Adlumin Inc.

Adlumin Inc. (referred to as “Adlumin”) is willing to provide certain services to you as the individual, the company, Adlumin Partner, or the legal entity (referenced below “Licensee”) that enters into a written quotation, work order, statement of work or similar document with Adlumin that references these terms and conditions (hereinafter, this “Agreement”) only on the condition that you accept all of the terms of this Agreement. Adlumin and Licensee may be referred to individually as “Party” or collectively as “Parties.”

Read the terms and conditions of this Agreement carefully before purchasing any services from Adlumin. This is a legal and enforceable contract between You and Adlumin. By entering a written quotation, statement of work, or similar document with Adlumin or it’s Partners that references the agreement below, you agree to the terms and conditions of this Agreement.

1. DEFINITIONS

1.1 Content Updates means content used by certain Adlumin products or services which is updated from time to time, including but not limited to updated Software, vulnerability signatures for vulnerability assessment products, and exploits for penetration testing products.

1.2 Documentation means the documentation for the Software generally supplied by Adlumin to assist its customers in their use of the Software, including user and system administrator guides, manuals, and functionality specifications.

1.3 Maintenance and Support Term means the period in which Customer is entitled to receive Content Updates, as applicable, and support services from Adlumin, including all updates, enhancements, bug fixes, and new releases thereto that Adlumin makes generally available to its customers. The length of the Maintenance and Support Term shall be listed on the applicable Order Form and shall commence on the date of delivery of the Software.

1.4 Order means Adlumin’s order form or other ordering document signed or referenced by Customer, it’s Partners, or its authorized reseller which identifies the specific Software and/or Services ordered, the Volume Limitations, and the price agreed upon by the parties.

1.5 Services means Adlumin’s professional services (as described in Section 10.2) herein.

1.6 Software means those Adlumin products listed on the applicable Order Form.

1.7 Software Term means the period in which Customer is authorized to utilize the Software. Each Software Term shall be listed on the applicable Order Form and shall commence on the date of delivery of the Software, or on the first date the Proof of Value (PoV) begins.

1.8 Volume Limitations means the capacity indicated on the Order Form, including, as applicable, number of devices or assets, applications, data, plugins, and named individual users of the Software.

2. SOFTWARE LICENSES

2.1 License to Products. During the Software Term, Adlumin grants the Customer a non-exclusive, non-transferable, non-sublicensable right to use and access the Adlumin Software (in object code only): (i) solely for the Customer’s internal business purposes; (ii) within the Volume Limitations; and (iii) as described in this Agreement. The parties also agree to be bound by any further license restrictions set forth on the Order Form. The following license provisions shall also apply if Customer is purchasing (i) Adlumin’s Security Operation Platform (ii) Log Retention, (iii) Managed, Detection and Response (MDR), (iv) Incident Response Subscription (IR), (v) Adlumin 360 Protect, (vi) Continuous Vulnerability Management, (vii) Total Ransomware Defense, (viii) Proactive Security Awareness, (ix) Progressive Penetration Testing and/or other services provided.

2.2 Evaluation Licenses. If the Customer’s license is for a trial/Proof of Value (PoV), then the Software Term shall be for fourteen (14) days or the trial term specified on the Order Form. Customers may not utilize the same software for more than one trial or evaluation term in any twelve-month period unless otherwise agreed to by Adlumin. Adlumin may revoke Customer’s evaluation or trial license at any time and for any reason. Sections 4 (Limited Warranty) and 9.1 (Indemnification) shall not be applicable to any evaluation or trial license.

2.3 Use by Affiliates. Subject to the Volume Limitations, Customer may make the Software available to its Affiliates under these terms, provided that Customer is liable for any breach of this Agreement by any of its Affiliates. “Affiliate(s)” means any entity now existing that is directly or indirectly controlled by Customer. For purposes of this definition “control” means the direct possession of a majority of the outstanding voting securities of an entity.

2.4 Delivery and Copies. Delivery shall be deemed to have been made upon Adlumin providing instructions to download or activate the Software, as applicable. Notwithstanding anything to the contrary herein, Customer may make a reasonable number of copies of the Software for the sole purpose of backing-up and archiving the Software. Each copy of the Software is subject to this Agreement and must contain the same titles, trademarks, and copyright notices as the original.

2.5 Restrictions. The Software may only be used for the purposes of good-faith testing, investigation, and/or correction of security flaws, exposures, or vulnerabilities to advance the security or safety of devices, machines, or networks of those who use such devices, machines, or networks. Except as may be expressly permitted by applicable law, Customer will not, and will not permit or authorize third parties to: (i) view the platform, reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, create derivative works of the Software, or merge the Software into another program; (ii) resell, rent, lease, or sublicense the Software or access to it, including use of the Software for timesharing or service bureau purposes; (iii) circumvent or disable any security or technological features or measures in the Software; nor (iv) use the Software in order to build a competitive product or service, for competitive analysis, or to copy any ideas, features, functions, or graphics of the Software. Customer is responsible for its employees’ compliance with this Agreement. If Customer identifies a vulnerability in the Software, all information and analysis regarding the vulnerability must be disclosed through the Adlumin ticketing process and to the Partner from whom, the software was purchased.

2.6 Ownership of Software. Adlumin retains all right, title, and interest in and to the Documentation, Software, Content Updates and in all copies, modifications and derivative works thereto including, without limitation, all rights to patent, copyright, trade secret, trademark, and other proprietary or intellectual property rights.

2.7 Customer Systems. Customer represents and warrants that it has the appropriate authorizations from the owner of the networks, systems, IP addresses, assets, and/or hardware on which it deploys the Software, or which it targets, scans, monitors, or tests with the Software.

3. FEES AND PAYMENT TERMS

3.1 If Customer is purchasing the Software through an Adlumin authorized reseller, then the fees shall be as set forth between Customer and reseller and the applicable fees shall be paid directly to the reseller and Section 3.2 shall not apply.

3.2 Customer agrees to pay the fees, charges, and other amounts in accordance with the Order Form from the date of invoice. All fees are non-refundable unless otherwise stated herein. Customer shall be responsible for remitting all taxes levied on any transaction under this Agreement, including, without limitation, all federal, state, and local sales taxes, levies and assessments, and local withholding taxes in Customer’s jurisdiction, if any, excluding, however, any taxes based on Adlumin’s income. In the event Customer is required to withhold taxes from its payment or withholding taxes are subsequently required to be paid to a local taxing jurisdiction, Customer is obligated to pay such tax, and Adlumin, as applicable, will receive the Order Form payment amount as agreed to the net of any such taxes.

4. LIMITED WARRANTY

4.1 Adlumin’s Responsibilities. Adlumin will use commercially reasonable efforts to make the Adlumin Security Operations Platform available at all times, except for planned downtime as notified to Licensee by email or in writing in advance and any unavailability caused by force majeure circumstances (e.g., acts of God, acts of government, civil unrest, Internet Adlumin Security Operations Platform provider failures or delays, denial of service attacks, and other events beyond the reasonable control of Adlumin), and to provide the Adlumin Security Operations Platform only in accordance with applicable laws and government regulations. Adlumin will maintain commercially reasonable security, administrative, technical and physical safeguards to protect the security, confidentiality, and integrity of Content.

4. 2 Software Warranty. Adlumin makes no warranty regarding third-party features or services. Should third-party service features be unavailable, Adlumin will, at no additional cost to Customer, use commercially reasonable efforts to provide remedial services necessary to enable the Software to conform to the original features. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranty.

4.3 Disclaimer. ADLUMIN DOES NOT REPRESENT THAT THE SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE, OR WILL MEET CUSTOMER’S REQUIREMENTS. EXCEPT FOR THE WARRANTY ABOVE, ADLUMIN MAKES NO OTHER WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS. ADLUMIN MAKES NO WARRANTY THAT ALL SECURITY RISKS OR THREATS WILL BE DETECTED BY USE OF THE SOFTWARE OR THAT FALSE POSITIVES WILL NOT BE FOUND.

5. LIMITATION OF LIABILITY

5.1 Exclusion of Certain Damages. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, ADLUMIN INC. (“ADLUMIN”), ITS AFFILIATES, SUBSIDIARIES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS SHALL NOT BE LIABLE TO THE AN ADLUMIN DIRECT CLIENT, PARTNER, OR THE PARTNER’S CLIENT OR ANY THIRD-PARTY CUSTOMER OF ANY OF THOSE LISTED, NOR ANY THIRD-PARTY FOR:

1. Indirect Damages: Any indirect, incidental, consequential, special, or exemplary damages, including but not limited to, loss of profits, loss of revenue, loss of business opportunities, loss of goodwill, or loss of data, even if ADLUMIN has been advised of the possibility of such damages.
2. Third-Party Product Claims: Any claims, losses, or damages arising from or relating to third-party products, or services licensed by Adlumin, or actions, including those related to third-party integrations, such as Continuous Vulnerability Management, Adlumin 360 Protect, Total Ransomware Defense, Proactive Security Awareness, Progressive Penetration Testing, Hubspot, or other third-party platforms that are beyond the control of ADLUMIN.
3. Force Majeure Events: Damages resulting from events beyond ADLUMIN’s reasonable control, including but not limited to, acts of God, war, terrorism, natural disasters, government actions, or internet disruptions.
4. Unauthorized Access or Use: Any damages arising from unauthorized access to, or use of, the ADLUMIN platform, including those resulting from cyberattacks, hacking, or the failure of the client to maintain adequate security measures.
5. User Misconduct: Damages resulting from the client’s or its authorized users’ willful misconduct, negligence, failure to comply with applicable laws or breach of the terms of this Agreement.
6. Specific Exclusions Related to Services: Any damages related to the failure of specific services provided by ADLUMIN, including, but not limited to, Managed Detection and Response, Continuous Vulnerability Management and Patching Services, Proactive Security Awareness Training, Progressive Penetration Testing, or any other specific services explicitly excluded within this Agreement.

5.2 Applies Regardless of Claim Basis. THIS EXCLUSION OF CERTAIN DAMAGES CLAUSE SHALL APPLY WHETHER THE CLAIM FOR DAMAGES IS BASED ON WARRANTY, CONTRACT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND SHALL APPLY EVEN IF ADLUMIN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

5.3 Limitation on Amount of Liability. NEITHER PARTY WILL BE LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER TO ADLUMIN SPECIFICALLY FOR THE SERVICE OR PLATFORM THAT CAUSED OR RESULTED IN THE DAMAGES, DURING THE TWELVE MONTHS IMMEDIATELY PRIOR TO THE EVENT GIVING RISE TO LIABILITY. THIS LIMITATION OF LIABILITY IS CUMULATIVE AND NOT PER INCIDENT, AND THE TOTAL AMOUNT OF DAMAGES FOR ANY AND ALL CLAIMS SHALL NOT EXCEED THE CAP STATED HEREIN. EXCEPT THAT THE LIMITATION IN THIS SECTION SHALL NOT APPLY TO: (I) VIOLATIONS OF A PARTY’S INTELLECTUAL PROPERTY RIGHTS BY THE OTHER PARTY; (II) A PARTY’S EXPRESS INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT; (III) ANY LIABILITY RESULTING FROM A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT. THIS LIMITATION OF LIABILITY SHALL APPLY WHETHER THE CLAIM FOR DAMAGES IS BASED ON WARRANTY, CONTRACT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND SHALL APPLY EVEN IF EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

6. VOLUME LIMITATIONS

6.1 Usage Verification. Customer understands and acknowledges that the Software may track and/or enforce its Volume Limitations. Additionally, upon Adlumin’s written request, such request not to exceed once every six months, Customer shall provide Adlumin with a signed certification verifying that the Software is being used in accordance with this Agreement. In addition to the foregoing, at Adlumin’s written request, Customer will permit Adlumin to review and verify Customer’s records, deployment, and use of the Software for compliance with the terms and conditions of this Agreement, at Adlumin’s expense. Any such review shall be scheduled at least ten days in advance, shall be conducted during normal business hours at Customer’s facilities, and shall not unreasonably interfere with Customer’s business activities.

6.2 Exceeding Volume Limitations. If the Service is used in excess of the Volume Limitations, following a reasonable notification period Customer shall be liable for, and Adlumin reserves the right to invoice for, the fees for such excess usage at Adlumin’s then current list rates, or as otherwise set forth on the Order Form, notwithstanding the limitation on liability in Section 5.2 of this Agreement.

7. CONFIDENTIALITY

7.1 Confidential Information. “Confidential Information” means information provided by one party to the other party which is designated in writing as confidential or proprietary, as well as information which a reasonable person familiar with the disclosing party’s business and the industry in which it operates would know is of a confidential or proprietary nature. A party will not disclose the other party’s Confidential Information to any third party without the prior written consent of the other party, nor make use of any of the other party’s Confidential Information except in its performance under this Agreement. Each party accepts responsibility for the actions of its agents or employees and shall protect the other party’s Confidential Information in the same manner as it protects its own Confidential Information, but in no event with less than reasonable care. The parties expressly agree that the terms and pricing of this Agreement are Confidential Information. A receiving party shall promptly notify the disclosing party upon becoming aware of a breach or threatened breach hereunder and shall cooperate with any reasonable request of the disclosing party in enforcing its rights.

7.2 Exclusions. Information will not be deemed Confidential Information if such information: (i) is known prior to receipt from the disclosing party, without any obligation of confidentiality; (ii) becomes known to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii) becomes publicly known or otherwise publicly available, except through a breach of this Agreement; or (iv) is independently developed by the receiving party without use of the disclosing party’s Confidential Information. The receiving party may disclose Confidential Information pursuant to the requirements of applicable law, legal process, or government regulation, provided that, unless prohibited from doing so by law enforcement or court order, the receiving party gives the disclosing party reasonable prior written notice, and such disclosure is otherwise limited to the required disclosure.

8. TERM & TERMINATION

8.1 The Software Term (or Maintenance and Support Term for Software with a perpetual Software Term) will automatically renew for an additional one-year term at the rate listed on the applicable Order Form unless (i) otherwise indicated on the Order Form or (ii) either party provides the other with written notice of its election not to renew at least 30 days prior to the anniversary date. Any renewal will be invoiced at the rate indicated on the applicable Order Form. In connection with any renewal term, Adlumin reserves the right to change the rates, applicable charges and usage policies and to introduce new charges for any subsequent Subscription Term, upon providing Customer written notice thereof (which may be provided by e-mail) at least 60 days prior to the end of the applicable term.

8.2 This Agreement or an Order Form may be terminated: (i) by either party if the other party is adjudicated as bankrupt, or if a petition in bankruptcy is filed against the other party and such petition is not discharged within sixty days of such filing; or (ii) by either party if the other party materially breaches this Agreement or the Order Form and fails to cure such breach to such party’s reasonable satisfaction within thirty days following receipt of written notice thereof. The customer’s license to use the Software shall terminate upon the expiration of the applicable Software Term. Upon any termination of this Agreement or an Order Form by Adlumin, all applicable licenses are revoked, and Customer shall immediately cease use of the applicable Software and certify in writing to Adlumin within thirty days that Customer has destroyed or returned to Adlumin such Software and all copies thereof. Termination of this Agreement or a license granted hereunder shall not relieve Customer of its obligation to pay all fees that have accrued, have been paid, or have become payable by Customer hereunder. All provisions of this Agreement which by their nature are intended to survive the termination of this Agreement shall survive such termination.

8.3 Effect of Termination. Upon expiration or termination of this Agreement for any reason, the rights, licenses and access to the Adlumin Security Operations Platform granted to Licensee under this Agreement will immediately terminate, and all Fees owed pursuant to Section 3 will become immediately due and payable, unless termination is due to Adlumin’s uncured material breach, in which case no further fees shall be payable by Licensee, and Adlumin shall refund to Licensee any prepaid fees on a pro-rata basis. Licensee agrees to remove all Adlumin agent and Adlumin Software upon termination of this agreement by either party.

8.4 Licensee Data. Upon termination of this Agreement for cause based on a material breach, Adlumin shall, when requested by Licensee, continue to provide ‘read-only’ access to the Licensee’s portal and associated data for thirty (30) days after termination. If Licensee pays for Log Retention, 1 Year PCI Compliant Data Storage, the logs contained in Log Retention can be exported in raw format as logs to the Licensee. The licensee agrees to pay the cost of exporting any raw log data from Adlumin’s Security Operations Platform in Amazon Web Services (AWS) to the Licensee. Adlumin agrees, upon termination, cancellation, expiration, or another conclusion of this Agreement, within 30 days to destroy and not retain any copies (and furnish the Institution with an appropriate Certificate of Destruction) of all data or Confidential Information that is in its possession.

8.5 Data Storage, Transfer, and Destruction at Termination. Data will be stored the length of time that a customer pays for it to be stored (Adlumin’s options are either 90 days or 365 days) during the contract period. All data older than 90 days will be destroyed unless the Licensee pays for 365 days of data storage (Adlumin’s Log Retention). If only 90 days of storage is purchased, all data older than 90 days will be deleted. Data tables that store a customer data may be rolled or rebuilt completely on day 91. If Licensee desire to keep data more than 90 days from any ingested device, Licensee should purchase Log Retention. All data older than 365 days will be deleted in Log Retention at the end of the one-year period. If the Licensee wants data retained longer than one (1) year, that additional year of data will be stored at an extra cost for each additional year at the current data retention cost specified in the license / proposal. Licensee must notify Adlumin at least 60 days prior to the end of Year 1 if Licensee desires to retain its data longer than 1 year.

9. SERVICE LEVEL AGREEMENT

9.1 Adlumin Platform. A Service Disruption is defined as the Software, or a component of the Software, or access to Adlumin’s Dashboard portal, becoming unusable or unavailable after being installed, configured, and/or accessed as per the system requirements specified by Adlumin, or if data generated by the Software being found by Licensee to be inaccurate, due to a defect in the Software, as opposed to being caused by any action on the part of Licensee or the Licensee’s network system or another third-party vendor. Such defect must be corrected within ten (10) business days of the matter having been reported to Adlumin by the Licensee.

9.2 Data corruption or destruction caused by a Licensee system, application, or service on the Licensee’s network or the Licensee’s third-party vendor or provider will not be considered a service disruption for purpose of this agreement. In the event of more than two (2) Service Disruption within a ten (10) day period, the Licensee may terminate this Agreement upon thirty (30) days prior written notice to Adlumin.

9.3 Notice to terminate must be given to Adlumin within thirty (30) days of the second service disruption event. In such event, the Licensee shall not be required to make further payments pursuant to this Agreement and shall receive a pro-rated refund for any payments previously made applicable to the time remaining on the Agreement. Licensee may also terminate this Agreement as described above in the event that three or more Service Disruptions occur within a three-month period, regardless of the timeframe within which each such individual Service Disruption was corrected.

9.4 Adlumin Security Operations Center SLA – See Appendix A

10. INDEMNIFICATION

10.1 By Adlumin. Adlumin will indemnify, defend, and hold harmless Customer from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys’ fees) arising out of a third-party claim that the Software infringes or misappropriates any intellectual property right of such third party. Notwithstanding the foregoing, in no event shall Adlumin have any obligations or liability under this Section arising from: (i) use of any Software in a manner not anticipated by this Agreement or in combination with materials not furnished by Adlumin; or (ii) any content, information or data provided by Customer or other third parties. If the Software is or is likely to become subject to a claim of infringement or misappropriation, then Adlumin will, at its sole option and expense, either: (i) obtain for the Customer the right to continue using the Software; (ii) replace or modify the Software to be non-infringing and substantially equivalent to the infringing Software; or (iii) if options (i) and (ii) above cannot be accomplished despite the reasonable efforts of Adlumin, then Adlumin may terminate Customer’s rights to use the infringing Software and will refund pro-rata any prepaid fees for the infringing portion of the Software. THE RIGHTS GRANTED TO CUSTOMER UNDER THIS SECTION 9.1 SHALL BE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY ALLEGED INFRINGEMENT BY THE SOFTWARE OF ANY PATENT, COPYRIGHT, OR OTHER PROPRIETARY RIGHT.

10.2 By Customer. Customer will indemnify, defend, and hold harmless Adlumin from and against all liabilities, damages, and costs (including settlement costs and reasonable attorneys’ fees) arising out of a third-party claim regarding Customer’s: (i) use of the Software in violation of applicable law; or (ii) breach of the representation and warranty made in Section 2.7 and 11.4 of this Agreement.

11. TECHNICAL SUPPORT AND PROFESSIONAL SERVICES

11.1 Maintenance and Support Services. The maintenance and support program selected by Customer shall be set forth on the applicable Order Form and shall be further subject to Adlumin’s maintenance and support policy as defined in this EULA.

11.2 Product-Related Professional Services. Unless otherwise provided on an Order Form or statement of work (“SOW”), Customer is responsible for installing and configuring all Software. Adlumin may provide Customer certain professional services, such as installation, configuration, consulting, training, and external scanning, if and as specified on an Order Form or a separate SOW executed by the parties. Such Services will be invoiced upon execution of the Order Form or SOW. All changes to an SOW must be approved by both parties in writing. Adlumin shall have sole discretion in staffing the Services and may assign the performance of any portion of the Services to any subcontractor, provided that Adlumin shall be responsible for the performance of any such subcontractor. Customer will have a non-exclusive, non-transferable license to use any deliverables or other work product developed by Adlumin in the performance of the Services which are delivered to Customer, upon Customer’s payment in full of all amounts due for such deliverables or work product. Adlumin retains ownership of all information, software, and other property owned by it prior to this Agreement or which it develops independently of this Agreement and all deliverables and work product compiled or developed by Adlumin in the performance of the Services.

11.3 Professional Services Rescheduling. To the extent Customer purchases Services, Customer may reschedule the Services up to ten business days prior to the start of the Services at no cost. If Customer reschedules the Services with less than ten business days’ notice, Customer will forfeit the portion of the Services equal to the number of days that were rescheduled without the required notice. If Customer reschedules the Services after they have begun, Customer will forfeit five days of Services, or the number of days remaining on the Services, whichever is fewer. Customer will also be responsible for any out-of-pocket expenses incurred by Adlumin due to such rescheduling. If performance of the Services is delayed by Customer’s acts or omissions, including Customer’s failure to meet the requirements set forth in an SOW, Customer will forfeit the duration of such delay from its Services time.

12. GENERAL PROVISIONS

a) Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the remaining provisions of this Agreement will remain in full force and effect.

b) Governing Law and Jurisdiction. This Agreement is governed by and construed under the laws of the State of Delaware without reference to conflict of laws principles. All disputes will be resolved in accordance with Delaware corporate dispute resolution regulations. If it becomes necessary for any party to institute legal action to enforce the terms and conditions of this Agreement, and such legal action results in a final judgment in favor of such party (“Prevailing Party”), then the party or parties against whom said final judgment is obtained shall reimburse the Prevailing Party for all direct, indirect or incidental expenses incurred including, but not limited to, all attorney fees, court costs and other expenses incurred throughout all negotiations, trials or appeals undertaken in order to enforce the Prevailing Party’s rights hereunder. Any suit, action or proceeding with respect to this Agreement shall be brought in the state or federal courts located in the State of Delaware. The parties hereto hereby accept the exclusive jurisdiction and venue of those courts for the purpose of any such suit, action or proceeding.

c) Entire Agreement. This Agreement and the Adlumin Software Licensing Contract embody the entire understanding of the Parties and supersede any previous or contemporaneous communications, whether oral or written. Adlumin may update this agreement as products and services change.

12.1 Export

(a) Each party acknowledges that the export, re-export, deemed export, and import of the Software and Documentation by Customer and Adlumin is subject to certain laws, rules, executive orders, directives, arrangements, and regulations of the United States and of other countries. Each party agrees to comply with all applicable laws with respect to the exportation, importation, and use of the Software and Documentation.

(b) Each party agrees to comply with all applicable export and re-export control laws and regulations, including the Export Administration Regulations (“EAR”) maintained by the U.S. Department of Commerce, trade and economic sanctions maintained by the Treasury Department’s Office of Foreign Assets Control, and the International Traffic in Arms Regulations (“ITAR”) maintained by the Department of State. Specifically, each party covenants that it will not directly or indirectly sell, export, re-export, transfer, divert, or otherwise dispose of any products, software, or technology (including products derived from or based on such technology) received from the other party under this Agreement to any destination, entity, or person prohibited by the laws or regulations of the United States, without obtaining prior authorization from the competent government authorities as required by those laws and regulations.

12.3 Personal Data. To the extent that Adlumin processes personal data about any individual in the course of providing the Software or Service, Customer agrees to Adlumin’s Data Processing Agreement, located at Adlumin.com/legal/dpa/.

12.4 Data Privacy. Customer represents and warrants that Customer has obtained all necessary rights to permit Adlumin to collect and process data from Customer, including, without limitation, data from endpoints, servers, cloud applications, and logs.

12.5 Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the parties agree that, in addition to any other remedy to which a party may be entitled hereunder, at law or equity, each party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.

12.6 Relationship of the Parties. Adlumin and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties or representations or assume or create any obligations, express or implied, in the other party’s name or on its behalf.

12.7 US Government Restricted Rights. This Section applies to all acquisitions of the Software or Services by or for the US federal government, or by any prime contractor or subcontractor (at any tier) under any contract, grant, cooperative agreement, or other activity with the federal government for the Government’s end use. The Software and Services are “commercial items” as that term is defined at FAR 2.101. If Customer is an Executive Agency (as defined in FAR 2.101) of the U.S. Federal Government (“Government”), Adlumin provides the Software and Services, including any related technical data and/or professional services in accordance with the following: If a right to access the Software and Services is procured by or on behalf of any Executive Agency (other than an Executive Agency within the Department of Defense (DoD)), the Government is granted, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to Adlumin’s customers as such rights are described in this Agreement. If a right to access the Software and Services is procured by or on behalf of any Executive Agency within the DoD, the Government is granted, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software that are customarily provided to Adlumin’s customers as such rights are described in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data provided by Adlumin to an Executive Agency within the DoD. Note, however, that Subpart 227.72 does not apply to computer software or computer Service documentation acquired under GSA schedule contracts. Except as expressly permitted under this Agreement, no other rights or licenses are granted to the Government. Any rights requested by the Government and not granted under this Agreement must be separately agreed in writing with Adlumin. This Section 11.6 of the Agreement is in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in the Software and Services.

12.8 Force Majeure. Other than payment obligations hereunder, neither party will be liable for any inadequate performance to the extent caused by a condition that was beyond the party’s reasonable control (including, but not limited to, natural disaster, act of war or terrorism, riot, global health crisis, acts of God, or government intervention), except for mere economic hardship, so long as the party continues to use commercially reasonable efforts to resume performance.

12.9 No Reliance. Customer represents that it has not relied on the availability of any future version of the Software or any future product or service in executing this Agreement or purchasing any Software hereunder.

12.10 Notices. Unless specified otherwise herein, (i) all notices must be in writing and addressed to the attention of the other party’s legal department and primary point of contact, and (ii) notice will be deemed given: (a) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (b) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices to Adlumin must be sent to notices@adlumin.com.

12.11 Publicity. Customer acknowledges that Adlumin may use Customer’s name and logo for the purpose of identifying Customer as a customer of Adlumin products and/or services. Adlumin will cease using Customer’s name and logo upon written request.

12.12 Compliance with Law. Each party agrees to comply with all applicable federal, state and local laws and regulations including but not limited to export law, and those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.

APPENDIX A ADLUMIN SECURITY OPERATIONS CENTER

SERVICE LEVEL AGREEMENT (SLA)

Service Description

The Adlumin Managed Detection and Response (MDR) Service allows our analysts to acknowledge and respond to alerts within seconds.

The Adlumin Security Operations Platform is deployed on the Client’s network and aggregates enterprise-wide security events from routers, firewalls, intrusion detection systems, servers and more. The Adlumin Security Operations Platform compares events to known malicious activity and known normal activity. Malicious and unknown events are sent via a secured connection to the Adlumin Security Operations Center (SOC) where the information is correlated and investigated by Security Analysts. The Security Analysts respond to attacks and anomalies according to the Adlumin SOC Incident Handling process.

Response Service Hours of Operations

We maintain Security Operations twenty-four hours a day, 7 days a week. You may reach an individual in this department by calling the SOC Support number at (202) 571-8860.

User Obligations and Interdependencies for Adlumin SOC Performance

User agrees to perform the obligations and acknowledges and agrees that Adlumin’s’ ability to perform its obligations and its liability under the SLAs below, are interdependent on User’s compliance with the following:

• Provide access to User-premises and relevant appliance(s) and management console(s).
• Maintain up-to-date third-party software support contracts for all devices subject to this service.
• Maintain appropriate levels of hardware and connectivity to prevent network performance degradation and maintain communications between the User-owned devices and the Adlumin Platform device.
• User is responsible for all device configurations necessary for the Adlumin Platform to receive log data including implementing necessary tools to convert proprietary log formats into syslog or other standard output.
• User is responsible for identifying any policy or non -security incident related information in User’s logs that User would like to collect; and for the configuration of their logging sources to report this information.

While the Adlumin SOC is designed to reduce or mitigate the risk of a cyberattack, Adlumin’s Security Operations Platform will not eliminate all risks and is not a guarantee that an attack will not occur.