Randori Platform Terms of Service
Thank you for using the Randori Platform. The Randori Platform services consist of Randori Recon and Randori Attack. These services work together to help customers strengthen their overall security program. Randori Recon provides attack surface management by continuously monitoring, discovering, and prioritizing weaknesses in the digital assets visible to an external attacker. Randori Attack exploits these weaknesses in order to test and improve the overall efficacy of a customer’s security program.
In order to access the Platform and related services, you must agree to these Terms of Service, which define the general terms and conditions for use. In addition, in order to access Randori Attack, you must also agree to the Attack Supplemental Terms attached as Addendum A to these Terms of Service and execute a separate authorization form.
IMPORTANT – PLEASE READ THESE TERMS OF SERVICE, INCLUDING ALL ADDENDUMS, EXHIBITS OR DOCUMENTS ATTACHED OR INCORPORATED BY REFERENCE HERETO (THE “AGREEMENT”) CAREFULLY BEFORE ATTEMPTING TO ACCESS OR USE THE PLATFORM OR ANY RELATED SERVICES. THIS AGREEMENT CONSTITUTES A LEGALLY BINDING AGREEMENT BETWEEN YOU OR THE COMPANY WHICH YOU REPRESENT AND ARE AUTHORIZED TO BIND (THE “CUSTOMER” OR “YOU”), AND RANDORI, INC. (“RANDORI” OR “WE”). THIS AGREEMENT GOVERNS YOUR ACQUISITION AND USE OF THE RANDORI PLATFORM AND RELATED SERVICES. PLEASE ONLY CREATE A SERVICE ACCOUNT OR OTHERWISE USE THE PLATFORM OR ANY RELATED SERVICES IF YOU AGREE TO BE LEGALLY BOUND BY ALL TERMS AND CONDITIONS HEREIN, INCLUDING, IF YOU ARE ACCESSING RANDORI ATTACK, THE RANDORI ATTACK SUPPLEMENTAL TERMS. BY ACCEPTING THIS AGREEMENT, BY (1) CREATING A SERVICE ACCOUNT AND USING THE PLATFORM OR RELATED SERVICES, (2) EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, OR (3) USING A FREE TRIAL, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE WITH ANY ASPECT OF THIS AGREEMENT, THEN DO NOT CREATE A SERVICE ACCOUNT OR OTHERWISE USE THE PLATFORM OR SERVICES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THIS AGREEMENT, IN WHICH CASE THE TERMS “YOU” OR “CUSTOMER” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE PLATFORM OR SERVICES.
2. Access to Platform.
- “Attack Services” means the online, web based application delivered via the Platform to provide cyber security attack services on Customer Systems. Attack Services are made available by Randori via the Platform following the provision of Recon Results and are subject to Customer’s acceptance of Attack Supplemental Terms.
- “Customer Systems” means the networks, systems, IP addresses, assets, and/or hardware owned, licensed, accessed or controlled by Customer and identified to Randori in connection with the provision of the Platform.
- “Customer Information” means all information, data and material made available, including authorized for access, by Customer to Randori for use in connection with the Services provided under the Platform. For avoidance of doubt, Customer Information excludes (i) Public Information (ii) machine learning, know-how, statistics, data, methodology, ideas, concepts or artificial intelligence developed by Randori in and as part of the Platform during its normal operation (“Know-How”), provided that that the use of such Know-How cannot be traced back to Customer Information or to Customer in any manner.
- “Documentation” means any written or electronic instructions or user guides generally made available to customers specifying the functionalities or limitations of the Platform, provided, however, that Documentation shall specifically exclude any “community moderated” forums as provided or accessible through such knowledge base(s) for use of the Platform.
- “Intellectual Property Rights” means collectively all patent, trade secret, trademark, copyright (including any moral rights or statutory termination rights), and similar rights for the protection of inventions, works of authorship, recordings, mask works, and identification of source or sponsorship for goods or services in commerce.
- “Linked Sites” has the meaning assigned to it in Section 16.8.
- “Order Form” means Randori’s order form or other ordering document accepted and signed by each of Customer and Randori, which identifies the specific Services ordered and the fees agreed upon by the parties for use of the Platform. Order Forms shall be deemed incorporated herein by reference. No provisions of either party’s pre-printed purchase orders, acknowledgements, or click-through terms may modify this Agreement, and such other or additional terms or conditions are void and of no effect.
- “Platform” means the online, web-based applications and platform provided by Randori via randoristaging.wpengine.com that are ordered by Customer under an Order Form and made available by Randori online via the customer login link at randoristaging.wpengine.com and/or other web pages or documents designated by Randori. “Platform” includes the Services, but excludes any third party applications. Randori reserves the right to make updates, upgrades, revisions, changes or alterations to the Platform and its features and functionality (collectively “Revisions”). Any such Revisions shall be considered part of Platform for all purposes of this Agreement, unless Randori notifies Customer otherwise.
- “Public Information” is defined as publicly available information without restriction, data or information licensed by Randori, or other information that has been obtained by Randori and which Randori is authorized to retain and use in its analytic processes and products. Randori makes no guarantee regarding the fitness of Public Information for these tasks, nor can it guarantee that sufficient information or information of adequate quality will be available for all tasks.
- “Recon Services” means the online, web based application made available by Randori via the Platform in order to identify potential weaknesses and vulnerabilities to Customer Systems.
- “Results” means the results of the Services in the form of certain information and analyses regarding potential related security vulnerabilities and issues. Results are exported by Customer (or prepared by Randori for Customer’s benefit) by means of functionality available in the Services. For avoidance of doubt, all Customer Information and/or non-anonymized information identifying Customer contained in the Results shall constitute Confidential Information of Customer.
- “Selected Services” means the Services selected by Customer in the Order Form executed the parties and subject to the limitations set forth therein.
- “Services” means the online, web based applications delivered via the Platform, specified in an Order Form or delivered as Trial Services and further described herein. Certain Services may be subject to Supplemental Terms.
- “Subscription Term” means the term identified on an Order Form during which Customer has a subscription to the Platform. “Subscription Term” includes the initial term as well as any renewal terms.
- “Supplemental Terms” means the additional legal terms applicable to certain portions of the Services, which you may be required agree to and accept in order to access and use such Services. Attack Services Supplemental Terms are attached hereto as Addendum A.
- “Third Party Content” shall have the meaning given to that term in Section 16.8.
- “Trial Services” shall have the meaning given to that term in Section 2.1.2
- “Users” means Customer employees, contractors or consultants who are authorized by Customer to use the Platform and who have been supplied user identifications and passwords by Customer (or by Randori at Customer’s request).
- Subscription. Subject to the terms and conditions of this Agreement, Randori hereby grants Customer the non-exclusive, non-transferable right to access and use the Platform for the Selected Services for deployment on Customer Systems and solely for Customer’s internal network security purposes. Customer also agrees to be bound by any further restrictions set forth on the Order Form. Customer’s access to the Platform will expire at the end of the Subscription Term, or upon an earlier termination of this Agreement. IF A SEPARATE MASTER SERVICES AGREEMENT (MSA) IS EXECUTED FOR THE SUBSCRIPTION, IT TAKES PRECEDENCE OVER THIS DOCUMENT.
- Evaluation. If Customer’s access to the Platform is for a trial or evaluation only (“Trial Services”), then the Subscription Term shall be thirty days, or the term specified in writing by Randori. Customer may not utilize the same Trial Services for more than one trial or evaluation term in any twelve month period, unless otherwise agreed to by Randori. Sections 8.1 (Limited Warranty) and 12.1 (Indemnification by Randori) shall not be applicable to any Trial Services or to any products or services in beta.
- NOTWITHSTANDING ANY PROVISION OF THIS AGREEMENT TO THE CONTRARY, ACCESS TO THE PLATFORM (INCLUDING THE TRIAL SERVICES OR PRODUCTS AND SERVICES IN BETA) FOR TRIAL OR EVALUATION PURPOSES IS ‘AS IS’. CUSTOMER BEARS THE RISK OF USING THE TRIAL SERVICES AND/OR BETA PRODUCTS AND SERVICES. RANDORI GIVES NO EXPRESS WARRANTIES, GUARANTEES OR CONDITIONS. CUSTOMER MAY HAVE ADDITIONAL RIGHTS UNDER LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER LOCAL LAWS, RANDORI EXCLUDES THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
- Additional Functionality and Features. Customer acknowledges and agrees that: (a) its license of subscriptions is not contingent upon the delivery of any future functionality or features nor is it dependent upon any oral or written public comments made by Randori with respect to future functionality or features.
4. CUSTOMER RESPONSIBILITIES
- License Grant. Subject to the terms and conditions of this Agreement, Randori hereby grants Customer a non-exclusive, worldwide, perpetual, non-transferable license to use the Results intentionally made available to Customer through the Platform solely for Customer’s lawful internal network security activities. Other than with respect to consultants or contractors engaged by Customer to assist Customer with respect to security vulnerabilities and/or issues identified in any Results (the “Customer Consultants”) and who are bound to by confidentiality obligations and use restrictions at least as stringent as those contained in this Agreement, Customer shall not disclose the Results to any third party without Randori’s prior written consent. Customer shall be responsible for any breach of this Agreement by Customer Consultants.
5. CUSTOMER REPRESENTATIONS AND WARRANTIES.
- Restrictions. Except as may be expressly permitted by applicable law, Customer will not, and will not permit or authorize third parties to: (i) use the Platform or the Results other than in accordance with the terms of this Agreement; (ii) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, create derivative works of the Platform or the Results, or merge the Platform into another program or exceed the account limitations or requirements of the Platform; (iii) sell, rent, lease, or otherwise commercially exploit the Platform or the Results; (iv) use the Platform or Results for the purpose of building a similar or competitive product or service, (v) use the Platform or the Results in a manner that is contrary to applicable law or in violation of any third party rights of privacy or Intellectual Property Rights, including any cyber-offensive operations aimed to damage, disrupt, degrade, or otherwise harm any third-parties, whether directly or indirectly; or (vi) use or permit the use of any tools in order to probe, scan or attempt to penetrate or benchmark the Platform (each of (i) – (vi), a “Prohibited Use”).
6. FEES AND PAYMENT TERMS
- Customer represents and warrants on an ongoing basis that: (i) Customer has the full power and authority to enter into this Agreement and to perform its obligations hereunder; (ii) Customer is authorized to instruct Randori to deploy the Services via the Platform on, with, or against, the Customer Systems identified by Customer, or which are monitored, scanned, or tested by the Services via the Platform as instructed by Customer; and (iii) the deployment of the Platform and collection and use of Customer Information as contemplated by this Agreement does not violate any laws, regulations, or any rights of a third party and Customer has obtained any and all necessary consents in connection with such deployment.
- Fees. Customer shall pay all fees specified in all Order Forms hereunder in US dollars and without any deduction for withholding or similar taxes. Except as otherwise specified herein or in an Order Form (i) payment obligations are non-cancelable and fees paid are non-refundable. Unless otherwise specified in the Order Form, subscription fees are charged on an annual basis in advance.
- Updated Fees. Fees may change over time, however, Randori will give Customer thirty (30) days prior notice, generally via email. If Randori revises its fees, such new fees shall not apply to the annual Subscription Period for which Customer has already subscribed, but shall apply to any renewal Subscription Period commencing after the effective date of change in Fees.
- Invoicing and Payment. Unless otherwise specified in the Order Form, charges shall be made annually in advance. Payment will be made by check or wire transfer to the account specified on the Order Form. If the Order Form specifies that payment will be by a method other than check or wire transfer, Randori will invoice Customer in advance and otherwise in accordance with the relevant Order Form. Unless otherwise stated in the Order Form, invoiced charges are due net thirty (30) days from the invoice date.
- Overdue Charges. If any undisputed (subject to Section 6.6) charges are not received from Customer by the due date, then at Randori’s discretion, such charges may accrue late interest at the rate of one percent (1%) of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid.
- Suspension. If any undisputed (subject to Section 6.6) amount owing by Customer under this or any other agreement for the Platform services is thirty (30) or more days overdue, Randori may, without limiting its other rights and remedies, suspend the Platform services to Customer and Customer’s access to the Platform until such amounts are paid in full. Randori will give Customer at least seven (7) days’ prior written notice that Customer’s account is overdue before suspending the Platform services to Customer and Customer’s access to the Platform.
- Payment Disputes. Randori shall not exercise its rights under Section 6.4 (Overdue Charges) or Section 6.5 (Suspension) if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute.
- Taxes. Unless otherwise stated, Randori’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added, sales, use or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If Randori has the legal obligation to pay or collect Taxes for which Customer is responsible under this paragraph, the appropriate amount shall be invoiced to and paid by Customer, unless Customer provides Randori with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Randori is solely responsible for taxes assessable against Randori based on its income, property and employees.
9. LIMITED WARRANTY
- Definition of Confidential Information. As used herein, “Confidential Information” means all information disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”), whether orally or in writing, that, with respect to Randori and Customer, is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Randori Confidential Information shall include the Platform, the Results and any related documentation provided to Customer by Randori. Customer Confidential Information shall include Customer Information. Confidential Information of each Party shall include the terms and conditions of this Agreement and all Order Forms, as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such Party. However, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party as evidenced by Receiving Party’s written records, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party as evidenced by Receiving Party’s written records.
- Protection of Confidential Information. The Receiving Party shall use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care). The Receiving Party shall (i) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, not voluntarily disclose Confidential Information of the Disclosing Party, except to those of its and its Affiliates’ employees, contractors and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements or are subject to confidentiality obligations with the Receiving Party containing protections no less stringent than those herein. Neither Party shall disclose the terms of this Agreement or any Order Form to any third party other than Customer’s and Randori’s respective, Affiliates, their officers, directors and employees, current and potential investors and acquirers, and their legal counsel and accountants without the other Party’s prior written consent.
- Compelled Disclosure. Notwithstanding anything to the contrary contained herein, the Receiving Party may disclose Confidential Information of the Disclosing Party to the extent it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a Party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information.
9. LIMITATION OF LIABILITY
- Warranty. Randori warrants that, during the Subscription Term, the Platform will conform, in all material respects, with the applicable Documentation. Randori makes no warranty regarding third party features or services. For any breach of the above warranty, Randori will, at no additional cost to Customer, use commercially reasonable efforts to provide remedial services necessary to enable the Platform to conform to the warranty. If Randori is unable to restore such functionality, Customer may terminate the applicable Order Form and receive a pro rata refund of the fees paid for the terminated portion of the then-current Subscription Term. Customer will provide Randori with a reasonable opportunity to remedy any breach and reasonable assistance in remedying any defects. The remedies set out in this subsection are Customer’s sole remedies for breach of the above warranty. The foregoing limited warranty shall not apply to the Platform or Results as made available through Trial Services or to any products or services in beta.
- Exclusion from Warranties. The warranties in Section 8.1 are void to the extent any failure to perform in accordance with the Documentation is the result of (i) the Platform not being used by the Customer in a manner in accordance with the applicable Documentation, (ii) the Platform being modified or altered by Customer without Randori knowledge and written permission, and/or (iii) Internet or network connections, streaming services, computers, equipment or devices not supplied by Randori.
- Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN SECTION 8.1, THE PLATFORM, THE RESULTS, PUBLIC INFORMATION AND ANY MEDIA, INFORMATION OR OTHER MATERIALS MADE AVAILABLE BY RANDORI IN CONJUNCTION WITH OR THROUGH THE PLATFORM ARE PROVIDED “AS IS” AND WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMISSIBLE PURSUANT TO APPLICABLE LAW, RANDORI AND ITS LICENSORS, SERVICE PROVIDERS AND PARTNERS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF PROPRIETARY RIGHTS. RANDORI AND ITS LICENSORS, SERVICE PROVIDERS AND PARTNERS DO NOT WARRANT THAT THE FEATURES AND FUNCTIONALITY OF THE PLATFORM WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ALL SECURITY RISKS OR VULNERABILITIES IN THE CUSTOMERSYSTEMS WILL BE IDENTIFIED, THAT DEFECTS WILL BE CORRECTED, THAT FALSE POSITIVES WILL NOT BE FOUND, OR THAT THE PLATFORM AND RELATED SERVICES ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. CERTAIN STATE LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE FOREGOING DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY TO CUSTOMER, AND CUSTOMER MIGHT HAVE ADDITIONAL RIGHTS.
- Limitation on Indirect Liability. UNDER NO CIRCUMSTANCES, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE, SHALL EITHER PARTY OR ITS AFFILIATES, CONTRACTORS, EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, OR THIRD PARTY PARTNERS, LICENSORS OR SERVICE BE LIABLE UNDER THIS AGREEMENT, INCLUDING ANY ADDENDUMS OR AGREEMENTS INCORPORATED HEREIN BY REFERENCE, FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN THAT SUCH DAMAGES WERE POSSIBLE. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY OR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU, IN WHICH CASE RANDORI’S LIABILITY WILL BE LIMITED TO THE EXTENT PERMITTED BY LAW.
- Limitation on Amount of Liability. UNDER NO CIRCUMSTANCES, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE, SHALL EITHER PARTY OR ITS AFFILIATES, CONTRACTORS, EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, OR THIRD PARTY PARTNERS, LICENSORS OR SERVICE PROVIDER’S AGGREGATE LIABILITY UNDER THIS AGREEMENT, INCLUDING ANY ADDENDUMS OR AGREEMENTS INCORPORATED HEREIN BY REFERENCE, EXCEED THE AMOUNT PAID OR PAYABLE BY CUSTOMER TO RANDORI HEREUNDER DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY. NOTWITHSTANDING THE FOREGOING, THE ENTIRE LIABILITY OF RANDORI AND ITS AFFILIATES, CONTRACTORS, EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, OR THIRD PARTY PARTNERS, LICENSORS OR SERVICE PROVIDERS UNDER THIS AGREEMENT RELATED TO CUSTOMERS’ TRIAL OR EVALUATION OF THE PLATFORM (INCLUDING TRIAL SERVICES AND ANY RESULTS) OR TO ANY PRODUCTS OR SERVICES IN BETA SHALL NOT EXCEED $500. MULTIPLE CLAIMS SHALL NOT EXPAND THESE LIMITATIONS.
- Exceptions to Limitations. The limitation of liability in Section 9.2 (Limitation on Amount of Liability) applies to the fullest extent permitted by applicable law, except that there is no limitation on loss, claims, or damages directly arising out of: (i) Customer’s payment obligations under Section 6 (Fees and Payment Terms) (ii) Customer’s breach of Randori’s Intellectual Property Rights; (iii) a party’s indemnification obligations or (iv) a party’s gross negligence or willful misconduct.
11. OWNERSHIP; USE OF CONTENT; OBLIGATIONS
- Term. This Agreement commences on the Effective Date and continues until all subscriptions granted in accordance with this Agreement have expired or been terminated. Platform subscriptions purchased by Customer commence on the start date specified in the applicable Order Form and continue for the Subscription Term specified therein. Unless either party provides the other with written notice of its election not to renew such Subscription Term at least thirty days prior to such renewal date, the Subscription Term will renew for a term of one year. Notwithstanding the foregoing, all access to Trial Services or products or services in beta may be terminated by Randori at any time, with or without cause, upon notice to Customer.
- Suspension of Service. Customer agrees that Randori may suspend Customer’s access to the Service upon notice (which may be made by email or telephone) if Randori reasonably concludes that Customer is using the Platform to engage in illegal or unauthorized activity, and/or Customer’s use of the Platform is causing immediate, material and ongoing harm to others. In the event that Randori suspends Customer’s access to the Platform, Randori will use commercially reasonable efforts to work with Customer to resolve the issues requiring the suspension of Platform.
- Termination. Notwithstanding the foregoing, either party may terminate this Agreement or any Order Form: (i) immediately in the event of a material breach of this Agreement or any such Order Form by the other party that is not cured within thirty days of written notice thereof from the other party or, if such breach is incapable of cure, immediately upon written notice; or (ii) immediately if the other party ceases doing business or is the subject of a voluntary or involuntary bankruptcy, insolvency or similar proceeding, that is not dismissed within sixty days of filing. Either party may also terminate this Agreement upon no less than thirty days’ prior written notice to the other party for any reason if at such time there are no outstanding Subscription Terms then currently in effect. Any provisions of the Agreement containing proprietary rights, confidentiality obligations, disclaimers, limitations of liability and/or indemnity terms, and any provision of the Agreement which, by its nature, is intended to survive shall remain in effect following any termination or expiration of the Agreement and each Order Form.
- Effect of Termination. Upon any termination or expiration of this Agreement or any applicable Order Form, Randori shall no longer provide the Platform to Customer and Customer shall cease using the Platform. Termination of this Agreement or an Order Form shall not relieve Customer of its obligation to pay all fees that have accrued or have become payable by Customer hereunder. Customer agrees that following termination of Customer’s account and/or use of the Platform, Randori may immediately deactivate Customer’s account.
- Customer Information.
- Customer retains ownership of all right, title, and interest in and to all Customer Information.
- Customer hereby grants to Randori a limited, worldwide, non-exclusive, non-transferable (except as set forth in Section 16.1), royalty-free right to use, reproduce, modify, create derivative works of, display, perform and transmit the Customer Information in connection with: (i) Customer’s use of the Selected Services, the creation of the Results and for otherwise performing Randori’s obligations hereunder; (ii) in anonymized and aggregated form for: (a) generating statistics and producing reports and (b) improving the Services and our products and services, including for developing, training, improving and testing Randori technology, algorithms and techniques; and (iii) as may be required by law or legal process.
- Randori Platform. Randori retains ownership of all right, title, and interest in and to all intellectual property in and about the Platform, Results and all Know-How, usage and other data created, generated or collected in connection with the use thereof.
- Feedback. The parties are working together to further develop the Platform. In the event that Customer provides Randori with any ideas, thoughts, criticisms, suggested improvements or other feedback related to the Platform, including the Results (collectively “Feedback”), Customer agrees that Randori will own, and Customer hereby assigns to Randori all of right, title, and interest in, such Feedback. To the extent that the foregoing assignment is ineffective for whatever reason, Customer agree to grant and hereby grants to us a nonexclusive, perpetual, irrevocable, royalty free, worldwide license (with the right to grant and authorize sublicenses) to make, have made, use, import, offer for sale, sell, reproduce, distribute, modify, adapt, prepare derivative works of, display, perform and otherwise exploit such Feedback without restriction.
13. AVAILABILITY; DOWNTIME; SUPPORT
- By Randori. Randori shall defend Customer against any claim, demand, suit, or proceeding (a “Claim”) made or brought against Customer by a third party alleging that the Platform or Results, or use of the Platform or Results as permitted hereunder infringes or misappropriates the Intellectual Property Rights of a third party, and shall indemnify Customer for any damages, attorney fees and costs finally awarded against Customer as a result of, and for amounts paid by Customer under a court approved settlement of, a Claim. Notwithstanding the foregoing, in no event shall Randori have any obligations or liability under this Section arising from: (i) use of the Platform or Results in a manner not anticipated by of in violation of this Agreement or in combination with materials not furnished by Randori; or (ii) any content, information, or data provided by Customer or other third parties. If the Platform or Results are or are likely to become subject to a claim of infringement or misappropriation, then Randori will, at its sole option and expense, either: (i) obtain for the Customer the right to continue using the Platform or Results, as applicable; (ii) replace or modify the Platform or Results to be non-infringing and substantially equivalent to the infringing Platform or Results; or (iii) terminate Customer’s rights to use the Platform or Results and will refund pro-rata any prepaid fees for the infringing portion of the Platform or Results.
- By Customer. Customer shall defend Randori against any Claim made or brought against Randori by a third party arising from or related to (i) any Prohibited Use, (ii) Customer’s breach of the representations and warranties contained in this Agreement, (iii) Customer’s use of the Platform or Results in violation of this Agreement, the Order Form, the Documentation or applicable law, (iii) arising from Randori’s compliance with any specifications or directions provided by or on behalf of Customer, and shall indemnify Randori for any damages, attorney fees and costs finally awarded against Randori as a result of, or for any amounts paid by Randori under a court-approved settlement of, a Claim.
- Indemnification Process. Each party’s indemnification obligations in this Section 12 are subject to: (i) prompt notification in writing of any Claim (provided that the indemnified party’s failure to provide reasonable written notice shall only relieve the indemnifying party of its indemnification obligations hereunder to the extent such failure materially limits or prejudices the indemnifying party’s ability to defend or settle such claim); (ii) the transfer of sole control of the defense and any related settlement negotiations to the indemnifying party; and (iii) the indemnified party’s cooperation in the defense of such claim. Notwithstanding the foregoing, if the indemnifying party fails to respond in writing within ten (10) days after receiving notice of a Claim from the indemnified party, stating that the indemnifying will fulfill its obligations pursuant to this Section, then the indemnified party shall have the right to assume the exclusive defense of the Claim (including, without limitation, the investigation, trial, settlement, appeal, and payment of any losses) solely at indemnifying party’s expense. You will fully cooperate in the defense of any Claim. THIS SECTION 12 STATES CUSTOMERS’S SOLE AND EXCLUSIVE REMEDIES FOR INFRINGEMENT OR CLAIMS ALLEGING INFRINGEMENT.
14. DATA PRIVACY
- Downtime. Subject to this Agreement, Randori shall use commercially reasonable efforts to provide the Service twenty-four hours a day, seven days a week throughout the Subscription Term. Customer agrees that from time to time the Service may be inaccessible or inoperable for various reasons, including: (i) equipment malfunctions; (ii) periodic maintenance procedures or repairs which Randori may undertake from time to time; or (iii) causes beyond the control of Randori or which are not reasonably foreseeable by Randori, including interruption or failure of telecommunication or digital transmission links, hostile network attacks or network congestion, or other failures (collectively “Downtime”). Randori shall use commercially reasonable efforts to provide twenty-four hour advance notice to Customer in the event of any scheduled Downtime. Randori shall have no obligation during performance of such operations to mirror Customer Information or to transfer Customer Information. Randori shall use commercially reasonable efforts to minimize any disruption, inaccessibility, and/or inoperability of the Service in connection with Downtime, whether scheduled or not.
- Support Services. Randori will provide reasonable support for the Platform, through telephone, e-mail or other online mechanisms, at no additional charge.
- Product-Related Professional Services. Unless otherwise provided on an Order Form or separate statement of work (SOW), Customer is responsible for installing and configuring all software required to implement the Platform.
15. COMPLIANCE WITH EXPORT CONTROLS
- Protection of Customer Information. Randori will implement commercially reasonable and appropriate measures designed to help secure Customer Information against accidental, unauthorized, or unlawful loss, access, disclosure, destruction, or alteration. Customer agrees and acknowledges that Randori cannot and does not guarantee the security, confidentiality or integrity of Customer Information.
- Data Protection. If Randori processes any Customer Information comprised of personal data, as defined in the Data Protection Legislation, each party shall duly comply with all of its obligations under the Data Protection Legislation that arise in connection with this Agreement and shall adhere to the provisions set out in the Data Processing Agreement located at HTTPS://RANDORI.COM/DATA-PROCESSING-AGREEMENT and incorporated herein by reference. “Data Protection Legislation” means all applicable laws and regulations relating to the processing of personal data and privacy, including the General Data Protection Regulation 2016/679 (“GDPR”), any local legislation implementing or supplementing the foregoing and all associated codes of practice and other guidance issued by any applicable data protection authority, all as amended, re-enacted and/or replaced and in force from time to time.
- Permitted Disclosures. To the extent permissible under the Data Protection Legislation, Customer agrees that Randori may disclose Customer Information as follows: (i) when compelled by law in accordance with Section 7.3 (Compelled Disclosure); (ii) to third party service providers that Randori retains to provide Professional Services or the Platform to Customer hereunder, provided that Randori has executed a written agreement with such third-party providers requiring them to maintain the confidentiality of Customer Information to the same extent as Randori does under this Agreement; (iii) as expressly permitted in writing by Customer; and (v) to Randori affiliates or to any third party to whom Randori transfers all or substantially all of its assets or equity, provided that Randori has executed a written agreement with such parties to maintain the confidentiality of Customer Information to same extent as Randori does under this Agreement.
Customer agrees to comply with U.S., foreign, and international laws and regulations, including without limitation the U.S. Foreign Corrupt Practices Act, U.K. Bribery Act, other anti-corruption laws, U.S. Export Administration and Treasury Department’s Office of Foreign Assets Control regulations, and other anti-boycott and import regulations. Customer represents and warrants that it is neither a Prohibited Person nor owned or controlled by a Prohibited Person. “Prohibited Persons”
shall mean a person or entity appearing on the lists published by the U.S. Department of Commerce, the U.S. Department of State, the U.S. Department of Treasury or any other list that may be published by the U.S. Government, as amended from time to time, that is prohibited from acquiring ownership or control of items under this Agreement, or with which Randori is prohibited from doing business.
16. GENERAL PROVISIONS
Randori Supplemental Terms and Conditions for Attack Services
- Miscellaneous. (a) This Agreement shall be construed in accordance with and governed for all purposes by the laws of the Commonwealth of Massachusetts, excluding its respective choice of law provisions, and each party consents and submits to the jurisdiction and forum of the state and federal courts in the Commonwealth of Massachusetts; each party waives any objection (on the grounds of lack of jurisdiction, forum non conveniens or otherwise) to the exercise of such jurisdiction over it by any such courts and irrevocably waives any right to a trial by jury. The parties agree that each party may bring claims against the other only on an individual basis and not as a plaintiff or class member in any purported class or representative action or proceeding; (b) this Agreement, along with the accompanying Order Form(s), constitutes the entire agreement and understanding of the parties hereto with respect to the subject matter hereof and supersedes all prior agreements and undertakings, both written and oral; (c) this Agreement, any Supplemental Terms and each Order Form may not be modified except by a writing signed by each of the parties; (d) in case any one or more of the provisions contained in this Agreement shall for any reason be held to be invalid, illegal, or unenforceable in any respect, such invalidity, illegality, or unenforceability shall not affect any other provisions of this Agreement but rather this Agreement shall be construed as if such invalid, illegal, or other unenforceable provision had never been contained herein; (e) Customer shall not assign its rights or obligations hereunder without Randori’s advance written consent; (f) subject to the foregoing subsection (e), this Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their successors and permitted assigns; (g) no waiver of any right or remedy hereunder with respect to any occurrence or event on one occasion shall be deemed a waiver of such right or remedy with respect to such occurrence or event on any other occasion; (h) nothing in this Agreement, express or implied, is intended to or shall confer upon any other person any right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement, including but not limited to any of Customer’s own clients, customers, or employees; (i) the headings to the sections of this Agreement are for ease of reference only and shall not affect the interpretation or construction of this Agreement; and (j) in the event of a conflict between the terms of this Agreement, the Supplemental Terms and the terms of an Order Form, the terms in the Supplemental Terms, and then the Order Form shall take precedence.
- No High Risk Activities. Customer acknowledges that the Platform is not designed or intended for use in high-risk activities including, without limiting the generality of the foregoing, in any direct or active operations of any equipment in any nuclear, aviation, mass transit, or medical applications, or in any other inherently dangerous operation.
- Injunctive Relief. Notwithstanding any other provision of this Agreement, both parties acknowledge that any breach of this Agreement may cause the other party irreparable and immediate damage for which remedies other than injunctive relief may be inadequate. Therefore, the parties agree that, in addition to any other remedy to which the disclosing party may be entitled hereunder, at law or equity, the disclosing party shall be entitled to seek an injunction to restrain such use in addition to other appropriate remedies available under applicable law.
- Relationship of the Parties. Randori and Customer are independent contractors, and nothing in this Agreement shall be construed as making them partners or creating the relationships of principal and agent between them, for any purpose whatsoever. Neither party shall make any contracts, warranties, or representations or assume or create any obligations, express or implied, in the other party’s name or on its behalf.
- Force Majeure. Neither party will be liable for inadequate performance to the extent caused by a condition (for example, natural disaster, act of war or terrorism, riot, labor condition, or internet disturbance) that was beyond the party’s reasonable control.
- Notices. Unless specified otherwise herein, (i) all notices must be in writing and addressed to the attention of the other party’s legal department and primary point of contact and (ii) notice will be deemed given: (x) when verified by written receipt if sent by personal courier, overnight courier, or when received if sent by mail without verification of receipt; or (y) when verified by automated receipt or electronic logs if sent by email. When sent by email, notices must be sent to Randori at notices@Randori.com.
- Publicity. Customer acknowledges that Randori may use Customer’s name and logo for the purpose of identifying Customer as a customer of Randori products and/or services. Randori will cease using the customer’s name and logo upon written request.
- Compliance with Law. Each party agrees to comply with all federal, state, and local laws and regulations including but not limited to export law, and those governing the use of network scanners, vulnerability assessment software products, encryption devices, user monitoring, and related software in all jurisdictions in which systems are scanned, scanning is controlled, or users are monitored.
These Supplemental Terms and Conditions for Attack Services (“Attack Supplemental Terms”) are an addendum to the Randori Platform Terms of Service by and between Randori, Inc. and the Customer specified therein (the “Terms of Service
”), and apply to Customer‘s use of the Attack Services. These Attack Supplemental Terms are hereby incorporated into and shall be deemed part of the Subscription Agreement. In the event of a conflict between these Attack Supplemental Terms and the Subscription Agreement, these Attack Supplemental Terms shall govern.
Capitalized terms not defined herein the will have the meanings given to them in the Subscription Agreement.
1. ADDITIONAL DEFINITIONS
2. ATTACK SERVICES TERMS AND CONDITIONS
- “Attack Services Authorization” means the documentation executed by Customer and Randori directing Randori to conduct Attack Services on the Target Systems.
- “Targeted Systems” means the elements of the Customer Systems (including any related third party systems) specified, authorized and established by Customer for Attack Services.
3. No Warranty.
NOTWITHSTANDING ANY PROVISION HEREIN OR THE TERMS OF SERVICE, INCLUDING SUBSECTION 8.1 (WARANTY), ATTACK SERVICES ARE PROVIDED “AS IS” AND WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. CUSTOMER ASSUMES ALL RISK OF LOSS AND LIABILITY ARISING FROM THE ATTACK SERVICES. TO THE FULLEST EXTENT PERMISSIBLE PURSUANT TO APPLICABLE LAW, RANDORI AND ITS LICENSORS, SERVICE PROVIDERS AND PARTNERS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF PROPRIETARY RIGHTS. RANDORI AND ITS LICENSORS, SERVICE PROVIDERS AND PARTNERS DO NOT WARRANT THAT THE ATTACK SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ALL SECURITY RISKS OR VULNERABILITIES IN THE CUSTOMER SYSTEM WILL BE IDENTIFIED, THAT DEFECTS WILL BE CORRECTED, THAT FALSE POSITIVES WILL NOT BE FOUND, OR THAT THE ATTACK SERVICES ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. CERTAIN STATE LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE FOREGOING DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY TO CUSTOMER, AND CUSTOMER MIGHT HAVE ADDITIONAL RIGHTS.
- Risk of Provision of Attack Services. Customer acknowledges that the Attack Services are comprised of one or more cyber-attacks on Targeted Systems. To the extent Customer authorizes Attack Services by executing an Attack Services Authorization, Customer acknowledges that such Attack Services involve substantial risk of damage to Customer Systems, Customer Information and related data and infrastructure, including third party systems and data, which may be adversely affected by the cyber-attack. Measures will be taken to avoid such damage, but Randori will not be responsible for any damages from use of the Attack Services. Randori disclaims any responsibility for any and all claims of loss arising from or in connection with disruptions of and/or damage to Customer Systems, Customer Information or third party systems or data arising from our related to the provision of the Attack Services.
- Customer Representations and Warranties.
- Customer represents and warrants on an ongoing basis that Customer has carefully reviewed and approved the Targeted Systems and the nature of the Attack Services and that it is authorized to instruct Randori to initiate and conduct such Attack Services. Customer further represents and warrants that:
- Customer shall not authorize Attack Services on Targeted Systems used by a third party to provide services to any other third party, unless otherwise expressly agreed in writing by such third party, Customer and Randori;
- Customer has implemented adequate safeguards to prevent damage to Customer, the Customer Systems and any third party or third party systems from the Attack Services;
- Customer has taken and will take all necessary actions (including, without limitation, obtaining consents) required for Customer to legally disclose all personally identifiable or equivalent data contained within the Customer Information to be accessed by Randori as a result of its performance of the Attack Services; and
- Customer will not grant Randori access to systems or data and shall not disclose data to the extent such access and disclosure is not permitted under applicable law.
- Additional Restrictions and Limitations.
- Customer shall not provide Randori any access to Customer Information which requires, pursuant to any law or regulation, protection of such Customer Information to any legally and/or regulatory standard of care, to include, without limitation, import/export restrictions. Customer will notify Randori in advance if any Customer Information is restricted for import or export control purposes.
- Randori shall be excused from any the performance of any obligation to the extent such performance conflicts with applicable law or regulation, including, without limitation, where Randori in good faith believes that such performance is likely to conflict.
Customer agrees to defend, indemnify and hold Randori, its affiliates, and each of their officers, directors and employees, harmless from any claims, losses, damages, liabilities, costs and expenses, including reasonable attorney’s fees, arising out of or relating to Customer’s use or misuse of the Attack Services (an “Attack Services Claim”), provided that the foregoing does not obligate Customer to the extent the Attack Services Claim arises out of Randori’s willful misconduct or gross negligence.
5. No Liability.
NOTWITHSTANDING ANY PROVISION HEREIN OR IN THE TERMS OF SERVICE, INCLUDING, BUT NOT LIMITED TO SECTIONS 9.2 AND 9.3, EXCEPT IN THE CASE OF RANDORI’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, UNDER NO CIRCUMSTANCES, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE, SHALL RANDORI OR ITS AFFILIATES, CONTRACTORS, EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, THIRD PARTY PARTNERS, LICENSORS OR SERVICE PROVIDERS, BE LIABLE TO CUSTOMER FOR ANY LOSSES OR DAMAGES THAT ARISE OUT OF OR RELATE TO THE ATTACK SERVICES, INCLUDING CUSTOMER’S USE THEREOF, EVEN IF RANDORI OR A RANDORI AUTHORIZED REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO CUSTOMER, IN WHICH CASE RANDORI’S LIABILITY WILL BE LIMITED TO THE EXTENT PERMITTED BY LAW
IF CUSTOMER HAS ANY DOUBT CONCERNING (I) ITS AUTHORITY TO INITIATE THE ATTACK SERVICES OR (II) THE POTENTIAL DAMAGE TO CUSTOMER OR ANY THIRD PARTY, THEN IT SHOULD NOT AUTHORIZE AND/OR INITIATE THE ATTACK SERVICES.
- By executing the Attack Services Authorization, Customer is authorizing and launching a cyber-attack on Customer and its assets. THE ATTACK SERVICE MAY CAUSE DAMAGE TO CUSTOMER, CUSTOMER SYSTEMS AND OTHER ASSETS.