(Updated on February 14, 2025)

These Terms of Service (“Terms”) are between “Company” (WhiteDog) or one of its Affiliates (together, “Our,” “We,” “Us” or similar terms) and the “Customer” ( “You,” “Your” or similar terms) who accepts these Terms, or accesses and/or uses the Company Products (Defined in § 1.2 (Scope of Agreement)). These Terms govern Customer’s subscription to the Products and constitute a binding contract in connection with any paid or temporary and limited access evaluation (“Evaluations” defined in § 2.1 (Health Checks)) of the Products.

This is a legal, enforceable contract between You and Company, and by executing these Terms, and where no signature box is available, clicking the “Log In” button to access the Products, or otherwise indicating Your consent to the Terms electronically or through access or use of the Products (and such time “Effective Date”), You expressly agree to be bound by these Terms. If You are entering these Terms on behalf of another entity or person, You hereby represent to Company that You have the authority to bind Customer and its Affiliates to these Terms through such consent or use of the Products. If You do not have such authority, or if You do not agree to these Terms, You may not subscribe to or use the Products.

Capitalized terms will have the meaning assigned to such terms where defined throughout these Terms. Each of Company or Customer is sometimes described in these Terms as a “Party” and together, “Parties,” which Parties agree as follows:

1.     License.

1.1.     Order.

A purchase order, service order, statement of work (“SOW”) or quote (which shall be referred to herein as  “Order”) means an online form completed by You directly through the Company website(s), or a written document such as a Company quote, with corresponding purchase order, sales order or a similar document agreed to in writing and executed among the Parties, or agreed to among You and a Company approved partner (such as a reseller and collectively, “Partner”) and referencing a quote from Company (“Company Quote”), in each case covering Your subscription to Products or Evaluation. For an Order to be valid, it must be executed by both the Customer and Company, by a Partner and Customer, or by a Partner if the executed Order references and accepts a corresponding Company Quote. Unless otherwise expressly specified in the Order executed by Company, the terms of these Terms shall supersede any conflicting terms in an Order.

1.2.     Scope of Agreement.

These Terms govern Your purchase of a subscription to Company’s Products (“Products”) offered by Company at the time of agreement and over time, directly or through a Partner, together with the software underlying such products and services and any updates, patches, bug fixes, versions, and software replacement (“Enhancements”), collectively, the “Product(s)”. You agree to accept all Enhancements necessary for the proper function of the Products as released by Company from time to time, and further agree that Company shall not be responsible for the proper performance of the Products or security issues encountered with the Products related to Your failure to accept Enhancements in a timely manner.

1.3.     Related Services and Products.

As an active Customer subscribing to the Products in accordance with these Terms, during the Subscription Term You may receive and/or subscribe to other related services from Company, such as support services (“Company Support”), Professional Services, Incident Response Services, or other services (collectively “Company Services”); and/or You may subscribe to certain Company Products. Your purchase of such Other Company Services and/or subscription to Products is subject in each case to applicable terms and conditions of these Terms as well as the specific terms for each such Other Company Services and/or Products.

1.4.     Documentation.

All use of the Products shall be in accordance with Our then-current published documentation such as technical user guides, installation instructions, articles, data sheets, service specifications or similar documentation specifying the functionalities of the Products and made available by Us to You through the Company portal, available at: my.whitedog.app, as updated from time-to-time in the normal course of business (“Documentation”).

1.5.     Subscription; License; Grant.

Subject to Your compliance with the terms and conditions of these herein and constrained by the export restrictions in §12.8 (Export Compliance), We hereby grant You and Your Affiliates (directly or through a Partner, as applicable) a worldwide, non-transferable, non-exclusive subscription “License” during the term of the subscription set forth in the applicable Order (“Subscription Term”) or any Evaluation Period to access, use, execute, install (as provided for by the applicable Order), store, and display the Products (including Enhancements) solely in support of Your (and Your Affiliate(s)) internal business security and operation, in accordance with the Documentation describing the permissible use of the Products (“Subscription”). The License granted herein is limited to the number of physical or virtual computing devices and/or computing environments (such as containers or hypervisors)that can process data (each of which shall be referred to herein as an “Endpoint”), Users of the Endpoints and networks (which shall be referred to herein as a “User”), email mailboxes (which shall be referred to herein as “Mailbox”), physical or virtual appliances (which shall be referred to herein as (“Appliance”), terabytes of event data processed per month, in the form of network traffic and/or system logs (“SYSLOG”) (which shall be referred to herein as (“Event Data”) and all of which shall be generically referred to herein as (“Node”). All Nodes are part of Customer’s network and computer system(s) as set in scope in an Order (“System”). The Node type is directly related to each product and the Subscriptions are based on the respective Node(s).

For the avoidance of doubt, access to Product(s) are only licensed under and pursuant to this Agreement and may only be licensed on a subscription basis. No title in or to such copies (or the underlying software itself) passes to Customer, and Customer has no license hereunder to transfer title therein or thereto. Any reference herein to the purchase, sale, re-sale, distribution (or similar designations) of the Product(s) will be construed accordingly.

1.6.      “Affiliate(s)”

Means any entity that directly, or indirectly through intermediaries, controls, is controlled by, or is under common control with a Party. The license granted to You herein includes the right to connect Your Affiliates’ Nodes to the Products so as to provide the Products to such Affiliates’ Nodes, provided that You agree to remain fully responsible and liable under these Terms for Your Affiliates use of the Products. You represent that neither You nor, to your knowledge, any of Your Affiliates is an entity that (a) is directly or indirectly owned or controlled by any person or entity currently included on the Specially Designated Nationals and Blocked Persons List or the Consolidated Sanctions List outlined in § 12.8 (Export Compliance).

1.7.     “Services”.

Means those Product Services, Managed Security Services and Professional Services (each as defined herein), and other related services, as applicable, as generally described in the applicable service definition herein and as specifically set forth in an Order under this Agreement. Company represents, warrants, and covenants that all Services to be performed under this Agreement shall be performed in a professional, competent, diligent and workmanlike manner by knowledgeable, trained and qualified personnel, all in accordance with the terms of this Agreement and the standards of performance considered generally acceptable in the industry for similar tasks and projects.

1.8.     “Managed Security Services”.

Means the management of the Products providing prevention, identification, investigation and alerting of cyber security incidents within the System to pinpoint and identify indication of compromise within the System. This includes but is not limited to the specific remote security monitoring and management services providing incident and event management and alerting services of the System as described in an Order.

1.9.     Professional Services.

From time to time, You may place an order for Company’s professional services (“Professional Services”) as set forth in an individual SOW. Each SOW shall include the specifications, fees, and the schedule for such Professional Services.  Company shall use commercially reasonable efforts to provide the Professional Services in accordance with the terms of the applicable Order and this Agreement. Company reserves the right to subcontract any or all portions of the Professional Services that Company is obligated to perform under the SOW, subject to § 8.2 (Subcontracting). Professional Services of Company are to be rendered by a team, job function(s) or individual(s) listed in the applicable Order or SOW.

1.10.  Professional Services Scheduling.

“Normal Business Hours” are defined as Monday through Friday 8:00 AM to 5:00 PM local time, in the time zone where Professional Services are being performed, except federal holidays.  Professional Services performed outside of Normal Business Hours are at the discretion of Company unless otherwise stated in the applicable Order or SOW.  Once the Professional Services are scheduled ("Engagement"), the Customer agrees to give a minimum of six (6) business days’ notice from the start of the Engagement to change or cancel the Engagement. If canceled in part or whole with less than six (6) business days’ notice, the Customer will be liable for payment up to the total amount of Fees scheduled for such Engagement within five (5) business days of the cancelation.  In some instances, canceled work or shortened days can be applied as credit to off-site work, including documentation or remote consultations. Please talk to the Company representative to discuss this option prior to scheduling.  Early completion of the Engagement does not incur liability to the Customer.

1.11.  Other Services.

If You decide to enable, access or use third Party products, applications, services, software, networks or other systems, and/or information which may be linked to the Products through Our open APIs (collectively, “Other Services”), including integrating such Other Services directly to Your instance of the Products, be advised that Your access and use of such Other Services is governed solely by the terms and conditions of such Other Services, and We do not endorse, are not responsible or liable for, and make no representations as to any aspect of such Other Services, including, without limitation, their content or the manner in which they handle data or any interaction between You and the provider of such Other Services, or any damage or loss caused or alleged to be caused by or in connection with Your enablement, access or use of any such Other Services. You may be required to register for or log into such Other Services on their respective websites. By enabling any Other Services, You expressly permit Us to disclose Your Login as well as Your Data to such Other Services solely as necessary to facilitate Your enablement and use of such Other Services.

1.12.  Third Party Service.

If You enter into an agreement with a third party to manage the installation, onboarding and/or operation of the Products on Your behalf (“Third Party Service”) then You may allow such Third Party Service to use the Products provided that (i) as between the Parties, You remain responsible for all its obligations under the terms of these Terms; (ii) such Third Party Service only uses the Products for Your internal purposes and not for the benefit of any third party or the Third Party Service, and agrees to the terms of these Terms in providing services to You; and (iii) You remain liable to Us for the Third Party Service’s service on Your behalf.

1.13.  “Customer Materials”.

Means any materials, data, information, software, equipment or other resources owned by or licensed to You and made available to Us pursuant to facilitating Your use of the Services, including Customer Data.

1.14.  “Customer Data”.

Means any information, data, materials, and content (a) that You enter, provide or make, or is otherwise provided or made available by or on behalf of You through the Services, and (b) collected, downloaded, or otherwise received by Us for You or any user pursuant to this Agreement, or any Order, or SOW, or at the written request or instruction by You, and any improvements, modifications, adaptations, translations and derivative works thereof.

Customer Data does not include any component of Our Services, or material or data provided by or on behalf of Us or Our licensors. Our Services use Customer Data as-is, as it is given. You are responsible for any errors or deficiencies and must identify and correct the same.

2.     Evaluations; Health Checks, Early Adoption and Beta Use (as applicable).

2.1.     Health Checks.

If You agree to allow Company to perform a Products Health Check on your behalf, for evaluation purposes, then You agree to work with Company to implement the Products in a limited scope, as outlined in the respective Health Check documentation, within your environment for evaluation purposes (“Evaluation”) for a period of up to fourteen (14) days from the start date of the Evaluation (the “Evaluation Period”).

2.2.     Evaluation License and Restrictions.

In addition to the license scope detailed elsewhere in these Terms or similar Agreement, during Evaluation You: (i) may install and use, solely during the Evaluation Period, the limited scope outlined in specific Health Check documentation which may be limited to  one (1) copy of the Appliance for network or systems security services (“Appliance Software”) and up to ten (10) copies of Endpoints (unless the Parties mutually agree on a different Evaluation Period, or a different number of copies in a Order executed by both Parties and referencing these Terms); (ii) may install a simulated MITRE ATT&CK framework comprising of defanged malware and exploit tactics techniques and procedure, to the extent applicable, only on a single computer, all in accordance with documentation and materials furnished by Company; (iii) shall comply with the use restrictions in § 3 (Restrictions and Access); and (iv) shall uninstall any portion of the Products residing on Your Endpoints after the Evaluation Period, return all Documentation in its possession to Us, and confirm to Us in writing (email accepted) of such deletion and uninstallation. If the Evaluation offering is a subscription, You understand that We may disable access to the subscription automatically at the end of the Evaluation period, without notice to Customer and with no obligation to preserve data from the Evaluation. During and following the Evaluation Period, the Parties shall discuss Evaluation results in good faith.

2.3.     Early Adoption or Beta Use.

If You are invited to and agree to participate in Company’s Early Adoption Program or Beta Program, You acknowledge that Early Adoption or Beta versions of the Products are prerelease versions of the Products and as such may contain errors, bugs or other defects. Accordingly, Your use and testing of the Early Adoption and/or Beta versions of the Products is subject to the disclaimers stated in § 2.4 (Disclaimer of Warranties and Liability) below. Additionally, Your use of Early Adoption and/or Beta versions of the Products is subject to Company’s sole discretion as to length and scope of use, updates and support of such Early Adoption or Beta versions of the Products.

2.4.     DISCLAIMER OF WARRANTIES AND LIABILITY.

SOLELY WITH RESPECT TO EVALUATION, EARLY ADOPTION OR BETA USE OF THE PRODUCTS, THE PRODUCTS ARE OFFERED ON AN “AS IS” BASIS, WITHOUT ANY WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NON-INFRINGEMENT, OR THOSE ARISING BY LAW, STATUTE, USAGE OF TRADE, OR COURSE OF DEALING. YOU ASSUME ALL RISK AS TO THE RESULTS AND PERFORMANCE OF THE PRODUCTS AND ACKNOWLEDGE THAT THE USE OF THE PRODUCTS, TO THE EXTENT APPLICABLE, MUST BE MADE IN STRICT CONFORMANCE WITH COMPANY’S INSTRUCTIONS. WITHOUT DEROGATING FROM THE FOREGOING, IT IS UNDERSTOOD AND AGREED THAT COMPANY WILL NOT BE LIABLE FOR ANY NETWORK DOWNTIME, PRODUCT DOWNTIME, AND/OR IDENTIFYING AREAS OF WEAKNESS IN THE PRODUCTS. FOR ALL EVALUATIONS OR EARLY ADOPTION OR BETA USE OF THE PRODUCTS, WE SHALL HAVE NO LIABILITY TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, LOSS OF REVENUE OR PROFIT, LOST OR DAMAGED DATA, LOSS OF PROGRAMS OR INFORMATION OR OTHER INTANGIBLE LOSS ARISING OUT OF THE USE OF OR THE INABILITY TO USE THE PRODUCTS, OR INFORMATION, OR ANY PERMANENT OR TEMPORARY CESSATION OF THE PRODUCTS OR ACCESS TO INFORMATION, OR THE DELETION OR CORRUPTION OF ANY CONTENT OR INFORMATION, OR THE FAILURE TO STORE ANY CONTENT OR INFORMATION OR OTHER COMMERCIAL OR ECONOMIC LOSS, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT OR OTHERWISE), EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR THAT THEY ARE FORESEEABLE. COMPANY IS ALSO NOT RESPONSIBLE FOR CLAIMS BY ANY THIRD PARTY, EXCEPT FOR COMPANY’S OBLIGATIONS ARISING FROM §7 (CONFIDENTIALITY) AND EXCEPT LIABILITY ARISING FROM COMPANY’S GROSS NEGLIGENCE, WILFUL MISCONDUCT OR FRAUD AND EXCEPT DUE TO LIABILITY THAT CANNOT BE EXCLUDED UNDER APPLICABLE LAW. WHILE THE PRODUCTS MAY BE PROVIDED FREE OF CHARGE FOR EVALUATION, EARLY ADOPTION OR BETA PURPOSES ONLY, COMPANY’S MAXIMUM AGGREGATE LIABILITY TO YOU SHALL NOT EXCEED US $100. IN JURISDICTIONS WHERE THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES IS NOT ALLOWED THE LIABILITY OF COMPANY SHALL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW. THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO THE PARTIES OBLIGATIONS UNDER §7.2  (OBLIGATIONS), HEREIN AND COMPANY’S GROSS NEGLIGENCE, WILFUL MISCONDUCT OR FRAUD OR ANY LIABILITY THAT CANNOT BE EXCLUDED UNDER LAW.

3.     Restrictions and Access.

3.1.     Restrictions.

Except as expressly authorized by these Terms, You may not do any of the following: (i) modify, disclose, alter, translate, copy, reproduce or create derivative works of or use the Product to develop any service or product that is the same as, substantially similar to, or competes with the Products (or any components thereof) or any accompanying Documentation; (ii) license, sublicense, resell, distribute, lease, rent, lend, transfer, assign or otherwise dispose of the Products (or any components thereof) or any Documentation; (iii) use the Products other than as permitted under these Terms, as directly related to Your internal business operations and in conformity with the Documentation, and not otherwise use the Products for any other commercial or business use, including without limitation offering any portion of the Products as benefits or services to third parties; (iv) use the Products in violation of any laws or regulations, including, without limitation, to store or transmit infringing, libelous or otherwise unlawful or tortious material, or material in violation of third-party privacy rights; (v) use the Products to store, transmit or test for any viruses, software routines or other code designed to permit unauthorized access, disable, erase or otherwise harm software, hardware or data, or to perform any other harmful actions; (vi) probe, scan or test the efficacy or vulnerability of the Products, or take any action in an effort to circumvent or undermine the Products, except for the legitimate testing of the Products in coordination with Company, in connection with considering a subscription to the Products as authorized herein; (vii) attempt or actually disassemble, decompile or reverse engineer, copy, frame or mirror any part or content of the Products, or otherwise derive any of the Products’ source code; (viii) access, test, and/or use the Products in any way to build a competitive product or service, or copy any features or functions of the Products; (ix) interfere with or disrupt the integrity or performance of the Products; (x) attempt to gain unauthorized access to the Products or their related systems or networks; (xi) disclose to any third party or publish in any media any performance information or analysis relating to the Products; (xii) fail to maintain all copyright, trademark and proprietary notices on the Products and any permitted copy thereof; (xiii) cause or permit any Products user or third party to do any of the foregoing; (xiv) modify, alter, adapt, arrange, translate, decompile, disassemble, reverse engineer, or otherwise attempt to reconstruct or discover the source code or non-literal aspects (such as, but not limited to, the underlying structure, sequence, organization, ideas, routines, facilities, and formats) of, the Product; (xv) remove, alter, or conceal, in whole or in part, any Proprietary Legends displayed or contained on/in the Product; (xvi) circumvent, disable or otherwise interfere with security-related features of the Product, or with features that prevent or restrict use of the Product; (xvii) disclose to the public the results of any internal performance testing or benchmarking studies of/about the Product, without first (a) sending the results and related study(ies) to Company, and (b) obtaining Company’s approval in writing of the assumptions, methodology and other parameters of the testing and study(ies); (xviii) use the Product in any way that is infringing, deceptive, harassing, or defamatory, or for any inappropriate purpose (as Company will determine at its sole and absolute discretion), or contrary to any Law; and/or; (xix) publish, transmit, or link to any robot, spider, crawler, virus, malware, Trojan horse, spyware, or similar malicious code or item intended (or that has the potential) to damage, disrupt, compromise, or exploit the Product or a third party's device or software.

3.2.     Software Access.

To the extent Company provides its express, written consent for Customer to access any software owned or licensed by Company, the following will apply: (i) access shall be subject to restrictions established by Company from time to time for purposes of supporting such access and for security purposes; (ii) access is provided to Customer solely for purposes of receiving the Services and shall not be used by Customer for any other purpose; (iii) Company reserves the right to monitor and record data and information in connection with provision of the access solely to the extent Company deems reasonably necessary for maintaining performance standards and system security, and subject to the terms of this Agreement including with respect to Customer IP as it relates to delivering our Services or Products; and (iv) Customer will not receive (and Customer hereby expressly disclaims) any ownership, rights, or licenses greater than those set forth in this Section.

4.     Ownership and Reservation of Rights.

4.1.     Customer.

As between the Parties, You retain all right, title and interest in and to Your Confidential Information and Your Data and will exclusively own the Deliverables (as defined in §4.2 (Company)), including, in each case, all Intellectual Property Rights embodied therein (collectively, the “Customer IP”). Customer IP may be more explicitly described in an applicable Order.

4.2.     Company.

As between the Parties, We reserve all right, title and interest in and to the Products (and any and all modifications to or derivative works of the Products) and any and all Intellectual Property Rights embodied in the Company Product (collectively, the “Company IP”). Company and its licensors and suppliers shall own all right, title and interest, including all Intellectual Property rights, in and to the Company IP, including but not limited to (i) all right, title and interest in and to the Services and Products (with the exception of the deliverables developed solely or jointly by or for Company solely for Customer in connection with Company’s performance of any Service (whether or not patentable or copyrightable), including but not limited as described in an Order (“Deliverables”)) and any work product specifically identified in an Order as outside the Deliverables and owned by Company; and (ii) all concepts, methods, processes, software, text, graphics, images, designs, databases, data, inventions and any improvements, enhancements, modifications, and derivative works thereto.  To the extent that any Company IP are incorporated into the Deliverables, then Company hereby grants Customer and its Affiliates that are not on the Consolidated Sanctions List outlined in §12.8 (Export Compliance), without further consideration, a worldwide, perpetual, transferable, irrevocable, non-terminable fully-paid license to use, reproduce, modify, distribute, publicly perform, publicly display, transmit, create improvements, and create derivative works based upon such Company IP, and to sublicense same through multiple tiers, for Customer’s internal business purposes. Company acknowledges and agrees that Company will have no right, title or interest, including Intellectual Property rights, in or to any improvements to such Company IP which are developed by or on behalf of Customer as part of the Services.

4.3.     Reservation of Rights.

Each Party reserves all rights not expressly granted in these Terms, and no licenses are granted by one Party to the other Party under these Terms, whether by implication, estoppel or otherwise, except as expressly set forth in these Terms. For the purpose of these Terms, “Intellectual Property Rights” means all patents, copyrights, moral rights, trademarks, trade secrets and any other form of intellectual property rights recognized in any jurisdiction, including applications and registrations for any of the foregoing.

5.     Billing, Plan Modifications and Payments.

5.1.     Orders.

“Orders” shall mean those orders attached to or referencing this Agreement, as agreed to in writing by both Parties and setting forth the particular Services or Product under this Agreement. Orders can be in the form of a Quote, Statement of Work (or “SOW”) or Service Order (or “SO”).

5.2.     Fees.

The fees for the Services or Products and any Other Company Services or Products shall be set forth in one or more Orders (“Fees”). All undisputed Fees are due payable directly to Us, or to the applicable Partner, within the timeframe detailed in the applicable valid Order (and absent such valid Order, within thirty (30) days of Customer’s receipt of invoice or may be triggered by first use of the Products). If You fail to pay Your Fees within five (5) business days of Our notice to You that payment is past due or delinquent, We will no longer assume responsibility for providing the Products under the applicable Order and, in addition to Our other remedies We may suspend or terminate Your access to the Products under the applicable Order. Where Fees are paid directly to Us, all payments due under these Terms will be made in U.S. Dollars by check, bank wire transfer or credit card (credit card payments are subject to a 4% processing fee), in immediately available funds to the applicable account designated by Us. No refunds or credits for paid Fees will be issued to Customer unless Customer terminates these Terms for cause pursuant to § 11.2 (Termination) or We terminate these Terms pursuant to § 9.1 (Infringement Indemnity).

5.3.     License Fees.

Customer shall pay Company the fees for Products set forth in the applicable Order (“License Fees”). Unless stated otherwise in an Order, Customer shall pay each undisputed invoice issued by Company hereunder within thirty (30) days of Customer’s receipt of the invoice, in U.S. dollars in immediately available funds.  Customer will have no obligation to pay any amounts invoiced after ninety (90) days after such amounts were incurred.

5.4.     Product Costs.

Customer shall pay Company the costs for the Products as set forth in the applicable Order (“Product Costs”). Unless stated otherwise in an Order, Customer shall make all payments for Product Costs within thirty (30) days after receipt of Company’s invoice. Customer will have no obligation to pay any amounts invoiced after ninety (90) days after such amounts were incurred.  

5.5.     Expenses.

Company may also invoice Customer for reasonable and necessary out-of-pocket expenses incurred in the performance of Professional Services provided that: any and all such expenses must (i) comply with Customer’s travel policy; (ii) be at Company’s actual cost incurred without mark-up of any kind; (iii) be reasonable and customary; (iv) approved in writing in advance by Customer prior to Company incurring such expense, unless otherwise provided in the applicable Order; and (v) be accompanied by legible copies of receipts or other back-up documentation sufficient enough for Customer to validate any such charges. Payment for any undisputed invoices received by Customer from Company shall be due within thirty (30) calendar days of receipt of such invoice from Company. Customer shall not be liable for payment of any amounts incorrectly stated on an invoice.

5.6.     Services Fees.

Customer shall pay Company the fees for Services set forth in the applicable Order (“Service Fees”). Unless stated otherwise in an Order, Service Fees will be billed in advance for the Service at the beginning of the month (“Billing Date”) for each one (1) month(s), or applicable subscription period as set in an Order, of recurring Services. Overages will be billed in arrears, for Services that are not specifically documented in the applicable Order as being in scope for the recurring Service, each month at the beginning of the month “Usage Billing Date” for the previous month’s usage or overage. Customer shall pay all Service Fees within thirty (30) days after receipt of invoice and following notice to Customer and a five (5) day period to cure nonpayment, a late payment charge the lesser of 1.5% per month or the maximum allowed by law may be added to Customer’s bill and immediately become due and payable.

5.7.     Service Fee Adjustments.

The Service Fees shall be subject to an annual adjustment based on the percentage change in the Consumer Price Index (CPI) for All Urban Consumers (CPI-U) as published by the U.S. Bureau of Labor Statistics, measured over the preceding 12-month period. Notwithstanding the foregoing, any such adjustment shall not exceed three percent (3%) per year. The adjusted Service Fees shall take effect on the first billing cycle following the adjustment, and the Company shall provide at least thirty (30) days' prior written notice to the Subscriber of any change.

5.8.     Plan Modifications.

If You choose to increase the number of Nodes You subscribe to for a Product under an applicable Order or Quote during Your then-effective Subscription Term (a “Subscription Increase”) or upgrade your subscription to a different subscription plan (“Plan Upgrade”), We shall invoice You (or Your Partner) for the incremental Fees associated with such Subscription Increase and/or Plan Upgrade on a pro rata basis at the price per Node specified in the corresponding Quote or valid Order over the remaining period of such Subscription Term (which Fees shall be due and payable upon implementation of such Subscription Increase and/or Plan Upgrade) and thereafter in any Renewal Subscription Term unless otherwise agreed among the Parties in an applicable Order. No Fees refund or credit shall be granted where Customer elects to not use the Products on previously subscribed Nodes.

5.9.     Suspension of Service & Interest.

If timely payment is not received in breach of this §5 (Billing, Plan Modification and Payments), following notice and a five (5) day period to cure nonpayment, Company reserves the right, in addition to any other rights it may have, to: (i) suspend the Services until such payment is made in full; (ii) charge interest on the amount past due at the lesser of 1.5% per month or the maximum allowed by law; and (iii) invoice Customer for all costs of collection including, but not limited to, reasonable attorneys’ fees.

5.10.  Taxes.

All prices set forth in this Agreement are exclusive of any applicable taxes.  To the extent, if any, that Customer is required to deduct or withhold taxes from any amounts payable hereunder, the amounts shall be deemed increased so that, after such deduction or withholding, Company receives the actual amount contemplated to be received by Company hereunder.  Customer shall pay, indemnify, and hold harmless Company from all import and export duties, customs fees, levies, or imports, and all sales, use, value added, or other fees, governmental charges, or taxes of any nature, including penalties and interest, and all government permit or license fees assessed on or with respect to any software or materials licensed, provided, or otherwise made available to Customer and any Services provided to Customer. Customer will have no liability for taxes that are statutorily imposed on Company, including taxes or fees measured by Company’s net or gross income.  Company shall add to each invoice any and all applicable taxes that are legally required to be collected from Customer under applicable law, and is responsible to pay any such taxes that Company fails to include on the invoice for the taxable fees.  Company shall be responsible for remitting all such taxes collected from Customer to the appropriate governmental authority in compliance with applicable law.  Customer shall not in any way be responsible for the excluded taxes described herein, and Company shall bear sole responsibility for all such excluded taxes.  Company shall be solely responsible for reporting, withholding, and/or paying any and all employment-related taxes, payments, and/or withholdings, including federal, state, and local income taxes, Social Security, Medicare, unemployment or disability deductions, withholdings and/or payments.

6.     Privacy and Security.

6.1.     Processing Limitations and Security Obligation.

In providing You the Products and Other Company Services and Products, We will (i) store, process and access Your Data only to the extent reasonably necessary to provide you the Products and/or Other Company Services and Products, and to improve the Products and Other Company Services and Products; and (ii) implement and maintain commercially reasonable technical, physical and organizational measures to protect the security, confidentiality and integrity of Your Data hosted by Us or Our authorized third party service providers from unauthorized access, use, alteration or disclosure. “Your Data” means all data and information associated with You which is uploaded to, processed by, generated by, and/or stored within the Products by You or through Your use of the Products.

6.2.     Data Integrity.

Customer shall be responsible for properly backing up all of the System and ensuring the integrity of the data before the commencement of any Services or Products where Company interacts with the System. If the Customer is unable or unwilling to back up the data, the Customer hereby holds Company harmless of any liability for data loss or corruption on the System Company works with.

6.3.     Data Encryption.

It is the Customer’s responsibility to manage and secure their own encryption keys for their data. If the Customer loses or corrupts the Encryption Key, Company will not be able to restore the data.

6.4.     Data Privacy and Personal Information.

In these Terms, “Personal Information” shall have the meaning ascribed to such term in Data Protection Addendum (“DPA”). Company will handle Your Personal Information in accordance with these Terms, its Privacy Policy, and privacy laws expressed in the DPA, applicable to the Personal Information the Products collect when operating in default mode (expressly excluding specific privacy laws applicable to files the Products may collect if You elect to trigger certain features resulting in the processing of any file by the Products). Company shall act exclusively as a Service Provider (as defined by California Consumer Privacy Act (CCPA)), and Data Processor (as defined in GDPR) and shall retain, use, disclose and process Personal Information solely for the purpose of providing and enhancing the Products and Other Company Services and Products to You in accordance with these Terms and any applicable Order.

6.5.     Hosting Location.

Unless otherwise specifically agreed among the Parties, Your Data may be processed and/or hosted by Company or its authorized third-party service providers in the United States, the European Economic Area (EEA) or other locations around the world.

6.6.     Anonymized Data.

Notwithstanding anything to the contrary in these Terms, We may monitor, collect, use and store anonymous and aggregate statistics and/or data regarding use of the Products solely for the internal business purpose of improving the Products and creating new features and You permit Us to use such anonymized and aggregate data for such purpose. Anonymized Data shall not be considered Your Data.

7.     Confidentiality.

7.1.     Definition.

“Confidential Information” means all information disclosed (whether in oral, written, or other tangible or intangible form) by or on behalf of one Party or its Affiliates (the “Disclosing Party”) to the other Party (the “Receiving Party”) concerning or related to these Terms or the Disclosing Party or otherwise in connection with this Agreement, an Order or the Products or Services that are marked as confidential or proprietary, or that the Receiving Party knows or reasonably should know is confidential information of the Disclosing Party given the facts and circumstances surrounding the disclosure of the information by the Disclosing Party. Confidential Information includes, but is not limited to, Personal Information the terms and conditions of these Terms, as well as all proprietary and/or non-public technical, business, commercial, financial and/or legal information, such as, without limitation, any and all Products information generally shared with Customer and as specifically related to Customer, Products Information gained by Customer through use of the Products, business plans, product information, pricing, financial plans, know how, Customer information, strategies, inventions (whether or not patentable), techniques, methods, algorithms, software, software design and architecture, computer code, documentation, design and functional specifications, problem reports, performance information, interfaces, and other similar information. Deliverables will be the Confidential Information of Customer, and Customer will be deemed to be the Disclosing Part and Company will be deemed to be the Recipient of the Deliverables subject to the exclusions in § 7.3 (Exceptions) below.

7.2.     Obligations.

The Receiving Party will maintain in confidence and not disclose to any third party (except as expressly permitted by these Terms) the Confidential Information of the Disclosing Party and will not use such Confidential Information except as expressly permitted in these Terms. The Receiving Party will use the same degree of care in protecting the Confidential Information as the Receiving Party uses to protect its own confidential and proprietary information from unauthorized use or disclosure, but in no event less than reasonable care. Confidential Information will be used by the Receiving Party solely for the purpose of carrying out the Receiving Party’s obligations and exercising its rights under these Terms, and the Receiving Party will only disclose Confidential Information to its Affiliates and its and their respective directors, officers, employees and/or contractors who have a need to know such Confidential Information in order to perform their duties under these Terms (“Representatives”), and only where such Representatives have executed a non-disclosure agreement with the Receiving Party with terms no less restrictive than the obligations with respect to Confidential Information contained in these Terms. The Receiving Party will be responsible for the breach of the Terms by its Representatives. Provided, however, that each Party may disclose the terms and conditions of these Terms: (i) to legal counsel of such Party; (ii) to such Party’s accountants, banks, financing sources and their advisors; (iii) in connection with the enforcement of these Terms or rights under these Terms; or (iv) in connection with an actual or proposed merger, acquisition, or similar transaction. Upon the written request of the Disclosing Party at any time, the Receiving Party will promptly return to the Disclosing Party or at the Disclosing Party’s option destroy all documents and other tangible materials representing the Disclosing Party’s Confidential Information and all copies thereof.

7.3.     Exceptions.

Confidential Information will not include information that: (i) is in or enters the public domain without breach of these Terms by the Receiving Party; (ii) the Receiving Party can reasonably demonstrate was in its possession prior to first receiving it from the Disclosing Party; (iii) the Receiving Party can demonstrate was developed by the Receiving Party independently, and without use of or reference to, the Confidential Information; or (iv) the Receiving Party receives from a third party not under confidentiality obligations to the Disclosing Party without restriction on disclosure and without breach of a nondisclosure or non-use obligation to the Disclosing Party. In addition, the Receiving Party may disclose Confidential Information that it is required to disclose by law, or by a subpoena or order issued by a court of competent jurisdiction (each, an “Court Order”), and where such Court Order requires disclosure the Receiving Party shall, to the extent possible and permissible under applicable law: (a) give the Disclosing Party written notice of the Court Order promptly after receiving it; and (b) cooperate with the Disclosing Party’s reasonable requests before disclosure to provide the Disclosing Party with the opportunity to interpose any objections it may have to disclosure of the information required by the Court Order and seek a protective order or other appropriate relief at the Disclosing Party’s sole expense. Compulsory disclosures made pursuant to a Court Order will not relieve the Receiving Party of its obligations of confidentiality and non-use with respect to non-compulsory disclosures.

7.4.     Remedies.

The Receiving Party acknowledges that any breach of this §7 (Confidentiality) will result in irreparable injury to the Disclosing Party, which injury could not be adequately compensated by the payment of money damages. In addition to any other legal and equitable remedies that may be available, the Disclosing Party will be entitled to seek and obtain injunctive relief against any breach or threatened breach by the Receiving Party of the confidentiality obligations hereunder, from any court of competent jurisdiction, without being required to show any actual damage or irreparable harm, prove the inadequacy of its legal remedies, or post any bond or other security.

7.5.     Survival of Obligations.

Receiving Party’s obligations with respect to Confidential Information under this § 7 (Confidentiality) will survive termination or expiration of these Terms for a period of seven (7) years.

8.     Representations, Warranties and Remedies.

8.1.     General Representations and Warranties.

Each Party represents and warrants the following: (i) it is validly existing and in good standing under the laws of the place of its establishment or incorporation; (ii) it has full corporate power and authority to execute, deliver and perform its obligations under these Terms; (iii) the person signing these Terms on its behalf has been duly authorized and empowered to enter into these Terms; (iv) these Terms are valid, binding and enforceable against it in accordance with its terms; (v) it shall deliver (as to Company ) and operate (as to Customer) the Products in material conformity with the Documentation and the terms herein; and (v) it will perform its obligations under these Terms in accordance with applicable federal or state laws or regulations.

8.2.     Subcontracting.

Company reserves the right to employ agents and subcontractors to assist Company when providing any part of the Services; provided, however, that Company shall not subcontract any of the Services without Customer’s prior written consent, which may be granted in Customer’s sole discretion. In the event Company uses contractors, subcontractors or any other persons who are not employees of Company (“Company Subcontractors”), to perform any of the Services, Company shall: (i) ensure all of its Company Subcontractors’ compliance with all of the terms and conditions of this Agreement; (ii) remain solely responsible for the performance, work and any and all activities of the Company Subcontractors; (iii) remain solely liable for any and all acts or omissions or breaches of the terms of this Agreement by such Company Subcontractor(s); and (iv) be solely liable for all payments to its Company Subcontractors and for all losses arising out of, or relating to, the performance or failure of performance, of any such Company Subcontractors, whether or not the services of such Company Subcontractors were authorized hereunder.  Nothing in this Agreement shall be construed to create any contractual relationship between Customer and any Company Subcontractors. Any reference to Company Personnel in this Agreement includes agents and Company Subcontractor staff. At no time may Customer mandate that Company engage a specific contractor or subcontractor.

8.3.     Conformity with Documentation.

We warrant that at any point in time during Your Subscription Term, the most recent release of the Products (“Current Release”) will conform in all material respects with the Documentation. Company’s sole obligation for material non-conformity with this warranty shall be, in Company’s sole discretion, to (i) use commercially reasonable efforts to provide You with an error-correction or workaround which corrects the reported non-conformity; (ii) use commercially reasonable efforts to replace the non-conforming portions of the Products with conforming items; or (iii) if Company reasonably determines such remedies to be impracticable within a reasonable period of time, to terminate the applicable Order(s) and refund the Fees paid for the Products. The above warranty will not apply: (a) if the Products are not used in compliance with the Documentation; (b) if any unauthorized modifications are made to the Products by You or any third party; (c) to use of early releases of the Products which are not the Current Release or the Products release immediately preceding the Current Release; (d) to defects due to accident, abuse or improper use by You; or (e) to Evaluation or Early Adoption use of the Products.

8.4.     DISCLAIMER.

COMPANY IS BEING ENGAGED ONLY TO PROVIDE THE SERVICES SET FORTH IN THIS AGREEMENT AND IN ORDERS AGREED BY THE PARTIES IN WRITING, INCLUDING ANY AGREED DELIVERABLES. THE FOREGOING LIMITED WARRANTIES DO NOT APPLY TO MODIFICATIONS TO THE SERVICES OR THE DELIVERABLES MADE BY CUSTOMER UNLESS PERFORMED AT THE DIRECTION OF COMPANY. COMPANY SHALL NOT BE LIABLE FOR ANY LOSS OF DATA AND SHALL NOT BE RESPONSIBLE FOR RESTORING ANY LOST DATA OR SOFTWARE EXCEPT AS SPECIFICALLY DESCRIBED IN THIS AGREEMENT OR THE APPLICABLE ORDER. THE LIMITED WARRANTIES DO NOT APPLY TO ANY THIRD-PARTY PRODUCTS OR SERVICES, HOWEVER, AND TO THE EXTENT PERMITTED, COMPANY WILL PASS THROUGH ANY WARRANTIES FROM SUPPLIERS OF UNDERLYING SOFTWARE OR SERVICES. WITH THE EXCEPTION OF THE FOREGOING LIMITED WARRANTIES AND ANY OTHER WARRANTIES SET FORTH IN THIS AGREEMENT OR ANY ORDER, (I) COMPANY EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND RELATING TO THE SERVICES OR DELIVERABLES, WHETHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE OR PURPOSE, TITLE AND NON-INFRINGEMENT, AND (II) COMPANY MAKES NO WARRANTY THAT THE SERVICES AND ANY DELIVERABLES WILL MEET CUSTOMER'S REQUIREMENTS, THAT THE RESULTS OBTAINED FROM THE USE OF THE FOREGOING WILL BE SATISFACTORY, ACCURATE OR RELIABLE, OR THAT THE SERVICES OR DELIVERABLES WILL MEET CUSTOMER'S EXPECTATIONS. THE REPRESENTATIVES OF COMPANY HAVE NO AUTHORITY TO GIVE ANY WARRANTIES ON BEHALF OF COMPANY. CUSTOMER IS SOLELY RESPONSIBLE FOR ANY COURSE OF ACTION BASED ON SUCH SERVICES.

9.     Indemnification Obligations.

9.1.     Company Indemnity.

Company will defend and indemnify You and Your Affiliates, and Yours and their directors, officers, employees, and agents (“Customer Indemnitees”) from and against any and all third party claims, suits, actions or proceedings (each a “Claim”), arising out of: (a) any allegation that Your use of the Products or Services infringes or misappropriates a third party’s valid Intellectual Property Right, (b) Company’s breach of these Terms, and (c) any unauthorized access to or disclosure of data arising from Company’s negligence or willful misconduct or fraud in the performance of Services. Company, at its expense, will defend any such Claim by reason of Your use of the Products as permitted hereunder, and pay damages, payments, deficiencies, fines, judgments, settlements, liabilities, losses, costs and expenses (including, but not limited to, reasonable attorneys’ fees, costs, penalties, interest and disbursements) arising out of such Claim. In the event of a Claim pursuant to this §9.1(a), Company may, at Company’s option and at Company’s expense: (i) obtain for Customer the right to continue to exercise the license granted to Customer under these Terms; (ii) substitute the allegedly infringing component for an equivalent non-infringing component; or (iii) modify the Products to make them non-infringing. If (i), (ii), or (iii) is not obtainable on commercially reasonable terms, Company may terminate the applicable infringing Product(s) or Service(s), after providing Customer a reasonable time (no less than 30 days) to transition to an alternative solution, unless Company determines in its reasonable discretion that such use of the Products will likely result in infringement and in such case may terminate Customer’s access to the applicable infringing Product(s) or Service(s) immediately with concurrent written notice to Customer. In the event of a termination of such access pursuant to this §9.1 (Company Indemnity), all rights and licenses with respect to the Products will immediately cease and Company will promptly refund to Customer all prepaid Fees for the Products attributable to the Subscription Term (as outlined in the applicable Order) following the termination of the applicable infringing Product(s) or Service(s). Company’s indemnification obligations under this §9.1 (Company Indemnity) do apply to the extent Claims arise from or relate to: (a) any negligent or willful misconduct or fraud of any Customer Indemnitees in connection with its performance of its obligations under these Terms or an applicable Order; (b) any combination of the Products (or any portion thereof) by any Customer Indemnitees or any third party with any equipment, software, data or any other materials where the infringement would not have occurred but for such combination, unless such combination is the customary, ordinary, and intended use of the Products; (c) any modification to the Products by any Customer Indemnitees or any third party where the infringement would not have occurred but for such modification; (d) the use of the Products by any Customer Indemnitees or any third party in breach of the terms of these Terms where the infringement would not have occurred but for such breach; or (e) Customer’s continued use of the infringing Product(s) or Service(s) after Company has provided a substantially equivalent non-infringing software or service.

9.2.     Customer Indemnity.

Customer will defend and indemnify Company and its Affiliates, and its and their directors, officers, employees and agents (“Company Indemnitees”) from and against any Claim, and be liable for any related damages, payments, deficiencies, fines, judgments, settlements, liabilities, losses, costs and expenses (including, but not limited to, reasonable attorneys’ fees, costs, penalties, interest and disbursements) arising out of: (i) Customer’s use of the Products in breach of these Terms; (ii) Customer’s use of any third party Intellectual Property in connection with the Product(s) or Service(s) in breach of these Terms where such Claim would not have occurred but for such use; (iii) Customer’s breach of these Terms or any Order; or (iv) the failure of Your administrators of Your account to reasonably maintain the confidentiality of their login information to such account.

9.3.     Procedures.

The indemnified Party will: (i) give prompt written notice of the Claim to the indemnifying Party once the indemnified Party becomes aware of the Claim (provided that failure to provide prompt written notice to the indemnifying Party will not alleviate an indemnifying Party’s obligations under this §9 (Indemnification Obligations) to the extent any associated delay does not materially prejudice or impair the defense of the related Claims); (ii) grant the indemnifying Party sole control of the defense (including granting the indemnifying Party the right to select and use counsel of its own choosing) and the right to settle the Claim (except that the indemnified Party’s prior written approval will be required for any settlement that reasonably can be expected to require the indemnified Party to pay any money, admit any wrongdoing or otherwise be prejudiced); and (iii) provide reasonable cooperation to the indemnifying Party and, at the indemnifying Party’s request and expense, assist in the defense or settlement of the Claim. The indemnified Party reserves the right to engage its own counsel to assist in the defense at its own cost and expense.

10.  LIMITATION OF LIABILITY.

(A) IN NO EVENT WILL EITHER PARTY’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO COMPANY (OR ITS RESELLER) UNDER THESE TERMS FOR SIX (6) MONTHS PRIOR APPLICABLE FEES FROM THE TIME OF THE EVENT OR EVENTS FROM WHICH THE ALLEGED DAMAGES ARISE.

(B) NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN,  §10(A) AND §10(C) SHALL NOT APPLY TO (I) A PARTY’S OR ITS REPRESENTATIVES’ BREACH OF §3 (RESTRICTIONS AND ACCESS) OR, §7 (CONFIDENTIALITY), (II) A PARTY’S OR ITS REPRESENTATIVES’ GROSS NEGLIGENCE, WILLFUL MISCONDUCT, FRAUD, OR VIOLATION OF APPLICABLE LAW, OR (III) A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER §9.1 (COMPANY INDEMNITY) AND §9.2 (CUSTOMER INDEMNITY).

(C) IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY LOSS OF PROFITS, LOSS OF USE, LOSS OF REVENUE, LOSS OF GOODWILL, ANY INTERRUPTION OF BUSINESS, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING OUT OF, OR IN CONNECTION WITH THESE TERMS, WHETHER IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OR IS OTHERWISE AWARE OF THE POSSIBILITY OF SUCH DAMAGES. MULTIPLE CLAIMS WILL NOT EXPAND THIS LIMITATION. THIS §10 (LIMITATION OF LIABILITY) WILL BE GIVEN FULL EFFECT EVEN IF ANY REMEDY SPECIFIED IN THESE TERMS IS DEEMED TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

11.  Term, Termination and Effect of Termination.

11.1.  Term.

Unless otherwise agreed to in writing among Parties, the term of these Terms will begin on the Effective Date and continue for twelve (12) months (the “Term”), and thereafter these Terms shall renew for additional successive periods identical in length to the initial Term. Each Order will outline the Subscription and Term for applicable Product(s) and/or Service(s) under such Order. Unless either Party notifies the other in writing no less than sixty (60) days prior to the close of the then-current Subscription or Term of its intention to not renew, the Subscription and Term will automatically renew for additional successive periods identical to the initial Subscription and “Renewal Term”. Any Subscription or Term may also (i) be terminated in accordance with §11.2 (Termination) below; or (ii) be terminated by Us in accordance with §9 (Indemnification Obligations).

11.2.  Termination.

(a) Either Party may terminate these Terms or an Order, for cause, if the other Party: (i) materially breaches these Terms and does not cure such breach within thirty (30) days after its receipt of written notice of such breach; or (ii) becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to direct control of a trustee, receiver or similar authority.

(b) Company may terminate these Terms immediately for cause by providing concurrent notice to You if We believe that You are using the Product(s) or Service(s) in any unauthorized manner likely to cause harm to Company, the Products or a third party.

11.3.  Effect of Termination.

Upon any termination or expiration of these an Order: (i) all rights and licenses granted to Customer with respect to Product(s) and/or Service(s) licensed under such Order will immediately terminate; (ii) all of Our obligations under the applicable Order (including, Our performance of the Company Support) will immediately cease; (iii) there will be no refund for any pre-paid and unused Fees under such Order as of the termination date (except where You terminate these Terms in connection with §11.2 (Termination), and You will pay Us in accordance with §5 (Billing, Plan Modification and Payments) any Fees due and payable under such Order as of the termination date; (iv) upon receiving a written request from the Disclosing Party, the Receiving Party will promptly return to the Disclosing Party all Confidential Information of the Disclosing Party then in its possession or destroy all copies of such Confidential Information, at the Disclosing Party’s sole discretion and direction; and (v) You will promptly cease all use of the Products licensed under such Order and destroy and/or permanently delete all copies of any components of such Products in Your possession. Company reserves the right to investigate suspected violations of Customer’s obligations under §11.3(v) herein. Customer will immediately confirm, in writing, that it has complied with these §§11.3(iv) and 11.3(v) at Our request. Company will immediately confirm, in writing, that it has complied with §11.3(iv) at Customer’s request.  Upon termination or expiration of these Terms, these Terms shall remain in full force and effect until all Orders under the MSA are terminated or expire, unless otherwise agreed to the Parties in writing. Notwithstanding any terms to the contrary in these Terms, §§3 (Restrictions and Access), 4 (Ownership and Reservation of Rights), 5 (Billing, Plan Modifications and Payments), 7 (Confidentiality), 8.2 (Subcontracting), 9 (Indemnification Obligations), 10 (Limitation of Liability), 11.3 (Effect of Termination), 12 (General Provisions) will survive any termination of these Terms.

12.  General Provisions.

12.1.  Dispute Resolution.

Dispute Resolution. Any claim or dispute between the Parties and arising out of, or in connection with, this Agreement, an Order, or the relationship created between the Parties as a result of this Agreement (a “Dispute”) that cannot be resolved by direct discussions between the Parties shall be resolved by a court of competent jurisdiction in accordance with §12.4 (Governing Law and Venue).

12.2.  Entire Agreement.

These Terms, together with all exhibits attached thereto (all of which are incorporated herein by reference), set forth the entire agreement and understanding of the Parties relating to Your subscription to the Products, and the Parties herein expressly agree that these Terms supersede all prior or contemporaneous potentially or actually conflicting terms in agreements, proposals, negotiations, conversations, discussions and/or understandings, whether written or oral, with respect to such subject matter and all past dealing or industry customs (including without limitation any nondisclosure agreement among the Parties relating to any prior use of the Products, any Order and/or another agreement among the Parties in connection with Your consideration and/or evaluation of the Products), excluding only any written agreement executed by You and Company, expressly referencing these Terms and only to the extent expressly superseding specific terms in these Terms.

12.3.  Independent Contractors.

Neither Party will, for any purpose, be deemed to be an agent, franchisor, franchise, employee, representative, owner or partner of the other Party, and the relationship between the Parties will only be that of independent contractors. Neither Party will have any right or authority to assume or create any obligations or to make any representations or warranties on behalf of any other Party, whether express or implied, or to bind the other Party in any respect whatsoever.

12.4.  Governing Law and Venue.

These Terms will be governed by and construed in accordance with the laws of the State of California, without regard to conflict of law principles. The state or federal court in Santa Clara County, California will be the jurisdiction in which any suits, actions or other proceedings should be filed if they relate to these Terms, and each Party hereby consents to the sole and exclusive jurisdiction of the state and federal courts sitting in California. Prior to the filing or initiation of any action or proceeding relating to these Terms, the Parties must participate in good faith mediation in Santa Clara County, California (except an action or proceeding required to protect or enforce a Party’s Intellectual Property Rights). If a Party initiates any proceeding regarding these Terms, the non-prevailing Party to such proceeding shall reimburse the prevailing party for its reasonable attorneys’ fees and costs actually incurred for claims arising out of these Terms upon receipt of a final order in its favor from a court of competent jurisdiction.

12.5.  Publicity.

Both Parties agree that neither Party may reference and use the name and trademarks of the Other Party or its suppliers in marketing and promotional materials, including, but not limited to either Party’s website, without prior written consent of Other Party.

12.6.  Assignment.

Neither these Terms nor any right or duty under these Terms may be transferred, assigned or delegated by a Party, by operation of law or otherwise, without the prior written consent of the other Party and such consent shall not be unreasonably delayed or withheld. Any attempted transfer, assignment or delegation without such consent will be void and without effect. Notwithstanding the foregoing, each Party may assign these Terms to a successor of substantially all of its business or assets, whether by merger, sale of assets, sale of stock, sale of control, reorganization or otherwise, with written notice to the other Party. These Terms will be binding upon and will inure to the benefit of the Parties and their respective representatives, heirs, administrators, successors and permitted assigns.

12.7.  U.S. Government Rights.

If Customer is, or is entering into this Agreement on behalf of, any agency or instrumentality of the United States Government, the Product and the Documentation are “commercial computer software” and “commercial computer software documentation,” and pursuant to FAR 12.212 or DFARS 227.7202, and their successors, as applicable, use, reproduction and disclosure of the Documentation are governed by the terms of this Agreement.

12.8.  Export Compliance.

The Products, and Company Software or other components of the Products which We may provide or make available to You for use by Your users are subject to U.S. export control and economic sanctions laws. You agree to comply with all such laws and regulations as they relate to Your access to and use of the Products. You shall not access or use the Products if You are located in any jurisdiction in which the provision of the Products is prohibited under U.S. or other applicable laws or regulations (a “Prohibited Jurisdiction”) and You agree not to grant access to the Products to any government, entity or individual located in any Prohibited Jurisdiction. You represent, warrant and covenant that (i) You are not named on any U.S. government list of persons or entities prohibited from receiving U.S. exports, or transacting with any U.S. person; (ii) You are not a national of, or a company registered in, any Prohibited Jurisdiction; (iii) You shall not permit users to access or use the Products in violation of any U.S. or other applicable export embargoes, prohibitions or restrictions; and (iv) You shall comply with all applicable laws regarding the transmission of technical data exported from the U.S. and the country in which You and users are located. You represent that neither You nor, to your knowledge, any of Your subsidiaries is an entity that (a) is directly or indirectly owned or controlled by any person or entity currently included on the Specially Designated Nationals and Blocked Persons List or the Consolidated Sanctions List maintained by the Office of Foreign Assets Control, US Department of the Treasury ("OFAC") or other similar list maintained by any governmental entity, or (b) is directly or indirectly owned or controlled by any person or entity that is located, organized, or resident in a country or territory that is, or whose government is, the target of sanctions imposed by OFAC or any other governmental entity.

12.9.  Amendments and Waivers.

No modification, addition or deletion, or waiver of any rights under these Terms will be binding on a Party unless made in a written agreement executed by a duly authorized representative of each Party. No failure or delay (in whole or in part) on the part of a Party to exercise any right or remedy hereunder will operate as a waiver thereof or effect any other right or remedy, and no waiver of one breach or default or any delay in exercising any rights will not constitute a waiver of any subsequent breach or default. All rights and remedies hereunder are cumulative and are not exclusive of any other rights or remedies provided hereunder or by law.

12.10.   Notices.

Any legal notice (whether these Terms expressly state “written notice” or “notice”) or communication required or permitted to be given hereunder must be in writing, signed or authorized by the Party giving notice, and may be delivered by hand, deposited with an overnight courier, sent by confirmed email, confirmed facsimile, or mailed by registered or certified mail, return receipt requested, postage prepaid, in each case to the address of the receiving Party as identified in the signature box below, on a valid Order, in the case of Company to legal@whitedogcyber.com, or at such other address as may hereafter be furnished in writing by either Party to the other Party. Such notice will be deemed to have been given as of the date it is delivered if delivered by in person, otherwise notice is effective on the earlier of three (3) business days from being deposited for delivery or the date on the confirmed facsimile, confirmed email or courier receipt.

12.11.   Severability.

If any provision of these Terms is deemed invalid, illegal, or incapable of being enforced by any rule of law or public policy, all other provisions of these Terms will nonetheless remain in full force and effect. Upon such determination that any provision is invalid, illegal, or incapable of being enforced, the Parties will negotiate in good faith to modify these Terms so as to affect the original intent of the Parties as closely as possible in an acceptable manner to the end that the transactions contemplated hereby are fulfilled.

12.12.   Force Majeure.

Except for payments past due under these Terms, a Party will not be responsible for any failure to perform or delay to the extent caused by any cause beyond its reasonable control, including but not limited to acts of God (fire, storm, floods, earthquakes, etc.), civil disturbances, disruption of telecommunications, disruption of power or other essential services, interruption or termination of service provided by any service providers being used by Us, labor disturbances, vandalism, cable cut, computer viruses or other similar occurrences, or any malicious or unlawful acts of any third party (a “Force Majeure Event”). The Party affected by a Force Majeure Event shall use commercially reasonable efforts to minimize the disruption caused by such Force Majeure Event. The affected Party shall immediately notify the other Party of the occurrence of the Force Majeure Event, providing a description of the event, its expected duration, and the steps being taken to mitigate its impact. Upon request, the affected Party will provide supporting evidence of the Force Majeure Event. If the Force Majeure Event continues for more than ninety (90) days or longer, Customer may terminate these Terms.

‍

(Updated on February 14, 2025)

TRADEMARK USAGE GUIDELINES

For Licensees, Press and Other Third Parties

The name WhiteDog is widely associated with high quality customer service products and services. This and other trademarks of WhiteDog. (“Trademarks”) are valuable and important intellectual property assets of the WhiteDog. Customers globally utilize WhiteDog’s advanced security solutions (collectively, “Services”) to secure their endpoints, networks, and users against all types of malicious activity, and a uniform, proper use of our Trademarks by all our licensees is key to our ability to associate our Trademarks with the quality of our Services.

These Guidelines set out our policies for proper use of our Trademarks by our licensees and other authorized users. They were designed to help you to properly refer to our Trademarks, correctly use our logos in different circumstances, and otherwise guide your permissible use of the Trademarks. We ask all our authorized users to follow these Guidelines carefully when using any of our Trademarks.

WHAT IS A TRADEMARK?

A trademark is a word, name, symbol or design (or a combination thereof) that identifies the goods or services of a specific person or WhiteDog and distinguishes them from the goods and services of others. A trademark helps its owner to assure consumers of the quality and unique attributes of such products and services, thus helping the promotion of those goods and services.

GENERAL GUIDELINES:

WhiteDog is the exclusive owner of its Trademarks, and we reserve all rights not expressly granted in these Guidelines. Particularly, all the goodwill derived from using our Trademarks shall inure solely to the benefit of WhiteDog. The following list specifies registered and other Trademarks of WhiteDog, Inc. in the United States and other countries:

Stylized Trademarks (word marks and logos):

Word Trademarks:

WhiteDog (top level Trademark associated with all the Services)

Our list of Trademarks is always changing as we add new products and services. For an updated list of our Trademarks please review this section in these Guidelines periodically.

If you are licensed user of our Trademarks, please also refer to special trademark usage requirements that may be included in your license agreement. You must abide by such requirements in addition to complying with these Guidelines. If you have any questions about these Guidelines or our Trademarks, please contact us at legal@whitedogcyber.com.

You may use our Trademarks to describe accurately how your products or services relate to our products, as long as you observe these Guidelines and maintain a clear distinction between your products and services and the Services, and between your trademarks and our Trademarks. You may not mislead anyone to think that your products or services are somehow offered, endorsed or sponsored by WhiteDog or any of its subsidiaries.

SPECIFIC “DO” AND “DON’T DO” GUIDELINES:

Use our Trademarks with permission.

You may not use our Trademarks unless you have a written agreement with WhiteDog or you otherwise receive our written permission to use the Trademarks. Upon receiving such permission, your use must be limited to these Guidelines, and the limited permission you have received to use specific Trademarks.

Include appropriate attribution.

Always include the appropriate trademark symbol (® or ™, as indicated near each of our Trademarks) near any of our Trademarks in the most prominent place where you use such Trademarks in any document or web page.

Usage rules for our logos.

In using our logos (i) do not alter or distort the appearance of the logo in any way, for example, by adding your own design elements or colors, or changing the font, (ii) use our logos exactly as they appear in these Guidelines, without changing their size, (iii) allow for clear space around our logos, (iv) maintain the legibility of our logos and keep them sharp, clear and well-produced, and (v) do not use them for decorative purposes in marketing or packaging materials, or in your website.

Distinguish our Trademarks from your trademarks.

Do not place your WhiteDog name, trademarks, service marks or product names immediately next to (or combined with) our Trademarks. Keep our word Trademarks distinguishable from the surrounding text – acceptable ways to do that include capitalizing our word Trademarks, enclosing them in quotes, and/or using a different font or style for our Trademarks.

In describing your services or products in reference to our Services, make sure that (i) the reference phrase you use is accurate and complies with the requirements of these Guidelines, (ii) our Trademarks are clearly distinguished from your products and services names, and (iii) our Trademarks are not part of, mixed with, or incorporated into your WhiteDog, or your products, services or domain names.

Do not use our Trademarks as the name of your WhiteDog, products or as your domain name.

Do not use all or parts of our Trademarks in a manner that may imply sponsorship or corporate affiliation between WhiteDog and your WhiteDog, products or services, or that may dilute the distinctive nature of our Trademarks. For example, do not use WhiteDog, product, website or domain names that combine our Trademarks with other words, terms or trademarks (e.g., naming your product “WhiteDogxyz” or your website “WhiteDogmexperts.com”).

Do not copy the look and feel of WhiteDog’s Trademarks, Website or product line.

Do not imitate our Trademarks, logos, logotypes, trade dress, or other elements of our product packaging and Web site in any of your advertising, product packaging, promotional and other materials. For example, in describing the WhiteDog Services in connection with your products or services, do not use the typestyle we use for our logos so as to create an impression of association between WhiteDog and your WhiteDog. As another example, do not name your product “WhiteDogSecurity,” “WhiteDogService” or a similar name in marketing materials promoting our respective integrated products.

Do not alter our Trademarks.

You may not change the appearance of our Trademarks by abbreviating them, incorporating them into acronyms, changing their spelling, using them in parts, changing their looks, or using improper capitalization.

Use our Trademarks only as Adjectives or Proper Nouns.

Use our Trademarks as adjectives followed by the appropriate generic product noun describing the relevant product or service (e.g., “the WhiteDog endpoint protection platform rocks”). You may also use the Trademarks without a modifier but only when describing the underlying product’s properties (e.g., “WhiteDog provides analytics tools” but not “WhiteDog works well”). NEVER USE OUR TRADEMARKS IN NOUN, VERB, PLURAL OR POSSESSIVE FORMS.

Do not bid on our Trademarks

Unless expressly permitted in a written agreement among you and WhiteDog, you may not bid on any Trademark or any variant or extension thereof as a key word on any Web-based search engine.

Do not attempt to register our marks.

You may not attempt to register any of our Trademarks. Similarly, you may not register in any jurisdiction a domain name that uses all or a part of our Trademarks in a manner that may create confusion as to WhiteDog’s sponsorship, affiliation or endorsement of your WhiteDog, products or services.

Other Commitments.

If requested, you must provide WhiteDog with samples of your marketing materials that contain any of our Trademarks.

Do not use our Trademarks in a disparaging or degrading way.

If you are aware of any usage by any person of our Trademarks in violation of these Guidelines, please contact us at legal@whitedogcyber.com and inform us of such usage.

‍

(Updated on February 14, 2025)

In addition to curating the most advanced security solutions to deliver the “Company” (WhiteDog) Solutions, we are also dedicated to protecting all the data that we collect, in accordance with industry best standards and practices. Our customers demand the highest levels of data security, and many have tested our Solutions to verify that it meets their standards.

We recognize that our customers’ information must be well managed, controlled and protected. To that end, We have a dedicated security team that oversees Company’s information security program, which encompasses high-quality network security, application security, identity and access controls, change management, vulnerability management and third-party penetration testing, log/event management, vendor risk management, physical security, endpoint security, physical security, governance & compliance, and people/HR security, disaster recovery and a host of additional controls. Among other things, Our servers are protected by high-end firewall systems, scans are performed regularly to ensure that any exposed vulnerabilities are quickly found and patched, complete penetration tests are performed yearly, customer data is processed and stored at a specific location known to the customer within a specific region such as North America, Europe or Asia, access to systems is restricted to specific individuals based on “need to know” principles and monitored and audited for compliance, We use Transport Layer Security (TLS) encryption (also known as HTTPS) for all customer data transfers, and customers can elect to have all their data encrypted at rest Our Solutions are hosted by AWS, which is independently audited using the ISO 27001 and SOC 2 Type II Standards as described here.

Finally, if you are a customer we ask that you ensure that your administrators of the Solutions ensure sound security practices in maintaining access credentials to your instance of the Solutions, including strong account passwords and access restrictions to your accounts to authorized persons. Where customers become aware of a compromise to any of their account credentials, we ask that you notify us immediately by contacting our Support Team.

(Updated on February 14, 2025)

PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

This Privacy Notice for California Residents (“CA Privacy Notice”) applies solely to Consumers (as defined below) who reside in the State of California. We adopt this CA Privacy Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms used in this CA Privacy Notice shall have the same meaning as defined in CCPA. Capitalized terms not defined but used herein have the meaning assigned to such terms in the “Company” (WhiteDog) Privacy Policy.

Information We Collect from Consumers
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device ("personal information"). Our obligations under this CA Privacy Notice apply to any natural person who is a California resident (as defined in Section 17014 of Title 18 of the California Code of Regulations), however identified, including any unique identifier (“Consumer”).

Specific Categories of Personal Information We Collect
The categories of personal information we have collected from Consumers within the last twelve (12) months are:

Category A: basic Identifiers (such as a name, Internet Protocol address, email address).

Category B: Personal information categories listed in the California Customer Records statute (such as name, corporate address, corporate telephone number).

Category C: Internet or other similar network activity (such as browsing history, search history, and information regarding a consumer’s interaction with our Site).

Category D: Professional or employment-related information.

We obtain the categories of personal information listed above from the following categories of sources:

·      Directly from you: limited to data collected from administrators of the Company Solutions.

·      Indirectly from you: primarily from computing devices protected by the Company Solutions, but also from observing your actions on our Website.

Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:

To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request support in connection with your subscription to the Solutions, We will use that personal information to respond to your inquiry.

To create, maintain, customize, and secure your account with Us.

To provide you and the company you work with the Solutions as requested by such company.

To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve Our responses.

To help maintain the safety, security, and integrity of our Site, Solutions and Our business.

For testing, research, analysis, and product development, including to develop and improve Our Site and Solutions.

To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information
We may disclose your personal information to a third party for a Business Purpose. When we disclose personal information for a Business Purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. Such disclosure for a Business Purpose in each case is limited to Service Providers

Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, Company has disclosed the following categories of personal information for a Business Purpose:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Internet or other network activity.

Category D: Professional or employment-related information.

** Sales of Personal Information **
In the preceding twelve (12) months, Company did not sell any personal information from any of the categories of personal information. Company will not sell any personal information from any of the categories of personal information

Your Rights and Choices
Access to Specific Information and Data Portability Rights

You have the right to request that We disclose certain information to you about Our collection and use of your personal information over the past 12 months. Once We receive and confirm your verifiable consumer request, We will disclose to you:

The categories of personal information We collected about you.

The categories of sources for the personal information We collected about you.

Our business or commercial purpose for collecting that personal information.

The categories of third parties with whom We share that personal information.

The specific pieces of personal information We collected about you.

If we disclosed your personal information for a Business Purpose, the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request we will delete (and direct our service providers to delete) your personal information from our records, unless an exception under CCPA applies.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable Consumer request to the Contact Information listed below.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable Consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Specifically, we will not:

Deny you goods or services.

Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

Provide you a different level or quality of goods or services.

Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Changes to Our Privacy Notice
We will review this CA Privacy Notice annually as required by applicable law, and otherwise reserve the right to amend it at our reasonable discretion in accordance with law. When We make changes to this CA Privacy Notice, we will post the updated notice on the Site and update the notice's effective date. Your continued use of Our Site following the posting of changes constitutes your acceptance of such changes.

Contact Information
If you have any questions or comments about this CCPA Privacy Notice, the ways in which Company collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: privacy@whitedogcyber.com

Website: https://www.whitedogcyber.com/

Postal Address:

590 Laurelwood Road, Santa Clara, CA 95054, United States
Attn: Data Protection Officer

‍

(Updated on February 14, 2025)

This Data Protection Addendum (“DPA”), including all appendices, forms a part of the Master Services Agreement (“Agreement”) between “Company” (WhiteDog) and “Customer” (As defined in the Agreement). The parties agree that this DPA sets forth their obligations with respect to the processing and security of Customer Data in connection with Customer’s use of the Solutions. Capitalized terms defined in this DPA shall apply to this DPA, and any terms not defined in this DPA shall have their meaning as defined in the Agreement.

Capitalized terms will have the meaning assigned to such terms where defined throughout these Terms. Each of Company or Customer is sometimes described in these Terms as a “Party” and together, “Parties,” which Parties agree as follows:

1.                     DEFINITIONS.

1.1.                 “Adequate Country” means:

1.1.1.             For data processed subject to the EU GDPR: the EEA, or a country or territory that is the subject of an adequacy decision by the Commission under Article 45(1) of the GDPR;

1.1.2.             For data processed subject to the UK GDPR: the UK or a country or territory that is the subject of the adequacy regulations under Article 45(1) of the UK GDPR and Section 17A of the Data Protection Act 2018;

1.1.3.             For data processed subject to the Swiss FDPA: Switzerland, or a country or territory that (i) is included in the list of the states whose legislation ensures an adequate level of protection as published by the Swiss Federal Protection and Information Commissioner, or (ii) is the subject of an adequacy decision by the Swiss Federal Council under the Swiss FDPA.

1.2.                 “Data Privacy Laws” include:

1.2.1.             California Consumer Privacy Act of 2018, Cal. Civil Code Sec. 1798.100 et seq. and its implementing regulations, as amended by the California Privacy Rights Act of 2020 (“CCPA”);

1.2.2.             EU General Data Protection Regulation 2016/679 (“GDPR”) and EU Directives 2002/58/EC and 2009/136/EC (each as implemented into the national laws of EU Member States);

1.2.3.             Other equivalent laws and regulations in other jurisdictions, each as amended, consolidated, or replaced from time to time herein (collectively, Data Privacy Laws).

1.3.                 “Alternative Transfer Mechanism” means a mechanism, other than the SCCs, that enables the lawful transfer of personal data to a third country in accordance with European Data Protection Laws.

1.4.                 “Customer Personal Data” means the personal data contained within the Customer Data;

1.5.                  “Contracted Processor” means Company or a Company Sub-processor.

1.6.                 “European Data Protection Laws” means, as applicable: (i) the GDPR; (ii) the UK GDPR; and/or (iii) the Swiss FDPA.

1.7.                 “Non-European Data Protection Laws” means all laws and regulations that apply to Company processing Customer Personal Data under the Agreement that are in force outside the European Economic Area, the UK, and Switzerland.

1.8.                 “Security Breach” means a breach of Company’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed or otherwise controlled by Company.

1.9.                 “SCCs” means the SCCs (EU Controller-to-Processor), SCCs (EU Processor-to-Processor), and SCCs (UK Controller-to-Processor).

1.10.              “Sub-processor” means other processors used by Company to process Customer Data, as described in Article 28 of the GDPR.

1.11.              “Swiss FDPA” means the Federal Data Protection Act of June 19, 1992 (Switzerland).

1.12.              “UK GDPR” means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, and applicable secondary legislation made under the same.

1.13.              The terms “personal data”, “data subject”, “processing”, “controller”, and “processor” as used in this DPA have the meanings given in the GDPR irrespective of whether European Data Protection Laws apply.

1.14.              The word “include” shall be construed to mean include without limitation, and cognate terms shall be construed accordingly.

2.                     PROCESSING OF CUSTOMER PERSONAL DATA.

2.1.                 If European Data Protection Laws apply to the processing of Customer Personal Data:

2.1.1.             the subject matter and details of the processing are described in Appendix 1;

2.1.2.             Company is a processor of that Customer Personal Data under European Data Protection Laws;

2.1.3.             Customer is a controller or processor of that Customer Personal Data under European Data Protection Laws;

2.1.4.             Each party will comply with the obligations applicable to it under the European Data Protection Laws with respect to the processing of that Customer Personal Data.

2.2.                 If Non-European Data Protection Laws apply to either party’s processing of Customer Personal Data, the relevant party will comply with any obligations applicable to it under that law with respect to the processing of that Customer Personal Data.

2.2.1.             For California Residents, please see the CCPA Privacy Notice for California Residents.

2.3.                 Company shall:

2.3.1.             Not process Customer Personal Data other than to provide the Solutions in accordance with the Agreement (including as set forth in this DPA and as described in Appendix 1 to this DPA), unless processing is required by applicable law to which the relevant Contracted Processor is subject (the** “Permitted Purpose”**), in which case Company shall to the extent permitted by applicable law inform the Customer of that legal requirement before the relevant processing of that Customer Personal Data;

2.3.2.             Immediately notify Customer if, in Company’s opinion, European Data Protection Laws prohibit Company from complying with the Permitted Purpose or Company is otherwise unable to comply with the Permitted Purpose. This Section does not reduce either party’s rights or obligations elsewhere in the Agreement.

2.4.                 Customer hereby:

2.4.1.             Instructs Company to process Customer Personal Data for the Permitted Purpose;

2.4.2.             Warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instruction set out herein on behalf of each relevant Customer Affiliate.

3.                     SECURITY.

3.1.                 Company will implement and maintain the technical and organizational measures set forth in Appendix 2 (the “Security Measures”). Company may update the Security Measures from time to time provided that such updates do not result in a reduction of the security of the Solutions.

3.2.                 Without prejudice to Company’s obligations under Section 3.1 above and elsewhere in the Agreement, Customer is responsible for its use of the Solutions and its storage of any copies of Customer Data outside Company’s or Company’s Sub-processors’ systems, including: (i) using the Solutions to ensure a level of security appropriate to the risk to the Customer Data; (ii) securing the authentication credentials, systems, and devices Customer uses to access the Solutions; and (iii) backing up its Customer Data as appropriate.

3.3.                 Customer agrees that the Solutions and Security Measures implemented and maintained by Company provide a level of security appropriate to the risk to Customer Data.

4.                     SUBPROCESSING.

4.1.                 Customer specifically authorizes Company to engage as Sub-processors those entities listed as of the effective date of this DPA in Section 4.2. In addition, and without prejudice to Section 4.4, Customer generally authorizes the engagement as Sub-processors of any other third parties (“New Sub-processors”).

4.2.                 Information about Sub-processors, including their functions and locations, is available upon request (as may be updated by Company from time to time in accordance with this DPA).

4.3.                 When any New Sub-processor is engaged while this DPA is in effect, Company shall provide Customer at least thirty days’ prior written notice of the engagement of any New Sub-processor, including details of the processing to be undertaken by the New Sub-processor. If, within thirty days of receipt of that notice, Customer notifies Company in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on that New Sub-processor’s inability to adequately safeguard Customer Data, then (i) Company shall work with Customer in good faith to address Customer’s objections regarding the New Sub-processor; and (ii) where Customer’s concerns cannot be resolved within thirty days from Company’s receipt of Customer’s notice, notwithstanding anything in the Agreement, Customer may, by providing Company with a written notice with immediate effect, terminate the Agreement and Company shall forgo any unpaid fees for the Services attributable to the subscription term (as outlined in the applicable Purchase Order under the Agreement) following the termination of the Agreement.

4.4.                 With respect to each Sub-processor, Company shall:

4.4.1.             before the Sub-processor first processes Customer Data, carry out adequate due diligence to ensure that the Sub-processor is capable of performing the obligations subcontracted to it in accordance with the Agreement (including this DPA);

4.4.2.             ensure that the processing of Customer Data by the Sub-processor is governed by a written contract including terms no less protective of Customer Data than those set out in this DPA and, if the processing of Customer Personal Data is subject to European Data Protection Laws, ensure that the data protection obligations in this DPA are imposed on the Sub-processor; and

4.4.3.             remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Sub-processor.

5.                     INDIVIDUAL RIGHTS.

5.1.                 Taking into account the nature of the processing, Company shall assist Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer’s obligations, as reasonably understood by Customer, to respond to requests to exercise Individual rights under the Data Protection Laws.

5.2.                 Company shall:

5.2.1.             promptly notify Customer if any Contracted Processor receives a request form an Individual under any Data Protection Law with respect to Customer Personal Data to the extent that Company recognizes the request as relating to Customer; and

5.2.2.             ensure that the Contracted Processor does not respond to that request except on the documented instructions of Customer or as required by applicable laws to which the Contracted Processor is subject, in which case Company shall to the extent permitted by applicable laws inform Customer of that legal requirement before the Contracted Processor responds to the request.

6.                     SECURITY BREACHES.

6.1.                 Company shall notify Customer promptly and without undue delay upon becoming aware of a Security Breach for which notification to a supervisory authority or data subject is required under applicable European or Non-European Data Protection Laws, and promptly take reasonable steps to minimize harm and secure Customer Data.

6.2.                 Company’s notification of a Security Breach will describe: the nature of the Security Breach including the Customer resources impacted; the measures Company has taken, or plans to take, to address the Security Breach and mitigate its potential risk; the measures, if any, Company recommends that Customer take to address the Security Breach; and details of a contact point where more information can be obtained. If it is not possible to provide all such information at the same time, Company’s initial notification will contain the information then available and further information will be provided without undue delay as it becomes available.

6.3.                 As it pertains to any Security Breach, Company has no obligation to assess Customer Data in order to identify information subject to any specific legal requirements pertaining to notification or otherwise.

6.4.                 Company’s notification of or response to a Security Breach under this Section will not be construed as an acknowledgement by Company of any fault or liability with respect to the Security Breach.

7.                     IMPACT ASSESSMENTS AND PRIOR CONSULTATION.

7.1.                To the extent Company is required by Data Protection Laws, Company shall (taking into account the nature of the processing and the information available to Company) provide reasonable assistance to Customer with any impact assessments or prior consultations with data protection regulators by providing information in accordance with § 9 (AUDITS AND RECORDS).

8.                     DATA DELETION.

8.1.                 Company shall promptly and in any event within sixty days of the date of cessation of providing any Solutions involving the processing of Customer Data (the “Cessation Date”), delete all copies of Customer Data, unless applicable law requires storage.

8.2.                 Company shall provide written certification to Customer that it has complied with this Section within ten days of receiving Customer’s written request to receive such certification.

9.                     AUDITS AND RECORDS.

9.1.                 Company shall allow for, and contribute to, audits, including inspections, conducted by the Customer (or an independent auditor appointed by Customer) in accordance with the following procedures:

9.1.1.             Upon Customer’s request, Company will provide Customer or its appointed auditor with the most recent certifications and/or summary audit report(s), which Company has procured to regularly test, assess, and evaluate the effectiveness of the Security Measures.

9.1.2.             Company will reasonably cooperate with Customer by providing available additional information concerning the Security Measures to help Customer better understand such Security Measures.

9.1.3.             If further information is needed by Customer to comply with its own or other controller’s audit obligations or a competent supervisory authority’s request, Customer will inform Company to enable Company to provide such information or to grant access to it.

9.2.                 Company need not give access to its premises for the purposes of such an audit or inspection:

9.2.1.             To any individual unless he or she produces reasonable evidence of their identity and authority;

9.2.2.             To any auditor whom Company has not given its prior written approval to (not to be unreasonably withheld);

9.2.3.             Unless the auditor enters into a non-disclosure agreement with Company on terms acceptable to Company;

9.2.4.             Where, and to the extent that, Company considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of Company’s other customers or the availability of Company’s services to such other customers;

9.2.5.             Outside normal business hours at those premises;

9.2.6.             On more than one (1) occasion in any calendar year during the term of the Agreement, except for any additional audits or inspections which you are required to carry out under Data Protection Laws or by a Supervisory Authority, where you have identified the relevant requirement in its notice to Company of the audit or inspection.

9.3.                 The Parties shall discuss and agree the costs of any inspection or audit to be carried out by you or on your behalf in advance of such inspection or audit and, unless otherwise agreed in writing between the Parties, you shall bear any third party costs in connection with such inspection or audit (other than audits performed by regulatory agencies) and reimburse Company for all costs incurred by Company and time spent by Company (at Company’s then-current professional services rates) in connection with any such inspection or audit.

9.4.                 All requests under this Section 9 shall be made in writing to Company at legal@whitedogcyber.com.

10.                  RESTRICTED TRANSFERS.

10.1.              The parties acknowledge that European Data Protection Laws do not require SCCs or an Alternative Transfer Mechanism in order for Customer Personal Data to be processed in or transferred to an Adequate Country (“Permitted Transfers”).

10.2.              If the processing of Customer Personal Data involves any transfers that are not Permitted Transfers, and European Data Protection Laws apply to those transfers (“Restricted Transfers”), then:

10.2.1.          if Company announces its adoption of an Alternative Transfer Solution for any Restricted Transfers, Company will ensure that such Restricted Transfers are made in accordance with that Alternative Transfer Solution; or

10.2.2.          if Company has not adopted an Alternative Transfer Solution for any Restricted Transfers, then:

10.2.2.1.      the SCCs (EU Controller-to-Processor) and/or (EU Processor-to-Processor) will apply (according to whether Customer is a controller and/or processor) with respect to Restricted Transfers between Company and Customer that are subject to the EU GDPR and/or the Swiss FDPA; and

10.2.2.2.      the SCCs (UK Controller-to-Processor) will apply with respect to Restricted Transfers between Company and Customer that are subject to the UK GDPR.

11.                  GENERAL TERMS.

11.1.              Without prejudice to the Standard Contractual Clauses, (i) the parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Agreement with respect to any disputes or claims howsoever arising under this DPA, including disputes regarding its existence, validity or termination or the consequences of it nullity; and (ii) this DPA and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Agreement.

11.2.              Nothing in this DPA reduces Company’s obligations under the Agreement in relation to the protection of Customer Data or permits Company to process (or permit the processing of) Customer Data in a manner which is prohibited by the Agreement. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail.

11.3.              Subject to § 11.2, with regard to the subject matter of this DPA, in the event of inconsistencies between the provisions of this DPA and any other agreements between the parties, including the Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of this DPA shall prevail.

11.4.              Any liability associated with failure to comply with this DPA will be subject to the limitations of liability provisions stated in the Agreement.

11.5.              Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

APPENDIX 1:

DETAILS OF PROCESSING OF CUSTOMER PERSONAL DATA

Subject matter and duration of processing

Company will process Customer Personal Data as necessary to provide the Solutions pursuant to the Agreement. The duration of the processing will be until 60 days after the Cessation Date.

Nature and purpose of processing

Company will process Customer Personal Data only to the extent reasonably necessary to provide Customer the Solutions and associated Support. In the event that Company or any of its affiliates or subcontractors receive Personal Information, Company shall (i) not use such Personal Information for any purpose outside of its direct relationship with Customer; (ii) not sell, use, retain, disclose or otherwise process such Personal Information for any purpose other than the specific purpose of performing under this Agreement; (iii) shall implement appropriate technical and organizational security measures to keep all Personal Information secure and protected against unauthorized processing, theft, or accidental loss, damage or destruction; (iv) comply with all applicable Data Privacy Laws in relation to the processing of Personal Information; (v) process Personal Information only to the extent strictly necessary for the performance of its obligations, having regard to the provisions of applicable Data Privacy Laws; (vi) not transfer Personal Information to any location outside the UK or the EEA without first implementing a lawful data transfer mechanism in accordance with applicable Data Privacy Laws; and (vii) to the maximum extent permitted under applicable law, promptly, and in no later than 72 hours, notify Customer on becoming aware of any actual, suspected or alleged personal data breach including loss, leak or unauthorized processing of any Personal Information, or any other breach of this paragraph.

Company shall assist and cooperate with Customer in complying with its obligations under Privacy Laws, in particular with regard to Customer’s obligation to implement appropriate security measures, to carry out a data protection impact assessment, and to consult the competent data protection authority. During the time that Personal Information is in Company’s possession, Customer has no knowledge or reason to believe that Company is unable to comply with the provisions of this paragraph.

Categories of Data

Company processes the Customer Personal Data described below in relation to the Solution(s) a Customer contracts for:

Company may process the following categories of Customer Personal Data in connection with the Services:

·      user and endpoint data: agent ID, endpoint name, customer active directory user ID, user name, installed applications – installation time, size, publisher and version, SMTP user name, configuration data related to active directory integration;

·      full file path: will include personal data only if file name as named by Customer includes data;

·      in cases of suspected threats, the Company agent(s) collects for each process (file metadata, hash, file type, certificate, command line arguments, network access metadata (IP address, protocol), registry (created keys, deleted keys, modified key names);

·      network data (internal network IP address, public IP address (if running cloud-based Management Console);

·      threat information (file path, agent IDs, SMS messages content (which may include user names, IP addresses, file names);

·      live network monitoring (URLs, URL headers, time stamps); and

·      where Customer utilizes Company’s File Fetching feature: any Data contained in files fetched by Customer’s administrators.

Company may process the following categories of Customer Personal Data in connection with Services providing event or log aggregation:

·      data relating to individuals provided to Company by (or at the direction of) Customer in any data ingested by Customer to the Services.

Special categories of data

Customer Personal Data does not include special categories of personal data or data relating to criminal convictions or offenses, except where such data is uploaded by Customer in connection with the Services or accessed by Customer using the File Fetching feature of the Solutions.

Data subjects

Data subjects include the individuals about whom data is provided to Company via the Solutions by (or at the direction of) Customer.

APPENDIX 2:

TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

Company maintains an information security program that is designed to protect the confidentiality, integrity, and availability of Customer Data (the “Company Information Security Program”). The Company Information Security Program will be implemented on an organization-wide basis and will be designed to ensure Company’s compliance with data protection laws and regulations applicable to Company’s performance under the Agreement. The Company Information Security Program shall include the safeguards set forth below.

Domain

Practices

Organization of Information Security

Security Ownership. Company has appointed a senior security officer responsible for coordinating and monitoring the Company Information Security Program.

Security Roles and Responsibilities. Company personnel with access to Customer Data are subject to confidentiality obligations.

Risk Management Program. Company has implemented a security risk management program that is based on the trust services principles of security and availability. The Program defines a systematic and consistent process to ensure that security risks to Customer Data are identified, analyzed, evaluated, and treated. Risk treatment and the risk remaining after treatment (i.e., residual risk) is communicated to risk owners, who decide on acceptable levels of risk, authorize exceptions to this threshold, and drive corrective action when unacceptable risks are discovered.

Human Resource Security

Background Checks. Company takes reasonable steps to ensure the reliability of any employee, agent, or contractor who may have access to Customer Data, including by conducting background checks on all new employees to the extent permitted by applicable law in the jurisdiction where the employee is located.

Security Training. Company informs its personnel about the Company Information Security Program and applicable data privacy laws upon hire and annually thereafter. Company also informs its personnel of possible consequences – up to and including termination – of breaching the Company Information Security Program.

Asset Management

Inventory Maintenance. Assets utilized to process Customer Data are identified and an inventory of these assets is listed and maintained. Assets maintained in the inventory are assigned an owner. Company-provided assets are governed by Company’s acceptable use policy.

Return. All employees and external party users are required to return organizational assets in their possession upon termination of their employment, contract, or agreement.

Access Control

Internal Data Access. Company’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process Customer Data. Company employs a centralized access management system to control personnel access to production servers and only provides access to a limited number of authorized personnel. Company requires the use of unique user IDs, strong passwords, two-factor authentication, and monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on the authorized personnel’s job responsibilities, job duty requirements necessary to perform authorized tasks, and a need-to-know basis. The granting or modification of access rights must also be in accordance with Company’s internal data access policies and training. Access to systems is logged to create an audit trail for accountability.

Zero Trust. Employees must be in a Company office or connected via zero trust network (authenticated with user id + password + pin/token + device trust) before connecting to any system storing Customer Data.

Cryptography

Encryption Practices. Customer Data is encrypted in transit using TLS and at rest using a minimum of AES-256-bit ciphers where applicable.

Physical Security

Datacenter Security. The standard physical security controls at each geographically distributed data center utilized to host Customer Data are comprised of reliable, well-tested technologies that follow generally accepted industry best practices: custom-designed electronic card access control systems, alarm systems, biometric identification systems, interior and exterior cameras, and a 24x7x365 presence of security guards.

Office Access. Access to Company offices is protected via card access control systems, including individually assigned keycards, access logging, and interior and exterior surveillance and alarm systems.

Operations and Communications Security

Operational Policy. Company maintains security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Customer Data.

Network Security. Customer management console servers are isolated to help ensure that no access is possible among servers of different customers. Company network is protected by redundant firewalls, commercial-class router technology, micro-segmentation, and a host intrusion detection system on the firewall, host, and network that monitors malicious traffic and network attacks.

Vulnerability Assessment and Penetration Testing. Company conducts annual, comprehensive penetration testing. This includes testing of the management console and agents (black and grey box), corporate infrastructure penetration testing and socially targeted attacks, and public website automatic testing for open vulnerabilities. Continuous network vulnerability assessments are conducted on all servers in the corporate network and the production environment, both internally and externally.

Event Logging. Company logs access and use of information systems containing Customer Data, registering the access ID, time, authorization granted or denied, and relevant activity.

Data Deletion. Customer Data is deleted upon request or contract termination in accordance with the DPA.

Supplier Relationships

Approval Process. Before onboarding any supplier to process Customer Data, Company conducts an audit of the security and privacy practices of the supplier to ensure the supplier provides a level of security and privacy appropriate to their proposed access to Customer Data and the scope of the services they are engaged to provide. Once Company has assessed the risks presented by the supplier, the supplier is required to enter into appropriate security, confidentiality, and privacy terms prior to processing any Customer Data in accordance with the DPA.

Information Security Incident Management

Incident Response Process. Company has implemented a security incident management process for managing security incidents that may affect the confidentiality, integrity, or availability of its systems or data, including Customer Data. The process specifies courses of action, procedures for notification, escalation, mitigation, post-mortem investigations after each incident, response actions, periodic testing, and documentation.

Security Operations Center. Company has a dedicated SOC function that manages and monitors a Security Information & Event Management (SIEM) solution deployed across the organization.

Business Continuity Management

Customer Data Backups. Company conducts a daily backup of all Customer Data in the data center location chosen by the Customer to host Customer Data. Where available, backups are physically located in a different availability zone from where Customer Data is hosted (but within the same region). A monitoring process is in place to ensure successful ongoing backups within a defined RTO and RPO.

‍

(Updated on February 14, 2025)

These Support Terms (the “Support Terms”) detail the customer support provided by WhiteDog (“Company”) with respect to the Company solutions (“Solutions”) subscribed to by the customer (“Customer”) under the Company Terms of Service (“Terms,” available at Terms of Service, or another version of the Terms agreed to in writing among such Customer and Company) (“Support Services” as further detailed below below). Support Services are expressly conditioned on Customer abiding by terms of the Terms, and the Terms are hereby incorporated by reference to these Support Terms. Support Services provided to Customer are coterminous with the Subscription Term stated in a valid Order Form (each capitalized term, as defined in the Terms). Support Services are not cancellable during a given Solutions Subscription Term.

Capitalized terms not defined but used herein have the meaning assigned to such terms in the Terms. In the event of any conflict between these Support Terms and the Terms, the terms of the Terms shall control unless clearly stated otherwise in a version of these Support Terms executed by Company.

In the event Customer has purchased the Solutions and Support Services from Company through a Company authorized partner ("Partner"), Customer will be entitled to all the rights set forth herein as related to the Support Services purchased by Customer if Customer: (a) is the original purchaser of the covered Solutions, and (b) provided with its purchase subscription to the Solutions true, accurate, current and complete information to Company or the Partner, and maintains and updates such information to keep it true, accurate, current, and complete during Customer’s Subscription Term, subject to the relevant Partner providing certain support services to Customer under a separate agreement among Partner and Customer.

TERMS

“Action Plan” means a formal verbal or written description of the tasks to be undertaken by Company and Customer to diagnose, triage, and address a support issue, along with an approximate timeframe for the processing and completion of tasks.

“Initial Support Request” means support request submitted by designated Customer representative support contact or their designated Partner to report a suspected Malfunction.

“Interoperability” means a Malfunction caused by an interoperation of the Solutions with a software component at Customer's environment.

“Maintenance Window” means Friday between 5PM UTC -7 and Saturday 5PM UTC -7.

“Malfunction” means any error or other condition that prevents the Solutions from performing substantially in accordance with the operating specifications in the then current Documentation, but excluding Interoperability caused by a Malfunction Exception.

“Malfunction Exception” means Solutions component Malfunction caused by, related to or arising out of any abuse, misuse or unauthorized use of the Solutions by Customer, or any unauthorized combination of the Solutions with any software or hardware components, or other item not reasonably expected to be combined with and/or interoperate with the Solutions or an interoperability beyond Company’s reasonable control.

“Resolution” means a solution that renders the Solutions substantially in conformity with the Documentation.

“Response” means Company’s personnel response via outbound e-mail, web or phone consultation (based on the Support Plan purchased) to a designated Customer support contact, acknowledging receipt of an Initial Support request.

“Response Time” means the elapsed time between the Initial Support Request and the target time for a Response during Support Hours.

“Support Plan(s)” means the support offered by Company to customers, as further detailed in these Support Terms and related Documentation, and as stated in each case in a relevant Quote or Service Order.

“Support Hours” means 9X5 Business Hours from 9am CST to 5pm CST Monday to Friday for active subscriptions to the Solution.

“Version” means generally available (GA) release of a Company Solution. If the Solution includes an installable agent or Component, the Version for that component is designated by the number which is immediately to the left or right of the left-most decimal point in a Company Software version number, as follows: (x).x.x or x.(x).x.

“Workaround” means a temporary solution or a configuration that renders the Solutions reasonably functional for their intended purpose until a Resolution is available, subject to any remaining Interoperability issues.

SCOPE OF SUPPORT SERVICES

Company provides Support Services for: (a) its most current Version of the Solutions (including all Workaround thereof), and (b) the immediately preceding Version of the Solutions. Provided Customer is in compliance with all of the terms of these Support Terms and the Terms, and has paid all applicable Fees, Company will provide to Customer the Support Services set forth herein. In addition, Company will provide, upon Customer’s request, reports on the status of the Support Services requested by Customer.

Support Services consist of: (a) reasonable email, web and phone support as detailed in the Support Terms (all Support Services provided in English), and (b) reasonable efforts to provide Workaround and Resolution. Support Services do not include: (i) support with respect to hardware on which the Solutions or any portion thereof may be installed, (ii) support with respect to Malfunction Exception.

SUPPORT SERVICE PROCESS

Customer Responsibilities: Before contacting Company with an Initial Support Request, Customer undertakes to: (a) analyze the Malfunction to determine if it is the result of Customer’s misuse, the performance of a third party or some other Malfunction Exception or cause beyond Company’s reasonable control, (b) ascertain that the Malfunction can be replicated, and (c) collect and provide to Company all relevant information relating to the Malfunction. For any Priority 1 Urgent support issues, Customer must submit an Initial Support Request via phone or email.

Company Response: Upon receiving Customer’s Initial Support Request, Company’s qualified personnel will use commercially reasonable efforts to provide a Response within the Response Time detailed in the Priority levels and communication channels detailed in the table below. For priority 1 issues, Response Time will be measured from Customer’s phone call. Following initial Response, Company support representative will explore the nature of the Malfunction experienced by Customer and its effect on the Solutions, and reasonably assign a priority level to the Malfunction in accordance with definitions in the table below. A Response Time is a guarantee of communication timeframes, and Company does not guarantee a Workaround or Resolution within these timeframes. Company will make commercial reasonable efforts to reach an Action Plan within a reasonable time after the Response.

Support Services Workflow: Company will use commercially reasonable efforts to provide Customer with: (a) a Workaround within a reasonable time after an Action Plan has been established and (b) a Resolution within a reasonable time thereafter, also considering Company’s release schedule and severity of Malfunctions.

In providing Support Services, Company support personnel may interact with the Customer’s Solutions instance(s), review application data within such instance(s) and otherwise exchange relevant information with Customer as needed to provide such Support Services.

Remedies: The remedies set forth herein are Customer’s sole and exclusive remedy with respect to any Malfunction. Company has no obligation to provide Support Services, Workaround or Resolution with respect to any Malfunction Exception.

Priority Levels and Response Times

PRIORITY

DEFINITION

Response Time

1 - Urgent

Customer reports a Malfunction that (a) renders the Solutions inoperative or intermittently operative, (b) causes any material Solutions feature to be unavailable or substantially impaired, (c) materially compromises overall system operability or data integrity when the Solutions are installed and operational in a production environment (that is, causes a multiple systems crash or hang, or loss or corruption of data), or (d) causes a complete failure of the Solutions.

2 hours

within 95% of the time during each calendar month

(E-mail followed by a Phone call)

2 - High

Customer reports a Malfunction that (a) renders a required program or feature of the Solutions inoperative or intermittently operative or (b) substantially degrades performance in a production environment.

6 hours

within 95% of the time during each calendar month

(E-mail)

3 - Normal

Customer reports a Malfunction that (a) renders an optional program of feature inoperative or intermittently operative or (b) causes only a minor impact on Customer’s use of the Solutions.

12 hours

within 95% of the time during each calendar month

(E-mail)

4 - Low

Customer reports a Malfunction (a) that has only a minor effect on the Solutions functionality, (b) cosmetic flaws or (c) inquiries and questions about configuration and management of the Solutions.

48 hours

within 95% of the time during each calendar month

(E-mail)

‍

(Updated on February 14, 2025)

Introduction

This Privacy Policy (“Policy”) informs you of WhiteDog (“Company,” “We,” “Us,” “Our” or related terms, and including Our wholly owned subsidiaries (collectively, “Company”)) commitment to protecting the privacy of individuals who visit our website http://www.whitedogcyber.com/ (“Site Visitors” and “Site”), as well as the privacy of individuals whose personal information is shared with Us in connection with the downloading and installation of our software (“Software”) offered as part of subscriptions to our Company Solutions (the “Solutions” and together with the Site and Software, “Company Services”). For the purposes of this Policy, the term Site shall refer collectively to http://www.whitedogcyber.com/ as well as the other websites that the We operate and that link to this Policy. By visiting the Site, downloading the Software and/or subscribing to the Solutions, you agree to the terms of this Policy.

Scope of this Policy

In this Policy, “Personal Information” means any information relating to an identified or identifiable natural person, whereby an identifiable natural person is one who can be identified, directly or indirectly, by particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The use of information collected through our Company Services is limited to the purpose of providing the service for which you have engaged with Us, as further described below, and in compliance with applicable laws and the terms of this Policy. When you visit the Site, We collect information, including Personal Information, only as necessary to interact with you, improve your user experience and provide you relevant data and services. We collect information, including Personal Information, under the direction of subscribers to any of the Company Services (“Subscriber(s)”), and have no direct relationship with individuals whose Personal Information We may process in connection with one of Our Subscribers’ subscription to and/or use of the Company Services. If you are an individual who interacts with the Company Services in connection with your relations with a Subscriber (such as an employee of one of our Subscribers) and would no longer like your Personal Information to be processed by Us in providing Company Services to a Subscriber, please contact the Subscriber that you interact with directly.

Personal Information Collection and Use

Company Site. When you visit Our Site to learn about Company and its Company Services, or to portals connecting to the Site (such as Our Support Portal or Partner Portal), We gather information only as necessary to interact with you, provide you relevant data and services, contact you about Our Company Solutions, personalize or customize your experience (based on preferences or geography, for example), send you relevant marketing materials (subject to your opt-out option), for research purposes, and to generally improve the content and availability of the Site. Most of the information We collect is aggregated automatically, does not include Personal Information and includes Internet Protocol (IP) address, information about your browser and operating system, the state and country from which you access the Site, device ID, the type of computer and technical information about a user’s means of connection to the Site or related portals, the Internet service providers utilized, and Site features you access while browsing the Site. We may also send you notifications via email regarding Company Services to keep you informed of any Company Services updates, support or similar information. If you would like to review your communication preferences, or amend the manner and/or frequency at which you receive information or materials from Us, you can update your information or opt-out by following the instructions contained within email communication from Us. You can also contact us at privacy@whitedogcyber.com or write to Us at the address listed at the end of this Policy.

From users who are required to login to gain access to a particular Site feature or portal, We may also collect usernames, passwords and other login credentials for the purpose of verifying user authorization to access the feature or offering. On our Site, you can sign up to receive additional information, attend a webinar, sign up to attend a live event or participate in any other offering. To receive additional information from Us, you must provide information such as your name, company name, email address, and phone number. This information is retained by Us and our third-party business partners to provide you with information, marketing materials, and updates regarding Company Services similar or related to information You have previously requested. Our third-party business partners provide Company with services that may require Us to provide them with your Personal Information. These third-party business partners are not permitted to use the information collected on our behalf except to help Us improve the Site and serve you in relation to your visit to Our Site and interest in the Company Services. Company requires all its third-party business partners with whom it shares Personal Information collected from the Site to take commercially reasonable steps and implement policies to safeguard your Personal Information. We do not sell, share or rent the Personal Information we collect from the Site to others.

The Site may offer publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features (“Interactive Areas”). Any information that you post in an Interactive Area might be read, collected, and used by others who access it. To request removal of your Personal Information from an Interactive Area, contact us at privacy@whitedogcyber.com. In some cases, We may not be able to remove your Personal Information, in which case We will inform you of the underlying reasons. If you provide Us with feedback about Company, the Solutions, Software or Site, We consider this to be freely given and We may use your feedback without compensation or attribution to you.

Our Site also includes social media features. These features may collect your IP address, which webpage you are visiting on our Site, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third-party or hosted directly on our Site. Your interactions with these features are governed by the privacy policy of the company providing it.

From time to time, We may post testimonials on the Site or associated portals that may contain Personal Information. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us at privacy@whitedogcyber.com.

Company Solutions. The Company Solutions offer a comprehensive set of security services, including Advanced Phishing Protection (APP), Internet Threat Protection (ITP), Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), Security Operations Center (SOC), XDR (XDR), Network Operations Center (NOC) and Secure Service Edge (ASE). Each of these services may include device discovery and mapping capabilities, comprising of multiple functionalities and features including advanced threat detection, protection and remediation; comprehensive statistical analysis of Subscribers endpoints behavior; data presentation tools; security tools; connected devices identification; endpoint controls and more. To provide Our Subscribers the most comprehensive threat detection, protection and remediation capabilities, as well as best-in-class security solutions in the market, Company employs advanced artificial intelligence and deep learning techniques providing behavior analysis, enabled by comprehensive information gathering, analysis and correlation enabled by Our use of multiple points of telemetry to reveal relationships and dependencies, and predict outcomes and behaviors so as to prevent, detect, contain, and mitigate malicious activities and identify those who initiate such attacks.

Most of the information that Company collects through the Solutions is not Personal Information and relates to the computing processes of devices protected against malware infection by the Company Services, or device standard identifiers. Such information includes device or network usage, endpoint login data, types and versions of operating systems and browsers, computer name, file execution information, and information about installed software applications. Some of the data We collect may be considered Personal Information depending on the laws of the jurisdiction where it is collected, such as IP addresses and endpoint browsing history. In some cases We collect Personal Information to the extent it is included within usernames, filenames, file paths, and machine names. We also offer Our Subscribers the ability to directly provide Us or to configure the Solutions to collect files, endpoint browsing history, and other content which may constitute and/or contain Personal Information, or when submitting crash reports, to make the product more reliable. At your direction, We may also collect or retrieve files as part of our Solutions, additional data to analyze certain malware threats, or network information to enable connected device discovery and mapping. Files, file names, file paths and machine names, for example, may contain Personal Information if such Personal Information is included in such files.

To the extent that We collect your Personal Information through our Company Solutions, We do so under the authority and direction of Our Subscribers, which often are corporate entities. Company has no direct relationship or contact with individuals whose personal information We may collect or receive from a corporate Subscriber and subsequently analyze and use. The use of information collected through Our Solutions is limited to the purpose of providing the Solutions for which Our Subscribers engage Company. We do not use any Personal Information collected through Our Solutions to contact or market products or services to these individuals. We also do not provide any Personal Information obtained through the Solutions to third-parties for the purpose of contacting individuals, or marketing products or services to these individuals. Instead, Company only uses the data it collects to provide the Company Solutions, as well as improve the Company Services, increase reliability and efficacy of the Solutions, and provide our Subscribers the best possible user experience, as more broadly described in Our more specific Solutions documentation. If you are a user of the Solutions, We will obtain the Personal Information you provide Us during the sales and/or fulfillment process. We may use such Personal information including name, phone number, mailing address, and email address to contact you and to provide you the Solutions, send you an invoice, perform accounting, auditing and collection activities, answer questions, provide support and update you about the solutions.

Our Subscribers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations relating to the collection of Personal Information in connection with the use of Our Solutions by individuals with whom such Subscribers interact. We collect information under the direction of our Subscribers, and have no direct relationship with individuals whose Personal Information We process in connection with the use of Our Solutions. If you are an individual associated with one of Our Subscribers whose Personal Information was collected by Company in providing the Solutions to a Company Subscriber, and no longer wishes to be contacted as Our Subscriber’s representative, please contact the relevant Subscriber with whom you work directly. In addition, an individual who seeks access, or would like to correct or delete Personal Information, should direct his/her query to the Subscriber acting as the data controller of such Personal Information. Upon receiving a request from Our Subscribers with respect to Personal Information, including requests to access, correct or delete the Personal Information, We will respond in accordance with the process detailed in this Policy. We will retain the Personal Information We process on behalf of our Subscribers for as long as needed to provide the Solutions to our Subscribers, to comply with our legal obligations, resolve disputes, and enforce our agreements.

We may share your Personal Information with third-party business partners and service providers who assist Us in conducting business and providing you with Company Services. Transfers of Personal Information to such third-party business partners for these purposes are governed by Our Terms of Service with Subscribers subscribing to the Company Solutions and this Policy. Company contractually requires all its third-party business partners with whom it shares Personal Information to take commercially reasonable steps and implement policies to safeguard your Personal Information, and to not use your Personal Information for any purpose other than assist Company in serving its Subscribers. In the course of interacting with you via the Company Services We may share information, including Personal Information, with any member of the Company.

Cookies and Other Tracking Technologies

Company and its service providers use browser cookies, web beacons, tags and scripts or similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and gather demographic information about our user base as a whole. You may manage how your mobile device and browser handles cookies by adjusting its privacy and security settings.

You can generally accept or decline the use of cookies through a functionality built into your web browser.  To learn more how to control cookie settings through your browser please visit the browser developers’ site for more information and directions.

We engage third party providers to serve marketing cookies that enable us to track and analyze usage, navigational and other statistical information from visitors to the Site and to display advertisements on other websites. This information does not include Personal Information though We may reassociate this information with Personal Information we have collected when it is received.  Marketing cookies are also used to track the performance of our advertisements and are employed by third party advertising networks that We utilize. These advertising networks follow online activities of visitors to the Site and use this information to inform, optimize and serve tailored advertisements on the Site or on other websites they visit that We believe would most effectively promote the Service to you. We also use third parties to collect information that assists us in other methods of “remarketing” our Service to visitors to the Site, including customized email communications. We also engage with Google Analytics as a third-party provider for analytics cookies. Analytics cookies collect information about how You use Our Site to help us improve Our Site usage and to better understand what may interest You on Our Site. The information generated by the analytics cookie (including the IP address) is transferred and stored on a Google server located in the United States. Google uses the information on Our behalf to evaluate how the Site is used, create reports about the activities on the website, and to perform additional services regarding website and internet utilization. Further information concerning the terms and conditions of use and data privacy can be found here or here.

You can prevent the collection and processing of analytics cookies via Google by downloading and installing the browser-plugin available under the following link. You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the device, which prevents the future collection of your data when visiting the Site.

If you want to learn more about cookies, or how to control or delete them, please visit http://www.aboutcookies.org for detailed guidance. In addition, certain third party advertising networks, including Google, permit users to opt out of or customize preferences associated with your internet browsing.  To learn more about this feature from Google, click here.  Please note that if you do elect to disable your web browser’s ability to accept cookies, you may not be able to access or take advantage of many features of the Service.

Mobile devices and browsers are different, so refer to instructions related to your device and browser to learn about cookie-related and other privacy and security settings that may be available. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

We do not currently respond to web browsers’ “Do Not Track” signals that provide a method to opt out of the collection information about visitors’ activities on the Site and Company Services, and across other websites. If we do so in the future, we will provide all relevant information in this Privacy Policy.

As is true with most websites and services delivered over the Internet, Company gathers certain information automatically and stores it in log files. This information includes IP addresses as well as browser, internet service provider, referring/exit pages, operating system, date/time stamp, and click stream data. We may connect Personal Information to information gathered in our log files, as necessary to improve the Service for individual Subscribers. Otherwise, We generally use this information to analyze trends, administer and maintain the Solutions, or track usage of various features within the Service.

Third-Party Links

The Site and other Company Services may include links and/or may allow you to link the Solutions to third-party sites, products or services. Please note that your access to and use of these third-party sites, products or services may result in the collection of or sharing of your information, including Personal Information. These third-parties have separate and independent privacy policies, and We are not responsible or liable for your interactions with such third-parties (as further described in Our Terms of Service). The option to link to such third-party sites, products or services from any Company Services is not an endorsement or representation regarding any third-party sites, products or services, and We encourage you to review and understand such third-parties privacy policies.

Outside Parties; Disclosure of Information

Except as provided in this Policy, We do not lease, rent, or otherwise transfer your Personal Information to third parties. In certain situations, We may be required to disclose Personal Information in response to lawful requests by competent authorities, including to meet law enforcement requirements. We may disclose Personal Information in response to lawful subpoenas, court orders or similar legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threat to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law. In addition, We provide information regarding Our business to our auditors and legal counsel and, in some cases, that information may contain Personal Information, however such information may only be used for the purpose of providing Us their professional services.

Security

The security of Our Subscribers data, including your Personal Information, is not only important to Us, it is Our mission! We have adopted a range of administrative, physical and technical security measures based on leading information security standards, to ensure that Our practices in processing and storing Subscribers data protect against unauthorized access, alteration, disclosure or destruction of Subscriber data and your Personal Information. We follow rigorous security standards to ensure excellent protection of Subscribers data and the Personal Information collected and submitted to us, both during transmission and once we receive it. More information about our Information Security Program can be found here. Please contact Us at privacy@whitedogcyber.com with questions about the security of your Personal Information collected through Our Solutions or Site.

International Transfer of Information Collected

Company is a U.S.-based, global company. We store Personal Information about Site Visitors and Subscribers in various regions where Our Subscribers are located, primarily within the European Economic Area (the “EEA”) and the United States. To facilitate Our global operations, We may transfer and access such Personal Information from around the world, including from other countries in which Company has operations for the purposes described in this Policy. We may also transfer your Personal Information to Our third party subprocessors, who may be located in a different country to you.

Compliance with Applicable Privacy Laws

As a leading information Security company, We are passionate about our Subscribers security and privacy. We process all Personal Information in accordance with applicable data privacy laws. Note, however, that the Solutions do not include dedicated data fields or dedicated databases, for the insertion or hosting of specific Personal Information protected under data privacy regulations such as PCI or HIPAA.

GDPR. In accordance with GDPR, Company has implemented various organizational and technological measures to ensure its compliance with all GDPR requirements relevant to its collection of EEA citizens’ Personal Information, including those relating to security, access, ratification, erasure, portability, onwards transfer to subprocessors, and export of Personal Information. Accordingly, Company has implemented extensive technical and organizational measures to secure the Personal Information it processes; only uses the services of subprocessors who guarantee their ability to implement the technical and organizational requirements of GDPR; has appropriate Data Protection Agreements (“DPA”) incorporating the Standard Contractual Clauses (“SCC”) with each such subcontractors; timely responds to requests from data subjects to correct, amend, delete or not share Personal Information; is committed to providing breach notifications to relevant supervisory authorities and data subjects in accordance with GDPR timeframes; performs periodical risk assessments with regard to its processing activities of Personal Information; and has appointed a Data Protection Officer (DPO) to address all GDPR related inquiries. If You have any questions regarding Company’s GDPR practice, You can contact Company’s DPO at: Company, Inc. (Attn: Data Protection Officer) 590 Laurelwood Road, Santa Clara, CA 95054, United States or by email to privacy@whitedogcyber.com.

California Data Privacy Legislation. If you are a California resident, California law may provide you with additional rights regarding our use of your Personal Information, as follows:

California Civil Code Sec. 1798.83 permits you to request and obtain from Us, once per year, information regarding the disclosure of your Personal Information by Company to third parties for such third parties’ use for direct marketing purposes within the State of California. If you are a California resident and would like to request this information, please email Us at privacy@Company.com.

Company complies with all relevant sections of the California Civil Code Sec. 1798.100 et seq. (CCPA) in connection with its processing of the Personal Information of California residents, including those related to disclosure obligations, sharing of Personal Information, and compliance with Consumers’ choices regarding access, portability and deletion. All relevant CCPA information is detailed in Company’s Privacy Notice for California Residents at  CCPA Privacy Notice (“CCPA Notice”). If you have any questions or comments about the CCPA Notice, Company’s CCPA practices or your rights under California law, Company’s DPO at: Company, Inc. (Attn: Data Protection Officer) 1960 Zanker Rd., Building 10, San Jose, CA 95112, United States, or by email to privacy@whitedogcyber.com.

Correcting, Updating and Removing Your Information

Upon request, We will provide you with information about whether We hold, or process on behalf of a third party, any of your Personal Information. To request this information please contact us at privacy@whitedogcyber.com. Subscribers of our Solutions may update or change their account information by editing their profile or organization record or by contacting support@whitedogcyber.com for more detailed instructions. To make a request to have Personal Information maintained by us returned to you or removed, please email Us at privacy@whitedogcyber.com. Requests to access, change, or remove your information will be handled within 30 days.

If you are a Company Subscriber or otherwise provide Us with Personal Information in connection with your use of Our Site, We will delete this information upon your request, provided that, notwithstanding such request, such Personal Information may be retained for as long as you maintain an account for Our Solutions, or as needed to provide you the Solutions, comply with our legal obligations, resolve disputes and enforce our agreements.

An individual who seeks access to, or who seeks to correct, amend, or delete inaccuracies in their Personal Information stored or processed by Us on behalf of a Company Subscriber, should direct his/her query to the Subscriber (who is the data controller as related to Company acting as the data processor of such Personal Information on behalf of such Subscriber and data controller). Upon receipt of a request from one of our Subscribers for Us to remove the data, We will respond to their request within 30 days. We will retain Personal Information that we store and process on behalf of our Subscribers for as long as needed to provide the Solutions to our Subscribers, subject to their requests for Personal Information removal. In some cases We may also retain and use Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce Our agreements.

Children’s Personal Information

We do not knowingly collect any Personal Information from children under the age of 13, and the Solutions are directed to people who are at least 13 years old. If you are under the age of 13, please do not submit any Personal Information through Our Site or Solutions. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Site or Solutions without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through the Site or Solutions, please contact Us at privacy@whitedogcyber.com. We will use commercially reasonable efforts to delete such Personal Information.

** Additional Terms and Conditions **

This Policy applies only to information collected through Our Site or by the use of our Solutions, and not to information collected offline. Your download and use of our Software may be subject to additional terms and conditions that define your rights, as well as Our rights, with respect to the Software and its use. Such additional terms and conditions are contained in Our Terms of Service, Our Master Services Agreement or other agreements that you may be required to accept prior to using certain Company Services.

Business Transactions

We may assign or transfer this Policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of Our business, stock or assets, or with whom We merge.

Changes to This Policy

If there are any material changes to this Policy, you will be notified by our posting of a prominent notice on the Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Site and other Company Services constitutes your agreement to be bound by such changes to this Policy. If you do not accept the terms of this Policy, your only remedy is to discontinue use of the Site or Solutions.

Contact Us

If you have questions regarding this Policy or about Our privacy practices, please contact us by email at privacy@whitedogcyber.com or at:

Company’s United States Representative:
Company, Inc.,
Attn: Privacy Officer
590 Laurelwood Road, Santa Clara, CA 95054, United States

‍