Terms & Policies
Last updated: September 20, 2024
Please read these terms and conditions carefully before using Our Service.
Interpretation and Definitions
Interpretation
Definitions
- Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- Country refers to: California, United States
- Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Cloud Defense AI, 579 University Ave, Palo Alto, CA 94301.
- Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
- Service refers to the Website.
- Terms and Conditions (also referred as “Terms”) mean these Terms and Conditions that form the entire agreement between You and the Company regarding the use of the Service.
- Third-party Social Media Service means any services or content (including data, information, products or services) provided by a third-party that may be displayed, included or made available by the Service.
- Website refers to CloudDefense.AI, accessible from http://clouddefense.ai
- You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Acknowledgment
These are the Terms and Conditions governing the use of this Service and the agreement that operates between You and the Company. These Terms and Conditions set out the rights and obligations of all users regarding the use of the Service.
Your access to and use of the Service is conditioned on Your acceptance of and compliance with these Terms and Conditions. These Terms and Conditions apply to all visitors, users and others who access or use the Service.
By accessing or using the Service You agree to be bound by these Terms and Conditions. If You disagree with any part of these Terms and Conditions then You may not access the Service.
You represent that you are over the age of 18. The Company does not permit those under 18 to use the Service.
Your access to and use of the Service is also conditioned on Your acceptance of and compliance with the Privacy Policy of the Company. Our Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your personal information when You use the Application or the Website and tells You about Your privacy rights and how the law protects You. Please read Our Privacy Policy carefully before using Our Service.
Links to Other Websites
Our Service may contain links to third-party web sites or services that are not owned or controlled by the Company.
The Company has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services. You further acknowledge and agree that the Company shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods or services available on or through any such web sites or services.
We strongly advise You to read the terms and conditions and privacy policies of any third-party web sites or services that You visit.
Termination
We may terminate or suspend Your access immediately, without prior notice or liability, for any reason whatsoever, including without limitation if You breach these Terms and Conditions.
Upon termination, Your right to use the Service will cease immediately.
Limitation of Liability
Notwithstanding any damages that You might incur, the entire liability of the Company and any of its suppliers under any provision of this Terms and Your exclusive remedy for all of the foregoing shall be limited to the amount actually paid by You through the Service or 100 USD if You haven’t purchased anything through the Service.
To the maximum extent permitted by applicable law, in no event shall the Company or its suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever (including, but not limited to, damages for loss of profits, loss of data or other information, for business interruption, for personal injury, loss of privacy arising out of or in any way related to the use of or inability to use the Service, third-party software and/or third-party hardware used with the Service, or otherwise in connection with any provision of this Terms), even if the Company or any supplier has been advised of the possibility of such damages and even if the remedy fails of its essential purpose.
Some states do not allow the exclusion of implied warranties or limitation of liability for incidental or consequential damages, which means that some of the above limitations may not apply. In these states, each party’s liability will be limited to the greatest extent permitted by law.
“AS IS” and “AS AVAILABLE” Disclaimer
The Service is provided to You “AS IS” and “AS AVAILABLE” and with all faults and defects without warranty of any kind. To the maximum extent permitted under applicable law, the Company, on its own behalf and on behalf of its Affiliates and its and their respective licensors and service providers, expressly disclaims all warranties, whether express, implied, statutory or otherwise, with respect to the Service, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement, and warranties that may arise out of course of dealing, course of performance, usage or trade practice. Without limitation to the foregoing, the Company provides no warranty or undertaking, and makes no representation of any kind that the Service will meet Your requirements, achieve any intended results, be compatible or work with any other software, applications, systems or services, operate without interruption, meet any performance or reliability standards or be error free or that any errors or defects can or will be corrected.
Without limiting the foregoing, neither the Company nor any of the company’s provider makes any representation or warranty of any kind, express or implied: (i) as to the operation or availability of the Service, or the information, content, and materials or products included thereon; (ii) that the Service will be uninterrupted or error-free; (iii) as to the accuracy, reliability, or currency of any information or content provided through the Service; or (iv) that the Service, its servers, the content, or e-mails sent from or on behalf of the Company are free of viruses, scripts, trojan horses, worms, malware, timebombs or other harmful components.
Some jurisdictions do not allow the exclusion of certain types of warranties or limitations on applicable statutory rights of a consumer, so some or all of the above exclusions and limitations may not apply to You. But in such a case the exclusions and limitations set forth in this section shall be applied to the greatest extent enforceable under applicable law.
Governing Law
Disputes Resolution
For European Union (EU) Users
United States Legal Compliance
Severability and Waiver
Severability
Waiver
Translation Interpretation
Changes to These Terms and Conditions
We reserve the right, at Our sole discretion, to modify or replace these Terms at any time. If a revision is material We will make reasonable efforts to provide at least 30 days’ notice prior to any new terms taking effect. What constitutes a material change will be determined at Our sole discretion.
By continuing to access or use Our Service after those revisions become effective, You agree to be bound by the revised terms. If You do not agree to the new terms, in whole or in part, please stop using the website and the Service.
Contact Us
If you have any questions about these Terms and Conditions, or if you want to change/delete your email, You can contact us:
By email: support@clouddefense.ai
Last updated: September 20, 2024
Please read this policy carefully before using our website. This privacy policy (the “Policy”) aims to give you information on how CloudDefense.AI collects and processes your personal data through your use of this website, including any data you may provide through this website or use or purchase our product or service.
Should you still have questions or concerns after you have read this Privacy Policy, please contact us at support@clouddefense.ai
We may collect and process the following data about you:
Information you give us. You may give us information about you by filling in forms on our Platform, when you log in to the Platform, or by corresponding with us by phone, e-mail, chat, or otherwise. This includes (but is not limited to) information you provide when you use our service and when you report a problem with our Platform or the services available on it. The information you give us will depend on the circumstances but, as you are giving it to us, you will always know what information we are receiving.
We may keep a record of that correspondence or information in accordance with our Data Deletion and Retention Policy in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement and/or nuisance caller management, or otherwise as may be required by law.Please note that we do not collect payment information from you. This will be collected directly from you by our third-party payment processor.Information we collect about you. We may collect the following information about you:
- your contact details (phone number, address, email address).
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Platform (including date and time); webpage identifier; what you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), metadata information about the payload and page; analytical data; information about the DOM and mutation events; comments you choose to publicly provide; and methods used to browse away from the page and any phone number used to call our customer service number.
- Information we receive from other sources. We may receive information from the third-party authentication provider about you, including your GitHub, Bitbucket, Google, or Docker username and your email address. We are also working closely with other third parties (including, for example, business partners, service providers, sub-contractors in technical and payment services, advertising networks, analytics providers, search information providers and recruitment agencies) and may receive information about you from them. If you use the Platform while working for one of our customers, we will receive information (such as your email address, to create an account for you) from that customer. If you work for an organization, we may receive your name and contact details from partners who identify potential customers for our services (including attendees at events we sponsor).
Personal Data
Data processing in connection with subscriptions or registrations to our Service.
Disclosure of your information.
- business partners, service providers and sub-contractors for the performance of any contract we enter into with them or you;
- service providers acting as processors who provide IT, customer management, recruitment administration and system administration services;
- analytics and search engine providers that assist us in the improvement and optimization of our Platform.
We may disclose your personal data to certain third parties in the following circumstances:
- if we have your permission to do so;
- third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may access and use your personal data;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms applicable to the CloudDefense.AI service and any other documents referred to in them; or to protect the rights, property, or safety of CloudDefense.AI, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
- To third parties to market their products or services to you if you have consented. We contractually require these third parties to keep personal data confidential and use it only for the purposes for which we disclose it to them.
We may disclose your personal data to certain third parties in the following circumstances:
Your Personal Data (as described above) will be retained until: (i) it is no longer reasonably necessary for the purposes described in this Privacy Policy, unless a longer storage period is required by applicable law or by our Customer; or (ii) you send a valid deletion request.
Data collected when visiting our website is regularly stored for a period of 365 days.
How we protect your personal data
Your Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
If you wish to exercise any of the rights set out below, please contact us at support@clouddefense.ai
You have the right to:
- Request correction of the personal data that we hold about you. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Change of ownership
Legal Basis for our processing personal data
Applicable under California Law
Changes to our Privacy Policy
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to link your activities with other personal information they or others may have, such as your email or home address. This information may be used by us (or our service providers) to send communications and marketing materials to these email or home addresses. If you prefer not to receive these communications, you can opt out by emailing us at support@clouddefense.ai
SOFTWARE LICENSE AGREEMENT
CLOUDDEFENSE.AI, JANUARY 2024
PLEASE READ THE FOLLOWING LICENSE AGREEMENT BEFORE INSTALLING AND USING THE CLOUDDEFENSE.AI
SOFTWARE PROGRAM (THE “SOFTWARE”) ASSOCIATED WITH THIS AGREEMENT.
CLICKING ON THE “LOGIN OR YES” BUTTON IN RESPONSE TO THE ELECTRONIC LICENSE AGREEMENT ENQUIRY AS TO
ACCEPTANCE OF THE TERMS OF THIS LICENSE AGREEMENT, INSTALLING OR DOWNLOADING THE SOFTWARE,
INDICATES ACCEPTANCE OF AND AGREEMENT TO, AND LEGALLY BINDS YOU, YOUR EMPLOYER (COLLECTIVELY THE
“LICENSEE”) AND CLOUD APPLICATION SECURITY INC., (COLLECTIVELY “CLOUDDEFENSE.AI”), TO THE TERMS AND
CONDITIONS OF THIS LICENSE AGREEMENT (INCLUDING ANY TERMS, CONDITIONS AND RESTRICTIONS CONTAINED IN
ANY ORDER RELATING TO THE SOFTWARE). IF THE LICENSEE DOES NOT ACCEPT AND AGREE TO THE TERMS AND
CONDITIONS OF THIS LICENSE AGREEMENT THEN EITHER DO NOT DOWNLOAD, INSTALL OR OTHERWISE USE THE
SOFTWARE.
THE RIGHT TO USE THE SOFTWARE IS CONDITIONAL UPON ACCEPTANCE OF THIS AGREEMENT, UNLESS THE LICENSEE
HAS ENTERED INTO A WRITTEN AND DULY SIGNED LICENSE AGREEMENT WITH CLOUDDEFENSE.AI, IN WHICH CASE
SUCH SIGNED LICENSE AGREEMENT WILL GOVERN THE LICENSEE’S USE OF THE SOFTWARE.
1. Certain Defined Terms. For purposes hereof, the terms provided below, when used anywhere in this Agreement
with initial capital letters, will have the respective meanings as set forth below:
1.1 “Affiliate” means any natural person, partnership, corporation, association, limited liability company, joint
stock company, trust, joint venture, unincorporated organization, estate, labor union, or a government entity that
directly or indirectly, controls, is controlled by, or is under common control with another party. For purposes of this
definition, “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the
management and policies of a party whether through the ownership of voting securities, by contract, or otherwise.
1.2 “Authorized User” shall mean an employee or Third-Party Agent of Licensee who is assigned a unique and
fixed user account to consume one license to use the Program(s) licensed under this Agreement on a single server, or
on multiple servers, regardless of whether such individual is actively using the Program(s) at any given time. A
non-human operated device will be counted as an Authorized User in addition to all individuals authorized to use
the Program(s) licensed under this Agreement, if such devices can access such Program(s).
1.3 “Documentation” means the then-current printed and digital user manual(s), instructions, on- line help
files, and technical documentation for the Software (including releases) made available by CloudDefense.ai, and any
materials or deliverables that CloudDefense.AI provides to Licensee as part of this Agreement, or in the course of
providing the Software Support to the Licensee.
1.4 “Evaluation” means an installation of the Software in a non-production environment for a limited time
period under the terms and conditions of this Agreement, during which an Authorized User may evaluate the
Software for use in support of Licensee’s internal business operations.
1.5 “Evidential Output” means that part of the Output that is used for evidential, validation, or audit purposes.
1.6 “Output” shall mean the data in electronic or other format containing the results generated by using the
Software.
1.7 “Program(s)” means, the machine-readable object code of the computer software program or programs
described in one or more invoices to this Agreement, including any additional releases of such programs as are
made available by CloudDefense.AI to Licensee from time to time.
1.8 “Reports” means the reports generated by the Software.
1.9 “Software” means the Program and the Documentation.
1.10 “Software Support” means technical support and maintenance services for the Software licensed under
this Agreement as described in CloudDefense.AI’s then-current Software Support policy available on
CloudDefense.AI’s website, and any new releases to the Software for which Licensee is paying the Software
Support fee.
1.11 “Third-Party Agent(s)” means third parties delivering services to Licensee pursuant to a written contract
with Licensee
2. Grant of License; Restrictions.
2.1 Grant of License. In consideration of Licensee’s payment of the license fee, and subject to the terms and
conditions of this Agreement, CloudDefense.AI grants to Licensee a limited, non-sub licensable, non-exclusive,
non-transferable, fully paid (upon payment of the fees set forth in Section 3 of this Agreement) license for Licensee’s
Authorized Users to: (a) install and use the Software ordered by Licensee in accordance with the Documentation for
Licensee’s own direct internal business purposes, and subject to any limitation on use specified in this Agreement;
(b) install and use the Documentation solely in conjunction with and in support of Licensee’s licensed use of the
Software; and (c) make the number of exact copies of the Software as required for archival and back-up purposes,
and a reasonable number of copies of the Documentation to support the licensed number of users, provided that
each copy of the Software and the Documentation retains all copyright and other proprietary notices included in the
original copy provided by CloudDefense.AI to the Licensee. CloudDefense.AI hereby reserves all rights in and to the
Software that are not specifically granted by this Agreement.
2.2 Restrictions on License Grant. Except as expressly provided in Section 2.1 above, Licensee will not, either
directly or indirectly, cause, instruct, direct, or permit any other party to: (a) reverse engineer, translate, disassemble,
decompile, sell, rent, lease, manufacture, adapt, create derivative works from, or otherwise modify or distribute the
Software or the Documentation, or any part thereof; (b) attempt to discover the source code of the Software, nor
permit any third party to do so; (c) copy, in whole or in part, the Software or the Documentation; (d) delete any
copyright, trademark, patent or other notices of proprietary rights of CloudDefense.AI or other parties as they
appear anywhere in or on the Software or Documentation; or (e) tamper with, or attempt to tamper with, or
circumvent or disable, or attempt to circumvent or disable, any license key or other limiting function delivered with
the Software, or otherwise attempt to gain access to functionality or capacity that is not validly licensed by Licensee.
Licensee will not remove or otherwise alter any proprietary notices or labels from the Software, Documentation, or
any portion thereof.
2.3 Restrictions on use of the Output, Reports, and Evidential Output. To the extent applicable to the Software
licensed under this Agreement, this Section 2.3 shall apply. The Licensee shall not provide the Output, Report, and/or
Evidential Output to parties who are not Authorized Users for the purpose of operating the Software. Only
Authorized Users may make use of the Output, Report, and/or Evidential Output to correct the Licensee’s target
software. Licensee shall be entitled to provide the Output, Report, and/or Evidential Output to third parties who are
not Authorized Users solely for the purpose of audit, quality assurance, validation, or evidential purposes. Licensee
shall not commercialize in any way the Output, Evidential Output, and/or Reports including, without limitation, by
licensing, sub-licensing, assigning, or sub-contracting the use of the Output, Evidential Output, or Reports to any
party.
2.4 Third Party Agents. Licensee will be fully responsible for Licensee’s Third-Party Agents’ compliance with
the terms and conditions of this Agreement, and any breach of this Agreement by a Third-Party Agent will be
deemed to be a breach by Licensee.
2.5 Compliance with Laws; Export Control. Licensee, on behalf of itself and its Affiliates, agrees to comply fully
with all applicable laws, statutes, regulations, rules, ordinances, codes, and standards relating to any export controls
and economic sanctions laws of the United States or abroad. Licensee acknowledges that the Software is of United
States origin and is subject to the Export Administration Regulations (the “EAR”) administered by the U.S.
Department of Commerce’s Bureau of Industry and Security (“BIS”), and the laws and regulations governing
economic sanctions and embargoes administered by the U.S. Department of the Treasury’s Office of Foreign Assets
Control (“OFAC”). Accordingly, any use, transshipment, or diversion of the Software contrary to applicable export
control laws or sanctions laws is prohibited. Licensee warrants and covenants that: (1) Licensee and its Affiliates will
not export, re-export, re-sell, provide access to, or otherwise transfer the Subscription Services or related technology
with knowledge that a violation of the U.S. law, the EAR, or the terms of any order, license, license exception, or other
authorization issued under the EAR has occurred, is about to occur, or is intended to occur in connection with the
item; and (2) Licensee and its Affiliates will not export, re-export, re-sell, provide access to, or otherwise transfer the
Subscription Services into any country or region subject to comprehensive economic sanctions (i.e., currently Cuba,
Iran, North Korea, Syria, and the Crimea Region of Ukraine). Licensee further represents that: (a) Licensee and its
Affiliates are not, and are not acting on behalf of, (i) any natural person or entity who is a citizen, national, or
resident of, or who is controlled by, the government of any country to which the United States has prohibited export,
reexport, or transfer of the Subscription Services or related technology, or (ii) any natural person or entity listed on
OFAC’s list of Specifically Designated Nationals and Blocked Persons or the Consolidated Sanctions List, or BIS’s
Denied Persons List, Entity List, or Unverified List; and (b) Licensee and its Affiliates will not permit the Subscription
Services to be used for any purposes prohibited by law, including but not limited to any prohibited development,
design, manufacture, or production of missiles or nuclear, chemical, or biological weapons. Licensee shall exercise
diligent efforts to ensure its and its Affiliates’ compliance with this Section 2.5.
2.6 Federal Government End Use Provisions. CloudDefense.AI may provide the Software for ultimate federal
government end use solely in accordance with the following: Government technical data and software rights related
to the Software include only those rights customarily provided to the public as defined in this Agreement. This
customary commercial license is provided in accordance with Technical Data and Computer Software, and the
Department of Defense transactions, DFAR Technical Data – Commercial Items) and DFAR Rights in Commercial
Computer Software or Computer Software Documentation. If a government agency has a need for rights not
conveyed under these terms, it must negotiate with CloudDefense.ai to determine if there are acceptable terms for
transferring such rights, and a mutually acceptable written addendum specifically conveying such rights.
2.7 Verification. Upon providing Licensee with 10 days’ advance written notice, and subject to
CloudDefense.AI ’s obligations provided in Section 7 of this Agreement, CloudDefense.AI may review Licensee’s use
of the Software to verify Licensee’s compliance with the terms of this Agreement. Any such audit will be: (a)
restricted in scope, documentation, manner, and duration to that which is reasonably necessary to achieve its
purpose; and (b) conducted during regular business hours at Licensee’s facilities if a remote verification process is
not possible. CloudDefense.AI will not unreasonably interfere with Licensee’s business activities during such
verification process. Licensee will be liable for promptly remedying any underpayments revealed during the audit at
the then-current price per Authorized User. If the result of the verification process reveals a failure to materially
comply with terms and conditions of this Agreement, and/or if the audit reveals an underpayment of at least ten
percent (10%) or more that the Licensee is currently paying, Licensee will also be liable for the costs of the audit in
addition to any unpaid fees, or other damages, and any other remedies available to CloudDefense.ai in this
Agreement.
2.8 Free or “Open Source” Components. The Software may include components, including, without limitation,
programs, applications, tools, utilities, libraries, and other programming code) that are made available from third
parties under a free or open source licensing model (“Open-Source Components”). Open-Source Components
included in the Software are redistributed by CloudDefense.AI under the terms of the applicable Open Source
Components license for such Open Source Component. Your receipt of the Open Source Components will neither
enlarge nor curtail your rights or obligations under the license applicable to such Open Source Component. Copies of
the licenses for the Open-Source Components that are included with the Software are included with, or referenced
in, the Software.
2.9 Affiliates. Notwithstanding anything to the contrary herein, the rights granted to Licensee hereunder may
be exercised by any of its Affiliates, provided that Licensee shall remain responsible at all times for such Affiliates’
adherence to all applicable terms and conditions of this Agreement and shall be primarily liable for any breach of
this Agreement by such Affiliate.
3. Delivery; Fees; Payment; Renewal; Additional Authorized Users; Taxes.
3.1 Acceptance of Software. Except as may otherwise be agreed upon in writing between CloudDefense.AI
and Licensee, the Software shall be deemed to be accepted upon delivery of the Software and Documentation.
3.2 Fees. License fees and Software Support fees will be as set forth on the applicable invoice. All license fees
and Software Support fees that are invoiced to Licensee will be payable by Licensee in United States Dollars, unless
otherwise billed in another currency as provided in the invoice.
3.3 Payment. Except as otherwise provided in an invoice, all invoices shall be due and payable within thirty
(30) days after the invoice date. If Licensee fails to pay any amounts due under this Agreement by the due date,
CloudDefense.AI will have the right to charge interest at a rate equal to the lesser of 1.5% per month, or the
maximum rate permitted by applicable law, until Licensee pays all amounts due.
3.4 Additional Users.
(a) Subscription Licenses. Subject to the provisions of Section 3.5(c) below, Licensee may increase
the number of subscription licenses that the Software is configured to support by paying an additional
subscription license fee for each additional Authorized User of the Software. The amount of the additional
subscription license fee will be as stated in the invoice generated by CloudDefense.ai and delivered to
Licensee.
(b Perpetual Licenses. Subject to the provisions of Sections 3.5(c) and (d) below, Licensee may
increase the number of perpetual licenses that the Software is configured to support by paying an
additional perpetual license fee, and a Software Support fee, for each additional Authorized User of the
Software. The amount of the additional perpetual license fee, and the Software Support fee, will be as
stated in an invoice generated by CloudDefense.AI and delivered to Licensee.
© Pro-Ration of License Fees and Software Support fees. Depending upon the timing of when the
Licensee acquires the additional licenses under this Agreement, the license fee, as applicable, and any
related Software Support fee, as applicable will be pro-rated to ensure that the term of Licensee’s license
fee, and any related Software Support fee, as applicable, for the additional licenses will be coterminous
with the Licensee’s Anniversary Date.
(d) Perpetual Licenses Must Be Current on Software Support. In order to add additional perpetual
licenses as described under Section 3.4(b) of this Agreement, each of the perpetual licenses previously
acquired by Licensee must be current on Software Support. If Software Support for such prior acquired
perpetual licenses has been terminated for any reason, then before any additional perpetual licenses can
be granted under this Agreement, the Licensee will need to: (i) reinstate the Software Support on each
previously acquired perpetual license by paying the associated Software Support fees from the date of the
termination of the Software Support through the date of the upcoming Anniversary Date at the then
current Software Support fee as listed on CloudDefense.AI’s price list; and (ii) pay for the upcoming year of
Software Support for all previously acquired perpetual licenses, and for the proposed additional licenses.
3.6 Taxes. All License and Software Support fees are exclusive of all sales, value added taxes, goods, and
services taxes, withholding taxes, customs duties, or similar taxes, duties, and charges (collectively, “Taxes”). Such
Taxes shall be incremental to any License and Software Support fees and shall be payable by Licensee in
accordance with applicable law. Licensee shall pay to CloudDefense.ai an amount equal to any such Taxes actually
paid, or required to be collected and paid, by CloudDefense.AI with respect to the transactions contemplated in this
Agreement, and under any subsequent invoice, unless Licensee provides CloudDefense.AI with a fully-completed
certificate of exemption from any Taxes required to be collected and paid by CloudDefense.AI, which such acceptance
of the certificate of exemption will be subject to CloudDefense.AI’s reasonable discretion.
4. Limited Warranties and Disclaimers.
4.1 Limited Warranty. CloudDefense.AI warrants that for a period of 60 days after the receipt of the latest
release of Software, the Software will perform substantially in accordance with its Documentation. CloudDefense.AI
does not warrant, however, that Licensee’s use of the Software will be uninterrupted, that the operation of the
Software will be error-free, that the Software will meet Licensee’s requirements or that all errors will be corrected. If,
during the warranty period, as defined above, the Software fails to perform in accordance with the warranty,
CloudDefense.ai shall use reasonable commercial efforts to correct the failure of the Software to perform in
accordance with the warranty.
4.2 Warranty Not Applicable. The above limited warranty will not apply to: (i) any defects caused by the
combination, operation, or use of the Program with software, hardware, or other materials not provided by
CloudDefense.AI; (ii) the Software being modified by any party other than CloudDefense.AI; (iii) any use of the
Software that does not conform to CloudDefense.AI’s requirements as set forth in the documentation; and (iv)
matters relating to the Output, Reports, and Evidential Output set forth in Section 6.3 of this Agreement
4.3 DISCLAIMER OF WARRANTIES. EXCEPT AS EXPRESSLY SET FORTH IN SECTION 4.1, THE SOFTWARE IS
PROVIDED “AS IS,” AND CLOUDDEFENSE.AI MAKES NO OTHER REPRESENTATIONS OR WARRANTIES, AND
CLOUDDEFENSE.AI ON BEHALF OF ITSELF AND ITS AFFILIATES, DISCLAIMS ALL REPRESENTATIONS,
WARRANTIES, AND CONDITIONS RELATING TO THE SOFTWARE, OR OTHER SUBJECT MATTER OF THIS
AGREEMENT, WHETHER ORAL OR WRITTEN, EXPRESS OR IMPLIED, ARISING FROM COURSE OF DEALING,
COURSE OF PERFORMANCE, OR USAGE IN TRADE, OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY
WARRANTY OF TITLE, NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
CloudDefense.ai DOES NOT MAKE ANY WARRANTY WITH RESPECT TO THE RESULTS THAT MAY BE OBTAINED
FROM THE USE OF THE SOFTWARE. TO THE EXTENT THAT CloudDefense.ai IS NOT PERMITTED BY APPLICABLE
LAW TO DISCLAIM ANY WARRANTY PROVIDED HEREIN, THE SCOPE AND DURATION OF SUCH WARRANTY
SHALL BE THE MINIMUM REQUIRED UNDER SUCH LAW.
4.4 High Risk Activities. The Software is not specifically designed, manufactured, or intended for use in the
planning, construction, maintenance, control or direct operation of nuclear facilities, aircraft navigation, control or
communication systems, weapons systems, or direct life support systems.
5. Intellectual Property Ownership; Intellectual Property Infringement.
5.1 Intellectual Property. Licensee acknowledges and agrees that it obtains no ownership rights in the
Software, Documentation, or the Software Support under the terms of this Agreement, and that CloudDefense.AI
has and retains all right, title, interest, and ownership, including any and all intellectual property rights, in and to the
Software, Documentation, and Software Support, and in any copies, improvements, enhancements, or updates of
the Software and the Documentation, whether made by Licensee or CloudDefense.AI. As between CloudDefense.AI
and Licensee, CloudDefense.AI owns all rights, title, interest, ownership, and proprietary rights in and to the
Software, Documentation, and all related intellectual property therein. CloudDefense.AI’s rights include, but are not
limited to, all copies of the Software, Documentation, and any patent rights (including but not limited to patent
applications and disclosures), copyrights, trademark rights, trade secret rights, and any other intellectual property
right recognized in any country or jurisdiction in the world. The Software is protected by United States laws, laws of
other nations, and international treaty provisions. The Software, any license keys to the Software, and the
Documentation constitute and embody valuable confidential information and trade secret information of
CloudDefense.AI, and Licensee will secure and protect such confidential information and trade secret information
consistent with CloudDefense.AI’s rights therein, and will not disclose such confidential information and trade secret
information to any third party.
5.2 Claim of Intellectual Property Infringement. Notwithstanding any other provision of this Agreement,
CloudDefense.AI will defend, or settle at its own expense, any action brought against Licensee to the extent that it is
based on a claim that any Software supplied by CloudDefense.AI hereunder infringes any third party intellectual
property right (an Infringement Claim”), and indemnify Licensee and its officers, directors, shareholders, employees,
accountants, attorneys, agents, Affiliates, against fines, penalties, costs, damages and expenses (including
reasonable legal fees) finally awarded against Licensee by a court of competent jurisdiction, or agreed to in a written
settlement agreement by CloudDefense.AI, arising out of such Infringement Claim. CloudDefense.AI’s obligation to
indemnify Licensee pursuant to this Section 5.2 is subject to the following conditions: (a) Licensee must give
CloudDefense.AI prompt written notice of any Infringement Claim; (b) Licensee must provide, at CloudDefense.AI’s
expense, reasonable information and assistance in connection with the defense and settlement of such Infringement
Claim; (c) Licensee agrees in writing with CloudDefense.AI that CloudDefense.AI has sole control of the settlement or
defense of such Infringement Claim; and (d) has not compromised or settled such Infringement Claim without
CloudDefense.AI’s prior written approval.
5.3 Notwithstanding the foregoing, CloudDefense.ai will have no obligation under Section 5.2 or otherwise
with respect to any infringement claim based upon: (i) any use of the Software not in accordance with this
Agreement or the Documentation; (ii) any use of the Software in combination with other products, equipment,
software, or data not supplied by CloudDefense.ai where the combination gives rise to the claim; (iii) use of the
Software in conjunction with Licensee data where use with such data gives rise to the claim; (iv) Licensee’s failure to
use updated or modified versions of the Software provided to Licensee by CloudDefense.AI in order to avoid
potential claims; (v) Software licensed for no fee, including trial, evaluation, or beta Software; or (vi) any modification
of the Software by any party other than CloudDefense.ai, or an authorized third party agent of CloudDefense.AI. If a
temporary or permanent injunction is obtained against the use of any part of the Software for the reason that it
infringes any third party’s intellectual property rights, CloudDefense.AI will, at its option and expense, either (a)
procure for Licensee the right to continue to use the Software, (b) modify the Software so that it becomes
non-infringing but remains in substantial compliance with the Documentation, or (c) terminate Licensee’s license to
the affected Software and refund to Licensee the Software Support fees, or the Subscription Fees, as applicable,
paid for the remaining portion of the term of the affected license(s). THE PROVISIONS OF THIS SECTION 5 STATE
THE EXCLUSIVE LIABILITY OF CLOUDdEFENSE.AI, AND THE EXCLUSIVE REMEDY OF LICENSEE, WITH RESPECT
TO ANY CLAIM OF INTELLECTUAL PROPERTY INFRINGEMENT.
6. Limitation of Liability.
6.1 Exclusion of Indirect Damages. EXCEPT FOR DAMAGES CAUSED BY FRAUD OR UNINTENTIONAL,
CLOUDDEFENSE.AI, INCLUDING ITS SUPPLIERS AND LICENSORS, WILL NOT BE LIABLE TO THE LICENSEE FOR
ANY INDIRECT, SPECIAL, INCIDENTAL AND/OR CONSEQUENTIAL DAMAGES, INCLUDING PUNITIVE OR MULTIPLE
DAMAGES, OR ANY FAILURE TO REALIZE EXPECTED SAVINGS, LOSS OF DATA, EQUIPMENT DOWNTIME, LOSS OF
USE, LOSS OF GOODWILL OR LOSS OF REVENUE OR PROFIT SUFFERED BY THE OTHER FOR ANY REASON,
WHETHER FORESEEABLE OR NOT, NOR SHALL CloudDefense.ai BE LIABLE TO THE LICENSEE FOR ANY CLAIM
AGAINST LICENSEE BY ANY THIRD PARTY FOR DAMAGES OF ANY KIND WHICH ARISE FROM OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THE SOFTWARE OR THE DOCUMENTATION.
6.2 Limitation on Direct Damages. EXCEPT FOR DAMAGES CAUSED BY FRAUD, UNINTENTIONAL, A BREACH
OF A PARTY’S CONFIDENTIALITY OBLIGATIONS, OR INFRINGEMENT CLAIMS UNDER SECTION 5 HEREOF, IN NO
EVENT SHALL EITHER PARTY’S TOTAL CUMULATIVE LIABILITY UNDER THIS AGREEMENT OR RELATING TO THE
SUBJECT MATTER HEREOF FOR ALL CLAIMS, COSTS, LOSSES, AND DAMAGES EXCEED THE AMOUNT PAID OR
PAYABLE IN THE PRECEDING TWELVE MONTH PERIOD BY LICENSEE TO CLOUDDEFENSE.AI PURSUANT TO THIS
AGREEMENT FOR THE SOFTWARE.
6.3 Licensee acknowledges and agrees that the Output, Reports, and Evidential Output generated by the
Software depend on the data provided by Licensee for use with the Software. Licensee shall bear full responsibility
for the accuracy of the data used with the Software. Licensee acknowledges that the Output, Reports, and
Evidential Output generated by the Software are tools to assist Licensee’s personnel in the analysis of software code
and is not a substitute for personnel with expertise in such analysis.
6.4 Application of Exclusions and Limitations. The foregoing limitations and exclusions of liability shall apply
even if a party had been advised of the possibility of any such costs, losses or damages or knew or ought to have
known of such costs, losses or damages and shall apply regardless of whether the action arose in contract,
including, without limitation, from a fundamental breach, or breach of a condition, fundamental term or warranty, or
in tort (including, without limitation negligence) or otherwise.
7. Confidentiality and Data Privacy.
7.1 Confidentiality. By virtue of this Agreement, each party (“Recipient”) may obtain, learn, develop, or have
access to information that is confidential to the other party (“Discloser”). For purposes of this Agreement,
“Confidential Information” will include any information that the Discloser identifies or marks as confidential or
proprietary at the time of disclosure, or that reasonably appears to be proprietary or confidential in nature because
of legends or other markings, the circumstances of disclosure, or the nature of the information itself. “Confidential
Information” will also include, but is not limited to, the programs, Documentation, code, technology, know-how,
ideas, algorithms, testing procedures, structure, interfaces, specifications, bugs, problem reports, any information or
reports generated from the Software, analysis and performance information, results of benchmark tests and
information obtained through Software Evaluation, the terms of this Agreement, including pricing terms, and other
technical, business, product, marketing and financial information, plans, and data.
7.2 The Recipient will protect the Discloser’s Confidential Information by using the same degree of care, but no
less than a reasonable degree of care, as the Recipient uses to protect its own Confidential Information of a like
nature against unauthorized use, disclosure, or publication, and will limit access to Confidential Information of the
Discloser to those of its employees, contractors, and agents who need such access for purposes consistent with this
Agreement and who are bound by law or contract to restrictions no less stringent than those herein.
7.3 The confidentiality obligations set forth in this Section 7 do not apply to Confidential Information that: (a) is
generally known to the public through no improper action by Recipient or its Third-Party Agents; (b) was legitimately
in Recipient’s or its Third-Party Agent’s possession prior to its disclosure by Discloser; (c) becomes available to
Recipient, or to its Third-Party Agents, on a non-confidential basis from a source other than the Discloser or the
Discloser’s Third-Party Agents, provided that such source is not acting in violation of a confidentiality agreement
with Discloser or with any of the Discloser’s Third-Party Agents, or is otherwise prohibited from transmitting the
information to the Recipient or to the Recipient’s ThirdParty Agents by a contractual, legal, or fiduciary obligation
owed to the Discloser or to any of the Discloser’s Third-Party Agents; or (d) was or is independently developed by or
for Recipient or by the Recipient’s Third-Party Agents without use of or reference to the Confidential Information.
7.4 If the Recipient is required to disclose any Confidential Information of the Discloser to a tribunal, court, or
governmental or regulatory agency, then, unless the recipient is restricted by any law or order, the Recipient will
provide the Discloser in advance of the disclosure to permit the Discloser to obtain protective orders maintaining the
confidentiality of the Confidential Information. At the Discloser’s request and expense, Recipient agrees to provide
reasonable assistance if the Discloser wishes to contest the disclosure.
7.5 Privacy. CloudDefense.AI will comply with the terms of its Privacy Policy accessible at
https://www.clouddefense.ai/policies, and as modified from time-to-time. Licensee acknowledges and agrees that
CloudDefense.AI may use Licensee’s proprietary, confidential and/or personal data, regarding or related to Licensee
that CloudDefense.AI may be exposed to throughout the performance of this Agreement, or that may be generated
or processed in connection with Licensee’s use of the Software for the following purposes:
(a) To provide Licensee with Software Support services, handle Licensee inquiries, and send Licensee
related recommendations and suggestions; and
(b) To collect fees, conduct administrative activities necessary to maintain and provide the Software
Support and other services that Licensee has engaged CloudDefense.AI to perform, enforce this
Agreement, take any action in any case of dispute, or legal proceeding of any kind, involving Licensee, with
respect to the Agreement, and prevent fraud, misappropriation, infringements, and other illegal activities
and misuse of the Software.
8. Term and Termination.
8.1 This Agreement will commence on the Effective Date and continue until terminated in accordance with the
terms hereof.
8.2 Either party will have the right to terminate this Agreement in the event that the other party breaches its
obligations hereunder. Intent to terminate will be made by a written notice setting forth the details of the breach.
Termination will become effective 30 days from the date that the notification of intent to terminate was given, unless
the breaching party has corrected the breach prior to the end of that 30-day period. For purposes of clarity, if this
Agreement is terminated pursuant to an uncured breach by CloudDefense.ai under this Section 8.2, then such
termination will not affect Licensee’s perpetual right to continue to use the Software if perpetual licenses of the
Software were acquired by Licensee.
8.3 CloudDefense.AI will have the right to terminate this Agreement effective immediately if: (a) Licensee fails
to meet its payment obligations under Section 3 of this Agreement, unless Licensee has corrected such material
breach within 10 days of Licensee’s receipt of written notice of such breach from CloudDefense.ai; or (b) Licensee’s
violation of the restrictions set forth in Section 2.
8.4 Either party will have the right to terminate this Agreement effective immediately if: (a) a petition of
bankruptcy is granted against the other party; (b) the other party makes an assignment for the benefit of creditors;
(c) the other party admits to being unable to meet its obligations as they come due; or (d) a petition of bankruptcy is
filed by or against the other party and if such petition is not dismissed by the bankruptcy court within 60 days after
its filing. A party’s intent to terminate this Agreement under this Section 8.4 will be made by a written notice to the
other party.
8.5 If the Agreement is terminated prior to its natural expiration, then all licenses granted by CloudDefense.AI
shall immediately terminate as of the Agreement termination date, unless otherwise agreed by the Parties in writing,
and except as provided in Section 8.2 above. Licensee will immediately (a) discontinue all use of the Programs and
Documentation, (b) destroy the original and all copies of the Programs and the Documentation in its possession or
control, and (c) provide written confirmation to CloudDefense.AI of its compliance with the foregoing requirements.
Licensee agrees to certify, in writing, to the other compliance with the foregoing undertakings upon
CloudDefense.AI’s request. Termination shall be without prejudice to the rights and remedies of either party that
may have accrued prior to such termination. For the avoidance of doubt, and except in the case of breach of this
Agreement by CloudDefense.AI, Licensee shall not be entitled to a refund of any prepaid fees upon termination of
the Agreement, and CloudDefense.AI will not release Licensee from its obligations to pay CloudDefense.ai all fees
that have accrued under this Agreement prior to its termination.
8.6 Any provision of this Agreement that expressly, by implication, or necessity, contemplates performance or
observance subsequent to the termination of this Agreement will survive termination or expiration of the Agreement
and will continue in full force and effect, including any outstanding payment obligations. Notwithstanding the
foregoing, all licenses granted hereunder shall terminate pursuant to Section 8.5 above.
9. Miscellaneous.
9.1 Neither party may assign this Agreement, in whole or in part without the express written consent of the
other party, with the exception of an assignment carried out as part of a merger, restructuring, reorganization, or a
sale or transfer of all or substantially all of a party’s assets, provided that the terms and conditions of this
Agreement will be binding upon the surviving entity or assignee as acknowledged . Each party agrees to do all
things, including executing all documents reasonably required by the other party to effect any such assignment
provided for above.
9.2 This Agreement and any claim, cause of action or dispute arising out of, or related thereto, shall be
governed by and construed in accordance with the laws of the State of California, regardless of Licensee’s country of
origin or where Licensee uses the licenses from, without giving effect to any conflict of law principles, which would
result in the application of the laws of a jurisdiction other than the State of California. Any dispute, claim, or
controversy arising out of, connected with, or relating to this Agreement, the Software, or any use related thereto,
will be submitted to the sole and exclusive jurisdiction of the competent court located in State of California. The 1980
United Nations Convention on Contracts for the International Sale of Goods, any state’s enactment of the Uniform
Computer Information Transactions Act, and the United Nations Convention on the Limitation Period in the
International Sale of Goods, and any subsequent revisions thereto, do not apply to this Agreement.
9.3 Neither party shall disclose the existence of this Agreement, its terms, or conditions, the occurrence of
discussions under this Agreement, or the business relationship considered by the parties hereunder, unless agreed in
writing by the other party. Neither party shall issue publicity or general marketing communications concerning the
other party without the other party’s prior written approval.
9.4 No amendment or modification of this Agreement, nor any waiver of any rights hereunder, will be effective
unless assented to in a writing signed by authorized representatives of both parties. Any such waiver will be
narrowly construed to apply only to the specific provision and under the specific circumstances for which it was
given and will not apply with respect to any repeated or continued violation of the same provision or any other
provision. No other course of dealing between or among any of the parties to this Agreement or any delay in
exercising any rights pursuant to this Agreement will operate as a waiver of any rights of any party to this
Agreement. Except as expressly provided in this Agreement, no party who is not a party to this Agreement will have
any right or obligation pursuant to this Agreement.
9.5 The parties acknowledge that money damages may not be an adequate remedy in the event of actual or
threatened breach of the obligations and/or undertakings hereunder. Therefore, in addition to any other remedies
available hereunder, by law or otherwise, either party will be entitled to seek and obtain injunctive relief and/or any
other appropriate decree of specific performance or any other appropriate equitable relief.
9.6 All notices provided for in this Agreement will be in writing and will be sent by registered or certified
mail.All notices, demands, and other communications hereunder may be given by any other means (including
electronic mail), but will not be deemed to have been duly given unless and until the intended recipient actually
receives it. Notice given by electronic mail will be deemed to have been given when sent so long as no electronic
notice is delivered to the sending party indicating that the electronic mail could not be delivered. Email:
support@clouddefense.ai
9.7 The pursuit by either party of any remedy to which it is entitled at any time will not be deemed an election
of remedies or waiver of the right to pursue any other remedies to which it may be entitled.
9.8 The parties will be independent contractors under this Agreement, and nothing herein will constitute either
party as the employer, employee, agent, or representative of the other party, or both parties as joint venturers or
partners for any purpose.
9.9 If any provision of this Agreement is held invalid, illegal or otherwise unenforceable, such provision will be
enforced as nearly as possible in accordance with the stated intention of the parties, and the enforceability of the
remaining provisions of this Agreement will not be impaired thereby. To the extent any provision cannot be enforced
in accordance with the stated intentions of the parties, such provision will be deemed not to be a part of this
Agreement.
9.10 Neither party will be deemed to be in breach of this Agreement, nor otherwise liable to the other, by reason
of any delay in performance or non-performance of any of its obligations under this Agreement arising out matters
beyond the reasonable control of a party, including, war, strikes, lock outs, or industrial disputes (except in relation to
a party’s own workforce), outbreak of hostilities, riots, civil disturbances, pandemics, epidemics, or quarantines, acts
or orders of any government department or constituted body, fire, explosion, earthquake, flood, acts of God, or acts
of terrorism; provided, however, that no event will be treated as beyond the reasonable control of a party if it is
attributable to a wilful act or omission by such party, or any failure by such party to take reasonable precautions or
any failure to mitigate or take reasonable steps to overcome such event. If the performance of the impacted party is
prevented for a period of thirty (30) days or more, the party not affected may terminate this Agreement upon
providing seven (7) days’ advance written notice.
9.11 This Agreement, including all invoices hereunder, constitutes the sole and entire agreement of the parties
with respect to the subject matter hereof and supersedes and cancels any prior and contemporaneous oral or
written proposals, promises, or agreements. There are no promises, covenants, or undertakings other than those
expressly set forth in this Agreement. For purposes of clarity, no terms or conditions, including any pre-printed or
boilerplate terms and conditions, stated in any Licensee purchase order, or in any other Licensee documentation, will
be incorporated into or form any part of this Agreement, and all such terms or conditions will be null and void and of
no force and effect.
9.12 This Agreement shall ensure to the benefit of and be binding upon Licensee and CloudDefense.AI and their
respective successors and permitted assigns.
10. Evaluation License. The terms of this Section 10 shall solely apply to Software licensed for purposes of Evaluation
(the “Evaluation Software”). The terms of Sections 2.1, 2.3, 3, 4, and 8 shall not apply to the parties’ rights and
obligations with respect to Evaluation Software.
10.1 Rights and Restrictions.
(a) CloudDefense.AI grants Licensee, and its Affiliates, a non-exclusive, non-transferable license to
(i) install the Evaluation Software on Licensee’s internal server in the country to which such Evaluation
Software is delivered, and (ii) Use the Evaluation Software for the sole purpose of internally evaluating the
Software, for a period agreed to in writing between Licensee and CloudDefense.ai, or the period specified
in the applicable license key delivered to Licensee for the Evaluation Software and any extensions thereto
(the “Trial Period”). Licensee may not make use of the Evaluation Software, Output, Report, and/or
Evidential Output to correct the Licensee’s target software, nor shall Licensee make use of the Evaluation
Software, Output, Report, and/or Evidential Output for any other commercial or production purposes.
Licensee shall not make the Software, Output, Report, and/or Evidential Output available to any third
parties.
(b) CloudDefense.ai may provide Licensee with limited installation support for the Evaluation
Software during the Trial Period.
(c) Upon the expiration of the Trial Period, the license granted in Section 10.1(a) above shall
terminate, and Licensee shall uninstall and cease use of the Evaluation Software. CloudDefense.ai may
also include a “time box” within the Evaluation Software that shall prevent use of the Evaluation Software
after the Trial Period has expired. Notwithstanding the Trial Period, this Agreement shall terminate
immediately upon notice from CloudDefense.ai if Licensee fails to comply with any provision of this
Agreement.
10.2 Exclusion of Warranties. ALL EVALUATION SOFTWARE AND SOFTWARE SUPPORT SERVICES THAT ARE
PROVIDED BY CLOUDDEFENSE.AI OR ANY OF ITS AFFILIATES ARE PROVIDED “AS IS.” NO WARRANTIES OR
COMMITMENTS, EXPRESS OR IMPLIED, ARE MADE WITH RESPECT TO THE EVALUATION SOFTWARE OR
SOFTWARE SUPPORT SERVICES SUPPLIED BY CLOUDDEFENSE.AI HEREUNDER, INCLUDING, WITHOUT
LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SYSTEMS
INTEGRATION, TITLE, SATISFACTORY QUALITY AND NON-INFRINGEMENT. THE SOLE REMEDY OF LICENSEE FOR
ANY ASSERTED DEFECT, ERROR, OR OTHER SHORTCOMING IN THE EVALUATION SOFTWARE IS THAT LICENSEE
MAY REQUEST SOFTWARE SUPPORT SERVICES FOR EVALUATION SOFTWARE.
11. Software Maintenance, Upgrades and Support
11.1 Subject to payment of applicable fees, Licensor will provide the software services, maintenance, upgrades
and support services (“Software Maintenance and Support”) for the CloudDefense.AI software licensed pursuant to
the Ordering Activity (the “Software”) during the term set out in the Quote.
Definitions
“Business Day” means (local time): 9am – 5pm, during any business day which is not a holiday.
“Documentation” means the Software documentation located at the company website.
“Error” means a failure of the Software to operate in material compliance with the Documentation.
“Workaround” means a patch, hotfix, temporary error correction or change in operating procedure allowing
continued use of the Software.
11.2 Support Requests: Customer’s entitled to Software Maintenance and Support services may submit support
requests 24 hours per day, 7 days per week via email or telephone. Priority 1 support requests should be submitted
via email. Email support@clouddefense.ai
This Data Protection Addendum (“Addendum“) is entered into between CloudDefense.AI (“CloudDefense.AI“) and the Customer (as defined in the Agreement) and forms part of the CloudDefense.AI Terms of Service located at https://www.clouddefense.ai/policies/ or any other written or electronic agreement incorporating this Addendum, which governs the Customer’s access to and use of the Services (the “Agreement“).
The Customer agrees to this Addendum on behalf of itself and any Affiliates authorized to use the Services under the Agreement who have not entered into a separate contractual arrangement with CloudDefense.AI. For the purposes of this Addendum, and unless otherwise indicated, references to “Customer” shall include both the Customer and such Affiliates.
The Parties agree that the terms and conditions set forth below shall be added as an Addendum to the Agreement.
- Definitions
In this Addendum, the following terms shall have the meanings set forth below, and related terms shall be interpreted accordingly:
- “Affiliate” refers to any entity that owns, controls, is owned or controlled by, or is under common control or ownership with either the Customer or CloudDefense.AI (as applicable), where “control” is defined as the direct or indirect power to direct or influence the management and policies of an entity, whether through ownership of voting securities, by contract, or otherwise.
- “Customer Personal Data” means any Personal Data provided by, made available by, or collected by CloudDefense.AI on behalf of the Customer, which is processed by CloudDefense.AI to deliver the Services.
- “Controller to Processor SCCs” refers to the standard contractual clauses for cross-border data transfers issued by the European Commission on June 4, 2021, governing the transfer of Personal Data from the European Area to Third Countries, including (i) the EU SCCs adopted by the European Commission and the Swiss Federal Data Protection and Information Commissioner (“Swiss FDPIC”); (ii) the UK Transfer Addendum adopted by the UK Information Commissioner’s Office (“UK ICO”) for data transfers from the UK to Third Countries; and (iii) any similar clauses adopted by data protection regulators for Personal Data transfers to Third Countries, including any successor clauses.
- “Data Protection Laws” refers to any local, state, or national laws regarding the processing of Personal Data that apply to CloudDefense.AI in the jurisdictions where the Services are provided to the Customer, including but not limited to laws related to privacy, security, and data protection.
- “EU Area” refers to the European Union, European Economic Area, United Kingdom, and Switzerland.
- “EU Area Law” includes (i) Directive 95/46/EC and, from May 25, 2018, Regulation (EU) 2016/679 (“EU GDPR”), along with any applicable legislation implementing or supplementing these laws or otherwise related to the processing of Personal Data of natural persons; (ii) the Data Protection Act 1998 of the United Kingdom and the EU GDPR as incorporated into United Kingdom law by the European Union (Withdrawal) Act 2018 (the “UK GDPR”); (iii) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance (“Swiss DPA”); (iv) any other laws relating to data protection, security, or individual privacy that apply within the EU Area; or (v) any successor legislation or amendments thereto, including the implementation of the EU GDPR by Member States into their national law.
- “Services” refers to the services provided by CloudDefense.AI to the Customer or the Customer’s Affiliates as outlined in the Agreement.
- “Third Country” means any country that, where required by applicable Data Protection Laws, has not received an adequacy decision from an applicable authority regarding cross-border data transfers of Personal Data, including authorities such as the European Commission, UK ICO, or Swiss FDPIC.
Terms such as “Business,” “Business Purpose,” “commercial purpose,” “Contractor,” “Controller,” “Data Subject,” “Personal Data,” “Personal Data Breach,” “Process,” “Processor,” “Sell,” “Service Provider,” “Share,” “Subprocessor,” “Supervisory Authority,” and “Third Party” carry the same meanings as defined under applicable Data Protection Laws and related terms shall be interpreted accordingly.
Capitalized terms not otherwise defined in this Addendum shall have the meanings ascribed to them in the Agreement.
- Roles of the Parties
The Parties acknowledge and agree that with respect to the Processing of Customer Personal Data, as further detailed in Annex 1 of this Addendum, the Customer acts as a Business or Controller, while CloudDefense.AI acts as a Service Provider or Processor. This Addendum applies exclusively to the Processing of Customer Personal Data by CloudDefense.AI in its role as a Processor, Subprocessor, or Third Party (as outlined in Annex 1).
The Parties expressly agree that the Customer shall bear sole responsibility for ensuring timely communication with its Affiliates or the relevant Controller(s) who receive the Services, especially where such communication may be required or beneficial under applicable Data Protection Laws to enable the Customer’s Affiliates or the relevant Controller(s) to comply with such Laws.
- Description and Purpose of Personal Data Processing
In Annex 1 of this Addendum, the Parties have outlined their mutual understanding of the subject matter and specifics of the Processing of Customer Personal Data to be conducted by CloudDefense.AI under this Addendum. The Parties may make reasonable amendments to Annex 1 through mutual written agreement, as reasonably necessary to meet relevant requirements. Annex 1 does not establish any obligations or rights for any Party.
The purpose of Processing under this Addendum is to facilitate the provision of the Services as described in the Agreement and any applicable Order Form(s).
- Data Processing Terms
- Customers shall comply with all applicable Data Protection Laws in connection with the performance of this Addendum and the Processing of Customer Personal Data. In connection with its access to and use of the Services, Customer shall Process Customer Personal Data within such Services and provide CloudDefense.AI with instructions in accordance with applicable Data Protection Laws. As between the Parties, Customer shall be solely responsible for compliance with applicable Data Protection Laws regarding the collection of and transfer to CloudDefense.AI of Customer Personal Data. Customer agrees not to provide CloudDefense.AI with any data concerning a natural person’s health, religion or any special categories of data as defined in Article 9 of the GDPR.
- CloudDefense.AI shall comply with all applicable Data Protection Laws in the Processing of Customer Personal Data and CloudDefense.AI shall:
- Process the Customer Personal Data for the purposes of the Agreement and for the specific purposes in each case as set out in Annex 1 to this Addendum and otherwise solely on the documented instructions of Customer, for the purposes of providing the Services and as otherwise necessary to perform its obligations under the Agreement. The Agreement, this Addendum, and Customer’s use of the Services’ features and functionality are Customer’s written instructions to CloudDefense.AI in relation to Processing Customer Personal Data, including as follows:
- CloudDefense.AI shall use, retain, disclose, or otherwise Process Customer Personal Data only on behalf of Customer and for the specific business purpose of providing the Services and in accordance with Customer’s instructions, including as described in the Agreement. CloudDefense.AI shall not Sell or Share Customer Personal Data, nor use, retain, disclose, or otherwise Process Customer Personal Data outside of its business relationship with Customer or for any other purpose (including CloudDefense.AI’s commercial purpose) except as required or permitted by law. CloudDefense.AI shall immediately inform Customer (a) if CloudDefense.AI determines that it is no longer able to meet its obligations under Data Protection Laws or (b) if, in CloudDefense.AI’s opinion, an instruction infringes applicable Data Protection Laws. Customer reserves the right to take reasonable and appropriate steps to ensure Graphite’s Processing of Customer Personal Data is consistent with Customer’s obligations under Data Protection Law and discontinue and remediate unauthorized use of Customer Personal Data;
- CloudDefense.AI shall have rights to process Customer Personal Data solely (i) to the extent necessary to (a) perform the Business Purposes and its obligations under the Agreement; (b) operate, manage, test, maintain and enhance the Services including as part of its business operations; (c) to disclose aggregate statistics about the Services in a manner that prevents individual identification or re-identification of Customer Personal Data, including without limitation any individual device or individual person; and/or (d) protect the Services from a threat to the Services or Customer Personal Data; or (ii) if required by court order of a court or authorized governmental agency, provided that prior notice first be given to Customer; (iii) as otherwise expressly authorized by Customer;
- CloudDefense.AI will not combine Customer Personal Data which CloudDefense.AI Processes on Customer’s behalf, with Personal Data which it receives from or on behalf of another person or persons, or collects from its own interaction with individual, provided that Graphite may combine personal information to perform any Business Purpose permitted or required under the Agreement to perform the Services;
- Implement and maintain measures designed to ensure that CloudDefense.AI personnel authorized to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality unless disclosure is required by law or professional regulations;
- Implement and maintain the technical and organizational measures set out in the Agreement, and, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, implement and maintain any further commercially reasonable and appropriate administrative, technical, and organizational measures designed to ensure a level of security appropriate to the risk of the Processing of Customer Personal Data in accordance with Article 32 of the GDPR, and specifically:
- Pseudonymization and encryption of Customer Personal Data;
- Ensuring ongoing confidentiality, integrity, availability and resilience of CloudDefense.AI’s processing systems and services that process Customer Personal Data;
- Restoring availability and access to Customer Personal Data in a timely manner in the event of a physical or technical incident; and
- Regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of the Customer Personal Data.
- Customer hereby agrees that CloudDefense.AI is generally authorized to engage and appoint Sub-processors, and specifically the Sub-processors listed in Annex 2 hereto, subject to CloudDefense.AI’s:
- notifying Customer at least thirty (30) calendar days in advance oof any intended changes or additions to its Sub-processors listed in Annex 2 by emailing notice of the intended change to Customer;
- including data protection obligations in its contract with each Sub-processor that are materially the same as those set out in this Addendum; and
- remaining liable to Customer for any failure by each Sub-processor to fulfill its obligations in relation to the Processing of the Customer Personal Data.
- In relation to any notice received under section 4.2(d)(i), Customer shall have a period of 30 (thirty) days from the date of the notice to inform CloudDefense.AI in writing of any reasonable objection on data protection grounds to the use of that Sub-processor. The parties will then, for a period of no more than 30 (thirty) days from the date of Customer’s objection, work together in good faith to attempt to find a commercially reasonable solution for Customer which avoids the use of the objected-to Sub-processor. Where no such solution can be found, either Party may (notwithstanding anything to the contrary in the Agreement) terminate the relevant Services immediately on written notice to the other Party, without damages, penalty or indemnification whatsoever (but without prejudice to any fees incurred by Customer prior to termination);
- To the extent legally permissible, promptly notify Customer in case of any legally binding requests (i.e., disclosures required by law, court order, or subpoena) for disclosure of Customer Personal Data by CloudDefense.AI. In case if it is not legally binding then Customer Personal Data would not be disclosed and CloudDefense.AI will notify the Customer of such request rejection. A record of all legally binding disclosure requests relating to Customer Personal Data shall be maintained.
- To the extent legally permissible, promptly notify Customer of any communication from a Data Subject regarding the Processing of Customer Personal Data, or any other communication (including from a Supervisory Authority) relating to any obligation under the applicable Data Protection Laws in respect of the Customer Personal Data. CloudDefense.AI will not respond to any such request or complaint unless expressly authorized to do so by Customer or is otherwise required to respond under applicable Data Protection Laws. Taking into account the nature of the Processing, CloudDefense.AI will reasonably assist Customer (or the relevant Controller) by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer’s, Customer’s Affiliates’ or the relevant Controller(s)’ obligation to respond to requests for exercising the data subject’s rights laid down in Chapter Ill GDPR. Customer agrees to pay CloudDefense.AI for time and for out of pocket expenses incurred by CloudDefense.AI in connection with the performance of its obligations under this Section 4.2(e);
- Upon CloudDefense.AI’s becoming aware of a Personal Data Breach involving Customer Personal Data, notify Customer without undue delay, of any Personal Data Breach involving Customer Personal Data, such notice to include, to the extent reasonably available to CloudDefense.AI, all timely information reasonably required by Customer (or the relevant Controller) to comply with its data breach reporting obligations under the applicable Data Protection Laws. CloudDefense.AI shall further take all such measures and actions as are necessary to remedy or mitigate the effects of such Security Incident and shall keep Customer reasonably informed of developments concerning Customer Personal Data;
- To the extent required by the applicable Data Protection Laws, provide reasonable assistance to Customer, Customer’s Affiliates’ or the relevant Controller(s)’ with its obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of the Processing and information available to CloudDefense.AI; Customer agrees to pay CloudDefense.AI for time and for out of pocket expenses incurred by CloudDefense.AI in connection with any assistance provided in connection with Articles 35 and 36 of the GDPR;
- Cease Processing the Customer Personal Data upon the termination or expiry of the Agreement, and at option of Customer, Customer’s Affiliates or the relevant Controller(s) either return or delete (including by ensuring such data is in non-readable format) all copies of the Customer Personal Data Processed by CloudDefense.AI, unless (and solely to the extent and for such period as) applicable law requires CloudDefense.AI to retain some or all of the Customer Personal Data. Any such Customer Personal Data retained shall remain subject to the obligations of confidentiality set forth in the Agreement; and
- CloudDefense.AI shall maintain the necessary records in support of demonstrating compliance with its obligations (as specified in the applicable contract) for the processing of Customer Personal Data carried out on behalf of the Customer.
- Make available to Customer all information reasonably necessary to demonstrate compliance with this Addendum and allow for and contribute to audits, including inspections, by Customer, or an independent third party auditor mandated by Customer, provided that Customer gives CloudDefense.AI reasonable prior notice of its intention to audit, conducts its audit during CloudDefense.AI’s normal business hours, and takes all reasonable measures to prevent unnecessary disruption to CloudDefense.AI’s operations. For the purposes of demonstrating compliance with this Addendum under this Section 4.2(i), the Parties agree that in the first instance, once per year during the term of the Agreement (except if and when required by instruction of a competent Supervisory Authority or where Customer believes a further audit is necessary due to a Personal Data Breach concerning Customer Personal Data suffered by CloudDefense.AI), CloudDefense.AI will provide to Customer responses to cybersecurity and other assessments and only where Customer cannot establish CloudDefense.AI’s compliance with this Addendum from CloudDefense.AI’s responses shall Customer request to inspect CloudDefense.AI’s processing operations. Customer agrees to pay CloudDefense.AI for time and for out of pocket expenses incurred by CloudDefense.AI in connection with assistance provided in connection with such audits, responses to cybersecurity and other assessments.
- Process the Customer Personal Data for the purposes of the Agreement and for the specific purposes in each case as set out in Annex 1 to this Addendum and otherwise solely on the documented instructions of Customer, for the purposes of providing the Services and as otherwise necessary to perform its obligations under the Agreement. The Agreement, this Addendum, and Customer’s use of the Services’ features and functionality are Customer’s written instructions to CloudDefense.AI in relation to Processing Customer Personal Data, including as follows:
- Restricted Transfers
- The parties agree that when the transfer of Customer Personal Data from Customer and/or any of its Affiliates (as exporter) to CloudDefense.AI (as importer) is a Restricted Transfer and EU Area Law applies, the transfer shall be subject to the appropriate Controller to Processor SCCs, which shall be deemed incorporated into and form part of this Addendum as follows:
- In relation to Customer Personal Data that is protected by the EU GDPR and processed by CloudDefense.AI on behalf of and under the instruction of Customer, the EU SCCs will apply completed as follows:
- Module Two will apply (controller to processor transfers);
- In Clause 7, the optional docking clause will apply;
- In Clause 9, Option 2 will apply, and the time period for prior notice of sub-processor changes shall be as set out in Section 4.2(d) of this Addendum;
- In Clause 11, the optional language will not apply;
- In Clause 17, Option 1 will apply, and the EU SCCs will be governed by Irish law;
- In Clause 18(b), disputes shall be resolved before the courts of the Republic of Ireland;
- Annex I of the EU SCCs shall be deemed completed with the information set out in Annex 1 to this Addendum; and
- Annex II of the EU SCCs shall be deemed completed with the information set out in Section 4 of Annex 1 to this Addendum.
- In relation to Customer Personal Data that is protected by the Swiss DPA, the EU SCCs shall apply in accordance with Section 5.1(a) of this Addendum, but with the following modifications:
- Any references in the EU SCCs to “Regolation (EU) 2016/679” shall be interpreted as references to the Swiss DPA and the equivalent articles or sections therein;
- Any references to “EU”, “Union”, “Member State”, and “Member State law” shall be interpreted as references to Switzerland and Swiss law, as the case may be;
- Any references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the relevant data protection authority and courts in Switzerland; and
- The Controller to Processor SCCs shall be governed by the laws of Switzerland and disputes shall be resolved before the competent Swiss Courts.
- In relation to Customer Personal Data that is protected by the UK GDPR, the EU SCCs shall apply in accordance with Section 5.1(a) of this Addendum, but as modified and interpreted by the Part 2: Mandatory Clauses of the UK Addendum, which shall be incorporated into and form an integral part of this Addendum. Any conflict between the terms of the EU SCCs and the UK Addendum shall be resolved in accordance with Section 10 and Section 11 of the UK Addendum. In addition, tables 1 to 3 in Part 1 of the UK Addendum shall be completed respectively with the information set out in Annex I of this Addendum, and table 4 in Part 1 of the UK Addendum shall be deemed completed by selecting both “Importer” and “Exporter”.
- In relation to Customer Personal Data that is protected by the EU GDPR and processed by CloudDefense.AI on behalf of and under the instruction of Customer, the EU SCCs will apply completed as follows:
- CloudDefense.AI shall not participate in any other Restricted Transfers of Customer Personal Data (whether as an importer or an exporter of the Customer Personal Data) unless the Restricted Transfer is made in compliance with applicable Data Protection Law and pursuant to the relevant Standard Contractual Clauses implemented between the relevant exporter and importer of the Customer Personal Data, as necessary in order to comply with applicable Data Protection Law
- The parties agree that when the transfer of Customer Personal Data from Customer and/or any of its Affiliates (as exporter) to CloudDefense.AI (as importer) is a Restricted Transfer and EU Area Law applies, the transfer shall be subject to the appropriate Controller to Processor SCCs, which shall be deemed incorporated into and form part of this Addendum as follows:
- Precedence
- The provisions of this Addendum are supplemental to the provisions of the Agreement. In the event of any inconsistency between the provisions of this Addendum and the provisions of the Agreement, the provisions of this Addendum shall prevail. In the event that any provision of this Addendum and/or the Agreement contradicts, directly or indirectly, the Controller to Processor SCCs, the Controller to Processor SCCs will control.
- Indemnity
- To the extent permissible by law, Customer shall (a) defend CloudDefense.AI and its Affiliates (collectively, “Indemnified Parties”) from and against any and all claims, demands, suits, or proceedings made or brought against any of the Indemnified Parties by any third party (each, a “Claim”), and (b) indemnify and hold harmless the Indemnified Parties from and against any and all losses, damages, liabilities, fines and administrative fines, penalties, settlements, and costs and expenses of any kind (including, without limitation, reasonable legal, investigatory and consultancy fees and expenses) incurred or suffered by any of the Indemnified Parties, in each case arising from any breach by Customer of this Addendum or of its obligations under applicable Data Protection Laws. CloudDefense.AI may participate in the defense and/or settlement of a Claim under this Section 7.1 with counsel of its choosing at its own expense.
- Severability
- The Parties agree that, if any section or sub-section of this Addendum is held by any court or competent authority to be unlawful or unenforceable, it shall not invalidate or render unenforceable any other section of this Addendum.
- Miscellaneous.
- The Addendum considers the following and follows:
- Privacy by Design and default
- Achieving security of Processing
- Notification of breaches involving Customer Personal Data to the relevant Supervisory Authority
- Notification of breaches involving Customer Personal Data to Customer
- Conducting Privacy Impact Assessment where appropriate and required by applicable Data Protection Law
- Assurance of CloudDefense.AI’s assistance by if prior consultations with relevant Supervisory Authorities are needed and required by applicable Data Protection Laws.
- CloudDefense.AI shall comply with all statutory and regulatory requirements, ISO 27001:2013, ISO 27701:2019 and EU GDPR
- In the event a Data Subject wishes to exercise its data subject rights under applicable Data Protection Law, including, but not limited to, a data subject’s right of access, correction and/or erasure of its Personal Data in CloudDefense.AI’s control, the Data Subjects can submit such request done by contacting CloudDefense.AI’s Data Protection Officer (DPO) below. Also for raising concerns and/or any complaints related to the Customer Personal Data that can be done by contacting the Data Protection Officer below:Name: Shivang Kumar Email ID: Shivang@clouddefense.ai
- There are no Temporary files getting generated during processing.
- The Addendum considers the following and follows:
Annex 1 to Data Protection Addendum
Description of Processing Activities for Customer Personal Data
This Annex includes certain details of the Processing of Customer Personal Data by CloudDefense.AI in connection with the Services.
- List of Parties
Data Exporter
| Name: | Customer (as defined in the Agreement) |
| Address: | As set forth in the relevant Order Form. |
| Contact person’s name, position and contact details: | As set forth in the relevant Order Form. |
| Activities relevant to the data transferred under these Clauses: | Recipient of the Services provided by CloudDefense.AI in accordance with the Agreement. |
| Signature and date: | Signature and date are set out in the Agreement. |
| Role (controller/processor): | Controller |
Data Importer
| Name: | CloudDefense.AI |
| Address: | 579 University Ave, Palo Alto, CA 94301 |
| Contact person’s name, position and contact details: | Shivang Kumar, shivang@clouddefense.ai |
| Activities relevant to the data transferred under these Clauses: | Provision of the Services to the Customer in accordance with the Agreement. |
| Signature and date: | Signature and date are set out in the Agreement. |
| Role (controller/processor): | Processor |
- Competent Supervisory Authority
| Identify the competent supervisory authority/ies in accordance (e.g. in accordance with Clause 13 SCCs) | As determined by application of Clause 13 of the EU SCCs. |
- Processing Information
| Categories of data subjects whose personal data is transferred | Customer’s authorized users of the Services |
| Categories of personal data transferred | Processed automatically by the Services: · Names · email IDs Processed where and to the extent provided by Customer or its authorized users in connection with audit services provided by CloudDefense.AI: · past employment details |
| Sensitive personal data transferred | None |
| Frequency of the transfer | Continuous |
| Nature of the processing | The nature of the processing is more fully described in the Agreement and accompanying order forms but will include the following basic processing activities: The provision of Services to Customer. In order to provide people data, CloudDefense.AI receives identifying Customer Personal Data to permit CloudDefense.AI to query, cleanse, standardize, enrich, (when required) send to additional data to feed providers, and to store the query information. The purpose of the transfer is to facilitate the performance of the Services more fully described in the Agreement and accompanying order forms. |
| Purpose of the data transfer and further processing | |
| For processing involving California consumers, please select the Business Purpose(s) for Processing Personal Data | ☐ N/A ☐ Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards ☒ Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes ☒ Debugging to identify and repair errors that impair existing intended functionality. ☐ Short-term, transient use, including, but not limited to, non personalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business ☒ Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business. ☐ Providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer provided that, for the purpose of advertising and marketing, a service provider or contractor shall not combine the personal information of opted-out consumers that the service provider or contractor receives from, or on behalf of, the business with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with consumers. ☒ Undertaking internal research for technological development and demonstration. ☒ Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business. ☒ To retain and employ another service provider or contractor as a subcontractor where the subcontractor meets the requirements for a service provider or contractor under CCPA. ☒ To build or improve the quality of the services it is providing to the business even if this Business Purpose is not specified in the written contract required by CCPA provided that Service Provider does not use the Customer Personal Data to perform Services on behalf of another person. ☒ To prevent, detect, or investigate data security incidents or protect against malicious, deceptive, fraudulent, or illegal activity, even if this Business Purpose is not specified in the written contract. |
| Period for which the personal data will be retained or criteria used to determine that period | The period for which the Customer Personal Data will be retained is more fully described in the Agreement, Addendum, and accompanying order forms. |
| Subprocessor transfers – subject matter, nature, and duration of processing | The subject matter, nature, and duration of the Processing more fully described in the Agreement, Addendum, and accompanying order forms. |
- Technical and Organisational Security Measures
Description of the technical and organisational security measures implemented by CloudDefense.AI as the data processor/data importer to ensure an appropriate level of security, taking into account the nature, scope, context, and purpose of the processing, and the risks for the rights and freedoms of natural persons.
- Security
- Security Management System.
- Organization. CloudDefense.AI designates qualified security personnel whose responsibilities include development, implementation, and ongoing maintenance of the Information Security Program.
- Policies. Management reviews and supports all security related policies to ensure the security, availability, integrity and confidentiality of Customer Personal Data. These policies are updated at least once annually.
- Assessments. CloudDefense.AI engages a reputable independent third-party to perform risk assessments of all systems containing Customer Personal Data at least once annually.
- Risk Treatment. CloudDefense.AI maintains a formal and effective risk treatment program that includes penetration testing, vulnerability management and patch management to identify and protect against potential threats to the security, integrity or confidentiality of Customer Personal Data.
- Vendor Management. CloudDefense.AI maintains an effective vendor management program
- Incident Management. CloudDefense.AI reviews security incidents regularly, including effective determination of root cause and corrective action.
- Standards. CloudDefense.AI operates an information security management system that complies with the requirements of ISO/IEC 27001:2013 standard.
- Personnel Security.
- CloudDefense.AI personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. CloudDefense.AI conducts reasonably appropriate background checks on any employees who will have access to client data under this Agreement, including in relation to employment history and criminal records, to the extent legally permissible and in accordance with applicable local labor law, customary practice and statutory regulations.
- Personnel are required to execute a confidentiality agreement in writing at the time of hire and to protect Customer Personal Data at all times. Personnel must acknowledge receipt of, and compliance with, CloudDefense.AI’s confidentiality, privacy and security policies. Personnel are provided with privacy and security training on how to implement and comply with the Information Security Program. Personnel handling Customer Personal Data are required to complete additional requirements appropriate to their role (e.g., certifications). CloudDefense.AI’s personnel will not process Customer Personal Data without authorization.
- Access Controls
- Access Management. CloudDefense.AI maintains a formal access management process for the request, review, approval and provisioning of all personnel with access to Customer Personal Data to limit access to Customer Personal Data and systems storing, accessing or transmitting Customer Personal Data to properly authorized persons having a need for such access. Access reviews are conducted periodically to ensure that only those personnel with access to Customer Personal Data still require it.
- Infrastructure Security Personnel. CloudDefense.AI has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. CloudDefense.AI’s infrastructure security personnel are responsible for the ongoing monitoring of CloudDefense.AI’s security infrastructure, the review of the Services, and for responding to security incidents.
- Access Control and Privilege Management. CloudDefense.AI’s and Customer’s administrators and end users must authenticate themselves via a Multi-Factor authentication system or via a single sign on system in order to use the Services
- Internal Data Access Processes and Policies – Access Policy. CloudDefense.AI’s internal data access processes and policies are designed to protect against unauthorized access, use, disclosure, alteration or destruction of Customer Personal Data. CloudDefense.AI designs its systems to only allow authorized persons to access data they are authorized to access based on principles of “least privileged” and “need to know”, and to prevent others who should not have access from obtaining access. CloudDefense.AI requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; a need to know basis; and must be in accordance with CloudDefense.AI’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies follow industry standard practices. These standards include password complexity, password expiry, password lockout, restrictions on password reuse and re-prompt for password after a period of inactivity
- Data Center and Network Security
- Data Centers.
- Infrastructure. CloudDefense.AI has AWS as its data center.
- Resiliency. Multi Availability Zones are enabled on AWS and CloudDefense.AI conducts Backup Restoration Testing on a regular basis to ensure resiliency.
- Server Operating Systems. CloudDefense.AI’s servers are customized for the application environment and the servers have been hardened for the security of the Services. CloudDefense.AI employs a code review process to increase the security of the code used to provide the Services and enhance the security products in production environments.
- Disaster Recovery. CloudDefense.AI replicates data over multiple systems to help to protect against accidental destruction or loss. CloudDefense.AI has designed and regularly plans and tests its disaster recovery programs.
- Security Logs. CloudDefense.AI’s systems have logging enabled to their respective system log facility in order to support the security audits, and monitor and detect actual and attempted attacks on, or intrusions into, CloudDefense.AI’s systems.
- Vulnerability Management. CloudDefense.AI performs regular vulnerability scans on all infrastructure components of its production and development environment. Vulnerabilities are remediated on a risk basis, with Critical, High and Medium security patches for all components installed as soon as commercially possible.
- Networks and Transmission.
- Data Transmission. Transmissions on production environments are transmitted via Internet standard protocols.
- External Attack Surface. AWS Security Group which is equivalent to virtual firewall is in place for the Production environment on AWS.
- Incident Response. CloudDefense.AI maintains incident management policies and procedures, including detailed security incident escalation procedures. CloudDefense.AI monitors a variety of communication channels for security incidents, and CloudDefense.AI’s security personnel will react promptly to suspected or known incidents, mitigate harmful effects of such security incidents, and document such security incidents and their outcomes.
- Encryption Technologies. CloudDefense.AI makes HTTPS encryption (also referred to as SSL or TLS) available for data in transit.
- Data Storage, Isolation, Authentication, and Destruction. CloudDefense.AI stores data in a multi-tenant environment on AWS servers. Data, the Services database and file system architecture are replicated between multiple availability zones on AWS. CloudDefense.AI logically isolates the data of different customers. A central authentication system is used across all Services to increase uniform security of data. CloudDefense.AI ensures secure disposal of Client Data through the use of a series of data destruction processes.
- Data Centers.
- Security Management System.
Annex 2
CloudDefense.AI’s Sub-processors
| Name of Sub-processor | Description of Processing | Location of Sub-processor |
| Amazon Web Service | Running the Production environment including the Application and Databases | USA |
| Google Workspace | Email services | India |
| Sendgrid | Email services | USA |
| ClickUp | Work management | USA |
| Discord | Messaging | USA |
| Mailchimp | CRM solution | USA |
| Apollo.ai | Customer Outreach | USA |
| Freshdesk | Customer Service | USA |
