Terms & Policies

Cookies Policy

Last revised on July 27, 2019 effective as of August 1, 2019

If your browser is configured to accept cookies, we may collect non-personally identifiable information passively using "cookies" and "page tags".
‍
It is SECURITI's policy to respect your privacy regarding any information we may collect while operating our website. Please read this policy carefully to understand how we handle and treat your personal information.

Terms & Conditions

SECURITI
CUSTOMER AGREEMENT

Effective as of February 1, 2020

THIS CUSTOMER AGREEMENT AND ITS CORRESPONDING ORDER FORM(S) (COLLECTIVELY REFERRED TO AS THIS " AGREEMENT") GOVERN CUSTOMER’S USE OF SECURITI, INC.’S ("SECURITI") SECURITI PRODUCT (DEFINED BELOW). PLEASE READ THE TERMS AND CONDITIONS OF THIS AGREEMENT CAREFULLY BEFORE USING THE SECURITI PRODUCT. BY EXECUTING AN ORDER FORM FOR THE SECURITI PRODUCT EITHER DIRECTLY OR INDIRECTLY, OR BY ACCEPTING THIS AGREEMENT BY ANY ONLINE OR DIGITAL PROCESS, CUSTOMER HEREBY ACCEPTS THE TERMS AND CONDITIONS SET OUT BELOW. THE INDIVIDUAL ACCEPTING THIS AGREEMENT HEREBY REPRESENTS THAT SUCH INDIVIDUAL IS AN AUTHORIZED REPRESENTATIVE OF THE CUSTOMER LISTED ON AN ORDER FORM AND IS AUTHORIZED TO OBLIGATE SUCH CUSTOMER TO ALL TERMS AND CONDITIONS IN THIS AGREEMENT, AND SUCH INDIVIDUAL ACKNOWLEDGES THAT SECURITI RELIES ON SUCH REPRESENTATION IN ENTERING INTO THIS AGREEMENT. SECURITI MAY MODIFY THIS AGREEMENT FROM TIME TO TIME, AND CHANGES TO THIS AGREEMENT WILL BE POSTED ON THE SECURITI WEBSITE AND REVISIONS WILL BE INDICATED BY VERSION DATE. CUSTOMER AGREES TO BE BOUND TO ANY CHANGES TO THIS AGREEMENT WHEN CUSTOMER USES THE SECURITI PRODUCT AFTER ANY SUCH MODIFICATION BECOMES EFFECTIVE. MODIFICATIONS TO THIS AGREEMENT WILL BECOME EFFECTIVE UPON THE RENEWAL OF AN ORDER FORM. THE "EFFECTIVE DATE" OF THIS AGREEMENT IS THE DATE THIS AGREEMENT IS ACCEPTED BY CUSTOMER.

---

Background

Securiti is the developer of PRIVACI.ai, the PrivacyOps platform with multiple modules to assist with compliance for privacy regulations. Customer desires to use certain functions of the Securiti Product to enhance its privacy practices.

---

1. Definitions

The following terms, when used in this Agreement will have the following meanings:

" Affiliates" means an entity that directly or indirectly Controls, is Controlled by, or is under common Control with another entity, so long as such Control exists. For the purposes of this definition, " Control" means beneficial ownership of 50% or more of the voting power or equity in an entity.

" Authorized Users" means the employees, contractors and service providers of Customer or its Affiliates who are authorized to access and use the Securiti Product on behalf of Customer and its Affiliates.

" CCPA" means the California Consumer Privacy Act of 2018, Cal. Civ. Code, 1798.100 - 1798.198, as amended.

" Confidential Information" means any information or data disclosed by either party that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential in light of the nature of the information and the circumstances surrounding disclosure. However, "Confidential Information" will not include any information which (a) is in the public domain through no fault of receiving party; (b) was properly known to receiving party, without restriction, prior to disclosure by the disclosing party; (c) was properly disclosed to receiving party, without restriction, by another person with the legal authority to do so; or (d) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information. Customer Data and any data or information that identifies Customer’s business or business practices (e.g., number of Customer Data records, number of consumer requests or responses processed) is the Confidential Information of Customer. The Securiti Product is the Confidential Information of Securiti.

" Customer Data" means Personal Information, as defined in the CCPA or Personal Data, as defined in the GDPR that is uploaded by, or on behalf of, Customer to the Securiti Product (excluding the components downloaded to Customer's environment).

" Documentation" means the printed and digital instructions, on-line help files, technical documentation and user manuals made available by Securiti for the Securiti Product.

" Order Form" means an order form, quote or other similar document that sets forth the specific Securiti Product and pricing therefor, and that references this Agreement and is mutually executed by the parties.

" Professional Services" means any implementation, training, configuration, consulting, data migration, conversion, integration setup, or other services provided by Securiti to Customer, as set forth in an Order Form.

" Securiti Product" means the web-based application, as well as certain downloadable components that must deployed within Customer’s environment, made available to Customer by Securiti via a subscription. Securiti will host and operate such web-based application on computer servers accessible by Customer over the Internet. "Securiti Product" excludes any Customer Data contained or processed therein.

---

2. Securiti Product

2.1 Provision of Securiti Product.

Subject to the terms and conditions of this Agreement and the Service Level Agreement (SLA) attached in Exhibit A, Securiti will make certain functions of the Securiti Product available to Customer pursuant to this Agreement and the applicable Order Form, and hereby grants Customer a non-exclusive right to access and use the Securiti Product for its privacy compliance purposes. Customer may extend the rights granted herein to its Affiliates, provided that it will ensure their compliance with this Agreement and be responsible for their acts and omissions hereunder, in each case as if they were Customer hereunder. Customer hereby grants to Securiti a royalty-free, worldwide, non-exclusive, fully paid-up license to use the Customer Data (as defined below) in order to perform and provide the Securiti Product and Professional Services for the benefit of Customer or for the purpose of enhancing product or services in accordance with the terms of this Agreement.

2.2 Data Security.

Securiti will maintain a security program materially in accordance with industry standards that is designed to reasonably (i) ensure the security and integrity of Customer data uploaded by, or on behalf of, Customer to the Securiti Product (" Customer Data"); (ii) protect against threats or hazards to the security or integrity of Customer Data; and (iii) prevent unauthorized access to Customer Data. Securiti’s security safeguards include measures for preventing access, use, modification or disclosure of Customer Data by Securiti personnel except (a) to provide the Securiti Product and prevent or address service or technical problems, (b) as required by applicable law, or (c) as Customer expressly permits in writing or under this Agreement. Securiti will comply with the Security Exhibit attached hereto as Exhibit B, and will provide to Customer, upon request, Securiti’s most recently completed Service Organization Control 2 (SOC2) audit reports or industry-standard successor report ("Controls Reports"). Securiti will not materially diminish the protections provided in this Section during the term of this Agreement.

2.3 Customer Limitations.

The rights granted herein are subject to the following restrictions. Customer will not directly or indirectly:

1. reverse engineer, decompile, disassemble, modify, create derivative works of or otherwise create, attempt to create or derive, or permit or assist any third party to create or derive, the source code underlying the Securiti Product;
2. attempt to probe, scan or test the vulnerability of the Securiti Product, breach the security or authentication measures of the Securiti Product without proper authorization or wilfully render any part of the Securiti Product unusable;
3. use or access the Securiti Product to develop a product or service that is competitive with Securiti’s products or engage in competitive analysis or benchmarking;
4. transfer, distribute, resell, lease, license, or assign the Securiti Product or otherwise offer the Securiti Product on a standalone basis; or
5. otherwise use the Securiti Product outside the scope expressly permitted hereunder and in the applicable Order Form.

2.4 Authorized Users.

Customer may permit its Authorized Users to use the Securiti Product and such access rights shall not be shared with any third parties other than Authorized Users. The number of Authorized Users accessing the Securiti Product shall not exceed the maximum number of Authorized Users specified in the Order Form.

2.5 Customer Responsibilities.

1. Customer acknowledges that Securiti’s provision of the Securiti Product is dependent on Customer providing all reasonably required cooperation, and Customer will provide all such cooperation in a diligent and timely manner.
2. Customer will
   1. be responsible for all use of the Securiti Product under its account by parties other than Securiti and its Affiliates (whether or not authorized),
   2. use commercially reasonable efforts to prevent unauthorized access to or use of the Securiti Product and notify Securiti promptly of any such unauthorized access or use and
   3. be responsible for obtaining and maintaining any equipment, software and ancillary services needed to connect to, access or otherwise use the Securiti Product, in each case as set forth in the Documentation. Customer will be solely responsible for its failure to maintain such equipment, software and services, and Securiti will have no liability for such failure (including under any service level agreement, if applicable).
3. Customer understands that the Securiti Product provides a platform whereby Customer is able to manage personal data and/or personal information, including, without limitation, the Customer Data, that may be governed by U.S., federal or state, law, including without limitation, the CCPA, as well as General Data Protection Regulation (" GDPR"), and foreign data protection and privacy laws (together, the " Applicable Laws"). The Applicable Laws regulate personal data in terms of collection, retention and transfer of such information. Customer acknowledges that under Applicable Laws, Customer assumes full responsibility as the controller (or equivalent term) of Customer Data. The Securiti Product contains tools and functions that allow the Securiti Product to be configured by Customer as necessary for its compliance with Applicable Laws. Customer assumes the responsibility as the controller (or equivalent term) of Customer Data that may be collected and reside in the Securiti Product and Customer hereby warrants, represents and, to the extent relevant, covenants, that it has or will (i) complied with all applicable transparency-related obligations under Applicable Laws (including, without limitation, displaying any and all relevant and required privacy notices or policies); (ii) obtained any and all required informed consents and/or (will) have any and all legal bases; and (iii) complied/comply at all times with any and all Applicable Laws, in order to collect, process and transfer to Securiti the Customer Data (including, without limitation, personal data), to authorize the processing by Securiti of the Customer Data and any other applicable requirements and to ensure that the Securiti Product is configured by Customer to comply with any and all Applicable Laws. For avoidance of doubt, it is Customer’s responsibility to confer as needed with legal counsel to confirm and maintain compliance by Customer with Applicable Laws.
4. To the extent Customer needs Securiti to execute a Data Processing Agreement (" DPA") subject to the GDPR, Customer shall download and execute Securiti’s DPA from Securiti’s website, which shall be deemed attached to and a part of this Agreement. To the extent Customer needs Securiti to execute a service provider addendum subject to the CCPA (" Service Provider Addendum"), Customer shall be responsible for providing such Service Provider Addendum to Securiti, which shall be negotiated in good faith by the parties.
5. In the event Customer fails to comply with any Applicable Law and/or any provision of the DPA and/or Service Provider Addendum (to the extent applicable), and/or fails to return an executed version of the DPA to Securiti or provide a Service Provider Addendum to Securiti where required, then:
   1. to the maximum extent permitted by law, Customer shall be solely and fully responsible and liable for and shall indemnify, defend and hold harmless Securiti and its Affiliates from, any resulting liability; and
   2. the limitation of Customer’s liability under Section 7 below shall not apply in connection with Section 2.5(d) above.

2.6 Changes.

Securiti may, from time to time, implement enhancements, upgrades, updates, improvements, modifications, extensions and other changes to the Securiti Product. Securiti shall provide Customer with access to all such changes to the specific Securiti Product subscribed to by Customer in an existing Order Form without separate charge.

2.7 Service Level Agreement.

Securiti agrees to comply with the Service Level Agreement attached hereto as Exhibit A.

3. Fees

3.1 Fees.

Customer will pay Securiti the fees set forth in an Order Form. Except as otherwise specified herein or in any applicable Order Form, (a) fees are quoted and payable in United States dollars and (b) payment obligations are non-cancelable and non-pro-ratable for partial months, and fees paid are non-refundable, except as otherwise expressly provided herein. Customer is not liable for any expenses incurred by Securiti (including travel, meals and hotels) except as otherwise pre-approved in writing by Customer.

3.2 Late Payment.

Securiti may suspend access to the Securiti Product immediately upon notice to Customer if Customer fails to pay any non-disputed amounts hereunder at least thirty (30) days past the applicable due date.

3.3 Taxes.

All amounts payable hereunder are exclusive of any sales, use and other taxes or duties, however designated (collectively " Taxes"). Customer will be solely responsible for payment of all Taxes, except for those taxes based on the income of Securiti. Customer will not withhold any taxes from any amounts due to Securiti, provided that if Customer is required by law to withhold any taxes then the invoiced amount shall be deemed increased so that the amount payable by Customer after such withholding equals the invoiced amount.

3.4

If Customer is purchasing the Securiti Product through a Reseller (hereafter defined), then all pricing and invoicing terms shall be as agreed between Customer and the Reseller. "Reseller" shall mean a third party authorized by Securiti to resell the Securiti Product to Customer. Customer acknowledges and agrees that that the Reseller is obligated to pay Securiti for the Securiti Product purchased by Customer through the Reseller, and failure of the Reseller to make required payments to Securiti may result in Securiti terminating or suspending Customer’s access to the Securiti Product, which may be done without any liability of Securiti to Customer for any such termination or suspension.

4. Proprietary Rights and Confidentiality

4.1 Proprietary Rights.

As between the parties, Securiti exclusively owns all right, title and interest in and to the Securiti Product (including any Securiti Product trademarks), and Securiti’s Confidential Information, including all System Data. " System Data" means anonymized user and other data collected by Securiti regarding the Securiti Product that may be used to generate logs, statistics and reports regarding performance, availability, integrity and security of the Securiti Product. Customer exclusively owns all right, title and interest in and to the Customer Data and Customer’s Confidential Information.

4.2 Feedback.

Customer may from time to time provide Securiti suggestions or comments for enhancements or improvements, new features or functionality or other feedback with respect to the Securiti Product. Securiti will have full discretion to determine whether or not to proceed with the development of any requested enhancements, new features or functionality. Securiti will have the full, unencumbered right, without any obligation to compensate or reimburse Customer, to use, incorporate and otherwise fully exercise and exploit any such feedback in connection with its products and services.

4.3 Confidentiality.

Each party agrees that it will use the Confidential Information of the other party solely in accordance with the provisions of this Agreement and it will not disclose, or permit to be disclosed, the same directly or indirectly, to any third party without the other party’s prior written consent, except as otherwise expressly permitted hereunder. However, either party may disclose Confidential Information (a) to its employees, officers, directors, attorneys, auditors, financial advisors and other representatives who have a need to know and are legally bound to keep such information confidential by confidentiality obligations consistent with those of this Agreement; and (b) as required by law (in which case the receiving party will provide the disclosing party with prior written notification thereof, will provide the disclosing party with the opportunity to contest such disclosure, and will use its reasonable efforts to minimize such disclosure to the extent permitted by applicable law). Neither party will disclose the terms of this Agreement to any third party, except that either party may confidentially disclose such terms to actual or potential lenders, investors or acquirers. Each party agrees to exercise due care in protecting the Confidential Information from unauthorized use and disclosure. In the event of actual or threatened breach of the provisions of this Section or the restrictions in Section ‎2.3 hereof, the non-breaching party will be entitled to seek immediate injunctive and other equitable relief, without waiving any other rights or remedies available to it. Each party will promptly notify the other in writing if it becomes aware of any violations of the confidentiality obligations set forth in this Agreement.

5. Warranties and Disclaimers

5.1 Mutual.

Both parties. Each party warrants that it has the authority to enter into this Agreement and, in connection with its performance of this Agreement, shall comply with all laws and regulations applicable to such party.

5.2 Securiti.

Securiti warrants that the Securiti Products will (i) substantially meet the requirements described in the relevant Order Form during the term of the Order Form consistent with prevailing industry standards, (ii) will substantially conform with the Documentation, and (iii) be free of viruses, malware, malicious code, time bombs, Trojan horses, back doors, drop dead devices, worms, self-replicating or other code of any kind that when used in Customer’s network environment, may alter, destroy, inhibit, disable, or disable or discontinue effective use of the Customer’s systems. The functionality of the Securiti Products ordered will not be decreased during the term of this Agreement. Securiti will perform any Professional Services in a professional and workmanlike manner. For a material breach of the foregoing express warranties contained this Section ‎5.2, Customer’s exclusive remedy shall be the re-performance of the deficient Securiti Product or Professional Services or, if Securiti cannot re-perform such deficient Securiti Product or Professional Services as warranted, Customer shall be entitled to terminate this Agreement for breach, any Order Form or applicable portion of the Order Form covering such Securiti Product or Professional Services in accordance with Section 8.2 and recover a pro-rata portion of the fees paid to Securiti for such deficient Securiti Product or Professional Services.

5.3 Customer.

Customer warrants that it has all rights necessary to provide any information, data or other materials that it provides hereunder, and to permit Securiti to use the same as contemplated hereunder.

5.4 DISCLAIMERS.

EXCEPT AS EXPRESSLY SET FORTH HEREIN, SECURITI DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMER ACKNOWLEDGES THAT THE SECURITI PRODUCT IS INTENDED ONLY TO AUGMENT CUSTOMER’S PRIVACY PRACTICES, BUT NOT REPLACE, LEGAL AND OTHER PROFESSIONAL ADVISORS. CUSTOMER IS A DATA CONTROLLER, RESPONSIBLE FOR WHICH DATA IT COLLECTS, AND IS RESPONSIBLE FOR ITS OWN PRIVACY POLICIES. EXCEPT AS EXPRESSLY SET FORTH HEREIN, SECURITI DOES NOT WARRANT THAT ACCESS TO THE SECURITI PRODUCTS WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ALL DEFECTS AND ERRORS IN THE SECURITI PRODUCTS WILL BE CORRECTED, OR THAT THE SECURITI PRODUCTS AND SERVICES WILL MEET CUSTOMER’S PARTICULAR REQUIREMENTS OR EXPECTATIONS. SECURITI SHALL NOT BE LIABLE OR RESPONSIBLE FOR ANY DELAYS, INTERRUPTIONS, SERVICE FAILURES, AND ANY OTHER PROBLEMS ARISING FROM CUSTOMER’S USE OF THE INTERNET, ELECTRONIC COMMUNICATIONS OR ANY OTHER SYSTEMS. CUSTOMER ACKNOWLEDGES THAT IT MAY HAVE ACCESS TO CERTAIN SECURITY ASSESSMENT TEMPLATES PROVIDED BY THIRD PARTIES, AND SECURITI MAKES NO REPRESENTATIONS, WARRANTIES OR OTHER COMMITMENTS WITH RESPECT SUCH TEMPLATES OR THE ACCURACY OF INFORMATION PROVIDED THEREIN. THE PROVISIONS OF THIS SECTION ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN SECURITI AND CUSTOMER. SECURITI’S PRICING REFLECTS THIS ALLOCATION OF RISK AND THE LIMITED WARRANTIES SPECIFIED HEREIN.

6. Indemnification

6.1 Indemnity by Securiti.

Securiti will defend Customer against any claim, demand, suit, or proceeding made or brought against Customer by a third party ("Claim") (i) alleging that the use of the Securiti Product as permitted hereunder infringes or misappropriates a United States patent, copyright or trade secret or trademark of any third party, or (ii) arising out of any use or disclosure of Customer Data by Securiti in breach of this Agreement and in respect of each Claim described in (i) and (ii) above, Securiti will indemnify Customer for any liabilities, awards, penalties or costs (including reasonable attorneys' fees) in connection with any such Claim (" Costs"); provided that (a) Customer will promptly notify Securiti of such Claim (provided that the failure to provide such notice shall not relieve Securiti of its indemnification obligations except to the extent of any material prejudice directly resulting from such failure), (b) Securiti will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Securiti may not settle any Claim without Customer’s prior written consent, which will not be unreasonably withheld, unless it unconditionally releases Customer of all related liability) and (c) Customer reasonably cooperates with Securiti in connection therewith. If the use of the Securiti Product by Customer has become, or in Securiti’s opinion is likely to become, the subject of any claim of infringement, Securiti may at its option and expense (i) procure for Customer the right to continue using and receiving the Securiti Product as set forth hereunder; (ii) replace or modify the Securiti Product to make it non-infringing (with comparable functionality); or (iii) if the options in clauses (i) or (ii) are determined by Securiti to not be reasonably practicable, terminate this Agreement and provide refund of any prepaid unused fees corresponding to the terminated portion of the applicable subscription term. Securiti will have no liability or obligation with respect to any Claim to the extent such Claim results from (A) compliance with designs, guidelines, plans or specifications provided by Customer, or the use or inclusion of Customer Data; (B) use of the Securiti Product by Customer not in accordance with this Agreement or in violation of any applicable law; (C) modification of the Securiti Product by any party other than Securiti without Securiti’s express consent; (D) Customer Confidential Information or (E) the combination, operation or use of the Securiti Product with other applications, portions of applications, product(s) or services in a manner not reasonably required where the Securiti Product would not by itself be infringing (clauses (A) through (E), " Excluded Claims"). This Section states Securiti’s sole and exclusive liability and obligation, and Customer’s exclusive remedy, for any claim of any nature related to infringement or misappropriation of intellectual property.

6.2 Indemnification by Customer.

Customer will defend Securiti against any Claim made or brought against Securiti by a third party arising out of the Excluded Claims, and Customer will indemnify Securiti for any Costs in connection with any such Claim; provided that (a) Securiti will promptly notify Customer of such Claim (provided that the failure to provide such notice shall not relieve Customer of its indemnification obligations except to the extent of any material prejudice directly resulting from such failure), (b) Customer will have the sole and exclusive authority to defend and/or settle any such Claim (provided that Customer may not settle any Claim without Securiti’s prior written consent, which will not be unreasonably withheld, unless it unconditionally releases Securiti of all liability) and (c) Securiti reasonably cooperates with Customer in connection therewith.

7. Limitation of Liability

UNDER NO LEGAL THEORY, WHETHER IN TORT, CONTRACT, OR OTHERWISE, WILL EITHER PARTY OR ITS AFFILIATES, OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS OR CONTRACTORS, BE LIABLE TO THE OTHER UNDER THIS AGREEMENT FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY CHARACTER, INCLUDING DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOST SALES OR BUSINESS, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOST CONTENT OR DATA, EVEN IF A REPRESENTATIVE OF SUCH PARTY HAS BEEN ADVISED, KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES, OR (B) EXCLUDING CUSTOMER’S PAYMENT OBLIGATIONS, ANY DIRECT DAMAGES, COSTS, OR LIABILITIES IN EXCESS OF THE AMOUNTS PAID BY CUSTOMER (OR RECEIVED BY SECURITI FROM A RESELLER, IF APPLICABLE) UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE (12) MONTHS PRECEDING THE INCIDENT OR CLAIM.

8. Termination

8.1 Term.

The term of this Agreement will commence on the Effective Date and continue until terminated as set forth below. The initial term of each Order Form will begin on the Order Form effective date of such Order Form and will continue for the subscription term set forth therein. Except as set forth in such Order Form, the term of such Order Form will automatically renew for successive renewal terms equal to the length of the initial term of such Order Form, unless either party provides the other party with written notice of non-renewal at least thirty (30) days prior to the end of the then-current term.

8.2 Termination.

Each party may terminate this Agreement upon written notice to the other party if there are no Order Forms then in effect. Each party may also terminate this Agreement or the applicable Order Form upon written notice in the event (a) the other party commits any material breach of this Agreement or the applicable Order Form and fails to remedy such breach within thirty (30) days after written notice of such breach or (b) subject to applicable law, upon the other party’s liquidation, commencement of dissolution proceedings or assignment of substantially all its assets for the benefit of creditors, or if the other party become the subject of bankruptcy or similar proceeding that is not dismissed within sixty (60) days. If Customer has purchased the Securiti Product through a Reseller, then Customer’s termination rights are subject to any agreement between the Reseller and Customer.

8.3 Effect of Termination.

Upon any termination or expiration of this Agreement: (i) Securiti will terminate Customer’s access to the Securiti Product and will cease providing such services; (ii) Customer shall immediately cease any and all use of and access to any Securiti Products; and (iii) each party hereunder shall return to the other party any and all Confidential Information of the other party in its possession. Termination shall not relieve Customer of the obligation to pay Securiti the fees agreed in an Order Form.

8.4 Survival.

Upon termination of this Agreement all rights and obligations will immediately terminate except that any terms or conditions that by their nature should survive such termination will survive, including the restrictions in Section ‎2.3 hereof, and terms and conditions relating to proprietary rights and confidentiality, payment, disclaimers, indemnification, limitations of liability and termination and the general provisions below.

9. General

9.1 Export Compliance.

Each party will comply with the export laws and regulations of the United States, European Union and other applicable jurisdictions in providing and using the Securiti Product.

9.2 Publicity.

Customer agrees that Securiti may refer to Customer’s name and trademarks in Securiti’s marketing materials and website and case studies, provided Customer is allowed to review such use prior to publication. Securiti will not refer to Customer or its business in a press release without Customer’s prior written consent. In addition, Customer agrees to become part of Securiti’s reference program by working with a representative from Securiti’s marketing team to develop a customer profile for use on Securiti’s website. The profile will include a quote from an executive of Customer and Customer’s logo.

9.3 Assignment; Delegation.

Neither party hereto may assign or otherwise transfer this Agreement, in whole or in part, without the other party’s prior written consent, except that either party may assign this Agreement without consent to a successor to all or substantially all of its assets or business related to this Agreement. Any attempted assignment, delegation, or transfer by either party in violation hereof will be null and void. Subject to the foregoing, this Agreement will be binding on the parties and their successors and assigns.

9.4 Amendment; Waiver.

No amendment or modification to this Agreement, nor any waiver of any rights hereunder, will be effective unless assented to in writing by both parties, or in a manner otherwise set forth in this Agreement. Any such waiver will be only to the specific provision and under the specific circumstances for which it was given, and will not apply with respect to any repeated or continued violation of the same provision or any other provision. Failure or delay by either party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.

9.5 Relationship.

Nothing contained herein will in any way constitute any association, partnership, agency, employment or joint venture between the parties hereto, or be construed to evidence the intention of the parties to establish any such relationship. Neither party will have the authority to obligate or bind the other in any manner, and nothing herein contained will give rise or is intended to give rise to any rights of any kind to any third parties.

9.6 Unenforceability.

If a court of competent jurisdiction determines that any provision of this Agreement is invalid, illegal, or otherwise unenforceable, such provision will be enforced as nearly as possible in accordance with the stated intention of the parties, while the remainder of this Agreement will remain in full force and effect and bind the parties according to its terms.

9.7 Governing Law; Venue.

This Agreement will be governed by the laws of the State of California, exclusive of its rules governing choice of law and conflict of laws. The parties agree to submit to the exclusive jurisdiction of (i) the state courts located in Santa Clara County in the State of California and (ii) the federal courts located in the Northern District of California, with respect to disputes hereunder. This Agreement will not be governed by the United Nations Convention on Contracts for the International Sale of Goods or by Uniform Computer Information Transactions Act (UCITA).

9.8 Notices.

Any notice required or permitted to be given hereunder will be given in writing by personal delivery, certified mail, return receipt requested, by overnight delivery, or by email or fax. Notices will be deemed given upon verifiable receipt

9.9 Entire Agreement.

This Agreement comprises the entire agreement between Customer and Securiti with respect to its subject matter, and supersedes all prior and contemporaneous proposals, statements, sales materials or presentations and agreements (oral and written). No oral or written information or advice given by Securiti, its agents or employees will create a warranty or in any way increase the scope of the warranties in this Agreement.

9.10 Force Majeure.

Neither Party will be deemed in breach hereunder for any cessation, interruption or delay in the performance of its obligations due to causes beyond its reasonable control (" Force Majeure Event"), including earthquake, flood, or other natural disaster, act of god, labor controversy, civil disturbance, terrorism, war (whether or not officially declared), cyber-attacks (e.g., denial of service attacks), or the inability to obtain sufficient supplies, transportation, or other essential commodity or service required in the conduct of its business, or any change in or the adoption of any law, regulation, judgment or decree.

9.11 Interpretation.

For purposes hereof, "including" means "including without limitation".

---

Exhibit A

Service Level Agreement

Availability Commitment.

To the extent hosted and operated by or on behalf of Securiti, the Securiti Product will be Available 99.5% of the time, measured on a calendar monthly basis (the " Availability Commitment"). " Availability" means that the Securiti Product is available for use by Customer. Availability measures will not include downtime resulting from:

• Upgrades: Customer will receive prior notice by email of Securiti’s upgrade windows, which will be scheduled between 2pm and midnight Pacific Time to the extent feasible. Downtime due to upgrades will not exceed 2 hours per month. All upgrades will be in-service software upgrades to keep the product functioning as much as possible. List of upcoming upgrades can be found on the status.securiti.ai site.
• Pre-scheduled maintenance periods: Customer will receive at least 24 hours prior notification by email of pre-scheduled maintenance periods. Maintenance shall be scheduled between 2pm and midnight Pacific Time. Downtime due to pre-scheduled maintenance will not exceed 2 hours per month. List of pre-scheduled maintenance can be found on the status.securiti.ai site.
• Emergency maintenance periods: Customer will receive prior notification by email on a commercially reasonable efforts basis. These maintenance periods will involve applying critical security patches and other emergency repairs to the Securiti infrastructure.
• In order to receive the above notification emails, customer should subscribe to notifications on https://status.securiti.ai. Notifications will also be delivered via the portal 60 minutes prior to an upgrade or scheduled maintenance.

The Availability Commitment does not apply to any downtime of the Securiti Product that results from:

• Account suspension or termination due to Customer’s breach of the Agreement;
• Disengagement of functionality of the Securiti Product due to Customer’s request;
• Force Majeure Events; or
• Customer’s or its service provider’s equipment, software or other technology.

Securiti will provide Customer with reports on Availability upon request.

Credit.

If Securiti fails to achieve the above Availability Commitment for the Securiti Product, Customer may claim a credit as provided below.

PERCENTAGE AVAILABILITY PER MONT	CREDIT
99.5-100.0	0%
97.0-99.49	4%
94.0-96.99	6%
92.0-93.99	10%

Customer will not be entitled to a credit if it is in breach of its Agreement with Securiti, including payment obligations. To receive a credit, a Customer must file a claim for such credit within fifteen (15) days following the end of the month in which the Availability Commitment was not met by contacting Securiti at [email protected] (or by opening a customer support ticket at https://app.securiti.ai/#/customer-support) with a complete description of the downtime, how Customer was adversely affected, and for how long.

The credit remedy set forth in this Service Level Agreement is Customer’s sole and exclusive remedy for the unavailability of the Securiti Product; provided that Customer shall have the right to terminate this Agreement if Securiti fails to achieve an Availability Commitment of 92% or better in three consecutive months; provided further that notwithstanding anything to the contrary in the Agreement, Customer shall have no payment obligations for services to be performed following such termination.

If Customer has purchased the Securiti Product through a Reseller, then any credit shall be calculated based upon fees received by Securiti from the Reseller.

Customer Support.

Securiti live technical support business hours will start at 9:00 am Pacific Time and run until 5:00 pm Pacific Time on weekdays (excluding holidays). Technical support can be contacted via email at [email protected] or by opening a customer support ticket at https://app.securiti.ai/#/customer-support.

Communication Channels:

EMAIL	COMMUNICATION TOOL
[email protected]	Open a support ticket at https://app.securiti.ai/#/customer-support

Live technical support will not be available on Christmas Day (December 25) and New Year’s Day (January 1). Limited technical support will be available during the hours listed above during Securiti holidays. The current Securiti holidays are set forth below:

• Presidents Day (third Monday of February)
• Memorial Day (last Monday of May)
• Independence Day (July 4)
• Labor Day (first Monday of September)
• Thanksgiving Day (fourth Thursday in November)
• Christmas Eve (December 24)
• New Year’s Eve (December 31)

Customer Technical Contact(s): As designated by Customer

Initial privileged customer support accounts will be created for the customer contacts listed above. Additional privileged customer support accounts may be created based on a documented authorization request from a designated customer contact above or by Customer directly.

Notwithstanding the foregoing, if Customer has purchased the Securiti Product through a Reseller, then the Reseller and not Securiti may be responsible for providing Customer with first level support. In this case, Customer will need to contact the Reseller for support, and not Securiti. Contact the Reseller for more information about whether first level support is provided by the Reseller or Securiti.

---

Exhibit B

Security Exhibit

Security Exhibit Securiti maintains a comprehensive, written information security program that contains administrative, technical, and physical safeguards that are appropriate to (a) the size, scope and type of Securiti’s business; (b) the type of information that Securiti will store; and (c) the need for security and confidentiality of such information.

Securiti’s security program includes:

1. Security Awareness and Training.

A mandatory security awareness and training program for all members of Securiti’s workforce (including management), which includes:

• Training on how to implement and comply with its Information Security Program; and
• Promoting a culture of security awareness through periodic communications from senior management with employees.

2. Access Controls.

Policies, procedures, and logical controls:

• To limit access to its information systems and the facility or facilities in which they are housed to properly authorized persons;
• To prevent those workforce members and others who should not have access from obtaining access; and
• To remove access in a timely basis in the event of a change in job responsibilities or job status.

3. Physical and Environmental Security.

Controls that provide reasonable assurance that access to physical servers at the production data center, if applicable, is limited to properly authorized individuals and that environmental controls are established to detect, prevent and control destruction due to environmental extremes. These controls are implemented by Amazon Web Services (AWS) and they are listed here: https://aws.amazon.com/compliance/data-center/controls/. Specific to Securiti:

• Logging and monitoring of unauthorized access attempts to the data center by the data center security personnel;
• Camera surveillance systems at critical internal and external entry points to the data center, with retention of data per legal or compliance requirements;
• Systems that monitor and control the air temperature and humidity at appropriate levels for the computing equipment; and
• Redundant power supply modules and backup generators that provide backup power in the event of an electrical failure, 24 hours a day.

4. Security Incident Procedures.

A security incident response plan that includes procedures to be followed in the event of any Security Breach. Such procedures include:

• Roles and responsibilities: formation of an internal incident response team with a response leader;
• Investigation: assessing the risk the incident poses and determining who may be affected;
• Communication: internal reporting as well as a notification process in the event of unauthorized disclosure of Customer Data;
• Recordkeeping: keeping a record of what was done and by whom to help in later analysis and possible legal action; and
• Audit: conducting and documenting root cause analysis and remediation plan.

5. Contingency Planning.

Policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, pandemic flu, and natural disaster) that could damage Customer Data or production systems that contain Customer Data. Such procedures include:

• Data Backups: A policy for performing periodic backups of production data sources, as applicable, according to a defined schedule;
• Disaster Recovery: A formal disaster recovery plan for the production data center, including:
• Requirements for the disaster plan to be tested on a regular basis, currently twice a year; and
• A documented executive summary of the Disaster Recovery testing, at least annually, which is available upon request to customers.
• Business Continuity Plan: A formal process to address the framework by which an unplanned event might be managed in order to minimize the loss of vital resources.

6. Audit Controls.

Hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic information.

7. Data Integrity.

Policies and procedures to ensure the confidentiality, integrity, and availability of Customer Data and protect it from disclosure, improper alteration, or destruction.

8. Storage and Transmission Security.

Security measures to guard against unauthorized access to Customer Data that is being transmitted over a public electronic communications network or stored electronically. Such measures include requiring encryption of any Customer Data stored on desktops, laptops or other removable storage devices.

9. Secure Disposal.

Policies and procedures regarding the secure disposal of tangible property containing Customer Data, taking into account available technology so that Customer Data cannot be practicably read or reconstructed.

10. Assigned Security Responsibility.

Assigning responsibility for the development, implementation, and maintenance of Securiti’s security program, including:

• Designating a security official with overall responsibility;
• Defining security roles and responsibilities for individuals with security responsibilities; and
• Designating a Security Council consisting of cross-functional management representatives to meet on a regular basis.

11. Testing.

Regularly testing the key controls, systems and procedures of its information security program to validate that they are properly implemented and effective in addressing the threats and risks identified. Where applicable, such testing includes:

• Internal risk assessments;
• Service Organization Control 2 (SOC2) audit reports (or industry-standard successor reports).

12. Monitoring.

Network and systems monitoring, including error logs on servers, disks and security events for any potential problems. Such monitoring includes:

• Reviewing changes affecting systems handling authentication, authorization, and auditing;
• Reviewing privileged access to Securiti production systems; and
• Engaging third parties to perform network vulnerability assessments and penetration testing on a regular basis.

13. Change and Configuration Management.

Maintaining policies and procedures for managing changes Securiti makes to production systems, applications, and databases. Such policies and procedures include:

• process for documenting, testing and approving the patching and maintenance of the Securiti Product;
• A security patching process that requires patching systems in a timely manner based on a risk analysis; and
• A process for Securiti to utilize a third party to conduct application level security assessments. These assessments generally include testing, where applicable, for:
• • Cross-site request forgery
  • Services scanning
  • Improper input handling (e.g. cross-site scripting, SQL injection, XML injection, cross-site flashing)
  • XML and SOAP attacks
  • Weak session management
  • Data validation flaws and data model constraint inconsistencies
  • Insufficient authentication
  • IInsufficient authorization

14. Program Adjustments.

Monitoring, evaluating, and adjusting, as appropriate, the security program in light of:

• Any relevant changes in technology and any internal or external threats to Securiti or the Customer Data;
• Security and data privacy regulations applicable to Securiti; and
• Securiti’s own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to information systems.

15. Devices.

– Ensuring that all laptop and desktop computing devices utilized by Securiti and any subcontractors when accessing Customer Data:

• will be equipped with a minimum of AES 128 bit full hard disk drive encryption;
• will have up to date virus and malware detection and prevention software installed with virus definitions updated on a regular basis; and
• will maintain virus and malware detection and prevention software so as to remain on a supported release. This will include, but not be limited to, promptly implementing any applicable security-related enhancement or fix made available by the supplier of such software.

16. Data Security Breach.

" Security Breach" means any security incident if there is a reason to believe Customer Data has been or may have been accessed by an unauthorized party.

• Securiti will notify Customer of a Security Breach as soon as practicable, but no later than twenty-four (24) hours after Securiti becomes aware of it, by e-mailing Customer with a read receipt at a Customer designated email address, with a copy by e-mail to Securiti’s primary business contact within Customer.
• Securiti agrees that unless required by law, it shall not inform any third party that a Security Breach without Approval. Further, Securiti agrees that Customer shall have the sole right to determine whether notice of the Security Breach is to be provided to consumers associated with Customer Data.

17. Return or Destruction of Customer Data.

• Except as provided herein, Securiti shall delete all copies of Customer Data (i) upon written request of Customer and (ii) within 120 days of the date of cessation of any services (the " Cessation Date").
• Securiti may retain Customer Data to the extent required by applicable laws and only to the extent and for such period as required by applicable law.

18. INSURANCE

At all times Securiti accesses, processes or stores Customer Data, Securiti will maintain: Errors & Omissions/Professional Liability /Cyber Insurance, in an amount not less than $3,000,000 per claim and annual aggregate, covering all acts, errors, omissions, negligence, and including infringement of intellectual property (except patent and trade secret) in the performance of services for Customer or on behalf of Customer hereunder. Securiti’s policy will provide for Data Security & Privacy "Cyber" coverage (including coverage for unauthorized access and use, failure of security, breach of confidential information, of privacy perils, as well as breach mitigation costs and regulatory coverage). Such insurance shall be maintained in force at all times during the term of the Agreement and for a period of two years thereafter for services completed during the term of the Agreement. Customer shall be given at least 30 days’ notice of the cancellation or expiration of the aforementioned insurance for any reason.

Platform Products Specific Terms

"API" is the application-programming interface used by you to access functionality provided by SECURITI

"Monthly Active User" or "MAU" is a Platform Application User that uses the Service via an API call (made by or on behalf of the Platform Application User account) at least once in a monthly calendar period.

"Monthly Platform API Calls" is any API call made by a Platform Application to the Service within a monthly calendar period on behalf of: (a) a Platform Application User; (b) a User; or (c) a Platform Service Account (connectors), not to exceed your allotted amount.  Except as otherwise set forth in an order, excluded from Monthly Platform API Calls are API calls made on behalf of: (i) third party software application integrations that are permitted with your use of the Service; (ii) SECURITI provided application (e.g. PRIVACI virtual appliance); (iii) SECURITI provided services (e.g. consent javascript).

"Monthly Platform Bandwidth" is the Platform Bandwidth consumed on a monthly calendar basis by or on behalf of: (a) a Platform Application User; or (b) a Platform Service Account (e.g. Connectors), not to exceed your allotted amount. Unless specified in an order, excluded from Monthly Platform Bandwidth is Platform Bandwidth consumed by: (i) SECURITI provided applications (e.g., the PRIVACI web app) and (ii) SECURITI provided software application (e.g. PRIVACI virtual appliance), if applicable.

"PlatformApplication" is an application used by or on behalf of you that uses the API for the purposes of access to the Service.

"Platform Application User" is a user with a unique identifier that is created and provisioned by the enterprise administrator and such user’s access to Content in the Service is governed through the Platform Application.

"Platform Bandwidth" is the flow of data to or from the Service as a result of the Platform Application, measured in gigabytes (GB), not to exceed your allotted amount.

"Platform Service Account" is a SECURITI.ai API based ‘Connector’ service that is created and provisioned by an application administrator to scan and detect personal data within your data stores and execute data subject rights requests where possible.

"Platform Storage" is the total amount of Content, measured in gigabytes (unless otherwise specified), stored by or on behalf of all Platform Application Users, Platform Service Accounts and any other users of Platform Products, not to exceed your allotted amount.

"Platform UseLimit(s)" is the amount as specified and allocated to you for: (i) Monthly Platform Bandwidth, Monthly Platform API Calls, Platform Storage and number of Monthly Active Users; and (ii) any other applicable usage limits or restrictions.

"System Admin(s)" Users with system admin (also known as ‘admin’) access profile are one or more key stakeholders or IT managers who needs full control over the PRIVACI.ai account and its administration. This role has special access to all system features, functions, and data because administrators can override access profile rules and pass all access profile checks. The responsibilities for the primary admin include: Configuring the Privaci account and adjusting account settings as needs change; Creating other users with system admin access profiles (co-admins); Creating a DPO user and assigning DPO access profile to that user; Creating users and assigning access profiles to allow access to various Privaci modules; Configure, deploy, register, monitor and maintain Privaci virtual appliances; Configure, deploy, monitor and maintain Privaci connectors to scan and perform data subject rights requests against data stores; Accessing, configuring and managing the Privaci modules if this is a shared role;  Running Reports as part of regular check-ins; Monitoring user access and actions for auditing purposes; Having the time and proper security clearance for managing the general user base.

"Data Source Instance" is a unique, data repository that can be scanned to detect personal data and/or automated to execute data rights requests. A single data source instance could be a unique SaaS service instance identified by its instance Id or domain name, a single application database, a unique file share, a unique storage bucket, an LDAP/AD Organizational Unit etc. which can be connected to the PRIVACI environment through a supported PRIVACI Monitored or User Defined Connector.

You receive the features and functionality that are provided in the specific Platform Product(s) that you have registered or purchased. You will ensure that your usage of the Platform Products is at all times in conformance with the Platform Use Limits, these Terms and applicable law. If you exceed the Platform Use Limits, additional fees will be due and/or reasonable restrictions may be placed on your account until any such excess usage is adequately eliminated by you.

You may not co-brand any Platform Products or use any SECURITI.ai OR PRIVACI.ai trademarks, logos, or other SECURITI marks to promote and market the Platform Products without SECURITI’s prior written consent.
‍
You will not permit use of the Platform Application:

• to violate these Terms;
• to perform hidden activities (such as downloading components or other software)
• impersonate, or misrepresent an affiliation with, any person or entity;
• mine or analyze any Content transmitted to, retrieved from or stored in the Platform Products/the Service (including, but not limited to, through spiders, robots, crawlers, data mining tools, scrapers, or other automated means, or services employing any such means);
• circumvent any security measures
• use or affect the Platform Products in any manner that could damage, disable, overburden or impair the Platform Products (including, but not limited to, flooding the Platform Products with an excessive amount of data or content);
• permit use in connection with any purposes or intended application which involves risks or dangers that could lead to death, serious bodily injury, severe physical or property damage, or use for purposes that otherwise require significant safety precautions.