ORCA SECURITY SAAS LICENSE TERMS

Customer may use the software as a service platform, known as "Orca Cloud Security Platform", subject to the terms below: 

1. License. Subject to the terms and conditions of this Agreement, Company hereby grants Customer a limited, non-exclusive, non-sublicensable, non-assignable, non-transferable and revocable license to remotely access (i.e., on a SaaS basis) the software ("Platform") and use it as well as any documentation (“Documentation”) provided in connection with the Platform operation for internal business purposes. Customer may only use the Platform in accordance with the Documentation, subject to the use limitations indicated in the proposal or order attached hereto as Exhibit A (“Order Form”) and applicable laws.

2. Services. In addition to the abovementioned licenses, Company may provide services, as detailed in the Order Form (collectively with the Platform, the “Services”). Support and maintenance services are provided according to the Service Level Agreement attached hereto as Exhibit B (“SLA”).     

3. Payment. The Services are conditioned on Customer's upfront payment in full of the applicable fees set forth in the Order Form. Unless otherwise specified in the Order Form: (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency; and (ii) all amounts invoiced hereunder are due and payable within thirty (30) days of the date of the invoice. All amounts payable under this Agreement are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties.

4. Customer Account.  The Platform may only be used through a customer account (the “Account”). Such Account may be accessed solely by Customer's employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer will ensure that the Permitted Users keep the Account login details secure at all times and comply with the terms of this Agreement; and will be fully responsible for any breach of this Agreement by a Permitted User. Unauthorized access or use of the Account or the Platform must be immediately reported to the Company.

5.  Prohibited Uses. Except as specifically permitted herein, without the prior written consent of the Company, Customer must not, and shall not allow any Permitted User or any third party to, directly or indirectly: (i) copy, modify, create derivative works of or distribute any part of the Platform (including by incorporation into its products), or use any of the intellectual property related to the Platform to create any computer program or other material that performs, replicates, or utilizes the same or substantially similar functions as the Platform; (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer's rights under this Agreement with any third party; (iii) use any “open source” or “copyleft software” in a manner that would require the Company to disclose the source code of the Platform to any third party; (iv) disassemble, decompile, reverse engineer or attempt to discover the Platform’s source code or underlying algorithms; (v) use the Platform in a manner that violates or infringes any rights of any third party, including but not limited to, privacy rights, publicity rights or intellectual property rights; (vi) remove or alter any trademarks or other proprietary notices related to the Platform; (vii) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce use limitations; (viii) export, make available or use the Platform in any manner prohibited by applicable laws (including without limitation export control laws); and/or (ix) transmit any malicious code (i.e., software viruses, Trojan horses, worms, malware or other computer instructions, devices, or techniques that erase data or programing, infect, disrupt, damage, disable, or shut down a computer system or any component of such computer system) or other unlawful material in connection with the Platform. In addition, Customer may only disclose the results of any testing or benchmarking of the Platform if Customer also does not restrict and permit Customer's users/customers to disclose the results of any testing or benchmarking of Customer's own products. If Customer does not allow such disclosure and benchmarking, Customer is restricted from disclosing the results of any testing or benchmarking of the Platform.

6. Customer Data and Usage Data. As part of the Services, the Platform receives a read-only view of the Customer’s cloud environment, which is then assessed by a virtual scanner for various security risks. The results are presented through the Customer dashboard within the Platform as ‘alerts’ (collectively, the “Reports”). Customer shall be deemed the exclusive owner of the Reports. Customer shall retain all right, title and interest in and to all non-public data provided by Customer to Company in connection with the Services (“Customer Data”). Company may process information, including without limitation, login information, system integrations, API usage information, and information regarding Customer’s use of the Platform (“Usage Data”), for customer success, customer satisfaction and support purposes.

7.  Warranties. Each Party represents and warrants that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; and that the execution and performance of this Agreement will not conflict with other agreements to which it is bound or violate applicable law and each Party shall comply with all applicable privacy laws. 

8. Intellectual Property Rights. The Platform is not for sale and is solely the Company’s property. All right, title, and interest, including any intellectual property rights evidenced by or embodied in, attached, connected, and/or related to the Platform and any and all improvements and derivative works thereof are and shall remain owned solely by Company or its licensors. This Agreement does not convey to Customer any interest in or to the Platform other than a limited right to use the Platform in accordance with Section 1. Nothing herein constitutes a waiver of the Company’s intellectual property rights under any law.  If Company receives any feedback  (e.g., questions, comments, suggestions or the like) regarding the Platform and/or services hereunder (collectively, “Feedback”), all rights, including intellectual property rights in such Feedback shall belong exclusively to Company and such shall be considered Company's Confidential Information and Customer hereby irrevocably and unconditionally transfers and assigns to Company all intellectual property rights it has in such Feedback and waives any and all moral rights that Customer may have in respect thereto. It is further understood that use of Feedback, if any, may be made by Company at its sole discretion, and that Company in no way shall be obliged to make use of any kind of the Feedback or part thereof. 

9. Third Party Components. The Platform may use or include third party software, files, libraries or components that are subject to third party open-source license terms ("Open-Source Licenses"). The respective licenses or notices of such Open-Source Licenses are available within the Platform and may be updated from time to time. 

10.  Confidentiality. Each Party may have access to certain non-public and/or proprietary information of the other Party, in any form or media, including without limitation trade secrets and other information related to the products, software, technology, data, know-how, or business of the other Party, and any other information that a reasonable person should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). The Documentation shall also be considered as Confidential Information hereunder. Each Party shall take reasonable measures, at least as protective as those taken to protect its own confidential information, but in no event less than reasonable care, to protect the other Party's Confidential Information from disclosure to a third party. The receiving party’s obligations under this Section, with respect to any Confidential Information of the disclosing party, shall not apply to and/or shall terminate if such information: (a) was already lawfully known to the receiving party at the time of disclosure by the disclosing party; (b) was disclosed to the receiving party by a third party who had the right to make such disclosure without any confidentiality restrictions; (c) is, or through no fault of the receiving party has become, generally available to the public; (d) was independently developed by the receiving party without access to, or use of, the disclosing party’s Confidential Information; or (e) is required to be disclosed to satisfy any applicable law, regulation, legal process, subpoena or governmental request. Neither Party shall use or disclose the Confidential Information of the other Party except for performance of its obligations under this Agreement (“Permitted Use”). The receiving party shall only permit access to the disclosing party's Confidential Information to its respective employees, consultants, affiliates, agents and subcontractors having a need to know such information in connection with the Permitted Use, who either (i) have signed a non-disclosure agreement with the receiving party containing terms at least as restrictive as those contained herein or (ii) are otherwise bound by a duty of confidentiality to the receiving party at least as restrictive as the terms set forth herein. The receiving party will be allowed to disclose Confidential Information to the extent that such disclosure is required by law or by the order or a court of similar judicial or administrative body, provided that it notifies the disclosing Party of such required disclosure to enable disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of the disclosing Party. 

11. LIMITED WARRANTIES. The Company represents and warrants that, under normal authorized use, the Platform shall substantially perform in conformance with its Documentation. Customer's sole and exclusive remedy and the Company's sole liability under this Section, shall be for the Company to use commercially reasonable efforts to repair the Platform in accordance with the SLA. The warranty set forth shall not apply if the failure of the Platform results from or is otherwise attributable to: (i) repair, maintenance or modification of the Platform by persons other than the Company or its authorized contractors; (ii) accident, negligence, abuse or misuse of the Platform by Customer; (iii) use of the Platform by Customer other than in accordance with the Documentation; (iv) Customer's failure to implement software updates provided by the Company specifically to avoid such failure; (v) the combination of the Platform with equipment or software not authorized or provided by the Company; or (vi) Customer’s failure to properly maintain its computing environment used to access the Services. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES AND/OR THE REPORTS ARE PROVIDED ON AN “AS IS” BASIS. THE COMPANY DOES NOT WARRANT THAT THE SERVICES OR REPORTS WILL MEET CUSTOMER'S REQUIREMENTS. EXCEPT AS SET FORTH IN SECTION ‎7 AND THIS SECTION ‎11, THE COMPANY EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, TITLE, NON-INTERFERENCE, FITNESS FOR A PARTICULAR PURPOSE.

12. LIMITATION OF LIABILITY. EXCEPT FOR THE COMPANY INDEMNIFICATION OBLIGATION UNDER SECTION ‎13, ANY DAMAGES RESULTING FROM ANY BREACH OF EITHER PARTY’S CONFIDENTIALITY OBLIGATIONS HEREIN; EITHER PARTY'S WILLFUL MISCONDUCT, FRAUD OR VIOLATION OF LAW AND/OR CUSTOMER'S MISAPPROPRIATION OR OTHERWISE VIOLATION OF COMPANY'S INTELLECTUAL PROPERTY RIGHTS (INCLUDING MISUSE OF THE LICENSE BY CUSTOMER PURSUANT TO SECTION 1);  NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF REVENUE, REPUTATION, OR PROFITS, DATA, OR DATA USE. EXCEPT FOR THE COMPANY INDEMNIFICATION OBLIGATION UNDER SECTION ‎13, ANY DAMAGES RESULTING FROM ANY BREACH OF EITHER PARTY’S CONFIDENTIALITY OBLIGATIONS HEREIN; A PARTY’S WILLFUL MISCONDUCT, FRAUD OR VIOLATION OF LAW, AND/OR  DAMAGES RESULTING FROM CUSTOMER'S MISAPPROPRIATION OR OTHERWISE VIOLATION OF COMPANY'S INTELLECTUAL PROPERTY RIGHTS (INCLUDING MISUSE OF THE LICENSE BY CUSTOMER PURSUANT TO SECTION 1); EITHER PARTY’S MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL IN NO EVENT EXCEED, IN THE AGGREGATE, THE TOTAL AMOUNTS ACTUALLY PAID TO COMPANY IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH CLAIM. THIS LIMITATION OF LIABILITY IS CUMULATIVE AND NOT PER INCIDENT. FOR CLARITY, THE LIMITATIONS IN THIS SECTION DO NOT APPLY TO PAYMENTS DUE TO COMPANY UNDER THIS AGREEMENT (INCLUDING THE ORDER FORM).

13. Indemnification. Company acknowledges and agrees to defend, at its expense, any third party action or suit brought against the Customer alleging that the Platform, when used as permitted under this Agreement, infringes intellectual property rights of a third party (“IP Infringement Claim”); and the Company will pay any damages awarded in a final judgment against the Customer that are attributable to any such claim, provided that (i) the Customer promptly notifies the Company in writing of such claim; (ii) the Customer grants the Company the sole authority to handle the defense or settlement of any such claim and provides the Company with all reasonable information and assistance, at Company’s expense and (iii) the Customer hasn’t made any admission which may affect Company’s defense. The Company will not be bound by any settlement that the Customer enters into without the Company's prior written consent.  If the Platform becomes, or in the Company's opinion is likely to become, the subject of an IP Infringement Claim, then the Company may, at its sole discretion: (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim; or (c) if options (a) and (b) cannot be accomplished despite the Company's reasonable efforts, then the Company may terminate this Agreement and in such event discontinue the use of the affected Platform and provide a  refund for any amount pre-paid by Customer for the use of the Platform with respect to the remaining unused period of the license. Notwithstanding the foregoing, the Company shall have no responsibility for IP Infringement Claims resulting from or based on: (i) modifications to the Platform made by a party other than the Company or its designee; (ii) the Customer's failure to implement software updates provided by the Company specifically to avoid infringement; or (iii) combination or use of the Platform with equipment, devices or software not supplied by the Company or not in accordance with the Documentation. This Section states Company's entire liability, and Customer's exclusive remedy, for claims or alleged or actual infringement.

14.  Privacy. To the extent that Customer needs a data processing agreement, Customer and Company shall enter into the Data Processing Agreement attached as Exhibit C (“DPA”).

15. Term and Termination. This Agreement shall enter into force and effect on the Effective Date and shall remain in full force as long as there is an Order Form in effect (collectively, the “Term”). If there is no Order Form in effect for a period of ninety (90) days, this Agreement will terminate automatically. Company shall have the right to immediately suspend without notice any or all related Services provided to Customer hereunder, in the event Customer (i) fails to pay Company any amounts past due, or (ii) is in breach of Section 5. In addition, either Party may terminate this Agreement with immediate effect if the other Party materially breaches this Agreement and such breach remains uncured fifteen (15) days after having received written notice thereof. Upon termination or expiration of this Agreement: (i) the Platform license granted to Customer under this Agreement shall expire, and Customer shall discontinue any further use and access thereof; (ii) Customer shall immediately delete and dispose of all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) Company shall delete the Reports; and (iv) Customer shall not be relieved of its duty to discharge in full all due sums owed by Customer to Company under this Agreement until the date of termination or expiration hereof. The provisions of this Agreement that, by their nature and content, must survive the termination of this Agreement in order to achieve the fundamental purposes of this Agreement shall so survive. Customer shall be responsible to download its Reports prior to termination of this Agreement. The termination of this Agreement shall not limit either Party from pursuing any other remedies available to it under applicable law.

16.  Miscellaneous. This Agreement - including any Order Forms, and any exhibits attached or referred hereto - represents the complete agreement concerning the subject matter hereof and may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Any use of the Platform by an agency, department, or other entity of the United States government shall be governed solely by the terms of this Agreement. Neither Party may assign its rights or obligations under this Agreement without the prior written consent of the other Party, which consent may not be unreasonably withheld or delayed. Company may, in its reasonable discretion, use Customer’s name and logo on its website and in its marketing materials as a reference customer. Media releases and public announcements or disclosures relating to this Agreement, its subject matter or the potential business transaction between the Parties shall be coordinated with and consented to by both Parties in writing prior to the release thereof. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent courts of New York shall have the exclusive jurisdiction with respect to any dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Either Party will not be liable for any delay or failure to perform its obligations resulting from circumstances or causes beyond its reasonable control. This Agreement may be executed in electronic counterparts, each of which counterpart, when so executed and delivered, shall be deemed to be an original and all of which counterparts, taken together, shall constitute but one and the same agreement. All notices under this Agreement shall be deemed effective upon receipt and shall be in writing and (a) delivered personally, (b) sent by commercial courier with written verification of receipt, (c) sent by certified or registered U.S. mail, postage prepaid and return receipt requested, or (d) sent via electronic mail with read receipt requested, to the Party to be notified at the address and/or electronic address set forth hereinafter for such Party:  For Orca Security Inc. Attn: Legal, 2175 NW Raleigh St, Portland, OR 97210 Electronic Mail: Legal@orca.security