
Managed Security Service Provider
This Managed Security Service Provider Agreement (“Agreement”) is entered into on the date specified in the applicable Order or SOW (the “Effective Date”) between the Cybersixgill entity defined below and the MSSP referred to in the Order or SOW (“Cybersixgill” and “MSSP” respectively).
Unless otherwise specified in the Order or SOW, “Cybersixgill” shall be defined as follows: (i) for Customers registered in the USA, Sixgill USA, Inc.; and (ii) for Customers registered elsewhere, Sixgill Limited.
WHEREAS, MSSP wishes to use the Solution and any related Services in order to provide Managed Services, Derivatives and Actionable Data to MSSP Clients; and Cybersixgill is willing to grant such rights to MSSP under the terms and conditions specified in this Agreement:
NOW, THEREFORE, the parties agree as follows:
1. Definitions.
"Actionable Data" means individual ‘point in time’ data comprising credentials, screenshots, and individual data items included as part of the Deliverables.
"API" means the Application Programming Interface provided as part of the Solution, which shall be subject to those additional terms available at https://cybersixgill.com/api-restrictions, which are hereby incorporated into this Agreement.
"Cybersixgill Trademarks" means all trademarks, whether registered or unregistered, all trade names and applications therefore and all service marks, and logos, used by Cybersixgill.
"Deliverables" means any content or data obtained through or from the Solutions.
"Derivatives" means any data or information derived from the Deliverables, including insights based thereon, that include a significant added value by MSSP over the original Deliverables.
"Intellectual Property Rights” shall include (but shall not be limited to), the following rights, pertaining to the Solution, as applicable: (a) all inventions, and all patents, patent applications, together with all reissuances, continuations, continuations-in-part, divisions, revisions, extensions and re-examinations of any of the above, (b) all copyrightable works, whether registered or unregistered, (c) all trade secrets, know-how and, (d) all trademarks, whether registered or unregistered, all trade names and applications therefore and all service marks, and logos, (e) all computer software, both source and object code including data and related documentation, flow charts, diagrams, descriptive texts and programs, computer printouts, underlying tapes, computer databases and similar items.
"Managed Services" means any services and associated Derivatives provided by MSSP to MSSP Clients that are based on or connected to any Deliverables, Solutions, or the Services.
“MSSP Client” means the organization, located in the Territory, that receives Managed Services from MSSP.
“MSSP Data” means non-public data (e.g., assets and user information) provided by MSSP to Cybersixgill to enable the provision and use of the Solution.
"Order" means a written order for use and access to the Solutions, signed by MSSP or otherwise signed by both parties or agreed between MSSP and an authorized reseller.
“Price List” means Cybersixgill’s price list for the Solutions and Services, which Cybersixgill may change from time to time at its sole discretion.
"Privacy Policy" means Cybersixgill’s standard Privacy Policy available at https://www.cybersixgill.com/privacy-policy/ and as may be amended from time to time.
"Services" means all the services Cybersixgill shall provide under this Agreement as set forth in an SOW.
The "Solution(s)" means the products listed in the Order.
“SOW” means a written statement of work for Cybersixgill’s Services, provided by Cybersixgill and signed by MSSP or otherwise signed by both parties.
“Territory” means the territory(ies) listed in the Order or SOW, if any.
2 Right to Use the Solution
2.1 Grant of Right. Subject to the terms and conditions of this Agreement, Cybersixgill hereby grants to MSSP a non-exclusive, non-transferable, non-assignable, non-sublicensable limited right to access the API and use the Solution (i) for MSSP’s own internal business purposes; and (ii) in order to provide Managed Services, associated Derivatives and Actionable Data to MSSP Clients for their internal business purposes and not for further distribution to third parties.
2.2 Actionable Data may only be shared in the form of screenshots, reports, or as individual data items, in each case to the extent necessary to (i) provide evidence related to Derivatives; (ii) enable the relevant End User to verify the contents or ownership of the Actionable Data; or (iii) take actions as a result of identifying the Actionable Data.
2.3 Authorized Users. MSSP's principles, employees, consultants, and service providers may access the Solution and Deliverables on MSSPs behalf, subject to the number of users purchased by MSSP under the applicable Order. Where a seat limitation is stated in the Order, this refers to 'named' seats, which may not be used by more than one specific user at any time or shared, except between users working consecutive shifts on the same team. MSSP will ensure that only MSSP’s engineers who have been specifically authorized by Cybersixgill will request technical assistance from Cybersixgill’s technical support specialists.
2.4 Restrictions. MSSP shall not, directly or indirectly:
2.4.1. Grant access to the Solution or Deliverables, other than Actionable Data, to any MSSP Client or third party;
2.4.2. Provide real-time or dynamic access to any Deliverables when sharing Actionable Data;
2.4.3. Use the Solution, Deliverables or Derivatives other than for the purposes of this Agreement and subject to reasonable volume limitations as commensurate with MSSP’s provision of the Managed Services;
2.4.4. Reverse engineer, disassemble, decompile, decode or otherwise attempt to gain access to the source code of the Solution or any part thereof; combine or incorporate any part of the Solution with any other programs; or modify, translate, adapt or otherwise create derivative works or improvements of the Solution;
2.4.5. Make statements, warranties or representations concerning the Solution or Services that exceed or are inconsistent with this Agreement or the corresponding documentation provided to MSSP by Cybersixgill;
2.4.6. Use the Solution, Deliverables or Services, or provide Managed Services in any manner that infringes the Intellectual Property Rights of Cybersixgill or any third party;
2.4.7. License, sublicense, rent, lease, lend, sell, assign, distribute, publish, transfer or otherwise make available to any other person the Solution or Deliverables (other than as expressly permitted hereunder);
2.4.8. Collect or store Deliverables for the purpose of compiling a database or preparing a data-lake;
2.4.9. Use any Confidential Information to solicit existing customers or prospects of Cybersixgill for any Deliverables or Managed Services;
2.4.10. Exceed any metrics or restrictions set forth in the applicable Order or SOW;
2.4.11. Use the Solution to access any confidential or other non-public information of any third party without such third party’s permission;
2.4.12. Use the Solution for purposes of competitive analysis of Cybersixgill's Solution or the development of a competing solution or service;
2.4.13. Use the Solution in any manner that could harm, infect, take over, disable, overburden, or otherwise impair any of Cybersixgill's computer systems; or
2.4.14. Exceed any use limitations or other restrictions which are specified in the Order, SOW or the use of Application Programming Interface additional terms found here: https://cybersixgill.com/api-restrictions.
2.4.15. Use the Solution or Deliverables in any manner that is prohibited by law, including without limitation, to sell, distribute, download or export the Solution or Deliverables in violation of Section 15.5 (OFAC and Sanctions Compliance; Country Restrictions).
2.5.Third Party Services. As part of the Services, MSSP may access and use services that are provided by a third party service provider (“Third Party Services”). Any such access and/or use of Third Party Services is, and shall remain, a direct engagement between MSSP and such third party service provider. Cybersixgill shall not be liable for any Third Party Services and MSSP’s access or use thereof. MSSP’s access and/or use of Third Party Services is at its own risk, and subject to the terms of use and privacy policies of such Third Party Services.
3. Solution Changes.
3.1 Cybersixgill shall have the right, in its sole discretion, to change the design, alter its data sources, or discontinue developing, producing, licensing or distributing any of the Solutions, without liability to MSSP.
3.2 Where a discontinuation of a Solution results in a breach of the Documentation Warranty below, MSSP may terminate the applicable Order(s) and receive a refund as specified in Section 7.1.
4. Consideration
4.1. Fees. In consideration for the rights granted hereunder, MSSP shall pay to Cybersixgill the fees specified in the applicable Order or SOW (the "Fees"). Fees shall be paid in advance and in the currency stated in the Order or SOW. Unless otherwise stated in the Order or SOW, payments shall be made within thirty (30) days of Cybersixgill's invoice date. Payments not received by Cybersixgill when due shall be subject to a late payment charge at the rate of one percent (1%) per month or the highest amount permitted by law, whichever is less, pro-rated to the actual period of delay. In addition to any other rights available under law, in the absence of timely payment Cybersixgill may cease the operation of the Solutions or automatically uninstall the Solutions.
4.2. Taxes. The Fees paid by MSSP are exclusive of all taxes, customs, levies, tariffs, duties or other charges, domestic or foreign (except for taxes imposed on Cybersixgill's net income). Such taxes, if any, shall be paid by MSSP. If such taxes are paid by Cybersixgill they shall be fully reimbursed by MSSP. If any withholding duty shall be applicable to any payment due to Cybersixgill, the payment shall be grossed up so that Cybersixgill shall receive the same amount had no such duty been in existence.
5. Responsibilities.
5.1. MSSP's Obligations. MSSP agrees to conduct business in a manner that at all times reflects favorably on the Solutions, goodwill and reputation of Cybersixgill and shall not use deceptive, misleading or unethical practices.
5.2. Services Manager. MSSP shall appoint a qualified person to serve as a liaison and chief point of contact between MSSP and Cybersixgill for all business, technical issues and updates.
5.3. Attribution and Trademarks. MSSP must include an attribution to Cybersixgill when supplying the Derivatives and any documentation related to the Managed Services, including any details as reasonably instructed by Cybersixgill. The Cybersixgill Trademarks belong exclusively to Cybersixgill. MSSP may use Cybersixgill Trademarks to publicize that it is an authorized MSSP of Cybersixgill's Solution(s), but will not imply that Cybersixgill endorses the Managed Services or Derivatives. All uses of Cybersixgill Trademarks shall first be submitted to Cybersixgill for approval, not to be unreasonably withheld, and shall follow any brand guidelines issued by Cybersixgill. If any of the Cybersixgill Trademarks are to be used in conjunction with another trademark, they shall be equally prominent and shown as distinct from the other mark. On the termination of this Agreement, MSSP shall cease to use all Cybersixgill Trademarks; provided, however, it shall not be required to remove any Cybersixgill Trademarks from documentation already provided to MSSP Clients during the Term of this Agreement.
5.4. Training. Upon request by MSSP, Cybersixgill shall provide to MSSP basic training services in accordance with Cybersixgill’s normal practices, as may be more fully set forth in the applicable Order or SOW. MSSP shall, at MSSP’s sole cost and expense, participate in relevant, appropriate and applicable Cybersixgill sales and technical training courses, ensuring that all relevant MSSP personnel attend such training.
5.5. Reporting. MSSP must provide to Cybersixgill written sales reports for Derivatives and/or Managed Services provided to MSSP Clients on a monthly basis. Such reports shall include MSSP Client name, billing location, MSSP Client's Territory, and other information as may be requested by Cybersixgill from time to time. At Cybersixgill’s request, MSSP shall provide Cybersixgill with periodic forecasts estimating value and closing dates of sales of the Derivatives and Managed Services, as Cybersixgill shall reasonably request from time to time, but not more frequently than semi-annually. MSSP will regularly update Cybersixgill with any prospect and/or lead information in order for Cybersixgill to update its CRM system. MSSP warrants it has all necessary consents for it or Cybersixgill to contact the prospects and/or leads and that any such contact information will be business contact information.
5.6. Documentation. Cybersixgill shall, at no additional charge and upon MSSP’s request, provide MSSP with one copy of its standard package of documentation (in the English language) related to the use of the Solutions which it makes generally available to its MSSP customers, excluding sales and marketing materials (“Documentation”). If Cybersixgill modifies the Documentation for general distribution, Cybersixgill shall, following MSSP’s request, provide all of the modifications to MSSP at no additional charge. All translations of Documentation which Cybersixgill may provide (or which MSSP may have prepared) will be at MSSP’s sole expense.
6. Audit. During the term of this Agreement and for at least two (2) years thereafter, MSSP agrees to keep all usual and proper records indicating to any relevant information relating to the use of the Solution or provisioning of Managed Services or Derivatives and with any additional information required by Cybersixgill (including with respect to the usage, MSSP Clients, etc.). Cybersixgill may cause an audit to be made of MSSP records in order to verify accurate performance of this Agreement by MSSP (including the calculation of Fees). Prompt adjustment will be made to compensate for any errors or omissions disclosed by such audit. Any such audit will be conducted no more than once a year by an independent certified accountant selected by Cybersixgill. MSSP agrees to provide Cybersixgill's designated auditor and any assistance required with access to the relevant records. The cost for any such audit will be paid for by Cybersixgill unless the amount of any underpayment revealed by such audit for the period being audited is greater than five percent (5%) of the amount that should have been paid for such period, in which case MSSP agrees to pay Cybersixgill for the costs incurred by Cybersixgill for such audit.
7. Warranties
7.1. Documentation. Cybersixgill warrants that the Solution shall substantially conform to Cybersixgill’s Documentation during the Term of the Agreement. In the event that Cybersixgill breaches this section then Cybersixgill shall, as MSSP’s sole remedy, either: (1) replace or modify the Solution so that it meets the standards set forth herein; or (2) terminate MSSP’s right to use the Solution and/or terminate this Agreement, in whole or in part, as appropriate, upon written notice to MSSP and refund MSSP (or authorized partner or reseller if the payment was made by such partner or reseller) any prepaid but unearned fees on a pro rata basis attributable to the remainder of the term of MSSP’s subscription for the applicable Solution.
7.2. Each party warrants and represents to the other party that it (i) has the full corporate power and authority required to enter into this Agreement and to carry out its undertakings and obligations hereunder, and (ii) will comply with all applicable laws, rules and regulations in the provision of or use of (as applicable) the Solution, Deliverables and Services.
7.3. MSSP hereby warrants and represents that: (i) it has all required permissions, authorizations and approvals to request, collect and use any and all Deliverables and any data and content requested by MSSP as part of the Solution, Deliverables or Services; (ii) it shall not intentionally provide MSSP Data, account or other information (such as Feedback defined in Section 14.6) to Cybersixgill that it knows are or would be inaccurate in any material respect, nor shall it provide any MSSP Data to Cybersixgill that it does not own or have the right to provide, and it will make reasonable efforts to keep such information accurate during the Term; (iii) it has all necessary consents and permissions to provide any information, including MSSP Client information and MSSP Data, that it uploads in the Solution or otherwise supplies to Cybersixgill in connection with the Solution, Deliverables or Services; and (iv) that it shall not permit any users of the Solution or Deliverables or personnel located in China (including the special administrative regions of Hong Kong and Macau) to access any Personally Identifiable Sensitive Data (as defined in the Protecting Americans’ Data from Foreign Adversaries Act of 2024) of U.S. individuals provided as part of the Solution or Deliverables. Further, MSSP agrees to implement appropriate controls to ensure compliance with this restriction and shall promptly notify Cybersixgill of any unauthorized access or non-compliance. Failure to comply with this provision constitutes a material breach of this Agreement.
8. Disclaimer. CYBERSIXGILL’S EXPRESS WARRANTIES IN THIS AGREEMENT ARE IN LIEU OF AND TO THE EXCLUSION OF ALL OTHER WARRANTIES, CONDITIONS OR OTHER TERMS OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE RELATING TO ANYTHING SUPPLIED OR SERVICES PROVIDED UNDER OR IN CONNECTION WITH THIS AGREEMENT INCLUDING, WITHOUT LIMITATION, ANY TERMS AS TO THE CONDITION, QUALITY, PERFORMANCE, OR FITNESS FOR PURPOSE OF THE CYBERSIXGILL SOLUTION, SERVICES, UPDATES OR DELIVERABLES, OR ANY PART THEREOF. THE SOLUTION, DELIVERABLES AND SERVICES ARE PROVIDED “AS IS”, WITHOUT ANY REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY LAW, CYBERSIXGILL DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE OR USE, SECURITY AND NON-INFRINGEMENT. THE SOLUTION, DELIVERABLES AND/OR SERVICES DO NOT CONSTITUTE INVESTMENT OR FINANCIAL ADVICE, NOR RECOMMENDATIONS TO PURCHASE, SELL, OR HOLD PARTICULAR SECURITIES. ANY CONSULTATION OR RECOMMENDATIONS PROVIDED BY SIXGILL ARE MADE AVAILABLE FOR YOUR CONVENIENCE AND ARE NOT ADVICE AND YOU SHALL HAVE THE SOLE RESPONSIBILITY TO CONSIDER WHETHER TO IMPLEMENT THEM AND WILL BEAR THE SOLE RISK OF DOING SO. YOU ARE RESPONSIBLE FOR VERIFYING ANY OUTPUT RESULTING FROM USE OF THE SOLUTION INCLUDING ANY USE AND OUTPUT FROM AI FEATURES AND FUNCTIONALITY.
9. Limitation of Liability; Indemnification
9.1. Indirect Damages. EXCEPT FOR DAMAGES RESULTING FROM EITHER PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, FRAUD, OR BREACH OF ITS OBLIGATIONS UNDER SECTION 2 (RIGHT TO USE THE SOLUTION), SECTION 9.4 (CYBERSIXGIL’S INDEMNIFICATION), SECTION 9.5 (MSSP’S INDEMNIFICATION) AND SECTION 10 (CONFIDENTIAL INFORMATION), NEITHER PARTY WILL BE LIABLE TOWARDS THE OTHER PARTY UNDER ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, TORT OR CONTRACT) FOR ANY INCIDENTAL, CONSEQUENTIAL, INDIRECT OR PUNITIVE OR EXEMPLARY DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO LOST DATA OR LOST PROFITS, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.2. Cap on Liability. EXCEPT FOR DAMAGES RESULTING FROM EITHER PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, FRAUD, OR BREACH OF ITS OBLIGATIONS UNDER SECTION 2 (RIGHT TO USE THE SOLUTION), SECTION 9.4 (CYBERSIXGILL’S INDEMNIFICATION), SECTION 9.5 (MSSP’S INDEMNIFICATION) AND SECTION 10 (CONFIDENTIAL INFORMATION), IN NO EVENT WILL EITHER PARTY’S (AND ITS OFFICERS’, DIRECTORS’, AGENTS’ AND EMPLOYEES’) LIABILITY IN CONNECTION WITH THE SOLUTIONS, DELIVERABLES, SERVICES OR THIS AGREEMENT EXCEED THE AMOUNTS ACTUALLY PAID TO CYBERSIXGILL UNDER THIS AGREEMENT FOR THE SOLUTIONS OR SERVICES DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO SUCH LIABILITY. THESE LIMITATIONS APPLY TO ALL CAUSES OF ACTION IN THE AGGREGATE.
9.3. External Sites. The Solution may contain links to third-party websites (“External Sites”). These links are provided solely as a convenience to MSSP and not as an endorsement by Cybersixgill of the content on such External Sites. The content of such External Sites is developed and provided by others. MSSP should contact the site administrator or webmaster for those External Sites if MSSP has any concerns regarding such links or any content located on such External Sites. Cybersixgill is not responsible for the content of any linked External Sites and does not make any representations regarding the content or accuracy of materials on such External Sites. MSSP should take precautions when downloading files from all websites to protect MSSP's computer from viruses and other destructive programs. If MSSP decides to access linked External Sites, MSSP does so at MSSP's own risk.
9.4. Cybersixgill’s Indemnification. Subject to Sections 9.6 and 9.7 below, Cybersixgill shall defend, at its own expense and with attorneys of its choosing, any legal action against MSSP and its respective directors, officers, employees, and representatives (collectively the “Indemnified Parties”) brought by a third party to the extent that the legal action is based upon a claim that the Solution or any part thereof infringes any intellectual property rights of a third party (the “Claim”). Cybersixgill will pay those costs and damages finally awarded to such third-party claimant in any such legal action, or in a settlement of such legal action, that are specifically attributable to the Claim.
9.5. MSSP’s Indemnification. Subject to the Conditions specified at Section 9.6 below, MSSP defends, indemnifies and holds harmless Cybersixgill and its respective Indemnified Parties from and against any and all claims, damages, obligations, losses, liabilities, costs, debts, and expenses (including but not limited to attorney’s fees) arising from: (i) the Deliverables or the content or MSSP Data provided as part of the Services or Solution or MSSP’s use thereof, including use of Third Party Services; (ii) MSSP’s violation of any term of this Agreement or any law, rule, regulation or order, or the violation of any terms and conditions of a Third Party Service; (iii) takedown services requested by MSSP, including any request or approval by or on MSSP\s behalf to seek the suspension or removal of any website, social media page or other online asset (including for the avoidance of doubt, violations of export compliance); and/or (iv) MSSP’s provision of any data to Cybersixgill. MSSP will pay those costs and damages finally awarded in any such legal action, or in a settlement of such legal action, that are specifically attributable to the claim.
9.6. Conditions. Each indemnifying party’s indemnification obligations are conditions on the Indemnified Party: (i) providing prompt written notice of the claim or legal action; (ii) granting the indemnifying party sole control over the defense and settlement of the claim or legal action, provided that the settlement shall not attribute any liability to Indemnified Party without such party’s prior consent; and (iii) provide reasonable assistance in the defense at indemnifying party’s request and expense.
9.7. Exclusions. Cybersixgill’s obligations set forth in Section 9.4 shall not apply to the extent the infringement is caused by: (i) the Deliverables, Derivatives or Managed Services; (ii) modifications to the Solution made by any person or entity except for Cybersixgill or anyone on its behalf; (iii) the design or specifications required or specifically directed by MSSP; (iv) the use of the Solution not in compliance with the Documentation and specifications thereof; (v) combination, utilization or integration of the Solution with MSSP's or with other third parties’ equipment, network, platform, products and/or applications; and/or (vi) from the use of the Solution in a manner for which it was not intended nor permitted herein.
9.8. Cybersixgill's Optional Remedial Actions. In the event of a Claim under section 9.4, or if Cybersixgill reasonably believes a Claim is likely, Cybersixgill may at its option (i) modify or update the Solution to avoid the allegation of infringement, while at the same time maintaining substantial compliance of the Solution with the Documentation and other requirements of this Agreement; (ii) obtain for MSSP a right to continue using the Solution in accordance with this Agreement; (iii) replace the infringing Solution by providing a similar non-infringing product, which shall function in a substantial equivalent manner as the Solution; or (iv) terminate MSSP’s right to use the Solution and/or terminate this Agreement, in whole or in part, as appropriate, upon written notice to MSSP and refund MSSP (or authorized partner or reseller if the payment was made by such partner or reseller) any prepaid fees attributable to the remainder of the term of MSSP’s subscription to the applicable Solution.
10. Confidential Information
10.1 Definitions. For the purposes of this Section, the party disclosing Confidential Information (as hereinafter defined) is referred to as the "Disclosing Party" and the party receiving confidential information is referred to as "Recipient". "Confidential Information" means any information, technical data, or know-how relating to a party’s business, research, products, hardware, software, services, development, inventions, processes, engineering, marketing, techniques, pricing, internal procedures, business and marketing plans or strategies, finances, employees and business opportunities. Without limiting the generality of the foregoing, any information related to the Solution, Deliverables, or the Services shall be deemed as Cybersixgill Confidential Information. Notwithstanding the foregoing, Confidential Information does not include information, technical data or know-how that Recipient can prove: (i) was in its possession at the time of disclosure; (ii) was generally known in the public prior to its disclosure or becomes generally known in the public after its disclosure not as a result of any act or omission of Recipient; (iii) is approved for release by written authorization of the Disclosing Party; (iv) is disclosed to Recipient by a third party not subject to any obligation of confidentiality; (v) is independently developed by Recipient without the use of any of the other party’s Confidential Information; or (vi) in the case of MSSP, is Feedback (as defined and further described in Section 14.6).
10.2. Notwithstanding anything to the contrary, the parties hereby agree that Confidential Information of Cybersixgill shall include the Solution, the Deliverables, as well as the Services. Confidential Information of MSSP shall include MSSP Data. MSSP hereby grants to Cybersixgill a worldwide, royalty-free, nonexclusive, transferable right and license to store, host and display any MSSP Data within the Solution.
10.3. Use. Recipient agrees not to use the Confidential Information of the Disclosing Party for any purposes except as necessary to fulfill its obligations under this Agreement or, in the case of MSSP, to the extent required to share Derivatives as permitted under this Agreement. Recipient agrees not to disclose the Confidential Information of the Disclosing Party except to those of its employees or agents who have a need to know the Confidential Information in order to fulfill Recipient’s obligations under this Agreement, and where such employees and/or agents shall be bound by a written contractual restriction covering the Confidential Information that is not less restrictive or protective than the terms of this Section.
10.4. Notwithstanding the foregoing, Recipient may disclose the Disclosing Party’s Confidential Information to the extent required by a valid order by a court or other governmental body or by applicable law; provided, however, that Recipient will use all reasonable efforts to minimize such disclosure to the minimum extent possible, and provided further, that Recipient shall notify Disclosing Party of the obligation to make such disclosure in advance so that Disclosing Party will have a reasonable opportunity to object to such disclosure.
10.5. Recipient agrees that it shall treat the Disclosing Party’s Confidential Information with the same degree of care as it accords to its own Confidential Information; provided that in doing so, in no event shall Recipient exercise less than reasonable care. Recipient agrees to advise the Disclosing Party in writing of any misappropriation or misuse by any person of the Disclosing Party’s Confidential Information of which Recipient may become aware. This Section 10 shall survive the termination of this Agreement for whatever reason.
10.6. Return of Materials. Upon request by the Disclosing Party any materials or Confidential Information of Disclosing Party which are furnished to Recipient, and all copies thereof, will either be: (i) promptly returned to the Disclosing Party; or (ii) destroyed by Recipient (with Recipient providing written certification of such destruction).
10.7 Remedies. Recipient acknowledges and agrees that the Disclosing Party shall be entitled to appropriate equitable relief in the event of any breach, threatened breach, or intended breach of this Agreement by Recipient. Such remedies shall be in addition to all other remedies available at law or in equity and this section in no way limits the liability or damages that may be assessed against a party breaching any of the provisions of this Section 10.
11. Intellectual Property Rights Cybersixgill owns and shall retain any and all Intellectual Property Rights in and to the Solution, Deliverables, Services, the Cybersixgill Trademarks and to Cybersixgill's Confidential Information, and to any and all customizations, derivatives, modifications, Updates and upgrades made thereto. Without derogating from the foregoing, subject to MSSP's performance of its obligations under this Agreement, any materials produced by MSSP for its MSSP Clients, to the extent that such materials are based, amongst others, on the Deliverables, including any conclusions, customizations, derivatives and modifications made thereto by MSSP, shall be solely owned by MSSP, subject at all times to the attribution requirements provided in this Agreement. Except as otherwise provided herein, MSSP hereby retain all right, title, and interest in its Confidential Information, which shall include MSSP Data and its trademarks and service marks (including its logos).
12. Term and Termination
12.1. Term. This Agreement shall enter into force on the Effective Date, and shall remain in force until the later of (i) the termination or expiry of the subscription stated in the applicable Order or SOW (including any free access program) and (ii) termination of access to the Solution (the “Term”).
12.2. Subscriptions. The term of each subscription shall be as specified in the applicable Order. Once the subscription terminates, access may be revoked. Except as otherwise specified in an Order, subscriptions will automatically renew for additional periods of one-year, unless either Party gives the other notice of non-renewal at least sixty (60) days before the end of the relevant subscription term.
12.3. Termination. Each party may terminate this Agreement as follows:
12.3.1.Termination for Breach. Upon thirty (30) days' written notice, if a party is in material breach of any obligation under this Agreement and the breaching party fails to remedy such breach within such notice period. If the breach is incapable of cure then the non-breaching party may terminate immediately upon written notice to the breaching party.
12.3.2.Termination for Insolvency. Immediately upon prior written notice in the event that: (i) bankruptcy or liquidation procedures have been initiated by or against the other party and have not been cancelled within thirty (30) business days; or (ii) a receiver for the other party’s entire property or substantial part thereof has been appointed and the appointment has not been cancelled within thirty (30) business days and prevents such party from fulfilling its undertakings under this Agreement; and in each case such procedures prevent the affected party from fulfilling the obligations of this Agreement
12.4. Effects of Termination. Upon termination or expiry of this Agreement, all rights granted to MSSP shall immediately terminate unless explicitly specified otherwise, and MSSP shall immediately discontinue the use of any Solution, Cybersixgill Trademarks and Cybersixgill Confidential Information and, at Cybersixgill’s request, either return to Cybersixgill and/or destroy all copies thereof.
12.5 Survival. All provisions of this Agreement that may reasonably be interpreted or construed as surviving termination of this Agreement will survive, including but not limited to the obligation to pay any accrued but unpaid fees and Sections 6-14.
13. Governing Law; Dispute Resolution
This Agreement shall be governed by, and shall be construed in accordance with, the laws of and be subject to the exclusive jurisdiction of: (i) for MSSPs registered in the USA, the State of Delaware, USA and the Federal and State courts of Delaware, USA; and (ii) for MSSPs registered anywhere else in the world, the State of Israel and the competent courts of Tel Aviv-Jaffa, Israel, and each party hereby submits itself to the exclusive jurisdiction of these courts. The application of the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded.
14. Miscellaneous
14.1 Relationship of the Parties. Each of the Parties shall be an independent contractor, and not an agent or employee of the other. No employment relationship shall exist or be construed to exist between each of the Parties and the employees of the other party. Neither party shall be authorized to bind, commit or assume any obligations or incur any liability on behalf of the other party, without the other party’s prior written consent.
14.2. Publicity. Neither party shall make any public announcements or issue any press releases with respect to this Agreement or otherwise regarding the relationship hereto without the prior written approval of the other party, other than as necessary to comply with the attribution requirements described in Section 5.3.
14.3. Privacy. MSSP acknowledges that Cybersixgill’s privacy practices are governed by Cybersixgill’s Privacy Policy available at https://cybersixgill.com/privacy-policy, which is an integral part of this Agreement. It is hereby agreed that Cybersixgill is a controller and MSSP is a processor under all laws, regulations, and standards applicable to Cybersixgill’s provision of the Solution, Services or Deliverables where personal data is processed, including but not limited to the Regulation (EU) 2016/679 (General Data Protection Regulation) (collectively “Applicable Data Protection Laws”), and Cybersixgill may transfer Personal Data (as defined in Applicable Data Protection Laws), including special categories of Personal Data, to the MSSP, acting as a processor, strictly for the purpose of delivering cybersecurity services as specified in this Agreement and no other purposes. Where such transfers involve the movement of Personal Data from the European Economic Area or other jurisdictions requiring a lawful data transfer mechanism, the Parties agree that such transfers shall be governed by the Standard Contractual Clauses approved with Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as amended, supplemented, updated or replaced from time to time (“SCCs”) incorporated by reference into this Agreement or any other lawful mechanism compliant with Applicable Data Protection Laws. To the extent that the foregoing applies, transfers personal data to MSSP, as a data processor, such transfers shall be governed by the Module 4 (Processor-to-Controller) of the SCCs. The MSSP shall process personal data solely for the purpose of providing cybersecurity services to the MSSP’s end users and shall not process such personal data for its own purposes. The MSSP shall comply with all applicable data protection laws regarding the processing of received personal data, including ensuring appropriate security measures and respecting data subject rights where applicable. The SCCs shall be deemed incorporated by reference, and in the event of conflict, the SCCs shall prevail over this Agreement. Notwithstanding the foregoing, the Parties further agree that to the extent the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, “CCPA”), is applicable, Cybersixgill will act as a Business under the CCPA where it processes personal data provided to it by MSSP, and where MSSP queries any personal data for use of the Solution and Deliverables, Cybersixgill will act as a Service Provider under the CCPA. MSSP warrants that it has obtained any required consents or lawful bases for the transfer of Personal Data to the MSSP and has implemented appropriate safeguards to ensure the protection of such data. The MSSP agrees to process the Personal Data in compliance with Applicable Data Protection Laws, applying appropriate technical and organizational measures to ensure its security and confidentiality, and to return or delete the Personal Data upon Cybersixgill’s request unless otherwise required by law.
14.4. Assignment and Transfer. Neither party shall be entitled to assign or transfer all or any of its rights, benefits, and obligations under this Agreement without the prior written consent of the other party. Notwithstanding anything to the contrary in the foregoing, Cybersixgill may, at its discretion, assign and transfer all of its rights and obligations herein to BitSight Technologies, Inc. and in connection with any merger, consolidation, reorganization or sale of all or substantially all of its assets.
14.5. OFAC and Sanctions Compliance; Country Restrictions. The parties agree to comply with the laws and regulations regarding the offering of unlawful or improper inducements (including the U.S. Foreign Corrupt Practices Act, as amended, and other anti-corruption and anti-bribery laws). Further, MSSP represents and warrants that it is not: (i) subject to any economic or financial sanctions administered by the Office of Foreign Assets Control, U.S. Department of the Treasury (“OFAC”) or any other governmental authority having jurisdiction over the parties to this Agreement, that prohibits Cybersixgill from providing the Solution and Deliverables under this Agreement; (ii) directly or indirectly owned or controlled by any person(s) or companies, whether individually or in the aggregate, that are sanctioned pursuant to the foregoing restriction; (iii) subject to comprehensive geographic sanctions imposed by the U.S. Government, including but not limited to being organized or headquartered in or a governmental entity of a country or territory subject to such sanctions (e.g., Cuba, North Korea, Iran, Syria, and the Crimea, Donetsk, and Luhansk regions in Ukraine); or (iv) located in Belarus, Russia, or Venezuela. Additionally, MSSP warrants that it does not intend to and will not knowingly supply or use the Solution and Deliverables to or for the benefit of any of the foregoing. In addition to the foregoing, Solution and Deliverables are not available for commercial use in Mainland China. Cybersixgill may suspend access to the Solution and Deliverables if MSSP violates any provisions of this Section 14.5.
14.6 Anonymous Information and Feedback. MSSP is encouraged to pass on any relevant information relating to Cybersixgill and the Solution or Deliverables, including any issues encountered with the Solution or related improvement suggestions (e.g., questions, comments, ideas, suggestions, liking and disliking applicable output) (collectively, “Feedback”). If MSSP opts to provide Cybersixgill with such Feedback, MSSP hereby grants Cybersixgill a worldwide, perpetual, irrevocable, nonexclusive, transferable, and royalty-free right and license to use Feedback in connection with Solution, Deliverables and Services and such license grant shall survive termination of this Agreement. MSSP may provide to Cybersixgill and Cybersixgill may collect, disclose, publish, store and use in any manner any anonymous, aggregated, and/or non-identifiable information, which is derived from the use of the Solution or use of Third Party Services (“Anonymous Information“), in order to provide and improve Cybersixgill’s Solution or such Third Party Services and for any other business purposes. Cybersixgill is and shall remain the owner of the Anonymous Information which shall be deemed Cybersixgill intellectual property.
14.7. Government Contracts. To the extent MSSP is an entity of the United States federal government and to the extent any software is licensed hereunder, such software is “commercial computer software,” as that term is defined in Federal Acquisition Regulation (“FAR”) 2.101. In accordance with FAR 27.405-3, FAR 52.227-19, and/or Defense Federal Acquisition Regulation Supplement (“DFARS”) 227.7202-1, as applicable, any software or other products or services provided to the Government are provided in accordance with Cybersixgill’s standard commercial license.
14.8. Waivers. A waiver of any default hereunder or of any of the terms and conditions of this Agreement shall not be deemed to be a continuing waiver or a waiver of any other default or of any other term or condition, but shall apply solely to the instance to which such waiver is directed. The exercise of any right or remedy provided in this Agreement shall be without prejudice to the right to exercise any other right or remedy provided by law or equity, except as expressly limited by this Agreement.
14.9. Severability. If any term or provision of this Agreement will be found to be invalid, illegal or unenforceable, such term or provision shall be deemed modified to the extent necessary to make the same valid and operative, or if it cannot be so modified, then eliminated, and the validity, legality, or enforceability of the remaining terms and provisions will not in any way be affected or impaired thereby.
14.10. Sections and Headings; Interpretation. The sections and headings contained in this Agreement are for ease of reference only and shall not in any way affect the meaning or interpretation of the Agreement. Any reference to this Agreement is deemed as a reference to this Agreement.
14.12. Counterparts. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which shall constitute one and the same instrument. This Agreement is executed in the English language.
14.13. Force Majeure. If the performance by a Party of any of its obligations under this Agreement (other than payment obligations) will be interfered with by reason of any circumstances beyond the reasonable control of that Party, including without limitation, fire, explosion, acts of God, epidemic, pandemic, outbreak of infectious disease, war, revolution, terrorism, civil commotion, unavailability of supplies, or sources of energy or telecommunications, power failure, breakdown of machinery, labor strikes, slowdowns, picketing or boycotts, or governmental/administrative restrictions on the importation or exportation of products, then that Party will be excused from such performance while such circumstances exist and such additional period as may be reasonably necessary to allow that Party to resume its performance. Notwithstanding anything to the contrary in this section, if Cybersixgill is unable to provide the Solution, Deliverables or Services for more than thirty (30) days due to a force majeure event, MSSP may terminate this Agreement upon immediate written notice to Cybersixgill and receive a pro-rata refund as of the effective date of termination.
14.13. Third-Party Beneficiaries. To the extent Cybersixgill provides any Third-Party Services to MSSP, such third-party service provider(s) are expressly made third-party beneficiaries of this Agreement. Other than in respect of such third-party service provider(s), nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, any rights, remedies, obligations or liabilities whatsoever upon any person other than the Parties and their permitted successors or assigns.
14.14. Expenses. Each party shall bear any expenses incurred under this Agreement.
14.15. Notices. Any notice given by one party to the other shall be deemed properly given if acknowledged by the receiving party in writing or when delivered to the recipient by hand, registered mail, email with receipt confirmation or special courier during normal business hours to the following addresses (or such other address as may be notified in writing from time to time by either party):
If to MSSP, to:
the address, phone number and email set forth in the Order or SOW.
If to Cybersixgill, to:
Attention: Legal Department
Email: contracts@bitsight.com
Phone: 617-245-0469
Notices shall be deemed to be received on the first business day following receipt. Each communication and document made or delivered by one party to another pursuant to this Agreement shall be in the English language.
14.16. Entire Agreement. This Agreement comprises the entire understanding of the Parties with respect to its subject matter and supersedes all previous negotiations, proposals, understandings or agreements of any nature whatsoever between the Parties concerning its subject matter. Each Party acknowledges that, in entering into this Agreement, it does not rely upon, and shall have no remedy in respect of, any statement or representation of any person other than as expressly set out in this Agreement. Any requirements, documents or terms and conditions that may be contained in any vendor portal, acknowledgement, purchase order, form, platform, click-wrap, or shrink-wrap that MSSP provides are specifically null and void.
Last updated: March, 2025