Terms and Conditions

Below are the Terms and Conditions for use of the Corvid Cyberdefense Haven™ Security Solution and the related Services.  Corvid Cyberdefense desires to provide the Services identified below to Client, and Client wishes to receive such Services pursuant to these terms and conditions.

For good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties hereby agree as follows.

A.  Services Start Date

The Services as outlined in these Terms and Conditions will commence on the date specified by Client, but in no event later than 30 days after the Effective Date.

B.  Getting Started with Managed Services

As a Corvid Cyberdefense Managed Services client, Client is enrolling in Corvid Cyberdefense’s Haven™ Security Solution (“Corvid Cyberdefense Haven™”).  As such, Corvid Cyberdefense may provide Client a Corvid Cyberdefense security appliance, or CPE (as defined below).  Corvid Cyberdefense shall grant Client access to the Corvid Cyberdefense Haven™ dashboard which provides Client with visibility into the security posture and security events. Corvid Cyberdefense Haven™ dashboard is also the platform in which Client will be able to view Client’s security event data and submit support requests for Services.  Corvid Cyberdefense shall provide Client individual logins to Corvid Cyberdefense Haven™ for each authorized security contact in Client’s organization.  A Corvid Cyberdefense engineer will assist Client with the rollout of Client’s managed services technology by analyzing information about Client’s environment and assisting Client in the installation and configuration of each of Client’s managed service technologies.  Corvid Cyberdefense will work with Client to gather all the relevant information about Client’s environment, ensure Client of the proper placement and proper configuration of each technology, and confirm to Client each such technology is properly working after installation.  As each technology is provisioned, it is transitioned to ongoing support that is delivered by the Corvid Cyberdefense Security Operations Center (“SOC”).  The Corvid Cyberdefense SOC is dedicated to monitoring device health alerts for Client, responding to Client’s support and configuration change requests, and performing analysis of Client’s security events for the managed services that Client has purchased.

C.  Services Description

Corvid Cyberdefense Haven™ includes the following Services for the service plan level selected by Client in the Proposal.

D.  Corvid Cyberdefense Responsibilities

  1. Corvid Cyberdefense shall:
    1. implement and fully configure the Corvid Cyberdefense Haven™ platform at all defined Client locations;
    2. monitor security log data from the components of the Client’s network;
    3. review security events collected by the CPE and promptly identify for Client potential security alerts;
    4. make all security alerts related to security events available to Client;
    5. generate and provide to Client the relevant reports for Client;
    6. generate automatic notifications of security alerts related to security events;
    7. provide best efforts, using its expertise in the information security field to provide the skills of its staff to respond to security issues as well as consult with Client staff;
    8. provide Client with support and maintenance of Corvid Cyberdefense Haven™ and related technologies; and
    9. manage the technology components that compose Corvid Cyberdefense Haven™ as listed in the Client Proposal.

E.  Client Authorization for Corvid Cyberdefense to Act

Corvid Cyberdefense shall promptly notify Client of each security event and shall promptly respond to and remediate such security events using best efforts within the capabilities of Corvid Cyberdefense Haven™ and the Corvid Cyberdefense staff.  If Corvid Cyberdefense recommends actions to respond to a security event that are beyond the capabilities of Corvid Cyberdefense Haven™, Corvid Cyberdefense shall promptly inform Client of such recommended actions (with adequate information and detail for Client to determine whether to pursue such actions), and Corvid Cyberdefense shall promptly perform only such actions as expressly authorized by Client.  Corvid Cyberdefense shall ensure that any Corvid Cyberdefense’s SOC resources authorized to perform such expressly authorized actions shall (a) have substantial computer systems and network and project management experience, (b) be sufficiently trained, and (c) be proficient in the use and provision of Services provided to Client under these Terms and Conditions.  If an event is identified that is potentially harmful, Corvid Cyberdefense will do everything within reason to proactively eliminate the threat.

F.  Service Level Agreement

  1.  Corvid Cyberdefense shall perform the Services (including promptly responding to security incidents, monitoring for outages, and performing configuration changes) in accordance with the Service Level Agreement (“SLA”) guidelines included herein. Such SLA’s includes commitments with respect to certain availability of the security and compliance monitoring service.
  2. Descriptions and Definitions of Service Level Agreements (SLAs) are as follows:
    1. High Security Incident Notification – For services in which Corvid Cyberdefense is providing real-time threat analysis, Corvid Cyberdefense will provide a notification to Client of a potential security compromise within 20 minutes of Corvid Cyberdefense’s determination of such potential security compromise. If Client provided a notification policy to Corvid Cyberdefense prior to such potential security compromise, Corvid Cyberdefense will provide such notification according to that notification policy.
    2. Managed Device Outage Notification – Corvid Cyberdefense will provide a notification to Client of an outage of a managed device within 20 minutes of Corvid Cyberdefense’s determination of such outage.
    3. Other Changes – Corvid Cyberdefense will implement other managed device and/or network configuration changes within three (3) days, provided that at the time of the request Corvid Cyberdefense has received all information necessary to make such change. This only applies to maintenance for managed device and/or network configuration changes and does not apply to complex or time-intensive changes (such as new architectures or new systems).
    4. Managed Device Replacement – Corvid Cyberdefense will ship a replacement managed device within one (1) business day of Corvid Cyberdefense’s determination of such managed device’s failure, provided that Corvid Cyberdefense’s shipping provider must be open to accept and ship deliveries at such time. Corvid Cyberdefense cannot be held responsible for shipping delays due to major shipping providers not being open (e.g., Sundays and holidays) or any delays due to customs when shipping managed devices outside the United States.
    5. Definitions – Suspicious activity is defined as any activity that cannot be confirmed with a high confidence due to lack of domain knowledge, or visibility on the part of CCD. Malicious activity is defined as any confirmed unauthorized activity that impacts data Confidentiality, Integrity, or Availability.

G.  Pricing 

The Client will have the choice of either a 3-year or a 1-year plan. For both the 3-year and the 1-year plans, the Client can choose to pay annually at the beginning of the period(s), or monthly at the beginning of each month within the period.  All partial months will be considered to be the first month of the term. If the Client chooses to pay annually, in addition to the annual invoice, Client will be invoiced quarterly for any increases to the initial baseline quantity of licenses that were activated during the previous quarter or will be credited quarterly for any decreases to the quantity of licenses that were deactivated during the previous quarter, not to fall below the initial baseline quantity of licenses in the Proposal.  If Client chooses to pay monthly, the monthly invoices will be calculated based upon the initial baseline quantity of licenses stated in the Proposal with the addition of any new licenses that were activated during the previous month or credited monthly for any decreases to the quantity of licenses that were deactivated during the previous month, not to fall below the initial baseline quantity in the Proposal. The initial baseline quantity will reset at the time of the renewal.

Annualized services are provided in a consecutive month-to-month manner. All invoices submitted by Corvid Cyberdefense are due and payable within 15 days of the date the invoice is received. If Client fails to pay an undisputed invoice within 15 days following receipt of such invoice, Corvid Cyberdefense reserves the right to charge a late payment fee of 10% per month starting 10 days after due date until paid.

Pricing is determined as shown in the Proposal.  All fees are quoted and payable in United States dollars.

Proposals from Corvid Cyberdefense remain valid for the 30-day period following the date such proposal is received by Client.

H.  Contact Information 

Corvid Cyberdefense Primary Contact

Name: Mike Viruso

Title: Chief Strategy Officer

Email: mike.viruso@corvidtec.com

Corvid Cyberdefense Billing Contact

Name: Evan Tandy

Title: Operations & Accounting

Email: evan.tandy@corvidtec.com

I.  Dependencies and Assumptions

  1. Corvid Cyberdefense shall not begin to provide the Services as described herein and no payments are due until each party has executed and exchanged a signed Proposal.
  2. Each party’s primary contact as identified in the Proposal, or another designee of such party, must be available to the other party during the entire engagement under these Terms and Conditions. Such primary contacts must have sufficient authority to schedule testing and address any issues that may arise.
  3. Client acknowledges and agrees that Corvid Cyberdefense’s use of any Original Equipment Manufacturers’ (“OEM’s”) products provided in these Terms and Conditions are subject to and governed by that OEM’s end user license.
  4. Any change in services and fees, other than standard licensing quantities, will be mutually agreed to in writing by both parties.

J.  Managed Services Client Obligations

  1. Client agrees to cooperate with Corvid Cyberdefense in its efforts to gather initial technical and policy information required to establish the Service within 30 (thirty) days of Effective Date. This level of effort will be documented and agreed upon in a documented project plan as the work commences.
  2. Client will designate authorized person(s) (“Authorized Person(s)”) to:
    1. consult with Corvid Cyberdefense on a regular basis in connection with the Services;
    2. reasonably cooperate with requests for information made by Corvid Cyberdefense related to the hardware, software, version, patch level, and configuration of devices connected to Client’s network;
    3. assist Corvid Cyberdefense in upgrading and troubleshooting the CPE; and
    4. grant Corvid Cyberdefense access to the Client’s IP address(es) as identified and provided by Client to scan for open ports and other possible security vulnerabilities.
  3. Client will promptly notify Corvid Cyberdefense of any change in the authorization, contact information, or employment status of any Authorized Persons.
  4. Client will be solely responsible for any unauthorized acts or omissions by Client that occur as the result of Client’s access to or use of the Services or via the CPE and Client agrees to indemnify and hold Corvid Cyberdefense harmless from such acts or omissions.
  5. Client shall maintain all CPE delivered and installed by Corvid Cyberdefense in an appropriate environment, with adequate power and environmental controls comparable to those generally considered appropriate for business computing equipment.
  6. Client shall not move the CPE to another network location unless it obtains approval in writing in advance of such move from Corvid Cyberdefense.
  7. Client shall provide Corvid Cyberdefense with at least five (5) business days’ notice prior to taking any action that may affect the IP addressing of the CPE.
  8. Client will make configuration changes to routers, firewalls (not managed by Corvid Cyberdefense), and other network devices upon Corvid Cyberdefense’s request as required to enable communication between any CPE and Corvid Cyberdefense. If Client permits Corvid Cyberdefense to perform installation services via remote access, Corvid Cyberdefense shall not be responsible for any damages in connection with such remote access.
    1. If purchasing Cloud SIEM services, the following shall apply: Client shall provide access to Corvid Cyberdefense-defined netblocks to and from the CPE systems to collect data from, and provide health monitoring and platform management, of those systems.
  9. Client agrees to provide always-on Internet access to deployed CPE systems as specified by Corvid Cyberdefense. This refers to both outbound data sent from CPE systems to Corvid Cyberdefense’ facilities, as well as inbound access from Corvid Cyberdefense as required to deliver each distinct service.
  10. For CPE deployed with out-of-band console devices, Corvid Cyberdefense strongly suggests Client provide an analog phone line dedicated to each out-of-band console so that Corvid Cyberdefense can respond to any outages or perform device maintenance where console access is required.
  11. Client shall not modify, use or tamper with the CPE in any way, or physically open or adjust the contents of CPE except as expressly directed in writing by Corvid Cyberdefense or reverse engineer, disassemble or decompile any software loaded onto any CPE.
  12. Client shall document and promptly report via the appropriate support portal all malfunctions of the CPE or interruptions to Corvid Cyberdefense’s access of which it becomes aware.  Client shall undertake reasonable procedures reasonably specified by Corvid Cyberdefense necessary for the rectification of such malfunctions or interruptions within a reasonable time after such procedures have been received from Corvid Cyberdefense.
  13. Client will be solely responsible for providing the mechanism and storage location for any required data backups, including managed SIEM Log Management appliance services. This will include all raw and parsed data stored in flat files on the SIEM Log Management appliance.
  14. Client shall not power off the CPE unless it obtains written approval in advance from Corvid Cyberdefense, and Corvid Cyberdefense shall not delay or unreasonably withhold such approval.

K.  Additional Terms and Conditions

  1.  Definitions
    1. Client Premises Equipment” or “CPE” means any equipment licensed to Client by Corvid Cyberdefense and used by Corvid Cyberdefense for provision of the Services.
    2. Proposal” is a document provided to Client that describes the Solution and Services being offered to the Client and pricing for the Solution and Services.
  2. Effective Date/Term
    1. Effective Date” means the date set forth on the signature page of the Proposal.  Unless earlier terminated pursuant to Section 7, these Terms and Conditions are effective beginning on the Effective Date for an initial term of the service as indicated in the Proposal and automatically renews for additional terms with the same duration as the initial term unless a party provides written notice of its intent not to renew to the other party at least ninety (90) days prior to the end of such then-current term.
  3. Obligations
    1. Corvid Cyberdefense shall provide to Client the services and deliverables (collectively, the “Services”) described in these Terms and Conditions.
  4. Compensation
    1. Fees. Client shall pay to Corvid Cyberdefense the fees and expenses set forth in the Proposal. Such expenses include reasonable out of pocket expenses related to potential travel, shipping and other reasonable items.
    2. On-Site Visits. If the Services contemplate that Corvid Cyberdefense shall perform any on-site visits for Client (including, in-person installation or delivery services or consultant appointments), Client shall notify Corvid Cyberdefense in writing of any changes or cancellations relevant to any such on-site visit as soon as practicable, but in no event less than 3 business days in advance of the scheduled time for such visit.  If Client cancels an on-site visit less than 3 business days in advance of the scheduled on-site visit, Client shall pay Corvid Cyberdefense the actual and reasonable amount that Corvid Cyberdefense is charged by a third party vendor for the cancellation or rescheduling.
    3. Taxes, Shipping, Title, & Risk of Loss. Corvid Cyberdefense shall be responsible for taxes on Corvid Cyberdefense’s income imposed by any governmental entity for Services provided to Client. All products will be shipped by Corvid Cyberdefense FOB Shipping Point. Title to any CPE or software delivered in connection with the Services shall remain with Corvid Cyberdefense.  If applicable, title and risk of loss to any purchased hardware shall pass to Client upon delivery; title to software shall remain with Corvid Cyberdefense.
  5. Proprietary Rights
    1. Technology and IP. All technology owned by Corvid Cyberdefense or its licensors in connection with performing the Services, including software, portals, data processing systems (each of the foregoing, in object code and source code form), report templates, and CPE, and any Corvid Cyberdefense intellectual property, remains the sole and exclusive property of, and is valuable, confidential and proprietary to, Corvid Cyberdefense or its licensors.  Except as otherwise expressly provided herein, Client shall not acquire any rights in any Corvid Cyberdefense Technology or Corvid Cyberdefense IP as a result of receiving the Services.  The sale of any equipment conveys no right or license to manufacture, duplicate, reverse engineer or otherwise copy or reproduce any of the equipment. Client shall not remove any proprietary notices on equipment delivered hereunder and may not co-brand or otherwise add any branding or marking to such equipment or its packaging.  All technology and intellectual property owned by Client or its licensors remains the sole and exclusive property of, and is valuable, confidential and proprietary to, Client or its licensors.
    2. Data. Corvid Cyberdefense acknowledges that, as between Corvid Cyberdefense and Client, Client owns all right, title and interest, including intellectual property rights, in and to all data on Client’s network and all data otherwise owned or controlled by Client (collectively “Data”). Corvid Cyberdefense further acknowledges that: (i) the Data is an original compilation protected by intellectual property laws, including U.S. copyright laws; (ii) Client has dedicated substantial resources to collect, manage and compile the Data; and (iii) the Data constitutes trade secrets of Client. Corvid Cyberdefense shall not use, access, disclose, release, distribute, or deliver the Data, or any portion thereof, other than to provide Services to Client.
    3. Publicity, Trademarks and Logo. Each party shall not, directly or indirectly, without the prior written approval signed by an authorized representative of the other party: (i) use the other party’s name or any of the other party’s trademarks, service marks or logos, (ii) make any public announcement related to these Terms and Conditions or the Services or (iii) disclose to any third party the fact that Corvid Cyberdefense is Client’s service provider or that Client is a customer of Corvid Cyberdefense.
  6. Confidentiality
    1. Confidential Information” means any confidential information (including, documents, data, trade secrets, third-party confidential information, business affairs information, product information, data centers, prototypes, samples, equipment, all software, benchmark tests, specifications, trade secrets, object code and machine-readable copies, and other sensitive or proprietary information) disclosed or made available or accessible by either party (“Disclosing Party”) to the other party (“Receiving Party”). Confidential Information shall not, however, include any information which (i) is in the public domain through no action or inaction of or on behalf of Receiving Party; (ii) is already in the possession of Receiving Party at the time of disclosure or access without having been obtained from Disclosing Party or a third party under a duty of confidentiality; or (iii) is obtained by Receiving Party from a third party without a breach of such third party’s obligations of confidentiality.
    2. Receiving Party agrees not to use any Confidential Information of Disclosing Party for any purpose other than as contemplated by these Terms and Conditions. Receiving Party agrees not to disclose any Confidential Information of Disclosing Party to third parties or to Receiving Party’s employees or contractors, except to those employees or contractors of Receiving Party who are required to have such Confidential Information for the provision, receipt, or coordination of Services under these Terms and Conditions.  Receiving Party shall not reverse engineer, disassemble, or decompile any prototypes, software or other tangible objects which embody Disclosing Party’s Confidential Information and which are provided to or access by Receiving Party hereunder.  Receiving Party agrees that it shall take reasonable measures to protect the secrecy of and avoid disclosure and unauthorized use of the Confidential Information of Disclosing Party.  Receiving Party may disclose Disclosing Party’s Confidential Information to the limited extent required by law to comply with the order of a court or other governmental body, provided that Receiving Party gives Disclosing Party prompt written notice of such requirement prior to such disclosure and assistance in obtaining a protective order.
    3. Corvid Cyberdefense shall use all legal, organizational, physical, administrative and technical measures and security procedures necessary to safeguard and ensure the security of the Data and to protect the Data from unauthorized access, disclosure, duplication, use, modification, or loss.
    4. Receiving Party acknowledges that Receiving Party’s breach of its obligations of confidentiality to Disclosing Party may cause Disclosing Party irreparable injury for which Disclosing Party would not have an adequate remedy at law, and in the event of such breach by Receiving Party, Disclosing Party will be entitled to seek injunctive relief in addition to any other remedies Disclosing Party may have at law or in equity.
  7.  Termination
    1. Termination for Cause. Services may, by written notice, be terminated by a party for cause if any of the following events occur:
      1. Either party may terminate for cause if the other party is in material breach of any term, condition or provision of these Terms and Conditions, which breach, if capable of being cured, is not cured within thirty (30) days after such party gives the breaching party written notice of such breach.
      2. Corvid Cyberdefense may terminate for cause if Client fails to pay any amount due Corvid Cyberdefense within ten (10) days after Corvid Cyberdefense gives Client written notice of such nonpayment; or
      3. Either party may terminate for cause if the other party (a) terminates or suspends its business, (b) becomes insolvent, admits in writing its inability to pay its debts as they mature, makes an assignment for the benefit of creditors, or becomes subject to direct control of a trustee, receiver or similar authority, or (c) becomes subject to any bankruptcy or insolvency proceeding under federal or state statutes.
    2. Termination for Convenience. Client may terminate Services without cause upon ninety (90) days prior written notice to Corvid Cyberdefense.
    3. Licensed CPE Return. Within ten (10) business days after the date of termination or discontinuance of Services for any reason, Client agrees to return, at the sole expense of Corvid Cyberdefense with setoff to any fees owed, any CPE(s) to Corvid Cyberdefense.  Corvid Cyberdefense shall retain the risk of loss for the delivery of CPE(s) to Corvid Cyberdefense’s premises. Client shall be solely responsible for, and shall reimburse Corvid Cyberdefense for, any damage caused to the CPE while it is installed at Client’s facilities, except to the extent such damage is caused by Corvid Cyberdefense personnel. If the CPE(s) are not timely returned or are not in the same condition in which received by Client (except for normal wear and tear), Client agrees to pay a fee of $5,000 per CPE.
    4. Effect of Termination. If Client terminates Services for any reason other than for cause, Client agrees to pay Corvid Cyberdefense within 30 days for all Services performed by Corvid Cyberdefense that have not previously been paid.  If Client terminates Services other than for cause, then Client shall pay to Corvid Cyberdefense an amount equal to the sum of the service charges for the remainder of the term, which is 90 days from the date of written notice of cancellation.
  8. Warranties
    1. Corvid Cyberdefense Services. Corvid Cyberdefense warrants that the Services provided pursuant to these Terms and Conditions shall be performed with that degree of skill and judgment normally exercised by recognized professional firms performing services of the same or substantially similar nature.  The exclusive remedy for any breach of the foregoing warranty shall be that Corvid Cyberdefense, at its own expense, and in response to written notice of a warranty claim by Client within 90 days after performance of the Services at issue, re-perform the Services to conform to this standard. While Corvid Cyberdefense and the Haven™ solution provide services that help secure the Client’s environment, Corvid Cyberdefense does not provide a guarantee that malware, a hack or a data breach will not occur. In addition, Client is responsible for acting on Security Events and Security Alerts to properly secure and harden their environment. Corvid Cyberdefense is not responsible for any post-breach remediation services unless engaged under separate agreement. Corvid Cyberdefense is not responsible for any notifications or disclosures that may be required as the result of a data breach or other Security Event. Corvid Cyberdefense is not responsible for any preexisting conditions or weaknesses within the Client’s environment. If there is an incident that takes place during the term of the Contract, but the root cause of the issue is related to a preexisting condition, then Corvid Cyberdefense is not liable. Corvid Cyberdefense is not liable if Client discontinues services or does not take proper action on Security Events and Security Alerts.
    2. Licensed Equipment (CPE). In the event of a defect in the materials or workmanship of the CPE, Client shall have the right to return such defective CPE to Corvid Cyberdefense, and Corvid Cyberdefense shall, at Corvid Cyberdefense’s election and expense, either repair or replace such defective CPE. Client shall be solely responsible for all costs associated with repairing or replacing any CPE damaged by accident; unusual physical, electrical or electromagnetic stress; neglect; misuse; failure of electric power, air conditioning or humidity control; causes other than ordinary use; or any damage resulting from a breach of Client’s obligations hereunder.
    3. Purchased Equipment. Corvid Cyberdefense warrants to Client, for the benefit of Client only, that any purchased equipment (excluding software) furnished by Corvid Cyberdefense pursuant to these Terms and Conditions will be free from defects in material and workmanship for thirty (30) days from the date of shipment of the equipment.  In the event of a defect in the materials or workmanship of the equipment during said warranty period, Client shall have the right to return such defective equipment to Corvid Cyberdefense, and Corvid Cyberdefense shall, at Corvid Cyberdefense’s election and expense, either repair or replace such defective equipment.   After such warranty period expires, Corvid Cyberdefense shall have no obligation to repair or replace such equipment.   During such warranty period, Client shall be solely responsible for all costs associated with repairing or replacing any equipment damaged by accident; unusual physical, electrical or electromagnetic stress; neglect; misuse; failure of electric power, air conditioning or humidity control; causes other than ordinary use; or any damage resulting from a breach of Client’s obligations hereunder.
    4. By Client. Client represents and warrants to Corvid Cyberdefense that possession and use of information, specifications, and data provided by Client to Corvid Cyberdefense under these Terms and Conditions will not constitute an infringement upon any patent, copyright, trade secret, or other intellectual property right of any third party.
  9. Indemnity; Limitation of Liability; and Disclaimer of Warranties
    1. Corvid Cyberdefense shall indemnify, defend, and hold harmless, at its own expense, Client and its affiliates and its and their officers, employees, members, directors, insurers, contractors, and suppliers (“Client Indemnitees”) from and against any claim, action, suit, or proceeding (each a “Claim”), and all related loss, cost, liability, damage, and expense, for each Claim brought by a third party to the extent that the Claim is based on: (a) any negligent, reckless, or wrongful misconduct of Corvid Cyberdefense or any of its employees or contractors; (b) Corvid Cyberdefense’s breach of these Terms and Conditions; or (c) any use, access, disclosure, release, distribution, or delivery of the Data, or any portion thereof, by Corvid Cyberdefense or any of its employees or contractors in a manner not authorized by these Terms and Conditions; provided that, in each case, Corvid Cyberdefense may not settle any such Claim unless such settlement completely and forever releases the Client Indemnitees from all liability with respect to such Claim or unless Corvid Cyberdefense consents to such settlement, and further provided that the Client Indemnitee will have the right, at its option, to defend itself against any such Claim or to participate in the defense thereof by counsel of its own choice. This indemnification obligation will survive the expiration or termination of this Services provided to Client.
    2. EXCEPT FOR CORVID CYBERDEFENSE’S INDEMNIFICATION OBLIGATIONS AND EITHER PARTY’S CONFIDENTIALITY OBLIGATIONS, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY LOSS OF PROFITS, LOSS OF USE, BUSINESS INTERRUPTION, COST OF COVER OR INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH OR ARISING OUT OF OR RELATED TO THESE TERMS AND CONDITIONS OR THE FURNISHING, PERFORMANCE OR USE OF THE SERVICES PERFORMED HEREUNDER, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    3. EXCEPT AS EXPRESSLY PROVIDED IN THESE TERMS AND CONDITIONS, EACH PARTY DISCLAIMS ALL REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES REGARDING QUALITY, SUITABILITY, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE (IRRESPECTIVE OF ANY COURSE OF DEALING, CUSTOM OR USAGE OF TRADE).
  10. Terms Applicable to Certain Services
    1. In the event Corvid Cyberdefense performs Payment Card Industry-related services for Client, the following shall apply:
      1. Client is responsible for PCI compliance and notification of any suspected breach of its systems and any fines, penalties or registration fee imposed by any payment card association or its acquiring bank. Client hereby authorizes Corvid Cyberdefense to release a redacted copy of Client’s PCI DSS Report on Compliance (“ROC”) to the PCI SSC upon the PCI SSC’s written request with notice of such request from the PCI SSC.  In the event Client suffers a credit card compromise, Client authorizes Corvid Cyberdefense to release a copy of its ROC to the credit card associations upon the credit card associations’ written request.  Corvid Cyberdefense shall provide Client with notice of such request from the credit card association.  Finally, Client authorizes Corvid Cyberdefense to release a copy of Client’s ROC to Client’s acquiring bank. Corvid Cyberdefense shall have the right to retain a copy of Client’s information solely as necessary for Corvid Cyberdefense to comply with the PCI SSC data retention requirements for Qualified Security Assessors.
    2. In the event Client purchases portal-based services, such as Corvid Cyberdefense Haven™ services, and/or security testing services, the following shall apply:
      1. Client represents and warrants that Client has full right, power, and authority to consent to have the service scan for vulnerabilities the IP address and/or URL and/or domain names identified to Corvid Cyberdefense by Client for scanning, whether electronically or by any other means, whether during initial enrollment or thereafter. Without limiting any other remedy that Corvid Cyberdefense may have, Client agrees to indemnify and hold Corvid Cyberdefense and its affiliates harmless from and against all liabilities, losses, damages, costs and expenses, including without limitation reasonable attorney’s fees and costs incurred by Corvid Cyberdefense resulting from Client’s breach of this provision. If applicable, Client shall obtain all consents and authorizations from any third parties necessary for Corvid Cyberdefense to perform the Services, including without limitation, third party data centers, co-locations and hosts.  Corvid Cyberdefense will not be required to execute agreements with any such third parties.  Client agrees that Corvid Cyberdefense Haven™, including without limitation its functionality and contents, is confidential information, and Client’s use and/or access to Corvid Cyberdefense Haven™ is subject to the terms of the mutual non-disclosure agreement executed by the parties. Client acknowledges and understands that accessing and scanning IP addresses and penetration testing involves inherent risks, including, without limitation, risks related to system or network performance and availability, and data corruption or loss.
      2. Client’s use of Corvid Cyberdefense portals, reports, and scanning solution is subject to the following restrictions: (i) Client may use the services and portals only to scan IP addresses, URLs and domain names owned by and registered to Client; (ii) portals, services, and reports may only be used for the stated purposes in these Terms and Conditions for Client’s internal business purposes in accordance with all applicable laws (including any export control laws); and, (iii) Client shall limit access to portals to only those employees and/or contractors who have an obligation of confidentiality with Client and only to those who have a requirement for such access on a “need to know” basis and Client shall be solely responsible for disabling portals accounts for those employees and/or contractors who no longer require access. Client shall not (i) decompile, reverse engineer, disassemble, or otherwise derive the source code from any component of the portals including the software embedded therein; (ii) modify, enhance, translate, alter, tamper with, upgrade or create derivatives works of the portals, software or documentation; or (iii) strip out or alter any trademark, service mark, copyright, patent, trade secret, ownership or any other proprietary or Intellectual Property notices, legends, warnings, markings or indications on or within any component of the portals, software or documentation, or attempt (i), (ii), and/or (iii) above.
    3. If Client purchases a digital certificate, Client’s use of such certificate is subject to and governed by the terms and conditions in the applicable Certification Practice Statement(s), Certificate Policy(ies), Subscriber Agreement and other related documentation.
  11. General
    1. Assignment. Neither party may assign or otherwise transfer rights and obligations of Services, in whole or in part, without the prior written consent of the other party; provided, however, that no written consent shall be required to assign these Terms and Conditions to any affiliate of a party, and further provided that either party may assign this Agreement without the other party’s prior written consent to a successor by way of a merger, acquisition, sale, transfer or other disposition of all or substantially all of its assets.  Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns. Such assignment shall not be unreasonably withheld.
    2. Force Majeure. Neither party shall be liable for any default or delay in the performance of its obligations hereunder (except for payments) if and to the extent such default or delay is caused, directly or indirectly, by acts of God, governmental acts, accidents, wars, terrorism, riots or civil unrest, fires, storms, earthquakes, floods or elements of nature, or any other similar cause beyond the reasonable control of such party, provided such default or delay could not have been prevented by reasonable precautions and cannot reasonably be circumvented by the non-performing party through the use of commercially reasonable alternative sources, workaround plans or other means.
    3. Notice. Except as otherwise provided in these Terms and Conditions, all notices, consents, or approvals required by these Terms and Conditions shall be in writing sent by certified or registered mail, postage prepaid, or by electronic mail (receipt confirmed) to, (i) in the case of Corvid Cyberdefense, 153 Langtree Campus Drive, Mooresville, NC 28117, Attn: Legal Department, Email: cyber@corvidtec.com, and (ii) in the case of Client, the address and email address set forth in the Proposal. Notices shall be deemed effective on the date of mailing (for certified or registered mail) or the date that receipt is confirmed (for electronic mail). Client agrees to accept communications from Corvid Cyberdefense via email.
    4. Relationship. The relationship between Corvid Cyberdefense and the Client shall be that of independent contractors. Nothing in these Terms and Conditions shall be construed to create or imply a partnership, joint venture, agency relationship or contract of employment.
    5. No Third-Party Beneficiaries. Nothing herein expressed or implied is intended to or shall be construed to confer upon or give any person or entity, other than the parties hereto and their respective successors and permitted assigns, any rights or remedies under or by reason of these Terms and Conditions.
    6. Contractors. Corvid Cyberdefense shall obtain Client’s prior written consent prior to using any contractors in connection with the performance of Services, provided that Corvid Cyberdefense shall remain responsible for ensuring its obligations are satisfied with respect to the performance of such Services.
    7. No Solicitation. During the term of Contract, neither party shall, directly or indirectly, hire or solicit to be hired any employee of the other party without the prior written consent of the other party; provided that general solicitations will not constitute a breach of this obligation.
    8. Waiver. Any waiver of the provisions of these Terms and Conditions or of a party’s rights or remedies under these Terms and Conditions must be in writing to be effective.
    9. Severability. If any provision in these Terms and Conditions is found to be invalid, unlawful or unenforceable, the parties shall agree in good faith to such amendments as will preserve the intent of these Terms and Conditions. If the parties fail to so agree, such invalid provision will be severed from these Terms and Conditions, which will continue in full force and effect.
    10. Governing Law. These Terms and Conditions shall be governed by and construed in accordance with the laws of the State of North Carolina, without giving effect to conflict of law principles.  The parties agree that any legal action or proceeding relating to these Terms and Conditions may be instituted in a state or federal court in Iredell County, NC, and agree to submit to the jurisdiction of, and agree that venue is proper in, these courts in any such action or proceeding.
    11. Directives. Client shall immediately notify Corvid Cyberdefense if Client knows or has reason to believe that Corvid Cyberdefense has been or will be required, as a result of activity arising out of or related to these Terms and Conditions or the Services contemplated hereunder, by any court or administrative agency of the United States or any state, by the Payment Card Industry Security Standards Council, or by any legal process to respond to any subpoena, search warrant, discovery or other directive under the authority of such court, administrative agency, governmental inquiry or process in connection with any proceeding or investigation in which Client or any of its affiliates, officers, directors, agents, employees, or subcontractors is involved.  Whether or not such notice is given by Client, Client shall directly assist Corvid Cyberdefense in Corvid Cyberdefense’s attempt to reduce the burdens of compliance with any such directive, and Client shall reimburse any and all reasonable expenses incurred by Corvid Cyberdefense and its affiliates in complying with any such directive, including, but not limited to, attorneys’ fees and Corvid Cyberdefense’s outside counsel attorneys’ fees for representation and advice, travel and lodging expenses and an hourly labor rate of USD $275 per hour for all time spent by Corvid Cyberdefense in responding to such matters.
    12. Export Control. Client agrees to comply with all applicable U.S. and foreign export laws, restrictions, and regulations and not to export or re-export or allow the export or re-export of any product, technology or information it obtains or learns pursuant to its relationship with Corvid Cyberdefense in violation of any such laws, restrictions or regulations.  Client shall bear all expenses relating to any necessary licenses and/or exemptions with respect to the export from the U.S. of the equipment purchased from Corvid Cyberdefense to any location in compliance with all applicable laws and regulations prior to the delivery thereof by Client.  Client shall indemnify and hold Corvid Cyberdefense harmless from all claims, damages and related expenses (including reasonable attorneys’ fees) incurred by Corvid Cyberdefense that result from Client’s breach of this provision.  CORVID CYBERDEFENSE SHALL NOT BE LIABLE FOR CLIENT’S VIOLATION OF ANY EXPORT OR IMPORT LAWS, WHETHER UNDER THE UNITED STATES OR FOREIGN LAW.
    13. Entire Terms and Conditions; Amendment. These Terms and Conditions, together with any software end-user license agreement and any non-disclosure agreement executed between the parties, constitutes the entire agreement between Corvid Cyberdefense and Client regarding the subject matter hereof. All prior or contemporaneous agreements, proposals, understandings and communications between Corvid Cyberdefense and Client regarding the subject matter hereof, whether oral or written, are superseded by and merged into these Terms and Conditions. These Terms and Conditions may not be modified or amended except by a written instrument executed by both Corvid Cyberdefense and Client. Notwithstanding anything else in these Terms and Conditions or otherwise, in the event of any changes or updates to applicable laws, regulations, rules, standards, interpretations or other external guidelines (including without limitation the PCI Data Security Standard or the Payment Application Data Security Standard), Corvid Cyberdefense may, upon notice to Client, make appropriate revisions to the scope and pricing for any Services that are affected by such changes or updates. The terms of any Client purchase order are accepted for accounting convenience only. No terms or conditions contained in any purchase order shall amend these Terms or Conditions or shall otherwise constitute an agreement between the parties.
    14. Dependencies. Client acknowledges that the provision of Services is dependent upon the performance of Client, and its affiliates, and that Corvid Cyberdefense shall not be liable for its failure to perform to the extent such failure is due to (i) a failure by Client or any third party retained by, or under the control of, Client to provide data or materials that Client or such third party is required to provide to Corvid Cyberdefense or required by Corvid Cyberdefense to perform the services under this these Terms and Conditions, (ii) a failure by Client to timely and accurately perform its responsibilities as set forth in these Terms and Conditions, or (iii) a failure by Client to obtain consents, approvals or access for Corvid Cyberdefense.
    15. Insurance. Corvid Cyberdefense, at its cost, shall carry the following types of insurance: worker’s compensation, comprehensive general liability, automobile liability and errors and omissions.  The comprehensive general liability shall have a contractual liability endorsement.  The minimum limits for the comprehensive general liability and the errors and omissions coverage shall be:  bodily injury $1,000,000.00; and property damage $1,000,000.00.  The minimum limits for the automobile liability coverage shall be bodily injury $1,000,000.00 and property damage $1,000,000.00.  All policies of insurance shall be with a company or companies acceptable to Client.  Corvid Cyberdefense shall also carrier Cyber Insurance with a minimum limit of $1,000,000.  All policies of insurance shall provide that they will not be canceled by the insurance company or Corvid Cyberdefense without at least ten (10) days prior written notice being given to Client by the insurer.  Client shall be named as an additional insured under all policies, a certificate of insurance shall be approved by Client before Corvid Cyberdefense Network starts performance, and Corvid Cyberdefense shall deliver a renewal certificate of insurance to Client at least ten (10) days prior to the expiration date of the insurance.

Last Updated:  October 6, 2020