Complimentary SaaS Discovery and Phishing Detection Terms and Conditions

These Complimentary SaaS Discovery, AI Application Discovery and Phishing Detection Offering Terms and Conditions (“Terms”) govern your ("Customer") use of the Obsidian Technology and allow you to receive this offering. By clicking a box indicating your acceptance of these Terms, (e.g., “I Agree,” “Accept Terms,” “I Understand and Agree”) or similar button on the offering registration page,  as further described below, or by otherwise accessing the Obsidian Technology, you represent that (1) you have read, understand, and agree to be bound by these Terms, (2) you are of legal age to form a binding contract with Obsidian Security, Inc., having its principal place of business at 660 Newport Center Drive, Suite 200, Newport Beach, CA 92660, (“Obsidian”, Obsidian and Customer may each be referred to separately as, a “Party,” or together as, the “Parties”), and (3) you have the authority to enter into this Agreement on behalf of the company or other organization you represent, and to bind that entity to this Agreement. In the event you are agreeing to this Agreement on behalf of a company or organization, “Customer,” will refer to the entity you are representing.

‍

1. GRANT OF RIGHTS; RESTRICTIONS; CUSTOMER DATA

1.1 Obsidian Platform. Subject to the terms and conditions of these Terms:

(a) Access Grant. Obsidian will make available to Customer and Obsidian Platform Users (as defined below) via the internet Obsidian’s software-as-a-service platform, whereby Obsidian analyzes certain data provided by Customer and its end users and provides such Customer with cybersecurity-related reports and notifications based on Obsidian’s analysis of such data (the “Platform”). Obsidian hereby grants Customer a nonexclusive, nontransferable, non-sublicensable right to access and use the Platform through any web-based application or interface made available to Customer by Obsidian solely for Customer’s internal evaluation of Obsidian’s SaaS Discovery, AI Application Discovery and Phishing Detection module(s) (the “Trial Modules”) to monitor up to 1,000 of Customer’s Users to: (a) minimize access risks by discovering integrations and applications in Customer’s SaaS environment and (b) detect SaaS spear phishing attempts. A “User” is defined as an employee or contractor of Customer.

(b) Obsidian Platform Users. The Platform will be accessed or used only by the employees or contractors of Customer who are authorized to access the Platform using a user identifier and password provided to Customer by Obsidian or setup by Customer (“Obsidian Platform Users”). Customer will not make available the Platform to any person or entity other than Obsidian Platform Users. Customer will be responsible for the Obsidian Platform Users’ compliance with these Terms.

(c) Monitored Users Limit. Customer’s access and use of the Platform is subject to a limit of 1,000 Users (the “User Limit”). Any usage (a) above the User Limit or (b) of non-Trial Modules will require a paid subscription and result in additional fees. Obsidian reserves the right to limit access to and use of the Platform in excess of the User Limit.  

1.2 Obsidian Software. Subject to the terms and conditions of the Terms, Obsidian hereby grants Customer a nonexclusive, nontransferable, non-sublicensable right and license to (i) download and install the related software applications used to facilitate access and use of the Platform and the Trial Modules and to perform system monitoring, in object code format only (the “Software”, and together with the Platform, the “Obsidian Technology”) on Customer’s (including its employees’ and contractors’) systems and (ii) to use the Obsidian Software to access and use the Platform as permitted by these Terms. 

1.3 Restrictions. 

(a) Customer will not, and will not, directly or indirectly, permit any third party (including without limitation Obsidian Platform Users and Customer’s employees and contractors) to: (i)  interfere with or disrupt the integrity or performance of the Obsidian Technology; (ii)  hack, manipulate, interfere with or disrupt the integrity or performance of or otherwise attempt to gain unauthorized access to any of the Obsidian Technology or its related systems, hardware or networks or any content or technology incorporated in any of the foregoing; (iii) remove or obscure any proprietary notices or labels of Obsidian; or (iv)  otherwise access or use the Obsidian Technology in a manner inconsistent with these Terms or applicable law.

(b) Furthermore, Customer will not, and will not, directly or indirectly, permit any third party (including without limitation Obsidian Platform Users and Customer’s employees and contractors) to: (i) copy, modify, duplicate, reproduce, translate, or otherwise create derivative works based on the Obsidian Technology; (ii) reverse engineer, decompile, disassemble, re-program, or analyze the Obsidian Technology (in whole or in part) or otherwise attempt to reconstruct, identify or discover the source code, object code or underlying structure, ideas or algorithms of the Obsidian Technology (except to the extent such restriction is prohibited by law); (iii) use the Obsidian Technology or any information contained therein or otherwise provided by Obsidian or its licensors for the purposes of developing, or having developed, any products or services competitive with the Obsidian Technology; or (iv) market, sublicense, distribute, resell, lease, loan, transfer or otherwise commercially exploit or make the Obsidian Technology available (in whole or part) to any third party, except to a third party that manages Customer’s computing environment, grant non-Obsidian Platform Users access to the Platform or use the Obsidian Technology to provide a hosted or managed service to others.

‍

2. OWNERSHIP; RESERVATION OF RIGHTS

2.1 Reservation of Rights. Subject only to the rights expressly granted to Customer under these Terms, as between Obsidian and Customer all rights, title and interest in and to the Obsidian Technology and all reports, information, content and materials shared with Customer in connection therewith (“Obsidian Content”) will remain with and belong exclusively to Obsidian. The Obsidian Technology and all information related thereto (including Obsidian Content) is Obsidian’s proprietary information, and Customer will not disclose or make available such information to any third party or otherwise use or exploit such information for its benefit or the benefit of any third party. 

2.2 Feedback. Customer may elect from time to time to provide suggestions or comments regarding enhancements or functionality or other feedback (“Feedback”) to Obsidian with respect to the Obsidian Technology. Obsidian will have full discretion to determine whether to proceed with the development of the requested enhancements, new features or functionality. Customer hereby grants Obsidian a royalty-free, fully paid up, worldwide, transferable, sublicensable (directly and indirectly), perpetual, irrevocable license to (a) copy, distribute, transmit, display, perform, and modify and create derivative works of the Feedback, in whole or in part; and (b) use the Feedback and/or any subject matter thereof, in whole or in part, including without limitation, the right to develop, manufacture, have manufactured, market, promote, sell, have sold, offer for sale, have offered for sale, import, have imported, rent, provide and/or lease products or services which incorporate, practice or embody, or are configured for use in practicing, the Feedback, in whole or in part. 

2.3 Customer Data. 

(a) Customer Responsibilities. Customer will be solely responsible for the data collected from Customer and/or otherwise provided by Customer to Obsidian to enable the provision of the Platform to, and operation of the Obsidian Technology by, Customer or otherwise to perform the Services (as defined below) (collectively, “Customer Data”).  Customer represents and warrants that it has secured all necessary rights, consents and permissions to use Customer Data with the Obsidian Technology and grant Obsidian the rights to Customer Data specified in these Subscription Terms without violating third-party intellectual property, privacy or other rights. As between the Parties, Customer will retain all right, title and interest in and to the Customer Data and is responsible for the content and accuracy of the Customer Data. 

(b) Obsidian Usage. Customer hereby grants to Obsidian a non-exclusive, worldwide, royalty-free, fully paid-up, non-sublicensable (except to Obsidian’s contractors and service providers), right and license to use the Customer Data solely to perform Obsidian’s obligations under these Terms.  Customer hereby grants Obsidian permission to provision and operate a service account that has access to the Customer Data and Platform environment and deploy web session monitoring and analytics software to monitor Customer’s activity on the Platform.

(c) Data Protection.  Each party will comply with the Data Processing Addendum (the “DPA”) available at https://start.obsidiansecurity.com/rs/124-DIV-269/images/%5BDPA%5D%5B07.14.23%5D%20Obsidian-DPA-Processor-2022-07-11.pdf, and Obsidian will process Customer Personal Data (as defined in the DPA) in accordance with the DPA.

(d) Service and Threat Data.  Obsidian may collect technical logs, analytics or other data and learnings related to Customer’s use of the Obsidian Technology (“Service Data”) and use it to operate, improve and support the Obsidian Technology, including benchmarking and reports.  Obsidian will not disclose Service Data externally unless it is: (a) de-identified and anonymized and cannot be used to identify Customer or its Obsidian Platform Users; and (b) aggregated with data across other customers. Obsidian may also collect, use, store and process patterns, signatures and indicators related to malicious or potentially malicious activity detected in Customer’s SaaS environment (“Threat Data”) as part of the Obsidian Technology. Customer agrees that Obsidian may incorporate Threat Data into its models, provided that such data is de-identified and anonymized and cannot be used to identify Customer or its Obsidian Platform Users, for the purpose of identifying future potential malicious activity or harm to other customers and improving Obsidian’s products and services.  For clarity, Threat Data and Service Data are not Customer Data or Customer’s Confidential Information.

‍

3. RESPONSIBILITIES

3.1 Customer Responsibilities. Customer will (a) use commercially reasonable efforts to prevent unauthorized access to or use of the Obsidian Technology and notify Obsidian promptly of any such unauthorized access or use, and (b) use the Obsidian Technology only in accordance with Obsidian’s standard technical guides, policies, and documentation for the Obsidian Technology that are made available through the Platform on the dedicated documentation and customer support pages (the “Documentation”), applicable laws and regulations and the terms of these Terms.

3.2 Obsidian Responsibilities. Obsidian will implement and maintain reasonable administrative, physical and technical safeguards which attempt to prevent any collection, use or disclosure of, or access to Customer Data that these Terms do not expressly authorize.

‍

4. FEES.  The Obsidian Technology will be provided on a free basis for the Assessment Term. Any usage (a) above the User Limit or (b) of the Platform’s blocking or prevention capabilities will require a paid subscription and result in additional fees.

‍

5. TERM, TERMINATION

5.1 Term. These Terms will commence on the date Customer agrees to these terms via digital acceptance of the Terms and will continue for one (1) year unless earlier terminated as set forth herein (the “Assessment Term”). The Assessment Term may be extended by mutual agreement of the Parties in writing.

5.2 Termination. Either Party may terminate the Terms at any time during the Assessment Term by providing written notice. Neither Party will incur any liability whatsoever for any damage, loss or expenses of any kind suffered or incurred by the other (or for any compensation to the other) arising from or incident to any termination by such Party (or expiration) that complies with the terms of the Terms whether or not such Party is aware of any such damage, loss or expenses.

5.3 Effect of Expiration or Termination. Except as expressly stated herein, upon expiration or termination of the Terms, (a) all rights granted hereunder and all obligations of Obsidian to provide the Obsidian Technology or the Services will immediately terminate; (b) Customer will immediately cease use of the Obsidian Technology and uninstall all copies of the Software from its (including its Obsidian Platform Users’, employees’ and contractors’) systems; and (c) each Party will promptly return or destroy all copies or other embodiments of the other Party’s Confidential Information, subject to Obsidian’s rights in Section 2.3(d) (Service and Threat Data). Within seven (7) days after such expiration or termination, Obsidian may at its discretion purge Customer Data from its systems. 

5.4 Survival. Sections 1.3 (Restrictions), 2.1 (Reservation of Rights), 2.2 (Feedback), 2.3(d) (Service and Threat Data), 5.3 (Effect of Expiration or Termination), 6 (Confidential Information), 7.3 (Exclusions), 8 (Indemnification), 9 (Limitation of Liability), and 10 (General) will survive the termination or expiration of these Terms.

‍

6. CONFIDENTIAL INFORMATION 

6.1 Definition. The parties anticipate that they will exchange confidential information during the Term. “Confidential Information” means any and all tangible and intangible information, either written, oral, or in any other medium, disclosed or made available by a party (“Disclosing Party”) to the other party (the “Receiving Party”), including, without limitation, research and development, patents or trade secrets, financial information, know-how, designs, samples, processes, methodologies, manuals, vendor names, supplier lists, customer lists and other information related to clients, employee lists, databases, sales and marketing information, and computer programs, or any other confidential information or proprietary aspects of the business of the Disclosing Party which (i) Disclosing Party identifies to Receiving Party is “confidential” or “proprietary” or (ii) should be reasonably understood as confidential or proprietary due to its nature and circumstances of disclosure. The Obsidian Technology is Obsidian’s Confidential Information. The Customer Data is Customer’s Confidential Information. Information will not be considered to be Confidential Information to the extent that the Receiving Party can prove by reliable written record that such information: (a) is already known to the Receiving Party free of any restriction at the time it is obtained by the Receiving Party; (b) is subsequently learned from an independent third-party free of any restriction or obligation of confidentiality and without breach of these Terms; (c) becomes publicly available through no wrongful act of the Receiving Party; (d) is independently developed by the Receiving Party without reference to or use of any Confidential Information of the other Party. 

6.2 Obligations. The Receiving Party will not disclose the Disclosing Party’s Confidential Information to any third party without Disclosing Party’s prior written consent, except pursuant to Section 6.1 (Definition). The Receiving Party will protect all Confidential Information received from the Disclosing Party with the same degree of care used by the Receiving Party to protect its own confidential information of like importance from unauthorized use or disclosure, but in no event less than a reasonable degree of care. The Receiving Party will only use the Disclosing Party’s Confidential Information to exercise its rights and perform its obligations under these Terms. The Receiving Party acknowledges that (a) the provisions contained in this section are reasonable and necessary to protect the legitimate business interests of the Disclosing Party; and (b) its breach of this Section 6 will cause irreparable damage to the Disclosing Party and agrees that the Disclosing Party will be entitled to seek injunctive relief from a court of competent jurisdiction as a result of any breach as well as such further or other equitable relief as may be granted by such court, without the posting of any bond or other security and without any requirement to prove actual damages or that monetary damages will not afford an adequate remedy. Any right, power, or remedy provided under these Terms to the Disclosing Party will be cumulative and in addition to any other right, power, or remedy provided under these Terms or existing in law or in equity (including, without limitation, the remedies of injunctive relief and specific performance).

6.3 Permitted Disclosures. The Receiving Party may disclose the Confidential Information of the Disclosing Party if required to be disclosed by law, regulation, court order or subpoena, provided that the Receiving Party will, to the extent legally permitted, provide reasonable advance notice of the required disclosure to the Disclosing Party in writing prior to disclosure.

‍

7. WARRANTIES AND EXCLUSIONS

7.1 Mutual. Each party represents and warrants to the other party that (a) such party has the required power and authority to enter into these Terms and to perform its obligations hereunder; (b) the execution of the Terms and performance of its obligations thereunder do not and will not violate any other agreement to which it is a party; and (c) these Terms constitute a legal, valid and binding obligation when signed by both parties. 

7.2 By Customer. Customer represents, warrants, and covenants that (a) Customer has and will have the legal authority and all rights necessary (i) to provide the Customer Data to Obsidian and (ii) for Obsidian to fulfill its obligations and exercise its rights with respect to the Customer Data as set forth the Terms and (b) Customer will comply with applicable law. 

7.3 Exclusions. EXCEPT FOR THE LIMITED WARRANTIES SET FORTH IN SECTION 7.1, THE OBSIDIAN TECHNOLOGY, OBSIDIAN CONTENT AND SERVICES ARE PROVIDED “AS IS” TO THE FULLEST EXTENT PERMITTED BY LAW.  OBSIDIAN DISCLAIMS ANY AND ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.  OBSIDIAN DOES NOT WARRANT THE RESULTS TO BE ACHIEVED FROM THE OBSIDIAN TECHNOLOGY OR OBSIDIAN MATERIALS OR THAT THE OBSIDIAN TECHNOLOGY IS ERROR FREE, WILL PERFORM UNINTERRUPTED, OR WILL MEET CUSTOMER’S REQUIREMENTS. CUSTOMER ACKNOWLEDGES THAT THE OBSIDIAN CONTENT REFLECT OBSIDIAN’S SUBJECTIVE ANALYSIS, CONCLUSIONS AND ASSESSMENTS, AND CUSTOMER AGREES THAT OBSIDIAN WILL HAVE NO LIABILITY TO CUSTOMER WITH RESPECT TO THE OBSIDIAN CONTENT, INCLUDING ANY STATEMENTS, INFORMATION OR OTHER CONTENT CONTAINED IN THE OBSIDIAN CONTENT. FURTHER, CUSTOMER AGREES THAT OBSIDIAN WILL HAVE NO LIABILITY FOR ANY ACTIONS OR INACTIONS OF CUSTOMER IN RESPONSE TO OR AS A CONSEQUENCE OF ANY OBSIDIAN CONTENT OR ABSENCE OF OBSIDIAN CONTENT.

‍

8. INDEMNIFICATION

8.1 By Obsidian. Obsidian will defend at its expense any claim, suit or proceeding (each a “Claim”) bought against Customer by a third party based upon a claim that Customer’s use of the Obsidian Technology as contemplated by these Terms infringes or misappropriates such third party’s United States or European Union intellectual property rights and Obsidian will pay all costs and damages finally awarded against Customer by a court of competent jurisdiction as a result of any such Claim. If the use of the Obsidian Technology by Customer has become, or in Obsidian’s opinion is likely to become, the subject of any claim of infringement or misappropriation, Obsidian may, in its sole discretion: (i) procure for Customer the right to continue using the Obsidian Technology; (ii) replace or modify the Obsidian Technology to make it non-infringing; or (iii)  terminate these Terms. Notwithstanding the foregoing, Obsidian will have no liability or obligation under this Section 8.1 or otherwise with respect to any Claim resulting from: (a) any Customer Data; (b) use of the Obsidian Technology outside the scope of these Terms; (c) modification of the Obsidian Technology in accordance with Customer’s specifications or instructions or by any person or entity other than Obsidian without Obsidian’s express consent; (d) the combination, operation or use of the Obsidian Technology with other applications, portions of applications, product(s), data or services not provided by Obsidian; or (e) use of the Obsidian Technology by Customer after Customer has been notified of the potential infringement. This Section 8.1 states Obsidian’s entire obligation and Customer’s sole remedies in connection with any claim regarding the intellectual property rights of any third party.

8.2 By Customer. Customer will defend at its expense any Claim brought against Obsidian by any third party arising out of or related to the Customer Data and Customer will pay all costs and damages finally awarded against Obsidian by a court of competent jurisdiction as a result of any such Claim. 

8.3 Procedures.  The indemnifying party’s obligations in this Section 8 (Indemnification) are subject to receiving from the indemnified party: (a) prompt notice of the Claim (but delayed notice will only reduce the indemnifying party’s obligations to the extent it is prejudiced by the delay), (b) the exclusive right to control the Claim’s investigation, defense and settlement and (c) reasonable cooperation at the indemnifying party’s expense. The indemnifying party may not settle a claim without the indemnified party’s prior approval if settlement would require the indemnified party to admit fault or take or refrain from taking any action (except regarding use of the Obsidian Technology when Obsidian is the indemnifying party). The indemnified party may participate in a Claim with its own counsel at its own expense.

‍

9. LIMITATIONS OF LIABILITY 

9.1 General Cap. EACH PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THESE TERMS WILL NOT EXCEED $1,000. 

9.2 Consequential Damages Waiver. NEITHER PARTY WILL HAVE LIABILITY ARISING OUT OF OR RELATED TO THE TERMS FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, RELIANCE, EXEMPLARY OR PUNITIVE DAMAGES, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOST SALES OR BUSINESS, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, LOST DATA, OR FOR ANY AND ALL OTHER DAMAGES OR LOSSES, EVEN IF INFORMED OF THEIR  POSSIBILITY IN ADVANCE.

9.3 Exceptions.  SECTIONS 9.1 (GENERAL CAP) AND 9.2 (CONSEQUENTIAL DAMAGES WAIVER) WILL NOT APPLY TO (I) THE INDEMNIFYING PARTY’S OBLIGATIONS UNDER SECTION 8.2; (II) CUSTOMER’S BREACH OF SECTION 1.3 (RESTRICTIONS); (III) ANY BREACH OF SECTION 6 (CONFIDENTIAL INFORMATION), EXCLUDING BREACHES RELATING TO CUSTOMER DATA; OR (IV) LIABILITIES THAT CANNOT BE LIMITED BY LAW.

9.4 Nature of Claims.  The waivers and limitations in this Section 9 (Limitations of Liability) apply regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy in the Terms fails of its essential purpose.

‍

10. GENERAL

10.1 Compliance with Laws. Customer will not transfer, either directly or indirectly, the Obsidian Technology, either in whole or in part, to any destination, entity or person subject to export restrictions under United States law and will otherwise comply with all other applicable import and export laws, rules, restrictions and regulations.  Customer represents that Customer is not subject to any export laws, rules, restriction or regulations that would prohibit Customer from receiving or using the Obsidian Technology.

10.2 No Assignment. Customer may not assign this Agreement, or sublicense any of the rights granted herein, in whole or in part, without the prior written consent of Obsidian, which consent will not be unreasonably withheld, except Customer may assign this Agreement, without the prior written consent of Obsidian, to a corporation or other business entity succeeding to all or substantially all of the assets and business of Customer by merger or purchase, provided that such corporation or other business entity assumes, in a writing delivered to Obsidian, all of the terms and conditions of this Agreement. Any attempt by Customer to assign or transfer any of the rights, duties or obligations of this Agreement in violation of the foregoing will be null and void. Obsidian may freely assign or subcontract any or all of its rights or obligations under this Agreement.

10.3 Amendment; Waiver. This Agreement may not be amended or modified, in whole or part, except by a writing signed by duly authorized representative of both Parties. No provision or part of this Agreement or remedy hereunder may be waived except by a writing signed by a duly authorized representative of the Party making the waiver. Failure or delay by either Party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.

10.4 Relationship. Nothing in this Agreement will be construed to place the Parties in an agency, employment, franchise, joint venture, or partnership relationship. Neither Party will have the authority to obligate or bind the other in any manner, and nothing herein contained will give rise or is intended to give rise to any rights of any kind to any third parties and there are no third-party beneficiaries to the Agreement. 

10.5 Severability. In the event that any provision of this Agreement is found to be unenforceable, such provision will be reformed only to the extent necessary to make it enforceable, and such provision as so reformed will continue in effect, to the extent consistent with the intent of the parties as of the Start Date. 

10.6 Governing Law, Jurisdiction. All disputes, claims or controversies arising out of this Agreement, or the negotiation, validity or performance of this Agreement, or the transactions contemplated hereby will be governed by and construed in accordance with the laws of the State of California without regard to its rules of conflict of laws. Each of the Parties hereby irrevocably and unconditionally consents to submit to the sole and exclusive jurisdiction of the courts of the State of California and of the United States of America located in Orange County, California (the “California Courts”) for any litigation among the Parties arising out of or relating to this Agreement, or the negotiation, validity or performance of this Agreement, waives any objection to the laying of venue of any such litigation in the California Courts and agrees not to plead or claim in any California Court that such litigation brought therein has been brought in any inconvenient forum or that there are indispensable parties to such litigation that are not subject to the jurisdiction of the California Courts.

10.7 Notices. All notices under or related to this Agreement will be in writing and will reference this Agreement. Notices will be deemed given when: (a) delivered personally; (b) upon delivery when sent by email; (c) three (3) days after having been sent by registered or certified mail, return receipt requested, postage prepaid; or (d) one (1) day after deposit with a commercial overnight carrier, with written verification of receipt. All communications will be sent to the addresses set forth on the sign up form for the Trial Modules or such other addresses designated pursuant to this Section 10.7. 

10.8 Entire Agreement. The Agreement constitutes the entire agreement between the Parties. It supersedes and replaces all prior or contemporaneous understandings or agreements, written or oral, regarding such subject matter, and prevails over any conflicting terms or conditions contained on printed forms submitted with purchase orders, sales acknowledgments or quotations.  In the event Customer accepts Obsidian’s online Subscription Terms and Conditions when accessing the Obsidian Technology during the Assessment Term, these Terms will prevail over and will not be superseded by the Subscription Terms and Conditions and the Terms will soley govern during the Assessment Term.