Passthrough Terms for XtremeCloud Services via a Reseller

Reseller Services for XtremeCloud Services

These Duo Security Pass-Through Service Terms and Conditions (“Agreement”) constitute a contract between Duo Security, Inc. with offices at 123 North Ashley Street, Suite #200, Ann Arbor, MI 48104 (“Duo Security”), and you for your use of and access to the Services obtained via a Reseller. Duo Security wishes to provide and you wish to have the right to access pursuant to the terms of this Agreement, a subscription service. By accessing the Services, you agree to be bound by this Agreement. If you are entering into this Agreement on behalf of a company, organization or other entity, you represent that you have authority to bind such entity and are agreeing to this Agreement on behalf of such entity. If you do not have such authority to enter into this Agreement or do not agree with these terms and conditions, you may not use the Services.

\

1. CUSTOMER RESPONSIBILITIES AND USE RIGHTS

   2.1 The Services and SLA are subject to modification from time to time at Duo Security’s sole discretion. Duo Security reserves the right to suspend Customer’s (or any User’s) access to the Services immediately: (i) in the event that Customer breaches Section 3 or Section 6 of this Agreement, or breaches any other provision of this Agreement and fails to correct that breach within the applicable cure period; or (ii) as it deems reasonably necessary to respond to any actual or potential security or availability concern that may affect customers or Users.

   2.2 Customer may only use the Services in accordance with the Documentation and as explicitly set forth in this Agreement. Customer will cooperate with Duo Security in connection with the performance of this Agreement as may be necessary, which may include making available such personnel and information as may be reasonably required to provide the Services or support. Customer is solely responsible for determining whether the Services are sufficient for its purposes, including but not limited to, whether the Services satisfy Customer’s legal and/or regulatory requirements.

   2.3 In the event that Reseller is not managing, provisioning, or otherwise using the Services on behalf of Customer, Duo Security will, subject to full compliance with the terms and conditions of this Agreement, provide Customer with the benefit of the SLA. In the event that Customer earns 15 days of service credits, determined in accordance with the terms of the SLA, in each of three consecutive months, Customer may, as its sole and exclusive remedy from Duo Security, request via Reseller that the Services be terminated and receive from Reseller a refund of any pre-paid subscription Fees paid by Reseller to Duo Security for Services not rendered as of the termination date. The SLA shall not apply with respect to Free Services and Duo Security is not obligated to provide support with respect to any Free Services.

   2.4 Customer shall not provide any infringing, offensive, fraudulent or illegal content in connection with the Services, and Customer represents and warrants that any content it provides will not violate any Intellectual Property Rights of any third party. Duo Security reserves the right, in its sole discretion, to delete or disable any content submitted by Customer that may be infringing, offensive, fraudulent or illegal. To view Duo Security’s complete copyright dispute policy and learn how to report potentially infringing content, please visit: https://duo.com/legal/copyright.

   2.5 Use of the Services may require Users to install Duo Mobile Software on their mobile devices, which use shall be subject to this Agreement. Customer’s use of third party products or services that are not licensed to Customer directly by Duo Security (“Third Party Services”) shall be governed solely by the terms and conditions applicable to such Third Party Services, as agreed to between Customer and the third party. Duo Security does not endorse or support, is not responsible for, and disclaims all liability with respect to Third Party Services, including without limitation, the privacy practices, data security processes or other policies related to Third Party Services. Customer agrees to waive any claim against Duo Security with respect to any Third Party Services.

   2.6 Customer acknowledges that the Services will require Users to share with Duo Security certain information which may include personal information regarding Users (such as usernames, Duo Admin Panel passwords, email address and/or phone number) solely for the purposes of providing and improving the Services. Prior to authorizing an individual to become a User, Customer is fully responsible for obtaining the consent of that individual, in accordance with Applicable Law, to the use of his/her information by Duo Security, which use is described in Duo Security’s Services Privacy Notice, located at https://duo.com/legal/privacy-notice-services. Customer represents and warrants that all such consents have been or will be obtained prior to authorizing any individual to become a User.

   2.7 Customer will be fully responsible for Users’ compliance with this Agreement and any breach of this Agreement by a User shall be deemed to be a breach by Customer. Duo Security’s relationship under this Agreement is with Customer and not individual Users or third parties using the Services through Customer, and Customer will address all claims raised by its Users, and third parties using the Services through Customer, directly with Duo Security. Customer must ensure that all third parties that utilize the Services through Customer agree (a) to use the Services in full compliance with this Agreement, and (b) to the extent permitted by Applicable Law, to waive any and all claims directly against Duo Security related to the Services.

2. RESTRICTIONS

   Customer will not, and will not permit any Users nor any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Services, Software, Hardware Tokens or any data related to the Services (except to the extent such prohibition is contrary to Applicable Law that cannot be excluded by the agreement of the parties); modify, translate, or create derivative works based on the Services or Software; share, rent, lease, loan, resell, sublicense, distribute, use or otherwise transfer the Services or Software for timesharing or service bureau purposes or for any purpose other than its own use, except as expressly provided in an applicable Order Form; or use the Services or Software other than in accordance with this Agreement and in compliance with Applicable Law.

3. PAYMENT OF FEES

   4.1 Payment of Fees for the Services is solely between Customer and Reseller. Notwithstanding the foregoing, Customer acknowledges that if any payments owed by Reseller to Duo Security for the Services, with respect to Customer, are 10 or more days overdue, Duo Security may, without limiting its other rights and remedies, suspend the Services after using commercially reasonable efforts to notify Customer of such overdue payment obligations.

4. CONFIDENTIALITY

   5.1 The term “Confidential Information” means any information disclosed by one party (“Disclosing Party”) to the other party (“Receiving Party”) in any form (written, oral, etc.) that is marked as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of the disclosure, including, without limitation: trade secrets; technology and technical information (intellectual property, inventions, know-how ideas and methods); business, financial and customer information (including Customer Data and Customer Personal Data); and/or pricing, forecasts, strategies and product development plans. Each party understands that the Disclosing Party has or may disclose Confidential Information in connection with this Agreement, but that Receiving Party shall receive no rights in, or licenses to, such Confidential Information.

   5.2 The Receiving Party agrees: (i) not to disclose Confidential Information to any third person other than those of its employees, contractors, advisors, investors and potential acquirers (“Representatives”) with a need to have access thereto and who have entered into non-disclosure and non-use agreements applicable to the Disclosing Party’s Confidential Information, and (ii) to use such Confidential Information solely as reasonably required in connection with the Services and/or this Agreement. Each party agrees to be responsible for any breach of this Agreement caused by any of its Representatives. The Receiving Party further agrees to take the same security precautions to protect against unauthorized disclosure or unauthorized use of such Confidential Information of the Disclosing Party that the party takes with its own confidential or proprietary information, but in no event will a party apply less than reasonable precautions to protect such Confidential Information. Each party acknowledges that the use of such precautions is not a guarantee against unauthorized disclosure or use. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document: (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party; or (b) was in its possession or known by it prior to receipt from the Disclosing Party; or (c) was rightfully disclosed to it without restriction by a third party; or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing Confidential Information as required in response to a request under applicable open records laws or pursuant to any judicial or governmental order, provided that, to the extent permitted by law, the Receiving Party gives the Disclosing Party (or Reseller) reasonable prior notice to contest such disclosure. For the avoidance of doubt, Customer acknowledges that Duo Security utilizes the services of, and Customer may request additional services from, certain third parties in connection with Duo Security’s provision of the Services (such as data hosting and telephony service providers and Customer’s Third Party Services providers) and such third parties will have access to Customer’s Confidential Information, including Customer Data, in accordance with this Agreement. The parties agree that Performance Data is not Confidential Information and will not be subject to any confidentiality restrictions or obligations.

   5.3 Each party agrees that, upon the written request of the Disclosing Party (or Reseller), the Receiving Party will promptly return to the Disclosing Party, or provide written certification of the destruction of, all Confidential Information of the Disclosing Party, including all Confidential Information contained in internal documents, without retaining any copy, extract or summary of any part thereof. Notwithstanding the foregoing, a Receiving Party may retain copies of Confidential Information solely to the extent necessary for purposes of such party’s ordinary course internal document retention and backup requirements and procedures, provided that such Confidential Information shall remain subject to the terms and conditions of this Agreement for so long as it is retained.

   5.4 Customer acknowledges that Duo Security does not wish to receive any Confidential Information from Customer that is not necessary for Duo Security to perform its obligations under this Agreement, and, unless the parties specifically agree otherwise, Duo Security may reasonably presume that any unrelated information received from Customer is not confidential or Confidential Information, unless such information is marked as “Confidential.”

5. INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP

   Except as expressly set forth herein, Duo Security alone (and its licensors, where applicable) will retain all Intellectual Property Rights relating to the Services or the Software or any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Customer or any third party relating to the Services and/or the Software, which are hereby assigned to Duo Security. Customer will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. As between the parties, Duo Security owns all Performance Data. This Agreement is not a sale and does not convey to Customer any rights of ownership in or related to the Services or Software, or any Intellectual Property Rights.

6. DATA PROTECTION

   7.1 In this Section 7, the terms “personal data,” “data processor,” “data subject,” “process and processing” and “data controller” shall be as defined in the applicable Data Protection Laws. For the purposes of the Data Protection Laws, as between Customer and Duo Security, the parties agree that Customer shall at all times be the data controller and Duo Security shall be the data processor with respect to the processing of Customer Personal Data in connection with Customer’s use of the Services. Solely if and to the extent Duo Security is processing personal data, as defined in the General Data Protection Regulation, that is contained in Customer Data on Customer’s behalf, then the terms of the data processing agreement available at https://duo.com/legal/gdpr-data-protection-addendum shall apply to such processing and are incorporated into this Agreement.

   7.2 Customer may enable integrations between the Services and certain of its Third Party Services (each, an “Integration”). By enabling an Integration between the Services and its Third Party Services, Customer is expressly instructing Duo Security to share the Customer Data necessary to facilitate the Integration. Customer is responsible for providing any and all instructions to the Third Party Service provider about the use and protection of Customer Data. Duo Security and Third Party Service providers are not subprocessors of each other.

   7.3 As the data controller of Customer Personal Data, Customer represents and warrants to Duo Security that its provision of personal data to Duo Security and instructions for processing such personal data in connection with the Services shall comply with all Data Protection Laws.

   7.4 In accordance with applicable Data Protection Laws, Duo Security shall take all commercially reasonable measures to protect the security and confidentiality of Customer Personal Data against any accidental or illicit destruction, alteration or unauthorized access or disclosure to third parties. Duo Security will provide Customer with its security policy, upon request, that sets forth the technical specifications and the detailed measures taken to protect the security and confidentiality of Customer Personal Data.

7. INDEMNIFICATION

   Duo Security shall indemnify and hold Customer harmless from liability to third parties resulting from infringement by the Services of any patent or any copyright or misappropriation of any trade secret, provided Duo Security is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement; Duo Security will not be responsible for any settlement it does not approve. The foregoing obligations do not apply with respect to portions or components of the Services (i) not created by Duo Security, (ii) resulting in whole or in part from Customer specifications, (iii) that are modified after delivery by Duo Security, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of Services is not strictly in accordance with this Agreement and all related Documentation. If Duo Security receives information about an actual or alleged infringement or misappropriation claim that would be subject to indemnification rights set forth in this Section 8, Duo Security shall have the option, at its expense, to: (a) modify the Software to be non-infringing; or (b) obtain for Customer a license to continue using the Software. If Duo Security determines it is not commercially reasonable to perform either of the above options, then Duo Security may at its option elect to terminate the license for the Services and refund to Reseller the unearned portion of any pre-paid subscription Fees, prorated on a monthly basis. THIS SECTION STATES CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR INFRINGEMENT, MISAPPROPRIATION AND/OR CLAIMS ALLEGING INFRINGEMENT OR MISAPPROPRIATION. Customer will indemnify Duo Security from all damages, costs, settlements, attorneys’ fees and expenses related to any claim related to Customer’s breach of Section 2 “Customer Responsibilities and Use Rights,” Section 3 “Restrictions,” Section 6 “Intellectual Property Rights; Ownership” or Section 7 “Data Protection.” Duo Security’s obligations under this Section 8 do not apply to Customer’s use of Free Services. For avoidance of doubt, Customer and Reseller are free to agree to indemnities with respect to the Services, and such indemnities shall not form part of this Agreement.

8. TERM; TERMINATION

   9.1 Subject to earlier termination by Duo Security as expressly provided for in this Agreement, this Agreement shall remain in place until all Order Forms related to the Services have expired or terminated.

   9.2 In the event of any material breach of this Agreement by Customer, Duo Security may terminate this Agreement prior to the end of the Term by giving thirty (30) days prior written notice to Customer; provided, however, that this Agreement will not terminate if Customer has cured the breach prior to the expiration of such thirty-day period.

   9.3 Duo Security may terminate this Agreement immediately, without notice, (i) upon the institution or if a petition is filed, notice is given, a resolution is passed or an order is made, in each case by or against the other party under Applicable Law relating to insolvency, administration, liquidation, receivership, bankruptcy or any other winding up proceedings, (ii) upon the other party’s making an assignment for the benefit of creditors or making a voluntary arrangement with its creditors, (iii) upon the other party’s dissolution or ceasing, or threatening to cease to do business or (iv) if any event occurs, or proceeding is instituted, with respect to the other party that has the equivalent or similar effect to any of the events mentioned in Section 9.3(i) through (iii). Notwithstanding anything in this Agreement to the contrary, Duo Security may, without penalty or liability and with or without notice, modify or discontinue its provision of Free Services at any time and to the extent Customer is only using Free Services immediately terminate this Agreement.

   9.4 The Sections of this Agreement which by their nature should survive termination or expiration of this Agreement, including but not limited to Sections 2 through 13, will survive termination or expiration of this Agreement. No refund of Fees shall be due in any amount on account of termination by Duo Security pursuant to this Section 9. When this Agreement expires or terminates, Duo Security shall cease providing the Services to Customer.

9. WARRANTIES AND DISCLAIMER OF ADDITIONAL WARRANTIES

   10.1 For Customers that have purchased Hardware Tokens directly through Duo Security, Duo Security warrants to Customer only that Hardware Tokens will be free of hidden defects in material and workmanship at the time of sale and for a period of six (6) months thereafter. This warranty is limited to replacement of defective Hardware Tokens. This Hardware Token warranty is Customer’s exclusive remedy for defective Hardware Tokens.

   10.2 EXCEPT AS EXPLICITLY PROVIDED IN THIS SECTION 10, THE SERVICES AND DUO SECURITY CONFIDENTIAL INFORMATION AND ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED “AS-IS,” WITHOUT ANY WARRANTIES OF ANY KIND. DUO SECURITY HEREBY DISCLAIMS FOR ITSELF AND ITS SUPPLIERS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES, TERMS OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, AND NON-INFRINGEMENT.

10. LIMITATION OF LIABILITY

    11.1 NOTHING IN THIS AGREEMENT (OR ANY ORDER FORM) SHALL LIMIT OR EXCLUDE EITHER PARTY’S LIABILITY FOR (I) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE, OR THE NEGLIGENCE OF ITS EMPLOYEES, AGENTS OR SUBCONTRACTORS; (II) FRAUD OR FRAUDULENT MISREPRESENTATION; (III) ITS INDEMNIFICATION OBLIGATIONS; (IV) BREACH OF SECTION 3 “RESTRICTIONS” OR SECTION 6 “INTELLECTUAL PROPERTY RIGHTS; OWNERSHIP;” OR (V) ANY OTHER LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW.

    11.2 SUBJECT TO SECTION 11.1, IN NO EVENT WILL EITHER PARTY OR THEIR SUPPLIERS BE LIABLE TO THE OTHER PARTY (OR ANY PERSON CLAIMING THROUGH SUCH PARTY) FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, THE DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, (I) LOSS OF REVENUE OR ANTICIPATED PROFITS (WHETHER DIRECT OR INDIRECT) OR (II) LOST BUSINESS OR (III) LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) BREACH OF STATUTORY DUTY OR OTHERWISE, EVEN IF THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

    11.3 SUBJECT TO SECTION 11.1, THE MAXIMUM LIABILITY OF EITHER PARTY OR THEIR SUPPLIERS FOR ANY AND ALL CLAIMS UNDER AN APPLICABLE ORDER FORM, WHETHER BASED IN CONTRACT, TORT (INCLUDING ACTIVE AND PASSIVE NEGLIGENCE AND STRICT LIABILITY) OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, THE AMOUNT PAID OR TO BE PAID BY RESELLER TO DUO SECURITY FOR THE SERVICES PROVIDED TO CUSTOMER DURING THE TWELVE MONTH PERIOD ENDING ON THE DATE THAT SUCH CLAIM IS FIRST ASSERTED. THE FOREGOING LIMITATION WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

11. GOVERNMENT MATTERS

    12.1 Export. Notwithstanding anything else in this Agreement, Customer may not use, or provide to any person or export or re-export or allow the export or re-export of, the Services or anything related thereto or any direct product thereof, in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Each party represents that it is not named on any U.S. government denied-party list. Customer and Users shall not access or use the Services in a U.S. embargoed country.

    12.2 Anti-Corruption. Customer agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any Duo Security employee or agent in connection with this Agreement. If Customer learns of any violation of the above restriction, Customer will promptly notify Duo Security.

    12.3 Commercial Software. The Services (including the Software) are “commercial items” as that term is defined at FAR 2.101. If acquired by or on behalf of any Executive Agency (other than an agency within the Department of Defense (DoD), the Government acquires, in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Computer Software), only those rights in technical data and software customarily provided to the public as defined in this Agreement. If acquired by or on behalf of any Executive Agency within the DoD, the Government acquires, in accordance with DFARS 227.7202-3 (Rights in commercial computer software or commercial computer software documentation), only those rights in technical data and software customarily provided in this Agreement. In addition, DFARS 252.227-7015 (Technical Data – Commercial Items) applies to technical data acquired by DoD agencies. Any Federal Legislative or Judicial Agency shall obtain only those rights in technical data and software customarily provided to the public as defined in this Agreement. This Section 13.3 is in lieu of, and supersedes, any other FAR, DFARS, DEAR or other clause, provision, or supplemental regulation that addresses Government rights in computer software or technical data under this Agreement. Capitalized terms used in this Section are defined in the applicable FAR or DFARs.

12. MISCELLANEOUS

    13.1 Severability. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.

    13.2 Assignment. This Agreement is not assignable, transferable or sublicensable by Customer except with Duo Security’s prior written consent, which shall not be unreasonably withheld. Duo Security may transfer and assign any of its rights and obligations under this Agreement. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto and their respective permitted successors and permitted assigns.

    13.3 Third Party Beneficiaries. By accessing the Services, Customer expressly agrees that Duo Security shall have the benefit of and right to enforce this Agreement against Customer, irrespective of Customer’s agreements with any Reseller. Except for Duo Security’s own benefit, nothing in this Agreement shall confer, or is intended to confer, on any third party any benefit or the right to enforce any term of this Agreement. No entities other than Duo Security and Customer may terminate, rescind or agree to any modification, waiver or settlement with respect to this Agreement.

    13.4 Entire Agreement; Amendment. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement. All waivers, amendments and modifications must be in writing signed by the party against whom the waiver, amendment or modification is to be enforced; however, there will be no force or effect given to any different or additional terms contained in any purchase order or other vendor form issued by Customer, even if signed by Duo Security after the date hereof. No agency, partnership, joint venture, or employment is created as a result of this Agreement and Customer does not have any authority of any kind to bind Duo Security in any respect whatsoever.

    13.5 Notices. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Duo Security may provide notice using the information provided in the most recent Order Form and Customer may provide notice using the contact information provided on https://www.duo.com. Notwithstanding anything to the contrary, any notice provided by Duo Security to Customer’s Reseller shall constitute valid notice to Customer under this Agreement.

    13.6 Force Majeure. Any delay or failure in the performance of any duties or obligations of either party (except the payment of money owed) will not be considered a breach of this Agreement if such delay or failure is due to a labor dispute, fire, earthquake, flood or any other event beyond the reasonable control of a party, provided that such party promptly notifies the other party thereof and uses reasonable efforts to resume performance as soon as possible.

    13.7 Governing Law; Arbitration. This Agreement will be governed by the laws of the State of Michigan, U.S.A. without regard to its conflict of laws provisions. Any dispute arising from or relating to the subject matter of this Agreement shall be finally settled by arbitration in Washtenaw County, Michigan, in accordance with the Streamlined Arbitration Rules and Procedures of Judicial Arbitration and Mediation Services, Inc. (“JAMS”) then in effect, by one commercial arbitrator with substantial experience in resolving intellectual property and commercial contract disputes, who shall be selected from the appropriate list of JAMS arbitrators in accordance with the Streamlined Arbitration Rules and Procedures of JAMS. Judgment upon the award so rendered may be entered in a court having jurisdiction, or application may be made to such court for judicial acceptance of any award and an order of enforcement, as the case may be. Notwithstanding the foregoing, each party shall have the right to institute an action in a court of proper jurisdiction for injunctive or other equitable relief pending a final decision by the arbitrator.

    13.8 Venue; Prevailing Party. The federal and state courts sitting in Washtenaw County, Michigan, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement. Notwithstanding the foregoing, each party shall have the right to commence and prosecute any action for injunctive relief before any court of competent jurisdiction. In any arbitration, action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees.

    13.9 Publicity. Customer agrees to participate in press announcements, case studies, trade shows, or other marketing reasonably requested by Duo Security. During the Term and for thirty (30) days thereafter, Customer grants Duo Security the right, free of charge, to use Customer’s name and/or logo, worldwide, to identify Customer as such on Duo Security’s website or other marketing or advertising materials.

13. DEFINITIONS

    1.1 “Applicable Law” means the Data Protection Laws and any other applicable laws, rules and regulations.

    1.2 “Agreement” means these Duo Service terms and conditions applicable to Customers’ access to and use of the Services.

    1.3 “Customer” means the end-customer of a Reseller that has signed up for the Services through such Reseller.

    1.4 “Customer Data” means any information or data about Customer or Users (and its and their staff, customers or suppliers, as applicable), that is supplied to Duo Security by or on behalf of Customer or any User in connection with the Services, or which Duo Security is required to access, generate, process, store or transmit pursuant to this Agreement, including (without limitation) information about Customer’s and Users’ respective devices, computers and use of the Services. Customer Data shall not be deemed to include any Performance Data.

    1.5 “Customer Personal Data” means any Customer Data that is personal data (as defined under the applicable Data Protection Laws).

    1.6 “Data Protection Laws” means all data protection and privacy laws, rules and regulations applicable to a party and binding on that party in the performance of its obligations under this Agreement, including, where applicable, EC Directive 2002/58/EC and Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

    1.7 “Documentation” means guides, instructions, policies and reference materials provided to Customer by Duo Security in connection with the Services, including the documentation located at https://www.duo.com/docs, which Duo Security may amend from time to time.

    1.8 “Duo Admin Panel” means the web portal currently accessible at https://admin.duosecurity.com, which allows Customer’s internally appointed administrator(s) of the Services to, among other options, enroll and activate Users, issue and manage SMS passcodes and bypass codes, and manage mobile devices (as applicable to the Services set forth on the applicable Order Form).

    1.9 “Duo Mobile Software” means all Duo Security proprietary mobile applications used in providing the Services, and any updates, fixes or patches developed from time to time.

    1.10 “Fees” means the applicable fees charged by the Reseller for the Services.

    1.11 “Free Services” means those aspects of the Services that are free and do not require payment, such as beta features or functionality or, in the case of a free trial, the Services themselves.

    1.12 “Hardware Tokens” mean hardware security tokens ordered by Customer.

    1.13 “Intellectual Property Rights” means all patents, registered designs, unregistered designs, design rights, utility models, semiconductor topography rights, database rights, copyright and other similar statutory rights, trade mark, service mark and any know how relating to algorithms, drawings, tests, reports and procedures, models, manuals, formulae, methods, processes and the like (including applications for any of the preceding rights) or any other intellectual or industrial property rights of whatever nature in each case in any part of the world and whether or not registered or registerable, for the full period and all extensions and renewals where applicable.

\