Tenable-Master-Agreement
TENABLE MASTER AGREEMENT This Master Agreement (this âAgreementâ) is made by and between Tenable (as defined below) and the customer licensing Products and/or receiving services (âCustomerâ) with an effective date as of the date Customer clicks to accept this Agreement (the âEffective Dateâ). Hereinafter, each of Tenable and Customer may be referred to collectively as the âPartiesâ or individually as a âPartyâ. 1. Definitions. (a) âAffiliateâ means any entity that controls, is controlled by, or is under common control with a Party. âControlâ shall mean: (1) ownership (either directly or indirectly) of greater than fifty percent (50%) of the voting equity or other controlling equity of another entity; or (2) power of one entity to direct the management or policies of another entity, by contract or otherwise. (b) âDocumentationâ means the then-current official user manuals and/or documentation for the Products available at docs.tenable.com (or a successor location). (c) âHosted Servicesâ are a type of service offered through Tenableâs cloud-based software as a service (SaaS) platform and include Scans and access to and use of the hosted environment (the âHosted Environmentâ). (d) âProduct(s)â means any of the products that Tenable offers, including Software, Hosted Services, Hardware (if any), Support Services and Professional Services. (e) âProfessional Servicesâ means services purchased, including consulting services which are relevant to the implementation and configurations of Tenable Products as well as on-site or virtual training courses. Generally, Professional Services are defined either in a separate SOW or a Services Brief. Professional Services do not include the Hosted Services or Support Services. (f) âScan(s)â are a function performed by the Software and/or the Hosted Services on Scan Targets, which are conducted in order to provide data to Customer regarding its network security. âPCI Scansâ are a specific type of Scan designed to assess compliance with the Payment Card Industry Data Security Standard. âScan Dataâ is the resulting information created by the Scan. âScan Target(s)â are the targets or subjects of a Scan. (g) âServices Briefâ means the document which outlines Tenableâs basic, pre-packaged installation or training Professional Services offered under a Tenable SKU and which do not require a separate SOW. Current versions of Services Briefs may be found at http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location). For the avoidance of doubt, Customer may purchase commercial off the shelf SKU-based Professional Services without executing a separate Statement of Work. A âSOWâ or âStatement of Workâ shall further describe Professional Services, the terms of which may be customized and which shall require execution by the Customer. (h) âSoftwareâ means each software product made available by Tenable under this Agreement for download. Software includes patches, updates, improvements, additions, enhancements and other modifications or revised versions of the same that may be provided to Customer by Tenable from time to time. (i) âTechnical Dataâ means data Customer uploads or runs through or on the Products, or is otherwise generated thereby, including information regarding licensing metrics and product behavioral data. (j) âTenableâ means: (i) Tenable, Inc., if Customer is a commercial entity or individual located in North or South America (Tenable, Inc. is a Delaware corporation having offices at 6100 Merriweather Drive, 12th Floor, Columbia, MD 21044); (ii) Tenable Public Sector LLC, if Customer is an agency or instrumentality of the United States Government, a commercial entity operating predominantly as a federal systems integrator for eventual sale or resale or for the benefit of the United States Government, or an agency or instrumentality of a State or local government within the United States (Tenable Public Sector LLC is a Delaware limited liability company having offices at 6100 Merriweather Drive, 12 th Floor, Columbia, MD 21044); or (iii) Tenable Network Security Ireland Limited, if Customer is located outside of North or South America (Tenable Network Security Ireland Limited is a private limited company having offices at 81b Campshires, Sir John Rogersonâs Quay, Dublin 2, Ireland). 2. Orders and Transactions. (a) Reseller Transactions. If Customer purchases Tenable Products through an authorized Tenable reseller (a âResellerâ), all terms related to pricing, billing, invoicing and payment (âPayment Termsâ) set forth in this Agreement (if any) shall not apply. For the avoidance of doubt, all such Payment Terms shall be as agreed to between Customer and Reseller. To place an order, Customer shall provide the Reseller with a purchase order (or other similar document acceptable to Reseller) in response to a valid quote from such Reseller. Following Resellerâs receipt of such purchase order, Tenable shall issue a sales order confirmation or other similar order acceptance document (the âOrdering Documentâ). No order shall be deemed accepted by Tenable until Tenable issues the Ordering Document. The Ordering Document shall set forth all Products (and corresponding licensing metrics) purchased by Customer. (b) Direct Transactions. If the Parties have agreed to transact directly, the following Payment Terms shall apply. Customer agrees to pay all amounts due as specified in a Tenable invoice. Fees for Hosted Services are charged for access to the Host Environment (as defined herein), not actual usage. Payment is due within thirty (30) days from the date of Tenableâs invoice to Customer. Customer will pay directly or reimburse Tenable for any taxes (including, sales or excise taxes, value added taxes, gross receipt taxes, landing fees, import duties and the like), however designated and whether foreign or domestic, imposed on or arising out of this Agreement. Notwithstanding the foregoing, Tenable will be solely responsible for its income tax obligations and all employer reporting and payment obligations with respect to its personnel. Customer agrees to pay Tenable without deducting any present or future taxes, withholdings or other charges except those deductions it is legally required to make. If Customer is legally required to make any deductions or withholding, Customer agrees to provide evidence of such withholding upon request. If a certificate of exemption or similar document or proceeding is necessary in order to exempt any transaction from a tax, Customer shall provide such certificate or document to Tenable. (c) Delivery and Installation. Delivery of Tenable Products (âDeliveryâ) shall be deemed to occur on the date of availability for electronic download or electronic access. Tenable has no duty to provide installation services for Tenable Products unless installation services are purchased separately. 3. Term and Termination. (a) Agreement Term. This Agreement shall commence upon the Effective Date and continue until terminated in accordance with the terms set forth herein. (b) License Term and Renewals. The âLicense Termâ is the term of the license or subscription for Products as set forth in the Ordering Document. If this Agreement has been signed by both Parties, then unless otherwise agreed to in writing, any License Term, including renewals, shall be governed by the terms set forth herein. If this Agreement has been accepted via shrinkwrap or clickthrough, upon any renewal of the License Term, the terms then available at http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location) will govern such renewal. Customer agrees that use of the Products at the time of such renewal will be deemed full and adequate acceptance of the updated terms. (c) Termination for Cause. Either Party may terminate this Agreement for cause if the other Party materially breaches this Agreement provided that such breaching Party has received written notice of such breach and failed to cure such breach within thirty (30) days. If this Agreement is terminated for cause by either Party, Customer shall remove all copies of the Products from any Customer systems and cease to use any Software or Hosted Services purchased hereunder. Further, Customer shall certify to Tenable that it has returned or destroyed all copies of the Software. If this Agreement is terminated for cause by Tenable, Customer shall remain responsible for any outstanding payment obligations throughout the rest of the License Term. (d) Termination for Convenience. Customer may terminate this Agreement for any lawful reason upon ninety (90) daysâ prior written notice to Tenable. If Customer terminates for convenience, Customer shall not receive a refund and shall remain obligated to pay for Products for which it has previously entered into a transaction as well as any additional payment obligations agreed upon prior to the termination date. 4. Products. (a) Product-Specific Terms. Pursuant to this Agreement, Customer may receive the right to use various Products as further described in the attached schedules (each, a âScheduleâ). Terms related to Customerâs use of Software are described in Schedule A (Software). Terms related to Customerâs use of Hosted Services are described in Schedule B (Hosted Services). Terms related to the provision of Professional Services are described in Schedule C (Professional Services). For each Product, Customer will have the right to use the corresponding Documentation. (b) Licensing Model. Product licenses shall be in accordance with the terms of the applicable licensing model as set forth in the Documentation and/or the Ordering Document, which may include limitations on Scan Targets, compute, storage, resource utilization, License Term, the number of users, seats, licenses and/or types of modules licensed. Product licenses shall commence upon Delivery and shall be either perpetual or subscription in nature. Tenable shall use commercially reasonable efforts to meter resource utilization and assess likeness or uniqueness of Scan Targets within each Product/module licensed. If Customer exceeds the license restrictions, Customer must purchase an upgraded license to allow for all actual or additional usage, and Tenable or its Reseller may promptly invoice Customer for any such overages at a price not to exceed Tenableâs then-current rates. Discrepancies in Scan Target or utilization count is the sole responsibility of the Customer to resolve. (c) Restrictions on Use. Customer shall not directly or indirectly: (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive, obtain or modify the source code of the Products; (ii) reproduce, modify, translate or create derivative works of all or any part of the Products; (iii) remove, alter or obscure any proprietary notice, labels, or marks on the Products; (iv) without Tenableâs prior written consent, use the Products in a service bureau, application service provider or similar capacity; (v) without signing Tenableâs Managed Security Services Provider Addendum, use the Products to provide any managed service to a third party; (vi) use the Products in order to create competitive analysis or a competitive product or service; (vii) copy any ideas, features, functions or graphics in the Product; or (viii) without Tenableâs prior written consent, interfere with or disrupt performance of Hosted Services (e.g., perform penetration testing on Tenable systems). Customer may only use the Products to manage or gather information from Scan Targets owned or hosted by Customer or its Affiliates, or third parties for which Customer has received express authorization to Scan. (d) Intellectual Property in Products. This Agreement does not transfer to Customer any title to or any ownership right or interest in the Products. Any rights in the Products not expressly granted in this Agreement are reserved by Tenable. If Customer provides Tenable with any comments, suggestions, or other feedback regarding the Product, Customer hereby assigns to Tenable all right, title and interest in and to such feedback. For clarity, such feedback shall not contain Customer Confidential Information and shall not reference or identify Customer or its users. (e) Customer Requirements. In order to use the Products, Customer must meet or exceed the specifications found in the Documentation. (f) Product Features. Customer agrees that purchase of any Product is not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by Tenable regarding future functionality or features. Tenable reserves the right to withdraw features from future versions of the Products provided that: (i) the core functionality of the affected Product remains the same; or (ii) Customer is offered access to a product or service providing materially similar functionality as the functionality removed from the affected Product. The preceding remedies under this Section 4(f) are the sole remedies available if Tenable withdraws features from the Products. (g) Rights Granted to Tenable. Provided that Tenable shall not publicly disclose any Customer Confidential Information, Tenable may: (i) use Technical Data for reasonable business purposes, including Support Services, license validation, research and development, feature creation, and Product testing; (ii) include aggregated and anonymized Technical Data in public materials; and (iii) retain Technical Data which is anonymized after the termination of this Agreement. (h) Hardware. Any Hardware purchased under this Agreement (if any) will be subject to the terms and conditions of Schedule D located at http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location). (i) Temporary Limitation. If Tenable reasonably believes: (i) Customerâs use of the Products places an unreasonable or disproportionate burden on the Products; (ii) Customerâs use of the Products poses a risk or threat to the Products (including any systems supporting the Products), Tenable, or a third party; or (iii) Customerâs usage exceeds the limitations of the license, then Tenable may temporarily limit Customerâs access to or use of the Products or any specific feature therein. Tenable may also suspend or limit access to the Products if Customer fails to make any payments related to this Agreement. Tenable will, to the extent practical under the circumstances, use commercially reasonable efforts to provide Customer with prior written notice of any such limitation (email or in product messaging shall be sufficient). When commercially reasonable, Tenable shall promptly restore access once the Customer has remediated the issue. For the avoidance of doubt, Customer is responsible for all normal fees during any period for which usage or access is limited pursuant to this section. (j) Additional Details on Use Restrictions for Tenable Security Network Ireland Limited. The following shall only apply for transactions with Tenable Security Network Ireland Limited. Notwithstanding anything in Section 4(c), decompiling the Product is permitted to the extent the laws of Customerâs jurisdiction give Customer the right to do so to obtain information necessary to render the Products interoperable with other software; provided, however, that Customer must first request such information from Tenable and Tenable may, in its discretion, either provide such information to Customer or impose reasonable conditions, including a reasonable fee, on such use of the Products to ensure that its proprietary rights in the Product are protected. 5. Support. (a) Support Services. Tenable shall provide Customer with support services (the âSupport Servicesâ) in accordance with Tenableâs then-current Technical Support Plans (available at http://static.tenable.com/prod_docs/tenable_slas.html or a successor location) and consistent with Tenableâs End of Life and End of Sale definitions contained therein. The Support Services include bug fixes, updates (including new vulnerability plug-ins), or enhancements that Tenable makes generally available to users of the Products. The Support Services also include the provision of new minor (Example: 1.1.x to 1.2.x, etc.) and major version releases of the Products (Example: 1.x to 2.x, etc.). (b) Support Fees. Standard Support Services for Products licensed for a finite License Term will be provided at no additional charge beyond the license fee for the duration of the License Term. Support Services for Products licensed on a perpetual basis must be purchased separately in advance. In all cases, premium support may be purchased at an additional charge. If during the course of a perpetual license Customer terminates or fails to renew the Support Services, Customer may, at any time during the term of this Agreement, request that Tenable reinstate the Support Services provided that Customer pays for the lapsed Support Services in an amount equal to the total fees Customer would have paid for the Support Services between the time Customerâs Support Services lapsed and the then-current date. 6. Confidentiality. (a) Definition. âConfidential Informationâ means information learned or disclosed by a Party under this Agreement that should reasonably be assumed to be confidential or proprietary, including the Products and the terms of this Agreement. Confidential Information will remain the property of the disclosing Party, and the receiving Party will not be deemed by virtue of this Agreement or any access to the Confidential Information to have acquired any right, title or interest in or to the Confidential Information. (b) Obligations. Each Party agrees to only use the Confidential Information in connection with this Agreement or a purchase hereunder. The receiving Party agrees to hold the disclosing Partyâs Confidential Information confidential using at least the same level of protection against unauthorized disclosure or use as the receiving Party normally uses to protect its own information of a similar character, but in no event less than a reasonable degree of care. Each Party may share Confidential Information with its Affiliates or authorized contractors in the performance of its duties under this Agreement; provided, however, that each Party shall be responsible to ensure that such Affiliate or authorized contractors are bound by obligations of confidentiality at least as stringent as those set forth in this Agreement. (c) Exclusions. Confidential Information shall not include information that: (i) is already known to the receiving Party free of any confidentiality obligation; (ii) is or becomes publicly known through no wrongful act of the receiving Party; (iii) is rightfully received by the receiving Party from a third party without any restriction or confidentiality; or (iv) is independently developed by the receiving Party without reference to the Confidential Information. Confidential Information does not include Scan Data that has been aggregated or anonymized so that it is not attributable to the disclosing Party. If Customer requests or performs scans on third party Scan Targets, and such third party inquires with Tenable about the scan, Tenable shall inform Customer and allow Customer to resolve any disputes with the third party. If Customer fails to contact the third party, Customer agrees that Tenable may provide Customerâs business contact information to the owner of the Scan Targets as well as to relevant authorities, and such disclosure shall not be considered a breach of confidentiality. (d) Sensitive Information. The Parties agree that Customerâs disclosure of sensitive, personal information (e.g., social security numbers, national identity card numbers, personal credit card information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and health care data) (âSensitive Informationâ) is not required for Tenable to perform its duties under this Agreement or sell any Products hereunder. If Customer inadvertently or unintentionally discloses any Sensitive Information to Tenable, Customer shall identify to Tenable that it has disclosed Sensitive Information and Tenable shall promptly return and/or destroy such Sensitive Information. (e) Legal Disclosures; Remedies. The receiving Party may disclose Confidential Information if required to do so by law provided the receiving Party shall promptly notify the disclosing Party so that the disclosing Party may seek any appropriate protective order and/or take any other action to prevent or limit such disclosure. If required hereunder, the receiving Party shall furnish only that portion of the Confidential Information disclosure of which is legally required. The receiving Party acknowledges and agrees that the breach of any term, covenant or provision of this Agreement may cause irreparable harm to the disclosing Party and, accordingly, upon the threatened or actual breach by the receiving Party of any term, covenant or provision of this Agreement, the disclosing Party shall be entitled to seek injunctive relief, together with any other remedy available at law or in equity. The receiving Party will notify the disclosing Party promptly of any unauthorized use or disclosure of the disclosing Partyâs Confidential Information. 7. Representations and Warranties; Disclaimer. (a) Warranty of Authority. The Parties hereby represent and warrant that they have the full power and authority to enter into this Agreement. (b) Products. Product warranties and associated warranty periods are set forth in the relevant Schedules. (c) Antivirus Warranty. Tenable represents it has taken commercially reasonable efforts to ensure that the Products, at the time of Delivery, are free from any known and undisclosed virus, worm, trap door, back door, timer, clock, counter or other limiting routine, instruction or design that would erase data or programming or otherwise cause the Products to become inoperable or incapable of being used in the manner for which it was designed or in accordance with the Documentation. (d) Warranty Disclaimer. EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT AND TO THE GREATEST EXTENT PERMITTED BY LAW, TENABLE OFFERS ITS PRODUCTS âAS-ISâ AND MAKES NO OTHER WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ANY WARRANTIES OF TITLE, NONINFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SECURITY, INTEGRATION, PERFORMANCE AND ACCURACY, AND ANY IMPLIED WARRANTIES ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. THE WARRANTIES SET FORTH IN THIS AGREEMENT ARE MADE TO CUSTOMER FOR CUSTOMERâS BENEFIT ONLY. CUSTOMERâS USE OF THE PRODUCTS IS AT CUSTOMERâS OWN RISK. CUSTOMER UNDERSTANDS THAT ASSESSING NETWORK SECURITY IS A COMPLEX PROCEDURE, AND TENABLE DOES NOT GUARANTEE THAT THE RESULTS OF THE PRODUCTS WILL BE ERROR-FREE OR PROVIDE A COMPLETE AND ACCURATE PICTURE OF CUSTOMERâS SECURITY FLAWS, AND CUSTOMER AGREES NOT TO RELY SOLELY ON SUCH PRODUCTS IN DEVELOPING ITS SECURITY STRATEGY. CUSTOMER ACKNOWLEDGES THAT THE PRODUCTS MAY RESULT IN LOSS OF SERVICE OR HAVE OTHER IMPACTS TO NETWORKS, ASSETS OR COMPUTERS (INCLUDING MODIFICATION OF SCAN TARGETS), AND CUSTOMER IS SOLELY RESPONSIBLE FOR ANY DAMAGES RELATING TO SUCH LOSS OR IMPACT. 8. Limitation of Liability. (a) Direct Damages. The cumulative liability of one Party to the other for all claims arising from or relating to the Products or this Agreement (including without limitation, any cause of action sounding in contract, tort or strict liability) shall be limited to proven direct damages in an amount not to exceed, in the aggregate, the fees paid by Customer for the Products over the twelve (12) months immediately prior to the event giving rise to the claim. (b) Indirect Damages. Neither Party shall be liable to the other for any indirect, incidental, special, punitive, consequential or exemplary damages regardless of the nature of the claim. This prohibition on indirect damages shall include, but not be limited to, claims based on lost profits, cost of delay, any failure of Delivery, business interruption, cost of lost or damaged data, or liabilities to any third parties even if such Party is advised of the possibility thereof. (c) Carve Outs. The liability caps set forth in Sections 8(a) and 8(b) shall not apply to damages resulting from: (i) personal injury or death; (ii) fraud or willful misconduct; (iii) indemnification obligations set forth in Section 9 (Indemnification); or (iv) Customerâs breach of Section 4(c) (Restrictions on Use). (d) Limitations; Time Period. Each of the limitations set forth in this Section 8 shall be enforced to the fullest extent of the law. Any laws preventing such limitations shall only apply to the extent required by law and the remaining unaffected terms shall apply in full. Unless expressly prohibited by law, each Party shall have a period of no greater than twelve (12) months from the date the cause of action accrues to bring a claim against the other Party for such cause of action. 9. Indemnification. (a) Indemnification Obligations. (i) By Tenable. Tenable shall (at its sole cost and expense): (i) defend and/or settle on behalf of Customer (including Customerâs officers, directors, employees, representatives and agents); and (ii) indemnify Customer for, any third party claims brought against Customer based upon a claim that Customerâs use of the Products in accordance with this Agreement infringes or misappropriates such third partyâs intellectual property rights in a jurisdiction which is signatory to the Berne Convention. (ii) By Customer. Customer shall (at its sole cost and expense): (i) defend and/or settle on behalf of Tenable (including Tenableâs officers, directors, employees, representatives and agents) and (ii) indemnify Tenable for, any third party claims brought against Tenable arising out of or relating to Customerâs use of the Products to perform Scans on third party Scan Targets, except to the extent that any such claim or action is caused by a failure of the Products to materially comply with the Documentation. (b) In Case of Infringement. If Customerâs use of the Products is, or in Tenableâs opinion is likely to be, the subject of an infringement claim, Tenable may, in its sole discretion and expense: (i) modify or replace the infringing Products as necessary to avoid infringement, provided that the replacement Products are substantially similar in functionality; (ii) procure the right for Customer to continue using the infringing Products; or (iii) terminate this Agreement and, upon Customerâs return or certified destruction of the infringing Product, provide Customer a pro-rata refund calculated as follows: (x) for infringing Products licensed on a subscription basis, the refund shall consist of any prepaid but unused fees for the remainder of the applicable License Term; or (y) for infringing Software licensed on a perpetual basis or infringing Hardware, the refund shall consist of a straight line depreciation of the license fee based on a three (3) year useful life as well as any prepaid but unused fees for separately charged Support Services. This Section 9 sets forth Tenableâs sole and exclusive liability and Customerâs sole and exclusive remedy with respect to any claim of intellectual property infringement. (c) Exclusions. Tenable shall have no liability with respect to a third party intellectual property infringement claim arising out of: (i) modifications of the Product made by Customer or a party under its control to conform with Customerâs specifications; (ii) modifications of the Product made by anyone other than Tenable or a Tenable authorized third party; (iii) Customerâs use of the Product in combination with other products or services not provided by Tenable; (iv) Customerâs failure to use any updated versions of the Product made available by Tenable; or (v) Customerâs use of the Product in a manner not permitted by this Agreement or otherwise not in accordance with the Documentation. (d) Requirements. The indemnitor shall only be responsible for the indemnification obligations set forth in this Section 9 if the indemnitee: (i) provides the indemnitor prompt written notice of such action or claim; (ii) gives the indemnitor the right to control and direct the investigation, defense, and/or settlement of such action or claim; (iii) reasonably cooperates with the indemnitor in the defense of such a claim (at the indemnitorâs expense); and (iv) is not in breach of this Agreement. Nothing herein shall prevent the indemnitee from engaging in defense of any such claim with its own legal representation, provided that this does not materially prejudice the indemnitorâs defense. The indemnitor may not settle any claim on behalf of the indemnitee without obtaining the indemniteeâs prior written consent; provided, however, the indemnitor shall not be required to obtain consent to settle a claim which settlement consists solely of: (x) discontinued use of infringing Products and/or (y) the payment of money for which the indemnitor has a duty to indemnify. 10. Legal Compliance. (a) Generally. The Products are intended solely for lawful purposes and use. Both Parties, and their agents and Affiliates, agree to perform their respective obligations in an ethical manner that complies with all applicable national, federal, state and local laws, statutes, ordinances, regulations and codes (âApplicable Lawsâ) including, without limitation, the Computer Fraud and Abuse Act (CFAA), 18 USC Sec. 1030, the U.S. Foreign Corrupt Practices Act of 1977, as amended, and the UK Bribery Act of 2010. If Customer violates this Section 10, Tenable may terminate this Agreement immediately. (b) Trade Controls. Applicable Laws include U.S. export laws (including the International Traffic in Arms Regulation (ITAR), 22 CFR 120-130, and the Export Administration Regulation (EAR), 15 CFR Parts 730 et seq.) and the anti-boycott rules implemented by the Departments of Commerce and Treasury. Information regarding export classifications of Tenableâs Products may be found on its website (www.tenable.com/export-controls or a successor location). Customer agrees that it will be the exporter of record any time it causes the Products to be accessed outside the United States or by a national of any country other than the United States. The Parties further agree to comply with trade and economic sanctions, rules, and regulations of the United States, European Union, EU member states, United Kingdom and other applicable government authorities and shall not engage in prohibited trade to persons or entities who are the subject of an active sanction, embargo, or executive order. Customer hereby acknowledges and confirms that Customer (including Customerâs officers, directors, employees, representatives and agents): (i) is not included on, owned or controlled by an individual or entity included on, or acting on behalf of an individual or entity included on any of the restricted party lists maintained by the U.S. Government (e.g., Specially Designated Nationals List, Foreign Sanctions Evader List, Sectoral Sanctions Identification List, Denied Persons List, Unverified List, Entity List or List of Statutorily Debarred Parties) (collectively, âRestricted Partiesâ); (ii) will not export, re-export, transfer, re-transfer or otherwise ship, directly or indirectly, the Products or related technology to or for use by or for Restricted Parties; (iii) will not export, re-export, transfer, re-transfer or otherwise ship, directly or indirectly, the Products or related technology to or for use in, by or for countries or territories subject to U.S. economic sanctions (e.g., Crimea, Cuba, Iran, North Korea, or Syria); or (iv) will not use or sell the Products for nuclear end-uses, rocket systems, unmanned air vehicles, chemical or biological weapons, maritime nuclear propulsion, weapons of mass destruction or other restricted end-uses except to the extent consistent with Trade Control Laws. (c) Data Processing Addendum. To the extent applicable, if Tenable is processing personal information on behalf of Customer under any applicable data protection law (e.g., the European Unionâs General Data Protection Regulation 2016/679), then such processing shall be in accordance with Tenableâs Data Processing Addendum located at http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location). 11. Governing Law; Venue. (a) For transactions with Tenable, Inc. and Tenable Public Sector LLC, this Agreement shall be governed in all respects by the laws of the State of Delaware, USA, without regard to choice-of-law rules or principles. The Parties agree that: (i) no aspect or provision of the Uniform Computer Information Transactions Act shall apply to this Agreement; and (ii) this Agreement shall not be governed by the U.N. Convention on Contracts for the International Sale of Goods. The Parties hereby submit to the exclusive jurisdiction of the courts of Howard County, Maryland, and the United States District Court for Maryland, Baltimore Division, for any question or dispute arising out of or relating to this Agreement. Due to the high costs and time involved in commercial litigation before a jury, the Parties waive all right to a jury trial with respect to any issues in any action or proceeding arising out of or related to this Agreement. (b) For transactions with Tenable Network Security Ireland Limited, this Agreement and any issues, disputes or claims arising out of or in connection with it (whether contractual or non-contractual in nature such as claims in tort, from breach of statute or regulation or otherwise) (âDisputesâ) shall be governed by, and construed in accordance with, the laws of Ireland. Customer expressly agrees with Tenable that this Agreement shall not be governed by the U.N. Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded. All Disputes arising out of or relating to this Agreement shall be subject to arbitration within the meaning of the Arbitration Act 2010 or any legislation amending or repealing that act and shall be an arbitration conducted in Dublin, Ireland in the English language and shall be governed by the Arbitration Act 2010. Notwithstanding the foregoing, nothing in this Agreement shall limit the right of either Party to seek any injunctive, equitable or other interlocutory relief as it may be entitled to in the Courts of Ireland. 12. Other Legal Clauses. (a) Third Parties. Customer may permit a third party (âCustomerâs Agentâ) to use the Products to perform security services for and on behalf of Customer but solely for Customerâs benefit and solely for Customerâs internal business purposes. Customer shall be fully responsible for Customerâs Agentâs use of the Products, including liability for any breach of this Agreement or use beyond the licensed quantities set forth in the Ordering Document. If Customer elects to utilize a Customerâs Agent to perform Scans on its behalf, then only Customerâs Agent (and not Customer) will be permitted to contact Tenable Support Services. Tenable shall have the right to withdraw its consent to the use of any Customerâs Agent in its reasonable discretion. (b) Notices. Any legal notices or other communication pursuant to this Agreement must be in writing, in English, and will be deemed to have been duly given when delivered if delivered personally or sent by recognized overnight express courier. All notices to Tenable must be sent to the address described in this Agreement to the attention of the Legal Department (unless otherwise specified by Tenable). All notices Tenable sends to Customer shall be at the physical address referenced in this Agreement (or otherwise provided to Tenable). Tenable may provide notices with regard to Products via the email address Customer provided during Product registration and Customer hereby consents to receive such communications from Tenable in an electronic form. (c) Assignment. Neither Party may assign or otherwise transfer this Agreement without the other Partyâs prior written consent, which will not be unreasonably withheld; provided, however, either Party may transfer this Agreement to an Affiliate or in connection with a merger or sale of all (or substantially all) of the stock or other ownership units of such Party. Customer must complete Tenableâs License Assignment Request Form (to be provided upon request) in order to complete assignment of this Agreement. (d) Force Majeure. With the exception of payment, neither Party shall be liable for any loss or delay (including failure to meet the service level commitment) resulting from any force majeure event, including, but not limited to, acts of God, fire, natural disaster, terrorism, labor stoppage, Internet service provider failures or delays, civil unrest, war or military hostilities, or criminal acts of third parties, and any Delivery date shall be extended to the extent of any resulting delay. (e) Language. The language of this Agreement is English and all invoices and other documents given under this Agreement must be in English to be effective. No translation, if any, of this Agreement or any notice will be of any effect in the interpretation of this Agreement or in determining the intent of the parties. The Parties have expressly agreed that all invoices and related documents be drafted in English. The following shall apply solely for Agreements which are under French Canadian jurisdiction: Câest la volonté expresse des parties que la presente convention ainsi que les documents qui sây rattacent soient rediges en anglais. 13. Evaluations and NFR Licenses. (a) Evaluations. If Customer wants to conduct an evaluation, proof of value or other similar trial of Tenable Products (âEvaluation Productsâ), Tenable may (in its sole discretion) provide evaluation licenses for such Evaluation Products in accordance with the following: (i) Customer shall have no obligation to make payment for such Evaluation Product for such evaluation usage; (ii) the license term will expire at the end of the agreed-upon evaluation period, at which time Customer must either return or destroy the Software and cease access to the Hosted Services; and (iii) Tenable shall have no obligation to provide Support Services. Notwithstanding the foregoing, to facilitate a transition from an evaluation to a paid subscription, in certain cases Tenable may allow Customer to continue to use containers (or otherwise migrate data) generated during an evaluation period. Customers may not use the Evaluation Products to scan third party Scan Targets or provide a service to Customerâs clients. (b) Container Access. Customer acknowledges that a Tenable employee may request access to the Evaluation Products in the Customer environment (which may occur in a production container) in order to maximize the effectiveness of the Evaluation Products and to set up certain configurations, and this may be done without the Customer being present but will be subject to prior written consent from Customer. (c) Early Access. Tenable may make some versions of Products available to Customer on an alpha, beta, or early access basis (each, an âEarly Access Productâ). Customerâs access to the Early Access Product may be discontinued at any time. Early Access Products remain subject to all applicable license restrictions. Tenable may not offer Support Services for Early Access Products. No warranty or service level commitment made under this Agreement will apply to Early Access Products. (d) Technology Partners. Tenable in its sole discretion may allow Customers who are technology partners (a âTechnology Partnerâ) to obtain an Evaluation license and use such evaluation license to create an interoperability (âInteroperabilityâ) between Tenable Products and their own products. At the conclusion of the Evaluation Term, Customer may apply for an NFR license at which time Tenable may convert the Evaluation license to an NFR license. Tenableâs conversion to an NFR license shall be at Tenableâs sole discretion and may require Interoperability validation by Tenable. (e) NFR. If Customer is a sales partner or Technology Partner to whom a âNot For Resaleâ or âNFRâ license has been granted, Customerâs license to the Product will commence upon Delivery and continue for a period of one year (unless the Ordering Document sets forth a different term) and shall automatically renew for consecutive one (1) year terms unless either Party provides the other Party with written notice of its non-renewal of the NFR license at least thirty (30) days before the expiration of the then-current term. Notwithstanding the foregoing, Tenable may terminate Customerâs NFR license for its convenience upon thirty (30) daysâ notice, or immediately should Customer breach any obligations under this Agreement. (f) NFR Customer Prohibitions. Customer shall not purport to take on any obligation or responsibility, or make any representations, warranties, guarantees or endorsements to anyone on behalf of Tenable, including without limitation, relating to Tenable products, software, or services. Except as specifically permitted in this Agreement, Customer shall not state or imply that any of Customerâs products have been endorsed, reviewed, certified or otherwise approved by Tenable. Customer may not use Products provided under an NFR license: (i) in a production environment, (ii) to protect its own networks, (iii) as part of a service provided to its customers, or (iv) to perform customer evaluations. (g) NFR Customer Representations. Customer hereby represent and warrant to Tenable that: (i) Customer will not intentionally harm the reputation or goodwill of Tenable through any act or omission, and (ii) Customer have used commercially reasonable efforts to ensure that any software, code, algorithm, API, etc., transferred to Tenable is free from any time bomb, virus, drop dead device, worm, Trojan horse, or trap door that is designed to delete, disable, deactivate, interfere with, or otherwise harm hardware, data, or other programs or that is intended to provide access or produce modifications not authorized by Tenable. (h) NFR Customer Responsibilities. Customer shall, at its sole cost and expense, defend (or at its option, settle) and indemnify Tenable and Tenableâs subsidiaries and affiliates, and their officers, directors, employees, representatives and agents, from and against any and all third party claims brought against Tenable based upon a claim that use of Customerâs software or Customerâs product in accordance with this Agreement infringes such third partyâs patent, copyright or trademark or misappropriates any trade secret, and shall pay all settlements entered into and damages awarded to the extent based on such claim or action. 14. General. This Agreement constitutes the entire agreement between the Parties, and supersedes all other prior or contemporaneous communications between the Parties (whether written or oral) relating to the subject matter of this Agreement. No Customer document, purchase order, request for proposal, or other specifications requirement shall modify, supersede, or become part of this Agreement, or otherwise contractually bind Tenable unless signed by Tenable. The provisions of this Agreement will be deemed severable, and the unenforceability of any one or more provisions will not affect the enforceability of any other provisions. If any provision of this Agreement, for any reason, is declared to be unenforceable, the Parties will substitute an enforceable provision that, to the maximum extent possible under applicable law, preserves the original intentions and economic positions of the Parties. Section headings are for convenience only and shall not be considered in the interpretation of this Agreement. Customer agrees that Tenable may use Customerâs name or logo in a customer list. Customer may not use Tenableâs name or logo without prior written consent and in accordance with Tenableâs guidelines. No failure or delay by a Party in exercising any right, power or remedy will operate as a waiver of that right, power or remedy, and no waiver will be effective unless it is in writing and signed by the waiving Party. If a Party waives any right, power or remedy, the waiver will not waive any successive or other right, power or remedy the Party may have under this Agreement. The Parties are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise or agency between the Parties. Nothing in this Agreement shall prevent Tenable from subcontracting any of its obligations hereunder; provided, however, that Tenableâs use of a subcontractor shall not release Tenable from any duty or liability to fulfill its obligations under this Agreement and Tenable shall be liable for any act or omission of a subcontractor to the same extent as if the act or omission had been made by Tenable. This Agreement is not intended nor will it be interpreted to confer any benefit, right or privilege in any person or entity not a party to this Agreement. Any party who is not a party to this Agreement has no right under any law to enforce any term of this Agreement. Any provision of this Agreement that imposes or contemplates continuing obligations on a Party and any section which by its nature is intended to survive will survive the expiration or termination of this Agreement, including Sections 3, 4, 6, 8, 9 and 11. 15. Government Entities. This Section 15 shall only apply to Government Customers, as defined below. If Customer is an agency or instrumentality of a sovereign government (a âGovernment Customerâ), all Government Customer end users acquire the rights to use and/or access the Products and or Services with only those rights set forth herein (consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4). The terms and conditions of this Agreement govern Government Customerâs use and disclosure of the Products and supersede any conflicting terms and conditions that may be applicable through the Government Customerâs procurement regulations. If this Agreement fails to meet the Government Customerâs needs or is inconsistent in any way with federal law, the government must return the Product, unused, to Tenable. If Customer is prohibited by law, regulation, or relevant attorney general opinion from agreeing to any clause of this Agreement (collectively, âRestrictionsâ), the Agreement shall be modified to the extent required under such Restrictions. Each of the components that constitute the Product is a âcommercial itemâ as that term is defined at 48 C.F.R. 2.101, consisting of âcommercial computer softwareâ and/or âcommercial computer software documentationâ as such terms are used in 48 C.F.R. 12.212. SCHEDULE A: SOFTWARE This Schedule for Tenable Software is subject to and made part of the Agreement. 1. General. This Schedule governs Customerâs license of Software. 2. License; Right to Use. Subject to the terms of the Agreement and payment of the applicable license fees, Tenable grants Customer for the duration of the License Term a non-exclusive, non-transferable, non-sublicensable license to use the Software (in object code form only) solely for Customerâs or Customerâs Affiliates own internal business purposes. Customerâs right to install such Software is limited to use with the computers or machines for which the Software is registered for use. Customer is permitted to make one copy of the Software for backup or archival purposes. 3. Warranty. Tenable warrants that the Software shall materially conform to the Documentation for a period of thirty (30) days after Delivery. Customerâs sole and exclusive remedy for breach of this warranty shall be for Tenable to, at its sole option: (i) use commercially reasonable efforts to modify or correct the Software such that in all material respects it conforms to the functionality described in the Documentation; or (ii) if Tenable is unable to restore such functionality within sixty (60) days, Customer shall be entitled to a refund for the non-conforming Software. 4. Open Source and Third Party Software. Any code or other intellectual property included as part of the Software that was licensed to Tenable by third parties that is not marked as copyrighted by Tenable is subject to other license terms that are specified in the Documentation available on Tenableâs website at https://docs.tenable.com/licensedeclarations/ (or a successor location). Customer agrees to be bound by such other license terms. 5. Compliance Rights. Tenable may, by itself or through an independent third party, review Customerâs usage of the Software to confirm compliance with this Agreement or the applicable Ordering Document. Tenable shall: (i) provide Customer with reasonable advance notice of the review; (ii) not request such review more than once per year; and (iii) not unreasonably interfere with Customerâs business activities when conducting the review. SCHEDULE B: HOSTED SERVICES This Schedule for Tenable Hosted Services is subject to and made part of the Agreement. 1. General. This Schedule governs Customerâs use of the Hosted Services. 2. License; Right to Use. Subject to the terms of the Agreement and payment of the applicable license fees, Tenable grants Customer for the duration of the License Term a non-exclusive, non-transferable, non-sublicensable right to access the Hosted Environment and use those modules of the Hosted Services set forth on a valid Ordering Document solely for Customerâs or Customerâs Affiliates own internal business purposes. 3. Warranty. Tenable warrants that the Hosted Services will materially comply with the functionality described in the Documentation. Customerâs sole and exclusive remedy for breach of this warranty shall be for Tenable to use commercially reasonable efforts to modify the Hosted Services to provide in all material respects the functionality described in the Documentation. If Tenable is unable to restore such functionality within sixty (60) days, Customer shall be entitled to terminate the Agreement and receive a pro-rata refund of any prepaid but unused fees for the nonconforming Hosted Services. Tenable shall have no obligation with respect to a warranty claim hereunder unless Customer notifies Tenable of such claim within thirty (30) days of the date the underlying condition first arose. This warranty shall only apply if the applicable Hosted Service has been utilized in accordance with the Agreement and the Documentation. 4. Acknowledgements. By initiating a Scan, Customer authorizes Tenable to access the Scan Targets in the context of the Scans. Customer understands and acknowledges that the Scans may originate or appear to originate from a Tenable URL which could cause Customer (or the owner of the Scan Targets) to believe they are under attack. Customer agrees not to pursue any claims against Tenable as a result of any access to Scan Targets when such access was made in connection with an authorized Scan unless such a claim is based on the gross negligence or willful misconduct of Tenable. 5. Usage Requirements. Customer must provide current and accurate information in all submissions made in connection with the Hosted Services, including registration information and the location of the Scan Targets to be Scanned. Tenable may, in its reasonable discretion, prohibit or suspend access of certain users of the Hosted Services. In the event Tenable suspects or anticipates such suspension, Tenable will, to the extent practical under the circumstances, use commercially reasonable efforts to provide Customer with prior written notice of the suspension and an opportunity to cure the issue prior to (and in avoidance of) suspension. Customer acknowledges that under certain circumstances such prior notice and/or cure period may not be possible or practical. Customer agrees to safeguard and maintain the confidentiality of all user names and passwords. Customer further agrees to use best efforts to ensure that no unauthorized parties have access to the Hosted Services through Customerâs account and/or log-in credentials. Customer will promptly notify Tenable of any unauthorized access of which Customer is aware or reasonably suspects. Customer is responsible for compliance with this Agreement and all use of the Hosted Services through Customerâs account. 6. PCI Scans. Tenable makes no guarantee that a successful completion of a PCI Scan will make Customer compliant with the Payment Card Industry Data Security Standard. 7. Data Retention Policy. Customer has the option to select the duration of the data retention period of Scan Data in the Hosted Environment in accordance with the limitations described in the Documentation. Customer acknowledges that Tenable is in no way responsible for any of Customerâs data retention compliance requirements. Tenableâs data retention policy with respect to PCI Scans will match then-current requirements set forth by the PCI Security Standards Council. 8. Service Level Agreement. Tenable commits to make access to the Hosted Environment available in accordance with Tenableâs then-current service level agreement, available at http://static.tenable.com/prod_docs/Service_Level_Agreement.pdf (or a successor location). SCHEDULE C: PROFESSIONAL SERVICES This Schedule for Tenable Professional Services is subject to and made part of the Agreement. 1. General. The Parties may agree, from time to time, on the purchase and sale of Tenable Professional Services, which may be further described in a separate SOW or Services Brief. Except as otherwise agreed to by the Parties in writing, all Services Briefs or SOWs will be governed by this Agreement. In the event of inconsistency between the Agreement and a signed SOW, the signed SOW shall govern. 2. Type of Services. Tenable offers a range of Professional Services; provided, however, unless otherwise agreed upon in writing, Tenable does not offer creation of custom intellectual property. Tenable is not obligated to provide any Professional Services except as mutually agreed in a Services Brief or SOW. 3. Deliverables. âDeliverable(s)â means the reports, analysis, codes, scripts, slides, documents, examples and other written materials or work results provided as part of the Professional Services. 4. Intellectual Property Rights. (a) Grant of License in Deliverables. Tenable grants Customer a non-exclusive, non-transferable, irrevocable (except in case of breach of the Agreement or SOW) perpetual right to use, copy and create derivative works from the Deliverables (without the right to sublicense) for Customerâs or Customerâs Affiliates internal business operations, as contemplated by the applicable SOW or Services Brief. (b) Reservation of Rights. Except for the rights expressly granted herein to Customer, Tenable expressly reserve all other rights in and to the Professional Services and Deliverables. Notwithstanding anything to the contrary in this Schedule, nothing shall prevent Tenable from providing similar Professional Services to other customers and nothing in this Schedule shall be construed to provide any intellectual property rights whatsoever in the Products (or any modifications or enhancements thereto) that Tenable develops or makes generally available for sale to its customers. (c) Pre-Existing Materials. Any pre-existing materials, proprietary item or intellectual property rights of either Party which is disclosed or used in performing the Professional Services shall remain fully vested in such Party. Nothing in this Schedule shall transfer any rights whatsoever in Tenableâs Products. Customer hereby grants to Tenable the intellectual property rights (if any) required for Tenable to perform the Professional Services. 5. Warranty. Tenable warrants that all Professional Services shall be performed in a professional manner and in accordance with industry standards. Tenable further warrants for a period of ten (10) days from the service completion date that the Professional Services shall materially conform to the applicable SOW or Services Brief. If Customer provides written notice of a nonconformity during this warranty period, Tenable shall promptly confirm the non-conformity and upon confirmation, Tenableâs entire liability and Customerâs exclusive remedy shall be for Tenable to use commercially reasonable efforts to re-perform the Professional Services within a reasonable amount of time. If Tenable is unable to re-perform the Professional Services, then Tenable may elect to refund amounts paid by Customer for the non-conforming Professional Services. 6. Scheduling; Cancellation. Professional Services must be scheduled within nine (9) months of the date of the Ordering Document under which such Professional Services were purchased and completed within twelve (12) months of the Ordering Document. If Customer does not schedule the Professional Services within this time frame, Tenable shall have no obligation to perform the Professional Services or provide a refund. Tenable shall have no obligation to perform the Professional Services or provide a refund if Customer or Customerâs designated attendees do not attend a scheduled training session or cancel a Professional Services engagement without providing proper notice. Customer must provide Tenable at least five (5) business daysâ notice to reschedule any Professional Services. Tenable reserves the right, directly or through a Reseller, to invoice Customer monthly for travel expenses incurred in the prior month. 7. Customer Responsibilities. For Professional Services occurring on Customerâs site, Tenable agrees to comply with applicable and reasonable security procedures provided Customer provides Tenable with such written procedures in advance. Some of the Professional Services may require Customer to have specialized knowledge or meet particular software or hardware requirements (for example, appropriate computers or appliances, stable Internet connection or up-to-date web browsers or operating system, etc.). If technical issues arise during the Professional Services, Tenable will use commercially reasonable efforts to resolve such issues, but will have no liability based on Customerâs failure to meet technical requirements. Tenable will not provide any refund based on Customerâs failure to meet these prerequisites. 8. Changes. Either Party may request that a change be made to the Professional Services. Tenable reserves the right to charge a fee for any material changes to the Professional Services. No changes shall be binding unless executed by both Parties. 9. Non-Solicitation. During the term that Professional Services are being provided and for a period of one (1) year after their completion, Customer will not, either directly or indirectly, solicit for employment any person employed by Tenable or any of its Affiliates that have provided Customer Professional Services under this Agreement. For the avoidance of doubt, this restriction shall not prevent Customer from hiring based on a response to Customerâs advertising in good faith to the general public a position or vacancy to which an employee or worker of Tenable responds, provided that no such advertisement shall be intended to specifically target Tenable personnel. Tenable Confidential and Proprietary Tenable Master Agreement v.6 2.2023