Managed Service Provider (MSP) Agreement

Managed Service Provider (MSP) for Eupraxia Labs

EFFECTIVE AS OF DECEMBER 23, 2019

This Managed Service Provider Agreement (“Agreement”) constitutes a contract between Eupraxia Labs, LLC. with offices at 111 Congress Ave. Suite 400, Austin, Texas 78701 (“Eupraxia Labs”), and you. Eupraxia Labs wishes to provide and Customers wish to have the right to access through you pursuant to the terms of this Agreement, a subscription service. By applying to become an XtremeCloud Managed Service Provider, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a company, organization or other entity, you represent that you have such authority to bind such entity and are agreeing to this Agreement on behalf of such entity. If you do not have such authority to enter into this Agreement or do not agree with these terms and conditions, you may not use the Services or act as a Managed Service Provider of Eupraxia Labs’ Services.

1. DEFINITIONS

   1.1 “Applicable Law” means the Data Protection Laws and any other applicable laws, rules and regulations.

   1.2 “Customer” means a customer of Partner that has signed up for the Services through Partner and entered into a Customer Agreement with Partner.

   1.3 “Customer Agreement” means an agreement for Managed Services between Partner and a Customer that includes the Eupraxia Labs Terms and Conditions and complies with Section 3.1.

   1.4 “Customer Personal Data” means any Partner Data about Partner’s Customers that is personal data (as defined under the applicable Data Protection Laws).

   1.5 “Data Protection Laws” means all data protection and privacy laws, rules and regulations applicable to a party and binding on that party in the performance of its obligations under this Agreement, including, where applicable, EC Directive 2002/58/EC and Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

   1.6 “Documentation” means guides, instructions, policies and reference materials provided to Customers by Eupraxia Labs in connection with the Services, including the documentation located at https://eupraxia.io/docs, which Eupraxia Labs may amend from time to time.

   1.7 “XtremeCloud Admin Panel” means the web portal currently accessible at https://admin.xtremecloud.io, which allows Partner, or a Customer’s other internally appointed administrator(s) of the Services to, among other options, enroll and activate Users, issue and manage SMS passcodes and bypass codes, and manage mobile devices (as applicable to the Services utilized by each Customer).

   1.8 “XtremeCloud Mobile Software” means all Eupraxia Labs proprietary mobile applications used in providing the Services, and any updates, fixes or patches developed from time to time.

   1.9 “Eupraxia Labs” Service Terms and Conditions” means the then-current terms and conditions located at https://eupraxia.io/support-policy/pass-through-terms, governing the use of and access to the Services.

   1.10 “Fees” means the applicable fees as set forth in Exhibit A, attached hereto.

   1.11 “Hardware Tokens” mean hardware security tokens provided to a Customer at the Fees set forth in Exhibit A.

   1.12 “Intellectual Property Rights” means all patents, registered designs, unregistered designs, design rights, utility models, semiconductor topography rights, database rights, copyright and other similar statutory rights, trade mark, service mark and any know how relating to algorithms, drawings, tests, reports and procedures, models, manuals, formulae, methods, processes and the like (including applications for any of the preceding rights) or any other intellectual or industrial property rights of whatever nature in each case in any part of the world and whether or not registered or registerable, for the full period and all extensions and renewals where applicable.

   1.13 “Managed Services” means the services, software, hardware, goods and support offered by Partner to its Customers (including the delivery, management, support and use of the Duo Security Services on behalf of any Customer).

   1.14 “Partner Data” means any information or data about Partner (and its and their staff, customers or suppliers, as applicable), that is supplied to Eupraxia Labs by or on behalf of Partner in connection with the Services, or which Eupraxia Labs is required to access, generate, process, store or transmit pursuant to this Agreement. Partner Data shall not be deemed to include any Performance Data.

   1.15 “Partner Personal Data” means any Partner Data, except for any Customer Personal Data, that is personal data (as defined under the applicable Data Protection Laws).

   1.16 “Performance Data” means any and all aggregate, de-identified data relating to the access or use of the Services by or on behalf of Partner or any Customer or User, including any performance, analytics or statistical data, that Eupraxia Labs may collect from time to time.

   1.17 “Services” means the Eupraxia Labs products and services that are ordered by or made available to Customers as set forth in each applicable Customer Agreement and subject to the Duo Service Terms and Conditions (including, where applicable, the Software, Hardware Tokens and services using only the XtremeCloud Mobile Software) and made available online by Eupraxia Labs, including associated offline components, as described in the Documentation.

   1.18 “Software” means (i) Eupraxia Labs proprietary software (including the XtremeCloud Mobile Software), and (ii) open source software used by Eupraxia Labs in providing the Services which integrates with Customer’s network or application, including SSL or other VPN, Unix/Linux operating system, Microsoft applications, or web applications, as provided in the Documentation and any updates, fixes or patches developed from time to time.

   1.19 “Telephony Credits” mean credits for Customer’s Users to provide authentication by telephone or SMS.

   1.20 “Term” means three calendar years from the Effective Date.

   1.21 “User” means any user of the Services whom a Customer (or Partner, as authorized by a Customer) may authorize to enroll to use the Services under the terms of this Agreement.

2. LIMITED RIGHT TO RESELL AND MANAGE THE SERVICES

   2.1 Subject to and conditioned on Partner’s payment of the Fees and full compliance with all other terms and conditions of this Agreement, Eupraxia Labs grants Partner a non-exclusive, non-sublicensable, non-transferable license to resell, offer access to, use and manage a license to the Services solely to and on behalf of Partner’s Customers for such Customers’ and their associated Users’ internal business use, along with such Documentation as Eupraxia Labs may make available during the Term. Partner shall provide any information and assistance reasonably requested by Eupraxia Labs with respect to any Customers.

   2.2 Partner acknowledges and agrees that the Services are being made available to Partner pursuant to both this Agreement and the Eupraxia Labs Service Terms and Conditions, and any use of the Services by Partner or any Customer is subject to the use rights and restrictions in the Eupraxia Labs Service Terms and Conditions. When using the Services for its own purposes, Partner shall be considered a Customer under the Eupraxia Labs Service Terms and Conditions. Eupraxia Labs shall be responsible solely to Partner for providing the Services, including all related support, in accordance with the Eupraxia Labs Service Terms and Conditions.

   2.3 Subject to full compliance with the terms and conditions of this Agreement, Duo Security will provide support to Partner as described in the service level agreement located at https://duo.com/legal/sla (“SLA”), which is subject to change from time to time in Duo Security’s sole discretion. For purposes of this Agreement, any reference to “Customer” in the SLA shall instead be a reference to Partner. Notwithstanding anything in the SLA to the contrary, “Service Credit” (as defined in the SLA) shall mean a credit equal to the number of days of Service earned by Partner in an affected month, based on the number of Users enrolled (as shown on Duo Security’s systems) on the last day of the month during which the Service Credit was earned, to be applied to the subsequent Invoice Period.

   2.4 This is a non-exclusive relationship, and the parties acknowledge and agree that Duo Security is free to enter into the same or similar relationships on the same or different terms with other third parties, and to market, promote, license and sell products and services, including the Services, to any other third parties in its sole discretion.

3. PARTNER RESPONSIBILITIES

   3.1 Partner shall not make the Services available to any Customer except pursuant to a Customer Agreement. A Customer Agreement must, at a minimum: (a) include the Duo Service Terms and Conditions; (b) completely disclaim Duo Security’s liability for all matters arising out of or related to this Agreement and the Customer Agreement, to the fullest extent permissible by law, and require Customer, and any third parties using the Services through Customer, to seek redress solely against Partner for any matters covered thereunder; and (c) include a third party beneficiary clause giving Duo Security the benefit of and right to enforce the Customer Agreement against Customer, with respect to the Services.

   3.2 Partner shall make no representations or warranties concerning the Services other than the limited warranties included in the Duo Service Terms and Conditions. Partner shall be solely responsible for providing, at its own cost, sales, sales support, technical support, training, account management, billing and collection services, solicitation of orders and distribution of marketing materials to its Customers and prospects. Partner shall not in any way misrepresent, or in any way cause to be ambiguous: (i) Partner’s relationship with Duo Security; (ii) Partner’s duties as specified in this Agreement; (iii) the features of the Services or Software (including any technical specifications and expected benefits of use); or, (iv) the origin of the Services or Software. Partner shall not represent itself as Duo Security or as the manufacturer, exclusive agent, or exclusive vendor of the Services or Software.

   3.3 Partner is solely responsible for the delivery and results of all Managed Services, including all of its agreements, commitments, acts, omissions, obligations, warranties, representations or misrepresentations in connection therewith, and agrees to: (i) defend Duo Security against all claims and lawsuits in any form brought by Customers or any other third party against Duo Security arising out of, or in connection with, the Managed Services; and (ii) to indemnify and hold harmless Duo Security against all resulting liabilities, losses, damages, costs and expenses (including attorney and expert witness fees) incurred by Duo Security.

   3.4 Partner shall not provide any infringing, offensive, fraudulent or illegal content in connection with the Services, and Partner represents and warrants that any content it provides will not violate any Intellectual Property Rights of any third party. Duo Security reserves the right, in its sole discretion, to delete or disable any content submitted by Partner, or any Customer, that may be infringing, offensive, fraudulent or illegal. To view Duo Security’s complete copyright dispute policy and learn how to report potentially infringing content, please visit: https://duo.com/legal/copyright.

   3.5 Partner acknowledges that the Services will require Users to share with Duo Security certain information which may include personal information regarding Users (such as usernames, Duo Admin Panel passwords, email address and/or phone number) solely for the purposes of providing and improving the Services. Partner is fully responsible for ensuring that each Customer (or Partner itself) has obtained the consent of each User associated with such Customer, in accordance with Applicable Law, to the use of his/her information by Duo Security, which use is described in Duo Security’s Services Privacy Notice, located at https://duo.com/legal/privacy-notice-services. Partner will also be fully responsible for Customers’ and Users’ compliance with the Duo Service Terms and Conditions. Any breach of this Agreement or such other terms by Customer or a User shall be deemed to be a breach of this Agreement by Partner. As between Partner and Duo Security, Partner is solely responsible for determining whether the Services are sufficient for each Customer’s purposes.

   3.6 Subject to and conditioned on Partner’s payment of the Fees and full compliance with all other terms and conditions of the Agreement, Duo Security grants Partner a non-exclusive, non-sublicensable, non-transferable, limited and fully revocable license to use Duo Security’s name and logo solely during the Term and solely in connection with marketing and licensing of the Services to existing and potential Customers, provided any public announcements by Customer using Duo Security’s name and/or logo are expressly approved in writing by Duo Security, in advance. Partner shall comply with any Duo Security branding, name and/or logo usage guidelines located at https://brandfolder.com/duo.

4. RESTRICTIONS

   Partner will not, and will not permit any Customer, Users nor any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Services, Software, Hardware Tokens or any data related to the Services (except to the extent such prohibition is contrary to applicable law that cannot be excluded by the agreement of the parties); modify, translate, or create derivative works based on the Services or Software; share, rent, lease, loan, resell, sublicense, distribute, use or otherwise transfer the Services or Software for timesharing or service bureau purposes or for any purpose not explicitly permitted by this Agreement; remove, replace, modify or obscure any Duo Security or third party trademarks, trade names, copyright notices or other proprietary marks or notices within the Services or Documentation; or use the Services or Software other than in accordance with this Agreement and the Duo Service Terms and Conditions, and in compliance with Applicable Law.

5. PAYMENT OF FEES

   Partner will pay Duo Security the Fees set forth in Exhibit A (Fee Schedule) monthly in arrears, and based upon the number of Users enrolled, as shown on Duo Security’s systems, on the last day of each calendar month, with payment due within thirty days of invoice, plus all applicable sales, use and other purchase related taxes (“Invoice Period”). Partner shall be responsible for all taxes related to the Services and this Agreement, exclusive of taxes on Duo Security’s income. All fees and expenses shall be in U.S. dollars. Unpaid and due Fees are subject to a finance charge of one percent (1.0%) per month, or the maximum permitted by law, whichever is lower, plus all expenses of collection, including reasonable attorneys’ fees, except to the extent applicable law requires a different interest or finance charge calculation for unpaid and due Fees and expenses. In the case of any withholding requirements, Partner will pay any required withholding itself and will not reduce the amount paid to Duo Security on account thereof. Duo Security will not charge Users any fees for their use of the Services or Duo Mobile Software without Partner’s authorization and the Duo Mobile Software can be downloaded by Users free of charge. Users’ carriers or service providers may charge fees for data usage, messaging, phone calls or other services that are required for them to use the Services. Any amounts not covered by Exhibit A shall be payable within thirty (30) days of receipt of invoice from Duo Security.

6. RECORDS MAINTENANCE, INSPECTION AND AUDIT

   6.1 Partner must maintain true and accurate financial and accounting records related to this Agreement through the Term and for four (4) years thereafter (“Audit Period”). If an audit, litigation, or other action involving such records is initiated before the end of the Audit Period, Partner must retain the records until all issues are resolved.

   6.2 Partner shall promptly provide to Duo Security, upon written request, a signed certification (i) verifying that Partner is in compliance with the terms of this Agreement; and (ii) listing all Customers to which the Services are, or were, being provided, along with all related User counts.

   6.3 Duo Security may, at its expense, audit Partner’s compliance with this Agreement. Any such audit will be conducted during Partner’s business hours and will not unreasonably interfere with Partner’s business activities. Partner shall provide Duo Security with all reasonable assistance and information required to enable it to determine whether Partner is in compliance with this Agreement. If the audit reveals that Partner has underpaid amounts due under this Agreement, Partner shall pay such amounts within thirty (30) days after receiving notice, plus interest at the rate set forth in Section 5. If the audit reveals that Partner has underpaid amounts totaling five percent (5%) or more of the amounts due in any year, Partner shall reimburse Duo Security for all reasonable costs, fees, and expenses associated with such audit within thirty (30) days after receiving notice.

7. CONFIDENTIALITY

   7.1 The term “Confidential Information” means any information disclosed by one party (“Disclosing Party”) to the other party (“Receiving Party”) in any form (written, oral, etc.) that is marked as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of the disclosure, including, without limitation: trade secrets; technology and technical information (intellectual property, inventions, know-how ideas and methods); business, financial and customer information; pricing, forecasts, strategies and product development plans; and/or the terms of this Agreement. Each party understands that the Disclosing Party has or may disclose Confidential Information in connection with this Agreement, but that Receiving Party shall receive no rights in, or licenses to, such Confidential Information.

   7.2 The Receiving Party agrees: (i) not to disclose Confidential Information to any third person other than those of its employees, contractors, advisors, investors and potential acquirers (“Representatives”) with a need to have access thereto and who have entered into non-disclosure and non-use agreements applicable to the Disclosing Party’s Confidential Information, and (ii) to use such Confidential Information solely as reasonably required in connection with the Services and/or this Agreement. Each party agrees to be responsible for any breach of this Agreement caused by any of its Representatives. The Receiving Party further agrees to take the same security precautions to protect against unauthorized disclosure or unauthorized use of such Confidential Information of the Disclosing Party that the party takes with its own confidential or proprietary information, but in no event will a party apply less than reasonable precautions to protect such Confidential Information. Each party acknowledges that the use of such precautions is not a guarantee against unauthorized disclosure or use. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document: (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party; or (b) was in its possession or known by it prior to receipt from the Disclosing Party; or (c) was rightfully disclosed to it without restriction by a third party; or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing Confidential Information as required in response to a request under applicable open records laws or pursuant to any judicial or governmental order, provided that, to the extent permitted by law, the Receiving Party gives the Disclosing Party reasonable prior notice to contest such disclosure. For the avoidance of doubt, Partner acknowledges that Duo Security utilizes the services of certain third parties in connection with the provision of the Services (such as data hosting and telephony service providers) and such third parties, along with any other third party service providers that Partner or Customer may choose to integrate with the Services, will have access to Partner’s and Customers’ Confidential Information, including Partner Data, in accordance with this Agreement. The parties agree that Performance Data is not Confidential Information and will not be subject to any confidentiality restrictions or obligations.

   7.3 Each party agrees that, upon the written request of the Disclosing Party, the Receiving Party will promptly return to the Disclosing Party, or provide written certification of the destruction of, all Confidential Information of the Disclosing Party, including all Confidential Information contained in internal documents, without retaining any copy, extract or summary of any part thereof. Notwithstanding the foregoing, a Receiving Party may retain copies of Confidential Information solely to the extent necessary for purposes of such party’s ordinary course internal document retention and backup requirements and procedures, provided that such Confidential Information shall remain subject to the terms and conditions of this Agreement for so long as it is retained.

   7.4 Partner acknowledges that Duo Security does not wish to receive any Confidential Information from Partner that is not necessary for Duo Security to perform its obligations under this Agreement and, unless the parties specifically agree otherwise, Duo Security may reasonably presume that any unrelated information received from Partner is not confidential or Confidential Information, unless such information is marked as “Confidential.”

8. INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP

   Except as expressly set forth herein, Duo Security alone (and its licensors, where applicable) will retain all Intellectual Property Rights relating to the Services or the Software or any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Partner, Customers, a User or any third party relating to the Services and/or the Software, which are hereby assigned to Duo Security. Partner will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. As between the parties, Duo Security owns all Performance Data. This Agreement is not a sale and does not convey to Partner, or any Customer, any rights of ownership in or related to the Services or Software, or any Intellectual Property Rights.

9. DATA PROTECTION

   9.1 In this Section 9, the terms “personal data,” “data processor,” “data subprocessor,” “data subject,” “process and processing” and “data controller” shall be as defined in the applicable Data Protection Laws.

   9.2 For the purposes of the Data Protection Laws, Partner agrees that Duo Security is a data processor (or subprocessor, as applicable) and not the data controller of any personal data related to Partner’s or any Customer’s use of the Services. Solely if and to the extent Duo Security is processing personal data, as defined in the General Data Protection Regulation, that is contained in Partner Data or Customer Personal Data on Partner’s or any Customer’s behalf, then the terms of the data processing agreement available at https://duo.com/legal/gdpr-data-protection-addendum shall apply to such processing and are incorporated into this Agreement.

   9.3 Partner may enable integrations between the Services and certain third party services used by its Customers (each, an “Integration”). By enabling an Integration between the Services and any Customer’s third party services, Partner is hereby instructing Duo Security, on behalf of its Customer and in accordance with such Customer’s instructions to Partner, to share any Customer Personal Data necessary to facilitate the Integration. Partner and its Customers are responsible for providing any and all instructions to such third party service providers about the use and protection of Customer Personal Data. Duo Security and any such third party service providers are not subprocessors of each other.

   9.4 As the data controller, or processor as applicable, of Partner Personal Data and Customer Personal Data, Partner represents and warrants to Duo Security that its provision of personal data to Duo Security and instructions for processing such personal data in connection with the Services shall comply with all Data Protection Laws.

   9.5 Partner may, upon at least thirty (30) days prior notice, and no more than once per 12 month period, appoint an independent third party auditor to physically inspect and audit, at Partner’s sole cost and expense, any facilities owned or controlled by Duo Security in which Partner or Customer Personal Data is processed or stored, provided that such inspection: (i) shall occur on a mutually agreed upon date during Duo Security’s regular business hours; (ii) does not interfere with any of Duo Security’s business operations; and, (iii) does not, in Duo Security’s reasonable discretion, create any risk to the confidentiality, integrity, or availability of any data stored or processed by Duo Security. Prior to any audit, Partner, and any appointed auditor, must enter into a nondisclosure and confidentiality agreement as may be required by Duo Security.

10. INDEMNIFICATION

    Duo Security shall indemnify and hold Partner harmless from liability to third parties resulting from infringement by the Services of any patent or any copyright or misappropriation of any trade secret, provided Duo Security is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Duo Security will not be responsible for any settlement it does not approve. The foregoing obligations do not apply with respect to portions or components of the Services (i) not created by Duo Security, (ii) resulting in whole or in part from Customer and/or Partner specifications, (iii) that are modified after delivery by Duo Security without Duo Security’s prior written consent, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer and/or Partner continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of Services is not strictly in accordance with the Customer Agreement and all related Documentation. If Duo Security receives information about an actual or alleged infringement or misappropriation claim that would be subject to indemnification rights set forth in this Section 10, Duo Security shall have the option, at its expense, to: (a) modify the Software to be non-infringing; or (b) obtain for each applicable Customer a license to continue using the Software. If Duo Security determines it is not commercially reasonable to perform either of the above options, then Duo Security may at its option elect to terminate the applicable Customer Agreements for the Services and, as a sole and exclusive remedy, refund the unearned portion of any pre-paid subscription Fees, prorated on a monthly basis. THIS SECTION STATES PARTNER’S SOLE AND EXCLUSIVE REMEDY FOR INFRINGEMENT, MISAPPROPRIATION AND/OR CLAIMS ALLEGING INFRINGEMENT OR MISAPPROPRIATION. In addition to Partner’s other indemnification obligations herein, Partner will indemnify Duo Security from all damages, costs, settlements, attorneys’ fees and expenses related to any claim related to Partner’s breach of Section 3 “Partner Responsibilities,” Section 4 “Restrictions,” Section 8 “Intellectual Property Rights: Ownership” or Section 9 “Data Protection.”

11. TERM; TERMINATION

    11.1 Subject to earlier termination as expressly provided for in this Agreement, the initial Term of this Agreement shall be for the Term specified in Section 1.20. This Agreement shall automatically renew after the initial Term and any renewal Term for a renewal Term equal to the expiring Term.

    11.2 In the event of any material breach of this Agreement by either party (other than Partner’s payment obligations), the non-breaching party may terminate this Agreement prior to the end of the Term by giving thirty (30) days prior written notice to the breaching party; provided, however, that this Agreement will not terminate if the breaching party has cured the breach prior to the expiration of such thirty-day period. If Partner fails to pay any Fees or other agreed upon amounts, Duo Security may terminate this Agreement prior to the end of the Term by giving five (5) business days prior written notice to Partner; provided, however, that this Agreement will not terminate if Partner has paid all Fees and other agreed upon amounts prior to the expiration of such five business-day period.

    11.3 Either party may terminate this Agreement for its own convenience, at any time, upon sixty (60) days prior written notice to the other party; provided, however, that upon Customer’s written request, Duo Security will provide the Services in accordance with this Agreement, and all provisions of this Agreement shall survive, for six (6) months from the date of any such notice of termination for convenience (except in the event of a termination under Section 11.2). Notwithstanding the foregoing, Duo Security shall not be required to provide the Services beyond the sixty (60) day termination for convenience notice period in the event of a merger, acquisition or sale of all or substantially all of Duo Security’s assets.

    11.4 Either party may terminate this Agreement, without notice, (i) upon the institution or if a petition is filed, notice is given, a resolution is passed or an order is made, in each case by or against the other party under any applicable laws relating to insolvency, administration, liquidation, receivership, bankruptcy or any other winding up proceedings, (ii) upon the other party’s making an assignment for the benefit of creditors or making a voluntary arrangement with its creditors, (iii) upon the other party’s dissolution or ceasing, or threatening to cease to do business or (iv) if any event occurs, or proceeding is instituted, with respect to the other party that has the equivalent or similar effect to any of the events mentioned in this Section 11.4(i) through (iii).

    11.5 Immediately when this Agreement expires or terminates for any reason, all licenses provided to Partner under this Agreement shall terminate, Partner shall cease signing up new Customers to use the Services or renewing any Customer Agreements with existing Customers, and Duo Security will cease providing the Services to Partner and its Customers. In the event of termination by either party under Section 11, the last invoice shall be based on the highest number of Users enrolled, as shown on Duo Security’s systems, on any day during the final Invoice Period, prorated in the event that termination does not occur on the last day of a month. In the event that Duo Security terminates this Agreement under Section 11.2, Partner shall provide Duo Security with the contact information for each Customer and reasonably assist Duo Security in transitioning any Customers desiring to continue using the Services to Duo Security. The Sections of this Agreement which by their nature should survive termination or expiration of this Agreement, including but not limited to Sections 2 through 15, will survive termination or expiration of this Agreement.

12. DISCLAIMER OF WARRANTIES

    THE SERVICES AND DUO SECURITY CONFIDENTIAL INFORMATION AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS-IS,” WITHOUT ANY WARRANTIES OF ANY KIND. DUO SECURITY HEREBY DISCLAIMS FOR ITSELF AND ITS SUPPLIERS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, AND NON-INFRINGEMENT.

13. LIMITATION OF LIABILITY

    13.1 NOTHING IN THIS AGREEMENT SHALL LIMIT OR EXCLUDE EITHER PARTY’S LIABILITY FOR (I) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, OR THE NEGLIGENCE OF ITS EMPLOYEES, AGENTS OR SUBCONTRACTORS; (II) FRAUD OR FRAUDULENT MISREPRESENTATION; OR (III) ANY OTHER LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW.

    13.2 SUBJECT TO SECTION 13.1, IN NO EVENT WILL DUO SECURITY OR ITS SUPPLIERS BE LIABLE TO PARTNER (OR ANY PERSON CLAIMING UNDER OR THROUGH PARTNER) FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, THE DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, (I) LOSS OF REVENUE OR ANTICIPATED PROFITS (WHETHER DIRECT OR INDIRECT) OR (II) LOST BUSINESS OR (III) LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) BREACH OF STATUTORY DUTY OR OTHERWISE, EVEN IF DUO SECURITY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

    13.3 SUBJECT TO SECTION 13.1, THE TOTAL LIABILITY OF DUO SECURITY OR ITS SUPPLIERS, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, THE FEES PAID TO DUO SECURITY HEREUNDER IN THE TWELVE MONTH PERIOD ENDING ON THE DATE THAT SUCH CLAIM IS FIRST ASSERTED. THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

14. GOVERNMENT MATTERS

    14.1 Export. Notwithstanding anything else, Partner may not use, or provide to any Customer or person, or export or re-export or allow the export or re-export of, the Services or anything related thereto or any direct product thereof, in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Each party represents that it is not named on any U.S. government denied-party list. Partner shall not access or use, nor permit any Customer or User to access or use, the Services in a U.S. embargoed country.

    14.2 Anti-Corruption. Partner agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any Customer or Duo Security employee or agent in connection with this Agreement. If Partner learns of any violation of the above restriction, Partner will promptly notify Duo Security.

    14.3 Commercial Software. The Services (including the Software) are “commercial items” as that term is defined at FAR 2.101. If acquired by or on behalf of any Executive Agency (other than an agency within the Department of Defense (DoD), the Government acquires, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to the public as defined in this Agreement. If acquired by or on behalf of any Executive Agency within the DoD, the Government acquires, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software customarily provided in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data acquired by DoD agencies. Any Federal Legislative or Judicial Agency shall obtain only those rights in technical data and software customarily provided to the public as defined in this Agreement. This Section 14.3 is in lieu of, and supersedes, any other FAR, DFARS, DEAR or other clause, provision, or supplemental regulation that addresses Government rights in computer software or technical data under this Agreement. Capitalized terms used in this Section are defined in the applicable FAR or DFARs.

15. MISCELLANEOUS

    15.1 Severability. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.

    15.2 Assignment. This Agreement is not assignable, transferable or sublicensable by Partner except with Duo Security’s prior written consent, which shall not be unreasonably withheld. Duo Security may transfer and assign any of its rights and obligations under this Agreement. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective permitted successors and permitted assigns.

    15.3 Entire Agreement; Amendment. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement. All waivers, amendments and modifications must be in a writing signed by the party against whom the waiver, amendment or modification is to be enforced; however, there will be no force or effect given to any different or additional terms contained in any purchase order, vendor form or partner form issued by Partner or any Customer, even if signed by Duo Security after the date hereof. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Partner does not have any authority of any kind to bind Duo Security in any respect whatsoever.

    15.4 Notices. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Duo Security may provide notice using the information provided on the first page of this Agreement and Partner may provide notice using the contact information provided on https://www.duo.com.

    15.5 Force Majeure. Any delay or failure in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay or failure is due to a labor dispute, fire, earthquake, flood or any other event beyond the reasonable control of a party, provided that such party promptly notifies the other party thereof and uses reasonable efforts to resume performance as soon as possible.

    15.6 Governing Law; Arbitration. This Agreement will be governed by the laws of the State of Michigan, U.S.A. without regard to its conflict of laws provisions. Any dispute arising from or relating to the subject matter of this Agreement shall be finally settled by arbitration in Washtenaw County, Michigan, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Streamlined Arbitration Rules and Procedures of JAMS. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator.

    15.7 Venue; Prevailing Party. The federal and state courts serving Washtenaw County, Michigan, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement. Notwithstanding the foregoing, each party shall have the right to commence and prosecute any action for injunctive relief before any court of competent jurisdiction. In any arbitration, action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees.

    15.8 Publicity and Marketing. Partner agrees to participate in press announcements, case studies, trade shows, or other marketing reasonably requested by Duo Security. During the Term and for thirty (30) days thereafter, Partner grants Duo Security the right, free of charge, to use Partner’s name and/or logo, worldwide, to identify Partner as such on Duo Security’s website or other marketing or advertising materials.

\

Exhibit A – Fee Schedule {.western align=”center” style=”margin-top: 0in; margin-bottom: 0in; border: none; padding: 0in; font-variant: normal; letter-spacing: normal; font-style: normal; line-height: 125%; orphans: 2; widows: 2”}

The Fees payable per User to Duo Security shall be equal to the pricing available at https://duo.com/pricing, which is subject to change from time to time at Duo Security’s sole discretion, less (i) 10% if Partner has 999 or fewer managed Users, and (ii) 20% if Partner has 1000+ managed Users. This discount shall not apply to Hardware Tokens or Telephony Credits. Duo Security will provide Customer with at least ninety (90) days prior written notice (including via https://duo.com/pricing) of any changes to its pricing, prior to such changes taking effect under this Agreement. The price for Hardware Tokens is available at https://duo.com/pricing, and the price for Telephony Credits is available at https://duo.com/docs/telephony_credits. Partner may only provide Hardware Tokens or Telephony Credits to Customers at the pricing set forth on Duo Security’s websites set forth in this Exhibit A.

\