Agreements

These Defy Security General Terms and Conditions of Purchase (“Terms”) govern the Order(s) for Service(s) and/or Third-Party Product(s) between Defy Security, LLC or one of its Affiliates (the applicable entity identified in the Order as providing the Service or Third-Party Product is defined as “Defy”) and the client described in the Order (“Client”). Defy and Client may hereinafter be referred to individually as a “Party” and collectively as the “Parties”.
1. DEFINITIONS.
a. “Active User” or “User” means a Client user established to access the Defy Resources and/or Sublicenses with a designation of “active” at any time during a subscription period. Client has the ability to determine who is an Active User.
b. “Affiliate” or “Affiliates” means any entity that, directly or indirectly through one or more intermediaries, controls, is controlled by, or is under common control with a Party hereto, and/or such Party’s successors and assigns.
c. “Client Content” means materials or documents created and/or supplied by Client which is considered Client’s intellectual property.
d. “Client Data” means proprietary or personal data regarding Client, its contractors or its employees made available to Defy hereunder.
e. “Confidential Information” means all information proprietary to a Party or its Affiliates and any of its customers or suppliers that is marked as confidential or that due to its nature is known or in good faith should be known to be confidential. Confidential Information of Client will be deemed to include, without limitation, all confidential Client Data to which Defy obtains access by performing Services. Confidential Information of Defy will be deemed to include, without limitation, all Defy Intellectual Property, financial and data security information, and non-public features and functions of Sublicenses. The obligations of the Receiving Party shall not apply to Confidential Information: (i) generally available to the public at any time at no fault of the Receiving Party, (ii) furnished at any time to the Receiving Party by a third party having the right to furnish it with no obligation of confidentiality to the Disclosing Party, (iii) independently developed by the Receiving Party by individuals not having access to the Confidential Information of the Disclosing Party, (iv) approved for use or disclosure by written authorization from the Disclosing Party, or (v) required to be disclosed pursuant to a valid order by a court or other governmental entity with jurisdiction, provided that the Receiving Party provides the Disclosing Party with prompt written notice of such order to permit the Disclosing Party to challenge such disclosure.
f. “Deliverable(s)” means the deliverables, including any Third-Party Products, if any, specified in an Order.
g. “Disclosing Party” means a Party to these Terms who discloses its Confidential Information to a Receiving Party.
h. “Export Control Law(s)” means all applicable export laws and regulations, including, without limitation, the Arms Export Control Act (22 U.S.C. § 2751-2794), the International Traffic in Arms Regulations (ITAR) (22 U.S.C. § 120 et seq), and the Export Administration Regulations (15 C.F.R. § 730-774), including the requirement for obtaining any export license or agreement, if applicable.
i. “Intellectual Property Rights” means all existing and future worldwide copyrights, trademarks, service marks, trade secrets, patents, patent applications, moral rights, contract rights and other proprietary rights.
j. “Defy Intellectual Property” means any know-how, processes, techniques, concepts, methodologies, tools, ideas, designs, inventions, patents, copyrights, improvements, computer programs, software, Defy Resources, source code, object code, graphics, intellectual property, information, and/or pictorial representations that (i) Defy developed prior to entering into the applicable Order with Client; (ii) is or are developed separate and apart from the Order and Services at any time by Defy; or
(iii) led to or produced the results of the Services or were otherwise used by Defy to provide the Services.
k. “Order” means the statement of work, service order, purchase order, signed quote, or other order for Services or Third-Party Products executed by the Parties.
l. “Defy Resource(s)” means all hardware, appliances, equipment, software, support, maintenance, and other products which are owned or distributed by Defy and licensed by Defy to Client in accordance with the terms hereof.
m. “Receiving Party” means a Party to these Terms who receives Confidential Information from a Disclosing Party.
n. “Service(s)” means any service to be provided by Defy detailed in an Order. Services may incorporate Defy Resources and/or Sublicenses.
o. “Sublicense(s)” means hardware, appliances, equipment, software, support, maintenance, services and/or other products which are manufactured or provided by Vendors and sublicensed by Defy to Client in connection with the provision of Services hereunder and subject to the terms hereof.
p. “Third-Party Product(s)” means all hardware, appliances, equipment, software, support, maintenance, services, and other products which are (i) manufactured, licensed, or provided by Vendors, and (ii) resold by Defy to Client.
q. “Vendor(s)” means third party manufacturers, vendors, suppliers, licensors, or providers of hardware, appliances, equipment, software, support, maintenance, services, and other products that are either sublicensed or resold by Defy to Client.

2. ORDER. Defy shall provide the Services and/or Third-Party Products to Client as set forth in the relevant Order. Client must be the end user. No resale by Client is allowed hereunder. Each Order shall describe the specific Services to be purchased, if any, including any Defy Resources and/or Sublicenses; service descriptions and/or service level agreements, as applicable; Third Party Products, if any; License Agreement(s), as applicable; fees and expenses; and such other specifications as the Parties may mutually agree. Each Order, when fully executed, shall be deemed to incorporate all the Terms herein (unless any provisions of these Terms are excluded or modified in the Order).
3. SERVICE DESCRIPTION AND SERVICE LEVEL MANAGEMENT DESCRIPTION. Copies of relevant Service documentation, including any applicable service description(s), service level management description(s), and service level agreement(s) will be referenced in the Order and made available to Client for review during the sales process. These documents are subject to change and are updated by Defy when necessary as processes and technology change.
4. CHANGE IN SCOPE OF SERVICES. In the event that unforeseen factors change the scope of Services and/or impact the term and cost of the Services, Client and Defy may mutually revise the Order, and Defy shall provide Client with an estimate of the impact of such revisions on the fees, payment terms, completion schedule, and other applicable provisions of the Order. If the Parties mutually agree to such changes, a written description of the agreed change (“Change Order”) shall be prepared, incorporating such changes to the original Order; the Change Order will not be effective unless signed by an authorized representative of both Parties. The terms of a Change Order prevail over those of the Order.
5. FEES AND INVOICING.
a. Fees. Fees for the Services and/or prices for Third-Party Products, as applicable, shall be specified in each relevant Order. Client agrees to pay Defy the fees set forth in each Order. Unless otherwise specified in the Order, Client agrees to reimburse Defy for actual, reasonable travel and living expenses incurred by Defy in connection with the performance of Services. Expenses are subject to the Defy Travel Policy, available upon request.
b. Taxes. All amounts payable by Client to Defy hereunder are exclusive of any sales, use and other taxes or duties, however designated, including without limitation, royalties, know-how payments, customs, privilege, excise, sales, use, value-added and property taxes (collectively “Taxes”). Client shall be solely responsible for payment of any Taxes, except for those taxes based on the income of Defy. Client will not withhold any Taxes from any amounts due to Defy. In any case where a state imposes a tax on Client that Defy is required to bill for, Client will be liable to pay that tax as part of the scheduled payments to Defy.
c. Invoices. Defy shall invoice Client for Services in accordance with the applicable Order. Defy shall invoice Client for Third- Party Products when such Third-Party Products are shipped or are otherwise made available to Client for access or download. Unless otherwise set forth in the Order, Defy’s invoices are due and payable by Client in full within thirty (30) days from the invoice date. Undisputed invoices not paid within thirty (30) days from the invoice date will bear interest from the due date until paid at a rate of one and one-half percent (1.5%) per month or the maximum rate permitted by law, whichever is less. Client shall also be responsible for all collection costs incurred by Defy in connection with past due undisputed invoices.
6. TERM AND TERMINATION.
a. Service Term and Renewals. Defy shall perform Services during the initial term set forth in the Order (“Initial Term”). Unless otherwise expressly stated in the Order, and until either Party gives the other Party written notice of its intent not to renew at least thirty (30) days prior to the expiration of the then-current term, Orders for Service will automatically renew for additional periods of one (1) year each (“Renewal Term(s)”) at Defy’s then-applicable Service fees.
b. Termination for Cause. Either Party shall have the right to terminate an Order for Services for cause if (a) the non-breaching Party notifies the other within thirty (30) days of the other’s breach, and (b) the breaching Party fails to cure any material breach of the Service Order within thirty (30) days after its receiptof written notice of such breach. Defy may cure a material breach of Services, at Defy’s sole option, by either (i) re-performing any defective or non-conforming Services, or (ii) refunding any amount paid by Client to Defy for the Services that are deemed to be defective or non-conforming. If Client terminates the Order for cause for Defy’s failure to cure, Defy shall refund to Client the pro-rated portion of any prepaid Services fees, rounded down to the next whole month, corresponding to Services not yet performed. Termination of the Order does not release either Party from any liability which, at the time of termination, has already accrued to the Party. Activation fees and expenses, if any, associated with the establishment of Services will be set forth in the Order and are non-
refundable.
c. Early Cancellation of Services. If Client cancels an Order for Service, or any portion thereof, prior to the end of the current term (for any reason other than for an uncured material breach by Defy), Client agrees to pay Defy an early cancellation fee equal to the amount of remaining fees that would have been due and payable had the Service Order been performed for the entire term.
d. Cancellation of Product Orders and Return of Products. Orders for Third-Party Products are non-cancellable and are binding and irrevocable once issued by Client and accepted by Defy.
e. Device Return. Upon cancellation, termination or expiration of an Order for Services, Client will return all Defy-provided equipment and devices (“Devices”) in good condition (less normal wear and tear) to a location designated by Defy within fifteen (15) calendar days after the cancellation, termination or expiration date. If Defy has not received such Defy-provided

Devices within thirty (30) days after cancellation, termination or expiration of the Order, Defy shall invoice Client, and Client shall promptly pay, for the manufacturer’s suggested retail price of such property. For purposes of clarification, “device(s)” do not include any Third-Party Product resold by Defy and licensed directly to Client by a Vendor.
7. CLIENT POLICIES. While on Client’s premises, or if Defy or Defy’s agents are given access to Client’s computing equipment, applications, or network, Defy shall and shall cause Defy’s agents to abide by the applicable and reasonable policies and procedures of Client, including safety, security, and data privacy and handling policies, referenced in the applicable Order. However, Defy will not provide Defy or Defy’s agents’ employee CPNI/PII data, including but not limited to SSN, last 4 digits of SSN, date of birth, etc. to Client. If applicable and reasonable given the scope of the engagement, Defy may provide employee names (first and last) and e-mail addresses, solely for the purposes of managing devices on Client’s network.
8. THIRD PARTY PROVIDERS. The Services and Third-Party Products provided hereunder may contain features capable of interoperating with third-party applications and systems. To use certain features of the Services and/or Third-Party Products, Client may be required to obtain access to such applications or systems from a third-party provider (“3PP”). Notwithstanding any language contained herein to the contrary, Defy is not responsible for any limitations, lack of capability, availability, compatibility, responsiveness or general degradation of Service(s) arising from the use of a 3PP. In addition, Defy is not responsible for Client’s access to, operation or maintenance of third-party applications not sold to Client by Defy. If Client is utilizing a 3PP, then it shall (i) provide the 3PP a copy of the relevant service description and/or service level management description, if any; (ii) be responsible for notifying and coordinating between Defy and the 3PP regarding any scheduled downtime, maintenance windows, etc., as necessary; and (iii) provide Defy the ability to open support tickets and communicate directly with the 3PP on behalf of Client as may be requested from time to time.
9. CLOUD SERVICE PROVIDER FEES. In the event that Client utilizes a third party cloud service provider (e.g. Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud, or other cloud service provider of a similar nature) in connection with the Services, Client shall be liable for all fees due to such cloud service provider, howsoever arising, regardless of whether such fees are impacted by Defy’s provision of the Services hereunder.
10. CYBER SECURITY INCIDENT. In the event the Services performed by Defy hereunder involve Defy’s continuous monitoring of any portion of the Client’s cyber security environment, and a Cyber Security Incident (defined below) occurs in that environment during the time that Defy is performing such Services, Client agrees to reasonably cooperate with Defy, including granting Defy access to Client’s systems as necessary to reduce impact and determine the cause and scope of the incident. “Cyber Security Incident” means a violation or imminent threat of violation of cyber security policies, acceptable use policies, or standard cyber security practices which results in misuse, damage, denial of service, compromise of integrity, or loss of confidentiality of a network, computer, application, or data. Defy and its Affiliates, directors, officers, employees, and agents will not be liable or responsible for Cyber Security Incidents, third party hacking attempts or attacks, viruses, malware and similar software programs, and denial of service attacks.
11. WARRANTIES.
a. Defy Representations, Warranties, and Covenants.
i. General. Defy represents and warrants to Client that (i) these Terms have been validly executed and delivered by Defy and that these Terms constitute the legal, valid, and binding obligation of Defy enforceable against Defy, (ii) Defy has all requisite corporate power and authority to enter into these Terms and to carry out the transactions contemplated by these Terms, (iii) the execution, delivery, and performance of these Terms and the consummation of the transactions contemplated by these Terms have been duly authorized by all requisite corporate action on the part of Defy, (iv) Defy’s execution and delivery of these Terms and Defy’s performance or compliance with these Terms will not conflict with, result in a breach of, constitute a default under, or require the consent of any third party under any license, sublicense, lease, contract, agreement, or instrument to which Defy is bound or to which Defy’s properties are subject, and (v) there are no pending or threatened lawsuits, actions, or any other legal or administrative proceedings against Defy which, if adversely determined against Defy, would have a material adverse effect on Defy’s ability to perform its obligations under these Terms.
ii. Third-Party Product. Defy warrants that it has full right, power, and authority to sublicense the Sublicenses and to resell the Third-Party Products to Client, and that the Third-Party Products are free and clear of all liens and similar encumbrances of any kind.
iii. Defy Resource Performance. Defy warrants that Defy Resources, when used as permitted by Defy and in accordance with the instructions in the documentation, will operate substantially as described in the Order. Defy will, at its own expense, use commercially reasonable efforts to (a) correct any reproducible error that Client reports to Defy in writing regarding an Defy Resource, or (b) replace the defective Defy Resource. In the event that Defy, in its sole discretion, may not achieve either (a) or (b) as a remedy for breach of this warranty, Defy agrees to accept return of the non-conforming Defy Resource, terminate the Order related thereto, and refund Client all prepaid fees related to the non-conforming Defy Resource.

iv. Service Performance. Defy shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions in the Services and shall perform Services in a professional and workmanlike manner in accordance with applicable laws and governmental regulations. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Defy or by third-party Vendors, or because of other causes beyond Defy’s reasonable control, but Defy shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption. HOWEVER, DEFY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES.
v. Disclaimers of Warranty. DEFY WILL NOT BE RESPONSIBLE FOR NONCONFORMITIES IN SERVICE ARISING FROM INACCURATE OR INCOMPLETE DATA OR INFORMATION PROVIDED BY CLIENT, FOR FAILURES OR DELAYS CAUSED BY CLIENT’S FAILURE TO PERFORM ITS OBLIGATIONS UNDER THE ORDER OR THESE TERMS, OR FOR FAILURES, DAMAGES OR DELAYS CAUSED BY THIRD PARTY PROVIDERS, THIRD PARTY VENDORS, OR THIRD-PARTY PRODUCTS. EXCEPT AS EXPRESSLY PROVIDED HEREIN, THE SERVICES ARE PROVIDED “AS-IS” AND DEFY HEREBY WAIVES AND DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON- INFRINGEMENT.
b. Client’s Representations, Warranties, Covenants and Responsibilities.
i. General. Client represents and warrants to Defy that (i) these Terms have been validly executed and delivered by Client and that these Terms constitute the legal, valid, and binding obligation of Client enforceable against Client, (ii) Client has all requisite corporate power and authority to enter into these Terms and to carry out the transactions contemplated by these Terms, and (iii) the execution, delivery, and performance of these Terms and the consummation of the transactions contemplated by these Terms have been duly authorized by all requisite corporate action on the part of Client. In addition, Client represents, warrants, and agrees that Client is solely responsible for: (A) Client’s information security program, environment, controls, and processes, (B) making all management decisions related to Client’s information security program, environment, controls, and processes, (C) the decision whether to implement, and the actual implementation, of any recommendations made by Defy, and (D) determining the sufficiency of any Services or Third-Party Products purchased by Client.
ii. Services. Client agrees to cooperate with Defy in the performance of the Services. Client represents and warrants that it will (i) comply with all relevant security industry standards and practices, and (ii) use the Services only in compliance with Defy’s standard published policies then in effect and all applicable laws and regulations. Client shall be responsible for obtaining and
maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Client shall also be responsible for maintaining the security of the Equipment, Client account, passwords (including but not limited to administrative and User passwords) and files, and for all uses of Client account or the Equipment with or without Client’s knowledge or consent.
iii. Third-Party Products. Client acknowledges that (i) it has made the selection of the Third-Party Products based on its own judgment and expressly disclaims any reliance upon statements made by Defy, (ii) Client’s use of the Third-Party Products is subject to the applicable Vendor’s end user license agreement, service level agreement, terms of use or service, or other end user agreements or documents, (iii) the only representations, warranties, indemnities, and other terms relating to the Third-Party Products are those offered by the applicable Vendor, and Defy will have no responsibility in connection therewith, (iv) it expressly waives any claim against Defy based upon any infringement or alleged infringementof any patent, copyright, trademark, or other intellectual property rights with respect to the Third- Party Products, and (v) it assumes all responsibility for ensuring that the Third-Party Products are used in accordance with all applicable laws and regulations.
12. INTELLECTUAL PROPERTY OWNERSHIP. Deliverables, as specified in an Order, shall be the property of Client. To the extent Defy Intellectual Property is incorporated into any Deliverables, Defy grants to Client an irrevocable, nonexclusive, royalty-free, limited license for Client to use Defy Intellectual Property to the extent necessary to use such Deliverable for its intended internal purposes only. All Defy Intellectual Property is and shall remain the sole and exclusive property of Defy. Client shall not have or acquire any right, claim, title, or interest in or to any Defy Intellectual Property. Client acknowledges that Defy may (a) retain archival copies of any and all derivative works of Deliverables and work product and (b) may use and disclose general statistics and non-Client identifiable information regarding vulnerabilities and security issues but only if the identity of the Client is not disclosed and cannot be reasonably ascertained or inferred. Upon the request of the other Party, each Party shall take such actions, and shall cause its personnel to take such actions, including execution and delivery of all documents, as may be appropriate or desirable to confirm such rights. The information contained in the Defy Resources is Confidential Information of Defy, contains trade secrets, and is proprietary know-how belonging to Defy. Client is granted access to the Defy Resources and Sublicense subject to Client’s obligation to hold the information provided in confidence. Further, the presence of copyright notices on the Confidential Information does notconstitute publication or otherwise impair the confidentialnature thereof. Client

agrees not to use, print, copy, provide, or otherwise make available, in whole or in part, anyportion ofthe Confidential Information or modifications of it or related material except in accordance with these Terms.
13. LIMITED LICENSE GRANT AND RESTRICTIONS- DEFY RESOURCES AND SUBLICENSES.
a. License and Ownership. Defy grants to Client a non-exclusive, nontransferable, non-assignable, limited right and license to access and use specified Defy Resources or Sublicenses, as applicable. Notwithstanding anything to the contrary in these Terms, Defy, its licensors and/or Vendors, as applicable, own and retain all right, title and interest in and to the Defy Intellectual Property, as well as the Intellectual Property Rights in the Defy Property and Sublicensed Property including any enhancements, modifications or derivative works thereof. Client retains all ownership rights to Client Data and Client Content. Unless a particular right is expressly granted herein, it is expressly excluded from this license.
b. Restrictions. Client may only use the Defy Resources and the Sublicenses for its own lawful, internal business purposes. Except as expressly permitted by these Terms or the executed Order, Client will not, and will not allow any third party to:
(a) copy, modify, adapt, alter, translate, or create derivative works of the Defy Resources or Sublicenses; (b) sell, resell, lend, loan, lease, license, operate as a service bureau, managed service, sublicense or transfer the Defy Resources or Sublicenses; (c) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code for the Defy Resources or Sublicenses (except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation); (d) knowingly take any action that would cause the Defy Resources or Sublicenses to be placed in the public domain; (e) remove, alter or obscure any proprietary notices of Defy, its licensors or Vendors included in the Defy Resources, Sublicenses or Order documents; or (f) use the Defy Resources or Sublicenses for timesharing or service bureau purposes or otherwise for the benefit of a third party, or remove any proprietary notices or labels. Client will not allow any access to or use of the Defy Resources or Sublicenses by anyone other than Client, or its employees, contractors or agents, and any such use must be consistent with the terms, conditions and restrictions set forth in these Terms. Client will be responsible for its Users’ compliance with these Terms and liable for its Users’ breach thereof. Client will ensure that it has obtained all necessary consents and approvals for Defy to access Client Data for the purposes permitted under these Terms. If Client is in breach of this Section, and such breach is not cured in accordance with these Terms, Defy may suspend access to the Defy Resources and/or Sublicenses, in addition to any other rights and remedies Defy may have at law or in equity.
14. IMPORT/EXPORT. Client acknowledges that the Defy Resources, Sublicenses, and Third-Party Products, as well as any technical data related thereto, may be subject to Export Control Laws and Client hereby agrees not to export, re-export, or otherwise distribute such products in violation of any Export Control Laws. Client warrants that it will not purchase, export, or re-export any Defy Resources, Sublicenses, or Third-Party Products with knowledge theywillbe used in the design, development, production, or use ofchemical, biological, nuclear, or ballistic weapons, or in a facility engaged in suchactivities, unless permitted by applicable laws. Client further warrants it will not export or re-export, directly or indirectly, any such products to embargoed countries or transfer or sell such products to companies or individuals listed on applicable restricted parties lists including, without limitation, the Denied Persons List published by the United States Department of Commerce and the Specially Designated National List published by the United States Department of the Treasury, or otherwise violate any applicable law or regulation.
15. RISK OF LOSS AND TITLE TO THIRD-PARTY PRODUCTS. Title to Third-Party Products shall vest in Client upon delivery to the carrier for shipment (FOB shipping point). Defy will ship and deliver the Third-Party Products to the Client’s specified place of delivery using a carrier selected by Defy; provided, however, that Client shall be responsible for clearing any necessary customs with respect to the Third-Party Products. Client shall bear the risk of loss, damage, and destruction from every cause once the Third-Party Products have been delivered to the carrier. Client shall unload and inspect the Third-Party Products upon delivery, and Client shall be responsible for notifying Defy of any defect or damage to the Third-Party Products or of any claim arising hereunder within five (5) days of the delivery of the Third-Party Products. Client’s failure to advise Defy of such defect, damage, or claim within the specified time period will release Defy and the carrier from any liability for damages related thereto.
16. CONFIDENTIAL INFORMATION.
a. Obligations. The Receiving Party agrees not to disclose or use any Confidential Information of the Disclosing Party in violation hereof and to use Confidential Information of the Disclosing Party solely for the purposes hereof. Upon demand by the Disclosing Party, the Receiving Party shall return to the Disclosing Party all copies of the Disclosing Party’s Confidential Information in the Receiving Party’s possession or control and destroy all derivatives and other vestiges of the Disclosing Party’s Confidential Information; provided that the Receiving Party may retain one archival copy solely for the purpose of administering its obligations under the Order. All Confidential Information of the Disclosing Party shall remain the exclusive property of the Disclosing Party. The Receiving Party may disclose Confidential Information of the Disclosing Party to its employees, officers, directors and representatives who have a reasonable need to know such Confidential Information in connection with the Services. Notwithstanding anything to the contrary, Defy shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Client Data and data derived therefrom), and Defy will be permitted to: (i) use such information and data to improve and enhance the Services and for

other development, diagnostic and corrective purposes solely in connection with the Services and other Defy offerings and for no other purposes whatsoever; and (ii) disclose such data solely in aggregate or other de-identified form in connection with its business. No rights or licenses are granted except as expressly set forth herein.
b. Injunction. Both Parties agree that violation of any provision of this Section would cause the Disclosing Party irreparable injury for which it would have no adequate remedy at law, and that the Disclosing Party will be entitled to seek immediate injunctive relief prohibiting such violation, in addition to any other rights and remedies available to it.
17. INDEMNIFICATION.
a. General. Except to the extent caused by the acts, errors or omissions of the indemnified Party, each Party shall indemnify, defend and hold harmless the other Party and its Affiliates and their respective officers, directors, employees and agents from and against third party claims made against the indemnified Party for death, bodily injury or physical damage to or loss or destruction of any real or tangible personal property to the extent caused by the indemnifying Party’s gross negligence or willful misconduct.
b. IP Infringement. Defy shall hold Client harmless from liability to third parties resulting from infringementby the Services of any United States patents issued before delivery of such Services or any copyright or misappropriation of any trade secret, provided Defy is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement. Defy will not be responsible for any settlement it does not approve in writing. The foregoing obligations do not apply with respect to Services or portions or components thereof: (i) not supplied by Defy, (ii) made in whole or in part in accordance to Client specifications, (iii) that are modified by Client after delivery, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination which was unauthorized by Defy, (v) where Client continues use of the infringing Services following Defy’s supplying a modified, amended or replacement version of the Services, or (vi) where Client’s use of such Services is not strictly in accordance with these Terms. Client will reimburse Defy for any reasonable out-of-pocket expenses incurred by Defy if the cause of the infringement is attributable to Client’s actions as stated in this paragraph. In the event of such a claim, action or allegation being brought or threatened or in the event an injunction is issued or threatened, Defymay, at its sole option and expense, either procure for Client the right to continue to use the Services, modify or replace the Services so as to avoid infringement, or accept the return of the infringing Services and return the license fee paid for such infringing Services. THE PROVISIONS OF THIS SECTION SET FORTH DEFY’S SOLE AND EXCLUSIVE OBLIGATIONS, AND CLIENT’S SOLE AND EXCLUSIVE REMEDIES, WITH RESPECT TO INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS AND/OR PROPRIETARY RIGHTS OF ANY KIND.
c. Client’s Use of Services . Client represents, covenants, and warrants that Client will use the Services (including but not limited to Sublicenses) only in compliance with these Terms, any relevant Service descriptions related to the Order and all applicable laws and regulations. Client hereby agrees to defend, indemnify and hold harmless Defy and applicable developers of the Sublicenses against any third party claims for damages, losses, liabilities, settlements and expenses (including reasonable costs and attorneys’ fees) in connection with any claim or action that arises from an alleged violation based on Client’s gross negligence or willful misconduct or otherwise from Client’s use of Services. Although Defy has no obligation to monitor Client’s use of the Services, Defy may do so and may prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing.
18. LIMITATION OF LIABILITY. IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES, VENDORS OR SUPPLIERS, OR ANY OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS, BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES, WHETHER IN CONTRACT OR IN TORT OR UNDER ANY OTHER LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, STRICT LIABILITY AND NEGLIGENCE), FOR LOST PROFITS OR REVENUES, LOSS OF USE OR LOSS OR CORRUPTION OF DATA, FOR EQUIPMENT OR SYSTEMS OUTAGES OR DOWNTIME, OR FOR ANY INDIRECT, SPECIAL, EXEMPLARY, PUNITIVE, MULTIPLE, INCIDENTAL, CONSEQUENTIAL OR SIMILAR DAMAGES, ARISING OUT OF OR IN CONNECTION WITH THE ORDER OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL DEFY’S, DEFY’S AFFILIATES’, THEIR VENDORS OR SUPPLIER’S, OR THEIR RESPECTIVE OFFICERS’, DIRECTORS’, EMPLOYEES’ OR AGENTS’ AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THESE TERMS, THE SERVICES, THE DEFY RESOURCES AND SUBLICENSES, THE THIRD- PARTY PRODUCTS, THE ORDER AND OTHERWISE (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE AND INTENTIONAL ACTS OR OMISSIONS) EXCEED THE AMOUNT OF FEES ACTUALLY PAID BY CLIENT TO DEFY FOR THE SPECIFIC SERVICES OR THIRD-PARTY PRODUCTS DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF THE EVENT GIVING RISE TO SUCH CLAIM. NO ACTION REGARDING THE SERVICES OR THIRD-PARTY PRODUCTS, OTHER THAN WITH RESPECT TO PAYMENTS HEREUNDER, MAY BE BROUGHT MORE THAN ONE (1) YEAR AFTER THE FIRST TO OCCUR OF EITHER (A) THE CONCLUSION OF SERVICES OR DELIVERY OF THIRD-PARTY PRODUCTS UNDER THE ORDER, OR (B) THE CLAIMANT PARTY’S KNOWLEDGE OF THE EVENT GIVING RISE TO SUCH CAUSE OF ACTION.
19. INSURANCE. The Parties agree to carry and maintain in force at all times during the term of the Services insurance coverage with minimum policy limits as follows: (i) workers’ compensation with limits as prescribed by applicable state law and

Employer’s Liability with limits of $1,000,000.00 per accident and in the aggregate, (ii) commercial general liability with limits of
$1,000,000 per occurrence and $2,000,000 in the aggregate, and (iii) professional liability and cyber liability with limits of
$2,000,000 in the aggregate. The Parties agree to provide to each other certificates of insurance evidencing coverage upon request
20. FORCE MAJEURE. Neither Party shall be liable for delays, failure to meet its obligations under these Terms, or damages of any kind due to events, circumstances, or causes beyond its reasonable control or otherwise related to war, terrorism, riots, acts of God, floods, pandemics, fire, earthquakes, hacking attempts or attacks, systems or data not within Defy’s control, viruses, malware, and similar software programs, and denial of service attacks and other malicious conduct. The nonperforming Party must promptly notify the other Party of such event, circumstance, or cause and take all reasonable steps to recommence performance promptly. Notwithstanding the foregoing, no such events, circumstances, or causes shall excuse Client’s obligation to pay undisputed amounts when due hereunder.
21. NON-SOLICITATION. Client agrees that it and its Affiliates, and their employees, will not, either during or for a period of twelve
(12) months after termination or expiration of the Order, solicit to hire as an employee or contractor any of Defy’s and/or Defy’s Affiliates’ employees. Publication of open positions in media of general circulation (e.g., Internet website job postings) will not constitute solicitation of employees. If Client or one of its Affiliates hires any employee(s) of Defy and/or Defy’s Affiliates prior to expiration of the twelve (12) month period, as an employee or contractor, Client agrees to pay to Defy or Defy’s Affiliate, as applicable, within thirty (30) days of the hiring date, an amount equal to the person’s annual compensation (including bonuses) at Defy or Defy’s Affiliate at the time of the employee’s departure therefrom.
22. STAFFING AND LOCATION. Defy intends to utilize personnel who are employees of Defy in provision of Services. However, Defy may utilize, in performance of the Services, staff augmentation consultants who are used by Defy in its normal course of business and subcontractor personnel. Unless otherwise expressly stated in the Order, the Services may be rendered at Client’s facilities, Defy’s facilities or at other suitable locations within Defy’s discretion.
23. DEFY’S AFFILIATES. Defy’s Affiliates and/or employees or consultants of Defy’s Affiliates may provide Services under the Order. Such Affiliates and/or their employees or consultants who provide Services will be subject to these Terms. Only the entity who provides Services will be liable under these Terms with respect to such Services. There shall be no joint and several liability with respect to entities that do not provide Services under these Terms.
24. THIRD PARTY BENEFICIARIES. Notwithstanding anything to the contrary herein, Client hereby agrees that for any software, hardware or service sublicensed by Defy to Client hereunder, the developer or Vendor of such software, hardware or service will be deemed a third party beneficiary of these Terms.
25. ASSIGNMENT. Except as otherwise set forth in these Terms, neither Party may assign the Order or these Terms without the prior written consent of the other Party. Notwithstanding the foregoing, either Party may assign the Order or these Terms without consent to any parent, subsidiary or other Affiliate, in connection with a merger involving any of its Affiliates or in connection with an acquisition of all or substantially all of such Party’s assets or equity interests. In addition, Defy may assign the Order or these Terms to an Affiliate.
26. NOTICES. All notices and other communications hereunder will be in writing and deemed delivered one (1) day after being sent by a nationally recognized overnight courier service or three (3) days after being sent certified U.S. mail, return receipt requested, postage prepaid. All notices and other communications hereunder will be given to the Party at the address indicated in the Order.
27. GOVERNING LAW. The Order and these Terms will be governed by, and construed and enforced in accordance with, the laws of the State of Pennsylvania, excluding conflicts of law principles. Exclusive jurisdiction for any lawsuit or claim in connection with the Order and these Terms shall be in the state or federal courts of the State of Pennsylvania.
28. EXECUTION IN COUNTERPARTS. The Order may be executed in any number of counterparts, each of which shall be deemed an original, and all of which shall incorporate these Terms as if set out in full text and together shall constitute one and the same agreement. Delivery of an executed counterpart of the Order by electronic transmission or any other reliable means shall be effective for all purposes as delivery of a manually executed original counterpart. Either Party may maintain a copy of these Terms and the Order in electronic form.
29. MISCELLANEOUS. These Terms are made a part of and incorporated into the Master Purchase Agreement or Master Service Agreement, as applicable, and the Order. The Order, and the Master Purchase Agreement or Master Service Agreement, as applicable, and these Terms constitute the entire agreement between the Parties with respect to its subject matter. Where an executed Master Purchase Agreement, Master Service Agreement or Master Agreement for Products and Services has not been executed by the Parties, Client agrees that these Terms will supersede, terminate and replace all other prior agreements between the Parties or their predecessors in interest in their entirety. These Terms shall govern in the event of a direct conflict with the Order. During the term of the Order, a purchase order, acknowledgment form or similar routine document may be used. The Parties agree that any provisions of such routine documents, which purport to add to or change, or which conflict

with the provisions of the Order or these Terms shall be deemed deleted and have no force or effect. No forbearance, failure or delay in exercising any right, power or privilege is waiver thereof. In the event a court of competent jurisdiction holds any provision of the Order or these Terms invalid or unenforceable, the remainder of the Order and these Terms will continue in effect. Each Party agrees that it will not, without prior written consent of the other Party, use in advertising or other publicity the name of the other Party. Neither Party is liable for non-performance under the Order and these Terms to the extent to which the non-performance is caused by events or conditions beyond that Party’s control; provided, however, this shall not apply to either Party’s obligations with respect to payments pursuant to the terms of the Order and these Terms.

Defy Security General Terms and Conditions of Purchase – 10/11/22