Cyber Crucible, Inc.

MASTER SOFTWARE AS A SERVICES AGREEMENT

This MASTER SOFTWARE-AS-A-SERVICES AGREEMENT (the “Agreement”) describes the terms and conditions pursuant to which Cyber Crucible shall make available the Services (as defined below) to Customer. Each of Cyber Crucible, possible authorized Cyber Crucible resellers, possible authorized Cyber Crucible distributors, and the Customer may be referred to herein as a “Party” or collectively the “Parties.

NOW, THEREFORE, in consideration of mutual promises hereinafter set forth, it is agreed by and between the Parties as follows:

SCOPE AND DEFINITIONS. This Agreement consists of these terms and conditions, the Cyber Crucible End User License Agreement Exhibit A (“EULA”), and all schedules attached and/or referenced thereto, which are incorporated herein by reference. Unless otherwise defined in this Section 1, the capitalized terms used in this Agreement shall be defined in the context in which they are used.
1. “Agreement” has the meaning given such term in the preamble.
2. “Authorized User(s)” means the Customer’s employees, consultants, contractors, and managed outsourcers who are permitted access to the Intrusion Detection Services hereunder.
3. “Confidential Information” means: any information or data (including information or data received by the disclosing Party from a third party and as to which the disclosing Party has confidentiality obligations) provided or disclosed by disclosing Party or its agents to receiving Party that is:
  1. fixed in a tangible medium and marked as the confidential or proprietary information of the disclosing Party; or
  2. otherwise provided or disclosed by or on behalf of the disclosing Party marked as proprietary or confidential at the time the information is provided; or
  3. not falling within any of the prior clauses of this sentence, but which, a reasonable person would conclude is of a confidential nature given the facts and circumstances of such disclosure; or
  4. the Intrusion Detection Services and the Documentation. The terms of this Agreement shall constitute the Confidential Information of both Parties.
4. “Customer Data” means Customer’s telemetry, alerts, user information, and group information that are uploaded, stored, analyzed and made available to and through the Intrusion Detection Services.
5. “Cyber Crucible Technology” means
  1. Cyber Crucible’s proprietary Rogue Process Prevention software
  2. Cyber Crucible’s Intelligence Platform
  3. Cyber Crucible’s Digital Identity Theft Detection Services
6. “Digital Identity Theft Detection Services” means Cyber Crucible’s proprietary data analytics and monitoring for stolen passwords, keys, cookies, tokens, cryptowallets, and other data designed to confirm or express the identity of a user. Monitoring for stolen materials is conducted on a per account or per domain basis.
7. “Documentation” means the documentation provided by Cyber Crucible relating to the Rogue Process Prevention Services.
8. “Implementation Services” means the installation, configuration and/or training services as specified in an Order Form.
9. “Intellectual Property Rights” means all trade secrets, patents and patent applications, trade marks (whether registered or unregistered and including any goodwill acquired in such trade marks), service marks, trade names, business names, internet domain names, e-mail address names, copyrights (including rights in computer software), moral rights, database rights, design rights, rights in know-how, rights in confidential information, rights in inventions (whether patentable or not) and all other intellectual property and proprietary rights (whether registered or unregistered, and any application for the foregoing), and all other equivalent or similar rights which may subsist anywhere in the world.
10. “Intelligence Platform” means the combination of servers, databases, and web applications to provide the Customer with Security Intelligence, management of software, management of users, management of groups, Rogue Process Prevention state and activity, and root cause analysis of potential cybersecurity incidents.
11. “Intrusion Detection Services” means, collectively or individually, any combination of
  1. Cyber Crucible Technology
  2. Cyber Crucible’s Implementation Services
  3. Cyber Crucible Documentation
12. “Order Form,” synonymous with Quote or Invoice, means a document signed by both Parties whereby the Customer orders Cyber Crucible Intrusion Detection Services, or any other products or services to be offered by Cyber Crucible pursuant to this Agreement.
13. “Personal Data” shall mean any information or data that alone or together with any other information relates to an identified or identifiable natural person or data considered to be personal data as defined under applicable law.
14. “Report” means the automated reporting generated by the Intelligence Platform that presents the Security Intelligence.
15. “Rogue Process Prevention” means Cyber Crucible’s proprietary Rogue Process Prevention software installed on Customer systems which may upload telemetry and notification of automated responses for further analysis by the Cyber Crucible Technology in order to generate Confidential Information for Customer viewing via the Intelligence Platform. Any patches, updates, upgrades, improvements, additions and other modifications or revised versions that may be made available by Cyber Crucible or its licensors from time to time.
16. “Security Intelligence” means the key attributes, characteristics and dynamic behavior of malicious activity learned from alerts and telemetry submitted to the Security Intelligence, including without limitation, such other characteristics such as its structure, sequence, and organization, and vulnerabilities or end points to be exploited, which Security Intelligence is presented in a Report.
17. “Services” means collectively or individually, the Intrusion Detection Services or any other products or services to be offered by Cyber Crucible pursuant to this Agreement.
18. “Subscription Term” shall have the meaning given such term in the Order Form.
19. “Term” has the meaning given in Section 8.1.
20. “Use Restrictions” means any use restriction that is specifically agreed to in an Order Form, which may include maximum concurrent active Rogue Process Prevention software licenses per type of installation.
ORDERS FOR INTRUSION DETECTION SERVICES.
1. Order Forms. During the Term, the Parties may execute one or more Order Forms specifying the maximum number of active Rogue Process Prevention software licenses, domains to monitor with Cyber Crucible Digital Identity Theft Monitoring Services, and for the purchase of certain Implementation Services. The Parties shall negotiate and sign each Order Form separately. Each Order Form shall set out a description and fee schedule of the Intrusion Detection Services (including specific deliverables and estimated time schedule, if any), maximum number and duration of active software installations, payment terms and any other additional terms that are agreed to by the Parties. Each Order Form shall be attached to this Agreement and incorporated in this Agreement by reference. In the event of any conflict between the provisions of this Agreement and the terms of any Order Form(s), the conflict shall be resolved in the following order of priority of interpretation: (a) the Order Form(s); and (b) this Agreement.
ACCESS TO INTELLIGENCE PLATFORM.
1. Grant of Access. Subject to the terms and conditions of this Agreement, during the Subscription Term, Cyber Crucible grants Customer a limited non-exclusive, non-transferable right to:
  1. access the Intrusion Detection Services to process and analyze Confidential Data in accordance with the Documentation in order to generate the Security Intelligence and the Reports; and
  2. use and copy the Reports solely for Customer’s internal security business purposes, in each and every case, solely in accordance with applicable Documentation and Use Limitations. Cyber Crucible reserves the right to modify the Intrusion Detection Services at any time. Customer understands that this Agreement grants certain rights of access only, and that nothing in this Agreement may be interpreted to require delivery of a copy of any of the software or installation of a copy of such software upon Customer’s computers or systems.
2. Connectivity. Cyber Crucible will be responsible for maintaining connectivity from its Intelligence Platform to the Internet. Customer is responsible for providing connectivity of the Rogue Process Prevention installed on Customer equipment to the Internet for itself, and Internet connectivity to the Intelligence Platform for its Authorized Users. Customer shall also be responsible for ensuring that latency and available bandwidth from the Customer’s equipment to Cyber Crucible’s Intelligence Platform is adequate to meet Customer’s desired level of performance. If Customer requires a VPN or private network connection to the Rogue Process Prevention Services, Customer is responsible for all costs associated with any specialized network connectivity required by Customer.
3. Authorized Users. Customer is solely responsible for creating individual Authorized User accounts in order to allow access to the Intrusion Detection Services and Documentation, possibly up to the maximum number of Authorized Users if indicated on the Order Form, provided that the access to the Intrusion Detection Services and Documentation by such Authorized User(s) is solely on behalf of and for the benefit of the Customer. Customer shall not authorize access to or permit use of the Intrusion Detection Services, or Documentation by persons other than Authorized Users. Customer shall be responsible for all acts and omissions of such Authorized Users and any act or omission by any Authorized User which, if undertaken by the Customer, shall be deemed a breach of this Agreement. Customer shall make all Authorized Users aware of the provisions of this Agreement as applicable to their access to the Intrusion Detection Services and Documentation and shall cause all Authorized Users to comply with such provisions. Customer is responsible for all activities that occur under its Authorized User accounts, regardless of whether the activities are authorized by Customer or undertaken by Customer, its employees or any third party, and Cyber Crucible and its affiliates are not responsible for unauthorized access to any Customer account.
CUSTOMER RESPONSIBILITIES.
1. Direct Use. The Rogue Process Prevention Services that may be provided by Cyber Crucible pursuant to this Agreement and an applicable Order Form shall be solely for Customer’s internal business purposes and not for the benefit of any third party without written approval by Cyber Crucible, Inc. In connection with Customer’s use of the Intrusion Detection Services, Customer shall:
  1. comply with all applicable laws, court orders, rules and regulations;
  2. comply with applicable Cyber Crucible End User License Agreement (“EULA”) for access to and use of the Intrusion Detection Services, including but not limited to, its acceptable use policy;
  3. use reasonable security precautions for providing access to the Intrusion Detection Services by Authorized Users;
  4. cooperate with Cyber Crucible’s investigation of outages, security problems, unauthorized use of the Intrusion Detection Services and/or any suspected breach of this Agreement, the acceptable use policy, or any applicable law, court order, rule or regulation; and
  5. promptly notify Cyber Crucible of any known or suspected unauthorized use of Customer’s account, the Intrusion Detection Services or any other breach of security.
2. General Restrictions. Customer shall not, and shall ensure that its Authorized Users shall not, take any one, combination of, or all of the following actions:
  1. use the Services, or Documentation in any manner inconsistent with the Documentation (and the rights expressly granted hereunder), or with applicable laws and government regulations (including without limitation, anti-spam and unsolicited email laws);
  2. use the Intrusion Detection Services to store or transmit infringing, libelous, obscene, threatening, or otherwise unlawful or tortious material, including without limitation material harmful to children or violating third party intellectual property or privacy rights;
  3. assign, sublicense, sell, lease or otherwise transfer or convey, or pledge as security or otherwise encumber its rights under this Agreement;
  4. modify or create any derivative works of the Intrusion Detection Services, or Documentation, except with the prior written consent of Cyber Crucible;
  5. decompile, disassemble, reverse engineer or otherwise attempt to obtain or perceive the source code from any component of the Intrusion Detection Services;
  6. use the Intrusion Detection Services to store or transmit viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs; or
  7. interfere with or disrupt the integrity or performance of the Intrusion Detection Services.
3. No Implied Licenses. Customer acknowledges that there are no licenses granted by implication under this Agreement. Cyber Crucible retains and reserves all right, title and interest in and to the Services, the Documentation and all Intellectual Property Rights therein. Customer acknowledges that, as between the Parties, Cyber Crucible owns all Intellectual Property Rights and proprietary interests that are embodied in, or practiced by, the Services, and the Documentation. Any license granted by Cyber Crucible pursuant to this Agreement is only for Intellectual Property Rights that are owned by Cyber Crucible or that Cyber Crucible has a right to sublicense.
4. No Source Code. Customer acknowledges the rights granted under this Agreement with respect to the Intrusion Detection Services are intended to apply only to the compiled, object code format of the software, and are not intended as licenses to obtain or use any source code.
5. Branding. Customer shall not delete, alter, cover, or distort any copyright, trademark, any printed or on-screen proprietary or legal notice, or other proprietary rights notice placed by Cyber Crucible on or in the Intrusion Detection Services and Documentation.
6. Credentials. Customer and its Authorized Users shall be responsible for maintaining the confidentiality and security of all passwords and other access protocols required in order to access the Intrusion Detection Services, if applicable.
CUSTOMER DATA; SECURITY; PRIVACY/DATA PROTECTION.
1. Rights to Customer Data. Prior to storing, processing, uploading, distributing or linking to any Customer Data using the Intrusion Detection Services, Customer shall, at its own expense, obtain all third-party consents and/or permissions that may be necessary and appropriate with respect to such Customer Data or required by this Section 5.1. Cyber Crucible will not access or use any Customer Data except with the Customer’s prior written consent, as necessary to maintain or provide the Intrusion Detection Services, or as necessary to comply with the law or a binding order of a governmental body, provided however, that Cyber Crucible will use data related to the Customer’s account, such as resource identifiers, metadata tags, security and access roles, rules, usage policies, permissions, usage statistics and analytics in connection with providing the Intrusion Detection Services. Customer further agrees to allow Cyber Crucible to copy, store, process, analyze and display such Customer Data through the Intrusion Detection Services. Customer hereby grants to Cyber Crucible a non-exclusive, non-transferable right and license to use the Customer Data during the Term for the limited purposes of performing Cyber Crucible’s obligations under this Agreement and to collect and use any such data, in non-user specific and aggregated statistical form, for the development and maintenance of the Cyber Crucible products or Services and for Cyber Crucible’s other business purposes. Customer hereby represents and warrants that it owns or otherwise has sufficient rights to grant Cyber Crucible access to and use of the Customer Data in accordance with the terms of this Agreement. Cyber Crucible will comply with all applicable US Federal and US state legislation with respect to the storage, use and protection of Personal Data.
2. Security. Cyber Crucible uses third-party data centers located in the United States in order to provide the Intrusion Detection Services, and Customer hereby consents to the storage of any Customer Data in the United States. Cyber Crucible shall maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality, and integrity of the Intrusion Detection Services, and agrees to implement reasonable and appropriate measures designed to help Customer secure the Customer Data against accidental or unlawful loss, access or disclosure. Cyber Crucible shall neither house nor allow any service provider to house any Customer Data outside of the United States of America.
  1. Customer has primary access and control over its dedicated portion of the Intrusion Detection Services. Customer is responsible for properly configuring and using the Intrusion Detection Services and otherwise taking appropriate action to secure, protect and backup its Authorized User accounts and the Customer Data in a manner that will provide appropriate security and protection, which might include use of encryption to protect Customer Data from unauthorized access and routinely archiving Customer Data. Customer shall be solely responsible for, and assumes the risk of, any problems resulting from, the content, accuracy, completeness, consistency integrity, legality, reliability, and appropriateness of all Customer Data. Cyber Crucible will conduct backups daily and retain the backups for 7 days to permit recovery of Intrusion Detection Services after a disaster or catastrophic failure. Cyber Crucible does not have the capability to restore prior data values for a specific customer. Customer will ensure that the Customer Data and its and the Authorized Users’ use of Customer Data or the Intrusion Detection Services will not violate any of Cyber Crucible acceptable use or privacy policies or any applicable law.
  2. Customer shall be the data controller and Cyber Crucible shall be a data processor with respect to any Customer Data processed via the Intrusion Detection Service. Cyber Crucible shall process Customer Data via the Intrusion Detection Service on behalf of Customer only in accordance with the terms of this Agreement and any instructions reasonably given by Customer from time to time.
OTHER SERVICES.
1. Implementation Services. Customer understands and acknowledges that access to the Intrusion Detection Services by the Customer may require Implementation Services, including, by way of example, configuration or customization, training of Customer personnel, or provision of technical support. All Implementation Services that the Customer may choose to order shall be set forth in an Order Form.
2. Other Professional Services. Customer may elect to order additional professional services from Cyber Crucible on a time and materials basis. All such professional services will be set forth in an Order Form and will be billed at then-current hourly rates.
FEES AND EXPENSES; PAYMENTS.
1. Fees. In consideration for the rights granted to Customer and the Intrusion Detection Services made available by Cyber Crucible under this Agreement, Customer will pay to Cyber Crucible, an authorized Cyber Crucible distributor, or an authorized Cyber Crucible reseller, without offset or deduction, all fees required by an Order Form. Cyber Crucible, an authorized Cyber Crucible distributor, or an authorized Cyber Crucible reseller will submit invoices to Customer with respect to such fees according to the relevant payment schedules indicated on the applicable Order Form, and each invoiced amount will be due and payable upon receipt of the relevant invoice by Customer. Notwithstanding the foregoing, any initial fees listed on a particular Order Form shall be due and payable upon execution of the applicable Order Form, without additional invoice. All amounts due hereunder shall be paid in the U.S. and in U.S. dollars.
2. Default Payment Terms. Unless otherwise specified in an Order Form, default payment terms shall be 30 day (NET 30) payment terms.
3. Expenses. Out-of-pocket expenses, including reasonable expenses incurred for non-local travel of Cyber Crucible personnel in connection with this Agreement, will be invoiced to Customer monthly, provided that they shall only be payable if incurred in accordance with Customer’s expense reimbursement policy, and authorized in advance.
4. Taxes. All fees under this Agreement are net of sales, use and other taxes and all applicable export and import fees, customs duties and similar charges (other than taxes based on Cyber Crucible’s income) (“Taxes”). Customer will be responsible for payment of any applicable Taxes and any related penalties and interest for the rights hereunder, or the delivery of related services. Customer will make all required payments to Cyber Crucible, an authorized Cyber Crucible reseller, or an authorized Cyber Crucible distributor free and clear of, and without reduction for, any withholding taxes. Any such taxes imposed on payments to Cyber Crucible, an authorized Cyber Crucible reseller, or an authorized Cyber Crucible distributor will be Customer’s sole responsibility, and Customer will, upon Cyber Crucible’s, the authorized Cyber Crucible reseller’s, or the authorized Cyber Crucible distributor’s request, provide the requesting organization with official receipts issued by appropriate taxing authorities, or such other evidence as the requesting party may reasonably request, to establish that such taxes have been paid.
5. Late Payments; Interest. Any portion of any amount payable hereunder that is not paid when due will accrue interest at one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law, whichever is less, from a date thirty (30) days after the due date until paid.
6. Suspension of Service. If any charge owing by Customer is 30 days or more overdue, Cyber Crucible may, without limiting its other rights and remedies, suspend Services until such amounts are paid in full, provided Cyber Crucible has given Customer 10 or more days’ prior notice that its account is overdue in accordance with the “Notices” section below.
TERM AND TERMINATION.
1. Term. The term of this Agreement will commence on the Effective Date annotated on the Order Form and will continue for the period annotated on the Order Form thereafter, unless earlier terminated in accordance with this Section 8 (the “Initial Term”), and can be renewed for additional terms upon mutual agreement.
2. Termination for Breach. Either Party may, at its option, terminate this Agreement in the event of a material breach by the other Party. Such termination may be effected only through a written notice to the breaching Party, specifically identifying the breach or breaches on which such notice of termination is based. The breaching Party will have a right to cure such breach or breaches within thirty (30) days of receipt of such notice, if possible, and this Agreement will terminate in the event that such cure is not made within such thirty (30)-day period. Notwithstanding the foregoing, breaches of confidentiality are not subject to cure, but can be subject to prompt mitigation or remediation. Nothing in this subparagraph should be construed as limiting the right to suspend services as set forth above.
3. Termination Upon Bankruptcy or Insolvency. Either Party may, at its option, terminate this Agreement immediately upon written notice to the other, in the event (i) that such other Party files for bankruptcy or becomes insolvent or unable to pay its debts when due; (ii) the other Party discontinues it business; or (iii) a receiver is appointed or there is an assignment for the benefit of such other Party’s creditors.
4. Effect of Termination. Upon any termination of this Agreement, Customer will (a) immediately discontinue all use of the Rogue Process Prevention Services, and any Cyber Crucible Confidential Information; and (b) promptly pay to Cyber Crucible all amounts due and payable under this Agreement.
5. Survival. The provisions of Sections 5, 7, 8.4, 8.5, 9, 11, 12, and 13 will survive the termination of this Agreement.
TREATMENT OF CONFIDENTIAL INFORMATION.
1. Ownership of Confidential Information. The Parties acknowledge that during the performance of this Agreement, each Party will have access to certain of the other Party’s Confidential Information or Confidential Information of third parties that the disclosing Party is required to maintain as confidential. Both Parties agree that all items of Confidential Information are proprietary to the disclosing Party or such third party, as applicable, and will remain the sole property of the disclosing Party or such third party.
2. Mutual Confidentiality Obligations. Each Party agrees as follows:
  1. to use Confidential Information disclosed by the other Party only for the purposes described herein;
  2. that such Party will not reproduce Confidential Information disclosed by the other Party, and will hold in confidence and protect such Confidential Information from dissemination to, and use by, any third party;
  3. that neither Party will create any derivative work from Confidential Information disclosed to such Party by the other Party;
  4. to restrict access to the Confidential Information disclosed by the other Party to such of its personnel, agents, and/or consultants, if any, who have a need to have access and who have been advised of and have agreed in writing to treat such information in accordance with the terms of this Agreement; and
  5. to the extent practicable, return or destroy, all Confidential Information disclosed by the other Party that is in its possession upon termination or expiration of this Agreement.
  6. Notwithstanding the foregoing, Customer agrees that Cyber Crucible may collect aggregated statistical data regarding Customer’s use of the Services and provide such aggregated statistical data to third parties. In no event shall Cyber Crucible provide to third parties specific data regarding Customer or Customer’s authorized users.
3. Confidentiality Exceptions. Notwithstanding the foregoing, the provisions of Sections 9.1 and 9.2 will not apply to Confidential Information that
  1. is publicly available or in the public domain at the time disclosed; or
  2. is or becomes publicly available or enters the public domain through no fault of the recipient; or
  3. is rightfully communicated to the recipient by persons not bound by confidentiality obligations with respect thereto; or
  4. is already in the recipient’s possession free of any confidentiality obligations with respect thereto at the time of disclosure; or
  5. is independently developed by the recipient; or
  6. is approved for release or disclosure by the disclosing Party without restriction.
4. Judicial or Administrative Orders. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (x) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party (unless such court order specifically requires non-disclosure) and allow the other Party with a reasonable opportunity to obtain a protective order; or (y) to establish a Party’s rights under this Agreement, including to make such court filings as it may be required to do.
5. Limitation Period. The obligations set forth in this Section 9 shall survive the termination or expiration of this Agreement for a period of two (2) years.
REPRESENTATIONS AND WARRANTIES.
1. Each Party hereby represents and warrants
  1. that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization;
  2. that the execution and performance of this Agreement will not conflict with or violate any provision of any law having applicability to such Party; and
  3. that this Agreement, when executed and delivered, will constitute a valid and binding obligation of such Party and will be enforceable against such Party in accordance with its terms.
2. Warranty. All products supplied to Customer by Cyber Crucible, Inc., under this Agreement shall:
  1. be conveyed with clear title, free of claims of any nature by any third person;
  2. be of merchantable quality;
  3. be fit for the purpose for which they are purchased;
  4. be in compliance with applicable laws, rules and regulations, including but not limited to all industry standards;
  5. be manufactured and provided in strict accordance with industry standard quality assurance validation;
  6. not infringe the intellectual property rights of any third party; and
  7. be governed by the rights and limitations found in the Cyber Crucible End User License Agreement
3. Disclaimer. EXCEPT AS EXPRESSLY REPRESENTED OR WARRANTED IN THIS SECTION 10, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE ROGUE PROCESS PREVENTION SERVICE, THE DOCUMENTATION, AND ALL SERVICES PERFORMED BY CYBER CRUCIBLE ARE PROVIDED “AS IS,” AND CYBER CRUCIBLE DISCLAIMS ANY AND ALL OTHER PROMISES, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT, SYSTEM INTEGRATION AND/OR DATA ACCURACY. CYBER CRUCIBLE DOES NOT WARRANT THAT THE ROGUE PROCESS PREVENTION SERVICES, OR ANY OTHER SERVICES PROVIDED BY CYBER CRUCIBLE WILL MEET CUSTOMER’S REQUIREMENTS OR THAT THE OPERATION OF THE ROGUE PROCESS PREVENTION SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL ERRORS WILL BE CORRECTED.
INDEMNIFICATION.
1. Indemnification of Customer. Cyber Crucible agrees to indemnify, defend and hold harmless Customer from and against any and all losses, liabilities, costs, expenses (including reasonable attorneys’ fees) or damages resulting from any claim by any third party that the authorized use of the Rogue Process Prevention Service, and/or the Documentation infringes such third party’s U.S. patents issued as of the Effective Date, or infringes or misappropriates, as applicable, such third party’s copyrights or trade secret rights under applicable laws of any jurisdiction within the United States of America and shall pay any final judgment awarded against Customer as a result of any such claim, action or allegation. If such a claim is made or appears possible, Customer agrees to permit Cyber Crucible, at Cyber Crucible’s sole discretion, to:
  1. enable Customer to continue to use the Cyber Crucible Technology, or the Documentation, as applicable;
  2. to modify or replace any such infringing material to make it non-infringing; or
  3. require Customer to cease use of, and, if applicable, return, such materials as are the subject of the infringement claim. This Section 11.1 shall not apply if the alleged infringement, violation or misappropriation arises, in whole or in part, from:
    1. modification of the Cyber Crucible Technology, or the Documentation by Customer;
    2. combination, operation or use of the Cyber Crucible Technology with other software, hardware or technology not provided by Cyber Crucible; or
    3. the collection, use, storage, sharing, analysis or distribution of the Customer Data. This Section states Cyber Crucible’s entire obligation and liability with respect to any claim of infringement, misappropriation, or violation of any Intellectual Property Right.
2. Customer’s Indemnity Obligations. Customer agrees to indemnify, defend and hold harmless Cyber Crucible from and against any and all losses, liabilities, costs, expenses (including reasonable attorneys’ fees) or damages resulting from any claim by any third party based upon or arising from claims of infringement, misappropriation or violation of any third-party proprietary right, including copyright, patent, trade secret, right of publicity, right of privacy, and trademark rights, arising from the use, storage, retransmission and analysis of any Customer Data.
3. Indemnification Procedures. With respect to any claim, demand or action for which an indemnity is provided under this section, the Party to be indemnified (the “Indemnified Party”) shall:
  1. give prompt written notice to the indemnifying Party (the “Indemnifying Party”) of the claim, demand or action for which an indemnity is sought (provided, however, that failure of Indemnified Party to provide such notice will not release the Indemnifying Party from any of its indemnity obligations except to the extent that the Indemnifying Party’s ability to defend such claim is prejudiced thereby),
  2. reasonably cooperate in the defense or settlement of any such claim, demand, or action; and
  3. give the Indemnifying Party sole control over the defense or settlement of any such claim; provided, however, the Indemnifying Party shall not enter into a settlement agreement without the Indemnified Party’s express consent to
    1. assign, impart or impute fault or responsibility to the Indemnified Party or its affiliates, or
    2. include a consent to an injunction or similar relief binding upon the Indemnified Party or its affiliates, or
    3. fail to contain reasonable confidentiality obligations protecting the confidentiality of the settlement, or
    4. provide for relief other than monetary damages that the Indemnifying Party solely bears.
EXCLUSIONS AND LIMITATIONS OF LIABILITY.
1. Exclusions of Remedies; Limitation of Liability. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, REGARDLESS OF THE NATURE OF THE CLAIM, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, COSTS OF DELAY, ANY FAILURE OF DELIVERY, BUSINESS INTERRUPTION, COSTS OF LOST OR DAMAGED DATA OR DOCUMENTATION, OR LIABILITIES TO THIRD PARTIES ARISING FROM ANY SOURCE, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS EXCLUSION OF CERTAIN DAMAGES AND CLAIMS IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE. THE CUMULATIVE LIABILITY OF EITHER PARTY FOR ALL CLAIMS ARISING FROM OR RELATING TO THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY CAUSE OF ACTION SOUNDING IN CONTRACT, TORT, OR STRICT LIABILITY, WILL NOT EXCEED THE TOTAL AMOUNT OF ALL FEES PAID TO CYBER CRUCIBLE BY THE CUSTOMER DURING THE TWELVE (12)-MONTH PERIOD PRIOR TO THE ACT, OMISSION OR OCCURRENCE GIVING RISE TO SUCH LIABILITY. THIS LIMITATION OF LIABILITY IS INTENDED TO APPLY WITHOUT REGARD TO WHETHER OTHER PROVISIONS OF THIS AGREEMENT HAVE BEEN BREACHED OR HAVE PROVEN INEFFECTIVE.
2. Essential Basis of the Agreement. Customer acknowledges and understands that the disclaimers, exclusions and limitations of liability set forth in this Section 12 form an essential basis of the agreement between the Parties, that the Parties have relied upon such disclaimers, exclusions and limitations of liability in negotiating the terms and conditions in this Agreement, and that absent such disclaimers, exclusions and limitations of liability, the terms and conditions of this Agreement would be substantially different.
MISCELLANEOUS
1. Entire Agreement. This Agreement, along with any the End User Licensing Agreement attached as Exhibit A, any Order Forms, and Distributor or Reseller Agreement, as applicable, sets forth the entire agreement and understanding between the Parties with respect to the subject matter of this Agreement and, supersedes and merges all prior oral and written agreements, discussions and understandings between the Parties with respect to the subject matter of this Agreement, and neither of the Parties will be bound by any conditions, inducements or representations other than as expressly provided for in this Agreement.
2. Independent Contractors. In making and performing this Agreement, Customer and Cyber Crucible act and will act at all times as independent contractors, and, except as expressly set forth herein, nothing contained in this Agreement will be construed or implied to create an agency, partnership or employer and employee relationship between them. Except as expressly set forth herein, at no time will either Party make commitments or incur any charges or expenses for, or in the name of, the other Party.
3.    Notices. All notices required by or relating to this Agreement will be in writing and will be sent by means of certified mail, postage prepaid, to the Parties at their respective addresses below, or addressed to such other address as the receiving Party may have given by written notice in accordance with this provision.
  
  Cyber Crucible:
  
     Cyber Crucible, Inc
  
     1378 Freeport Road
  
     Suite 1B
  
     Pittsburgh, PA 15238
  
     Attn: Dennis Underwood
  
     Title: CEO
  
     Email: ceo@cybercrucible.com
4. All notices required by or relating to this Agreement may also be communicated by facsimile, provided that the sender receives and retains confirmation of successful transmittal to the recipient. Such notices will be effective on the date indicated in such confirmation. In the event that either Party delivers any notice by means of facsimile transmission in accordance with the preceding sentence, such Party will promptly thereafter send a duplicate of such notice in writing by means of certified mail, postage prepaid, to the receiving Party, addressed as set forth above or to such other address as the receiving Party may have previously substituted by written notice to the sender.
5. Amendments; Modifications. This Agreement may not be amended or modified except in a writing duly executed by authorized representatives of both Parties.
6. Assignment; Delegation. Customer shall not assign any of its rights or delegate any of its duties under this Agreement without the express, prior written consent of Cyber Crucible, and, absent such consent, any attempted assignment or delegation will be null, void and of no effect.
7. No Third Party Beneficiaries. The Parties acknowledge that the covenants set forth in this Agreement are intended solely for the benefit of the Parties, their successors and permitted assigns. Nothing herein, whether express or implied, will confer upon any person or entity, other than the Parties, their successors and permitted assigns, any legal or equitable right whatsoever to enforce any provision of this Agreement.
8. Severability. If any provision of this Agreement is invalid or unenforceable for any reason in any jurisdiction, such provision will be construed to have been adjusted to the minimum extent necessary to cure such invalidity or unenforceability. The invalidity or unenforceability of one or more of the provisions contained in this Agreement will not have the effect of rendering any such provision invalid or unenforceable in any other case, circumstance or jurisdiction, or of rendering any other provisions of this Agreement invalid or unenforceable whatsoever.
9. Waiver. No waiver under this Agreement will be valid or binding unless set forth in writing and duly executed by the Party against whom enforcement of such waiver is sought. Any such waiver will constitute a waiver only with respect to the specific matter described therein and will in no way impair the rights of the Party granting such waiver in any other respect or at any other time. Any delay or forbearance by either Party in exercising any right hereunder will not be deemed a waiver of that right.
10. Force Majeure. If a Party is prevented or delayed in performance of its obligations hereunder (excluding payment obligations) as a result of circumstances beyond such Party’s reasonable control, including, by way of example, war, riot, fires, floods, epidemics, or failure of public utilities or public transportation systems, such failure or delay will not be deemed to constitute a material breach of this Agreement, but such obligation will remain in full force and effect, and will be performed or satisfied as soon as reasonably practicable after the termination of the relevant circumstances causing such failure or delay, provided that if such Party is prevented or delayed from performing for more than ninety (90) days, the other Party may terminate this Agreement upon thirty (30) days’ written notice.
11. Attorneys’ Fees. Should Cyber Crucible be required to bring any action to enforce its rights under this Agreement, then in addition to all other remedies available to it, Cyber Crucible is entitled to payment of all costs and attorneys’ fees expended in enforcing its rights under this Agreement.
12. Governing Law. THIS AGREEMENT WILL BE GOVERNED BY AND INTERPRETED IN ACCORDANCE WITH THE LAWS OF THE US STATE OF DELAWARE, WITHOUT REGARD TO CONFLICTS OF LAW PRINCIPLES THEREOF OR TO THE UNITED NATIONS CONVENTION ON THE INTERNATIONAL SALE OF GOODS. FOR PURPOSES OF ALL CLAIMS BROUGHT UNDER THIS AGREEMENT, EACH OF THE PARTIES HEREBY IRREVOCABLY SUBMITS TO THE EXCLUSIVE JURISDICTION OF THE STATE COURTS LOCATED IN WILMINGTON, DELAWARE AND/OR THE UNITED STATES DISTRICT COURT OF DELAWARE. To that end, each Party irrevocably consents to the exclusive jurisdiction of, and venue in, such court(s), and waives any,
  1. objection it may have to any proceedings brought in any such court,
  2. claim that the proceedings have been brought in an inconvenient forum, and
  3. right to object (with respect to such proceedings) that such court does not have jurisdiction over such Party.
13. Without limiting the generality of the foregoing, the Customer consents to the service of process in connection with any such claim or dispute by the mailing thereof by registered or certified mail, postage prepaid to the Customer, at the address for notice set forth in, or designated pursuant to, this Agreement. To the fullest extent permitted by law, each Party hereby expressly waives (on behalf of itself and on behalf of any person or entity claiming through such Party) any right to a trial by jury in any action, suit, proceeding, or counterclaim of any kind arising out of or in any manner connected with this Agreement or the subject matter hereof.
14. U.S. Government End-Users. The access to the software program and/or documentation shall be deemed “commercial computer software” and is provided to the U.S. Government Agency subject to the limitations set forth in this Agreement. Notwithstanding, this Software and/or the documentation is provided to the U.S. Government Agency with RESTRICTED RIGHTS and its supporting documentation is provided with LIMITED RIGHTS. Use, duplication, or disclosure by the United States Government is subject to the restrictions as set forth in FAR52.227-14 and DFARS252.227-7013 et seq. or the successor as appropriate. The Manufacturer is Cyber Crucible, Inc.
Counterparts
1. This Agreement may be executed in any number of counterparts, each of which when so executed will be deemed to be an original and all of which when taken together will constitute one Agreement.

Exhibit A:

Cyber Crucible End User License Agreement (“EULA”)

This copy of Cyber Crucible ("the Software Product") and accompanying documentation is licensed and not sold. This Software Product is protected by copyright laws and treaties, as well as laws and treaties related to other forms of intellectual property. Cyber Crucible, Inc. or its subsidiaries, affiliates, and suppliers (collectively "Cyber Crucible") own intellectual property rights in the Software Product. The Licensee's ("you" or "your") license to download, use, copy, or change the Software Product is subject to these rights and to all the terms and conditions of this End User License Agreement ("Agreement").

Acceptance

YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT BY SELECTING THE "ACCEPT" OPTION AND DOWNLOADING THE SOFTWARE PRODUCT OR BY INSTALLING, USING, OR COPYING THE SOFTWARE PRODUCT. YOU MUST AGREE TO ALL OF THE TERMS OF THIS AGREEMENT BEFORE YOU WILL BE ALLOWED TO DOWNLOAD THE SOFTWARE PRODUCT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, YOU MUST SELECT "DECLINE" AND YOU MUST NOT INSTALL, USE, OR COPY THE SOFTWARE PRODUCT.

License Grant

This Agreement entitles you to install and use one copy of the Software Product. In addition, you may make one archival copy of the Software Product. The archival copy must be on a storage medium other than a hard drive, and may only be used for the reinstallation of the Software Product. This Agreement does not permit the installation or use of multiple copies of the Software Product, or the installation of the Software Product on more than one computer at any given time, on a system that allows shared use of applications, on a multi-user network, or on any configuration or system of computers that allows multiple users. Multiple copy use or installation is only allowed if you obtain an appropriate licensing agreement for each user and each copy of the Software Product. For further information regarding multiple copy licensing of the Software Product, please contact:

Address: 1378 Freeport Road, Suite 1B, Pittsburgh, PA 15238
Phone Number: 412.775.2158
E-mail Address: support@cybercrucible.com

Restrictions on Transfer

Without first obtaining the express written consent of Cyber Crucible, you may not assign your rights and obligations under this Agreement, or redistribute, encumber, sell, rent, lease, sublicense, or otherwise transfer your rights to the Software Product.

Restrictions on Use

You may not use, copy, or install the Software Product on any system with more than one computer, or permit the use, copying, or installation of the Software Product by more than one user or on more than one computer. If you hold multiple, validly licensed copies, you may not use, copy, or install the Software Product on any system with more than the number of computers permitted by license, or permit the use, copying, or installation by more users, or on more computers than the number permitted by license.

You may not decompile, "reverse-engineer," disassemble, or otherwise attempt to derive the source code for the Software Product.

You may not use the database portion of the Software Product in connection with any software other than the Software Product.

Restrictions on Alteration

You may not modify the Software Product or create any derivative work of the Software Product or its accompanying documentation. Derivative works include but are not limited to translations. You may not alter any files or libraries in any portion of the Software Product. You may not reproduce the database portion or create any tables or reports relating to the database portion.

Restrictions on Copying

You may not copy any part of the Software Product except to the extent that licensed use inherently demands the creation of a temporary copy stored in computer memory and not permanently affixed on storage medium. You may make one archival copy which must be stored on a medium other than a computer hard drive.

Disclaimer of Warranties and Limitation of Liability

UNLESS OTHERWISE EXPLICITLY AGREED TO IN WRITING BY CYBER CRUCIBLE, CYBER CRUCIBLE MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, IN FACT OR IN LAW, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OTHER THAN AS SET FORTH IN THIS AGREEMENT OR IN THE LIMITED WARRANTY DOCUMENTS PROVIDED WITH THE SOFTWARE PRODUCT.

Cyber Crucible makes no warranty that the Software Product will meet your requirements or operate under your specific conditions of use. Cyber Crucible makes no warranty that operation of the Software Product will be secure, error free, or free from interruption.

YOU MUST DETERMINE WHETHER THE SOFTWARE PRODUCT SUFFICIENTLY MEETS YOUR REQUIREMENTS FOR SECURITY AND UNINTERRUPTABILITY. YOU BEAR SOLE RESPONSIBILITY AND ALL LIABILITY FOR ANY LOSS INCURRED DUE TO FAILURE OF THE SOFTWARE PRODUCT TO MEET YOUR REQUIREMENTS. CYBER CRUCIBLE WILL NOT, UNDER ANY CIRCUMSTANCES, BE RESPONSIBLE OR LIABLE FOR THE LOSS OF DATA ON ANY COMPUTER OR INFORMATION STORAGE DEVICE.

UNDER NO CIRCUMSTANCES SHALL CYBER CRUCIBLE, ITS DIRECTORS, OFFICERS, EMPLOYEES OR AGENTS BE LIABLE TO YOU OR ANY OTHER PARTY FOR INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND (INCLUDING LOST REVENUES OR PROFITS OR LOSS OF BUSINESS) RESULTING FROM THIS AGREEMENT, OR FROM THE FURNISHING, PERFORMANCE, INSTALLATION, OR USE OF THE SOFTWARE PRODUCT, WHETHER DUE TO A BREACH OF CONTRACT, BREACH OF WARRANTY, OR THE NEGLIGENCE OF CYBER CRUCIBLE OR ANY OTHER PARTY, EVEN IF CYBER CRUCIBLE IS ADVISED BEFOREHAND OF THE POSSIBILITY OF SUCH DAMAGES. TO THE EXTENT THAT THE APPLICABLE JURISDICTION LIMITS CYBER CRUCIBLE'S ABILITY TO DISCLAIM ANY IMPLIED WARRANTIES, THIS DISCLAIMER SHALL BE EFFECTIVE TO THE MAXIMUM EXTENT PERMITTED.

Limitation of Remedies and Damages

Your remedy for a breach of this Agreement or of any warranty included in this Agreement is the correction or replacement of the Software Product. Selection of whether to correct or replace shall be solely at the discretion of Cyber Crucible. Cyber Crucible reserves the right to substitute a functionally equivalent copy of the Software Product as a replacement. If Cyber Crucible is unable to provide a replacement or substitute Software Product or corrections to the Software Product, your sole alternate remedy shall be a refund of the purchase price for the Software Product exclusive of any costs for shipping and handling.

Any claim must be made within the applicable warranty period. All warranties cover only defects arising under normal use and do not include malfunctions or failure resulting from misuse, abuse, neglect, alteration, problems with electrical power, acts of nature, unusual temperatures or humidity, improper installation, or damage determined by Cyber Crucible to have been caused by you. All limited warranties on the Software Product are granted only to you and are non-transferable. You agree to indemnify and hold Cyber Crucible harmless from all claims, judgments, liabilities, expenses, or costs arising from your breach of this Agreement and/or acts or omissions.

Governing Law, Jurisdiction and Costs

This Agreement is governed by the laws of Delaware, without regard to Delaware's conflict or choice of laws provisions.

Severability

If any provision of this Agreement shall be held to be invalid or unenforceable, the remainder of this Agreement shall remain in full force and effect. To the extent any express or implied restrictions are not permitted by applicable laws, these express or implied restrictions shall remain in force and effect to the maximum extent permitted by such applicable laws.

MSA & EULA V2025.1