Master Service Agreement

Between

and

Cyber Security Solutions, Inc.

This Cyber Security Solutions, Inc. Master Services Agreement (“MSA” or “Agreement”) is between Cyber Security Solutions, Inc., a Delaware Corporation (“CSS”) and the customer (“Customer”). This MSA governs Customer’s subscription to, and use of, the Solutions (as defined below) in connection with any paid or Evaluation use of the Solutions.

This is a legal, enforceable contract between Customer and CSS. Customer (or its representative) by executing this MSA shall be deemed to have validly executed and delivered this MSA to CSS with the “Effective Date” being the date of such signature, access or approval as recorded in the records of CSS. If the Customer does not agree to this MSA, the Customer may not subscribe to or use the Solutions.

Capitalized terms will have the meaning assigned to such terms as defined throughout this MSA. Each of CSS or Customer is sometimes described in this MSA as a “Party” and together, “Parties.” The Parties agree as follows:

1.    Definitions

1.1.  “Affiliate(s)” means any entity that directly, or indirectly through intermediaries, is controlled by a Party. The license granted to Customer herein includes the right to use the Solutions as stated in the applicable Solutions Addendum for Customer’s Affiliates, provided that Customer advises CSS of such usage and is fully responsible and liable under this MSA for such Customer’s Affiliates’ usage.

1.2.  “Confidential Information” means all information disclosed (whether in oral, written, or other tangible or intangible form) by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) concerning or related to this MSA and the Solutions. Any information that the Disclosing Party marks as confidential or proprietary, or that the Receiving Party knows or reasonably should know is confidential information of the Disclosing Party given the facts and circumstances surrounding the disclosure of the information by the Disclosing Party, shall also be deemed Confidential Information. Confidential Information includes, but is not limited to, this MSA, the Solutions Addendum, the Documentation, System Data, proprietary and/or non-public technical, business, commercial, financial and/or legal information of CSS or the Customer that has been shared with the other Party, any information or knowledge gained by Customer through use of the Solutions, business plans, product information, pricing, financial plans, or know how of CSS, any Customer Data, strategies, and other similar information.

1.3.  “Current Release” means the most recent commercial release of the Solutions (not any Beta version).

1.4.  “Customer Data” means all data and information associated with Customer, which is uploaded to, collected, processed, generated, and/or stored within the Solutions by CSS or Customer or through Customer’s use of the Solutions or provided in support tickets, but excluding System Data.

1.5.  “Documentation” means CSS’ then–current published documentation such as technical user guides, installation instructions, articles or similar documentation specifying the functionalities of the Solutions and made available by CSS to Customer as specified in the applicable Solutions Addendum.

1.6.  “Enhancements” means any updates, patches, bug fixes and versions to the Solutions made by CSS and provided to Customer.

1.7.  “Evaluation” means for the limited purpose of accessing and installing the Solutions for internal evaluation by Customer who is considering licensing the Solutions but without any obligation for the Customer or CSS to enter into the MSA or any further agreement.

1.8.  “Intellectual Property Rights” means all patents, copyrights, moral rights, trademarks, trade secrets and any other form of intellectual property rights recognized in any jurisdiction, including applications and registrations for any of the foregoing.

1.9.  “Partner” means an authorized CSS sales agent or reseller.

1.10.  “Personal Data” means any Customer Data that relates to an identified or identifiable natural person or household.

1.11.  “Public Sector Addendum” means the Solutions Addendum that applies to Public Sector Customers (as defined in the Public Sector Addendum).

1.12.  “Purchase Order” means a document agreed to in writing and executed among Customer and CSS that references a Quote covering Customer’s subscription to the specified Solutions or an Evaluation offering.

1.13.  “Quote” means a quote from CSS for the Solutions.

1.14.  “Restrictions” means any restrictions to Customer’s license to use Solutions as stated in this MSA or the License Restrictions section in the applicable Solutions Addendums.

1.15.  “Site” means CSS’ website at www.securedbycss.com or as defined in the relevant Solutions Addendum.

1.16.  “Solution(s)” means the products and services offered by CSS pursuant to this MSA.

1.17.  “Solutions Addendum” means the addendum to this MSA which sets forth the Solutions and payment terms that Customer subscribes to pursuant to, either as set forth in such Solutions Addendum and/or a Purchase Order and/or a Public Sector Addendum.

1.18.  “Special Information” means sensitive Personal Data or other information requiring additional protections under applicable laws.

1.19.  “Subscription Term” means the license term of the Solutions as defined in Section 11.1 of this MSA.

1.20.  “System Data” means deidentified data derived from the Solutions including without limitation, aggregate statistics, use, performance and bug reports, any threat or potential threat detections collected by the Solutions and/or system behavioral information (including without limitation correlative and/or contextual data) and other information about Customer’s use of Solutions as generated by the Solutions.

1.21.  “Third Party Products” means third party products, applications, services, software, networks or other systems or information sources that link to the Solutions through CSS’ open Application Programming Interface.

1.22.  “Third Party Service” means a third party that manages the installation, onboarding and/or operation of the Solutions on Customer’s behalf, or monitors, supports or installs any Third Party Products requested by the Customer that accesses information from, or provides information to, the Solutions.

2.    Use of the Solutions.

2.1.  License. A customer’s right to use Solutions is limited to the specific Solutions it subscribed to under a Solutions Addendum and is subject to the License Restrictions of the applicable Solutions Addendum. Customer shall not reverse engineer any component of the Solutions and shall only have a license to use the Solutions for the purposes for which they were designed during the Subscription Term.

Subject to the terms of this MSA, Customer hereby grants to CSS a non- exclusive, non-transferable, worldwide, royalty-free right to use, copy, store, transmit, modify, create derivative works of, and display the Customer Data or System Data collected or stored by CSS during the Subscription Term solely to the extent necessary to provide the applicable Solutions to Customer; and/or enhance the functionality of the Solutions to other entities who are customers of CSS; and/or to share on an anonymous basis with organizations involved in the protection of data or information systems in order to improve data protection methods that are currently being employed in the marketplace; and/or to share with governmental authorities for the potential prosecution of actors who CSS believes may be exploiting vulnerabilities in data systems without proper authorization.

2.2.  Documentation. All use of the Solutions shall be in accordance with the then-current Documentation.

2.3.  Third Party Products. If Customer decides to enable, access or use a Third Part Service, including Third Party Products that integrate or use Customer’s network, CSS does not warrant, and this MSA does not cover, the performance or accuracy of such Third Party Products even if the Solutions have been deemed to support the use of the Third Party Products, or even if CSS resells them or designates them as certified, approved, recommended, or are otherwise provided by a third party that is a member of a CSS partner program. Customer’s access and use of such Third Party Products is governed by the terms of such Third Party Products, and CSS does not warrant, endorse, and makes no representations as to any aspect of such Third Party Products, including, without limitation, their content or the manner in which they perform or handle data or any interaction between Customer and the provider of such Third Party Products, and CSS shall not be responsible or liable for any damage, expenses or loss (financial or otherwise) caused or alleged to be caused by or in connection with the access or use of such Third Party Products by Customer with the Solutions. Customers may be required to register for or log into such Third-Party Products on their respective websites. By enabling any Third-Party Products, Customer expressly permits CSS to disclose Customer’s Solutions Login information as well as Customer Data to such Third-Party Products as necessary to facilitate Customer’s enablement and use of such Third Party Products.

2.4.  Third Party Service. If Customer enters into an agreement with a third party for a Third Party Service (which may include Third Party Products) then Customer may allow such Third Party Service or provider thereof to access the Solutions provided that (i) as between the Parties, Customer remains responsible for compliance with this MSA by Customer and any such Third Party Service provider or consultant to which Customer grants access to the Solutions; (ii) such Third Party Service or provider only uses the Solutions for Customer’s internal purposes and not for the benefit of any other person or to enhance or modify the Third Party Service or any Third Party Products to be offered to any person (other than the Customer); (iii) Customer obtains written confirmation from the Third Party Service provider that it has been advised of the terms and conditions of this MSA; and (iv) Customer remains liable to CSS for the Third Party Service’s access and use of the Solutions on Customer’s behalf, or any breach of this MSA by the Third Party Service.

3.    Evaluations; Early Adoption and Beta Use.

3.1.  Evaluation Offering. If Customer receives the Solutions for Evaluation purposes, then Customer may use the Solutions for Evaluation for a period of up to thirty (30) days from the start date of the Evaluation (the “Evaluation Period”), unless otherwise agreed in writing by CSS.

3.2.  Evaluation License and Restrictions. During the Evaluation Period, Customer: (i) may access, install and use Solutions pursuant to the applicable Documentation, for the limited purpose of solely testing the Solutions within the Customer’s environment and shall not allow any person access to the Solutions or any System Data other than those individuals specifically

identified to CSS by Customer; (ii) shall comply with the Restrictions; (iii) shall uninstall the Solutions residing on Customer’s systems after the Evaluation Period and confirm to CSS in writing (email accepted) of such deletion and uninstallation; and (iv) agrees that any and all System Data generated by Customer’s use of the Solutions during the Evaluation Period shall be the sole property of CSS and Customer shall not share the results of any Evaluation with any person outside of Customer. If the Evaluation offering is for a subscription, the Customer understands that CSS may disable access to the subscription automatically at the end of the Evaluation Period, without notice to Customer. During and following the Evaluation Period, the Parties shall discuss Evaluation results in good faith.

3.3.  Early Adoption or Beta Use. If Customer is invited to and agrees to participate in CSS’ Early Adoption Program or Beta Program, Customer acknowledges that Early Adoption or Beta versions of the Solutions are prerelease versions of the Solutions or Enhancements and as such may contain errors, bugs, or other defects. Accordingly, the Customer’s access, use and testing of the Early Adoption and/or Beta versions of the Solutions or Enhancements is subject to the disclaimers stated in Section 3.4 (DISCLAIMER OF WARRANTIES AND LIABILITY). Additionally, Customer’s access and use of Early Adoption and/or Beta versions of the Solutions or Enhancements is subject to CSS’ sole discretion as to length and scope of use, updates and support of such Early Adoption or Beta versions of the Solutions or Enhancements. CSS may terminate any Early Adoption Program or Beta Program at any time without any advance notice. All information or results of any Early Adoption Program or Beta Program shall be Confidential Information of CSS.

3.4.  DISCLAIMER OF WARRANTIES AND LIABILITY. DURING EVALUATION, OR EARLY ADOPTION OR BETA USE OF THE SOLUTIONS OR ANY ENHANCEMENTS, THE SOLUTIONS OR ENHANCEMENTS ARE OFFERED ON AN “AS IS” BASIS, WITHOUT ANY WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, OR THOSE ARISING BY LAW, STATUTE, USAGE OF TRADE, OR COURSE OF DEALING. CUSTOMER ASSUMES ALL RISK AS TO THE RESULTS AND PERFORMANCE OF THE SOLUTIONS OR ENHANCEMENTS AND ACKNOWLEDGES THAT THE USE OF THE SOLUTIONS OR ENHANCEMENTS FOR THE EARLY ADOPTION PROGRAM OR BETA PROGRAM, TO THE EXTENT APPLICABLE, MUST BE MADE IN STRICT CONFORMANCE WITH CSS INSTRUCTIONS. IT IS UNDERSTOOD AND AGREED THAT CSS WILL NOT BE LIABLE FOR ANY NETWORK DOWNTIME, SOLUTIONS DOWNTIME, AND/OR IDENTIFYING AREAS OF WEAKNESS IN THE SOLUTIONS. FOR ALL EVALUATIONS, OR EARLY ADOPTION OR BETA PROGRAM USE OF THE SOLUTIONS OR ENHANCEMENTS, CSS SHALL HAVE NO LIABILITY TO CUSTOMER OR ANY OTHER PERSON OR ENTITY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, LOSS OF REVENUE OR PROFIT, LOST OR DAMAGED DATA, LOSS OF PROGRAMS OR INFORMATION OR OTHER INTANGIBLE LOSS ARISING OUT OF THE USE OF OR THE INABILITY TO USE THE SOLUTIONS, OR INFORMATION, OR ANY PERMANENT OR TEMPORARY CESSATION OF THE SOLUTIONS OR ACCESS TO INFORMATION, OR THE DELETION OR CORRUPTION OF ANY CONTENT OR INFORMATION, OR THE FAILURE TO STORE ANY CONTENT OR INFORMATION OR OTHER COMMERCIAL OR ECONOMIC LOSS, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT OR OTHERWISE), EVEN IF CSS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR THAT THEY ARE FORESEEABLE. CSS IS ALSO NOT RESPONSIBLE FOR CLAIMS BY ANY THIRD PARTY THAT MAY BE MADE AGAINST THE CUSTOMER FOR PARTICIPATING IN THE EARLY ADOPTION OR BETA PROGRAM. WHILE THE SOLUTIONS OR ENHANCEMENTS ARE PROVIDED FREE OF CHARGE FOR EVALUATION, EARLY ADOPTION OR BETA PROGRAM PURPOSES ONLY, CSS MAXIMUM AGGREGATE LIABILITY TO CUSTOMER SHALL NOT EXCEED US $100 IN THE EVEN THAT A COURT OF COMPETENT JURISDICTION DEEMS DAMAGES ARE APPROPRIATE IN A PARTICULAR CURCUMSTANCE. IN JURISDICTIONS WHERE THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES IS NOT ALLOWED THE LIABILITY OF CSS SHALL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW. THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO THE PARTIES OBLIGATIONS UNDER SECTION 7 (CONFIDENTIALITY) HEREIN.

4.    Ownership and Reservation of Rights.

4.1.  Customer. As between the Parties, Customer has all right, title and interest in and to Customer Data and all Intellectual Property Rights embodied in Customer Data.

4.2.  CSS. As between the Parties, CSS has all right, title and interest in and to the Solutions (and any and all modifications to or derivative works of the Solutions or Enhancements), Documentation, System Data, and any and all

Intellectual Property Rights embodied therein.

4.3.  Reservation of Rights. Each Party reserves all rights not expressly granted in this MSA, and no licenses are granted by one Party to the other Party under this MSA, whether by implication, estoppel or otherwise, except as expressly set forth in this MSA.

5.    Billing, Plan Modifications and Payments.

5.1.  Fees. The fees for the Solutions shall be set forth in one or more Solutions Addendums (“Fees”). All Fees are due payable within the time period as detailed in the Solutions Addendum. If Customer’s payment of Fees is past due or delinquent and Customer fails to pay the Fees within ten (10) days after receipt of CSS notice to Customer of such delinquency, then such nonpayment will be considered a material breach by Customer of this MSA and, in addition to CSS other remedies as set forth in the Solutions Addendum, CSS may suspend Customer’s access to the Solutions without notice. No refunds or credits for paid Fees will be issued to Customer, except as stated otherwise in Section 11.3 (Effects of Termination).

5.2.  Subscription Increase. If Customer’s usage of the Solutions exceeds the usage purchased under a Solutions Addendum, CSS has the right to invoice the Customer for the incremental Fees associated with such increased usage on (a) a pro rata basis at the price per unit specified in the applicable Solutions Addendum for the remaining period of such Subscription Term and/or (b) the overages for usage for the relevant prior periods at the price per unit specified in the applicable Solutions Addendum (a “True-Up”). Customer shall pay such True-Up amount within seven (7) days after being invoiced by CSS. No refunds or credits for paid Fees will be issued to Customer, except as stated otherwise in Section 11.3 (Effects of Termination).

5.3.  Taxes. Customers shall be responsible for any sales, use, personal property or ad valorum taxes that are required to be collected by CSS and remitted to a governmental authority in connection with the Customer’s access and use of the Solutions. The Parties agree that neither Party shall be responsible or liable for any tax obligations of the other based on the income, earnings, or profits of the other Party.

6.    Privacy and Security.

6.1.  Processing Limitations and Security Obligation. In providing Customer the Solutions, CSS will (i) store, process and access Customer Data only to the extent reasonably necessary to provide Customer the Solutions and to create System Data to improve the Solutions; and (ii) implement and maintain commercially reasonable technical, physical and organizational measures that are designed to protect the security, confidentiality and integrity of Customer Data hosted by CSS from unauthorized access, use, alteration or disclosure.

Customer understands that it shall be solely responsible for the issuance of credentials to its employees, or access by representatives of the Customer to the Solutions, Customer Data and System Data, and any unauthorized access by such persons with a valid login code and password is the sole responsibility of Customer.

6.2.  Data Privacy. To the extent Customer Data includes Personal Data, CSS will process Personal Data in accordance with the terms of the Data Protection Addendum (“DPA”) that as provided to Customer. The Parties agree that any DPA, as in effect during the Subscription Term, shall be deemed to be a part of this MSA. The Parties agree that the DPA may be unilaterally amended by CSS from time to time, without notice to Customer, during the Subscription Term or any renewal thereof. Any upload of Special Information shall be governed by the terms of the DPA. In the event that Customer intends to upload or access any Special Information, Customer shall evaluate whether the technical and organizational measures described in the DPA are sufficient to protect Special Information and Customer shall not upload any Special Information to the Solutions if Customer determines that such technical and organizational measures are insufficient to protect such Special Information in accordance with applicable laws or its commitments to other entities.

7.    Confidentiality.

7.1.  Obligations. The Receiving Party will maintain in confidence, during the term of this MSA and for five (5) years following the date of termination of this MSA, the Confidential Information, and will not use such Confidential Information except as expressly permitted in this MSA (provided that Confidential Information defined as a trade secret under any applicable law shall be maintained in confidence so long as it retains its confidentiality status under such laws). The Receiving Party will use the same degree of care in protecting the Confidential Information as the Receiving Party uses to protect its own confidential and proprietary information from unauthorized use or disclosure, but in no event less than reasonable care. Confidential Information will be used by the Receiving Party solely for the purpose of carrying out the Receiving Party’s obligations under this MSA or as specifically permitted by this MSA. The Receiving Party will only disclose Confidential Information to its directors, officers, employees and/or contractors who have a need to know such Confidential Information in order to perform their duties under this MSA, provided such directors, officers, employees and/or contractors have been advised of the obligation to maintain the confidentiality of such information by the Receiving Party. Notwithstanding the foregoing however, each Party may disclose the terms and conditions of this MSA: (i) to legal counsel of such Party; (ii) to such Party’s accountants, banks, financing sources and their advisors; (iii) in connection with the enforcement of this MSA or rights under this MSA; or (iv) in connection with an actual or proposed merger, acquisition, or similar transaction.

7.2.  Exceptions. Confidential Information will not include information that: (i) is in or enters the public domain without breach of this MSA through no fault of the Receiving Party; (ii) the Receiving Party can reasonably demonstrate was in its possession prior to first receiving it from the Disclosing Party; (iii) the Receiving Party can demonstrate was developed by the Receiving Party independently, and without use of or reference to, the Confidential Information; or (iv) the Receiving Party receives from a third party without restriction on disclosure and without breach of such third party’s nondisclosure obligation. In addition, the Receiving Party may disclose Confidential Information that it is required to disclose by law, or by a subpoena, civil investigative demand or order issued by a court of competent jurisdiction or other governmental authority (each, an “Court Order”), provided the Receiving Party shall: (a) give the Disclosing Party written notice of the Court Order within 24 hours after receiving it (unless prohibited by law); and (b) cooperate fully with the Disclosing Party before disclosure to provide the Disclosing Party with the opportunity to interpose any objections it may have to disclosure of the information required by the Court Order and seek a protective order or other appropriate relief. In the event of any dispute between the Parties as to whether specific information is within one or more of the exceptions set forth in this Section 7.2, Receiving Party will bear the burden of proof, by clear and convincing evidence, that such information is within the claimed exception(s).

7.3.  Remedies. The Receiving Party acknowledges that any unauthorized disclosure of Confidential Information will result in irreparable injury to the Disclosing Party, which injury could not be adequately compensated by the payment of money damages. In addition to any other legal and equitable remedies that may be available, the Disclosing Party will be entitled to seek and obtain injunctive relief against any breach or threatened breach by the Receiving Party of the confidentiality obligations hereunder, from any court of competent jurisdiction, without being required to show any actual damage or irreparable harm, prove the inadequacy of its legal remedies, or post any bond or other security.

8.    Representations, Warranties and Remedies.

8.1.  General Representations and Warranties. Each Party represents and warrants the following: (i) it is validly existing and in good standing under the laws of the place of its establishment or incorporation; (ii) it has full corporate power and authority to execute, deliver and perform its obligations under this MSA and the Solutions Addendum; (iii) the person signing, accepting or

agreeing to this MSA or the Solutions Addendum on its behalf has been duly authorized and empowered to take such action; (iv) this MSA and any Solutions Addendum is valid, binding and enforceable against it in accordance with its terms; (v) it shall deliver (as to CSS) and operate (as to Customer) the Solutions in material conformity with the Documentation and the terms herein; and (vi) it will perform its obligations under this MSA and the Solutions Addendum in accordance with applicable federal or state laws or regulations. To the extent Customer Data is collected for or uploaded by Customer to the Solutions (“Uploaded Data”), in connection with the Solutions, the Customer warrants that it: (a) has sufficient rights to upload the Uploaded Data, and that that the Uploaded Data does not infringe on the intellectual, publicity, privacy or other right of a third party, violate any applicable law or contain obscenity, defamation or content in violation of consumer and child protection laws; and (b) the Uploaded Data will not contain any virus, worm, trap door, back door or Trojan horse that would negatively impact the Solutions or allow an unauthorized person access to the Solutions or any Customer Data or System Data within the Solutions.

8.2.  Conformity with Documentation. CSS warrants that at any point in time during the Subscription Term, the Current Release will substantially conform in all material respects with the Documentation. CSS sole obligation for material non-conformity with this warranty shall be, in CSS sole discretion, to use commercially reasonable efforts (i) to provide Customer with an error- correction or workaround to the reported non-conformity; (ii) to replace the non-conforming portions of the Solutions or Documentation with conforming items; or (iii) if CSS reasonably determines it cannot provide such remedies within a reasonable period of time, to terminate this MSA and any Solutions Addendum and refund applicable Fees pursuant to Section 11.3 (Effects of Termination). The above warranty will not apply: (a) if the Solutions are not used in compliance with the Documentation; (b) if any unauthorized modifications are made to the Solutions by Customer or any third party; (c) to use of releases of the Solutions that are not the Current Release or the Solutions released immediately preceding the Current Release; (d) to defects due to accident, abuse or improper use by Customer; or (e) to Evaluation or Early Adoption or Beta Program use of the Solutions.

8.3.  Disclaimer. EXCEPT FOR THE REPRESENTATIONS AND WARRANTIES SET FORTH IN THIS SECTION 8, EACH PARTY DISCLAIMS ANY AND ALL REPRESENTATIONS OR WARRANTIES (EXPRESS OR IMPLIED, ORAL OR WRITTEN) WITH RESPECT TO THIS MSA AND THE SOLUTIONS, WHETHER ALLEGED TO ARISE BY OPERATION OF LAW, STATUTE, CUSTOM OR USAGE IN THE TRADE, BY COURSE OF DEALING OR OTHERWISE, INCLUDING ALL WARRANTIES OF MERCHANTABILITY, FITNESS OR SUITABILITY FOR ANY PARTICULAR PURPOSE (WHETHER OR NOT SUCH PARTY KNOWS, HAS REASON TO KNOW, HAS BEEN ADVISED, OR IS OTHERWISE AWARE OF ANY SUCH PURPOSE), ACCURACY, NON- INFRINGEMENT, OR CONDITION OF TITLE. THIS DISCLAIMER AND EXCLUSION WILL APPLY EVEN IF ANY EXPRESS WARRANTY HEREIN FAILS OF ITS ESSENTIAL PURPOSE. CSS DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, DETECT, OR IDENTIFY ALL THREATS, CONFIGURATION ERRORS, VULNERABILITIES, MALWARE, DENIAL OF SERVICE ATTACKS, AND MALICIOUS SOFTWARE, OR BE ABLE TO RESTORE CONTROL OF SYSTEMS WHERE UNAUTHORIZED ACCESS OR CONTROL HAS OCCURRED. CUSTOMER AND ITS AFFILIATES WILL NOT HOLD CSS RESPONSIBLE FOR SUCH OR ANY CONSEQUENCES THEREOF. REPORTS GENERATED THROUGH CUSTOMER’S USE OF THE SOLUTIONS ARE PROVIDED AS-IS.

9.    Indemnification Obligations.

9.1.  CSS Indemnity. CSS will indemnify Customer and Customer’s directors, officers, employees, contractors, agents, or other authorized representatives (“Customer Indemnitees”) from and against any and all third-party claims, suits, actions, or proceedings (each a “Claim”) alleging that Customer’s use of the Solutions: infringes or misappropriates a third party’s valid Intellectual Property Right; or alleging breach of CSS obligations under this Agreement or any applicable laws. CSS sole indemnification obligations under this Section 9.1 shall be that CSS will, at its expense, defend any such Claim by reason of Customer’s use of the Solutions as permitted hereunder, and pay damages, payments, deficiencies, fines, judgments, settlements, liabilities, losses, costs and expenses (including, but not limited to, reasonable attorneys’ fees, costs, penalties, interest and disbursements) finally awarded by a court of competent jurisdiction or included in a settlement approved by CSS. In the event of a Claim pursuant to this Section 9.1, CSS may, at CSS option and at CSS expense: (i) obtain for Customer, the right to continue to exercise the license granted to Customer under this MSA; (ii) substitute the allegedly infringing component for an equivalent non-infringing component; (iii) modify the Solutions to make them non-infringing; or (iv) settle or compromise any such Claim provided any such settlement or compromise does not require any Customer Indemnities to pay any amounts (except as set forth in Section 9.3 below) as a result of the Claim. If (i), (ii), or (iii) is not obtainable on commercially reasonable terms, CSS may terminate this MSA and any applicable Solutions Addendum, after providing Customer a reasonable time (no less than thirty (30) days) to transition to an alternative solution, unless CSS determines in its reasonable discretion that such use of the Solutions will likely result in infringement and in such case may terminate this MSA and the Solutions Addendum effective immediately with concurrent written notice to Customer. In the event of a termination of this MSA pursuant to this Section 9.1, all rights, and licenses with respect to the Solutions will immediately cease and CSS will refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Solutions Addendum) following the termination of this MSA. CSS indemnification obligations do not extend to Claims arising from or relating to: (a) any negligent or willful misconduct of any Customer Indemnitees; (b) any breach by Customer of any of its obligations under this MSA; (c) any combination of the Solutions (or any portion thereof) by any Customer Indemnitees or any third party with any equipment, software, data or any other materials where the infringement would not have occurred but for such combination, unless such combination is the customary, ordinary, and intended use of the Solutions; (d) any modification to the Solutions by any Customer Indemnitees or any third party where the infringement would not have occurred but for such modification; (e) the use of the Solutions by any Customer Indemnitees or any third party in a manner contrary to the terms of this MSA where the infringement would not have occurred but for such use; or (f) the continued use of the Solutions after CSS has provided a substantially equivalent non-infringing software or service..

9.2.  Customer Indemnity. Customer, at its sole expense, will indemnify CSS and its directors, officers, employees and agents or other authorized representatives (“CSS Indemnitees”) from and against any Claim arising out of: (a) Customer’s breach of this MSA or the Solutions Addendum or any applicable laws; (b) Customer’s use of the Solutions with any Third Party Product or Third Party Services in violation of any third party Intellectual Property Rights; (c) any Claim that is a Customer obligation under Sections 2.3 (Third Party Products), 2.4 (Third Party Service) or the Restrictions; or (d) the failure of Customer’s administrators of Customer’s account to maintain the confidentiality of their login information to such account. Customer’s sole indemnification obligations under this Section 9.2 shall be that Customer will, at its expense, defend any such Claim, and pay damages, payments, deficiencies, fines, judgments, settlements, liabilities, losses, costs and expenses (including, but not limited to, reasonable attorneys’ fees, costs, penalties, interest and disbursements) finally awarded by a court of competent jurisdiction or included in a settlement approved by Customer.

9.3.  Procedures. The indemnifying Party’s indemnification obligations under this Section 9 are conditioned upon the indemnified Party: (i) giving prompt written notice of the Claim to the indemnifying Party once the indemnified Party becomes aware of the Claim (provided that failure to provide prompt written notice to the indemnifying Party will not alleviate an indemnifying Party’s obligations under this Section 9 to the extent any associated delay does not materially prejudice or impair the defense of the related Claims); (ii) granting the indemnifying Party the option to take sole control of the defense (including granting the indemnifying Party the right to select and use counsel for both Parties of its own choosing for the Claim) and settlement of the Claim (except that the indemnified Party’s prior written approval will be required for any settlement that reasonably can be expected to require an affirmative obligation of the indemnified Party); and (iii) providing reasonable cooperation to the indemnifying Party and, at the indemnifying Party’s request and expense, assistance in the defense or settlement of the Claim.

10. Limitation of Liability.

10.1.  SUBJECT TO ANY SPECIFIC EXCEPTIONS ON LIABILITY STATED IN THIS SECTION 10, IN NO EVENT WILL CSS TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS MSA OR ANY DOCUMENTS REFERRED TO HEREIN, EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO CSS (OR THE APPLICABLE PARTNER) FOR 12 MONTHS AT THE TIME OF THE EVENT OR EVENTS LEADING TO THE ALLEGED DAMAGES.

10.2.  CSS TOTAL AGGREGATE LIABILITY FOR BREACH OF SECTION 6 (PRIVACY AND SECURITY) BY CSS OR CSS LIABILITY RELATING TO CUSTOMER DATA, SHALL NOT EXCEED THE GREATER OF ONE MILLION DOLLARS ($1,000,000) OR THE FEES PAID OR PAYABLE BY CUSTOMER TO CSS (OR THE APPLICABLE PARTNER) FOR 12 MONTHS EFFECTIVE AT THE TIME OF THE EVENT OR EVENTS LEADING TO THE ALLEGED DAMAGES, WHICHEVER IS GREATER.

ADVISED OR IS OTHERWISE AWARE OF THE POSSIBILITY OF SUCH DAMAGES. MULTIPLE CLAIMS WILL NOT EXPAND THIS LIMITATION. THIS SECTION 10 WILL BE GIVEN FULL EFFECT EVEN IF ANY REMEDY SPECIFIED IN THIS MSA IS DEEMED TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

11. Term, Termination and Effect of Termination.

11.1.  Term. The term of this MSA will begin on the Effective Date and continue until all active Solutions Addendums have expired or until earlier terminated pursuant to the terms of this MSA or the applicable Solutions Addendum. Customer’s use and subscription to any Solutions shall be as stated in the Solution Addendum for such Solutions (the “Initial Subscription Term”), and thereafter the Solutions subscription shall renew for additional successive one-year periods (“Renewal Subscription Term” and collectively, “Subscription Term”), unless either Party notifies the other in writing no less than ninety (90) days prior to the close of the then-current Initial or Renewal Subscription Term of its intention not to renew. This MSA and all Solutions Addendums may also (i) be terminated in accordance with Section 11.2 below; or (ii) be terminated by CSS in accordance with Section 5.1 (Fees) and Section 9.1 (Infringement Indemnity). Notwithstanding the above, a specific Solutions Addendum may provide additional termination rights to the Parties.

11.2.  Termination. In addition to CSS right to terminate this MSA and all Solutions Addendums pursuant to Section 5.1 (Fees) and Section 9.1 (Infringement Indemnity), either Party may terminate this MSA and all Solutions Addendums, for cause, if the other Party: (i) materially breaches this MSA (including an applicable Solutions Addendum) and does not cure such breach within thirty (30) days after its receipt of written notice of such breach; or (ii) becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to direct control of a trustee, receiver or similar authority. Additionally, CSS may terminate this MSA and all Solutions Addendums immediately for cause by providing notice to Customer if CSS believes that Customer is using the Solutions in any unauthorized manner likely to cause harm to CSS, or a third party.

11.3.  Effects of Termination. Upon any termination or expiration of this MSA and/or Solutions Addendum: (i) all rights and licenses granted to Customer under this MSA and any applicable Solutions Addendum(s) will immediately terminate; (ii) all of CSS obligations under this MSA and any applicable Solutions Addendum(s) will immediately cease; (iii) there will be no refund for any pre-paid and unused Fees as of the termination date (except where Customer terminates this MSA under Section 11.2 (Termination) due to CSS material breach or where CSS terminates this MSA under Sections 8.2 (Conformity with Documentation) or 9.1 (Infringement Indemnity) herein, in which case any refunds shall be on a pro-rata basis for any remaining unused portion of a subscription left after such termination); (iv) Customer will immediately pay CSS any and all Fees payable through the Subscription Term under this MSA or any Solutions Addendum; (v) upon receiving a written request from the Disclosing Party, the Receiving Party will promptly return to the Disclosing Party all Confidential Information of the Disclosing Party then in its possession or destroy all copies of such Confidential Information, at the Disclosing Party’s sole discretion and direction, provided however, that CSS shall be able to retain a copy of all Confidential Information of the Customer that relates to the performance of the Solutions, such as System Data, provided to Customer to support CSS performance pursuant to this MSA and any Solutions Addendum; (vi) Customer will immediately cease all use of the Solutions and destroy and/or permanently delete all copies of any components of the Solutions in Customer’s possession; (vii) Customer will uninstall the Solutions within ten (10) days after termination of this MSA or any applicable Solutions Addendum(s) and, provide written confirmation of such uninstallation; and (viii) Customer shall permit CSS to enter its premises to retrieve any and all equipment installed or placed by CSS on such premises to provide the Solutions, and Customer hereby confirms that it will have no right, title or interest in or to such equipment. CSS reserves the right to investigate suspected violations of Customer’s obligations under Sections 11.3(v) through (vii) herein and Customer shall provide reasonable access to its facilities and systems for such purpose upon written request of CSS. Notwithstanding any terms to the contrary in this MSA, the Restrictions and Sections 4 (Ownership and Reservation of Rights), 6 (Privacy and Security), 7 (Confidentiality), 9 (Indemnification Obligations), 10 (Limitation of Liability), 11.3(Effects of Termination) and 12 (General Provisions) will survive any termination of this MSA.

12. General Provisions.

12.1.  Entire Agreement. This MSA, together with all documents referenced herein, set forth the entire agreement and understanding of the Parties relating to Customer’s use and subscription to the Solutions, and the Parties herein expressly agree that this MSA and such documents supersedes all subsequent, prior or contemporaneous terms in agreements, proposals, negotiations, conversations, discussions and/or understandings, whether written or oral, with respect to such subject matter and all past dealing or industry customs (including without limitation any nondisclosure agreement among the Parties relating to any Evaluation or prior use of the Solutions, or any Quote and/or another agreement among the Parties in connection with Customer’s consideration and/or evaluation of the Solutions), excluding only any written agreement executed by CSS, expressly referencing this MSA and only to the extent such written agreement expressly notes that it is superseding or modifying specific terms in this MSA. In the event of conflict, the terms in the applicable Solutions Addendum(s) shall supersede and take precedence over the terms in this MSA.

12.2.  Independent Contractors. Neither Party will, for any purpose, be deemed to be an agent, franchisor, franchise, employee, representative, owner, or partner of the other Party. The relationship between the Parties shall only be that of independent contractors. Neither Party will have any right or authority to assume or create any obligations or to make any representations or warranties on behalf of any other Party, whether express or implied, or to bind the other Party in any respect whatsoever.

12.3.  Governing Law and Venue. This MSA and any Solutions Addendum will be governed by and construed in accordance with the laws of the State of Florida, without regard to conflict of law principles. The state or federal court in Hillsborough County, Florida will be the jurisdiction in which any suits should be filed if they relate to this MSA. Prior to the filing or initiation of any action or proceeding relating to this MSA, the Parties must participate in good faith mediation in Hillsborough County, Florida (except an action or proceeding required to protect or enforce a Party’s Intellectual Property Rights). If a Party initiates any proceeding regarding this MSA, the prevailing Party to such proceeding is entitled to reasonable attorneys’ fees and costs for claims arising out of this MSA.

12.4.  Publicity. Customer agrees that CSS may reference and use Customer’s name and trademarks in CSS marketing and promotional materials, including, but not limited to, the Site, solely for purposes of identifying Customer as a CSS customer. Otherwise, neither Party may use the trade names, trademarks, service marks, or logos of the other Party without the express written consent of the other Party and the Parties agree to not challenge any trade names, trademarks, service marks and logos of the other Party.

12.5.  Assignment. Neither this MSA nor any right or duty under this MSA may be transferred, assigned, or delegated by a Party, by operation of law or otherwise, without the prior written consent of the other Party. The Parties agree that such consent shall not be unreasonably delayed or withheld. Any attempted transfer, assignment or delegation without such consent will be void and without effect. Notwithstanding the foregoing, each Party may assign this MSA and any Solutions Addendum to a successor of substantially all of its business or assets, whether by merger, sale of assets, sale of stock, sale of control, reorganization or otherwise, with written notice to the other Party, provided that such successor in interest agrees in writing to assume all of the assigning Party’s obligations under this MSA and the Solutions Addendums. Subject to the foregoing, this MSA and the Solutions Addendum will be binding upon and will inure to the benefit of the Parties and their respective representatives, heirs, administrators, successors and permitted assigns.

12.6.  Export Compliance. The Solutions or components of the Solutions which CSS may provide or make available to Customer for use by Customer, are subject to U.S. export control and economic sanctions laws including the Export Administration Regulations and trade and economic sanctions imposed by Office of Foreign Asset Control (“OFAC”). Customer agrees not to violate such laws and regulations as they relate to Customer’s access to and use of the Solutions. Customer shall not access or use the Solutions if Customer is located in any jurisdiction in which the provision of the Solutions is prohibited under

U.S. or other applicable laws or regulations, currently Belarus, Cuba, Eritrea, Iran, North Korea, Russia, Syria, and the Crimea regions of the Ukraine (a “Prohibited Jurisdiction”), and Customer agrees not to permit access to the Solutions by any government, entity or individual located in any Prohibited Jurisdiction, or by any person or entity currently included on the Specially Designated Nationals and Blocked Persons List or the Consolidated Sanctions List maintained by OFAC (“Prohibited Person”), or otherwise in violation of any U.S. or other applicable export embargoes, prohibitions or restrictions.

Customer agrees to comply with all applicable laws regarding the transmission of technology exported from the U.S. and the country in which Customer and users are located. Customer represents that, to the best of Customer’s knowledge, neither Customer nor any of Customer’s officers, directors, ten (10%) percent or more shareholders or Affiliates is a person or an entity that (a) is, or is directly or indirectly owned or controlled by, any Prohibited Person, (b) is in or associated with, or is directly or indirectly owned or controlled by, any person in any Prohibited Jurisdiction.

12.7.  Amendments and Waivers. Except as specifically noted herein, no modification, addition or deletion, or waiver of any rights under this MSA will be binding on a Party unless made in a written agreement and executed by a duly authorized representative of each Party. No failure or delay (in whole or in part) on the part of a Party to exercise any right or remedy hereunder will operate as a waiver thereof or effect any other right or remedy, and no waiver of one breach or default or any delay in exercising any rights will not constitute a waiver of any subsequent breach or default. All rights and remedies hereunder are cumulative and are not exclusive of any other rights or remedies provided hereunder or by law.

12.8.  Notices. Any legal notice (whether this MSA expressly state “written notice” or “notice”) or communication required or permitted to be given hereunder must be in writing, signed or authorized by the Party giving notice, and may be delivered by hand, deposited with an overnight courier, sent by confirmed email or mailed by registered or certified mail, return receipt requested, postage prepaid, in each case to the address of the receiving Party as identified in the signature box below, or on a Solutions Addendum. In the case of any notices to CSS, a copy of such notice must be uploaded on the same date that notice is being provided to CSS to legal.notices@securedbycss.com.

Either Party may change the address for notices by giving thirty (30) days advance written notice to the other Party. Such notice will be deemed to have been given as of the date it is delivered. Notice is effective on the earlier of five (5) days from being deposited for delivery or the date on the confirmed email or courier receipt.

12.9.  Severability. If any provision of this MSA or any Solutions Addendum is deemed invalid, illegal, or incapable of being enforced by any rule of law or public policy, all other provisions of this MSA and the applicable Solutions Addendum will nonetheless remain in full force and effect so long as the economic and legal substance of the transactions contemplated by this MSA or such Solutions Addendum is not affected in any manner adverse to any Party. Upon such determination that any provision is invalid, illegal, or incapable of being enforced, the Parties will negotiate in good faith to modify this MSA or such Solutions Addendum so as to affect the original intent of the Parties as closely as possible in an acceptable manner to the end that the transactions contemplated hereby are fulfilled.

12.10.  Force Majeure. Except for payments due under this MSA, neither Party will be responsible for any failure to perform or delay attributable in whole or in part to any cause beyond its reasonable control, including but not limited to acts of God (fire, storm, floods, earthquakes, pandemics, etc.), civil disturbances, disruption of telecommunications, disruption of power or other essential services, interruption or termination of service provided by any service providers being used by Customer or CSS, labor disturbances, vandalism, cable cut, computer viruses or other similar occurrences, or any malicious or unlawful acts of any third party.

12.11.  Counterparts. This MSA may be executed: (i) in two or more counterparts, each of which will be deemed an original and all of which will together constitute the same instrument; and (ii) by the Parties by exchange of signatures pages by mail or e-mail (if e-mail, signatures in Adobe PDF or similar format).

SIGNATURE BLOCK ON THE FOLLOWING PAGE