Terms and Conditions
The following General Terms and Conditions are applicable to sales to You as “Client” by Inception Security LLC.
This Agreement (“Agreement”) dated today (“Effective Date”), covers all services acquired by the client (“Client”) from Inception Security LLC, (“Provider”).
(1) Structure of Agreement.
This Agreement and the executed SOW(s) (collectively the “Agreement”) constitute the complete agreement regarding those services and replace any prior oral or written communications between the Parties.
(2) Security Assessment Services.
Provider will perform the services (“Services”) during the period and upon the terms and conditions specified in the SOW. Either Party may request changes or additions to the Services. Any mutually agreed changes must be described in detail in writing and signed by both Parties.
(3) Billing and Payment Terms.
Client agrees to pay the price for the corresponding Services, plus any pre-approved travel or other expenses required to perform the Services. Client will pay any and all sales or use taxes applicable to the Services provided under this Agreement. Any undisputed amount not paid fifteen (15) days after the date due will bear interest at the lower of 18% per annum or the maximum legal rate. Provider may suspend Services if non-payment continues beyond thirty (30) days.
a. Recurring Services. Unless otherwise specified in the SOW(s), Client will make the initial payment for Services upon execution of this Agreement. Subsequent payments will be due on the anniversary of the Effective Date for the balance of the term of this Agreement, including any extensions hereof.
b. One-Time Services. Client will pay for the Services as specified in the SOW(s), typically full payment upon execution of the Agreement or, for larger projects, 50% on execution and 50% upon completion of the Services or after 60 days, whichever comes first.
(4) Term and Termination.
This Agreement will become effective on today’s Date and continue in effect until terminated as specified in the SOW or this Section 4 (the “Term”). Either Party will have the right to terminate this Agreement by written notice to the other Party under any of the following circumstances:
(a) a material breach by the other Party, unless such breach is cured within thirty (30) days of receipt of written notice regarding
such breach; or
(b) the other Party voluntarily or involuntarily becomes or threatens to become insolvent, the subject of a petition in bankruptcy, the
appointment of a receiver, rehabilitator, conservator in bankruptcy, or other agent known by whatever name, to take possession of its assets or control of its operations or any proceeding relating to insolvency, receivership, liquidation or composition for the benefit of creditors or similar matters, or admits in writing its inability to pay its debts as they become due. The obligations of the Parties under this Agreement that continue beyond expiration, termination or cancellation of this Agreement including, without limitation, Sections 5 through 12, will survive any such expiration, termination or cancellation. If at any point during the Term, any Party’s performance under this Agreement conflicts or threatens to conflict with any material legal requirement, any Party may suspend performance under this Agreement and negotiate in good faith to amend this Agreement so that each Party’s performance hereunder complies with the legal requirement. If after thirty (30) days, the Parties are unable to agree on a mutually acceptable amendment, any Party may immediately terminate this Agreement upon written notice to the other Party. Client will promptly return any Reconnaissance Network Appliance(s) at Provider’s expense upon termination of this Agreement.
a. Recurring Services. Either Party may terminate this Agreement without cause at any time on or after the first anniversary of the Effective Date, by providing to the other Party at least sixty (60) days prior written notice. This Agreement will automatically renew on an “evergreen” basis at the end of the initial term stated in the SOW unless previously terminated or renewed by the Parties, and may thereafter be terminated by either Party on sixty (60) days advance written notice..
b. One-Time Services. This Agreement will terminate once Provider has completed the Services. The Parties may mutually agree to extend this Agreement by execution of additional SOW to be governed by this Agreement.
(5) Intellectual Property Rights.
Each Party agrees that it will acquire no right, title or interest in or to the other Party’s information, data, tools, processes or methods, or any copyrights, trademarks, service marks, trade secrets, patents or any other intellectual or intangible property or property rights of the other by virtue of the Services provided or materials delivered pursuant to this Agreement. Neither Party will use the other Party’s trademarks, service marks, trade names nor product names other than as explicitly set forth in this Agreement. During the Term of this Agreement, Provider may not include Client’s name in a list of Clients on its website or in promotional materials or as a reference in sales presentations, until and unless Client approves such use of Client’s name in writing in advance of Provider’s use. If Client is granted the right to use any Provider certification, seal or logo under the terms of the SOW, it may do so only during the period specified in the SOW and subject to the then-current guidelines for use of such certification, seal or logo.
(6) Representations and Warranties.
a. Mutual. Each Party represents and warrants to the other that it has the right to enter into this Agreement, and that the consent of no other person or entity is necessary for it to enter into and fully perform this Agreement.
b. Limited Warranties of Provider. Provider represents and warrants to Client that:
i. All intrusions effected by Provider as part of the Services will be in accord with Provider’s statement of work, and will be performed on devices to be specified in writing by Client.
ii. All deliverables contemplated by this Agreement will meet the requirements described in this Agreement in all material respects.
iii. The Services will be performed in a workmanlike manner using reasonable care and skill by qualified personnel who are experienced in Provider’s methodology.
iv. The Services will be performed at a level of quality consistent with that provided by the mainstream of experts providing similar services on a commercial basis in the United States.
v. The Services will not cause to have introduced into Client’s information systems and networks any self-replicating or non-self-replicating computer codes, commands, routines or like data or entries that perform an undesired activity (“Virus”).
c. No Other Warranties. EXCEPT AS OTHERWISE EXPRESSLY SET FORTH IN THIS AGREEMENT, ALL SERVICES AND DELIVERABLES PROVIDED BY PROVIDER ARE PROVIDED “AS IS” AND PROVIDER (1) DISCLAIMS ALL OTHER WARRANTIES EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR PARTICULAR PURPOSE, AND (2) DOES NOT GUARANTEE THAT CLIENT’S NETWORK, COMPUTER SYSTEMS, OR ANY PORTIONS THEREOF ARE SECURE. CLIENT ACKNOWLEDGES THAT IMPENETRABLE SECURITY CANNOT BE ATTAINED IN REAL- WORLD ENVIRONMENTS AND THAT PROVIDER DOES NOT GUARANTEE PROTECTION AGAINST BREACHES OF SECURITY.
d. No Guarantee of Meeting Client’s Needs. Provider has no way of determining Client’s perceived needs, and therefore does not warrant that the Services will meet Client’s needs.
e. No Warranties to Third Parties. Neither Provider nor Client will make any warranties on behalf of the other to any third party, without the prior written consent of the other Party.
a. Mutual Indemnification. Each Party to this Agreement and its “Related Parties” as defined below (“Indemnitor”) will indemnify, defend and hold harmless the other Party (“Indemnitee”) and its Related Parties from and against any “Loss” (defined below) asserted against or incurred by any of them, directly or indirectly, by reason of, arising out of or resulting from Indemnitor’s:
i. failure to comply with any legal requirement pertaining to this Agreement or the Services provided under it;
ii. criminal, fraudulent, intentionally wrongful or grossly negligent act or omission arising out of or resulting from the performance of its obligations under this Agreement;
iii. infringement, violation or misappropriation of Indemnitee’s “Intellectual Property Rights” (defined below) arising out of or resulting from the performance of its obligations under this Agreement; or iv. breach of any covenant or obligation contained in Section 11 (Confidential Information) of this Agreement. As used in this Agreement, “Loss” means any demand, claim, suit, proceeding, action, loss, damage, judgment, award, settlement, cost, expense or liability, including without limitation, interest, defense costs, costs of investigation, court costs, reasonable attorneys’ fees and expenses, penalties and fines. As used in this Agreement, “Related Party” means any parent, subsidiary or affiliated company, and the present and former directors, officers, members, customers, shareholders, employees, agents, and representatives of any of these, and their successors, heirs and assigns. As used in this
Agreement, “Intellectual Property Rights” will mean and include:
(i) all trademark rights, business identifiers, trade dress, service marks, trade names and brand names, all registrations thereof and applications therefor and all goodwill associated with the foregoing;
(ii) all copyrights, copyright registrations and copyright applications, and all other rights associated with the foregoing and the underlying works of authorship;
(iii) all patents and patent applications, and all international proprietary rights associated therewith;
(iv) all contracts or agreements granting any right, title, license or privilege under the intellectual property rights of any third party; and
(v) all inventions, mask works and mask work registrations, know-how, discoveries, improvements, designs, trade secrets, shop and royalty rights, employee covenants and agreements respecting intellectual property and non-competition and all other types of intellectual property.
b. Additional Pledge by Client. Client agrees to refrain from encouraging any third party(s) to take legal action against Provider for any damages allegedly incurred by said third party(s) allegedly but not actually caused by Provider in the performance of the Services. In the event Client violates this pledge and chooses to encourage the third party(s) to take legal action against Provider for damages not actually caused by Provider, Client accepts the obligation to defend Provider against such legal action, as limited by clause 8.a.ii below. Notwithstanding the foregoing, Provider remains obligated to indemnify Client under Section 7.a for any damage actually caused by Provider.
c. Procedure for Indemnification.
i. Notice and Defense of Third Party Claims. The Indemnitee will give the Indemnitor prompt written notice of any third-party claim. The Indemnitor will undertake the defense thereof, and will be free to choose its own counsel. Failure to give the notice will not affect the Indemnitor's duties or obligations under this Section, except to the extent the Indemnitor is prejudiced thereby. So long as the Indemnitor is defending any claim actively and in good faith, the Indemnitee will not settle the claim. The Indemnitee will make available to the Indemnitor or its representatives all records and other materials required by them in the possession or under the control of the Indemnitee, for Indemnitor’s use in defending any claim, and will in other respects give reasonable cooperation in the defense. If the Indemnitor, within a reasonable time after notice of any third party claim, fails to defend the claim actively and in good faith, the Indemnitee will (upon further notice) have the right to undertake the defense, compromise or settlement of the claim or consent to the entry of a judgment with respect to the claim, on behalf of and for the account and risk of the Indemnitor, and the Indemnitor will thereafter have no right to challenge the Indemnitee's defense, compromise, settlement or consent to judgment.
ii. Other Claims. A claim for indemnification for any matter not involving a third-party claim may be asserted by notice to the Party from whom indemnification is sought.
d. Survival of Obligations; Payment. The indemnification obligations set forth herein will survive any termination of this Agreement. The Indemnitor will promptly pay the Indemnitee anyamount due under this Section, which payment may be accomplished in whole or in part, at the option of the Indemnitee, by the Indemnitee setting off any amount owed to the Indemnitor by the Indemnitee.
(8) Limitation of Liability.
a. Scope of Indemnification Obligations.
i. Unlimited. The obligation of either Party to indemnify the other Party and its Related Parties from and against Losses pursuant to the provisions of Section 7.a of this Agreement will be without limitation as to amount.
ii. Multiple of Amounts Paid (Two Times). The obligation of Client to defend provider pursuant to the provisions of Section 7.b of this Agreement, will be limited to a maximum aggregate amount equal to the product of the sum of all amounts paid or to be paid pursuant to this Agreement by Client to Provider at any time during the Term, multiplied by two (2).
b. Generally. EXCEPT AS OTHERWISE EXPRESSLY SET FORTH IN THIS AGREEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LEGAL REQUIREMENTS, NEITHER PARTY: (1) WILL BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOSS ATTRIBUTABLE TO ANY ACT, OMISSION OR MISREPRESENTATION BY SAID OTHER PARTY, ITS DIRECTORS, EMPLOYEES OR AGENTS; AND (2) WILL BE LIABLE TO THE OTHER, WHETHER A CLAIM BE IN TORT, CONTRACT OR OTHERWISE, FOR ANY SPECIAL, CONSEQUENTIAL, PUNITIVE, INDIRECT, LOST PROFIT, BUSINESS INTERRUPTION, LOSS OF DATA OR SIMILAR DAMAGES RELATING TO OR ARISING FROM THE SERVICES PROVIDED UNDER THIS AGREEMENT, REGARDLESS OF WHETHER SUCH PARTY RECEIVES NOTICE OF THE POTENTIAL FOR SUCH DAMAGES. THIS AGREEMENT ALLOCATES RISKS BETWEEN PROVIDER AND CLIENT, AND PROVIDER’S PRICING REFLECTS THIS ALLOCATION OF RISK AND THE LIMITATION OF LIABILITY SPECIFIED IN THIS SECTION.
(9) Client’s Consent to Network Intrusion and Waiver of Claims.
a. Some of the techniques Provider will employ in providing the Services would constitute improper and unauthorized access, absent the consent thereto given by Client to Provider herein. Accordingly, on the condition that Provider performs the Services in accordance with the terms of this Agreement (including the provisions of Section 6.b hereof), Client provides its consent to Provider’s employment of such invasive and/or intrusive techniques as being part of the Services to be performed at Client’s request pursuant to this Agreement.
b. Client acknowledges that, notwithstanding Provider’s performance of the Services in accordance with the terms of this Agreement (including the provisions of Section 6.b hereof), Provider may inadvertently cause damage to Client’s System or data, including causing Client’s System to suffer degraded performance or responsiveness. On the condition that Provider performs the Services in accordance with the terms of this Agreement (including the performance standards described in Section 6.b hereof), and excluding any action of Provider as described in Section 7.a hereof, Client agrees to waive any and all claims against Provider and Provider’s Related Parties for any such damage, including damage that may be caused by Provider actually gaining access to such System.
c. Client’s conditional consent to Provider’s actions and conditional waiver of claims are based on Client’s understanding of its own System as well as its understanding of the Services to be provided pursuant to this Agreement. Client further warrants and represents that it has had the opportunity to question Provider regarding the Services and the techniques involved in implementing the Services, and therefore agrees that its conditional consent and waiver constitute an informed conditional consent and waiver.
d. Notwithstanding any provision of this Article 9 to the contrary, Provider remains obligated to indemnify Client and its Related Parties from and against Losses pursuant to the provisions of Section 7.a of this Agreement.
(10) Dispute Resolution & Escalation Policy.
The Parties agree to seek to resolve any and all claims, controversies and disputes between them arising out of or related to this Agreement in accordance with the procedures set forth in this Section 10.
a. Designation of Dispute. A Party (the “Complaining Party”) that believes that the other (the “Responding Party”) is in breach of this Agreement in any particular, will deliver written notification to the Responding Party, setting forth in reasonable detail the breach for which the Complaining Party seeks redress, along with a specific request for relief. The Responding Party will have fifteen (15) business days from receipt to provide a written reply. The reply will contain a response to the allegations contained in the notice or any agreement to provide the relief requested. Upon receipt of the reply, the Complaining Party will provide written notice to the Responding Party either that the dispute has been resolved satisfactorily or that the Complaining Party is invoking the escalation procedure set forth in Section 10.b.
b. Escalation Procedure. In the event that the Parties are unable to resolve a dispute in the manner described in Section 10.a, each Party agrees to designate a single representative to attempt to resolve the dispute. Each Party’s representative will be a senior executive who will have all necessary authority to commit the Party contractually and to resolve the dispute. The designated representative will meet for a period of time reasonably necessary to resolve the dispute, at a location to be mutually agreed upon by the Parties, in an effort to resolve the dispute.
c. Arbitration. In the event the Parties are unable to resolve the dispute pursuant to the foregoing, either Party may submit the dispute to binding arbitration under the rules of the American Arbitration Association (“AAA”) upon written notice to the other Party. Any such arbitration shall be held in a location mutually agreed to by the Parties, before a single arbitrator agreed to by the Parties. In the event the Parties cannot agree on a single arbitrator, each shall choose an arbitrator and the two arbitrators shall choose an arbitrator to arbitrate the dispute. The arbitrator shall award the prevailing Party with its attorney’s fees and costs of arbitration. The arbitrator’s decision may be enforced in any court of competent jurisdiction.
(11) Confidential Information.
Each Party acknowledges that it and its employees or agents may, in the course of the Agreement, be exposed to or acquire information that is proprietary or confidential to the other Party. “Confidential Information” includes:
(a) any information relating to a Party’s research, development, trade secrets, processes, procedures, formulas, business practices, business plans, strategies, budgets, client and vendor relationships, personnel data, financial information and other similar business information of a confidential nature;
(b) other proprietary information, results of remote assessments, technical guides, technical data or know-how, including, but not limited to, that which relates to Client’s hardware, software, screens, specifications, designs, plans, drawings, data, prototypes, discoveries, security policies, passwords, access codes and the like, router, firewall and other such equipment’s configuration information, filtering configurations, or any other information directly relating to the integrity or security of the Client network or computer systems; and
(c) the methods, systems, data and materials used or provided by Provider in the performance of Services pursuant to this Agreement. Provider acknowledges and agrees that the presence, nature and extent of any security vulnerabilities and other information that Provider discovers regarding Client’s information systems and networks during the course of this engagement is Confidential Information of Client. The term “Confidential Information” does not include information that is:
(a) known to the receiving Party prior to disclosure by the disclosing Party or its personnel;
(b) publicly available through no actor omission of the receiving Party;
(c) lawfully received by the receiving Party from a third party (other than the disclosing Party’s former or current personnel) that is not under any confidentiality obligation to the disclosing Party; or
(d) comprised of statistical information, or other aggregated information regarding security vulnerabilities, security configurations and the like insofar as such information does not identify Client or Client’s computer network or computer systems. Except as otherwise expressly set forth herein, each Party will use Confidential Information of the other Party which is disclosed to it only for the purposes of this Agreement and will not disclose such Confidential Information to any third party without the disclosing Party's prior written consent. Each Party may disclose to its employees the other Party’s Confidential Information on a need-to-know basis in connection with this engagement. Each Party agrees to take measures to protect the confidentiality of the other Party's Confidential Information that, in the aggregate, are no less protective than those measures it uses to protect the confidentiality of its own Confidential Information. Upon the request of the disclosing Party, the recipient will return to the disclosing Party all written Confidential Information, and will promptly destroy all copies of any analyses, summaries or extracts prepared by the recipient or for its use containing or reflecting any Confidential Information. Each Party further agrees to promptly advise the other Party in writing of any unauthorized misappropriation, disclosure or use by any person of the Confidential Information of the other Party that may come to its attention and to take all steps reasonably requested by the disclosing Party to limit, restrict or otherwise remedy such misappropriation, disclosure or use. Nothing in this Agreement will be construed as granting any rights to the receiving Party, by license or otherwise, to any of the disclosing Party’s Confidential Information, except as expressly stated in this Agreement. In the event that a Party is required to disclose Confidential Information to a court or governmental agency or pursuant to any other applicable Legal Requirement, such Party will, to the extent practicable prior to such disclosure, and as soon as practicable and by the best available means, notify the other Party to allow it an adequate opportunity to object to the disclosure order or to take other actions to preserve the confidentiality of the information. Prior to any disclosure pursuant to this Section 11, a Party required to disclose Confidential Information will cooperate with the Party claiming confidentiality of the information in such Party’s reasonable efforts to limit the disclosure by means of a protective order or a request for confidential treatment.
(12) Ownership and Use of Work Product.
Client will own all deliverables and other material originated, prepared for and/or delivered to the Client under this Agreement, including without limitation, all copyright, patent, trade secret and other proprietary rights pertaining thereto; provided, however, that Provider’s working papers and Confidential Information of Provider belong exclusively to Provider except to the extent said working papers contain Confidential Information of Client or material owned by Client under the preceding sentence. To the extent that Confidential Information of Provider is embedded or reflected in the deliverables provided hereunder, Provider hereby grants Client the perpetual, nonexclusive, worldwide, royalty-free right and license to
(a) use, execute, reproduce, distribute copies of, and prepare derivative works of Provider’s Confidential Information and any derivative works thereof, and
(b) authorize others to do any or all of the foregoing; provided, however, that said rights will be strictly limited to Client’s internal use related to detection, testing, intrusion, penetration, and remediation of security vulnerabilities in Client’s own information systems and networks. Except to the extent same include Confidential Information of Client, the ideas, concepts, know-how, techniques, inventions, discoveries and improvements developed during the course of this Agreement by Provider’s personnel, alone or in conjunction with Client personnel, may be used by Provider in any way it deems appropriate, including without limitation by or for its clients, without an obligation to account, notwithstanding any provision in this Agreement to the contrary. Nothing in this Agreement will preclude or limit Provider from providing consulting services and/or developing software or materials for itself or other clients.
(13) General Provisions.
a. Severability. In the event that any provision of this Agreement is determined to be invalid, unenforceable or otherwise illegal, such provision will be deemed restated, in accordance with applicable law, to reflect as nearly as possible the original intentions of the Parties, and the remainder of the Agreement will remain in full force and effect.
b. No Waiver. No term or condition of this Agreement will be deemed waived, and no breach will be deemed excused, unless such waiver or excuse is in writing and is executed by the Party from whom such waiver or excuse is claimed.
c. Amendment. Any amendment of this Agreement will be in writing and signed by both Parties.
d. Interpretation. Section numbers and headings are used for convenience and are not to be construed as limitations of the substance of any provision.
e. Governing Law. This Agreement will be interpreted under the laws of the State in which Client is domiciled.
f. Force Majeure. With the exception of a Party’s obligation to make payments properly due to the other Party, neither Party will be deemed in default or otherwise liable under this Agreement due to its inability to perform its obligations by reason of fire, earthquake, flood, substantial snowstorm, epidemic, accident, explosion, casualty, strike, lockout, labor controversy, riot, civil disturbance, act of public enemy, embargo, war, act of God, or any failure or delay of any transportation, power, computer or communications system or any other or similar cause beyond that Party’s control.
g. Assignment. Neither this Agreement nor any right or obligation arising hereunder may be assigned (voluntarily, by operation of law, or otherwise), in whole or in part, by either Party without the consent of the other Party, such consent not to be unreasonably withheld; provided, however, that either Party will have the right, upon written notice to the other Party, to assign this Agreement to any person or entity that acquires all or substantially all of such Party’s business or assets. This Agreement will be binding upon, and inure to the benefit of, the Parties and their respective successors and permitted assigns.
h. Injunctive Relief. The Parties acknowledge that it will be impossible to measure in money the damage to them caused by any failure to comply with the covenants set forth in Section 11 (Confidential Information), that each such covenant is material, and that in the event of any breach of such provision, the injured Party will not have an adequate remedy at law or in damages. Therefore, in addition to any other remedies to which a Party may be legally entitled, the Parties consent to the issuance of an injunction or the enforcement of other equitable remedies against them at the suit of the other, without bond or other security, to compel performance of all of the terms of Section 11 (Confidential Information), and waive the defense of the availability of relief in damages.
i. Exclusive Remedies. The Parties agree that the remedies set forth in this Agreement shall constitute the sole and exclusive remedies available for any breach of this Agreement, including any breach of warranty, express or implied.
j. Export Controls. The Parties acknowledge that Provider’s Network Appliance is subject to the U.S. Export Administration Regulations and other U.S. law, and may not be exported, re-exported or otherwise transferred contrary to U.S. law. Client agrees to refrain from exporting or re-exporting any Network Appliance without the advance written permission of Provider.