Dark Web Monitoring Terms & Conditions

Credential Monitoring Terms and Conditions

During, and subject to the terms and conditions of, this Credential Monitoring End User Agreement (the “Agreement”): (a) Green Light Business Technology a Michigan Limited Liability Company (“Vendor”) agrees to provide to End User certain cyber threat intelligence reporting services (“Services” – as described in Exhibit B) ordered by End User from time to time pursuant to an Order Form (as defined in Exhibit A) in connection with the Designated Resources (as described in Exhibit B); and (b) End User grants to Vendor permission to provide such Services in connection with the Designated Resources. If End User desires for Vendor to provide additional services outside the scope of the Services (such as with respect to resources other than Designated Resources, or other consulting, training, or engineering), End User shall request those additional services in writing. Vendor may decline or accept any request for additional services in its sole and absolute discretion.

To the extent Vendor agrees to provide any such additional services, the scope of those services shall be set forth in a separate agreement executed by both parties and shall be subject to Vendor’s then-current fees, terms and conditions for such services.

This Agreement includes the Overview above, plus; (a) the General Terms and Conditions identified as Exhibit A below; (b) the Service Terms and Conditions identified as Exhibit B below; and (c) the Order Form.

EXHIBIT A –GENERAL TERMS AND CONDITIONS

1. Capitalized terms defined either in this Section 1, or in the context in which they first appear in the Agreement (including the Order Form), will have the indicated meaning throughout the Agreement and all attached documents. Unless otherwise indicated, all Section references in the Agreement are to sections in these General Terms and Conditions.

“Data” means any and all data, reports, analyses, Hits (as defined in Exhibit B to the Agreement) or other information provided or made available to End User in connection with the Services.

“Designated Resources” means those Authorized Email Assets and Authorized IP Addresses described on Exhibit B to the Agreement, subject to limitations set on the applicable Order Form.

“Effective Date” means the date indicated on the Initial Order Form.

“End User” means the single end user entity (such as an LLC, corporation, organization or government agency) identified on the Order Form, including internal divisions of that entity, but excluding any subsidiaries or other affiliates of the entity unless specifically identified on the Order Form.

“Initial Order Form” means the initial Order Form.

“Initial Term” means the initial term of this Agreement, as designated on the Order Form.

“Order Form” means either the Initial Order Form, or a subsequent order form which: (a) describes Services which End User has agreed to purchase in accordance with this Agreement; (b) includes pricing for such Services; and (c) has been signed, authenticated or consented to by the End User in writing or electronically.

“Services” means the cyber threat intelligence monitoring services designated on an applicable Order Form and further described in Exhibit B to the Agreement.

Sources” means selected chat rooms and other Internet sites monitored in connection with the Services.

“Updated Terms” has the meaning provided in Section 10.

2. SUBSCRIPTION TERM & TERMINATION.

2.1 Initial Term + Renewals. Unless earlier terminated in accordance with this Section 2, the term of this Agreement shall: (a) commence on the Effective Date and continue for the Initial Term; and (b) thereafter, automatically renew for successive one year periods, unless either party provides written notice of non-renewal no less than sixty (60) days prior to the end of the then-current term. The Initial Term and any and all renewals thereof are collectively referred to in this Agreement as the “term.”

2.2 Termination. Either party may terminate this Agreement in the event that the other party fails to cure a material breach within thirty (30) days after receipt of written notice thereof. In the event either party becomes liquidated, dissolved, bankrupt or insolvent, whether voluntarily or involuntarily, or shall take any action so declared, the other party shall have the right to terminate this Agreement immediately. Except as set forth in Sections 2, 3 (solely with respect to fees and expenses arising before termination, and hourly fees and expenses described on the applicable Order Form) and 4 – 10, which shall survive termination, upon termination of this Agreement, all rights and duties of the parties under this Agreement shall expire. Within five days after termination of this Agreement for any reason, End User shall destroy any and all documentation and other materials containing Confidential Information of Vendor. This requirement applies to partial and complete copies in all forms, in all types of media and computer memory, and whether or not modified or merged into other materials.

3. FEES AND PAYMENTS.

3.1 Fees. In addition to any consulting, training or other fees or expenses described on the applicable Order Form, End User shall pay to Vendor the Services fees described on the applicable Order Form.  Fees designated for payment on an “Annual” basis are due and payable in advance, on the Effective Date; fees designated for payment on a “Monthly” basis are due and payable monthly, in arrears.  Vendor shall endeavor to invoice End User on or prior to commencement of each renewal term, if any, and End User shall pay all fees designated for payment on an “Annual” basis within 30 days after the date of such invoices. Fees and expenses for renewal terms, if any, will automatically be set at Vendor’s then-current rates for the applicable Services and other services. Fees shall be payable in immediately available funds, in U.S. dollars. Payment shall be made without any right of set-off or deduction. Fees paid are non-refundable.  End User shall promptly notify Vendor in the event that any factor relevant to fees changes, such as by exceeding a number of employees relevant to a fee.

3.2 Late Payments. Any payment not made when due shall accrue late payment fees at the rate of 1.5% per month or the highest amount allowable by law, whichever is lower, such interest to accrue on a daily basis after as well as before any judgment relating to collection of the amount due. Late fees shall not constitute an election of, or Vendor’s exclusive, remedy. Failure to pay fees when due shall entitle Vendor to terminate this Agreement upon notice to End User pursuant to Section 2. End User agrees to pay any and all legal fees, collection fees and other expenses incurred by Vendor to enforce this Agreement or otherwise due to End User’s failure to pay any amounts due or otherwise comply with the Agreement.

3.3 Taxes. All fees are exclusive of local, state, federal and international sales, value added, excise, withholding and other taxes and duties of any kind. End User shall be responsible for, and agrees to pay in advance (or reimburse Vendor for amounts paid), any and all taxes and duties arising out of or in connection with this Agreement, other than taxes levied or imposed based upon Vendor’s net income.

3.4  Credit Card Payments.  If End User has provided Vendor with a credit card and billing information in connection with the Services, End User: (a) authorizes Vendor to automatically charge all fees incurred to any such credit card in accordance with the Agreement, including during automatic renewal periods; and (b) agrees to provide Vendor with accurate and complete billing information including full name, street address, city, state, zip code, telephone number, and a valid payment method. Should automatic billing fail, Vendor will issue an invoice or otherwise notify End User that End User must timely pay by another method acceptable to Vendor.

4. PROPRIETARY RIGHTS; FEEDBACK. All title, ownership, and intellectual property rights in and to the Services and Portal and any other materials used in connection with this Agreement and any Data created as part of this Agreement (including any changes thereto made at the suggestion of End User) and any related documentation, including any copyrights, patents, trade secrets, computer code, programs, inventions, discoveries, know-how, methods, processes, designs, algorithms, formulae, patterns, and compilations (“Proprietary Information”) are owned by Vendor and its licensors, and nothing in this Agreement should be construed as transferring any aspects of such rights to End User, any Authorized Third Party, or any other third party. Vendor reserves any and all rights not expressly granted herein. End User agrees that: (a) the content of all oral and written comments or reports provided to Vendor as feedback, including corrections, ideas and concepts, is the property of Vendor; (b) End User shall, and hereby does, assign any copyright and other such rights therein to Vendor, without any accounting or payment to End User; and (b) Vendor may use the feedback in any way that it desires in its sole discretion.
5. AUTHORITY; ACKNOWLEDGMENTS; COVENANTS.

5.1 Authority. End User represents, warrants and covenants to Vendor that: (a) End User or an Authorized Third Party owns or lawfully controls, or otherwise holds a current and lawful right or license to possess, access and use, all Designated Resources provided to Vendor in connection with the Services; (b) End User has and will maintain the full right and power to enter into and perform this Agreement (including the right to provide Vendor with Designated Resources and permission to provide Services with respect to those Designated Resources) without the further consent of any Authorized Third party or any other third party; and (c) neither End User’s entry into this Agreement nor End User’s or Vendor’s performance hereunder will conflict with any right of privacy or any other obligation which End User may have to any other party (including any employee, Authorized Third Party or any other third party), whether under contract, statute, regulation, tort or otherwise.

5.2 Acknowledgment. End User acknowledges and agrees that: (a) the Services are not intended to replace any active security measures that End User or any Authorized Third Party may now or hereafter have in place, of any sort (whether physical, technical or procedural), such as filters, virus software, firewalls, surveillance or information security programs; and (b) any and all Data is intended to be merely indicative of, but does not and cannot guarantee, End User’s or any Authorized Third Party’s security posture at any given moment in time.

5.3 Covenants. End Users covenants and agrees that: (a) Data shall be used by End User solely for End User’s or an applicable Authorized Third Party’s internal, lawful business purposes; (b) End User shall comply with all applicable federal, national, state, provincial or local laws, statutes, ordinances, rules, regulations, judgments, decrees, requirements, orders, procedures or public policy or any legislative, administrative, governmental or regulatory body, agency or other authority of any kind with respect to its performance hereunder, including the purchase and use of the Services and Data, and obtaining required written and enforceable consent from Authorized Third Parties; (c) Data shall not be resold or sublicensed, or shared with any other person or entity (except as necessary to alert law enforcement or affected Authorized Third Parties); (d) End User shall not use any Data to develop any products and/or services, or otherwise repurpose Data for any reason without the express written consent of Vendor, which consent shall be in the sole and absolute discretion of Vendor; (e) Data shall not be used as a factor in or for the purpose of establishing an individual’s eligibility for, or evaluating any individual with respect to (i) credit or insurance to be used primarily for personal, family or household purposes, (ii) employment, promotion, reassignment or retention as an employee, or (iii) any other purpose authorized under Section 604 of the Fair Credit Reporting Act; and (f) Data shall not be used as a factor in or for the purpose of improving, or providing advice or assistance with regard to improving, any individual’s credit record, credit history, or credit rating. Notwithstanding subsection 5.3(c), to the extent that the Services as described in Exhibit B expressly permit End User to request monitoring of Designated Resources that relate to an Authorized Third Party as specified in Exhibit B, End User may share applicable Data with the applicable Authorized Third Party (and no others), subject to the other limitations included in this Section 5.3. End User shall defend, indemnify and hold Vendor and its affiliates, and their respective directors, officers, employees, agents, representatives and contractors, harmless from any and all costs and expenses (including any third party claims and attorneys’ fees) arising out of, related to or resulting from (i) any actual or alleged breach of this Agreement, including violation of any representation, warranty or covenant in this Section 5, or (ii) any decision, action or omission of End User or any Authorized Third Party, including any that End User or any Authorized Third Party or other third party may make based on the Data or Services, and any use or handling of Services or Data.

6. Warranty; Disclaimers.

6.1 TO THE EXTENT PERMITTED BY APPLICABLE LAW, VENDOR MAKES NO REPRESENTATIONS OR WARRANTIES WHATSOEVER IN CONNECTION WITH THE SERVICES OR ANY DATA PROVIDED UNDER OR IN CONNECTION WITH THIS AGREEMENT, ALL OF WHICH ARE PROVIDED ON AN “AS IS” BASIS. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING: (A) VENDOR DOES NOT WARRANT RESULTS OR WARRANT THAT ANY SERVICES OR DATA WILL BE FREE FROM ERRORS; AND (B) VENDOR EXPRESSLY DISCLAIMS, AND END USER EXPRESSLY WAIVES, ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, SYSTEM INTEGRATION, ACCURACY OF INFORMATIONAL CONTENT, AND ACCURACY OF THE METHODOLOGY USED TO DEVELOP OR PROVIDE THE SERVICES OR ANY DATA. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, VENDOR DOES NOT WARRANT RESULTS OR WARRANT THAT ANY SERVICES OR DATA WILL BE FREE FROM ERRORS, DEFECTS OR BUGS, OR THAT SUCH WILL NOT INTERFERE WITH OR DISRUPT ANY OF THE DESIGNATED RESOURCES OR ANY OTHER END USER SECURITY SYSTEM, NETWORK, SOFTWARE OR SYSTEM. END USER ACKNOWLEDGES THAT THE SERVICES ARE INTENDED TO SUPPLEMENT, NOT TO REPLACE OR ACT AS A SUBSTITUTE FOR, A COMPREHENSIVE DATA SECURITY PROGRAM, AND THAT VENDOR DOES NOT AND CANNOT GUARANTEE END USER’S OR ANY AUTHORIZED THIRD PARTY’S SECURITY POSTURE AT ANY GIVEN MOMENT IN TIME.

6.2 VENDOR DOES NOT ASSEMBLE, EVALUATE OR MAKE THE SERVICES OR ANY DATA AVAILABLE FOR USE AS A FACTOR IN OR FOR THE PURPOSE OF: (A) ESTABLISHING ANY INDIVIDUAL’S ELIGIBILITY FOR, OR EVALUATING ANY INDIVIDUAL WITH RESPECT TO (I) CREDIT OR INSURANCE TO BE USED PRIMARILY FOR PERSONAL, FAMILY OR HOUSEHOLD PURPOSES, (II) EMPLOYMENT, PROMOTION, REASSIGNMENT OR RETENTION AS AN EMPLOYEE, OR (II) ANY OTHER PURPOSE AUTHORIZED UNDER SECTION 604 OF THE FAIR CREDIT REPORTING ACT; OR (B) IMPROVING, OR PROVIDING ADVICE OR ASSISTANCE WITH REGARD TO IMPROVING, ANY INDIVIDUAL’S CREDIT RECORD, CREDIT HISTORY, OR CREDIT RATING.

7. LIMITATION OF LIABILITY. NOTWITHSTANDING ANYTHING ELSE HEREIN OR OTHERWISE, TO THE EXTENT PERMITTED BY APPLICABLE LAW: (A) IN NO EVENT SHALL VENDOR’S LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY IN THE AGGREGATE, EXCEED THE TOTAL AMOUNT PAID OR PAYABLE BY END USER TO VENDOR PURSUANT TO AN APPLICABLE ORDER FORM IN THE TWELVE MONTHS PRECEDING THE INCIDENT GIVING RISE TO LIABILITY; AND (B) NEITHER VENDOR NOR ANY OF ITS AFFILIATES OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, LICENSORS, CONTRACTORS, SUPPLIERS, AGENTS OR REPRESENTATIVES, SHALL BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL OR OTHER DAMAGES, INCLUDING ANY LOST PROFIT, LOST DATA OR LOST SAVINGS UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY, EVEN IF VENDOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY OTHER CLAIM BY END USER OR FOR ANY THIRD PARTY CLAIM. THE PARTIES AGREE THAT THIS SECTION 7 REPRESENTS A REASONABLE ALLOCATION OF RISK AND THAT VENDOR WOULD NOT PROCEED IN THE ABSENCE OF SUCH ALLOCATION.

8.1 Generally. “Confidential Information” is any information disclosed by one party (the “Disclosing Party”) to the other (the “Receiving Party”) in connection with the Services, and clearly marked as confidential or identified in writing to the Receiving Party as confidential at the time of disclosure. Notwithstanding the foregoing, should any Sources be disclosed to End User either verbally or in writing, End User agrees that Sources shall constitute the Confidential Information of Vendor, regardless of whether those Sources are marked as confidential. Nothing in this Agreement shall be interpreted to compel Vendor to disclose any or all of the Sources.

8.2 Obligations. Each Receiving Party will: (a) treat as confidential all Confidential Information of the Disclosing Party; (b) not use such Confidential Information except as expressly set forth in this Agreement or otherwise authorized in writing; (c) implement reasonable procedures to prohibit the unauthorized use, disclosure, duplication, misuse or removal of the Disclosing Party’s Confidential Information; and (d) not disclose such Confidential Information to any third party, (i) except as may be necessary and required in connection with the rights and obligations of such Party under this Agreement, and subject to confidentiality obligations at least as protective as those set forth herein, or (ii) except as may be permitted by Section 5.3 in connection with a third party(ies) specified in Exhibit B. Without limiting the foregoing, each of the Parties will use at least the same procedures and degree of care which it uses to prevent the disclosure of its own confidential information of like importance to prevent the disclosure of Confidential Information disclosed to it by the other Party, but in no event less than reasonable care. Except as expressly authorized in this Agreement, neither party will copy Confidential Information of the other party without the discloser’s prior written consent. Notwithstanding anything to the contrary in this Agreement, whether or not marked as confidential, the financial terms of this Agreement and the Portal shall be deemed Confidential Information of Vendor.

8.3 Exclusions. Confidential Information will not include, or will cease to include, as applicable, Confidential Information that the Receiving Party can document: (a) is or becomes generally available to the public through no improper action or inaction by the Receiving Party; (b) was known by the Receiving Party or in the Receiving Party’s possession prior to receipt of the Disclosing Party’s Confidential Information as shown by the Receiving Party’s business records kept in the ordinary course; (c) is disclosed with the prior written approval of the Disclosing Party; (d) was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information and provided that the Receiving Party can demonstrate such independent development by documented evidence prepared contemporaneously with such independent development; (e) becomes known to the Receiving Party from a source other than the Disclosing Party without breach of this Agreement by the Receiving Party and otherwise not in violation of the Disclosing Party’s rights; or (f) is disclosed pursuant to the order or requirement of a court, administrative agency, or other governmental body, provided that the Receiving Party provides prompt, advance written notice thereof to enable the Disclosing Party to seek a protective order or otherwise prevent such disclosure. In the event such a protective order is not obtained by the Disclosing Party, the Receiving Party will disclose only that portion of the Confidential Information which its legal counsel advises that it is legally required to disclose. Vendor may use End User’s name and logo in Vendor public End User listings and marketing materials, and issue press releases referencing End User’s name.

8.4 Ownership; Destruction of Data. All Confidential Information shall: (a) remain the property of the Disclosing Party; and (b) shall be destroyed by the Receiving Party within two weeks upon written request (except for Data delivered prior to termination, which End User may continue to use within the scope of Section 5.3).

9. NON-SOLICITATION. End User agrees that it shall not, at any time during the term and for a period of 18 months after termination of this Agreement, whether for its own account or for the account of others, solicit for employment, hire or otherwise engage any of the employees or independent contractors of Vendor. Notwithstanding the foregoing, nothing in this Agreement shall prevent End User from hiring any person who responds to a general solicitation not personally directed to such person. In the event End User hires or engages an employee or contractor of Vendor in violation of this Section 9, Vendor shall be entitled to collect liquidated damages from End User to compensate Vendor for locating, recruiting, hiring and training a replacement person. Vendor’s liquidated damages shall be a sum equal to two times the gross annual compensation of the person End User wrongfully hired or engaged. Gross annual compensation means twelve times the subject employee or contractor’s last full month’s compensation from Vendor including bonuses and benefits. The parties agree and acknowledge that this amount is a reasonable, liquidated amount and not a penalty.
10. MISCELLANEOUS

10.1 Interpretation. The headings used in this Agreement are for convenience only and shall in no case be considered in construing this Agreement. If any part of this Agreement is held by a court of competent jurisdiction to be illegal or unenforceable, the validity or enforceability of the remainder of this Agreement shall not be affected and such provision shall be deemed modified to the minimum extent necessary to make such provision consistent with applicable law and, in its modified form, such provision shall then be enforceable and enforced. Termination is not an exclusive remedy and all other remedies will be available whether or not termination occurs. Any use of the term “include” or “includes” or “including” shall mean “include without limitation,” “includes without limitation” and “including without limitation,” respectively.

 

10.2 Assignment. Subject to the following, all of the terms and conditions of this Agreement shall be binding upon, inure to the benefit of, and be enforceable by the respective successors and any permitted assigns of the parties. End User shall not assign this Agreement or any of its rights or obligations hereunder (whether by operation of law or otherwise) without the prior written consent of Vendor. Any attempt by End User to assign this Agreement without Vendor’s prior written consent shall be null and void. There are no intended third party beneficiaries of this Agreement.

10.3 No Waiver; Limitations. No failure or delay in exercising any right hereunder will operate as a waiver thereof, nor will any partial exercise of any right or power hereunder preclude further exercise. To the extent permitted by applicable law, no action, regardless of form, arising out of this Agreement may be brought by End User more than one (1) year after the cause of action has accrued.

10.4 Governing Law. This Agreement shall be governed in all respects (without regard to any conflict of laws provisions) by the laws of the United States of America and the State of Michigan as such laws are applied to agreements entered into and to be performed entirely within the State of Michigan between residents of Michigan.

10.5 Dispute Resolution. Any claim, whether based on contract, tort or other legal theory (including any claim of fraud or misrepresentation), arising out of or relating to this Agreement, including the interpretation, performance, breach or termination thereof, shall be exclusively and finally resolved by arbitration. The arbitration shall be conducted by a single arbitrator, and every person named on all lists of potential arbitrators, shall be a neutral and impartial lawyer with excellent academic and professional credentials (i) who has practiced law for at least ten (10) years, with experience in the field of software development and distribution and intellectual property law, and (ii) who has had experience, and is generally available to serve, as an arbitrator. The arbitrator shall be bound by the provisions of this Agreement and base the decision on applicable law and judicial precedent, shall include in such decision the findings of fact and conclusions of law upon which the decision is based, and shall not grant any remedy or relief that a court could not grant under applicable law. The arbitrator’s decision shall be final and binding upon the parties, and shall not be subject to appeal. Notwithstanding the foregoing, either party may enforce any judgment rendered by the arbitrator in any court of competent jurisdiction. In addition, the arbitrator shall have the right to issue equitable relief, including preliminary injunctive relief. Any such arbitration shall be conducted in Ottawa County, Michigan, USA in accordance with the Commercial Arbitration Rules of the American Arbitration Association. For the purposes of any arbitration or court action between the parties relating to this Agreement, the prevailing party shall be entitled to recover reasonable attorneys’ fees and costs.

10.6 Changes in Laws. Notwithstanding anything to the contrary in this Agreement, Vendor may limit or discontinue the provision of the Services to the extent: (i) Vendor or any vendor of Vendor is restricted by any rule, regulation, law or governmental entity; (ii) Vendor or any vendor of Vendor has discontinued the collection of data; or (iii) Vendor or any vendor of Vendor is prohibited from providing Services. In addition, Vendor may discontinue, upgrade or change the production, support, delivery and maintenance of any Services if Vendor develops an upgraded version or otherwise no longer generally provides such Services to its End Users. In the event that Vendor materially modifies the content or scope of the Services provided to End User, the Parties shall renegotiate the fees in good faith according to the prevailing pricing models.

10.7 Consent and Notices. Unless otherwise expressly indicated, any consent or authorization required under this Agreement shall be at the sole discretion of the party from whom such consent is required. Notice shall be deemed to have been received by a party, and shall be effective on the day received. All breach-related notices permitted or required under this Agreement shall be in writing and shall be delivered by recognized postal or courier services who provide delivery confirmation to the other party’s address set forth on the Initial Order Form, or such other address as the parties may subsequently provide in writing. All other notices may be sent by email with notice deemed given upon acknowledgement of receipt by a reply email.

10.8 Independent Contractors. The parties enter into this Agreement as, and shall remain, independent contractors with respect to one another. Nothing in this Agreement shall create a partnership, joint venture, agency, franchise, or employment relationship between the parties.

10.9 Force Majeure. Vendor shall not be liable to End User by reason of any failure in performance of this Agreement if the failure arises out of the unavailability of communications facilities or energy sources, acts of God, acts of End User, acts of governmental authority, fires, strikes, delays in transportation, riots, terrorism, war, cybersecurity incidents, or any other causes beyond the reasonable control of Vendor.

10.10 Entire Agreement. This Agreement, together with its Exhibits and Order Forms, comprises the entire agreement between the parties regarding the subject matter hereof and supersedes and merges all prior and contemporaneous proposals, understandings and all other agreements, oral and written, between the parties relating to the subject matter of this Agreement.  Vendor reserves the right, in its sole discretion, to change the General Terms and Conditions and/or the Services Terms and Conditions (“Updated Terms”) from time to time. Unless Vendor makes a change for legal or administrative reasons, Vendor will provide reasonable advance notice before the Updated Terms become effective. End User agrees that Vendor may notify End User of the Updated Terms by posting them on the Portal, and that End User’s use of the Service (including the Portal) after the effective date of the Updated Terms (or engaging in such other conduct as Vendor may reasonably specify) constitutes End User’s agreement to the Updated Terms. End User should review these Terms and Conditions and any Updated Terms before using the Services. The Updated Terms will be effective as of the time of posting, or such later date as may be specified in the Updated Terms, and will apply to End User’s use of the Services from that point forward. These Terms of Use will govern any disputes arising before the effective date of the Updated Terms.  Except as otherwise expressly provided in this Section, this Agreement may be amended or modified only in a writing executed by both parties.  All End User documents, whether signed or unsigned, including purchase orders, shall not be given any effect which is inconsistent with this Agreement unless this provision is separately and specifically referred to and waived by Vendor in a signed writing.

10.11             Forms of Consent.  This Agreement and any amendments thereto may be executed in counterparts. The parties consent to the conduct of transactions and the execution of any amendments between them by electronic means or records, including by use of electronic signatures and facsimile copies of a party’s signature.

EXHIBIT B –SERVICE TERMS AND CONDITIONS

B.1 Scope. During the term of, and subject to the terms and conditions of, this Agreement (including the Order Form and this Exhibit B), Vendor will use proprietary technologies to provide End User Monitoring Services.

“Administrator User” means a designated employee of End User who has been provided with: (a) access to all relevant Data on the Portal, including captured password data for Authorized Email Assets; and (b) the ability to configure the Portal within specifications.

“Authorized Email Asset” means any email domain name (such as “@EndUserName.com” or “@EndUserBrand.org”) or email address (such as [email protected] or “[email protected]”) that is: (a) unique to End User or an Authorized Third Party; and (b) owned or controlled by End User or an Authorized Third Party, as designated by End User from time to time in accordance with Vendor’s then-current process.

“Authorized IP Address” means any IP address for a system, network or device which End User or an Authorized Third Party owns, or to which End User or an Authorized Third Party has authorized access, as designated by End User from time to time in accordance with Vendor’s then-current process.

“Authorized Third Party” means: (a) any employee, contractor, Supplier or agent of End User, on whose behalf End User has obtained prior written permission, in compliance with applicable laws and this Agreement, to provide Vendor with Designated Resources for the purpose of enabling Vendor to provide Services and Data to the End User with respect to those Designated Resources, without the further consent of the applicable employee, contractor, Supplier or agent or any other third party; (b) any Customer, or any employee, contractor, Supplier or agent of Customer, on whose behalf End User or such Customer has obtained prior written permission, in compliance with applicable laws and this Agreement, to provide Vendor with Designated Resources for the purpose of enabling Vendor to provide Services and Data to the End User with respect to those Designated Resources, without the further consent of the applicable Customer, employee, contractor, Supplier or agent or any other third party; and (c) any Prospect.

“Customer” means any current client or customer of End User with which End User has a current written agreement that protects the confidentiality, and limits the use, of the Services and Data in a manner consistent with, and no less protective than, this Agreement.

“Customer Prospect” means any bona fide and current prospective Customer of End User which has expressed a current interest in viewing masked password Data concerning such prospective customer, but which is not yet a Customer bound by a written contract with End User in accordance with the Agreement.

“Data” means any and all relevant data made available to End User on the Portal, including Hits and reports.

“End User Monitoring Service” means Monitoring Services with respect to the Designated Resources.

“Monitoring Services” means: (a) monitoring Sources in an effort to identify apparent references to Designated Resources (each, a “Hit”) which suggest that one or more individuals, organizations or communities are targeting Designated Resources and could pose a risk of disseminating or using End User’s sensitive and confidential information (or those of an Authorized Third Party) without authorization; and (b) making available to the Administrator User(s) and any Standard Users, in encrypted format on the Portal a daily report (delivered within a batched cycle at least once during any 24-hour time period) showing such Hits and such other information as appropriate for the applicable Service, User level and monitored entity. End User acknowledges that an ideal outcome for End User or an Authorized Third Party would be a series of reports showing no reported Hits.

“Portal” means Vendor’s proprietary credential monitoring platform.

“Prospect” means any Customer Prospect or Supplier Prospect.

“Standard User” means a designated employee of End User who has been provided with access to all Data on the Portal, excluding captured password data for Authorized Email Assets.

“Supplier” means any current contractor, vendor, business partner, agent or affiliated agency of End User with which End User has a current written agreement that protects the confidentiality, and limits the use, of the Services and Data in a manner consistent with, and no less protective than, this Agreement.

“Supplier Prospect” means any bona fide and current prospective Supplier in which End User has expressed a current interest in viewing masked password Data concerning such prospective customer, but which is not yet a Supplier bound by a written contract with End User in accordance with the Agreement.

“User” means an Administrator User or a Standard User.

B.2 Limitations. Data shall constitute Confidential Information of Vendor, and may be used by End User solely for internal purposes, its support of an Authorized Third Party, or for alerting law enforcement or affected Authorized Third Parties; the Data cannot be resold, sublicensed, copied or used by End User or any Authorized Third Party in any other manner without the express written consent of Vendor, which consent shall be in Vendor’s sole and absolute discretion. Only Users shall be provided with personal access to the Portal, subject to password and two-factor authentication requirements. Without limiting the generality of any of the other conditions or restrictions set forth in this Agreement, neither End User nor any User may directly or indirectly: (a) permit third party access, or take actions which result in access, or attempts to access, the Portal from more than one computer at any one time per User; (b) distribute or share any user name or password with anyone; or (c) lease, license or otherwise charge others for use or access to the Portal. Vendor may use automated procedures and other means to detect violations of this Agreement, and may immediately disable and/or terminate offending

End Users. Vendor is not responsible for interruptions that may result from any such disabling or termination. Access to the Portal is subject to Vendor’s then-current Acceptable Use Policy.

End User may use the Portal solely as expressly permitted in this Agreement. Without limiting the generality of the foregoing limitation, End User will not (and will not allow others to: (a) copy or modify the Portal; (b) reverse engineer, decompile, disassemble, derive the source code of, create derivative works from or otherwise exploit the Portal (except to the extent that such restriction is expressly prohibited by applicable law); (c) lease, license, use, make available or distribute all or any part of the Portal to any third party; (d) distribute, sell, rent, lend, pledge, lease, sublicense, or otherwise, directly or indirectly, transfer rights or charge others for use of or access to the Portal; (e) use the Portal to operate in or as a time-sharing, outsourcing, service bureau, application service provider or managed service provider environment; or (f) remove, modify or obscure any copyright, trademark or other proprietary rights notices which appear in or on the Portal or any report or other output generated thereby. End User is solely responsible for all equipment and other resources necessary to connect and communicated with the Portal, and to receive two-factor authentication codes sent via text message or LAN phone call.

To the extent any Authorized Third Party revokes, withdraws or otherwise terminates its consent to permit End User to provide Vendor with Designated Resources for the purpose of enabling Vendor to provide Services and Data to the End User with respect to Designated Resources, End User shall immediately: (a) provide Vendor with written notice thereof; and (b) remove all relevant Designated Resources from the Portal.

Notwithstanding any other provision of this Agreement, End User agrees that: (a) End User shall differentiate between Prospects and other Authorized Third Parties when using the Portal or otherwise requesting Services; and (b) all Data made available to End User in connection with an Authorized Third Party which is merely a Prospect and not a Customer or Supplier shall be partially masked until such time as such Prospect becomes a Customer or Supplier by entering into a written agreement with the End User that protects the confidentiality, and limits the use, of the Services and Data in a manner consistent with, and no less protective than, this Agreement.

B.3. Service Level Agreement.

“Delivery Availability (or Delivered)” means a file, if available, containing the Data is made available to End User at least once during any 24-hour time period (e.g., on a daily basis) via Vendor’s batch delivery method.

“Emergency Maintenance” means maintenance that is performed by or on behalf of Vendor or a service provider to Vendor on or in connection with the Portal or Services due to an issue that is outside of the Maintenance Window and is a result of conditions or events beyond Vendor’s reasonable control.

“Maintenance Windows” means hours during which Vendor shall perform Scheduled Maintenance on the Portal, i.e., 12:00 a.m. – 11:00 a.m. ET.

“Permitted Downtime” means the following: (a) lack of Availability due to any Scheduled Maintenance or any Emergency Maintenance; (b) lack of Availability due to any Force Majeure Event, as defined in the Agreement; or (c) lack of Availability due to, or caused by, End User’s software, systems or environment or any other reason beyond the reasonable control of Vendor.

“Scheduled Maintenance” means maintenance on the Portal so long as (i) such maintenance is performed by Vendor during a Maintenance Window, or (ii) Vendor has provided notice using e-mail (or other) method to End User not less than four (4) hours before the commencement of such maintenance, which notice specifies the nature of such maintenance and the anticipated impact of such maintenance upon availability and performance of the Portal.

Service Availability + Credits – Except in the event of Emergency Maintenance or Permitted Downtime, available Data (if any) will be delivered at least once during any 24 hour time period. End User will notify Vendor in writing of any non-compliance with the service levels set forth in this Section B.3. If Vendor fails to meet the required Delivery Availability more than twice during any month (i.e., Data is available and is not delivered to End User for three or more days during the subject month) and after Vendor has received the required written notice thereof, then End User, as End Users’ sole and exclusive monetary remedy for breach of this Section B.3, will be entitled to receive one (1) full day’s credit on Fees for that particular month (a “Service Credit”), which will be computed based on then current Fees paid for the Services divided by the applicable number of days in such month. Any Service Credit provided by Vendor shall be applied to End User’s next invoice (or refunded if Vendor does not expect to issue any further invoices).

In order to receive the Service Credit, End User must notify Vendor in writing within 30 days from the time End User becomes eligible to receive a Service Credit. Failure to comply with this requirement will result in a forfeiture of the right to receive the Service Credit.

Service Credits shall constitute End User’s exclusive monetary remedy for Vendor’s failure to meet any minimum Delivery Availability commitments under this SLA; provided, however, that in the event of Vendor’s uncured failure to meet Delivery Availability for two or more consecutive months, End User shall also have the right to terminate the Agreement by providing Vendor with written notice of such termination.

Incident Resolution

On a 24×7 basis, 365 days per year basis, End User may provide notice of any Delivery Availability or other support issue by sending an email to their account manager or to support at greenlightbt.com. Vendor will use its commercially reasonable efforts to resolve any reported and verifiable issues.