Threat Stack Terms of Use

These Threat Stack Terms of Use (these “Terms”) constitute a legal agreement between Threat Stack and the entity on whose behalf a Representative accesses the Service (the “Client”). Client’s use of the Service is subject to these Terms and, as applicable, the Order (together, this “Agreement”).

CLIENT’S RIGHT TO USE THE SERVICE IS EXPRESSLY CONDITIONED ON ACCEPTANCE OF THIS AGREEMENT. IF CLIENT DOES NOT AGREE WITH ANY PROVISION OF THE TERMS, CLIENT MUST NOT AND MAY NOT ACCESS OR USE THE SERVICE IN ANY MANNER FOR ANY PURPOSE.

1. Definitions
   1. “Affiliates” means any entity that is directly or indirectly controlled by, under common control with, or in control of a party to this Agreement. For these purposes, an entity will be treated as being controlled by another if that other entity has ability to vote 50% or more of equity in such entity, is able to direct its affairs and/or to control the composition of its board of directors or equivalent body.
   2. “Beta Service” means the Service, as made available on a “pre-release” or “beta” basis for testing and evaluation by Client. The term “Service,” as used in this Agreement, encompasses the “Beta Service,” as applicable.
   3. “Client Data” means all data provided or made available by Client for use with the Service regarding Client or Client Systems.
   4. “Client Systems” means all equipment, servers, devices, storage, other software, databases, network and communications equipment and ancillary services owned or controlled by Client.
   5. “Documentation” means the documentation provided in electronic or other form regarding the Service that may be provided or made available by Threat Stack to Client.
   6. “Feedback” means suggestions, comments for enhancements or functionality or other feedback.
   7. “Order” means a written order form or other ordering documentation entered into by Threat Stack and Client, referencing these Terms and specifying the pricing, type, and other specific provisions applicable to the Service access purchased. An Order may include, as applicable, a Statement of Work or a “quote” that is signed by the Client so long as it meets the requirements of the previous sentence.
   8. “PS” means professional services that Threat Stack may provide for Client in addition to Support.
   9. “Representatives” means a party’s employees, contractors, and agents.
   10. “Service” means Threat Stack’s cloud security platform and all related technology and information, including, without limitation, any installed software, Documentation, Support and PS services, and any versions or updates of the foregoing.
   11. “Service Fee” means the fees set forth in the Order.
   12. “Support” means the technical support and update services that Threat Stack may provide pursuant to this Agreement.
   13. “Taxes” means any sales, use and other taxes or duties, however designated, including without limitation, withholding taxes, royalties, know-how payments, customs, privilege, excise, sales, use, value-added and property taxes.
   14. “Threat Stack” means Threat Stack, Inc., a Delaware corporation, with an address at 55 Summer Street, Boston, Massachusetts 02110 USA.
   15. “Trial Products” means trial or evaluation software or services, however designated, that Threat Stack may make available to Client.
2. Service and Licenses
   1. Service Access. Subject to all provisions of this Agreement, Threat Stack will provide Client with access to the Service.
   2. License to Client. Subject to all provisions of this Agreement, Threat Stack grants Client a nonexclusive, nontransferable right and license, without the right to sublicense, to access and use the Service via the Internet, and to install and use any related software made available by Threat Stack for use with the Service (together, the “License”). The License is granted solely for Client’s internal business purposes in connection with Client’s authorized use of the Service. The Service is made available to Client solely as hosted by or on behalf of Threat Stack, and, except as may be provided by Threat Stack to run the Service, Client has no right to receive any copy of the Service or any software. In addition, Client’s access and use of the Service must comply with all other conditions set forth in applicable Documentation or Order. For avoidance of confusion, such conditions may include, for example, any requirements regarding data formats, number of permitted users or prohibited uses.
   3. Restrictions. Client may not, directly or indirectly, (a) disassemble, decompile, reverse engineer or use any other means to attempt to discover any source code, algorithms or trade secrets underlying the Service or Background Materials (except and only to the extent these restrictions are expressly prohibited by applicable statutory law), (b) use any of Threat Stack’s Confidential Information (as defined below) to create any service, software or documentation that performs substantially the same functionality as the Service, (c) encumber, sublicense, transfer, distribute, rent, lease, time-share or use any the Service (in any service bureau arrangement or otherwise) for the benefit of any third party, (d) adapt, combine, create derivative works of or otherwise modify any part of the Service, (e) hack, manipulate, interfere with, disrupt, disable or circumvent the Service, including, but not limited to, the security, integrity or performance of the Service or otherwise attempt to gain unauthorized access to the Service, (f) remove or obscure any proprietary notices or labels of Threat Stack or its suppliers on any part of the Service, (g) use or allow the transmission, transfer, export, re-export or other transfer of any software components of the Service or any other product, technology or information it obtains or learns in connection with Client’s use of the Service in violation of any export control or other laws and regulations of the United States or any other relevant jurisdiction, or (h) take any action that imposes an unreasonably large load or excessive traffic demands on the Service.
   4. Client Responsibilities. Client must provide reasonable cooperation, assistance, information and access to Threat Stack as may be necessary to permit Client’s use of the Service with the specified Client Systems. For details regarding Client Systems requirements and compatibility issues, see https://threatstack.zendesk.com/hc/en-us. As part of the implementation process, Client will identify an administrative user who will set up Client’s account. Client is responsible for providing (a) all subscriptions and credentials necessary for Threat Stack to access the Client Data, and (b) all Client Systems needed to send data to Threat Stack from Client’s facility. Client must ensure that Client Systems are compatible with the Service, and comply with all configurations and specifications described in the Documentation. Client may use the administrative account to create additional accounts for its Representatives who will use the Service, each with unique login IDs. Client will be responsible for the acts or omissions of any of its Representatives. Threat Stack reserves the right to refuse registration of, or to cancel, login IDs that violate the provisions set forth in this Agreement.
   5. Beta Service. Threat Stack may offer part of the Service as a Beta Service. Threat Stack will determine the amount of time for testing, evaluation, conditions, and offering of the Beta Service. Threat Stack is not required to offer the features of the Beta Service in the Service. Client agrees to provide timely feedback to Threat Stack of all defects identified during Client’s use of the Beta Service.
   6. Trial Products. Unless otherwise specified in an Order, Client may only use Trial Products on a non-production basis for no more than 30 days, and Threat Stack may terminate access to Trial Products at any time, upon written notice.
   7. Limited Liability – Beta Service and Trial Products. Threat Stack provides the Beta Service and Trial Products on an “AS IS,” as-available basis and without any warranty, indemnification, or obligation to provide technical support. In no event will Threat Stack be liable for any damage whatsoever arising out of the use of or inability to use the Beta Service or Trial Products, or the modification, suspension, or discontinuance of the Beta Service, or any portion thereof, for any reason, even if Threat Stack has been advised of the possibility of such damages. The entire risk arising out of the use or performance of the Beta Service or Trial Products by Client remains with Client.
   8. Third Party Websites. The Service may provide access to other sites and resources on the Internet. Threat Stack has no control over such sites and resources and Threat Stack is not responsible for and does not endorse such sites and resources.
3. Service Levels and Support

   During the subscription term, the Service will be subject to the service level and support terms in Exhibit A.

4. Professional Services

   Any PS and the applicable fees therefor will be the subject of a separate written agreement between Client and Threat Stack. In the absence of a separate written agreement governing the PS, the following terms in this Section 4 apply. The fees for the PS will be as set forth on the applicable Order. In addition, Client is responsible for all travel and living expenses (“Expenses”) incurred by Threat Stack’s Representatives while traveling to and from Client facilities to perform PS. Unless otherwise agreed in the applicable Order, fees for PS and reasonable Expenses will be billed monthly, or after the conclusion of the PS, and will otherwise be treated as Service Fees. Client must use reasonable efforts to: (a) provide Threat Stack personnel with such information, co-operation and support as may reasonably be required for Threat Stack to provide the PS, and (b) permit Threat Stack personnel to access such Client Systems as is necessary to perform the PS.

5. Feedback

   Client may from time to time provide Feedback to Threat Stack with respect to the Service. Threat Stack will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features or functionality. Client hereby grants Threat Stack a royalty-free, fully paid-up, worldwide, transferable, irrevocable, perpetual license to (a) copy, distribute, transmit, display, perform, and create derivative works of the Feedback in whole or in part, and (b) use the Feedback in whole or in part, including without limitation, the right to develop, manufacture, have manufactured, market, promote, sell, have sold, offer for sale, have offered for sale, import, have imported, rent, provide or lease products or services which practice or embody, or are configured for use in practicing, the Feedback, in whole or in part.

6. Pricing and Payments
   1. Service Fees. Client must pay the Service Fee set forth in the Order. If Client usage of the Service exceeds the amounts or limits set out in an Order, Threat Stack will invoice Client, and Client must pay, for such excess usage, based on Threat Stack’s then-standard rates. Except as specifically provided in these Terms or in the Order, (a) Service Fees are based on subscriptions purchased and not actual usage, (b) all payment obligations are non-cancellable, and fees paid non-refundable, and (c) quantities purchased cannot be decreased during the Term.
   2. Upgrades or Expansions. For any Service upgrades or expansions during the Term, Client must pay the additional pro rata Service Fee for the upgrade or expansion through the end of the then-current Term. For the following Renewal Term, the upgraded or expanded Service will be invoiced along with the originally-ordered Service and treated in all respects as though it had been part of the original Order. A new or amended Order is required for each upgrade or expansion. (See Section 12.2 for additional information on Renewal Term pricing.)
   3. Taxes. All amounts payable by Client to Threat Stack hereunder are exclusive of any Taxes. Client will be solely responsible for payment of any Taxes, except for those taxes based on the income of Threat Stack. Client may not withhold any Taxes from any amounts due Threat Stack and will pay Taxes properly invoiced by Threat Stack.
   4. AWS. Except as may be otherwise specified in an Order: (a) “account” or “AWS account” means, as applicable, the specific account between Client and Amazon Web Services (“AWS”) that Client chooses to use with the Service, and (b) “instance” means a specific server (running in the cloud, public or private, or an actual server running on premise or in a co-location facility) under control of the Client. Each account or instance must be specified and associated with the Client by identity (such as email address and password) and control of, and fiscal responsibility for, the applicable resources. (“Amazon Web Services” and “AWS” are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.)
   5. Overdue Payments. If payment of any Service Fee is not made when due and payable, a late fee will accrue at the rate of the lesser of (a) 1.5% per month, or (b) the highest legal rate permitted by law. Client will pay all reasonable expenses of collection of any overdue Service Fee. If any past-due payment from Client has not been received by Threat Stack within 30 days from the due date, Threat Stack may suspend access to the Service.
7. Confidentiality
   1. General. “Confidential Information” means (a) with respect to Threat Stack, the Service and all financial, business, technical or other information disclosed or made available by or for Threat Stack to Client that is of a nature that should reasonably be considered to be confidential or proprietary, and (b) with respect to Client, non-public Client Data. Except for the specific rights granted by this Agreement, neither party receiving Confidential Information (as a “Recipient”) may copy or disclose any of the Confidential Information disclosed by or on behalf of the other party (as the “Discloser”) without Discloser’s written consent; provided, that, each party may disclose Discloser’s Confidential Information to its Representatives pursuant to the provisions of this Agreement. Recipient must use reasonable care to safeguard Discloser’s Confidential Information, including ensuring that Recipient’s Representatives with access to Discloser’s Confidential Information have a need to know such Confidential Information for the purposes of this Agreement and are bound by confidentiality obligations substantially similar to those of Recipient under this Agreement. Each Recipient may use Discloser’s Confidential Information solely for the purpose of performing its obligations, or exercising its rights, under this Agreement. The foregoing obligations will not apply to any Confidential Information that Recipient can demonstrate is (i) already known by it without restriction, (ii) rightfully furnished to it without restriction by a third party not in breach of any obligation to Discloser, (iii) generally available to the public without breach of this Agreement, or (iv) independently developed by it without reference to or use of any of Discloser’s Confidential Information. Each party will be responsible for any breach of confidentiality by its Representatives, as applicable. Promptly upon Discloser’s request at any time, Recipient must return all of Discloser’s tangible Confidential Information, permanently erase all Confidential Information from any storage media and destroy all information, records, copies, summaries, analyses and materials developed therefrom. Each party may disclose the general nature, but not the specific terms, of this Agreement without the prior consent of the other party; provided, however, that either party may provide a copy of this Agreement or otherwise disclose its terms on a confidential basis in connection with any financing transaction or due diligence inquiry. Nothing in this Agreement will prevent a party from disclosing this Agreement or any of the other’s Confidential Information as necessary pursuant to any court order or any legal, regulatory, law enforcement or similar requirement or investigation; provided, prior to any such disclosure, Recipient must use reasonable, lawful efforts to (A) promptly notify Discloser in writing of such requirement to disclose, and (B) cooperate with Discloser in protecting against or minimizing any such disclosure or obtaining a protective order.
   2. Sensitive Information. Threat Stack does not require Sensitive Information in order to provide the Service. The Service may include, or Threat Stack may provide, tools to assist Client in omitting or redacting Sensitive Information prior to disclosure of Client Data to Threat Stack, but in any event it is Client’s responsibility to ensure that it does not transmit Sensitive Information to Threat Stack except as otherwise expressly agreed in writing. “Sensitive Information” means Social Security, passport, or driver’s license numbers or similar identifiers; payment card or other financial information; passwords; employment information; or health information; and other information of a similarly confidential nature, including information that requires special handling under applicable privacy and data protection laws.
8. Proprietary Rights
   1. Client Data. As between Client and Threat Stack, Client owns all right, title and interest (including all intellectual property and other proprietary rights) to the Client Data. Threat Stack may compile aggregated data and other statistical information related to Client’s use of the Service, including Client Data, and may use such information to improve the Service, provided, however, that such use does not reveal Client Confidential Information or the identity of Client.
   2. Reservation of Rights. Except for the limited rights and licenses expressly granted in this Agreement, no other license is granted, no other use of the Service is permitted. Threat Stack and its licensors retain all right, title and interest, including all intellectual property and proprietary rights embodied therein, in and to the Service.
9. Warranties and Disclaimers
   1. Threat Stack Warranties. Threat Stack warrants that, for the Term of this Agreement, the Service will perform in all material respects in accordance with the Documentation and that the Service will be provided in a professional and competent manner in accordance with industry standards. Threat Stack further warrants that (a) the Service and On-Site Software provided hereunder are and will follow all applicable federal, state and local laws and government rules and regulations, and (b) Threat Stack will use commercially reasonable efforts to ensure that the On-Site Software and Service will not cause any viruses, worms, time bombs, Trojan horses or other harmful, malicious or destructive code to be installed or introduced on Client Systems. In the event Threat Stack is not able to cure any breach of the foregoing warranties within 30 days of written notice thereof from Client, Client may, at its option, and as its sole remedy, so long as the breach continues, terminate this Agreement by written notice to Threat Stack. Upon such termination, Threat Stack will provide a refund of the fees Client has prepaid for the Service that it has not received and will not receive, as of the date of the termination.
   2. Client Data. Client represents and warrants that it owns all right, title and interest, or possesses sufficient rights, in and to the Client Data as may be necessary to permit the use contemplated under this Agreement. Client bears all responsibility and liability for the accuracy and completeness of the Client Data and Threat Stack’s access, possession and use thereof as permitted in this Agreement.
   3. DISCLAIMERS. EXCEPT AS EXPRESSLY SET FORTH IN SECTION 9.1, THE SERVICE IS PROVIDED WITHOUT ANY OTHER WARRANTY OF ANY KIND. WITHOUT LIMITING THE FOREGOING, THREAT STACK MAKES NO WARRANTY (I) THAT THE SERVICE WILL MEET CLIENT’S REQUIREMENTS OR BE UNINTERRUPTED, ERROR-FREE OR BUG-FREE, (II) REGARDING THE SECURITY, RELIABILITY, TIMELINESS, OR PERFORMANCE OF THE SERVICE, OR (III) THAT ANY ERRORS IN THE SERVICE CAN OR WILL BE CORRECTED. THREAT STACK HEREBY DISCLAIMS, FOR ITSELF AND ITS SUPPLIERS, ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, ORAL OR WRITTEN, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE AND ALL WARRANTIES ARISING FROM ANY COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. THREAT STACK DOES NOT GUARANTEE THAT THE SERVICE WILL IDENTIFY ALL INSTANCES OF SECURITY VIOLATIONS, THREATS OR INTRUSIONS. CLIENT ACKNOWLEDGES THAT THE SERVICE IS DEPENDENT ON THE CLIENT’S ENVIRONMENT AND ARCHITECTURE AND CLIENT ASSUMES ALL LIABILITY FOR CLIENT’S ENVIRONMENT AND ARCHITECTURE.
10. Indemnification
    1. By Threat Stack. Threat Stack will defend Client, and the officers, directors, agents, and employees of Client (“Client Indemnified Parties”) against any third-party claims asserted against the Client Indemnified Parties alleging that Client’s authorized use of the Service infringes any U.S. or European patent or copyright, or misappropriates the trade secrets, of any third party. Further, Threat Stack will indemnify the Client Indemnified Parties against any damages awarded or paid in connection therewith, including any reasonable attorneys’ fees and expenses. Threat Stack will have no liability or obligation under this Section with respect to any liability if such liability is caused in whole or in part by (a) modification of the Service by any party other than Threat Stack without Threat Stack’s express consent, (b) the combination, operation, or use of the Service with other products, data or services where the Service would not by itself be infringing, or (c) unauthorized or improper use of the Service or use of the Service for any unlawful purpose. If the use of the Service becomes, or in Threat Stack’s opinion, is likely to become, the subject of any claim of infringement, Threat Stack may, at its option (i) obtain for Client the right to continue using the affected portion of the Service, (ii) replace or modify the affected Service so that it becomes non-infringing without substantially compromising its principal functions, or (iii) substitute an equivalent for the affected Service. If options (i) – (iii) are not available on commercially reasonable terms to Threat Stack, then Threat Stack may terminate this Agreement upon written notice to Client and refund to Client any prepaid Service Fees, pro-rated for the remainder of the prepaid period.
    2. By Client. Client will defend Threat Stack, and the officers, directors, agents, and employees of Threat Stack (“Threat Stack Indemnified Parties”) against any third-party claims asserted against Threat Stack attributable to or arising from (a) any actual or alleged breach of Client’s representations and warranties, (b) Client’s unauthorized or unlawful use of the Service, (c) Client’s use of the Service, including any modifications thereto, or any combination of the results from use of the Service with any other data or information where the claim would not have arisen but for such modification, combination or use, or (d) the Client Data (including Threat Stack’s use thereof in accordance with this Agreement). Further, Client will indemnify the Threat Stack Indemnified Parties against any damages awarded or paid in connection therewith, including any reasonable attorneys’ fees and expenses.
    3. Process. For any indemnified claim under Section 10.1 or 10.2, the indemnified party must (a) promptly notify the indemnifying party in writing of any claim, suit or proceeding for which indemnity is claimed, provided that failure to so notify will not remove the indemnifying party’s obligation except to the extent it is prejudiced thereby, and (b) allow the indemnifying party to solely control the defense of any claim, suit or proceeding and all negotiations for settlement. The indemnified party must also provide the indemnifying party with reasonable cooperation and assistance in defending such claim, all at the indemnifying party’s cost. The indemnifying party may not enter into any settlement that imposes liability or obligations on the indemnified party without obtaining the indemnified party’s prior written consent of the settlement, such consent not to be unreasonably withheld or delayed.
11. LIMITATION OF LIABILITY

    EXCEPT FOR LIABILITY ARISING FROM (A) A PARTY’S INDEMNIFICATION OBLIGATIONS SET FORTH ABOVE, (B) A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS SET FORTH ABOVE, OR (C) CLIENT’S USE OF THE SERVICE OTHER THAN AS EXPRESSLY PERMITTED BY THIS AGREEMENT, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY (I) INDIRECT, PUNITIVE, INCIDENTAL, RELIANCE, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING, BUT NOT LIMITED TO, LOSS OF BUSINESS, REVENUES, PROFITS AND GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, (II) LOSS OR INACCURACY OF DATA, LOSS OR INTERRUPTION OF USE, OR COST OF PROCURING SUBSTITUTE TECHNOLOGY, GOODS OR SERVICE, OR (III) REGARDLESS OF THE FORM OF ANY CLAIM OR ACTION (WHETHER IN CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE) DAMAGES IN EXCESS OF THE AMOUNTS PAID OR OWED TO THREAT STACK PURSUANT TO THIS AGREEMENT DURING THE PRECEDING 12-MONTH PERIOD. THESE LIMITATIONS ARE INDEPENDENT FROM ALL OTHER PROVISIONS OF THIS AGREEMENT AND WILL APPLY NOTWITHSTANDING THE FAILURE OF ANY REMEDY PROVIDED IN THIS AGREEMENT.

12. Term and Termination
    1. Term. This Agreement commences on the earlier of the date Client begins using the Service or the start date set forth in the Order (the “Effective Date”) and will continue in effect for as long as Client’s authorized use of the Service continues, as set forth in the Order (the “Initial Term”). If the Order does not specify, then the Initial Term will be for one year from the Effective Date. Unless otherwise provided in the Order, this Agreement will automatically renew for successive one-year terms (each, a “Renewal Term,” and, together with the Initial Term, the “Term”) unless either party notifies the other of its intention not to renew within 30 days of the expiration of the then-current Term.
    2. Renewal Term Pricing. The pricing for any Renewal Term will be as indicated by Threat Stack in a “Renewal Notice” provided at least 30 days in advance of the next Renewal Term. If no Renewal Notice is provided, Threat Stack may increase Service Fees by up to 5% over the most recent applicable pricing. In addition, any renewal in which Service volume decreases may result in re-pricing at renewal without regard to the pricing for the Initial Term or the previous Renewal Term, as applicable.
    3. Termination. This Agreement may be earlier terminated by either party if the other party breaches a provision of this Agreement and fails to cure such breach within 30 days (or 10 days in the case of non-payment of Service Fees) after receiving written notice of such breach from the non-breaching party.
    4. Effects of Termination. Upon any expiration or termination of this Agreement, all rights, obligations and licenses of the parties will cease, except that (a) all obligations that accrued prior to the effective date of termination (including without limitation, all payment obligations) and all remedies for breach of this Agreement will survive, and (b) the provisions of Sections 5 (Feedback), 6 (Pricing and Payments), 7 (Confidentiality), 8 (Proprietary Rights), 9.3 (Disclaimers), 10 (Indemnification), 11 (Limitation of Liability), 12.4 (Effects of Termination), and 13 (General Provisions) will survive. Threat Stack has no obligation to retain any Client Data after the termination of this Agreement.
13. General Provisions
    1. Entire Agreement. This Agreement constitutes the entire agreement, and supersedes all prior negotiations, understandings or agreements, oral or written, between the parties about the subject matter of this Agreement. In the event of a conflict between these Terms and the Order or other separate written agreement with Threat Stack for use of the Service, the conflicting or additional provisions set forth in the Order or such other agreement will govern.
    2. Waivers, Consents and Modifications. No waiver, consent or modification of this Agreement will bind Threat Stack or Client unless in writing and signed by both Client and Threat Stack. The failure of either party to enforce its rights under this Agreement at any time for any period will not be construed as a waiver of such rights.
    3. Severability. If any provision of this Agreement is determined to be illegal or unenforceable, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.
    4. Export Controls. The Service and the transmission of applicable data is subject to United States export controls. No portion of the Service may be downloaded or otherwise exported or re-exported in violation of U.S. export laws. Downloading or using the On-Site Software is at Client’s sole risk. Recognizing the global nature of the Internet, Client must comply with all local rules and laws regarding Client’s use of the Service, including as it concerns online conduct and acceptable content.
    5. Government Restricted Rights. If the Service is accessed on behalf of the U.S. Government, it is classified as “Commercial Computer Products” and “Commercial Computer Documentation” developed at private expense, containing confidential information and trade secrets of Threat Stack and its licensors, and are subject to “Restricted Rights” as that term is defined in the Federal Acquisition Regulations. Contractor/Manufacturer is: Threat Stack.
    6. Governing Law. This Agreement will be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts, without regard to its conflicts of law provisions. Neither the United Nations Convention on Contracts for the International Sale of Goods nor any implementation of the Uniform Computer Information Transactions Act in any jurisdiction will apply to this Agreement.
    7. Venue. Except that Threat Stack may seek equitable or similar relief from any court of competent jurisdiction to prevent or restrain any breach or threatened breach of this Agreement by Client, exclusive jurisdiction and venue for actions related to this Agreement or Client’s use of the Service will be the state and federal courts located in Massachusetts having jurisdiction over Threat Stack’s offices, and both parties consent to the jurisdiction of such courts with respect to any such actions.
    8. Costs and Attorneys’ Fees. In any action or proceeding to enforce or interpret this Agreement, the prevailing party will be entitled to recover from the other party its costs and expenses, including reasonable attorneys’ fees, incurred in connection with such action or proceeding and enforcing any judgment or order obtained.
    9. Force Majeure. Threat Stack is not responsible for any unavailability caused by circumstances beyond its reasonable control, including without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving Threat Stack Representatives), equipment failures, periodic updating, or Internet service provider failures or delays.
    10. Notices. Any notice or communication hereunder must be in writing and either personally delivered or sent by recognized express delivery courier or certified or registered mail, prepaid and return receipt requested, addressed to the other party, which, in the case of Client, will be the address provided to Threat Stack upon signing up for the Service, and, in the case of Threat Stack, is 55 Summer St, Boston, MA 02110 or, if different, the address set forth in the contact section of Threat Stack’s website, or at such other address for either party as is designated in a subsequent notice. All notices must be in English, effective upon receipt.
    11. Electronic Contracting. Client’s use of the Service includes the ability to enter into agreements and to make transactions electronically. CLIENT ACKNOWLEDGES THAT ELECTRONIC SUBMISSIONS CONSTITUTE CLIENT’S AGREEMENT AND INTENT TO BE BOUND BY AND TO PAY FOR SUCH AGREEMENTS AND TRANSACTIONS. CLIENT’S AGREEMENT AND INTENT TO BE BOUND BY ELECTRONIC SUBMISSIONS APPLIES TO ALL RECORDS RELATING TO ALL TRANSACTIONS ENTERED INTO FOR THE SERVICE, INCLUDING NOTICES OF CANCELLATION, POLICIES, CONTRACTS, AND APPLICATIONS.
    12. Assignment. This Agreement will be binding upon and for the benefit of Threat Stack, Client and their permitted successors and assigns. Either party may assign this Agreement to its Affiliates or as part of a corporate reorganization, consolidation, merger, or sale of substantially all of its assets, equity or business to which this Agreement relates. Except as expressly stated in this Agreement, neither party may otherwise assign its rights or obligations under this Agreement either in whole or in part without the prior written consent of the other party, and any attempted assignment or delegation without such consent will be void.
    13. Independent Contractors. The parties are independent contractors under this Agreement, and nothing in this Agreement will constitute either party as the employer, employee, agent or representative of the other party, or both parties as joint ventures or partners for any purpose.

EXHIBIT A

THREAT STACK SERVICE LEVELS AND SUPPORT

1. SERVICE AVAILABILITY

   Threat Stack will use commercially reasonable efforts to ensure the Service will be available in accordance with this Service Level Agreement, excluding any Scheduled Downtime events, each as defined below. The service availability shall be measured as the total number of minutes in a month minus the total number of minutes in that month that comprise Schedule Downtime or events (“Scheduled Uptime”).

   The Scheduled Uptime ratio for the Service is 99.90% (Actual Uptime divided by Scheduled Uptime per calendar month). Threat Stack will use commercially reasonable means to ensure the highest possible uptime attainment.

2. SERVICE LEVEL CREDITS

   If Threat Stack does not meet the Scheduled Uptime targets set out above, Client will be entitled, upon written request, to a “Service Level Credit” to be calculated as follows:

   • If Scheduled Uptime ratio is greater than 99.50% for the month, no Service Level Credit is provided.
   • If Scheduled Uptime ratio is 98.50% to 99.49% (inclusive) for the month, Client will be eligible for a credit of 25% off the pro rata Service Fees for the next successive month.
   • If Scheduled Uptime ratio is 97.50% to 98.49% (inclusive) for the month, Client will be eligible for a credit of 35% off the pro rata Service Fees for the next successive month.
   • If Scheduled Uptime ratio is less than 97.50% for the month, Client will be eligible for a credit of 50% off the pro rata Service Fees for the next successive month.
3. SCHEDULED DOWNTIME

   A minimum of 5 days’ advance notice will be provided for all downtime needed to perform routine system maintenance, backup, and upgrade functions for the Service (the “Scheduled Downtime”). Scheduled Downtime will be scheduled in advance to take place during off-peak hours (based on Boston, MA, USA local time) whenever possible, and will not exceed 10 hours per month. Threat Stack notifies Clients via the status page available at http://status.threatstack.com of pending Scheduled Downtime and updates during Scheduled Downtime windows. If the scope of a Scheduled Downtime window changes during the downtime, Threat Stack will notify Clients via the status page with a new time window forecast.

   The duration of Scheduled Downtime is measured, in minutes, as the amount of elapsed time from when the component of the Service is not available to perform operations to when the component of the Service becomes available to perform operations. Threat Stack’s publicly available status page will be used to track Scheduled Downtime and any other Service outages.

4. UNSCHEDULED DOWNTIME

   “Unscheduled Downtime” is any time outside of the Scheduled Downtime when a component of the Service is not available to perform operations, excluding any outages caused by the failure of any third-party vendors, the Internet in general, or any emergency or force majeure event. The measurement is in minutes, otherwise calculated as with Scheduled Downtime.

5. GENERAL

   Service Level Credits are Client’s sole and exclusive remedy in the event of any failure to meet the Service Levels. Service Level Credits will only be applied to the next applicable invoice following Client’s request and Threat Stack’s confirmation that credits are applicable. Service Level Credits have no cash value.

6. SUPPORT

   Threat Stack is available to receive support inquiries via email 24 hours per day at [email protected] Standard support hours are from 8:00 a.m. to 8:00 p.m. Eastern Time Monday through Friday, excluding US federal holidays, for technical information, technical advice and technical consultation regarding Client’s use of the Service.

7. INCIDENT RESPONSE TIMES

   Threat Stack will use commercially reasonable efforts to respond and resolve Severity Level incident with the Service in accordance with the target time periods below:

   Severity Level	Error State Description	Response Time	Target Resolution Within
   1 Critical Priority	Renders the Service inoperative, or causes to fail catastrophically	30 minutes	4 Hours
   2 High Priority	Affects the operation of the Service and materially degrades Clients use thereof	2 hours	12 hours
   3 Medium Priority	Affects the operation of the Services but does not materially degrades Clients use thereof	24 hours	48 hours
   4 Low Priority	Causes only a minor impact on the operation of the Service	48 hours	Supplier will provide Client with a permanent correction as part of Supplier’s next regularly scheduled release or update or as otherwise mutually agreed by the parties.