SaaS End User Customer Agreement
Last updated: January 2024
PLEASE READ THIS SAAS END USER AGREEMENT (THE “TERMS”) CAREFULLY BEFORE USING THE SERVICES OFFERED BY VEZA TECHNOLOGIES, INC. (“VEZA”). BY MUTUALLY EXECUTING ONE OR MORE ORDER FORMS WITH VEZA WHICH REFERENCE THESE TERMS (EACH, AN “ORDER FORM”), YOU (“LICENSEE”) AGREE TO BE BOUND BY THESE TERMS (TOGETHER WITH ALL ORDER FORMS, THE “AGREEMENT”) TO THE EXCLUSION OF ALL OTHER TERMS. IN ADDITION, ANY ONLINE ORDER FORM WHICH YOU SUBMIT VIA COMPANY’S STANDARD ONLINE PROCESS AND WHICH IS ACCEPTED BY LICENSOR SHALL BE DEEMED TO BE MUTUALLY EXECUTED. IF THE TERMS OF THIS AGREEMENT ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO SUCH TERMS.
In consideration of the mutual agreements set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:
1. Definitions
1.1 “Agreement” means this Agreement, together with all Exhibits, attachments, and any amendments attached hereto or hereafter attached by mutual written agreement of the parties, all of which are incorporated herein by reference.
1.2 “Confidential Information” means any information of a party designated as confidential or proprietary at the time of disclosure, or would be reasonably considered as confidential due to its nature or circumstance of disclosure, as further described in Section 4 below.
1.3 “Documentation” means all specifications, user manuals, program manuals, written proposals, and any related documentation provided by Veza for the operation and use of the Service.
1.4 “Veza Content” means any information, data, text (including but not limited to names of files, databases, directories and groups/workgroups of the same), software, graphics and video transmitted, entered, or stored by Veza in or in connection with the Service.
1.5 “Licensee Content” means all Licensee information, data, text (including but not limited to names of files, databases, directories and groups/workgroups of the same), and/or materials on, within, displayed, linked or transmitted to, from or through the Service or entered or stored in the Service by any Licensee employee, contractor, or representative using the Service
1.6 “Order Form” means the Veza Order Form in the form attached hereto as Exhibit A. All Order Forms shall be binding and incorporated herein by this reference.
1.7 “Service” means the Veza product, including any modifications or updates thereto, and as described in more detail in the Order Form.
1.8 “User” means those natural persons who are employees, contractors, consultants, auditors, legal counsel, and other representatives of Licensee permitted to access the Service in accordance with this Agreement.
1.9 “Identities” is a pricing metric agreed upon between Veza and Licensee, which forms the basis for the licensing Fees (as defined below) and is set forth on an Order Form. An Identity is a unique user identifier listed in the Customer’s Identity Provider (IdP) application(s). If an Identity has more than one User ID in an IdP, each User ID is measured separately for purposes of determining the number of Identities that must be procured at a given time.
1.10 “Integrations” are end-point connections to an instance of a database, application, or API for use with the Service. Integrations are set forth in the Order form and, along with Identities, form the basis for the Fee.
1.11 “Intellectual Property” means all foreign, federal, state and common law trademarks, service marks, domain names, Internet path names and addresses of whatsoever nature, trade dress, copyrights, know-how, show-how, patents, inventions (whether or not patentable), mask works, software, proprietary data, customer lists, strategic plans, financial data, trade secrets, all other intangible assets of whatsoever nature and all applications for registration and/or issuance with respect to all the foregoing and whether or not any of the foregoing is registerable or patentable, including, without limitation, with respect to all of the foregoing: (a) all goodwill associated with any and all of the foregoing; (b) all parents, continuations, continuations in part, divisionals, reissues and extensions; and (c) all moral rights associated with any and all of the foregoing.
2. License Grant; Veza Obligations; Restrictions.
2.1 License Grant by Veza. Veza hereby grants Licensee a limited, non-exclusive, non-transferable, revocable right and license during the Term (as defined below) to use and access the Service as set forth in one or more Order Forms entered into between Veza and Licensee, each of which is incorporated herein by reference. The license to use and access the Service granted hereunder is subject to the terms of the applicable Order Form and this Agreement. In the event of any conflict or ambiguity between an Order Form and this Agreement, the terms of this Agreement shall govern and control in all respects. During the Term, Licensee is authorized to allow an unlimited number of Users to use the Service and all tools, features, and capabilities of the Service in accordance with the Agreement. Licensee may use the Service and Documentation for integration, development, testing, quality assurance and other purposes in multiple environments.
2.2 License Grant by Licensee. Licensee grants to Veza a limited, non-transferable, non-exclusive, royalty free license, for the Term of this Agreement, to access, store, copy, display, use and transmit on and via the Internet the Licensee Content, solely for the benefit of Licensee.
2.3 Veza Obligations.
2.3.1 Hosted Service. Veza will make available to Licensee hosted access to the Service. The Service shall be made available through the Internet for use by Licensee in accordance with the terms of this Agreement. Veza shall supply Licensee with a copy of any necessary information or documentation regarding use of the Services. Unless otherwise specified herein, all Licensee Content and data provided to Veza shall remain exclusively in the United States.
2.3.2 Maintenance and Technical Support. Veza shall provide Licensee with reasonable maintenance and technical support services, Monday through Friday, 8:00 a.m. to 8:00 p.m. Pacific Time (“Technical Support”) under the applicable Order Form (excluding Sandbox applications) and as more fully described in the Support and Availability Policy attached hereto as Exhibit B.
2.3.3 Communications Choices. If Veza is required by law or under this Agreement to send Licensee communications about the Service, Licensee agrees that Veza may send such communications to Licensee via email, or in such a manner as mutually agreed to by the parties.
2.3.4 Performance by Veza. Veza is responsible for the conduct and performance of all Services provided under this Agreement and shall be responsible for the conduct of its employees and any subcontractors or third-party providers acting on Veza’s behalf hereunder.
2.4 Restrictions. Licensee agrees not to access the Service by any means other than through the interface that is provided by the Veza for use in accessing the Service. Licensee shall not directly or indirectly: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Service; (ii) modify, translate, or create derivative works based on the Service; (iii) copy, rent, lease, distribute, pledge, assign, or otherwise transfer or encumber rights to the Service; (iv) use the Service for the benefit of a third party; (v) remove or otherwise alter any proprietary notices or labels from the Service or any portion thereof; (vi) use the Service to build an application or product that is competitive with any Veza product or service; (vii) interfere or attempt to interfere with the proper working of the Service or any activities conducted on the Service; or (viii) bypass any measures Veza may use to prevent or restrict access to the Service (or other accounts, computer systems or networks connected to the Service); (ix) use the Service in violation of any applicable local, state, national and foreign laws, treaties and regulations (including those related to data privacy, international communications, export laws and the transmission of technical or personal data laws), or (x) use the Service in a manner that violates any third party intellectual property, contractual or other proprietary rights.
3. Licensee Obligations.
3.1 Compliance with Law. Licensee is responsible for all activities conducted within User accounts in use of the Service. Licensee shall comply with all applicable local, state, federal and regional or other laws and regulations applicable in connection with use of the Service, including all those related to data privacy and the transmission of technical or personal data.
3.3 Password(s). Licensee agrees it shall manage its password(s) for access to the Service. Licensee agrees it shall notify Veza in the event of any known unauthorized access or use of the Service, or of any password or account, or any other known breach of security in connection with the Service.
3.4 Copies; Distribution. Licensee agrees it shall (i) notify Veza in the event of any known attempt to copy or distribute the Service, and (ii) use reasonable efforts to stop such copying or distribution.
3.5 Updates. The Veza may update the Service periodically with tools, utilities, improvements, third-party applications, or general updates to improve and enhance the features and performance of the Service. Veza agrees to provide such updates to Licensee, free of charge, as part of the Service. Veza may cease supporting older versions or releases of the Service at any time in its sole discretion.
4. Confidentiality.
4.1 For purposes of this Agreement, “Confidential Information” means the terms and conditions of this Agreement, customer data and all non-public information about the disclosing party’s business or activities that is proprietary and confidential, which shall include all business, financial, technical and other information of either party, whether or not it is marked or designated by such party as “confidential or “proprietary” at the time of disclosure. Confidential Information will not include information that: (i) is in or enters the public domain without breach of this Agreement; (ii) the receiving party lawfully receives from a third party without restriction on disclosure and without breach of a nondisclosure obligation; (iii) the receiving party rightfully knew prior to receiving such information from the disclosing party; or (iv) the receiving party develops independent of any information originating from the disclosing party.
Licensee acknowledges and agrees that the Service contains software and related materials or documentation which is deemed proprietary and “Veza Confidential Information” or is protected by applicable intellectual property and other laws, and Licensee agrees not to disclose such information to any third party without Veza’s prior permission.
4.2 Each party agrees that: (i) it will not disclose to any third party any Confidential Information disclosed to it by the other party except as expressly permitted in this Agreement; (ii) it will not use any Confidential Information disclosed to it by the other party except as necessary to perform its obligations under this Agreement; and (iii) it will take all reasonable measures to maintain the confidentiality of all Confidential Information of the other party in its possession or control, which will in no event be less than the measures it uses to maintain the confidentiality of its own information of similar importance. Notwithstanding the foregoing, each party may disclose Confidential Information of the other party to the extent required by a court of competent jurisdiction or other governmental authority or otherwise as required by law. In the event the information sought is Confidential Information of the other party, the party from whom the information is sought shall promptly inform the other party of such requested disclosure in writing unless prohibited from such notification by lawful order of the court.
4.3 Each party acknowledges and agrees that the other party’s breach of the confidentiality provisions under this Section 4 may result in irreparable harm to the non-breaching party and that the non-breaching party will have the right to enforce this Agreement and any of its provisions by seeking an injunction, specific performance and/or other equitable relief without prejudice to any other rights and remedies that the non-breaching party may have and without posting a bond.
4.4 Nothing in this Agreement shall relieve any party of any of its obligations under any separate non-disclosure agreement between the parties, including any obligation with respect to procedures for handling customer data or other similarly sensitive information.
4.5 All Licensee Confidential Information and any materials furnished to Veza by Licensee and any information or materials which are designated in writing to be the property of Licensee shall remain the sole property of Licensee. Any information related to Licensee, or its business activities (including, but not limited to, Licensee Content, if any), that is received, observed, or otherwise obtained by Veza in connection with the performance of this Agreement shall be treated by Veza as Licensee Confidential Information and shall not be used, disclosed, or further disseminated by Veza.
4.6 All Veza Confidential Information, including Veza Content, and any materials furnished to Licensee by Veza and any information or materials which are designated in writing to be the property of Veza shall remain the sole property of Veza. Any information related to Veza or its business activities (including, but not limited to, Veza Content) that is received, observed or otherwise obtained by Licensee in connection with the performance of this Agreement shall be treated by Licensee as Veza Confidential Information and shall not be used, disclosed or further disseminated by Licensee. Licensee agrees that any unauthorized disclosure of the Veza Confidential Information would cause irreparable harm to Veza, and that in the event of any breach or threatened breach of the confidentiality obligations, Veza shall be entitled to seek equitable relief in addition to any other remedy.
4.7 Notwithstanding anything in this Agreement to the contrary, Licensee acknowledges and agrees that Veza may (i) internally use Licensee Content for the purposes of (A) providing the Service to Licensee, (B) testing, improving and operating Veza’s products and services, and (C) generating Aggregated Anonymous Data (as defined below), and (ii) use and make available Aggregated Anonymous Data for Veza’s business purposes (including without limitation, for purposes of improving, testing, operating, promoting and marketing Veza’s products and services). “Aggregated Anonymous Data” means data submitted to, collected by, or generated by Veza in connection with Licensee’s use of the Service, but only in aggregate, anonymized form which can in no way be linked specifically to Licensee or personally identifiable information of any individual or entity.
5. Intellectual Property Ownership.
5.1 The Service. Veza and its licensors, if any, own all rights, title and interest, including all Intellectual Property rights and moral rights, in and to the Service and its software, products, and works. Any software which is distributed or otherwise provided to Licensee hereunder shall be deemed a part of the “Services” and subject to all of the terms and conditions of this Agreement. Licensee may from time to time provide suggestions, comments or other feedback to Veza with respect to the Service (“Feedback”). Feedback shall not create any confidentiality obligation for Veza notwithstanding anything else in this Agreement, except to the extent designated as confidential by Licensee or reflecting personally identifiable information of any individual. Licensee shall, and hereby does, grant to Veza a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid-up license to use and exploit the Feedback for any purpose. Nothing in this Agreement will impair Veza’s right to develop, acquire, license, market, promote or distribute products, software or technologies that perform the same or similar functions as, or otherwise compete with any products, software or technologies that Licensee may develop, produce, market, or distribute.
5.2 Veza Content. Licensee acknowledges and agrees that any and all Veza Content, including copyrights, trademarks, database rights and other Intellectual Property contained in such Licensee Content are owned by Veza or its licensors, if any. Veza grants Licensee the limited right to use such Veza Content in connection with the Service, subject to the terms and conditions of this Agreement.
5.3 Licensee Name and Logo. Unless otherwise agreed to or stated in the Order Form, Licensee agrees to permit the use of its name and logo (“Licensee Branding”) in connection with (1) identifying Licensee as a Veza customer; (2) case studies; and (3) other marketing materials and press releases. Licensee further agrees that Veza may use publish Licensee Reference Material on social media, at trade shows, and/or other marketing and advertising mediums. Any such use of Licensee Reference Material shall be subject to Licensee’s prior approval. Licensee may revoke such approval at any time by providing written notice to Veza. Upon receipt of such notice, Veza shall remove and cease such use of Licensee Branding as soon as reasonably practicable.
5.4 Licensee Content. Veza agrees and acknowledges (a) that any Licensee Content shall be owned by Licensee and (b) that Veza has no authority to access or retain any portion of Licensee Content except as (i) specified in this Agreement, or (ii) may in the future be expressly authorized by Licensee. Licensee shall at all times retain the right to terminate all or any portion of Veza personnel’s access to Licensee Content.
5.5 Third-Party Beneficiaries. The parties agree that nothing in this Agreement is intended to assign or transfer to a party, nor will have the effect of assigning or transferring to a party, any Licensee Confidential Information (including Licensee Content), any right to any existing copyright, patent, trade secret, moral right, or any other existing intellectual property right of the other party.
6. Fees and Renewal Fees/Pricing, Tax, Invoicing, and Payment.
6.1.1 Fees. License fees (“Fees”) shall be calculated based on the number of Licensee’s Identities and Integrations as set forth on an Order Form. The number of Identities and Integrations will be periodically tracked and monitored. Veza may, in its sole discretion, and with at least thirty (30) days advance notice to Licensee, amend the Order Form and/or increase the Fees if Licensee’s Identities usage rate exceeds the amount set forth in the Order Form, and Licensee agrees to pay such Fees as increased pursuant to the terms and conditions of this Agreement. Without limiting the foregoing, Identities shall be recalculated annually in connection with each Renewal Term. Licensee agrees to pay all Fees in accordance with the pricing and invoicing terms as stated in an Order Form. Additional products or licenses may be added following execution of this Agreement by written amendment and/or on an Order Form and with payment of Fees then negotiated.
6.1.2 Renewal Fees/Pricing. The Service price during any Renewal Term (as defined below in Section 10.1) for any SKU indicated on a prior Order Form will be the same as that during the prior Term unless Veza provides Licensee advance written notice of a pricing increase, in which case the pricing increase shall be effective only upon renewal date and thereafter.
6.3 Invoicing and Payment. Licensee shall pay Veza Fees for the Service as set forth in each Order Form. Unless otherwise specified in an Order Form, all Fees shall be invoiced annually in advance and all invoices issued under this Agreement are payable in U.S. dollars within thirty (30) days from date of invoice. Past due invoices are subject to interest on any outstanding balance of the lesser of 1.5% per month or the maximum amount permitted by law. Licensee shall be responsible for all taxes associated with the Service (excluding taxes based on Veza’s net income). All Fees paid are non-refundable except for breach of this Agreement by Veza. In the event Veza does not receive payment in accordance with these terms, Veza shall have the right to suspend the Service due to lack of payment; provided that Veza shall provide Licensee at least five (5) business days’ notice prior to taking such action. All pricing terms and fees herein are confidential and may not be disclosed to any third party.
7. Representations and Warranties; Warranty Disclaimer.
7.1 Veza represents and warrants that it shall comply with all state and federal laws, rules and regulations applicable to the performance of its obligations hereunder. Veza shall take commercially reasonable efforts to provide technical service support and assistance to Licensee in connection with the implementation and Licensee’s use of the Service.
7.2 Veza further represents and warrants that: (i) it owns the Service or otherwise has the authority to grant the rights granted to Licensee hereunder; (ii) the Service shall operate in all material respects in accordance with the then-current Documentation; (iii) the Service does not and will not infringe upon or violate any patent, copyright, trade secret, trademark, invention or other proprietary right or property right of any third party; (iv) Licensee’s use of the Service will not violate or infringe the above rights of any person or entity and (vi) Veza will comply and adhere to the Data Protection and Security policy attached hereto as Exhibit C.
7.3 Veza represents and warrants that the Service will contain at delivery no computer instructions, circuitry or other technological means whose purpose or effect is to disrupt, damage or interfere with any Licensee use or Licensee’s computer and communications facilities or equipment (“Harmful Code”), and Veza will use commercially reasonable efforts to prevent the introduction of such Harmful Code to the Service prior to delivery to Licensee. “Harmful Code” shall include, without limitation, any code containing viruses, Trojan horses, worms or like destructive code or code that self-replicates.
7.4 Veza represents and warrants that the Service will conform in all material respects to the Documentation. If Veza receives notice from Licensee of any defects with respect to the Service, Veza will, at its option, either correct or repair such Service, at its own expense. Veza shall not be required to comply with any warranty obligations pursuant to this Section 7.4 if and to the extent that: (i) the applicable Service has been modified by Licensee without the supervision or prior consent of Veza; or (ii) the applicable Service is nonconforming due to the failure by Licensee or its agents or employees to operate the Service in accordance with the Documentation.
7.5 EXCEPT FOR THE EXPRESS WARRANTIES MADE OR REFERENCED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EXPRESS OR IMPLIED, CONCERNING THE SUBJECT MATTER OF THIS AGREEMENT, AND EACH PARTY HEREBY DISCLAIMS ANY AND ALL IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
8. Indemnification.
8.1 Veza agrees to defend, indemnify and hold Licensee and its officers, directors, employees and agents harmless from and against any and all claims, liabilities, actions, judgments, losses, costs, and expenses, and reasonable attorneys’ fees and costs (collectively “Claims”), arising out of any third party claim arising out of or related to: (i) Veza’s gross negligence or willful misconduct in supplying the Service; or (ii) any claim that the Service provided by Veza hereunder infringes or violates any third party’s copyright, patent, trade secret, or trademark, or other intellectual property right. Veza shall not be obligated to defend or be liable for Claims under this Section 8 to the extent the claims arise from (i) content not created or provided by Veza (including without limitation any Licensee Content), (ii) modifications to the System made in whole or in part in accordance to Licensee specifications, (iii) System modifications made after delivery to Licensee, (iv) Licensee’s use of the System with other products, processes, or materials not provided by Veza, (v) Licensee’s infringement of any third-party Intellectual Property not related to the Service, or (vi) Licensee’s use of the Service other than in accordance with the Service Documentation.
8.2 Licensee shall defend, indemnify and hold Veza and its offers, directors, employees and agents harmless from all Claims arising out of or related to licensees alleged or actual misuse, of, or failure to use the Services, including without limitation: (a) claims by Users or Licensee employees or contractors; (b) claims related to unauthorized disclosure or exposure of personally identifiable information or other private information; (c) claims related to infringement or violation of third-party Intellectual Property, and claims that use of the System by Licensee harasses, defames, or defrauds a third party or violates any law or restriction.
8.3 If seeking indemnification, the indemnified party will give prompt written notice to the indemnifying party. The failure by the indemnified party to give prompt notice as provided, above, shall not relieve The indemnified party of its obligations under this Section 8 except to the extent any delay materially prejudices the indemnified party. In addition, the indemnifying party will allow the indemnified party to direct the defense and settlement of any such claim, with counsel of the indemnified party’s choosing, and will provide the indemnified party, at the indemnified party’s expense, with information and assistance that is reasonably necessary for the defense and settlement of the claim. The indemnifying party shall have the right to employ separate counsel and to participate in (but not control) any such action, but the fees and expenses of such counsel shall be at the expense of the indemnifying party unless: (i) the employment of counsel by the indemnifying party has been authorized by the indemnified party; or (ii) the indemnified party has not in fact employed counsel to assume the defense of the action within a reasonable time following receipt of the notice given pursuant to this Section 8.3, in each of which cases the fees and expenses of such counsel shall be at the expense of the indemnified party. the indemnified party shall not be liable for any settlement of an action effected without its written consent (which consent shall not be unreasonably withheld or delayed), nor shall the indemnified party settle any such action without the written consent of the indemnifying party (which consent shall not be unreasonably withheld or delayed). the indemnified party will not consent to the entry of any judgment or enter into any settlement that does not include as unconditional term(s) thereof, no admission of wrongdoing and the giving by the claimant or plaintiff to the indemnifying party a release from all liability with respect to the claim.
8.4 In the event that the Service, or any portion thereof, is held, or in Veza’s reasonable opinion is likely to be held, to constitute infringement of a third-party Intellectual Property right, Veza may within a reasonable time, at its option: (i) secure for Licensee, at Veza’s sole expense, the right to continue the use of such infringing item with the scope of such use being at least equivalent to the scope of use contemplated by this Agreement; (ii) replace, at Veza’s sole expense, such item with a functionally equivalent non-infringing item or modify such item so that it becomes non-infringing but remains functionally equivalent; or (iii) terminate this Agreement. If Veza terminates this Agreement pursuant to this Section 8.2, Veza will refund a pro-rata portion of any Fees paid to Veza by Licensee.
9. Limitation of Liability. EXCEPT FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY, NOR ITS DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY UNDER THIS AGREEMENT, WHETHER OR NOT THAT PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE, FOR (I) SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, (II) LOST PROFITS, DATA LOSS, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, (III) BUGS, VIRUSES, TROJAN HORSES, OR MALICIOUS CODE (REGARDLESS OF THE SOURCE OF ORIGINATION), OR (IV) ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) THE FEES PAID (OR PAYABLE) BY LICENSEE TO VEZA HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO A CLAIM HEREUNDER.
10. Disclaimer. EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” AND IS WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS OR SUITABILITY FOR A PARTICULAR PURPOSE (WHETHER OR NOT A PARTY KNOWS, HAS REASON TO KNOW, HAS BEEN ADVISED OR IS OTHERWISE, IN FACT, AWARE OF ANY SUCH PURPOSE), COMPLETENESS, ACCURACY, ERROR-FREE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED.
11. Term and Renewal Term, Termination & Post Termination.
11.1 Term and Renewal Term. The term of this Agreement is set forth in the Order Form, and shall continue until the expiration or termination of all Order Forms made hereunder (the “Term”). Upon the expiration of the then-current Term, this Agreement, and all Order Forms made hereunder, shall automatically renew for an additional Term of the same duration, unless either party gives written notice of such party’s intent not to renew not less than thirty (30) days prior to the expiration of the then-current Term.
11.2 Termination by Either Party.
11.2.1 Immediate Termination. Either party may immediately terminate this Agreement if the other party: (i) becomes or is likely to become insolvent or subject to a bankruptcy proceeding (which, if involuntary, is not discharged within thirty (30) days); (ii) suffers appointment of a receiver for any material portion of its assets or business, or of a conservator or liquidating agent; (iii) makes an assignment for the benefit of creditors.
11.2.2 Termination for Cause. Either party may terminate this Agreement upon thirty (30) days’ written notice if the other party breaches this Agreement and fails to cure such breach within thirty (30) days after receiving written notice thereof from the non-breaching party.
11.3 Responsibilities Upon Termination. Upon the termination or expiration of this Agreement, and without limiting any other provision hereof: (i) each party shall either return or destroy the other party’s Confidential Information, at the election of the receiving party; (ii) Licensee shall pay to Veza all unpaid fees and expenses, if any, accrued prior to such termination or expiration; (iii) Licensee shall, at Veza’s election, either promptly return to Veza or destroy all Veza Confidential Information, copies of any software (including back-up copies), related documentation, deliverables, if any, and all other materials, whether tangible or intangible, furnished by Veza pursuant to this Agreement. Upon any expiration or termination of this Agreement, all of Licensee’s rights to access or use the Service shall cease (including any use or access by Users). At Licensee’s written request and expense, Veza will provide Licensee with access to the most recent Licensee Content from Licensee’s account for retrieval purposes.
11.4 Survival. The provisions of Sections 1 (“Definitions”), 2.4 (“Restrictions”), 4 (“Confidentiality”), 5 (“Intellectual Property Ownership”), 6 (“Fees, Tax, Invoicing and Payment”), 7 (“Representations and Warranties; Warranty Disclaimer”), 8 (“Indemnification”), 9 (“Limitation of Liability”), 10.3 (“Responsibilities Upon Termination”), this Section 10.4 (“Survival”), 11 (“Source Code”), 12 (“General Provisions”), and any exhibit, schedule, addenda or attachment that, by its nature, survives termination, shall survive any termination or expiration of this Agreement.
12. General Provisions.
12.1 Choice of Law. This Agreement shall be governed in all respects by the internal laws of the State of California excluding its conflicts or choice of law provisions. Licensee agrees to submit to personal jurisdiction and venue of the state and federal courts in Santa Clara County, California.
12.2 Notices. Notices between the parties shall be by personal delivery, overnight delivery, facsimile or e-mail transmission, or certified or registered mail, return receipt requested, and shall be deemed given upon receipt at the address of the recipient party or ten (10) days after deposit in the mail. Addresses used shall be the ones set forth below or such other address as a party hereto shall notify the other in writing.
12.3 Severability. In the event of any invalidity of any provision of this Agreement, the parties agree that such invalidity shall not affect the validity of the remaining portions of this Agreement, and further agree to substitute for the invalid provision a mutually agreeable valid provision which most closely approximates the intent of the invalid provision.
12.4 Headings. The headings in this Agreement are for the convenience of reference only and have no legal effect.
12.5 No Third-Party Beneficiaries. This Agreement is intended for the sole and exclusive benefit of the signatories and is not intended to benefit any third party. Only the parties to this Agreement may enforce it.
12.6 Assignment. Neither party may assign its rights or delegate its obligations under this Agreement without the prior written consent of an authorized representative of the other party hereto, and any attempts to do so shall be void and constitute a material breach of this Agreement; provided that with party may assign its rights and delegate its obligations under this Agreement in connection with a merger, reorganization or sale of all or substantially all of its stock or assets. All the terms and provisions of this Agreement shall be binding upon and inure to the benefit of the parties, their successors and permitted assigns.
12.7 Relationship. Veza is an independent contractor, and neither party is, nor will claim to be, a legal representative, partner, franchisee, agent or employee of the other.
12.8 Force Majeure. Neither party shall be liable to the other for a failure or delay in its performance of any of its obligations under this Agreement (except for the payment of amounts due hereunder) to the extent that such failure or delay is caused by circumstances beyond its reasonable control or by events such as fire, riot, flood, labor disputes, natural disaster, regulatory action, internet or telecommunications failures, terrorist acts, epidemic, pandemic, governmental order or restriction, or other causes beyond such party’s reasonable control, provided that the non-performing party gives notice of such condition and continues or resumes its performance of such affected obligation to the maximum extent and as soon as reasonably possible, and provided further, that either party may terminate this Agreement upon delivery of written notice to the other party if such condition continues for a period in excess of sixty (60) days.
12.12 Counterparts and Fax Signatures. This Agreement may be executed in counterparts, each of which shall constitute an original, and all of which shall constitute one agreement. A signature transmitted via facsimile or scanned original shall be deemed an enforceable signature for the purpose of demonstrating the signing party’s assent to the Agreement.
12.14 Entire Agreement. This Agreement constitutes the entire understanding and agreement between the parties with respect to the subject matter addressed herein and supersedes any and all prior or contemporaneous oral or written communications with respect to the subject matter hereof, all of which are merged herein.
EXHIBIT A
Order Form
EXHIBIT B
Support and Availability Policy
This Support and Availability Policy (the “Policy”) sets forth the policies and procedures with respect to Veza’s support and maintenance of the Service. Support under this Policy is not available in connection with Order Forms for Sandbox applications.
Summary:
As further described below, Veza will use commercially reasonable efforts to: (i) provide Licensee with 99.9% availability to the Service (the “Service Availability”); and (ii) provide standard support to Licensee.
Availability:
If the Service becomes substantially unavailable to Licensee due to defects with the Service, Veza will respond to Licensee (i) within eight (8) hours from Licensee’s notification to Veza of such unavailability, if during normal business hours (Monday-Friday, 8:00am – 6:00pm Pacific Time), or (ii) within eight (8) hours of the start of the next business day, if outside of normal business hours. The Service Availability will be measured on a monthly basis, with all hours weighted equally, but the Service Availability measurement will exclude reasonable scheduled downtime for system maintenance (typically outside of normal business hours) as well as any downtime or performance issues resulting from third-party connections, services or utilities or other reason beyond Veza’s control (including without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving Veza employees), computer, telecommunications, Internet service provider or hosting facility failures or delays involving hardware, software or power systems not within Veza’s possession or reasonable control, and denial of service attacks). If the Service is unavailable to Licensee due to defects with the Service beyond the Service Availability metric, then, as Licensee’s sole and exclusive remedy (and Veza’s sole liability), Veza will provide Licensee a credit for the subsequent Service billing cycle as follows:
| Service Availability | Credit |
| < 99.9% but >= 99.00% | 3 days |
| < 99.00% but >= 95.00% | 15 days |
| < 95.00% | 30 days |
In order to receive downtime credit, Licensee must notify Veza support within seventy-two (72) hours from the time of downtime, and failure to provide such notice will forfeit the right to receive downtime credit. All credits provided hereunder are nonrefundable. If Licensee elects not to renew the Agreement, such that the above credit cannot be applied, Licensee will have the option to receive up to one free month of Service as its sole remedy in lieu of such credit.
Support:
Veza will provide support to customer for defects with the Service as set forth in this Support and Availability Policy. Any support services outside of the scope of this Service and Availability Policy must be separately agreed in writing by Licensee and Veza. Licensee may designate up to four (4) support contacts (“Designated Support Contacts”), and all support requests must come through the Designated Support Contacts. Licensee may update the Designated Support Contacts by providing notice to Veza.
Exhibit C
Data Protection and Security
1. Information Security Program. Veza maintains an information security program materially aligned with industry leading practices and applicable regulatory requirements (“Information Security Program”). The Information Security Program is designed, with respect to all Licensee Content in Veza’s possession or to which Veza has access, to (i) ensure sufficient controls are implemented to protect against anticipated threats to the security or integrity of Licensee Content; (ii) protect against unauthorized access to or use of Licensee Content; (iii) ensure the secure storage and if applicable, disposal of Licensee Content; and, (iv) ensure that all subcontractors of Veza, if any, comply with all of the foregoing. Veza’s information security program is regularly reviewed by Veza management and updated as necessary. As part of its Information Security Program Veza shall maintain written policies and standards and ensure all Veza personnel with access to Licensee Content maintain awareness of such policies and undergo security awareness training periodically.
2. Audit of Veza by Independent Third Party. Veza completed a SOC2 Type II review of its information security program as of January 2022 and will complete a SOC2 type II review no less than annually thereafter. Veza will provide a summary report to Licensee upon reasonable written request, at Veza’s sole expense. Should any findings be identified, Veza shall evaluate those findings and will design and implement mitigation strategies as needed at its sole expense.
3. Endpoint protection and monitoring. Veza shall deploy and maintain on all Veza provided user endpoints a Mobile Device Management Software (MDM) and an Endpoint detection and response (EDR) or Antivirus solution.
4. Data Protection. Veza shall maintain written policies defining data handling practices and shall classify, protect, store and securely dispose of Licensee Content in accordance with the requirements defined within such policies. Veza uses industry standard encryption techniques to protect sensitive data in storage and transport.
5. Access Control. Veza shall ensure that access to Licensee Content in Veza’s possession or to which Veza has access is restricted to authorized personnel and that such access is only granted for purposes of fulfilling Veza’s obligations under the Master Service Agreement. Accessing Licensee Content must only be allowed upon successful authentication using mechanisms meeting industry standards and minimum requirements as defined within Veza policies. All remote access to Licensee Content must be obtained through a secure connection. Veza will periodically review user access to verify that access remains restricted to authorized personnel. Access by Veza personnel to Licensee Content is removed within twenty-four (24) hours upon termination of employment or a change in job status that results in personnel no longer requiring access to Licensee Content. Veza will use industry standard methods to maintain logs of all Veza users’ access.
6. Secure Software Development. Veza maintains written policies defining requirements for developing and implementing the software systems provided for purposes of fulfilling Veza’s obligations under this Agreement. Newly developed software systems undergo review, including a security review for significant functionality, testing and approval prior to production implementation.
7. Logging and Monitoring. Veza will monitor software systems provided under this Agreement to detect and respond to potential threats to the security, confidentiality and integrity of Licensee Content. Event logs are protected from unauthorized access or modification and are retained in line with Veza’s retention policy.
8. Vulnerability Scanning. Veza will conduct vulnerability scans of the Veza’s software systems on a regular basis and evaluate any identified vulnerabilities. Veza will remediate identified vulnerabilities in line with their criticality, including timely implementation of necessary patches, if applicable.
9. Security Incident Response. Veza maintains a documented Security Incident Response Plan. Veza continuously monitors its systems provided for purposes of fulfilling Veza’s obligations under this Agreement and potential security incidents are identified, evaluated, resolved and recovered from in line with the plan.
10. Breach Notification. Veza agrees to notify Licensee in the event of any accidental, unlawful or unauthorized disclosure or access of Licensee Content in Veza’s possession or to which Veza has access (“Security Breach”) providing details of the Security Breach in accordance with applicable laws and regulations. Veza further agrees to provide all reasonable cooperation and assistance requested by Licensee or Licensee’s designated representatives, in the furtherance of any correction, remediation, investigation, mitigation of effects, enforcement or litigation with respect to a Security Breach, including but not limited to, any notification that Licensee may determine appropriate to send to individuals impacted or potentially impacted by a Security Breach.
11. Due Diligence by Licensee. Upon request by Licensee, Veza agrees to employ reasonable commercial effort to complete due diligence questionnaires as provided by Licensee or Licensee’s designee regarding Veza’s information security program.
12. Penetration Testing. Annually, Veza shall have a penetration test of its systems conducted by an independent qualified third party at its sole expense. Veza will evaluate the severity of any findings, should they be identified, and will implement mitigation strategies to address such findings in line with their severity. Veza will share an executive summary of the test with the Licensee upon reasonable request.
13. Personnel Security. Veza personnel providing the Services will possess the training, education, experience and skill reasonably necessary to perform the Services. Veza requires at least annual security and privacy training for all Veza personnel. Veza shall cause a Background Check (as defined below) to be completed on all Veza personnel assigned by Veza to provide Services hereunder prior to the date such Services commence, and shall not assign Veza personnel to provide Services hereunder if the results of any Background Check, or Veza’s actual knowledge, indicate that such Veza personnel may pose a threat to Licensee’s property, personnel, subscribers, subscribers’ property or Confidential Information. For purposes of this Section, a “Background Check” means a background investigation performed by an agency in good standing with the National Association of Professional Background Screeners, and shall include, but not be limited to, (i) a check of felony and misdemeanor criminal convictions (federal, state and county), and (ii) searches of the U.S. Government Specially Designated National (OFAC) and export denial lists and relevant national and state sex offender registries.
14. Third-party Security Management. Veza performs periodic due diligence with regard to applicable third parties, if any, to ensure compliance with Veza security policies. Should any findings be identified, Veza shall evaluate those findings and will require the third party to design and implement mitigation strategies.