated Monitoring Resources and could pose a risk of disseminating or using Client’s sensitive and confidential information (or those of an Authorized Third Party) without authorization; and (b) making available to the Administrator User(s) and any Standard Users, in encrypted format on the Portal a daily report (delivered within a batched cycle at least once during any 24-hour time period) showing such Hits and such other information as appropriate for the applicable Service, User level and monitored entity. Client acknowledges that an ideal outcome for Client or an Authorized Third Party would be a series of reports showing no reported Hits.

“Client” means the single CLIENT entity (such as an LLC, corporation or organization) identified on the Initial Order Form, including internal divisions of that entity, but excluding any subsidiaries or other affiliates of the entity unless specifically identified on the Initial Order Form.

“Client Monitoring Service” means Monitoring Services with respect to the Designated Resources.

“Client Phishing Services” means Phishing Services with respect to Designated Phishing Resources.

“Order Form” means either the Initial Order Form, or a subsequent order form which: (a) describes Services which CLIENT has agreed to purchase in accordance with this Agreement; (b) includes pricing for such Services; and (c) has been signed, authenticated or consented to by the CLIENT in writing or electronically.

“Phishing” means the practice of sending one or more fraudulent or malicious emails or other communications (each, a “Phishing Communication”) intended to induce a person to: (a) reveal personal information (such as a user name/password combination, credit card number, or social security number); (b) download malware; and/or (c) follow a link to a malicious website.

“Phishing Landing Page” means a malicious website masquerading as an authentic website that is most often reached via a link within a Phishing Communication.

“Phishing Report Data” means any and all data relevant to Phishing Services made available to Client on the Portal, including reports and statistics.

“Phishing Services” means making the following available to Users solely for use in Simulated Phishing Campaigns processed on behalf of CLIENT or an applicable Customer: (a) Simulated Communication Templates and Simulated Landing Page Templates; (b) access to that portion of the Portal that enables a User to (i) name and choose a Simulated Communication Template and Simulated Landing Page Template for a particular Simulated Phishing Campaign, (ii) modify the content of such selected templates, (iii) schedule the delivery and duration of, a Simulated Phishing Campaign, (iv) upload the sending profile and target names and related Designated Phishing Resource indicators for a Simulated Phishing Campaign, and (v) launch and collect data from a Simulated Phishing Campaign; and (c) Phishing Report Data.

“Portal” means Vendor’s proprietary Services platform hosted by or on behalf of Vendor and made available for remote access by Users on behalf of Client in connection with Services purchased by Client.

“Prospect” means any Customer Prospect or Supplier Prospect.

“Services” means the services designated on an applicable Order Form and further described in Service Exhibits to the Agreement.

“Simulated Communication Template” means a prototype for a Simulated Phishing Communication made available via the Portal.

“Simulated Landing Page” means a web page that is intentionally similar to a Phishing Landing Page, but which: (a) is intended solely for use as part of a Simulated Phishing Campaign; and (b) does not collect or record any data, other than the fact that the user attempted to submit data of some kind.

“Simulated Landing Page Template” means a prototype for a Simulated Phishing Landing Page made available via the Portal.

“Simulated Phishing Campaign” means a test where one or more emails or other communications, intentionally similar to Phishing Communications, are sent by or on behalf of an organization to its own staff members in order to gauge their response to Phishing and similar email attacks, solely for educational and training purposes.

“Simulated Phishing Communication” means an email or other communication that is intentionally similar to a Phishing Communication, but which is intended solely for use as part of a Simulated Phishing Campaign.

“Sources” means selected chat rooms and other Internet sites monitored in connection with the Monitoring Services.

“Standard User” means a designated employee of Client who has been provided with access to all relevant Data on the Portal, excluding captured password data for Authorized Domain Name Assets.

“Supplier” means any current contractor, vendor, business partner, agent or affiliated agency of Client with which Client has a current written agreement that protects the confidentiality, and limits the use, of the Services and Data in a manner consistent with, and no less protective than, this Agreement.

“Supplier Prospect” means any bona fide and current prospective Supplier in which Client has expressed a current interest in viewing masked password Data concerning such prospective customer, but which is not yet a Supplier bound by a written contract with Client in accordance with the Agreement.

“Updated Terms” has the meaning provided in Section 10.

“User” means an Administrator User or a Standard User.

Exhibit C – Portal Terms and Conditions

C.1 Access to the Portal is subject to Vendor’s then-current Acceptable Use Policy.

C.2 Client may use the Portal solely as expressly permitted in this Agreement, and only Users shall be provided with personal access to the Portal, subject to password and two-factor authentication requirements. Without limiting the generality of the foregoing limitation or any of the other conditions or restrictions set forth in this Agreement, Client will not (and will not allow others to:

  • copy or modify the Portal
  • Reverse engineer, decompile, disassemble, derive the source code of, create derivative works from or otherwise exploit the Portal (except to the extent that such restriction is expressly prohibited by applicable law).
  • Lease, license, use, make available or distribute all or any part of the Portal to any third party.
  • Distribute, sell, rent, lend, pledge, lease, sublicense, or otherwise, directly or indirectly, transfer rights or charge others for use of or access to the Portal.
  • Use the Portal to operate in or as a time-sharing, outsourcing, service bureau, application service provider or managed service provider environment.
  • Permit third party access, or take actions which result in access, or attempts to access, the Portal from more than one computer at any one time per User.
  • Distribute or share any Portal user name or password with anyone.
  • Remove, modify or obscure any copyright, trademark or other proprietary rights notices which appear in or on the Portal or any report or other output generated thereby. Client is solely responsible for all equipment and other resources necessary to:
    • Connect and communicate with the Portal.
    • Receive two-factor authentication codes sent via text message or LAN phone call. Likewise, Client is solely responsible for any and all changes it may make to any content made available via the Portal.

C.3 Client shall:

  • Keep all User credentials (e.g., user names and passwords) confidential and not disclose any such credentials to any third party.
  • Immediately notify Vendor in writing upon
    • Discovery of the disclosure of any such credentials
    • Any termination of any employees or agents of Client with knowledge of any such credentials, so that such credentials can be changed.

C.4 To the extent any Authorized Third Party revokes, withdraws or otherwise terminates its consent to permit CLIENT to provide Vendor with Designated Resources for the purpose of enabling Vendor to provide Services and Data to the Client with respect to Designated Resources, CLIENT shall immediately:

  • Provide Vendor with written notice thereof
  • Remove all relevant Designated Resources from the Portal.

C.5 Vendor may use automated procedures and other means to detect violations of this Agreement, and may immediately disable and/or terminate offending Client’s. Vendor is not responsible for interruptions that may result from any such disabling or termination.

Exhibit D – Data Protection Addendum for Eu-based Client Customers

Notwithstanding anything to the contrary in this Data Protection Addendum (“DPA”) or elsewhere in the Agreement, this DPA is made a part of the Agreement solely to the extent that:

  • The Client, or any Customer, Supplier, or Prospect of such Client, is located in the EEA.
  • Such person is subject to Data Protection Laws (as defined below); and (c) the Services involve the collection or processing of the Personal Data (as defined below) of an individual located in the EEA.

Except as modified in this DPA, the terms and conditions of the Agreement shall remain in full force and effect. If there is any conflict between this DPA and the Agreement regarding Vendor’s privacy or security obligations, the provisions of this DPA shall control. Except where the context requires otherwise, reference in this DPA to the Agreement are to the Agreement as amended by, and including, this DPA.

To the extent this DPA applies, in consideration of the mutual obligations set out in this DPA, Vendor and Client agree that this DPA is entered into and becomes a binding part of the Agreement as of the Effective Date and throughout the Initial Term and any renewals of the Agreement.

D.1 Purpose: The purpose of this DPA is to ensure compliance with Data Protection Laws concerning the processing of Personal Data on behalf of End-Users located in European Union (“EU”) Member States or members of the European Economic Area (“EEA”) and incorporates the terms of the EU Standard Contractual Clauses (“SCCs”). “Data Protection Law” means, where applicable, the European General Data Protection Regulation (EU 2016/679) (“GDPR”), including applicable laws implementing or supplementing the GDPR and as transposed into domestic legislation of Member States, as amended, replaced or superseded from time to time (including applicable legislation in the United Kingdom that arises from its withdrawal from the EU or EEA). The terms Processor, Controller, processing (and process), personal data breach, data protection impact assessment and Personal Data shall have the meanings set out in Data Protection Laws. The term “Personal Data” includes: first and last name, email address, telephone number, mailing address, and other information necessary to identify an individual for purposes of assisting Vendor with providing Services.

D.2 Context and Scope of Personal Data Processing: In order to provide CLIENT with Services as ordered from time to time pursuant to an Order Form, it is necessary for Vendor to collect Personal Data of an employee or other representative of an CLIENT (each, an “CLIENT Representative”) in order to interact with CLIENT to provide access to and facilitate use of the Services, Sources, and Portal. CLIENT Representative(s) provides their Personal Data directly to CLIENT as the designated point of contact between CLIENT and Vendor and through whom CLIENT will engage and communicate with Vendor to fulfill the requirements of the Terms & Conditions and communicate regarding the Services, Sources, and any additional services outside the scope of the Services (such as with respect to consulting, training, or engineering), as may be requested from time to time by CLIENT in writing. Additionally, CLIENT Representative’s or other User’s Personal Data, or other information as necessary, may be used in order to assist with any requests regarding use and proper operation of the Services, Sources, and Portal. Vendor may only process this Personal Data to the extent it relates to the scope, nature, and purpose of interacting and communicating with CLIENT, facilitating the use of the Services, Sources, and Portal, and assisting with the aforementioned requests. The parties acknowledge and agree that Vendor’s legal basis for collecting and processing Personal Data may be, based on the circumstances, consent or as necessary in order to perform the contractual obligations under the Terms & Conditions and this DPA.

D.3 Obligations under Data Protection Laws: To the extent that Data Protection Laws apply to the processing of Personal Data of CLIENT Representative(s) and other Users, the parties acknowledge and agree that: Vendor is a Processor and CLIENT is a Controller with regard to the processing of CLIENT Representative and User Personal Data. Each party shall comply with its respective obligations under Data Protection Laws and this DPA with regard to the processing of Personal Data. Vendor shall only process Personal Data upon CLIENT’s documented instructions in accordance with Services provided under the Terms & Conditions. As required under Data Protection Laws, Vendor shall assist, where appropriate, CLIENT in ensuring compliance with its obligations pursuant to Data Protection Laws, taking into account the nature and scope of Vendor’s Personal Data processing, which may include providing commercially reasonable cooperation and assistance with:

  • Data subject requests (see below)
  • Notifications or communications regarding personal data breaches
  • Data protection impact assessments
  • Prior consultations with supervisory authorities

D.4 Processing Obligations: With respect to any CLIENT or other User’s Personal Data to be processed by Vendor as a Processor pursuant to this Agreement, Vendor shall:

  • In the event Vendor engages other vendors to process Personal Data, seek the prior specific or general written authorization of the Controller, which is hereby given in respect of any other vendors notified to the CLIENT in the Agreement or any Order Form (and in the case of general written authorization, the Processor shall inform the Controller of any intended changes concerning the addition or replacement of other vendors, thereby giving the Controller the opportunity to object to such changes)
  • In accordance with Section 8.4 of the Terms & Conditions and unless prohibited under applicable law, upon termination of the Services, Vendor shall, at its option, either return or destroy the Personal Data (including all copies of it)
  • Ensure that all persons authorized by Vendor to access the Personal Data on Vendor’s behalf, are subject to obligations of confidentiality in accordance with confidentiality obligations set forth in Section 8 (Confidentiality) of the Terms & Conditions
  • Vendor remains fully liable to CLIENT for the failure of those persons authorized by Vendor to access the Personal Data on Vendor’s behalf to perform their obligations related to Personal Data processing as set forth herein
  • Make available such information as may be necessary to demonstrate compliance with its obligations under Article 28 of the GDPR and will (at the Client’s cost and expense) contribute to and allow for appropriate reasonable audits.

D.5 Security: Vendor limits its collection of Personal Data to only that which is relevant for purpose of providing the Services and retains Personal Data in a form that permits identification of data subjects (defined below) for no longer than is necessary to serve that purpose. Vendor maintains a retention register documenting the regulatory, statutory and business retention periods which it applies to its records. Notwithstanding Section 8.4 of the Terms & Conditions and Section D.4(b) of this DPA, where no defined or legal retention period exists, the default standard retention period is six (6) years plus the year in which the record was created. To the extent necessary to supplement the requirements set forth in the Terms & Conditions, Vendor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Accordingly, the following is a summary description of Vendor’s technical and organizational measures currently in place:

  • Information Security and Physical Security Policies and Procedures
  • Remote Access and Bring-Your-Own-Device Policies
  • Multi-Factor Authentication
  • Encryption procedures for data in transit and at rest
  • Asset Management and Secure Disposal Policies
  • Current Information Asset Register
  • Business Continuity and Disaster Recovery Plans
  • Managed Security Services that include regular internet and extranet firewall testing and penetration testing
  • Access Control Policies (controls include: building monitoring and security alarm system, biometric access cards, manual and automated access logs, secure storage of physical and information assets and media devices)
  • Clear Desk/Clear Screen Policies
  • Password complexity and regular rotation policy for employees and systems
  • Staff training and awareness of information security policies and procedures, breach procedures, and reporting chain.

D.6 Data Subject Rights: Within the scope of Data Protection Laws, CLIENT Representatives and other Users that are located in the EEA (“data subjects”) have certain rights that they may exercise, based on jurisdiction, in relation to the processing of their Personal Data. Where applicable, these rights include: the right to access, correct, update, and delete that data subject’s Personal Data, to withdraw any consent to processing, to opt out of communications, to restrict processing of Personal Data, and to make any claim or complaint in relation to their rights under Data Protection Laws, Vendor shall respond to and offer reasonable assistance to CLIENT (at CLIENT’s expense) in responding to data subjects’ requests to exercise their data protection rights in accordance with applicable Data Protection Laws.

D.7 EU Standard Contractual Clauses (Processors): Where Personal Data originating or processed in the EEA is transferred to Vendor, any vendor of Vendor, or other Supplier outside of the EEA, the parties agree to abide by this Exhibit C and the SCCs for the transfer of Personal Data from the EEA to Processors established in non-EEA countries that do not provide an adequate level of data protection approved by the European Commission Decision of 5 February 2010, as currently set out at https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087.

The SCCs may be varied or terminated only as specifically set out in the SCCs. The parties agree to observe the terms of the SCCs without modification, except as permitted under Clause 10 of the SCCs. In the event of inconsistencies between the provisions of the SCCs and the DPA or other agreements between the parties, the SCCs shall take precedence. The terms of the DPA shall not vary the SCCs in any way. Information required for Appendix 1 and 2 of the SCCs shall be as described in this DPA. The governing law in Clause 9 of the SCCs shall be the Member State in which CLIENT (as data exporter) is established. Each of the parties’ signatures, authentications, or consents to the Terms & Conditions shall be considered applicable to the DPA and SCCs as well. If so required by the laws or regulatory procedures of any jurisdiction, the parties shall execute or re-execute the SCCs as separate documents setting out the proposed transfers of Personal Data in such manner as may be required.

Exhibit E-1 – Monitoring Service Terms and Conditions

E-1.1 Scope. During the term of, and subject to the terms and conditions of, this Agreement (including the Order Form and this Exhibit E-1), Vendor will use commercially reasonable efforts to make Client Monitoring Services available to Client.

E-1.2 Limitations. Monitoring Data shall constitute Confidential Information of Vendor, and may be used by Client solely for internal purposes, its support of an Authorized Third Party, or for alerting law enforcement or affected Authorized Third Parties; the Monitoring Data cannot be resold, sublicensed, copied or used by Client or any Authorized Third Party in any other manner without the express written consent of Vendor, which consent shall be in Vendor’s sole and absolute discretion. Notwithstanding any other provision of this Agreement, Client agrees that:

  • Client shall differentiate between Prospects and other Authorized Third Parties when using the Portal or otherwise requesting Services
  • All Data made available to Client in connection with an Authorized Third Party which is merely a Prospect and not a Customer or Supplier shall be partially masked until such time as such Prospect becomes a Customer or Supplier by entering into a written agreement with the Client that protects the confidentiality, and limits the use, of the Services and Data in a manner consistent with, and no less protective than, this Agreement.

Enterprise Customers, Client Customers with more than 500 employees and/or Designated Monitoring Resources, each require individual Monitoring Services designated on an applicable Order Form. Client is otherwise prohibited from providing Monitoring Services to an Enterprise Customer.

E-1.3 Service Level Agreement

“Delivery Availability (or Delivered)” means a file, if available, containing Monitoring Data is made available to CLIENT via the Portal at least once during any 24-hour time period (e.g., on a daily basis) via Vendor’s batch delivery method.

“Emergency Maintenance” means maintenance that is performed by or on behalf of Vendor or a service provider to Vendor on or in connection with the Portal or Services due to an issue that is outside of the Maintenance Window and is a result of conditions or events beyond Vendor’s reasonable control.

“Maintenance Windows” means hours during which Vendor shall perform Scheduled Maintenance on the Portal, i.e., 12:00 a.m. – 11:00 a.m. ET.

“Permitted Downtime” means the following: (a) lack of Delivery Availability due to any Scheduled Maintenance or any Emergency Maintenance; (b) lack of Delivery Availability due to any Force Majeure Event, as defined in the Agreement; or (c) lack of Delivery Availability due to, or caused by, CLIENT’s software, systems or environment or any other reason beyond the reasonable control of Vendor.

“Scheduled Maintenance” ” means maintenance on the Portal so long as: (a) such maintenance is performed by Vendor during a Maintenance Window; or (b) Vendor has provided notice using e-mail (or other) method to CLIENT not less than four (4) hours before the commencement of such maintenance, which notice specifies the nature of such maintenance and the anticipated impact of such maintenance upon availability and performance of the Portal.

Service Availability + Credits – Except in the event of Emergency Maintenance or Permitted Downtime, available Monitoring Data (if any) will be delivered at least once during any 24 hour time period. CLIENT will notify Vendor in writing of any non-compliance with the service levels set forth in this Section E-1.3. If Vendor fails to meet the required Delivery Availability more than twice during any month (i.e., Monitoring Data is available and is not delivered to CLIENT for three or more days during the subject month) and after Vendor has received the required written notice thereof, then CLIENT, as CLIENTs’ sole and exclusive monetary remedy for breach of this Section E-1.3, will be entitled to receive one (1) full day’s credit on applicable Monitoring Service fees for that particular month (a “Service Credit”), which will be computed based on then-current Monitoring Service fees paid for the Services divided by the applicable number of days in such month. Any Service Credit provided by Vendor shall be applied to CLIENT’s next invoice (or refunded if Vendor does not expect to issue any further invoices).

In order to receive the Service Credit, CLIENT must notify Vendor in writing within 30 days from the time CLIENT becomes eligible to receive a Service Credit. Failure to comply with this requirement will result in a forfeiture of the right to receive the Service Credit.

Service Credits shall constitute CLIENT’s exclusive monetary remedy for Vendor’s failure to meet any minimum Delivery Availability commitments under this SLA; provided, however, that in the event of Vendor’s uncured failure to meet Delivery Availability for two or more consecutive months, CLIENT shall also have the right to terminate the Agreement by providing Vendor with written notice of such termination.

Incident Resolution On a 24×7 basis, 365 days per year basis, CLIENT may provide notice of any Delivery Availability or other support issue by sending an email to their account manager or to support@DarkWebID.com. Vendor will use its commercially reasonable efforts to resolve any reported and verifiable issues.